GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → sqproxy → sqredirect

sqproxy / sqredirect

Licence: GPL-3.0 license
Redirection and filtering Source Engine game traffic in bundle with sqproxy

Programming Languages

python
139335 projects - #7 most used programming language
c
50402 projects - #5 most used programming language
Makefile
30231 projects

Labels

ddoskernelebpfddos-mitigationsqproxy

Projects that are alternatives of or similar to sqredirect

pwru
Packet, where are you? -- Linux kernel networking debugger
Stars: ✭ 694 (+3204.76%)
Mutual labels:  kernel, ebpf
btfhub
BTFHub, together with BTFHub Archive repository, provides BTF files for existing published kernels that don't support embedded BTF.
Stars: ✭ 100 (+376.19%)
Mutual labels:  kernel, ebpf
bpflock
bpflock - eBPF driven security for locking and auditing Linux machines
Stars: ✭ 54 (+157.14%)
Mutual labels:  kernel, ebpf
KubeArmor
Cloud-native Runtime Security Enforcement System
Stars: ✭ 434 (+1966.67%)
Mutual labels:  kernel, ebpf
ddos-mitigation
Tips to mitigate and secure your large-scale server against DDoS attacks.
Stars: ✭ 58 (+176.19%)
Mutual labels:  ddos, ddos-mitigation
Bpfd
Framework for running BPF programs with rules on Linux as a daemon. Container aware.
Stars: ✭ 396 (+1785.71%)
Mutual labels:  kernel, ebpf
oxdpus
A toy tool that leverages the super powers of XDP to bring in-kernel IP filtering
Stars: ✭ 59 (+180.95%)
Mutual labels:  kernel, ebpf
Fastnetmon
FastNetMon - very fast DDoS sensor with sFlow/Netflow/IPFIX/SPAN support
Stars: ✭ 2,860 (+13519.05%)
Mutual labels:  ddos, ddos-mitigation
PoW-Shield
Project dedicated to fight Layer 7 DDoS with proof of work, featuring an additional WAF. Completed with full set of features and containerized for rapid and lightweight deployment.
Stars: ✭ 99 (+371.43%)
Mutual labels:  ddos, ddos-mitigation
Cilium
eBPF-based Networking, Security, and Observability
Stars: ✭ 10,256 (+48738.1%)
Mutual labels:  kernel, ebpf
epiphany
A pre-DDoS security assessment tool
Stars: ✭ 106 (+404.76%)
Mutual labels:  ddos, ddos-mitigation
anti-ddos-lite
Anti-DDoS-Lite (Anti-Crawler app) is a small PHP app to protect your site against DDoS attack.
Stars: ✭ 96 (+357.14%)
Mutual labels:  ddos, ddos-mitigation
ebpf
eBPF package for Go
Stars: ✭ 25 (+19.05%)
Mutual labels:  ebpf
CAMEL99-V2
Indirect threaded code version of CAMEL99 Forth for TI-99 computer
Stars: ✭ 16 (-23.81%)
Mutual labels:  kernel
merbridge
Use eBPF to speed up your Service Mesh like crossing an Einstein-Rosen Bridge.
Stars: ✭ 469 (+2133.33%)
Mutual labels:  ebpf
tinyos
An UNIX-like toy operating system runs on x86 CPU
Stars: ✭ 47 (+123.81%)
Mutual labels:  kernel
r3
R3-OS — Experimental static (μITRON-esque) RTOS for deeply embedded systems, testing the limit of Rust's const eval and generics
Stars: ✭ 87 (+314.29%)
Mutual labels:  kernel
kernel-memtest
Hybrid memtest running in kernel mode, and userspace.
Stars: ✭ 17 (-19.05%)
Mutual labels:  kernel
MellOs
Minimal, collaboratively written kernel
Stars: ✭ 219 (+942.86%)
Mutual labels:  kernel
linux-prog
Some C code i write to study systems programming (while reading The Linux Programming Interface)
Stars: ✭ 43 (+104.76%)
Mutual labels:  kernel
View All Similar Projects ➔

sqredirect

Redirection and filtering Source Engine game traffic in a bundle with sqproxy

How it Works?

sqredirect attach eBPF filter(s) to network interface and manipulate with traffic targeting to game ports

eBPF is more efficient way to check/accept/drop packets in Linux

More in Wikipedia

BPF Performance Tools (book)

Firewall

As redirection and filtering processed before any firewall rules applied, you also need ensure target (redirect) ports are accessable from external network. If your server placed behind NAT and all rules live in router, you do not need do anything.

Requirements

  • Linux
  • Kernel version >= 4.4, check your by command: uname -r
  • python2 or python3

Installation

TODO: Split into Ubuntu/Debian/Others like in bcc-tools README

Step 1: Install bcc-tools

Step 2: Install sqredirect

python -m pip install sqredirect

https://pypi.org/project/sqredirect/

Usage

Automatically

Only by SQProxy

Non-root running

bcc-tools can't be used w/o root, see iovisor/bcc#1166

But you can use this snippet to restrict usage only to specified user/group:

TL;DR: move python redirect.py $@ to command and add permissions in /etc/sudoers

  1. Copy content of this folder to /usr/src/sqredirect

  2. Create file in /usr/local/bin/sqredirect with content:

    #!/bin/bash

cd /usr/src/sqredirect
exec python2 /usr/src/sqredirect/redirect.py $@

  3. chmod +x /usr/local/bin/sqredirect

  4. Create group network and add user to group

    addgroup network
usermod -aG network <user-which-should-it-run>

  5. Allow run sqredirect command w/o root privileges

    echo "%network ALL=(root) NOPASSWD: /usr/local/bin/sqredirect" > /etc/sudoers.d/network

More about sudoers: https://www.digitalocean.com/community/tutorials/how-to-edit-the-sudoers-file

Troubleshooting

Problem: I can't reach my server through network

Solution: Rollback any changes at network level, run in console (if you have access):

tc qdisc del dev eth0 root

replace eth0 with your interface name

Dive into Traffic Control

eBPF provide simple way to control traffic. But it's based on great Linux architecture of Traffic Control (TC).

More about TC you can learn in this document: https://people.netfilter.org/pablo/netdev0.1/papers/Linux-Traffic-Control-Classifier-Action-Subsystem-Architecture.pdf

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].