/* Minimal version of Stella Firewall, protection to query flood for SA-MP 0.3e

1. /* Minimal version of Stella Firewall, protection to query flood for SA-MP 0.3e */
2. /* By Kevin R.V <[email protected]> <[email protected]> */
3.  
4. #include<stdio.h> //For standard things
5. #include<stdlib.h> //malloc
6. #include<string.h> //memset
7. #include<netinet/ip_icmp.h> //Provides declarations for icmp header
8. #include<netinet/udp.h> //Provides declarations for udp header
9. #include<netinet/tcp.h> //Provides declarations for tcp header
10. #include<netinet/ip.h> //Provides declarations for ip header
11. #include<sys/socket.h>
12. #include<arpa/inet.h>
13. #include<pthread.h>
14. //V2
15. #define MAX_QUERYS 350
16. #define MAX_INCOMINGS 12
17.  
18. void ProcessPacket(unsigned char* , int);
19. void print_ip_header(unsigned char* , int);
20. void process_udp_packet(unsigned char * , int);
21. void *TimerCheck( void *ptr );
22. void SampQueryPacket(char * szHost, u_short port);
23. void SampIncomingPackets(char * szHost, u_short port);
24. void AddIncomingPacket(char * szHost);
25. int sock_raw;
26. void Ban(char * szHost);
27. void Reload();
28. int CheckIfExists(char * szHost);
29. void AddQueryPacket(char * szHost);
30. int tcp=0,udp=0,icmp=0,others=0,igmp=0,total=0,j;
31. struct sockaddr_in source,dest;
32.  
33. struct userPackets
34. {
35. char szHost[30];
36. long int IncomingPackets;
37. long int QueryPackets;
38.  
39. };
40.  
41. struct userPackets ddosInfo[700];
42.  
43. int main()
44. {
45. Reload();
46. pthread_t thread1;
47. pthread_create( &thread1, NULL, TimerCheck, NULL);
48. int saddr_size , data_size;
49. struct sockaddr saddr;
50. struct in_addr in;
51.  
52. unsigned char *buffer = (unsigned char *)malloc(65536); //Its Big!
53.  
54.  
55. printf("Starting Stella Firewall BETA v0.1...\n");
56. sock_raw = socket(AF_INET , SOCK_RAW , IPPROTO_UDP);
57. if(sock_raw < 0)
58. {
59. printf("Socket Error\n");
60. return 1;
61. }
62. while(1)
63. {
64. saddr_size = sizeof saddr;
65. data_size = recvfrom(sock_raw , buffer , 65536 , 0 , &saddr , &saddr_size);
66. if(data_size <0 )
67. {
68. printf("Recvfrom error , failed to get packets\n");
69. return 1;
70. }
71. ProcessPacket(buffer , data_size);
72. }
73. close(sock_raw);
74. return 0;
75. }
76.  
77. void ProcessPacket(unsigned char* buffer, int size)
78. {
79. struct iphdr *iph = (struct iphdr*)buffer;
80. ++total;
81. switch (iph->protocol)
82. {
83.  
84. case 17: //UDP Protocol
85. ++udp;
86. process_udp_packet(buffer , size);
87. break;
88.  
89. default:
90. break;
91. }
92. }
93.  
94. void process_udp_packet(unsigned char *Buffer , int Size)
95. {
96.  
97. unsigned short iphdrlen;
98.  
99. struct iphdr *iph = (struct iphdr *)Buffer;
100. iphdrlen = iph->ihl*4;
101.  
102. memset(&source, 0, sizeof(source));
103. source.sin_addr.s_addr = iph->saddr;
104.  
105. memset(&dest, 0, sizeof(dest));
106. dest.sin_addr.s_addr = iph->daddr;
107. struct udphdr *udph = (struct udphdr*)(Buffer + iphdrlen);
108. char * Packet = &Buffer[4] + iphdrlen + sizeof udph;
109. int len_pkt = ( Size - sizeof udph - iph->ihl * 4 );
110. Packet[len_pkt] = '\0';
111.  
112. if (Packet[0] == 0x28)
113. {
114. if ( ntohs(udph->len) == 12 )
115. {
116. SampIncomingPackets(inet_ntoa(source.sin_addr),ntohs(udph->dest));
117. }
118. }
119.  
120. else if ( Packet[0] == 'S' && Packet[1] == 'A' && Packet[2] == 'M' && Packet[3] == 'P' )
121. {
122. SampQueryPacket(inet_ntoa(source.sin_addr),ntohs(udph->dest));
123. }
124. }
125.  
126. void Reload()
127. {
128. int i = 0;
129. for(i = 0; i<700; i++)
130. {
131. strcpy(ddosInfo[i].szHost, "127.0.0.1");
132. ddosInfo[i].IncomingPackets = 0;
133. ddosInfo[i].QueryPackets = 0;
134. }
135.  
136.  
137. }
138. int CheckIfExists(char * szHost)
139. {
140. int i = 0;
141. for(i = 0; i<700; i++)
142. {
143. if ( strcmp(ddosInfo[i].szHost, szHost) == 0 )
144. return i;
145. }
146. return -1;
147. }
148.  
149. void *TimerCheck( void *ptr )
150. {
151. while(1)
152. {
153. sleep(6);
154. Reload();
155. }
156.  
157. }
158.  
159. void Ban(char * szHost)
160. {
161. printf("Attack from: %s, blocking it...\n", szHost);
162. char cmd[50];
163. memset(cmd, 0, sizeof(cmd));
164. sprintf(cmd, "iptables -A INPUT -s %s -j DROP", szHost);
165. system(cmd);
166. }
167.  
168.  
169. void AddQueryPacket(char * szHost)
170. {
171.  
172. int check = CheckIfExists(szHost);
173. if ( check != -1)
174. {
175. ddosInfo[check].QueryPackets++;
176. if ( ddosInfo[check].QueryPackets > MAX_QUERYS )
177. Ban(ddosInfo[check].szHost);
178. }
179. else
180. {
181. int i = 0;
182. for(i = 0; i<700; i++)
183. {
184. if ( strcmp(ddosInfo[i].szHost, "127.0.0.1") == 0 )
185. {
186. strcpy(ddosInfo[i].szHost, szHost);
187. ddosInfo[i].IncomingPackets = 0;
188. ddosInfo[i].QueryPackets = 1;
189. break;
190. }
191. }
192.  
193. }
194.  
195.  
196. }
197.  
198. void AddIncomingPacket(char * szHost)
199. {
200.  
201. int check = CheckIfExists(szHost);
202. if ( check != -1)
203. {
204. ddosInfo[check].IncomingPackets++;
205.  
206. if ( ddosInfo[check].IncomingPackets > MAX_INCOMINGS )
207. Ban(ddosInfo[check].szHost);
208. }
209. else
210. {
211. int i = 0;
212. for(i = 0; i<700; i++)
213. {
214. if ( strcmp(ddosInfo[i].szHost, "127.0.0.1") == 0 )
215. {
216. strcpy(ddosInfo[i].szHost, szHost);
217. ddosInfo[i].IncomingPackets = 1;
218. ddosInfo[i].QueryPackets = 0;
219. break;
220. }
221. }
222.  
223. }
224.  
225.  
226. }
227.  
228. void SampQueryPacket(char * szHost, u_short port)
229. {
230. if ( port == 9355 )
231. {
232. AddQueryPacket(szHost);
233. }
234.  
235. }
236.  
237. void SampIncomingPackets(char * szHost, u_short port)
238. {
239. if ( port == 9355 )
240. {
241. AddIncomingPacket(szHost);
242. }
243. }