Raised This Month: $12 Target: $400
 3% 

[Linux] Source Query Proxy: DDoS Protection - Kernel redirection!


Post New Thread Reply   
 
Thread Tools Display Modes
MAGNAT2645
Senior Member
Join Date: Nov 2015
Location: AlliedMods.net
Old 01-02-2021 , 12:57   Re: [Linux] Source Query Proxy: DDoS Protection - Kernel redirection!
Reply With Quote #81

For me, Rules List is not important (just was surprised that it became smaller, hiding almost every convar).
Also, it seems that sqproxy process wasn't terminated:
pidof sqproxy doesn't print anything
BUT pgrep sqproxy prints 11675

And as I understand it, if sqproxy isn't actually running - there's no affect on A2S queries (changes i noticed using SAT)

And it seems that i have 2 sqproxies running (or first one is from cron i guess)
Code:
ps aux | grep sqproxy | grep -v grep
root     11674  0.0  0.0   4636   832 ?        Ss   19:35   0:00 /bin/sh -c /usr/local/bin/sqproxy run >> /home/tf2server/log/script/crontab.log 2>&1
root     11675  0.7  1.0 411852 42352 ?        Sl   19:35   0:36 /usr/bin/python3.7 /usr/local/bin/sqproxy run
__________________

Last edited by MAGNAT2645; 01-02-2021 at 13:00.
MAGNAT2645 is offline
spumer
Senior Member
Join Date: Aug 2011
Old 01-02-2021 , 13:26   Re: [Linux] Source Query Proxy: DDoS Protection - Kernel redirection!
Reply With Quote #82

first pid is sh
second is sqproxy

sqproxy create /var/run/sqproxy.pid (or /tmp/sqproxy.pid) file with pid and check it before run. This protection do not allow run multiple instances of sqproxy on the same machine.

Your servers should be visible for any monitoring.
__________________
spumer is offline
NomisCZ
AlliedModders Donor
Join Date: Mar 2014
Location: Czech_Republic
Old 01-03-2021 , 12:24   Re: [Linux] Source Query Proxy: DDoS Protection - Kernel redirection!
Reply With Quote #83

Hello,

I have a problem with:
PHP Code:
[INFO] [MyLittleServerBacking off _update_info(...) for 0.3s (asyncio.exceptions.TimeoutError)
[
INFO] [MyLittleServerBacking off _update_players(...) for 0.6s (asyncio.exceptions.TimeoutError)
[
INFO] [MyLittleServerBacking off _update_rules(...) for 0.4s (asyncio.exceptions.TimeoutError
https://imgur.com/a/SKz6Fys

I tried it on Ubuntu 20.04.x (VM / Dedicated) / Docker and I got same results.

Kernel: Linux meta-dev 5.4.0-42-generic #46-Ubuntu SMP Fri Jul 10 00:24:02 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description: Ubuntu 20.04.1 LTS
Release: 20.04

Firewall: disabled

eBPF works (only for testing): python3 redirect.py -p 27015:27915 / python2 redirect.py -p 27015:27815

CS:GO startup:

./srcds_run -game csgo -console -usercon +exec server.cfg -autoupdate -strictportbind -norestart -nobreakpad -debug +sv_pure 0 -port 27015 +ip <PUBLIC_IP> +net_public_adr <PUBLIC_IP> +map de_dust2 -tickrate 128 -maxplayers_override 19 +game_mode 0 +game_type 0 +mapgroup mg_active +sv_setsteamaccount XXXXXXXXXXXX -gamemodes_serverfile gamemodes_server.txt


Configs:

00-globals.yaml:
PHP Code:
# Defaults for each server in `servers` section
# Any of these `values` can be overridden locally:
# in local `defaults` section
# in `servers` section
defaults:
  
# True - defaults will be applied for each NEXT config file in conf.d directory
  # False - applied only for current file
  # conf.d/ files read sequentially by alphabetical order
  # we recommend start config names with sequential value: 00-globals.yaml, 01-game1.yaml, 02-game2.yaml
  
global: True
  values
:
    
network:
      
# Real game server IP address
      
server_ip'<PUBLIC_IP>'
      
# IP address for listening incoming queries
      
bind_ip'0.0.0.0'
      
# Real game server PORT (respect to server_ip)
      
server_port0  # don't set in globals, only for doc here
      # PORT for listening incoming queries (respect to bind_ip)
      
bind_port0  # don't set in globals, only for doc here
      # False (default) - queries from `server_port` will be redirected to `bind_port`
      # only for auto-ebpf handling, for more info see `ebpf` section below
      # True - disable redirection (useful for just proxying and debug purposes)
      
ebpf_no_redirectfalse
    
# How often update A2S_INFO data
    
a2s_info_cache_lifetime5
    
# How often update A2S_RULES data
    
a2s_rules_cache_lifetime5
    
# How often update A2S_PLAYERS data
    
a2s_players_cache_lifetime1
    
# How often change src port for queries to Real Game Server
    # Some games required that due integrated ddos protection
    # Without it sqporxy ip:port will be "banned" for queries
    
