chore: auto-update Go modules

remove double log on error

add some explanatory comments.

.dockerignore

@@ -0,0 +1,6 @@
+*
+!cmd/
+!*.go
+
+!go.mod
+!go.sum

.github/workflows/release.yml

@@ -0,0 +1,31 @@
+name: goreleaser
+
+on:
+  push:
+    tags:
+      - 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
+
+permissions:
+  contents: write
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      -
+        name: Set up Go
+        uses: actions/setup-go@v5
+      -
+        name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          distribution: goreleaser
+          version: '~> v2'
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/update-go-modules.yml

@@ -0,0 +1,30 @@
+name: Auto-Update Go Modules
+
+on:
+  schedule:
+    - cron: "0 0 * * 1" # Runs every Monday at midnight
+
+jobs:
+  update-go-modules:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: stable
+
+      - name: Update Dependencies
+        run: |
+          go get -u ./...
+          go mod tidy
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add go.mod go.sum
+          git commit -m "chore: auto-update Go modules"
+          git push

.gitignore

@@ -1,3 +1,5 @@
+# Auto-generated .gitignore by gignore: github.com/onyx-and-iris/gignore
+### Go ###
 # If you prefer the allow list template instead of the deny list, see community template:
 # https://github.com/github/gitignore/blob/main/community/Golang/Go.AllowList.gitignore
 #
@@ -7,6 +9,7 @@
 *.dll
 *.so
 *.dylib
+bin/
 
 # Test binary, built with `go test -c`
 *.test
@@ -19,3 +22,7 @@
 
 # Go workspace file
 go.work
+# End of gignore: github.com/onyx-and-iris/gignore
+
+# Added by goreleaser init:
+dist/

.goreleaser.yaml

@@ -0,0 +1,55 @@
+# This is an example .goreleaser.yml file with some sensible defaults.
+# Make sure to check the documentation at https://goreleaser.com
+
+# The lines below are called `modelines`. See `:help modeline`
+# Feel free to remove those if you don't want/need to use them.
+# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
+# vim: set ts=2 sw=2 tw=0 fo=cnqoj
+
+version: 2
+
+before:
+  hooks:
+    # You may remove this if you don't use go modules.
+    - go mod tidy
+    # you may remove this if you don't need go generate
+    - go generate ./...
+
+builds:
+  - main: ./cmd/q3rcon-proxy/
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - windows
+    goarch:
+      - amd64
+
+archives:
+  - formats: ['tar.gz']
+    # this name template makes the OS and Arch compatible with the results of `uname`.
+    name_template: >-
+      {{ .ProjectName }}_
+      {{- title .Os }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end }}
+    # use zip for windows archives
+    format_overrides:
+      - goos: windows
+        formats: ['zip']
+
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - '^docs:'
+      - '^test:'
+
+release:
+  footer: >-
+
+    ---
+
+    Released by [GoReleaser](https://github.com/goreleaser/goreleaser).

.vscode/launch.json

@@ -9,9 +9,9 @@
             "type": "go",
             "request": "launch",
             "mode": "auto",
-            "program": "${workspaceFolder}/cmd/q3rcon_proxy/main.go",
+            "program": "${workspaceFolder}/cmd/q3rcon-proxy/",
             "env": {
-                "Q3RCON_PROXY": "28961:28960",
+                "Q3RCON_PORTS_MAPPING": "28961:28960",
             }
         }
     ]

CHANGELOG.md

@@ -11,12 +11,91 @@ Before any major/minor/patch bump all unit tests will be run to verify they pass
 
 -   [x]
 
+## [1.7.0] - 2025-06-05
+
+### Added
+
+-   Taskfile added for running and building project.
+-   The binary may be passed CLI flags as well as environment variables.
+
+### Changed
+
+-   CLI component rewritten with urfave/cli.
+-   env var `Q3RCON_TARGET_PORTS` renamed to `Q3RCON_PORTS_MAPPING`
+
+## [1.4.0] - 2024-11-29
+
+### Added
+
+-   new environment variable `Q3RCON_TARGET_HOST` for setting the host the gameserver is on.
+
+### Changed
+
+-   environment variable `Q3RCON_HOST` renamed to `Q3RCON_PROXY_HOST`
+-   environment variable `Q3RCON_PROXY` renamed to `Q3RCON_TARGET_PORTS`.
+-   default session timeout changed from 5 to 20 minutes.
+
+## [1.3.0] - 2024-10-23
+
+### Added
+
+-   Add sessionCache for tracking sessions.
+-   Functional option `WithStaleTimeout` renamed to `WithSessionTimeout`
+
+## [1.2.0] - 2024-10-19
+
+### Added
+
+-   optional function `WithStaleTimeout`, use it to configure the session timeout value.
+    -   it defaults to 5 minutes.
+
+## [1.1.0] - 2024-09-28
+
+### Added
+
+-   connection (challenge) requests are now logged.
+
+## [0.6.0] - 2024-03-21
+
+### Added
+
+-   new environment variable `Q3RCON_DEBUG` for enabling debug logging. Defaults to 0.
+-   rcon responses are now logged at debug level
+-   invalid responses (rcon and query) now logged
+
+### Changed
+
+-   All packet header checking methods moved into Session struct.
+
+### Fixed
+
+-   a bug causing the proxy not to send back query responses
+
+## [0.3.0] - 2024-03-08
+
+### Added
+
+-   outgoing rcon requests now logged at info level
+-   new environment variable `Q3RCON_HOST` for specifying which ip to bind the proxy to. Defaults to `0.0.0.0`.
+
+### Changed
+
+-   now using [logrus][logrus] package for logging.
+
+### Fixed
+
+-   a `slice bounds out of range` error due to query packets being logged.
+
 ## [0.1.0] - 2024-01-27
 
