schachtmeister2

schachtmeister2 is a daemon for white- and blacklisting specified ISPs, hosting providers and so on. It was created for the Der Bunker Tremulous server to combat malicious players evading bans.

The source code is available here.

The daemon works by looking up a given IP address in WHOIS databases and reverse DNS records and analyzing the results. Its configuration file, schachts.list, is a list of keywords to be searched for along with a partial rating. The program's output, the rating, is the sum of partial ratings of all matched keywords.

Usage

Since the daemon is meant to be used with a Tremulous server, it communicates over UDP. The protocol is extremely simple. To query schachtmeister2 send an UDP packet (port 1337) that looks like:

\xff\xff\xff\xffsm2query ADDRESS

Note the four leading 0xFF bytes. The daemon will send a reply to the sender's address and port that will look like:

\xff\xff\xff\xffsm2reply ADDRESS RATING

Here's an example using BSD's netcat, asking for the rating of 8.8.8.8 (Google's DNS):

$ printf "\xff\xff\xff\xffsm2query 8.8.8.8 | nc -u 127.0.0.1 1337
����sm2reply 8.8.8.8 0

The list

The daemon needs a list of keywords to operate meaningfully. The program looks for a file named schachts.list in its working directory. Below is an example list:

// a few known VPS and VPN providers
revdns	-50	tcpvpn.com
revdns	-50	vultr.com

whois	-50	"OVH"
whois	-50	"DigitalOcean"
whois	-50	"Digital Ocean"

// Desala's ISP
revdns	-10	.dynamic.chello.pl

The columns are:

  1. Where to look for the substring: revdns or whois?
  2. The partial rating or how much the total rating changes if this substring is found.
  3. The substring to look for. Use quotation marks if you need spaces. The program does not support regular expressions yet.

Whitespace doesn't matter but I recommend tabs for proper alignment. You can use C++-style one-line comments.

Reloading on the fly

Restarting the daemon clears its cache, so you might want to avoid it. To make schachtmeister2 reload the list, send SIGUSR1 to the process.

Limitations

This is one of those programs that I've written quickly, as crude prototypes, but have worked exceedingly well. As I couldn't be bothered to rewrite the program better, it's not very flexible and works well only in a single application. I might continue working on it if there's demand outside of Tremulous.