src_query_port_lifetime10

    
# False (default) - no action, A2S_RULES will work
    # True - don't update A2S_RULES cache
    # This will be helpful for HLDS servers which protocol is different
    # But be careful, you also need disable redirection for A2S_RULES packets
    # see the IS_QUERY_REQUEST_PACKET in https://github.com/spumer/source-query-proxy-kernel-module/blob/master/src-ebpf/utils.h
    # CS:GO also has broken A2S_RULES, but fix available at https://forums.alliedmods.net/showthread.php?t=236521
    
no_a2s_rulesfalse


# See 01-dummy-game.yaml
servers:


# Automatically run eBPF redirection
ebpf:
  
# Download any release of SQProxy Kernel Module
  # And add path to `redirect.py`
  # https://github.com/spumer/source-query-proxy-kernel-module/releases
  # If you want run it without root privileges, see: https://github.com/spumer/source-query-proxy-kernel-module/tree/master/src-ebpf#non-root-ru>
  # and make sure executable prepended with 'sudo':
  #   executable:
  #     - 'sudo'
  #     - 'python2'
  
enabledTrue
  executable
'python2'
  
script_path'/etc/sqproxy/conf.d/src-ebpf/redirect.py'
  
#script_path: './src-ebpf/redirect.py' 
01-dummy-game.yaml
PHP Code:
servers:
  
MyLittleServer:
    
network:
      
server_port27015
      bind_port
27815 
__________________

Last edited by NomisCZ; 01-03-2021 at 12:38.
NomisCZ is offline
spumer
Senior Member
Join Date: Aug 2011
Old 01-03-2021 , 13:54   Re: [Linux] Source Query Proxy: DDoS Protection - Kernel redirection!
Reply With Quote #84

TimeoutError mean server do not respond.
If you behind NAT, try to use local ip instead public or run game server if it turned off
__________________

Last edited by spumer; 01-03-2021 at 14:26.
spumer is offline
NomisCZ
AlliedModders Donor
Join Date: Mar 2014
Location: Czech_Republic
Old 01-03-2021 , 14:21   Re: [Linux] Source Query Proxy: DDoS Protection - Kernel redirection!
Reply With Quote #85

Quote:
Originally Posted by spumer View Post
TimeoutError mean server do not respond.
If you behind NAT, try to use local ip instead public
It's public IP address of the hosting company, so no NAT. Probably doesn't work properly on Ubuntu 20.04.x.
__________________
NomisCZ is offline
spumer
Senior Member
Join Date: Aug 2011
Old 01-03-2021 , 14:49   Re: [Linux] Source Query Proxy: DDoS Protection - Kernel redirection!
Reply With Quote #86

It's just send UDP packets to server_ip:server_port. Ubuntu/CentOS/... does not matter.
__________________
spumer is offline
NomisCZ
AlliedModders Donor
Join Date: Mar 2014
Location: Czech_Republic
Old 01-03-2021 , 16:26   Re: [Linux] Source Query Proxy: DDoS Protection - Kernel redirection!
Reply With Quote #87

Quote:
Originally Posted by spumer View Post
It's just send UDP packets to server_ip:server_port. Ubuntu/CentOS/... does not matter.
Debug info, but don't know why (asyncio.exceptions.TimeoutError) if Got PlayersResponse ...
https://hastebin.com/ehigasujof.less
__________________
NomisCZ is offline
spumer
Senior Member
Join Date: Aug 2011
Old 01-03-2021 , 22:46   Re: [Linux] Source Query Proxy: DDoS Protection - Kernel redirection!
Reply With Quote #88

Quote:
Originally Posted by NomisCZ View Post
Debug info, but don't know why (asyncio.exceptions.TimeoutError) if Got PlayersResponse ...
https://hastebin.com/ehigasujof.less
As i can see sqproxy can not get a2s_rules response. This can happend due broken MTU value and can be fixed by plugin: https://forums.alliedmods.net/showthread.php?t=236521

If you do not like to install this you can disable a2s_rules proxying.
More info about it i already placed near no_a2s_rules option
__________________

Last edited by spumer; 01-03-2021 at 22:48.
spumer is offline
NomisCZ
AlliedModders Donor
Join Date: Mar 2014
Location: Czech_Republic
Old 01-04-2021 , 10:16   Re: [Linux] Source Query Proxy: DDoS Protection - Kernel redirection!
Reply With Quote #89

Quote:
Originally Posted by spumer View Post
As i can see sqproxy can not get a2s_rules response. This can happend due broken MTU value and can be fixed by plugin: https://forums.alliedmods.net/showthread.php?t=236521

If you do not like to install this you can disable a2s_rules proxying.
More info about it i already placed near no_a2s_rules option
Problem solved, thank you :-)
__________________

Last edited by NomisCZ; 01-04-2021 at 10:16.
NomisCZ is offline
pakgamerz
AlliedModders Donor
Join Date: Aug 2017
Old 01-12-2021 , 03:26   Re: [Linux] Source Query Proxy: DDoS Protection - Kernel redirection!
Reply With Quote #90

raise Exception("Failed to compile BPF module %s" % src_file)
Exception: Failed to compile BPF module b'redirect.c'


how to fix?
pakgamerz is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 13:49.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode