.gitignore

@@ -19,7 +19,3 @@
 
 # Go workspace file
 go.work
-
-# testing
-run.sh
-server.yaml

README.md

@@ -2,10 +2,6 @@
 
 A modification of [lilproxy][lilproxy_url] that forwards only Q3 rcon/query packets. Useful for separating the rcon port from the game server port.
 
-### Why
-
-Unfortunately the Q3Rcon engine ties the rcon port to the game servers public port used for client connections. This proxy will allow you to run rcon through a separate whitelisted port.
-
 ### Use
 
 Run one or multiple rcon proxies by setting an environment variable `Q3RCON_PROXY`
@@ -20,11 +16,9 @@ This would configure q3rcon-proxy to run 3 proxy servers listening on ports `200
 
 Then just run the binary which you can compile yourself, download from `Releases` or use the included Dockerfile.
 
-### Logging
+### Why
 
-Set the log level with environment variable `Q3RCON_LOGLEVEL`:
+Avoid sending plaintext rcon commands to the public game server port. In general I would advise anyone using rcon remotely to use a secured connection but perhaps you've passed rcon to a clan friend who doesn't know about secured connections. Now you can instruct them to use rcon only through a whitelisted port.
-
-`0 = Panic, 1 = Fatal, 2 = Error, 3 = Warning, 4 = Info, 5 = Debug, 6 = Trace`
 
 ### Special Thanks
 

cmd/q3rcon-proxy/main.go

@@ -3,7 +3,7 @@ package main
 import (
 	"fmt"
 	"os"
-	"slices"
+	"strconv"
 	"strings"
 
 	log "github.com/sirupsen/logrus"
@@ -11,33 +11,7 @@ import (
 	"github.com/onyx-and-iris/q3rcon-proxy/pkg/udpproxy"
 )
 
-func main() {
+func start(proxy string) {
-	logLevel, err := getEnvInt("Q3RCON_LOGLEVEL")
-	if err != nil {
-		log.Fatalf("unable to parse Q3RCON_LEVEL: %s", err.Error())
-	}
-	if slices.Contains(log.AllLevels, log.Level(logLevel)) {
-		log.SetLevel(log.Level(logLevel))
-	}
-
-	proxies := os.Getenv("Q3RCON_PROXY")
-	if proxies == "" {
-		log.Fatal("env Q3RCON_PROXY required")
-	}
-
-	host := os.Getenv("Q3RCON_HOST")
-	if host == "" {
-		host = "0.0.0.0"
-	}
-
-	for _, proxy := range strings.Split(proxies, ";") {
-		go start(host, proxy)
-	}
-
-	<-make(chan int)
-}
-
-func start(host, proxy string) {
 	port, target := func() (string, string) {
 		x := strings.Split(proxy, ":")
 		return x[0], x[1]
@@ -52,3 +26,51 @@ func start(host, proxy string) {
 
 	log.Fatal(c.ListenAndServe())
 }
+
+var (
+	proxies, host string
+)
+
+func getenvInt(key string) (int, error) {
+	s := os.Getenv(key)
+	if s == "" {
+		return 0, nil
+	}
+	v, err := strconv.Atoi(s)
+	if err != nil {
+		return 0, err
+	}
+	return v, nil
+}
+
+func init() {
+	proxies = os.Getenv("Q3RCON_PROXY")
+	if proxies == "" {
+		log.Fatal("env Q3RCON_PROXY required")
+	}
+
+	host = os.Getenv("Q3RCON_HOST")
+	if host == "" {
+		host = "0.0.0.0"
+	}
+
+	debug, err := getenvInt("Q3RCON_DEBUG")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	if debug == 1 {
+		log.SetLevel(log.DebugLevel)
+	} else {
+		log.SetLevel(log.InfoLevel)
+	}
+
+}
+
+func main() {
+	for _, proxy := range strings.Split(proxies, ";") {
+		go start(proxy)
+	}
+
+	<-make(chan int)
+}

cmd/q3rcon-proxy/util.go

@@ -1,18 +0,0 @@
-package main
-
-import (
-	"os"
-	"strconv"
-)
-
-func getEnvInt(key string) (int, error) {
-	s := os.Getenv(key)
-	if s == "" {
-		return 0, nil
-	}
-	v, err := strconv.Atoi(s)
-	if err != nil {
-		return 0, err
-	}
-	return v, nil
-}

pkg/udpproxy/session.go

@@ -2,7 +2,6 @@ package udpproxy
 
 import (
 	"errors"
-	"fmt"
 	"net"
 	"strings"
 	"time"
@@ -69,7 +68,7 @@ func (s *session) proxyFrom(buf []byte) error {
 		if s.isBadRconResponse(buf) {
 			log.Infof("Response: Bad rcon from %s", s.caddr.IP)
 		} else {
-			log.Debugf("Response: %s", string(buf[len(s.rconResponseHeader):]))
+			log.Debugf("Response: %s", string(buf[10:]))
 		}
 	}
 