--   ignore any packets whose header does match a q3 rcon/query packet.
+### Added
+
+-   only forward packets if the header matches q3 rcon/query.
 
 ## [0.0.1] - 2024-01-27
 
 ### Added
 
 -   All source files for lilproxy including full commit history.
+
+[logrus]: https://github.com/sirupsen/logrus

Dockerfile

@@ -1,12 +0,0 @@
-FROM golang:alpine
-
-WORKDIR /dist
-
-COPY . .
-
-# build binary and place into /usr/local/bin
-RUN go mod download && go mod verify
-RUN go build -v -o /usr/local/bin/q3rcon-proxy ./cmd/q3rcon-proxy
-
-# Command to run when starting the container
-ENTRYPOINT [ "q3rcon-proxy" ]

Makefile

@@ -1,2 +1,40 @@
-go-build:
+PROGRAM = q3rcon-proxy
-	go build ./cmd/q3rcon-proxy/
+
+GO = @go
+BIN_DIR := bin
+
+WINDOWS=$(BIN_DIR)/$(PROGRAM)_windows_amd64.exe
+LINUX=$(BIN_DIR)/$(PROGRAM)_linux_amd64
+VERSION=$(shell git log -n 1 --format=%h)
+
+.DEFAULT_GOAL := build
+
+.PHONY: fmt vet build windows linux test clean
+fmt:        
+	$(GO) fmt ./...
+
+vet: fmt        
+	$(GO) vet ./...
+
+build: vet windows linux | $(BIN_DIR)
+	@echo version: $(VERSION)
+
+windows: $(WINDOWS)
+
+linux: $(LINUX)
+
+
+$(WINDOWS):
+	env GOOS=windows GOARCH=amd64 go build -v -o $(WINDOWS) -ldflags="-s -w -X main.version=$(VERSION)"  ./cmd/$(PROGRAM)/
+
+$(LINUX):
+	env GOOS=linux GOARCH=amd64 go build -v -o $(LINUX) -ldflags="-s -w -X main.version=$(VERSION)"  ./cmd/$(PROGRAM)/
+
+test:
+	$(GO) test ./...
+
+$(BIN_DIR):
+	@mkdir -p $@
+
+clean:
+	@rm -rv $(BIN_DIR)

README.md

@@ -2,27 +2,69 @@
 
 A modification of [lilproxy][lilproxy_url] that forwards only Q3 rcon/query packets. Useful for separating the rcon port from the game server port.
 
-### Use
-
-Run one or multiple rcon proxies by setting an environment variable `Q3RCON_PROXY`
-
-for example:
-
-```bash
-export Q3RCON_PROXY="20000:28960;20001:28961;20002:28962"
-```
-
-This would run 3 proxy servers listening on ports `20000`, `20001` and `20002` that redirect rcon requests to game servers on ports `28960`, `28961` and `28962` respectively.
-
 ### Why
 
-Avoid sending plaintext rcon requests (that include the password) to public ports. Instead send them to whitelisted ports.
+Unfortunately the Q3Rcon engine ties the rcon port to the game servers public port used for client connections. This proxy will allow you to run rcon through a separate whitelisted port.
 
