Custom Query Flood Check -
Spmn - 28.08.2017
Custom Query Flood Check
Write custom protections against query flood
Info:- This plugin redirects all calls from the original query flood check function to a new function written by the server owner in PAWN.
- Here is the original query flood check function converted to PAWN. This function is responsible for detecting flooding and for blocking queries when server is spammed with multiple packets coming from a bunch of different IPs.
- You may tweak it or write a better flood detection algorithm.
- Here is a list of sample protection scripts.
- See kurta999's YSF for more info about SA-MP query mechanism.
WARNING:- Installing this plugin will disable the built-in query flood check, so you must your own protection!
- Use this filterscript to reimplement the default check.
- For better performance, write the protection directly into plugin source code to avoid AMX overhead.
- Compatible with 0.3.7 R2-1 only.
Download:Callback:
PHP Code:
forward OnQueryFloodCheck(queryType, binaryAddress);
/*
* Info:
* - called when a query is received
*
* Parameters:
* - queryType : a single character corresponding to the packet identifier as explained here: https://sampwiki.blast.hk/wiki/Query_Mechanism#Opcodes
* - binaryAddress : IP address of requester as a 32-bit unsigned integer
*
* Returns:
* - 0 (ZERO) : process the query
* - !=0 (NONZERO) : don't process the query
*
* Notes:
* - If any script returns NONZERO in this callback, then current query won't get processed.
* - If this callback is missing from all loaded scripts, then the plugin will **PROCESS ALL QUERIES** and will print a warning message in server log.
*/
How to install:
Download the archive from
Releases page and unpack it into your server directory. Then edit "server.cfg":
- Windows:
Code:
filterscripts fs-original-check # or write your own protection
plugins samp-custom-query-flood-check.dll
- Linux:
Code:
filterscripts fs-original-check # or write your own protection
plugins samp-custom-query-flood-check.so
Re: Custom Query Flood Check -
nGen.SoNNy - 28.08.2017
Awesome, I was waiting for this.
Re: Custom Query Flood Check -
Crystallize - 28.08.2017
So this is like plug n play?
Re: Custom Query Flood Check -
Spmn - 29.08.2017
Quote:
Originally Posted by Crystallize
So this is like plug n play?
|
Not really... This plugin only enables server owners to write their own protections against query flooding. Or they can tweak the original protection without going through the lowlevel asm hell.
So after you load the plugin you'll also have to load a custom protection written/edited by yourself or by somebody from the community.
Re: Custom Query Flood Check -
Omirrow - 29.08.2017
I haven't tested it yet but I'm gonna give it a look when I'm free.
Looks good so far.
Re: Custom Query Flood Check -
Paulice - 29.08.2017
I believe this won't block cookie requests, or am I wrong?
Re: Custom Query Flood Check -
Spmn - 29.08.2017
Quote:
Originally Posted by Paulice
I believe this won't block cookie requests, or am I wrong?
|
Cookie requests are part of player joining code, so this plugin doesn't cover them.
Re: Custom Query Flood Check -
Omirrow - 29.08.2017
Quote:
Originally Posted by Paulice
I believe this won't block cookie requests, or am I wrong?
|
It's morely like queries that comes through a PHP server and such.
Re: Custom Query Flood Check -
Paulice - 29.08.2017
Then what's the point? The exploit sends multiple cookie requests, blocking would do nothing. Thus, querying still freezing or being delayed.
Re: Custom Query Flood Check -
Spmn - 29.08.2017
Quote:
Originally Posted by Paulice
Then what's the point? The exploit sends multiple cookie requests, blocking would do nothing. Thus, querying still freezing or being delayed.
|
The current exploit floods the server with fake player connections AND queries from multiple spoofed IPs. Cookies are there for preventing that nasty 0.3z server full attack, while query flood is being 'detected' internally (vanilla SA-MP server) by this code:
https://github.com/spmn/samp-custom-...inal-check.pwn
As you can see, if you receive multiple queries from different IPs in less than 25ms, the server will stop responding to queries, thus making server appear offline in SA-MP browser.