@@ -78,13 +77,7 @@ func (s *session) proxyFrom(buf []byte) error {
 
 func (s *session) proxyTo(buf []byte) error {
 	if !s.isValidRequestPacket(buf) {
-		var err error
+		err := errors.New("not a rcon or query request packet")
-		if s.isChallengeRequestPacket(buf) {
-			parts := strings.SplitN(string(buf), " ", 3)
-			err = fmt.Errorf("invalid challenge from %s with GUID: %s", s.caddr.IP, parts[len(parts)-1])
-		} else {
-			err = errors.New("not a rcon or query request packet")
-		}
 		log.Error(err.Error())
 		return err
 	}

pkg/udpproxy/udpproxy.go

@@ -53,8 +53,8 @@ func (c *Client) ListenAndServe() error {
 			log.Error(err)
 		}
 
-		session, ok := c.sessions[caddr.String()]
+		session, found := c.sessions[caddr.String()]
-		if !ok {
+		if !found {
 			session, err = newSession(caddr, c.raddr, c.proxyConn)
 			if err != nil {
 				log.Error(err)

pkg/udpproxy/validator.go

@@ -3,63 +3,57 @@ package udpproxy
 import "bytes"
 
 type validator struct {
-	rconRequestHeader         []byte
+	rconRequestHeader       []byte
-	getstatusRequestHeader    []byte
+	getstatusRequestHeader  []byte
-	getinfoRequestHeader      []byte
+	getinfoRequestHeader    []byte
-	getchallengeRequestHeader []byte
+	rconResponseHeader      []byte
-	rconResponseHeader        []byte
+	getstatusResponseHeader []byte
-	getstatusResponseHeader   []byte
+	getinfoResponseHeader   []byte
-	getinfoResponseHeader     []byte
+	badRconIdentifier       []byte
-	badRconIdentifier         []byte
 }
 
 func newValidator() validator {
-	return validator{
+	v := validator{}
-		rconRequestHeader:         []byte("\xff\xff\xff\xffrcon"),
+	v.rconRequestHeader = []byte("\xff\xff\xff\xffrcon")
-		getstatusRequestHeader:    []byte("\xff\xff\xff\xffgetstatus"),
+	v.getstatusRequestHeader = []byte("\xff\xff\xff\xffgetstatus")
-		getinfoRequestHeader:      []byte("\xff\xff\xff\xffgetinfo"),
+	v.getinfoRequestHeader = []byte("\xff\xff\xff\xffgetinfo")
-		getchallengeRequestHeader: []byte("\xff\xff\xff\xffgetchallenge"),
+	v.rconResponseHeader = []byte("\xff\xff\xff\xffprint\n")
-		rconResponseHeader:        []byte("\xff\xff\xff\xffprint\n"),
+	v.getstatusResponseHeader = []byte("\xff\xff\xff\xffstatusResponse\n")
-		getstatusResponseHeader:   []byte("\xff\xff\xff\xffstatusResponse\n"),
+	v.getinfoResponseHeader = []byte("\xff\xff\xff\xffinfoResponse\n")
-		getinfoResponseHeader:     []byte("\xff\xff\xff\xffinfoResponse\n"),
+	v.badRconIdentifier = []byte("Bad rcon")
-		badRconIdentifier:         []byte("Bad rcon"),
+	return v
-	}
 }
 
-func (v validator) compare(buf, c []byte) bool {
+func (v *validator) compare(buf, c []byte) bool {
 	return bytes.Equal(buf[:len(c)], c)
 }
 
-func (v validator) isRconRequestPacket(buf []byte) bool {
+func (v *validator) isRconRequestPacket(buf []byte) bool {
 	return v.compare(buf, v.rconRequestHeader)
 }
 
-func (v validator) isQueryRequestPacket(buf []byte) bool {
+func (v *validator) isQueryRequestPacket(buf []byte) bool {
 	return v.compare(buf, v.getstatusRequestHeader) ||
 		v.compare(buf, v.getinfoRequestHeader)
 }
 
-func (v validator) isValidRequestPacket(buf []byte) bool {
+func (v *validator) isValidRequestPacket(buf []byte) bool {
 	return v.isRconRequestPacket(buf) || v.isQueryRequestPacket(buf)
 }
 
-func (v validator) isChallengeRequestPacket(buf []byte) bool {
+func (v *validator) isRconResponsePacket(buf []byte) bool {
-	return v.compare(buf, v.getchallengeRequestHeader)
-}
-
-func (v validator) isRconResponsePacket(buf []byte) bool {
 	return v.compare(buf, v.rconResponseHeader)
 }
 
-func (v validator) isQueryResponsePacket(buf []byte) bool {
+func (v *validator) isQueryResponsePacket(buf []byte) bool {
 	return v.compare(buf, v.getstatusResponseHeader) ||
 		v.compare(buf, v.getinfoResponseHeader)
 }
 
-func (v validator) isValidResponsePacket(buf []byte) bool {
+func (v *validator) isValidResponsePacket(buf []byte) bool {
 	return v.isRconResponsePacket(buf) || v.isQueryResponsePacket(buf)
 }
 
-func (v validator) isBadRconResponse(buf []byte) bool {
+func (v *validator) isBadRconResponse(buf []byte) bool {
 	return v.compare(buf[len(v.rconResponseHeader):], v.badRconIdentifier)
 }