-Gives you the option to disable remote rcon entirely and have the server accept requests only from localhost.
+### Use
+
+#### Flags
+
+```bash
+#!/usr/bin/env bash
+
+/usr/local/bin/q3rcon-proxy \
+    --proxy-host=0.0.0.0 \
+    --target-host=localhost \
+    --ports-mapping=28961:28960 \
+    --session-timeout=20 \
+    --loglevel=debug
+```
+
+#### Environment Variables
+
+Each of the flags has a corresponding environment variable:
+
+-   `Q3RCON_PROXY_HOST`: The host the proxy server sits on.
+-   `Q3RCON_TARGET_HOST`: The host the game servers sit on.
+-   `Q3RCON_PORTS_MAPPING`: A mapping as a string with `source:target` pairs delimited by `;`.
+-   `Q3RCON_SESSION_TIMEOUT`: Timeout in seconds for each udp session.
+-   `Q3RCON_LOGLEVEL`: The application's logging level (see [Logging][logging]).
+
+Multiple rcon proxies may be configured by setting *--ports-mapping/Q3RCON_PORTS_MAPPING* like so:
+
+```console
+export Q3RCON_PORTS_MAPPING="20000:28960;20001:28961;20002:28962"
+```
+
+This would configure q3rcon-proxy to run 3 proxy servers listening on ports 20000, 20001 and 20002 that redirect rcon requests to game servers on ports 28960, 28961 and 28962 respectively.
+
+### Logging
+
+Set the log level with environment variable `Q3RCON_LOGLEVEL`.
+
+Acceptable values are:
+
+- `trace`
+- `debug`
+- `info`
+- `warn`
+- `error`
+- `fatal`
+- `panic`
+
+If not set it will default to `info`.
 
 ### Special Thanks
 
-[Dylan][user_link] For writing this proxy.
+[Dylan][user_link] For writing [lilproxy][lilproxy_url].
 
 [lilproxy_url]: https://github.com/dgparker/lilproxy
 [user_link]: https://github.com/dgparker
+
+### Further Notes
+
+For a compatible rcon client also written in Go consider checking out the [Q3 Rcon][q3rcon] package.
+
+[q3rcon]: https://github.com/onyx-and-iris/q3rcon
+[logging]: https://github.com/onyx-and-iris/q3rcon-proxy/tree/dev?tab=readme-ov-file#logging

Taskfile.yml

@@ -0,0 +1,71 @@
+version: '3'
+
+includes:
+  docker: ./docker/Taskfile.docker.yml
+
+vars:
+  PROGRAM: q3rcon-proxy
+  SHELL: '{{if eq .OS "Windows_NT"}}powershell{{end}}'
+  BIN_DIR: bin
+
+  WINDOWS: '{{.BIN_DIR}}/{{.PROGRAM}}_windows_amd64.exe'
+  LINUX: '{{.BIN_DIR}}/{{.PROGRAM}}_linux_amd64'
+  GIT_COMMIT:
+    sh: git log -n 1 --format=%h
+
+tasks:
+  default:
+    desc: Build the q3rcon-proxy project
+    cmds:
+      - task: build
+
+  build:
+    desc: Build the q3rcon-proxy project
+    deps: [vet]
+    cmds:
+      - task: build-windows
+      - task: build-linux
+
+  vet:
+    desc: Vet the code
+    deps: [fmt]
+    cmds:
+      - go vet ./...
+
+  fmt:
+    desc: Fmt the code
+    cmds:
+      - go fmt ./...
+
+  build-windows:
+    desc: Build the q3rcon-proxy project for Windows
+    cmds:
+      - GOOS=windows GOARCH=amd64 go build -o {{.WINDOWS}} -ldflags="-X main.Version={{.GIT_COMMIT}}" ./cmd/{{.PROGRAM}}/
+    internal: true
+
+  build-linux:
+    desc: Build the q3rcon-proxy project for Linux
+    cmds:
+      - GOOS=linux GOARCH=amd64 go build -o {{.LINUX}} -ldflags="-X main.Version={{.GIT_COMMIT}}" ./cmd/{{.PROGRAM}}/
+    internal: true
+
+  test:
+    desc: Run tests
+    cmds:
+      - go test ./...
+
+  clean:
+    desc: Clean the build artifacts
+    cmds:
+      - '{{.SHELL}} rm -r {{.BIN_DIR}}'
+
+  run:
+    desc: Run the q3rcon-proxy project
+    cmds:
+      - |
+        go run ./cmd/{{.PROGRAM}} \
+        --proxy-host=0.0.0.0 \
+        --target-host=localhost \
+        --ports-mapping=28961:28960 \
+        --session-timeout=20 \
+        --loglevel=debug

cmd/q3rcon-proxy/main.go

@@ -1,39 +1,132 @@
 package main
 
 import (
+	"context"
 	"fmt"
-	"log"
 	"os"
+	"strconv"
 	"strings"
+	"time"
 
-	"github.com/onyx-and-iris/q3rcon-proxy/pkg/udpproxy"
+	udpproxy "github.com/onyx-and-iris/q3rcon-proxy"
+	log "github.com/sirupsen/logrus"
+	"github.com/urfave/cli/v3"
 )
 
