Nephthys - Manual

Contents / Legend

In Brief
Features
User Manual
Original code
Event to call
Todo - not yet implemented/verified

Title	Nephthys
Version	V1.1
Description	Nephthys is a native mod for unreal1 engine based servers which entends IpDrv by efficient attack blocking, banning, player logging and other features.
Release Date	05.09.2005
Authors	Winged Unicorn, Zora
Email Address	winged_unicorn@legendofvandora.net, zzora@gamebox.net
Filenames	Nephthys.zip
DLLs	Nephthys.dll, IpDrv.dll
Scripts	Nephthys.u
Game Compatibility	Unreal 224v, Unreal 225f, Unreal 226b (Gold), Unreal 226f, Unreal Tournament, Deus Ex, Rune
OS Compatibility	Windows 95, Windows 98/ME, Windows 2000, Windows XP, Windows NT 4, Linux (Wine)

Features

Integration
- Nephthys may be combined with any game type and any other server mod running simultaneously (except Kerberos)
- Nephthys replaces Kerberos completely
- Pure server-side mod: the client does NOT need to download anything nor does even know that there's a security mod running
- Nephthys may be used at clients too (though without any advantage/disadvantage)
- Remote admin control
- Native support of win32 unreal 224v, unreal 225f, unreal 226b (gold), unreal 226f, unreal tournament, deus ex, rune
Attack blocking
- RJA (repetitive join attempt) attacks
  - Block only one IP, allow other IPs to reconnect, especially allow map change
  - don't log connection attempts from this IP any more
  - kick all connections from this IP since attack started (clean up)
  - don't kick attacking IP (yet)
  - optionally insert ban entry automatically
  - recognize when attack has stopped
  - block RQA (repetitive query attempt) attacks as well
  - block RUA (repetitive uplink attempt) attacks as well
- DRJA (distributed repetitive join attempt) attacks
  - Don't accept any new connections while under attack (reconnect is supported, even map change)
  - don't log anything
  - don't insert ban entries
  - kick all connections from since start of attack (clean up)
  - don't kick players
  - recognize when attack has stopped
  - block DRQA (distributed repetitive query attempt) attacks as well
  - block DRUA (distributed repetitive uplink attempt) attacks as well
Bug fixes / work arounds
- Zombie (reconnect) bug attack ==> drop connection
- Unreal engine format string bug attack ==> drop connection
- Detect broken connections (ICMP port unreachable) ==> drop connection
- Auto-closing multiple connections to same player to avoid server lag with reconnecting fast client computers
Banning
- Banning blocks a connection before opening, so banned clients can't even download stuff from server and thus causing lag nor can do other harmful things
- Bans may block the client's server query as well so the server becomes invisible to the banned client (stealth mode)
- Banning by IP (range)
- Banning by Name
- Timed bans
- Name reservation bans
- Alert new ban entries
- Alert applied bans
- Alert disabled bans
- Disable ban while admin online
- Log any applied ban
Kicking
- Drop connection immediately
- Support kick of uploading / not yet established connections
IP log
- Automatic logging of IPs and names (IP ranges supported too)
- Log by IP (range)
- Limit log to a fixed number of entries
- Count various events
- Admin command to ask for names of a known connection / ip
File Upload
- Alert uploads
- Limit uploads to a configurable max. size per connection, reconfigurable during game-play
- Limit uploads to a configurable max. size of package
- Limit upload bandwidth to available bandwidth, possibly throttled down
- Admin command to ask for details of progress
Server Query
- Additional server rules to display at advanced game clients (GameSpy, QTracker)
- Player rules may report bots, spectators and cameras additional to real players
- Attack blocking
Master Server Uplink
- Attack blocking
- Support custom-made master servers
UScript Interface (see documentation below)
You may write an extension mod for Nephthys using this uscript API:
- Events (UScript called by Nephthys)
  - New connection blocked
  - New connection created
  - New connection closed
  - PreLogin passed
  - File Upload
  - Login passed
  - Established connection closed (kick)
  - Logout passed
  - RJA started
  - RJA stopped
  - DRJA started
  - DRJA stopped
  - New ban entry inserted
  - Ban entry changed
  - Ban entry deleted
- Functions (UScript calls Nephthys)
  - Add new ban entry
  - IpNameIsBanned?
  - Close connection (Kick)
  - Get info of given player
  - Get info of given connection (e.g. uploading file: name, current size, total size)
  - Delete ban entry
  - Get all ban entries for given IP/Name
  - Get all log entries for given IP/Name
  - IsDRJAAttack?

User Manual

Installation / Upgrade
Please read this section completely before you start to install / upgrade!
Take care of what unreal version / game you use! These files are NOT compatible to other versions than given in the zip archive's full path names!
1. Terminate your unreal / game server
2. Backup your IpDrv.* files of your Unreal\System folder
3. Backup your server's Unreal.ini file of your Unreal\System folder
4. Copy all new files to your Unreal\System folder, depending on the installed patch. Upgrading from older Nephthys version: see below!
5. Remove Kerberos from ServerActors (if present)
6. Remove Kerberos (mutator) from command line (if present)
7. Edit your server's Unreal.ini file:
  Comment out UdpServerQuery (or KrbServerQuery) and add a new line, so that it looks like:
  ;ServerActors=IpServer.UdpServerQuery
  ServerActors=Nephthys.NptServerQuery
  Comment out all UdpServerUplink lines and add new lines, so that it looks like:
  ;ServerActors=IpServer.UdpServerUplink MasterServerAddress=...
  ServerActors=Nephthys.NptServerUplink MasterServerAddress=...
8. Start your unreal / game server
9. Take a look at your server console: You should see a startup message of Nephthys (you may have to scroll back - Nephthys is started in a very early position!). Furthermore, there shouldn't be any warnings about misconfiguration!
If you are upgrading from an older Nephthys version follow all steps above but take care that you don't overwrite your Nephthys.ini file (it holds your ban table which you would lose by overwriting). Instead, after start of your server, set the following options manually (see option list below for details):
- Advanced Options -> Networking -> Nephthys -> Connections -> bRejectEmptyPassword=true (not available for 224v)
- Advanced Options -> Networking -> Nephthys -> Connections -> KillDoubleDelay=10
- Advanced Options -> Networking -> Nephthys -> Connections -> RecvErrorsToClose=2
The option changes apply immediately; restarting your server after changing these options is not neccessary.

Options - Nephthys' settings can be customized in server's Advanced Options -> Networking -> Nephthys. Nephthys' default settings will work fine for average servers, so if you are unsure about the configuration then just don't change anything ;-)

Nephthys Driver
The Nephthys Driver expands the original IpDrv network driver. It controls all connections to joining / joined players.
Additional to logging Nephthys may show various events to players, customizable by Show... (admins only) and ShowPublic... (other players only). Those options may have the following settings:

Value	Description
ESM_Off	Don't show this event. If you just like to enjoy playing without getting informed how Nephthys works, then use this value everywhere.
ESM_Silent	Show this event without beep. If you think Nephthys beeps too much, then use this value instead of ESM_Beep.
ESM_Beep	Show this event and beep. If you usually ignore the chat and want to be beeped by Nephthys' events, then use this value instead of ESM_Silent.

Options:

Attacks

DRJA - Distributed repetitive join attempts. Known as fake player attack, recognized by fast joining "Test" players, from multiple different IP addresses. This is a DoS (denial of service) attack attempt.

