schachtmeister2 is a daemon for white- and blacklisting specified ISPs, hosting providers and so on. It was created for the Der Bunker Tremulous server to combat malicious players evading bans.
The source code is available here.
The daemon works by looking up a given IP address in WHOIS databases and reverse DNS records and analyzing the results. Its configuration file,
schachts.list, is a list of keywords to be searched for along with a partial rating. The program's output, the rating, is the sum of partial ratings of all matched keywords.
Since the daemon is meant to be used with a Tremulous server, it communicates over UDP. The protocol is extremely simple. To query
schachtmeister2 send an UDP packet (port 1337) that looks like:
Note the four leading
0xFF bytes. The daemon will send a reply to the sender's address and port that will look like:
\xff\xff\xff\xffsm2reply ADDRESS RATING
Here's an example using BSD's netcat, asking for the rating of
18.104.22.168 (Google's DNS):
$ printf "\xff\xff\xff\xffsm2query 22.214.171.124 | nc -u 127.0.0.1 1337 ����sm2reply 126.96.36.199 0
The daemon needs a list of keywords to operate meaningfully. The program looks for a file named
schachts.list in its working directory. Below is an example list:
// a few known VPS and VPN providers revdns -50 tcpvpn.com revdns -50 vultr.com whois -50 "OVH" whois -50 "DigitalOcean" whois -50 "Digital Ocean" // Desala's ISP revdns -10 .dynamic.chello.pl
The columns are:
- Where to look for the substring:
- The partial rating or how much the total rating changes if this substring is found.
- The substring to look for. Use quotation marks if you need spaces. The program does not support regular expressions yet.
Whitespace doesn't matter but I recommend tabs for proper alignment. You can use C++-style one-line comments.
Reloading on the fly
Restarting the daemon clears its cache, so you might want to avoid it. To make
schachtmeister2 reload the list, send
SIGUSR1 to the process.
This is one of those programs that I've written quickly, as crude prototypes, but have worked exceedingly well. As I couldn't be bothered to rewrite the program better, it's not very flexible and works well only in a single application. I might continue working on it if there's demand outside of Tremulous.