-func start(proxy string) {
+// proxyConfig holds the configuration for a single UDP proxy server.
-	port, target := func() (string, string) {
+type proxyConfig struct {
-		x := strings.Split(proxy, ":")
+	proxyHost      string
-		return x[0], x[1]
+	targetHost     string
-	}()
+	portsMapping   []string
-
+	sessionTimeout int
-	c, err := udpproxy.New(fmt.Sprintf("0.0.0.0:%s", port), fmt.Sprintf("127.0.0.1:%s", target))
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	log.Printf("q3rcon-proxy initialized: [proxy] (0.0.0.0:%s) [target] (127.0.0.1:%s)", port, target)
-
-	log.Fatal(c.ListenAndServe())
 }
 
 func main() {
-	proxies := os.Getenv("Q3RCON_PROXY")
+	cmd := &cli.Command{
-	if proxies == "" {
+		Name:  "q3rcon-proxy",
-		log.Fatal("env Q3RCON_PROXY required")
+		Usage: "A Quake 3 RCON proxy server",
+		Flags: []cli.Flag{
+			&cli.StringFlag{
+				Name:    "proxy-host",
+				Value:   "0.0.0.0",
+				Usage:   "Proxy host address",
+				Sources: cli.EnvVars("Q3RCON_PROXY_HOST"),
+			},
+			&cli.StringFlag{
+				Name:    "target-host",
+				Value:   "localhost",
+				Usage:   "Target host address",
+				Sources: cli.EnvVars("Q3RCON_TARGET_HOST"),
+			},
+			&cli.StringFlag{
+				Name:     "ports-mapping",
+				Usage:    "Proxy and target ports (proxy:target)",
+				Sources:  cli.EnvVars("Q3RCON_PORTS_MAPPING"),
+				Required: true,
+				Action: func(ctx context.Context, cmd *cli.Command, v string) error {
+					// Validate the ports mapping
+					for mapping := range strings.SplitSeq(v, ";") {
+						ports := strings.Split(mapping, ":")
+						if len(ports) != 2 {
+							return fmt.Errorf("invalid ports mapping: %s", mapping)
+						}
+						proxyPort, err := strconv.Atoi(ports[0])
+						if err != nil || proxyPort < 1 || proxyPort > 65535 {
+							return fmt.Errorf("invalid proxy port: %s", ports[0])
+						}
+						targetPort, err := strconv.Atoi(ports[1])
+						if err != nil || targetPort < 1 || targetPort > 65535 {
+							return fmt.Errorf("invalid target port: %s", ports[1])
+						}
+						if proxyPort == targetPort {
+							return fmt.Errorf("proxy and target ports cannot be the same: %s", mapping)
+						}
+					}
+					return nil
+				},
+			},
+			&cli.IntFlag{
+				Name:    "session-timeout",
+				Value:   20,
+				Usage:   "Session timeout in minutes",
+				Sources: cli.EnvVars("Q3RCON_SESSION_TIMEOUT"),
+			},
+			&cli.StringFlag{
+				Name:    "loglevel",
+				Value:   "info",
+				Usage:   "Log level (trace, debug, info, warn, error, fatal, panic)",
+				Sources: cli.EnvVars("Q3RCON_LOGLEVEL"),
+			},
+		},
+		Before: func(ctx context.Context, cmd *cli.Command) (context.Context, error) {
+			logLevel, err := log.ParseLevel(cmd.String("loglevel"))
+			if err != nil {
+				return ctx, fmt.Errorf("invalid log level: %w", err)
+			}
+			log.SetLevel(logLevel)
+			return ctx, nil
+		},
+		Action: func(_ context.Context, cmd *cli.Command) error {
+			errChan := make(chan error)
+
+			for mapping := range strings.SplitSeq(cmd.String("ports-mapping"), ";") {
+				cfg := proxyConfig{
+					proxyHost:      cmd.String("proxy-host"),
+					targetHost:     cmd.String("target-host"),
+					portsMapping:   strings.Split(mapping, ":"),
+					sessionTimeout: cmd.Int("session-timeout"),
 				}
 
-	for _, proxy := range strings.Split(proxies, ";") {
+				go launchProxy(cfg, errChan)
-		go start(proxy)
 			}
 
-	<-make(chan int)
+			// Under normal circumstances, the main goroutine will block here.
+			// If we receive an error we will log it and exit
+			return <-errChan
+		},
+	}
+
+	log.Fatal(cmd.Run(context.Background(), os.Args))
+}
+
+// launchProxy initializes the UDP proxy server with the given configuration.
+// It listens on the specified proxy host and port, and forwards traffic to the target host and port.
+// server.ListenAndServe blocks until the server is stopped or an error occurs.
+func launchProxy(cfg proxyConfig, errChan chan<- error) {
+	proxyPort, targetPort := cfg.portsMapping[0], cfg.portsMapping[1]
+
+	hostAddr := fmt.Sprintf("%s:%s", cfg.proxyHost, proxyPort)
+	proxyAddr := fmt.Sprintf("%s:%s", cfg.targetHost, targetPort)
+
+	server, err := udpproxy.New(
+		hostAddr, proxyAddr,
+		udpproxy.WithSessionTimeout(time.Duration(cfg.sessionTimeout)*time.Minute))
+	if err != nil {
+		errChan <- fmt.Errorf("failed to create proxy: %w", err)
+		return
+	}
+
+	log.Printf("q3rcon-proxy initialized: [proxy] (%s) [target] (%s)", hostAddr, proxyAddr)
+
+	errChan <- server.ListenAndServe()
 }