Option	Default	Description
ConnCountForDRJA TimeDeltaForDRJA	10 10	Max. number of new connections per TimeDeltaForDRJA seconds counted for all IPs, more than this is considered to be a DRJA (distributed repetitive join attempt) attack, resulting in ignorance of all further join attempts until the attack is over. Set ConnCountForDRJA to at least MaxPlayers * 1½ to allow proper map travels for all players.
ShowDRJA	ESM_Beep	How to show detected DRJA attacks to all admins

RJA - Repetitive join attempts. Known as fake player attack, recognized by fast joining "Test" players, from single IP address. This is a DoS (denial of service) attack attempt.

Option	Default	Description
bAutoBanRJA	false	Whether to add a ban rule for this IP automatically
ConnCountForRJA TimeDeltaForRJA	5 10	Max. number of new connections per TimeDeltaForRJA seconds counted for a single IP, more than this is considered to be a RJA (repetitive join attempt) attack, resulting in ignorance of all further join attempts from this IP until the attack is over. Set ConnCountForRJA to at least (max. remote lan players) * 1½ to allow proper map travels for all remote lan players.
ShowRJA	ESM_Beep	How to show detected RJA attacks to all admins

Banning - settings of the banning module

Option	Default	Description
BanTable	all empty	All defined banning rules. Never change a setting here directly, or server will crash! Use the Ban commands instead.
ShowBan	ESM_Beep	How to show any change of the ban table to all admins
ShowSuspect	ESM_Silent	How to show any matching rules not applied due to (temporary) deactivation to all admins

Commands - settings for remote command interface

Option	Default	Description
ShowCmdError	ESM_Beep	How to show errors while executing remote admin commands. If your server is always accessible by server console you may set this option to ESM_Off.
ShowCmdResult	ESM_Silent	How to show results of remote admin commands. If your server is always accessible by server console you may set this option to ESM_Off.

Connections - settings concerning player connections

Option	Default	Description
bKillDoubles	true	Whether to kill double connections to players with same IP / Name to get rid of unused (bandwidth eating) connections quickly. This may cause players with same IP having to connect one after each other, not both at once. See also KillDoubleDelay.
bRejectAfterGameEnd	false	Whether to reject new connections when the game is ended (GameType.bGameEnded == true). This may cause a server to reject all connections if the map doesn't switch automatically after the game ended.
bRejectBlankName	false	Whether to reject connection attempts of players without a given name, with empty name or name including space characters.
bRejectEmptyClass	false	Whether to reject connection attempts of players without any player class or with empty player class.
bRejectEmptyPassword	true	(not available for 224v) Whether to reject connection attempts of players with empty passwords to avoid server crashes. Most custom game types reject those attempts already by giving appropriate messages to the players. Nephthys checks it too to protect a server even without any other server mod running or with server mods which don't check that. Nephthys closes the connection immediately (after a custom game type sent the message to the player).
HoldConnSeconds	10	How long (in seconds) to hold information about a connection after it is closed. This information is needed e.g. to detect RJA attempts, but also to avoid false alarms of Zombie (reconnect) bug attacks.
KillDoubleDelay	10	How long (in seconds) bKillDoubles is disabled after a map change. This allows remote LAN players to travel at once into new map. Compatibility with Nephthys V1.0: 0.
RecvErrorsToClose	2	Connection is closed after this number of successive receive errors. Usually 1 should do well, but some routers / PCs (?) seem to send single ICMP error messages spuriously. Set this to 0 to turn it off (not recommended). Compatibility with Nephthys V1.0: 0.
ShowBlock	ESM_Beep	How to show connection blocks to all admins.
ShowKick	ESM_Beep	How to show kicks to all admins.
ShowLogin	ESM_Off	How to show player logins to all admins. This is usually done by the game type.
ShowLogout	ESM_Off	How to show player logouts to all admins. This is usually done by the game type.
ShowNew	ESM_Silent	How to show upcoming connections to all admins.
ShowPreLogin	ESM_Beep	How to show player prelogins to all admins.

Customize - configuring Nephthys to be part of other server side mods

Option	Default	Description
bUscriptAPI	false	Whether to support the UnrealScript event interface. If there are mods using Nephthys' events this option has to be true, otherwise this option should stay false for better performance.

IP Log - settings of the player log module

Option	Default	Description
LogTable	all empty	All logged players. Never change a setting here directly, or server will crash! Use the Log commands instead.
MaxLogTableEntries	1000	Limit for entry number in log table. On load oldest entries get deleted. Large log tables need much time to be saved and searched through. Small log tables can't store "old" players. Find an applicable value for your server. Use 0 to turn this option off (log table may grow endlessly).
ShowLog	ESM_Beep	How to show any change of the log table to all admins

Upload - settings concerning the upload of files down to a player

Option

Default

Description

bAllowUploads

true

If this is set to false no player may download missing packages.

bLimitUploadBandwidth

true

Turns on the automatic upload bandwidth limitation algorithm. Upload is limited to the remaining available bandwidth calculated by MaxClientRate * (MaxPlayers + MaxSpectators) * UploadThrottle.
If you prefer to play undisturbed by downloaders, this option should be set to true.
If you prefer to get the downloader in as fast as possible (waiting until download/lag has stopped), this option should be set to false.
To setup all your server's bandwidth values correctly use this small Netspeed Calculator (requires JavaScript to be enabled):

Server's Bandwidth [kbit/sec]:		e.g. Modem=56, ISDN=64, T-DSL=128, etc. (if you have asymmetric bandwidthes enter the upload bandwidth, usually the smaller value!) If you're unsure ask your ISP or use the experimental way, e.g.: broadband » Speed tests. This value is related to your server computer's internet connection and not a setting of the unreal server!
MaxPlayers:		Advanced Options -> Game Settings -> MaxPlayers
MaxSpectators:		Advanced Options -> Game Settings -> MaxSpectators
MaxClientRate:		Advanced Options -> Networking -> TCP/IP Network Play -> MaxClientRate (= max. NetSpeed the server will accept from clients, 600 is lowest possible (very bad), 2600 is low, 5000 is medium)
Usage instructions: Always fill in the server's bandwidth. Fill in two of the Max... values and press enter to calculate the third Max... value. If you provide MaxPlayers and MaxSpectators then don't set your server's MaxClientRate higher than the calculated value. If you provide the desired netspeed then don't set your server's MaxPlayers or MaxSpectators higher than the calculated value.

MaxUploadPackageSize

-1

Max. number of bytes a package may have to be allowed to be uploaded. Greater amount is blocked before start. -1 = no limit

MaxUploadSize

-1

Max. number of bytes a connection may download in sum. Greater amount is blocked before start. -1 = no limit

ShowPublicUploads

ESM_Off

How to show a lag warning due to uploads to all players but admins.

ShowUploads

ESM_Beep

How to show info about uploads to all admins.

UploadThrottle

1.0

Multiplyer for automatic upload bandwidth limitation (needs bLimitUploadBandwidth=true). Values > 0.0 but < 1.0 will make downloads slower with less lag for online players, values > 1.0 will make download faster with increasing lag for online players, values <= 0.0 will disable uploads. See bLimitUploadBandwidth for more details.