So, this plugin's purpose is to allow owners to make changes to that query flood check function WITHOUT having to manually patch it in server memory. (eg: lower the time check, write another detection algo or even deactivate the flood check by returning 0 in OnQueryFloodCheck callback)
Re: Custom Query Flood Check -
connork - 29.08.2017
The urmem lib doesn't return the source-port for your plugin import it? Maybe it'll help us in scripting, more parameters are more possibilities.
Re: Custom Query Flood Check -
Paulice - 29.08.2017
I flooded a local server (using return 1; in the callback only) and it didn't let me connect. Server still gets flooded with cookie requests.
Also, how is one able to stop flooding using this plugin (implying the above is/gets fixed)? If whatever you do still kinda makes the server unresponsive?
Re: Custom Query Flood Check -
Spmn - 30.08.2017
Quote:
Originally Posted by connork
The urmem lib doesn't return the source-port for your plugin import it? Maybe it'll help us in scripting, more parameters are more possibilities.
|
Yeah, I could add port to the list of parameters, but I don't see how that would help. This attack comes from random ports, it's not like all queries use port 9999 so you could block these packets.
Quote:
Originally Posted by Paulice
I flooded a local server (using return 1; in the callback only) and it didn't let me connect. Server still gets flooded with cookie requests.
|
Well all your bandwidth was used for flooding, so that's normal. This should never happen on a proper hosted server.
Quote:
Originally Posted by Paulice
Also, how is one able to stop flooding using this plugin (implying the above is/gets fixed)? If whatever you do still kinda makes the server unresponsive?
|
You don't stop the flooding (that can't be done from within SA-MP server), you just tweak the SA-MP protection responsible for blocking queries. (query blocked = server appear offline)
If your server connection is solid enough, you can disable the protection entirely (return 0).
Or disable the protection for all packets except big ones (eg: normal playerlist 'c', extended playerlist 'd', external rcon 'x')
Re: Custom Query Flood Check -
Morpheus1992 - 03.09.2017
Quote:
For better performance, implement the protection directly into plugin source code to avoid AMX overhead.
|
First, thanks for your awesome Plugin, I was waiting for this!
What about that you add a default protection to your Plugin directly, so if the Callback is not added in any used Scripts it will use the default one from your Plugin and if the Callback is added in any used Scripts it will use the one from PAWN written by Scripters.
Not all PAWN Scripters know how to add a protection directly into the Plugin.
Would you do that for the next Version?
Re: Custom Query Flood Check -
Paulice - 03.09.2017
Quote:
Originally Posted by Spmn
Well all your bandwidth was used for flooding, so that's normal. This should never happen on a proper hosted server.
|
I assume you can use the tool without internet (should be possible as you can connect to the server with no internet), does bandwidth even come in play in this case?
On the other hand, it will be nice to use this to block packets sent by clients with their IP banned.
Re: Custom Query Flood Check -
Spmn - 03.09.2017
Quote:
Originally Posted by Morpheus1992
First, thanks for your awesome Plugin, I was waiting for this!
What about that you add a default protection to your Plugin directly, so if the Callback is not added in any used Scripts it will use the default one from your Plugin and if the Callback is added in any used Scripts it will use the one from PAWN written by Scripters.
Not all PAWN Scripters know how to add a protection directly into the Plugin.
Would you do that for the next Version?
|
If no
sample script/callback is used, then the plugin will assume that you don't need any flood check, so server will respond to all queries. (equivalent of returning 0 in `OnQueryFloodCheck` - which should not cause any problems IF you got enough bandwidth)
That's the default behaviour.
Quote:
Originally Posted by Paulice
I assume you can use the tool without internet (should be possible as you can connect to the server with no internet), does bandwidth even come in play in this case?
|
Yeah, no internet connection is required, but why would you load this plugin on a local server? Protect yourself from yourself?
Re: Custom Query Flood Check -
youmasterd7 - 10.06.2018
My server is 0.3DL, the plugin that you have put is 0.3.7.
the console leaves "Loading SA-MP Custom Query Flood Check v1.0 ...
CQFC plugin is compatible only with SA-MP 0.3.7 R2-1. "
please could place a plugins for windows compatible with version 0.3.DL
Re: Custom Query Flood Check -
rorrobryan - 03.09.2018
Pls update this plugin from 0.3.7 R2-2
And 0.3DL
Re: Custom Query Flood Check -
rorrobryan - 07.01.2019
Someone who uses this plugin?