debian/q3rcon-proxy.service

@@ -0,0 +1,18 @@
+[Unit]
+Description=Q3Rcon Proxy Service
+Wants=network.target
+After=network.target
+
+[Service]
+Type=simple
+User=gameservers
+Environment="Q3RCON_PORTS_MAPPING=20000:28960;20001:28961;20002:28962"
+Environment="Q3RCON_HOST=0.0.0.0"
+Environment="Q3RCON_LOGLEVEL=info"
+
+ExecStart=/usr/local/bin/q3rcon-proxy
+Restart=always
+RestartSec=3
+
+[Install]
+WantedBy=multi-user.target

docker/Dockerfile

@@ -0,0 +1,21 @@
+FROM golang:1.24 AS build_image
+
+WORKDIR /usr/src/app
+
+# pre-copy/cache go.mod for pre-downloading dependencies and only redownloading them in subsequent builds if they change
+COPY go.mod go.sum ./
+RUN go mod download && go mod verify
+
+COPY . .
+
+# build binary, place into ./bin/
+RUN CGO_ENABLED=0 GOOS=linux go build -o ./bin/q3rcon-proxy ./cmd/q3rcon-proxy/
+
+FROM scratch AS final_image
+
+WORKDIR /bin/
+
+COPY --from=build_image /usr/src/app/bin/q3rcon-proxy .
+
+# Command to run when starting the container
+ENTRYPOINT [ "./q3rcon-proxy" ]

docker/Taskfile.docker.yml

@@ -0,0 +1,26 @@
+version: '3'
+
+vars:
+  IMAGE: q3rcon-proxy
+
+tasks:
+  build:
+    desc: Build the Docker image
+    cmds:
+      - docker build -t {{.IMAGE}} -f docker/Dockerfile .
+    dir: .
+
+  login:
+    desc: Login to Github Container Registry
+    cmds:
+      - docker login ghcr.io -u {{.GHCR_USER}} --password-stdin <<< {{.GHCR_TOKEN}}
+    internal: true
+
+  push:
+    desc: Push the Docker image to Github Container Registry
+    deps:
+      - task: build
+      - task: login
+    cmds:
+      - docker tag {{.IMAGE}} ghcr.io/{{.GHCR_USER}}/{{.IMAGE}}:latest
+      - docker push ghcr.io/{{.GHCR_USER}}/{{.IMAGE}}:latest

go.mod

@@ -1,3 +1,12 @@
 module github.com/onyx-and-iris/q3rcon-proxy
 
-go 1.18
+go 1.24.0
+
+toolchain go1.24.1
+
+require (
+	github.com/sirupsen/logrus v1.9.3
+	github.com/urfave/cli/v3 v3.6.1
+)
+
+require golang.org/x/sys v0.39.0 // indirect

go.sum

@@ -0,0 +1,20 @@
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
+github.com/urfave/cli/v3 v3.6.1 h1:j8Qq8NyUawj/7rTYdBGrxcH7A/j7/G8Q5LhWEW4G3Mo=
+github.com/urfave/cli/v3 v3.6.1/go.mod h1:ysVLtOEmg2tOy6PknnYVhDoouyC/6N42TMeoMzskhso=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
+golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

option.go

@@ -0,0 +1,22 @@
+package udpproxy
+
+import (
+	"time"
+
+	log "github.com/sirupsen/logrus"
+)
+
+// Option is a functional option type that allows us to configure the Client.
+type Option func(*Client)
+
+// WithSessionTimeout is a functional option to set the session timeout
+func WithSessionTimeout(timeout time.Duration) Option {
+	return func(c *Client) {
+		if timeout < time.Minute {
+			log.Warnf("cannot set stale session timeout to less than 1 minute.. defaulting to 20 minutes")
+			return
+		}
+
+		c.sessionTimeout = timeout
+	}
+}