Master Server Uplink
The master server uplink is the server side actor which registers the server at the master server(s) (e.g. gamespy), so all other players can see the server in the global server list.
Nephthys has it's own actor which supports custom-made master servers (see below) and fixed some flaws:

Settings - General options:

Option	Default	Description
bLogAllRequests	false	debug only, never set this to true for usual play!
bLogRejected	false	log attacker requests
bLogInvalidRequests	false	log mal-formed requests
bLogSendText	false	debug only: log all replies sent
bLogSendFail	true	log failing sends
MaxRequestsForRUA TimeDeltaForRUA	7 1	max. number of requests per TimeDeltaForRUA seconds a single IP may do, more than this is considered to be a RUA (repetitive uplink attempt) attack. This is a DoS (denial of service) attack attempt.
bBanRUA	false	whether to ban an RUA attacking IP automatically
MaxRequestsForDRUA TimeDeltaForDRUA	20 1	max. numer of requests per TimeDeltaForDRUA seconds counted of all IPs, more than this is considered to be a DRUA (distributed repetitive uplink attempt) attack, resulting in ignorance of all further requests. This is a DoS (denial of service) attack attempt.

If, one day, the master server is turned off, this game won't be totally doomed yet. In fact, anyone - for example, you - will be able to run a master server by doing this:

upgrade to the latest version of Nephthys
run UCC masterserver

Moreover, in order for the remaining U1 servers to get bound to the new "personal" master servers, server admins will have to:

upgrade to the latest version of Nephthys as well
add this line to their server's ServerActors:
ServerActors=Nephthys.NptServerUplink MasterServerAddress=<domain or IP address of (your) new master server> MasterServerPort=<port>


						Finally, clients will also have to update their Unreal.ini to look up at the new master server by adding this line:

						[UBrowserAll]

							ListFactories[0]=UBrowser.UBrowserGSpyFact,MasterServerAddress=<domain or IP address of (your) new master server>,MasterServerTCPPort=<port>,GameName=unreal


					Udp Server Query

						The UDP server query is the server side actor which replies to client's info requests (mainly server rules (= admin name, which map is running, ping. etc.) and player list (= which players are currently playing, scores, skins, pings, etc.)).

						Nephthys has it's own actor which fixed some flaws and has some more options:
						
							Reports - Displayed by enhanced server browsers (= not the in-game browser, e.g. GameSpy or QTracker) Nephthys can reply additional informations:
								
									
										Option
										Default
										Description
									
									
										AddServerRule
										all empty
										generic additional informations given to the client as reply to server rule requests
									
									
										.Tag
										 
										the key for the information (e.g. "Policy")
									
									
										.Value
										 
										the information itself (e.g. "No cussing!")
									
									
										bReportPlayers
										true
										include players in detailed info
									
									
										bReportSpectators
										false
										include spectators in detailed info
									
									
										bReportBots
										false
										include bots in detailed info
									
									
										bReportCameras
										false
										include cameras in detailed info
									
									
										bReportOthers
										false
										include all other score board entry relevant actors in detailed info
									
									
										bCountRealPlayersOnly
										true
										whether to count real players in server list only (= don't count spectators, etc.) or to count all of the checked above in server list
									
								


							
							Settings - General options:
								
									
										Option
										Default
										Description
									
									
										bLogAllRequests
										false
										debug only, never set this to true for usual play!
									
									
										bLogRejected
										false
										log attacker requests
									
									
										bLogInvalidRequests
										false
										log mal-formed requests
									
									
										bLogInvalidSends
										true
										log mal-formed replies
									
									
										bLogSendText
										false
										debug only: log all replies sent
									
									
										bLogSendFail
										true
										log failing sends
									
									
										MaxRequestsForRQA
TimeDeltaForRQA
										7
1
										max. number of requests per TimeDeltaForRQA seconds a single IP may do, more than this is considered to be a RQA (repetitive query attempt) attack. This is a DoS (denial of service) attack attempt.
									
									
										bBanRQA
										false
										whether to ban an RQA attacking IP automatically
									
									
										MaxRequestsForDRQA
TimeDeltaForDRQA
										20
1
										max. numer of requests per TimeDeltaForDRQA seconds counted of all IPs, more than this is considered to be a DRQA (distributed repetitive query attempt) attack, resulting in ignorance of all further requests. This is a DoS (denial of service) attack attempt.

Option	Default	Description
AddServerRule	all empty	generic additional informations given to the client as reply to server rule requests
.Tag		the key for the information (e.g. "Policy")
.Value		the information itself (e.g. "No cussing!")
bReportPlayers	true	include players in detailed info
bReportSpectators	false	include spectators in detailed info
bReportBots	false	include bots in detailed info
bReportCameras	false	include cameras in detailed info
bReportOthers	false	include all other score board entry relevant actors in detailed info
bCountRealPlayersOnly	true	whether to count real players in server list only (= don't count spectators, etc.) or to count all of the checked above in server list


			Commands

				Nephthys can be accessed from server log window via

				npt <command>

				or by in-game admins via

				admin npt <command>

				All commands' outputs are both, logged and shown to all admins, as configured by ShowCmdResult and ShowCmdError.
				
					
						Command
						Description
					
					
						Help
						Show a brief summary of all commands
					
					
						Status [<conn#>]
						Show a brief summary of all handled connections [a detailed info of given connection]
					
					
						Ban list [<banentry> [<bansort> [<count>]]]
						List ban table [only <banentry>s [sorted by <bansort> [max. <count> entries]]]
					
					
						Ban remove <banentry>
						Remove ban table <banentry>s

						Hint: Use ban list with same <banentry> parameters prior to ban remove to avoid unwanted deletions
					
					
						Ban change <banentry> <banpar>
						Change a single ban table <banentry>

						Hint: Use ban list with same <banentry> parameters prior to ban change to avoid unwanted changes
					
					
						Ban new <banpar>
						Insert a new ban table entry, even if some banpars match an existing entry
					
					
						Kick <ip>[:<port>]|N=<Name>
						Kick a given player. You may kick downloaders by giving the IP!
					
					
						Log list [<logentry> [<logsort> [<count>]]]
						List log table [only <logentry>s [sorted by <logsort> [max. <count> entries]]]
					
					
						Log remove <logentry> [<name>]
						Remove log table <logentry>s [only the exact <name> from the entry]
					
					
						Log range <logentry> <ipStart>[-<ipEnd>]|#<slotStart>-<slotEnd>[,Mask]
						Expand log table entry to IP range / re-range <logentry>.
						New range may include other entries, but must not intersect any entry.

						Giving ",Mask" will expand the selected range to boundaries of powers by 2 (see <logentry>).
						If you're unsure what this option does then don't use it!
						Anyways, it's recommended to use "log list" with this required mask prior to applying it with "log range".
					
					
						Log merge <logentry> [Mask]
						Merge successive <logentry>s with same name(s) [and expand them by mask calculation].
						It's a shortcut to range multiple log table entries of dyn. IP players into one single entry.
					
				


				With:
				
					
						Tag
						Description
					
					
						<banentry>
						<ipStart>-<ipEnd> | #<slotStart>[-<slotEnd>] | N=<name> | L=<LastUsedStart>[-<LastUsedEnd>] | C=<comment> | M=<message> | R=<reference> | Drop

						More than 1 search criteria may be given separated by comma ","

						Name, Comment, Message, Reference: selects only ban entries including the given string

						LastUsed: The timestamp of the last time the ban rule was applied (setup by Nephthys automatically). You may omit time and/or day if not needed, e.g. 2004/08-2004/09

						Drop: selects only ban entries with DropCount > 0
					
					
						<bansort>
						[-]<LastUsed> | [-]<Reference>

						LastUsed: sort the listed ban entries by their LastUsed information

						Reference: sort the listed ban entries by their Reference information

						precede the sort criterion with a minus sign to reverse the sort direction
					
					
						<banpar>
						{IP=<ip>[-<ip>] | Name=<string> |  | Expires=<stamp> | Mode=Always,OffWhenAdmin,ReserveName,Off | bStealth=0,1 | Message=<string> | Reference=<string> | Comment=<string> | Next=#<slot>}+

						IP: IP address (range) to ban, given as ddd.ddd.ddd.ddd

						Name: only for name bans (= ban if name matches) or name reservation bans (= ban if name matches but IP (range) doesn't match)

						Expires: time stamp when this ban entry becomes disabled automatically and becomes shown as "suspect" if configured. Note that it isn't removed automatically!

