[Spmn]

Custom Query Flood Check

Write custom protections against query flood



Info:

• This plugin redirects all calls from the original query flood check function to a new function written by the server owner in PAWN.
• Here is the original query flood check function converted to PAWN. This function is responsible for detecting flooding and for blocking queries when server is spammed with multiple packets coming from a bunch of different IPs.
• You may tweak it or write a better flood detection algorithm.
• Here is a list of sample protection scripts.
• See kurta999's YSF for more info about SA-MP query mechanism.

WARNING:

• Installing this plugin will disable the built-in query flood check, so you must your own protection!
• Use this filterscript to reimplement the default check.
• For better performance, write the protection directly into plugin source code to avoid AMX overhead.
• Compatible with 0.3.7 R2-1 only.

Download:

• Binaries
• Source code

Callback:

PHP Code:

forward OnQueryFloodCheck(queryType, binaryAddress); 
/*
 * Info:
 *  - called when a query is received
 *
 * Parameters:
 *  - queryType     : a single character corresponding to the packet identifier as explained here: https://sampwiki.blast.hk/wiki/Query_Mec...6.00184242
 *  - binaryAddress : IP address of requester as a 32-bit unsigned integer
 *
 * Returns:
 *  -   0 (ZERO)    : process the query
 *  - !=0 (NONZERO) : don't process the query
 *
 * Notes:
 *  - If any script returns NONZERO in this callback, then current query won't get processed.
 *  - If this callback is missing from all loaded scripts, then the plugin will **PROCESS ALL QUERIES** and will print a warning message in server log. 
 */ 


How to install:
Download the archive from Releases page and unpack it into your server directory. Then edit "server.cfg":

• Windows:
  
  Code:

  filterscripts fs-original-check            # or write your own protection
  plugins samp-custom-query-flood-check.dll

• Linux:
  
  Code:

  filterscripts fs-original-check            # or write your own protection
  plugins samp-custom-query-flood-check.so

[nGen.SoNNy]

Awesome, I was waiting for this.

[Crystallize]

So this is like plug n play?

[Spmn]

Quote:

Originally Posted by Crystallize So this is like plug n play?

Not really... This plugin only enables server owners to write their own protections against query flooding. Or they can tweak the original protection without going through the lowlevel asm hell.

So after you load the plugin you'll also have to load a custom protection written/edited by yourself or by somebody from the community.

[Omirrow]

I haven't tested it yet but I'm gonna give it a look when I'm free.

Looks good so far.

[Paulice]

I believe this won't block cookie requests, or am I wrong?

[Spmn]

Quote:

Originally Posted by Paulice I believe this won't block cookie requests, or am I wrong?

Cookie requests are part of player joining code, so this plugin doesn't cover them.

[Omirrow]

Quote:

Originally Posted by Paulice I believe this won't block cookie requests, or am I wrong?

It's morely like queries that comes through a PHP server and such.

[Paulice]

Then what's the point? The exploit sends multiple cookie requests, blocking would do nothing. Thus, querying still freezing or being delayed.

[Spmn]

Quote:

Originally Posted by Paulice Then what's the point? The exploit sends multiple cookie requests, blocking would do nothing. Thus, querying still freezing or being delayed.

The current exploit floods the server with fake player connections AND queries from multiple spoofed IPs. Cookies are there for preventing that nasty 0.3z server full attack, while query flood is being 'detected' internally (vanilla SA-MP server) by this code: https://github.com/spmn/samp-custom-...inal-check.pwn
As you can see, if you receive multiple queries from different IPs in less than 25ms, the server will stop responding to queries, thus making server appear offline in SA-MP browser.

So, this plugin's purpose is to allow owners to make changes to that query flood check function WITHOUT having to manually patch it in server memory. (eg: lower the time check, write another detection algo or even deactivate the flood check by returning 0 in OnQueryFloodCheck callback)

[connork]

The urmem lib doesn't return the source-port for your plugin import it? Maybe it'll help us in scripting, more parameters are more possibilities.

[Paulice]

I flooded a local server (using return 1; in the callback only) and it didn't let me connect. Server still gets flooded with cookie requests.

Also, how is one able to stop flooding using this plugin (implying the above is/gets fixed)? If whatever you do still kinda makes the server unresponsive?

[Spmn]

Quote:

Originally Posted by connork The urmem lib doesn't return the source-port for your plugin import it? Maybe it'll help us in scripting, more parameters are more possibilities.

Yeah, I could add port to the list of parameters, but I don't see how that would help. This attack comes from random ports, it's not like all queries use port 9999 so you could block these packets.

Quote:

Originally Posted by Paulice I flooded a local server (using return 1; in the callback only) and it didn't let me connect. Server still gets flooded with cookie requests.

Well all your bandwidth was used for flooding, so that's normal. This should never happen on a proper hosted server.

Quote:

Originally Posted by Paulice Also, how is one able to stop flooding using this plugin (implying the above is/gets fixed)? If whatever you do still kinda makes the server unresponsive?

You don't stop the flooding (that can't be done from within SA-MP server), you just tweak the SA-MP protection responsible for blocking queries. (query blocked = server appear offline)
If your server connection is solid enough, you can disable the protection entirely (return 0).
Or disable the protection for all packets except big ones (eg: normal playerlist 'c', extended playerlist 'd', external rcon 'x')

[Morpheus1992]

Quote:

For better performance, implement the protection directly into plugin source code to avoid AMX overhead.

First, thanks for your awesome Plugin, I was waiting for this!

What about that you add a default protection to your Plugin directly, so if the Callback is not added in any used Scripts it will use the default one from your Plugin and if the Callback is added in any used Scripts it will use the one from PAWN written by Scripters.

Not all PAWN Scripters know how to add a protection directly into the Plugin.
Would you do that for the next Version?

[Paulice]

Quote:

Originally Posted by Spmn Well all your bandwidth was used for flooding, so that's normal. This should never happen on a proper hosted server.

I assume you can use the tool without internet (should be possible as you can connect to the server with no internet), does bandwidth even come in play in this case?

On the other hand, it will be nice to use this to block packets sent by clients with their IP banned.

[Spmn]

Quote:

Originally Posted by Morpheus1992 First, thanks for your awesome Plugin, I was waiting for this! What about that you add a default protection to your Plugin directly, so if the Callback is not added in any used Scripts it will use the default one from your Plugin and if the Callback is added in any used Scripts it will use the one from PAWN written by Scripters. Not all PAWN Scripters know how to add a protection directly into the Plugin. Would you do that for the next Version?

If no sample script/callback is used, then the plugin will assume that you don't need any flood check, so server will respond to all queries. (equivalent of returning 0 in `OnQueryFloodCheck` - which should not cause any problems IF you got enough bandwidth)
That's the default behaviour.

Quote:

Originally Posted by Paulice I assume you can use the tool without internet (should be possible as you can connect to the server with no internet), does bandwidth even come in play in this case?

Yeah, no internet connection is required, but why would you load this plugin on a local server? Protect yourself from yourself?

[youmasterd7]

My server is 0.3DL, the plugin that you have put is 0.3.7.

the console leaves "Loading SA-MP Custom Query Flood Check v1.0 ...
CQFC plugin is compatible only with SA-MP 0.3.7 R2-1. "

please could place a plugins for windows compatible with version 0.3.DL

[rorrobryan]

Pls update this plugin from 0.3.7 R2-2
And 0.3DL

[rorrobryan]

Someone who uses this plugin?