pkg/udpproxy/session.go

@@ -1,67 +0,0 @@
-package udpproxy
-
-import (
-	"log"
-	"net"
-	"time"
-)
-
-type Session struct {
-	serverConn *net.UDPConn
-	proxyConn  *net.UDPConn
-	caddr      *net.UDPAddr
-	updateTime time.Time
-}
-
-func createSession(caddr *net.UDPAddr, raddr *net.UDPAddr, proxyConn *net.UDPConn) (*Session, error) {
-	serverConn, err := net.DialUDP("udp", nil, raddr)
-	if err != nil {
-		return nil, err
-	}
-
-	session := &Session{
-		serverConn: serverConn,
-		proxyConn:  proxyConn,
-		caddr:      caddr,
-		updateTime: time.Now(),
-	}
-
-	go session.listen()
-
-	return session, nil
-}
-
-func (s *Session) listen() error {
-	for {
-		buf := make([]byte, 2048)
-		n, err := s.serverConn.Read(buf)
-		if err != nil {
-			log.Println(err)
-			continue
-		}
-
-		go s.proxyFrom(buf[:n])
-	}
-}
-
-func (s *Session) proxyFrom(buf []byte) error {
-	s.updateTime = time.Now()
-	_, err := s.proxyConn.WriteToUDP(buf, s.caddr)
-	if err != nil {
-		log.Println(err)
-		return err
-	}
-
-	return nil
-}
-
-func (s *Session) proxyTo(buf []byte) error {
-	s.updateTime = time.Now()
-	_, err := s.serverConn.Write(buf)
-	if err != nil {
-		log.Println(err)
-		return err
-	}
-
-	return nil
-}

pkg/udpproxy/udpproxy.go

@@ -1,92 +0,0 @@
-package udpproxy
-
-import (
-	"log"
-	"net"
-	"sync"
-	"time"
-)
-
-type Client struct {
-	laddr *net.UDPAddr
-	raddr *net.UDPAddr
-
-	proxyConn *net.UDPConn
-
-	mutex    sync.RWMutex
-	sessions map[string]*Session
-}
-
-func New(port, target string) (*Client, error) {
-	laddr, err := net.ResolveUDPAddr("udp", port)
-	if err != nil {
-		return nil, err
-	}
-
-	raddr, err := net.ResolveUDPAddr("udp", target)
-	if err != nil {
-		return nil, err
-	}
-
-	return &Client{
-		laddr:    laddr,
-		raddr:    raddr,
-		mutex:    sync.RWMutex{},
-		sessions: map[string]*Session{},
-	}, nil
-}
-
-func (c *Client) isValidPacket(header []byte) bool {
-	return string(header[:8]) == "\xff\xff\xff\xffrcon" || string(header[:13]) == "\xff\xff\xff\xffgetstatus" || string(header[:11]) == "\xff\xff\xff\xffgetinfo"
-}
-
-func (c *Client) ListenAndServe() error {
-	var err error
-	c.proxyConn, err = net.ListenUDP("udp", c.laddr)
-	if err != nil {
-		return err
-	}
-
-	go c.pruneSessions()
-
-	for {
-		buf := make([]byte, 2048)
-		n, caddr, err := c.proxyConn.ReadFromUDP(buf)
-		if err != nil {
-			log.Println(err)
-		}
-
-		if !c.isValidPacket(buf[:16]) {
-			continue
-		}
-
-		session, found := c.sessions[caddr.String()]
-		if !found {
-			session, err = createSession(caddr, c.raddr, c.proxyConn)
-			if err != nil {
-				log.Println(err)
-				continue
-			}
-
-			c.sessions[caddr.String()] = session
-		}
-
-		go session.proxyTo(buf[:n])
-	}
-}
-
-func (c *Client) pruneSessions() {
-	ticker := time.NewTicker(1 * time.Minute)
-
-	// the locks here could be abusive and i dont even know if this is a real
-	// problem but we definitely need to clean up stale sessions
-	for range ticker.C {
-		for _, session := range c.sessions {
-			c.mutex.RLock()
-			if time.Since(session.updateTime) > time.Minute*5 {
-				delete(c.sessions, session.caddr.String())
-			}
-			c.mutex.RUnlock()
-		}
-	}
-}

pkg/udpproxy/udpproxy_test.go

@@ -1,83 +0,0 @@
-package udpproxy
-
-import (
-	"log"
-	"net"
-	"testing"
-	"time"
-)
-
-func TestSendAndReceive(t *testing.T) {
-	go runLilProxy()
-	go runUDPServer()
-
-	paddr, err := net.ResolveUDPAddr("udp", "localhost:9000")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	conn, err := net.DialUDP("udp", nil, paddr)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	go func() {
-		for {
-			buf := make([]byte, 2048)
-			_, _, err = conn.ReadFromUDP(buf)
-			if err != nil {
-				log.Fatal(err)
-			}
-
-			log.Printf("response received: %s", string(buf))
-		}
-	}()
-
-	for {
-		time.Sleep(1 * time.Second)
-		_, err = conn.Write([]byte("hi\n"))
-		if err != nil {
-			log.Fatal(err)
-		}
-	}
-}
-
-func runLilProxy() {
-	port := ":9000"
-	target := "localhost:9001"
-
-	c, err := New(port, target)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	log.Fatal(c.ListenAndServe())
-}
-
-func runUDPServer() {
-	taddr, err := net.ResolveUDPAddr("udp", ":9001")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	conn, err := net.ListenUDP("udp", taddr)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	for {
-		buf := make([]byte, 2048)
-		_, caddr, err := conn.ReadFromUDP(buf)
-		if err != nil {
-			log.Fatal(err)
-		}
-
-		log.Printf("request received: %s", string(buf))
-
-		_, err = conn.WriteToUDP([]byte("bye\n"), caddr)
-		if err != nil {
-			log.Fatal(err)
-		}
-
-	}
-}