						Mode: Always: ban entry active always; OffWhenAdmin: ban entry active only if no admin is logged in; ReserveName (IP (range) and Name requrired): Name is useable for given IP (range) only; Off: disabled (is shown as "suspect" if configured)

						bStealth: 0: connection is allowed to query and to attempt PreLogin. The banned player is allowed to request a server info (name, players, scores, etc. are returned) and if the player tries to connect, Nephthys will let the player pass to PreLogin (so the admin (you) can see the Name of the player - important if you ban IP ranges) and closes the connection after that. A higher mod has the possibility to send a (specific, see below) message to the player concerning the ban reason before Nephthys closes the connection.

						1: no traffic from connection is accepted, i.e. the server will reject any server info request, so the server is invisible in the banned player's server list. Also, if the player tries to connect manually by entering "open IP", Nephthys won't reply anything (just like a firewall: all network packets from the banned players are dropped).

						Message (isn't considered for applying a ban; only usable by extending uscript interface): message the player gets shown when banned

						Reference (isn't considered for applying a ban): user defineable reference to the reason why this ban was setup (default and automatically inserted ban enties: current time stamp - see server log at this stamp for details)

						Comment (isn't considered for applying a ban): user defineable comment which should hold a reminder for the admin why this ban was setup.

						Next (may affect which ban is applied): If given the new or changed ban entry is placed before the given ban number, else it's appended at the end of the ban table (ban new) or it keeps it's place (ban change). Since for ban application the ban table is scanned by slot number 0 to higher numbers, ban entries at the end of the ban table may be hidden behind a ban entry in a lower position.
					
					
						<logentry>
						<ipStart>-<ipEnd> | #<slotStart>[-<slotEnd> | N=<name> | L=<LastUsedStart>[-<LastUsedEnd>] | Admin | Drop | Kick[,Mask]

						Name: selects only log entries including the given string

						LastUsed: omit time and/or day if not needed, e.g. 2004/08-2004/09

						Admin: selects only log entries detected as admins

						Drop: selects only log entries with DropCount > 0

						Kick: selects only log entries with KickCount > 0

						Mask (requires IP range or slot (range): extend IP range to powers of 2. E.g.

						range 1.2.3.24-1.2.3.129,Mask becomes 1.2.3.0-1.2.3.255 and

						range 1.2.3.24-1.2.8.24,Mask becomes 1.2.0.0-1.2.15.255 etc.

						This might be useful when experimentally setting up IP ranges for logged names of dynamic IP address ranges.
						
					
					
						<logsort>
						[-]<LastUsed>

						LastUsed: sort the listed log entries by their LastUsed information

						precede the sort criterion with a minus sign to reverse the sort direction
					
					
						<string>
						replace blanks with %20, % with %25
					
					
						<stamp>
						yyyy[/mm[/dd[%20hh[:mm[:ss]]]]]

						Note that all time comparisons are simple string comparisons, i.e.

						"2004/12/31" < "2005/02/25" because "4" < "5" (as expected)

						but

						"31.12.2004" > "25.02.2005" because "3" > "2" (not wanted)
					
				


				Output notes:
				
					
						Command
						Item
						Description
					
					
						log list
						P[reLogin]
						counts how often a player reached the PreLogin state (before download / join).
					
					
						log list
						L[ogin]
						counts how often a player reached the Login state (successful join).
					
					
						log list
						K[ick]
						counts how often a player was kicked (manually).
					
					
						log list
						D[rop]
						counts how often a player's connection was dropped (invalid join parameters, stealth ban).
					
					
						ban list
						S[tealthCount]
						counts how often a stealth ban was applied. This value won't count for non-stealth bans, but may (re-) start to count if you change the stealth mode of a ban entry.
					
					
						ban list
						D[ropCount]
						counts how often a non-stealth ban was applied, i.e. how often the player was blocked in PreLogin. This value won't count for stealth bans, but may (re-) start to count if you change the stealth mode of a ban entry.
					
				


				Examples (IP addresses don't belong to real players):
				npt status
				Show status of all active / just closed connections (including incoming and uploading connections)
				

				npt status 2
				Show all names of the log entry matching for connection #2
				

				npt log list 127.0.0.0-127.255.255.255
				List all log entries of localhost (= same computer the server is running on)
				

				npt log list #-20
				List first 20 log entries
				

				npt log list admin
				List all log entries for players who joined with the admin password
				

				npt log list N=ThisPlayer
				List all log entries including the player name 'ThisPlayer'
				

				npt log list L=2004/08-2004/09
				List all log entries last used in August 2004
				

				npt log list #- -last 30
				List last recently used 30 log entries (read: who were the last recently 30 players?)
				

				npt log range #123 #123-125
				Replace log entry 123 by merged log entries 123 to 125
				

				npt log merge #100-200
				Merge all successive log entries with same name in range 100 - 200. If one or both log entries have multiple names entries are merged as soon as one name matches.
				

				npt log remove #-
				Remove all log entries (do you have a backup?)
				

				npt ban list 192.168.47.3
				List all ban entries matching the IP address 192.168.47.3, including range ban entries where given IP is included
				

				npt ban list N=ImStupid
				List all name ban entries matching for a player named 'ImStupid'
				

				npt ban list C=StupidPlayer
				List all ban entries with a comment including 'StupidPlayer'. It's a good idea to provide the player's name and a reason as a comment when entry is inserted.
				

				npt ban list #- -last 10
				List last recently applied 10 ban entries (read: who was kept out last night?)
				

				npt ban list #- -ref 5
				List last recently created 5 ban entries. Since the Reference value is used this only works correctly if a time stamp like in LastUsed is stored as Reference (default for automatically inserted ban entries).
				

				npt ban new ip=127.0.0.1-127.0.0.255 comment=This%20is%20a%20Test! next=#0
				Insert a permanent stealth ban entry for localhost with the comment 'This is a Test!' at the first slot in the ban table
				

				npt ban new 127.0.1.1-127.0.1.255 mode=reservename bstealth=0 name=MyName
				Insert a name reservation ban for 'MyName': only given IP range can join with that name at the last slot at the ban table (append)
				

				npt ban change C=StupidPlayer bStealth=0
				Sets a ban entry to non-stealth (keeping it's position in the ban table)
				

				npt ban change 192.168.47.3 Mode=OffWhenAdmin
				Sets a ban entry to be disabled automatically while any admin is logged in
				

				npt ban change 192.168.47.3 Mode=Always bStealth=1 Expires= Next=#0
				Sets a ban entry to permanent stealth and moves it to the first slot in the ban table
				

				npt ban remove 127.0.0.1
				Remove all ban entries for the given IP address, including range ban entries where given IP is included
				

				npt ban remove #-
				Remove all ban entries (it's always a good idea to make a backup of your Unreal\System\Nephthys.ini file every now and then ;-)
				