session.go

@@ -0,0 +1,105 @@
+package udpproxy
+
+import (
+	"errors"
+	"fmt"
+	"net"
+	"strings"
+	"time"
+
+	log "github.com/sirupsen/logrus"
+)
+
+type session struct {
+	serverConn *net.UDPConn
+	proxyConn  *net.UDPConn
+	caddr      *net.UDPAddr
+	updateTime time.Time
+
+	validator
+}
+
+func newSession(caddr *net.UDPAddr, raddr *net.UDPAddr, proxyConn *net.UDPConn) (*session, error) {
+	serverConn, err := net.DialUDP("udp", nil, raddr)
+	if err != nil {
+		return nil, err
+	}
+
+	session := &session{
+		serverConn: serverConn,
+		proxyConn:  proxyConn,
+		caddr:      caddr,
+		updateTime: time.Now(),
+		validator:  newValidator(),
+	}
+
+	go session.listen()
+
+	return session, nil
+}
+
+func (s *session) listen() error {
+	buf := make([]byte, 2048)
+	for {
+		n, err := s.serverConn.Read(buf)
+		if err != nil {
+			log.Error(err)
+			continue
+		}
+
+		go s.proxyFrom(buf[:n])
+	}
+}
+
+func (s *session) proxyFrom(buf []byte) error {
+	if !s.isValidResponsePacket(buf) {
+		err := errors.New("not a rcon or query response packet")
+		log.Error(err.Error())
+		return err
+	}
+
+	s.updateTime = time.Now()
+	_, err := s.proxyConn.WriteToUDP(buf, s.caddr)
+	if err != nil {
+		log.Error(err)
+		return err
+	}
+
+	if s.isRconResponsePacket(buf) {
+		if s.isBadRconResponse(buf) {
+			log.Infof("Response: Bad rcon from %s", s.caddr.IP)
+		} else {
+			log.Debugf("Response: %s", string(buf[len(s.rconResponseHeader):]))
+		}
+	}
+
+	return nil
+}
+
+func (s *session) proxyTo(buf []byte) error {
+	if !s.isValidRequestPacket(buf) {
+		var err error
+		if s.isChallengeRequestPacket(buf) {
+			parts := strings.SplitN(string(buf), " ", 3)
+			err = fmt.Errorf("invalid challenge from %s with GUID: %s", s.caddr.IP, parts[len(parts)-1])
+		} else {
+			err = errors.New("not a rcon or query request packet")
+		}
+		log.Error(err.Error())
+		return err
+	}
+
+	s.updateTime = time.Now()
+	_, err := s.serverConn.Write(buf)
+	if err != nil {
+		log.Error(err)
+		return err
+	}
+
+	if s.isRconRequestPacket(buf) {
+		parts := strings.SplitN(string(buf), " ", 3)
+		log.Infof("From [%s] To [%s] Command: %s", s.caddr.IP, s.serverConn.RemoteAddr(), parts[len(parts)-1])
+	}
+
+	return nil
+}

sessioncache.go

@@ -0,0 +1,41 @@
+package udpproxy
+
+import "sync"
+
+// sessionCache tracks connection sessions
+type sessionCache struct {
+	mu   sync.RWMutex
+	data map[string]*session
+}
+
+// newSessionCache creates a usable sessionCache.
+func newSessionCache() sessionCache {
+	return sessionCache{
+		data: make(map[string]*session),
+	}
+}
+
+// read returns the associated session for an addr
+func (sc *sessionCache) read(addr string) (*session, bool) {
+	sc.mu.RLock()
+	defer sc.mu.RUnlock()
+
+	v, ok := sc.data[addr]
+	return v, ok
+}
+
+// insert adds a session for a given addr.
+func (sc *sessionCache) insert(addr string, session *session) {
+	sc.mu.Lock()
+	defer sc.mu.Unlock()
+
+	sc.data[addr] = session
+}
+
+// delete removes the session for the given addr.
+func (sc *sessionCache) delete(addr string) {
+	sc.mu.Lock()
+	defer sc.mu.Unlock()
+
+	delete(sc.data, addr)
+}