			
Advices

				
					A server should be able to run without any administrator online keeping it alive. The server should block attacks automatically, should block actions which may trigger an internal bug and it should punish players with behaviour critical for the server. In this term a player logged in with admin password only to summon stuff to keep the other players happy etc. is more a "game moderator" than an administrator.
					Without correct settings of server netspeed, max players and max spectators based on your server's upload bandwidth, you can't achieve any viable network traffic to supply a constant ping for your players, you even may note packet loss or instable player connections. Use the Netspeed Calculator for easy calculations of your server's settings.
					You may put log entries together by using an IP address range (e.g. if you are sure it's always the same player). But once put together you can't get them divided automatically.
					For efficiency try to keep your ban table small.
					If you need to ban a player with dynamic IP address you may want to block it's entire range, even if catching other players. To minimize that range request your log and build a range including the lowest and the highest IP address of the player (maybe rounded down to x.x.x.0 and up to x.x.x.255 resp.).
					Be aware that some players have multiple dynamic IP address ranges with huge gaps between. You need a separate ban entry for each range.
					To get more information about a questionable IP address try http://www.ripe.net/whois?form_type=advanced&alt_database=ALL (for european IP addresses) or http://ww2.arin.net/whois/ (for USA IP addresses; prefix the IP address with a plus sign to get extended info). Although there are more than 200 such IP lookup services, you can start with either of the both: they will give you a link where to lookup the questionable IP in detail. Those whois services will give you the name of the provider and a first IP address range to start with (but often you have to restrict the range for a ban by your log experience if you don't want to ban innocent players).
					Setting bBanRQA=true is very restrictive and may accidentally ban a player due to a package plethora after a temporary network traffic accumulation. Therefore it is NOT recommended.
					Setting bBanRUA=true is very restrictive and may accidentally ban a master server due to a package plethora after a temporary network traffic accumulation leading to broken uplinks (= server is not listed by that master server any longer). Therefore it is NOT recommended.
					Recurring attack situations which unwantedly fill up the server log should be blocked by a firewall or router.
					You may like to protect your unreal.ini file by setting it to readonly, once you set up all settings as desired.
					If you start the dedicated server from within a batch file, you can use the "INI=<filename>" and "LOG=<filename>" options to use different unreal.ini and unreal.log files for server and client (if you run both in same system folder) or just use different (system) folders for server and client.
				


			
			Release History

				
					New in Nephthys V1.1
						
							Nephthys is now available for Unreal1, Deus Ex, Unreal Tournament, Rune
							Fixed some false attack detections
							Fixed partly deactivation when playing certain maps
							Nephthys refuses new connections while Game.bGameEnded == true and bRejectAfterGameEnd == true
							Nephthys now accepts connections with invalid login options name or class if bRejectBlankName == false resp. bRejectEmptyClass == false (both default)
							Nephthys now rejects connections with invalid login option password if bRejectEmptyPassword == true (default)
							Documentation extended
							Configuration is checked during startup. If server exits immediately after startup see server's unreal.log for details.
							Name log now replaces names which only differ in case instead of storing both names.
							Kill double connections logic is automatically disabled the first seconds after map change for better remote LAN player support (see option KillDoubleDelay for details).
							ICMP messages of type 3 (destination unreachable) support fast close of dead clients
							Kick() called from uscript now works without a port as well
							The new NptServerUplink ServerActor (unreal1 only) now supports custom made master servers
							Ban rules aren't sorted at map change any longer
							Bans can be set or changed to a specific slot number
							The new uscript function GetBanInfo(slot) now allows browsing through existing ban rules
							A possible crash during regular shutdown of the server is now avoided.
						
					
				


			
			UScript interface

				Nephthys provides an open uscript interface to be base for customized server mods.
				This chapter applies to server mod coders only.
				
					Events

						Events are uscript functions called by the native code.
						To use them create a new class derived from NephthysProxy
						and write the functions using the following names/prototypes.
						An actor of this new class has to be spawned (e.g. place it into ServerActors (NOT ServerPackages!!!)).
						When the event happens, the function gets called.
						To get any event called bUscriptAPI=true needs to be configured
						(should either be given as installation instruction in your end user manual
						or make your mod set it during BeginPlay!).

						

						event ConnectionRejected( string Addr, string Names );
						
							
								Description:
								Called when connection is rejected before opening.
							
							
								Parameters:
								Addr
								IP:Port of the current connection
							
							
								Names
								All known names for connection's IP separated by space or "" if not logged yet
							
						
						

						event ConnectionOpened( string Addr, string Names, out string MoreInfo );
						
							
								Description:
								Called when connection is just opened, PreLogin() not yet passed. Data may be received or sent from now on.
							
							
								Parameters:
								Addr
								IP:Port of the current connection
							
							
								Names
								All known names for connection's IP separated by space or "" if not logged yet
							
							
								Outputs:
								MoreInfo
								If the uscript mod can gain some more informations about this connection it may be stored here. These informations can be obtained later by calls to GetPlayerInfo() or GetConnectionInfo().
							
						
						

						event ConnectionDropped( string Addr, string Name, string Names );
						
							
								Description:
								Called when connection is closed before PreLogin(), e.g. due to invalid join parameters or a recognized attack. Since the connection was closed now, no data may be sent or received any more.
							
							
								Parameters:
								Addr
								IP:Port of the current connection
							
							
								Name
								The current name of the join attempt or "" if not analysed yet
							
							
								Names
								All known names for connection's IP separated by space or "" if not logged yet
							
						
						

						event PreLogin( string Addr, string RequestURL, string Names, out string Error );
						
							
								Description:
								Called after a new player passed PreLogin().
							
							
								Parameters:
								Addr
								IP:Port of the current connection
							
							
								RequestURL
								The complete URL of the join attempt
							
							
								Names
								All known names for connection's IP separated by space
							
							
								Outputs:
								Error
								To reject the join attempt at this place the uscript mod must set up an error message which gets logged. Although the connection gets dropped after that, the message isn't transmitted to the client. Use the game type's PreLogin() function to do so.
							
						
						

						event FileUpload( string Addr, string RequestURL, string Names, string FileName, int FileSize );
						
							
								Description:
								Called when new connection started to load a file.
							
							
								Parameters:
								Addr
								IP:Port of the current connection
							
							
								RequestURL
								The complete URL of the join attempt
							
							
								Names
								All known names for connection's IP separated by space
							
							
								FileName
								The complete name of the file, including the device (drive letter) and all folder names.
							
							
								FileSize
								The size of the file in bytes.
							
						
						

						event Login( string Addr, string RequestURL, string Names, out string Error );
						
							
								Description:
								Called after new player passed Login().
							
							
								Parameters:
								Addr
								IP:Port of the current connection
							
							
								RequestURL
								The complete URL of the join attempt
							
							
								Names
								All known names for connection's IP separated by space
							
							
								Outputs:
								Error
								To reject the join attempt at this place the uscript mod must set up an error message which gets logged. Although the connection gets dropped after that, the message isn't transmitted to the client. Use the game type's Login() function to do so.
							
						
						

						event ConnectionKicked( string Addr, string RequestURL, string Names );
						
							
								Description:
								called when an established connection is closed (kick).
							
							
								Parameters:
								Addr
								IP:Port of the current connection
							
							
								RequestURL
								The complete URL of the join attempt
							
							
								Names
								All known names for connection's IP separated by space
							
						
						

						event Logout( string Addr, string Name, string Names );
						
							
								Description:
								Called after a player passed Logout().
							
							
								Parameters:
								Addr
								IP:Port of the current connection
							
							
								Name
								The name of the join attempt (might not be the name the player used at last)
							
							
								Names
								All known names for connection's IP separated by space
							
						
						

						event RjaAttackStarted( string Addr, string Names, int count, float TimeDelta );
						
							
								Description:
								Called when a connection is considered to be RJA attacking.
							
							
								Parameters:
								Addr
								IP:Port of the current connection
							
							
								Names
								All known names for connection's IP separated by space
							
							
								count
								Number of new connections resulting in attack detection
							
							
								TimeDelta
								The time needed to open the connections.
							
						
						

						event RjaAttackStopped( string Addr, string Names, int count, float TimeDelta );
						
							
								Description:
								Called when a RJA attack has stopped. This event can be called some time after the attack really stopped.
							
							
								Parameters:
								Addr
								IP:Port of the current connection
							
							
								Names
								All known names for connection's IP separated by space
							
							
								count
								Number of new connections during attack
							
							
								TimeDelta
								The duration of the attack.
							
						
						

						event DrjaAttackStarted( int count, float TimeDelta );
						
							
								Description:
								Called when a connection is considered to be DRJA attacking.
							
							
								Parameters:
								count
								Number of new connections resulting in attack detection
							
							
								TimeDelta
								The time needed to open the connections.
							
						
						

						event DrjaAttackStopped( int count, float TimeDelta );
						
							
								Description:
								Called when a DRJA attack has stopped. This event can be called some time after the attack really stopped.
							
							
								Parameters:
								count
								Number of new connections during attack
							
							
								TimeDelta
								The duration of the attack.
							
						
						

					
					Functions

						These native functions may be called by any custom uscript mod.
						Common usage is

						ret = class'NephthysProxy'.static.func(par)

						It may be called from any mod, not necessarily derived from NephthysProxy.
						The value of bUscriptAPI doesn't matter.

						

						function string IpNameIsBanned( out string message, optional string ip, optional string name, optional bool bStealth, optional bool bCount );
						
							
								Description:
								Determine whether an IP and/or name is banned. To implement ban checking in the game type's PreLogin() or Login() a call of GetConnectionInfo() followed by a call of this function gains the information needed to return a (ban rule customized) message to the client.
							
							
								Outputs:
								message
								If a ban rule matches and it provides a message it's returned here, else "".
							
							
								Parameters:
								ip
								If given: determine whether this IP is banned. At least ip or name must be given. To match a name reservation ban ip and name must be given.
							
							
								name
								If given: determine whether this name is banned. At least ip or name must be given. To match a name reservation ban ip and name must be given.
							
							
								bStealth
								If bStealth!=false (i.e. =true or omitted) only stealth ban rules are considered, all non-stealth ban rules aren't applied
							
							
								bCount
								Whether to count the ban appliance (depending on bStealth)
							
							
								Returns:
								The description of the matched ban rule or "" if none matched.
							
						
						

						function string BanIpName( optional string ip, optional string name, optional string comment, optional string AppendIfNot );
						
							
								Description:
								Insert a new stealth ban rule, valid always and forever, or set an existing ban rule to always valid and append the comment.
							
							
								Parameters:
								ip
								If given: ban this IP. Either ip or name must be given.
							
							
								name
								If given: ban this name. Either ip or name must be given.
							
							
								comment
								Additional comment for this rule (e.g. reason).
							
							
								AppendIfNot
								If an existing ban rule matches the parameters and it doesn't include any of the (space separated) words given here, the new comment is appended to the old comment (with space as separator). Otherwise the old comment is replaced by the new comment. Note that existing ban rules aren't set to stealth.
							
							
								Returns:
								A message what has been done.
							
						
						

						function string GetBanInfo( int slot );
						
							
								Description:
								Read the ban information of a given ban number as a printed string.
							
							
								Parameters:
								slot
								The ban number to examine.
							
							
								Returns:
								The description of the matched ban rule or "" if none matched.
							
						
						

						function bool GetPlayerInfo( PlayerPawn PP, out string Addr, out string State, out string Names, out string MoreInfo );
						
							
								Description:
								Gets informations about a given player or the event causing connection.
							
							
								Parameters:
								PP
								The PlayerPawn to obtain the informations for.

								Called from within the game type's PreLogin(), Login() and PostLogin() functions this parameter may be set to none to obtain informations about the connection causing the event call of PreLogin(), Login() resp. PostLogin().

								Called from any other context this parameter has to refer to an existing PlayerPawn, else this function will fail.
							
							
								Outputs:
								Addr
								Current IP:Port of the player.
							
							
								State
								State of the connection.
							
							
								Names
								All known names for connection's IP separated by space
							
							
								MoreInfo
								More informations as given by event ConnectionOpened()
							
							
								Returns:
								Whether it worked out good (true) or bad (false, e.g. no connection for PlayerPawn).
							
						
						

						function bool Kick( optional PlayerPawn PP, optional string Addr );
						
							
								Description:
								Kicks by a given PlayerPawn, IP:Port or IP. The traffic is stopped immediately, the connection is closed as soon as possible.
							
							
								Parameters:
								PP
								If given: the PlayerPawn to kick. Either PP or Addr must be given.
							
							
								Addr
								If given: IP:Port or IP to kick. If only IP is given all connections matching this IP are kicked.
							
							
								Returns:
								Whether it worked out good (true) or bad (false, e.g. no connection for PlayerPawn or IP currently not online).
							
						
						

						function string LogIpName( string ip, string name );
						
							
								Description:
								Log a new name for a given IP. E.g. this may be called in case of name changes.
							
							
								Parameters:
								ip
								The IP to log.
							
							
								name
								The name to log.
							
							
								Returns:
								A message what has been done.
							
						
						

						function ExecuteCommand( string cmd );
						
							
								Description:
								Executes a command as if given by npt <command>.
							
							
								Parameters:
								cmd
								The command string to execute.
							
						
						

						function bool GetConnectionInfo( string Addr, out PlayerPawn PP, out string State, out string Names, out string MoreInfo, out string UploadFilename, out int UploadTransfered, out int UploadTotalSize );
						
							
								Description:
								Gets informations about a given connection.
							
							
								Parameters:
								Addr
								IP:Port of the connection to examine.
							
							
								Outputs:
								PP
								PlayerPawn using this connection or none if not connected yet / anymore.
							
							
								State
								State of the connection.
							
							
								Names
								All known names for the connection separated by space
							
							
								MoreInfo
								More informations as given by event ConnectionOpened()
							
							
								UploadFilename
								The complete name of the file currently uploading, including the device (drive letter) and all folder names or "" if connection isn't uploading.
							
							
								UploadTransfered
								Number of bytes already uploaded or 0 if connection isn't uploading.
							
							
								UploadTotalSize
								The size of the file in bytes or 0 if connection isn't uploading.
							
							
								Returns:
								Whether it worked out good (true) or bad (false, e.g. no connection for Addr).
							