udpproxy.go

@@ -0,0 +1,87 @@
+package udpproxy
+
+import (
+	"net"
+	"time"
+
+	log "github.com/sirupsen/logrus"
+)
+
+type Client struct {
+	laddr *net.UDPAddr
+	raddr *net.UDPAddr
+
+	proxyConn *net.UDPConn
+
+	sessionCache   sessionCache
+	sessionTimeout time.Duration
+}
+
+func New(proxy, target string, options ...Option) (*Client, error) {
+	laddr, err := net.ResolveUDPAddr("udp", proxy)
+	if err != nil {
+		return nil, err
+	}
+
+	raddr, err := net.ResolveUDPAddr("udp", target)
+	if err != nil {
+		return nil, err
+	}
+
+	c := &Client{
+		laddr:          laddr,
+		raddr:          raddr,
+		sessionCache:   newSessionCache(),
+		sessionTimeout: 20 * time.Minute,
+	}
+
+	for _, o := range options {
+		o(c)
+	}
+
+	return c, nil
+}
+
+func (c *Client) ListenAndServe() error {
+	var err error
+	c.proxyConn, err = net.ListenUDP("udp", c.laddr)
+	if err != nil {
+		return err
+	}
+
+	go c.pruneSessions()
+
+	buf := make([]byte, 2048)
+	for {
+		n, caddr, err := c.proxyConn.ReadFromUDP(buf)
+		if err != nil {
+			log.Error(err)
+		}
+
+		session, ok := c.sessionCache.read(caddr.String())
+		if !ok {
+			session, err = newSession(caddr, c.raddr, c.proxyConn)
+			if err != nil {
+				log.Error(err)
+				continue
+			}
+
+			c.sessionCache.insert(caddr.String(), session)
+		}
+
+		go session.proxyTo(buf[:n])
+	}
+}
+
+func (c *Client) pruneSessions() {
+	ticker := time.NewTicker(1 * time.Minute)
+
+	for range ticker.C {
+		for _, session := range c.sessionCache.data {
+			if time.Since(session.updateTime) > c.sessionTimeout {
+				c.sessionCache.delete(session.caddr.String())
+				log.Tracef("session for %s deleted", session.caddr)
+			}
+		}
+	}
+}

validator.go

@@ -0,0 +1,65 @@
+package udpproxy
+
+import "bytes"
+
+type validator struct {
+	rconRequestHeader         []byte
+	getstatusRequestHeader    []byte
+	getinfoRequestHeader      []byte
+	getchallengeRequestHeader []byte
+	rconResponseHeader        []byte
+	getstatusResponseHeader   []byte
+	getinfoResponseHeader     []byte
+	badRconIdentifier         []byte
+}
+
+func newValidator() validator {
+	return validator{
+		rconRequestHeader:         []byte("\xff\xff\xff\xffrcon"),
+		getstatusRequestHeader:    []byte("\xff\xff\xff\xffgetstatus"),
+		getinfoRequestHeader:      []byte("\xff\xff\xff\xffgetinfo"),
+		getchallengeRequestHeader: []byte("\xff\xff\xff\xffgetchallenge"),
+		rconResponseHeader:        []byte("\xff\xff\xff\xffprint\n"),
+		getstatusResponseHeader:   []byte("\xff\xff\xff\xffstatusResponse\n"),
+		getinfoResponseHeader:     []byte("\xff\xff\xff\xffinfoResponse\n"),
+		badRconIdentifier:         []byte("Bad rcon"),
+	}
+}
+
+func (v validator) compare(buf, c []byte) bool {
+	return bytes.Equal(buf[:len(c)], c)
+}
+
+func (v validator) isRconRequestPacket(buf []byte) bool {
+	return v.compare(buf, v.rconRequestHeader)
+}
+
+func (v validator) isQueryRequestPacket(buf []byte) bool {
+	return v.compare(buf, v.getstatusRequestHeader) ||
+		v.compare(buf, v.getinfoRequestHeader)
+}
+
+func (v validator) isValidRequestPacket(buf []byte) bool {
+	return v.isRconRequestPacket(buf) || v.isQueryRequestPacket(buf)
+}
+
+func (v validator) isChallengeRequestPacket(buf []byte) bool {
+	return v.compare(buf, v.getchallengeRequestHeader)
+}
+
+func (v validator) isRconResponsePacket(buf []byte) bool {
+	return v.compare(buf, v.rconResponseHeader)
+}
+
+func (v validator) isQueryResponsePacket(buf []byte) bool {
+	return v.compare(buf, v.getstatusResponseHeader) ||
+		v.compare(buf, v.getinfoResponseHeader)
+}
+
+func (v validator) isValidResponsePacket(buf []byte) bool {
+	return v.isRconResponsePacket(buf) || v.isQueryResponsePacket(buf)
+}
+
+func (v validator) isBadRconResponse(buf []byte) bool {
+	return v.compare(buf[len(v.rconResponseHeader):], v.badRconIdentifier)
+}