						
						

					
				
			
			Construction
				
					Editor(s) used: UnrealEd fix 4, VC++ 6.0 SP5, fred, EditPlus
					Base: Unreal Public Headers 224v and Gold, UT Public Headers v432, Kerberos
				
			
			
Credits
				
					}TCP{Wolf
					Bolke_DE_Beer
					Zombie
					Sixpack_Shambler
					SA|BarendB
					Hyper.nl
				
			
			
Copyright / Permissions
				
					This mod is copyrighted 2004/2005 by Winged Unicorn and Zora (original code belongs to Epic).
					Authors may use this mod as a base to build their own mods (e.g. creating an UnrealScript extension).
					This mod is absolutely freeware. You MAY distribute this level through any electronic network (Internet, FIDO, local BBS etc.), on condition that you include this file and leave the archive intact.
					You are NOT allowed to gain any money for this mod. You are NOT allowed to commercially exploit this mod, i.e. put it on a CD or any other electronic medium that is sold for money, without explicit permission of Winged Unicorn or Zora!
					You are NOT allowed to decompile the DLLs nor to hack into Nephthys in any kind.
					Don't give this mod to people you don't trust!
				
			
			
Disclaimer
				
					The authors DISCLAIM ALL DAMAGE to ANY of your property (whether it is your hardware, software, storage medium, or anything else computer, or non-computer related) that may be caused by the use, misuse, or distribution of this software, even if the authors have been advised of the possibility of such loss.
					If you lose anything (including, but not limited to, time or money) as a result of the use, misuse, or distributing of this program, YOU ARE FULLY RESPONSIBLE for ALL costs, and you agree to hold the authors COMPLETELY harmless for ALL costs in ANY shape or form.
				
			
			
Trademarks
				
					UNREAL (c)1998 Epic Megagames, Inc.  All Rights Reserved.  Distributed by GT Interactive Software, Inc. under license. UNREAL and the UNREAL logo are registered trademarks of Epic Megagames, Inc. All other trademarks and trade names are properties of their respective owners.

Command	Description
Help	Show a brief summary of all commands
Status [<conn#>]	Show a brief summary of all handled connections [a detailed info of given connection]
Ban list [<banentry> [<bansort> [<count>]]]	List ban table [only <banentry>s [sorted by <bansort> [max. <count> entries]]]
Ban remove <banentry>	Remove ban table <banentry>s Hint: Use ban list with same <banentry> parameters prior to ban remove to avoid unwanted deletions
Ban change <banentry> <banpar>	Change a single ban table <banentry> Hint: Use ban list with same <banentry> parameters prior to ban change to avoid unwanted changes
Ban new <banpar>	Insert a new ban table entry, even if some banpars match an existing entry
Kick <ip>[:<port>]\|N=<Name>	Kick a given player. You may kick downloaders by giving the IP!
Log list [<logentry> [<logsort> [<count>]]]	List log table [only <logentry>s [sorted by <logsort> [max. <count> entries]]]
Log remove <logentry> [<name>]	Remove log table <logentry>s [only the exact <name> from the entry]
Log range <logentry> <ipStart>[-<ipEnd>]\|#<slotStart>-<slotEnd>[,Mask]	Expand log table entry to IP range / re-range <logentry>. New range may include other entries, but must not intersect any entry. Giving ",Mask" will expand the selected range to boundaries of powers by 2 (see <logentry>). If you're unsure what this option does then don't use it! Anyways, it's recommended to use "log list" with this required mask prior to applying it with "log range".
Log merge <logentry> [Mask]	Merge successive <logentry>s with same name(s) [and expand them by mask calculation]. It's a shortcut to range multiple log table entries of dyn. IP players into one single entry.

Tag	Description
<banentry>	<ipStart>-<ipEnd> \| #<slotStart>[-<slotEnd>] \| N=<name> \| L=<LastUsedStart>[-<LastUsedEnd>] \| C=<comment> \| M=<message> \| R=<reference> \| Drop More than 1 search criteria may be given separated by comma "," Name, Comment, Message, Reference: selects only ban entries including the given string LastUsed: The timestamp of the last time the ban rule was applied (setup by Nephthys automatically). You may omit time and/or day if not needed, e.g. 2004/08-2004/09 Drop: selects only ban entries with DropCount > 0
<bansort>	[-]<LastUsed> \| [-]<Reference> LastUsed: sort the listed ban entries by their LastUsed information Reference: sort the listed ban entries by their Reference information precede the sort criterion with a minus sign to reverse the sort direction
<banpar>	{IP=<ip>[-<ip>] \| Name=<string> \| \| Expires=<stamp> \| Mode=Always,OffWhenAdmin,ReserveName,Off \| bStealth=0,1 \| Message=<string> \| Reference=<string> \| Comment=<string> \| Next=#<slot>}+ IP: IP address (range) to ban, given as ddd.ddd.ddd.ddd Name: only for name bans (= ban if name matches) or name reservation bans (= ban if name matches but IP (range) doesn't match) Expires: time stamp when this ban entry becomes disabled automatically and becomes shown as "suspect" if configured. Note that it isn't removed automatically! Mode: Always: ban entry active always; OffWhenAdmin: ban entry active only if no admin is logged in; ReserveName (IP (range) and Name requrired): Name is useable for given IP (range) only; Off: disabled (is shown as "suspect" if configured) bStealth: 0: connection is allowed to query and to attempt PreLogin. The banned player is allowed to request a server info (name, players, scores, etc. are returned) and if the player tries to connect, Nephthys will let the player pass to PreLogin (so the admin (you) can see the Name of the player - important if you ban IP ranges) and closes the connection after that. A higher mod has the possibility to send a (specific, see below) message to the player concerning the ban reason before Nephthys closes the connection. 1: no traffic from connection is accepted, i.e. the server will reject any server info request, so the server is invisible in the banned player's server list. Also, if the player tries to connect manually by entering "open IP", Nephthys won't reply anything (just like a firewall: all network packets from the banned players are dropped). Message (isn't considered for applying a ban; only usable by extending uscript interface): message the player gets shown when banned Reference (isn't considered for applying a ban): user defineable reference to the reason why this ban was setup (default and automatically inserted ban enties: current time stamp - see server log at this stamp for details) Comment (isn't considered for applying a ban): user defineable comment which should hold a reminder for the admin why this ban was setup. Next (may affect which ban is applied): If given the new or changed ban entry is placed before the given ban number, else it's appended at the end of the ban table (ban new) or it keeps it's place (ban change). Since for ban application the ban table is scanned by slot number 0 to higher numbers, ban entries at the end of the ban table may be hidden behind a ban entry in a lower position.
<logentry>	<ipStart>-<ipEnd> \| #<slotStart>[-<slotEnd> \| N=<name> \| L=<LastUsedStart>[-<LastUsedEnd>] \| Admin \| Drop \| Kick[,Mask] Name: selects only log entries including the given string LastUsed: omit time and/or day if not needed, e.g. 2004/08-2004/09 Admin: selects only log entries detected as admins Drop: selects only log entries with DropCount > 0 Kick: selects only log entries with KickCount > 0 Mask (requires IP range or slot (range): extend IP range to powers of 2. E.g. range 1.2.3.24-1.2.3.129,Mask becomes 1.2.3.0-1.2.3.255 and range 1.2.3.24-1.2.8.24,Mask becomes 1.2.0.0-1.2.15.255 etc. This might be useful when experimentally setting up IP ranges for logged names of dynamic IP address ranges.
<logsort>	[-]<LastUsed> LastUsed: sort the listed log entries by their LastUsed information precede the sort criterion with a minus sign to reverse the sort direction
<string>	replace blanks with %20, % with %25
<stamp>	yyyy[/mm[/dd[%20hh[:mm[:ss]]]]] Note that all time comparisons are simple string comparisons, i.e. "2004/12/31" < "2005/02/25" because "4" < "5" (as expected) but "31.12.2004" > "25.02.2005" because "3" > "2" (not wanted)

Command	Item	Description
log list	P[reLogin]	counts how often a player reached the PreLogin state (before download / join).
log list	L[ogin]	counts how often a player reached the Login state (successful join).
log list	K[ick]	counts how often a player was kicked (manually).
log list	D[rop]	counts how often a player's connection was dropped (invalid join parameters, stealth ban).
ban list	S[tealthCount]	counts how often a stealth ban was applied. This value won't count for non-stealth bans, but may (re-) start to count if you change the stealth mode of a ban entry.
ban list	D[ropCount]	counts how often a non-stealth ban was applied, i.e. how often the player was blocked in PreLogin. This value won't count for stealth bans, but may (re-) start to count if you change the stealth mode of a ban entry.

Description:	Called when connection is rejected before opening.
Parameters:	Addr	IP:Port of the current connection
Parameters:	Names	All known names for connection's IP separated by space or `""` if not logged yet

Description:	Called when connection is just opened, PreLogin() not yet passed. Data may be received or sent from now on.
Parameters:	Addr	IP:Port of the current connection
Parameters:	Names	All known names for connection's IP separated by space or `""` if not logged yet
Outputs:	MoreInfo	If the uscript mod can gain some more informations about this connection it may be stored here. These informations can be obtained later by calls to GetPlayerInfo() or GetConnectionInfo().

Description:	Called when connection is closed before PreLogin(), e.g. due to invalid join parameters or a recognized attack. Since the connection was closed now, no data may be sent or received any more.
Parameters:	Addr	IP:Port of the current connection
	Name	The current name of the join attempt or `""` if not analysed yet
	Names	All known names for connection's IP separated by space or `""` if not logged yet

Description:	Called after a new player passed PreLogin().
Parameters:	Addr	IP:Port of the current connection
	RequestURL	The complete URL of the join attempt
	Names	All known names for connection's IP separated by space
Outputs:	Error	To reject the join attempt at this place the uscript mod must set up an error message which gets logged. Although the connection gets dropped after that, the message isn't transmitted to the client. Use the game type's PreLogin() function to do so.

Description:	Called when new connection started to load a file.
Parameters:	Addr	IP:Port of the current connection
	RequestURL	The complete URL of the join attempt
	Names	All known names for connection's IP separated by space
	FileName	The complete name of the file, including the device (drive letter) and all folder names.
	FileSize	The size of the file in bytes.

Description:	Called after new player passed Login().
Parameters:	Addr	IP:Port of the current connection
	RequestURL	The complete URL of the join attempt
	Names	All known names for connection's IP separated by space
Outputs:	Error	To reject the join attempt at this place the uscript mod must set up an error message which gets logged. Although the connection gets dropped after that, the message isn't transmitted to the client. Use the game type's Login() function to do so.

Description:	called when an established connection is closed (kick).
Parameters:	Addr	IP:Port of the current connection
	RequestURL	The complete URL of the join attempt
	Names	All known names for connection's IP separated by space

Description:	Called after a player passed Logout().
Parameters:	Addr	IP:Port of the current connection
	Name	The name of the join attempt (might not be the name the player used at last)
	Names	All known names for connection's IP separated by space

Description:	Called when a connection is considered to be RJA attacking.
Parameters:	Addr	IP:Port of the current connection
	Names	All known names for connection's IP separated by space
	count	Number of new connections resulting in attack detection
	TimeDelta	The time needed to open the connections.

Description:	Called when a RJA attack has stopped. This event can be called some time after the attack really stopped.
Parameters:	Addr	IP:Port of the current connection
	Names	All known names for connection's IP separated by space
	count	Number of new connections during attack
	TimeDelta	The duration of the attack.

Description:	Called when a DRJA attack has stopped. This event can be called some time after the attack really stopped.
Parameters:	count	Number of new connections during attack
Parameters:	TimeDelta	The duration of the attack.

Description:	Determine whether an IP and/or name is banned. To implement ban checking in the game type's PreLogin() or Login() a call of GetConnectionInfo() followed by a call of this function gains the information needed to return a (ban rule customized) message to the client.
Outputs:	message	If a ban rule matches and it provides a message it's returned here, else `""`.
Parameters:	ip	If given: determine whether this IP is banned. At least ip or name must be given. To match a name reservation ban ip and name must be given.
	name	If given: determine whether this name is banned. At least ip or name must be given. To match a name reservation ban ip and name must be given.
	bStealth	If `bStealth!=false` (i.e. =`true` or omitted) only stealth ban rules are considered, all non-stealth ban rules aren't applied
	bCount	Whether to count the ban appliance (depending on bStealth)
Returns:	The description of the matched ban rule or `""` if none matched.

Description:	Insert a new stealth ban rule, valid always and forever, or set an existing ban rule to always valid and append the comment.
Parameters:	ip	If given: ban this IP. Either ip or name must be given.
	name	If given: ban this name. Either ip or name must be given.
	comment	Additional comment for this rule (e.g. reason).
	AppendIfNot	If an existing ban rule matches the parameters and it doesn't include any of the (space separated) words given here, the new comment is appended to the old comment (with space as separator). Otherwise the old comment is replaced by the new comment. Note that existing ban rules aren't set to stealth.
Returns:	A message what has been done.

Description:	Read the ban information of a given ban number as a printed string.
Parameters:	slot	The ban number to examine.
Returns:	The description of the matched ban rule or `""` if none matched.

Description:	Gets informations about a given player or the event causing connection.
Parameters:	PP	The PlayerPawn to obtain the informations for. Called from within the game type's PreLogin(), Login() and PostLogin() functions this parameter may be set to `none` to obtain informations about the connection causing the event call of PreLogin(), Login() resp. PostLogin(). Called from any other context this parameter has to refer to an existing PlayerPawn, else this function will fail.
Outputs:	Addr	Current IP:Port of the player.
	State	State of the connection.
	Names	All known names for connection's IP separated by space
	MoreInfo	More informations as given by event ConnectionOpened()
Returns:	Whether it worked out good (`true`) or bad (`false`, e.g. no connection for PlayerPawn).

Description:	Kicks by a given PlayerPawn, IP:Port or IP. The traffic is stopped immediately, the connection is closed as soon as possible.
Parameters:	PP	If given: the PlayerPawn to kick. Either PP or Addr must be given.
	Addr	If given: IP:Port or IP to kick. If only IP is given all connections matching this IP are kicked.
Returns:	Whether it worked out good (`true`) or bad (`false`, e.g. no connection for PlayerPawn or IP currently not online).

Description:	Log a new name for a given IP. E.g. this may be called in case of name changes.
Parameters:	ip	The IP to log.
	name	The name to log.
Returns:	A message what has been done.

Description:	Executes a command as if given by npt <command>.
Parameters:	cmd	The command string to execute.

Description:	Gets informations about a given connection.
Parameters:	Addr	IP:Port of the connection to examine.
Outputs:	PP	PlayerPawn using this connection or `none` if not connected yet / anymore.
	State	State of the connection.
	Names	All known names for the connection separated by space
	MoreInfo	More informations as given by event ConnectionOpened()
	UploadFilename	The complete name of the file currently uploading, including the device (drive letter) and all folder names or `""` if connection isn't uploading.
	UploadTransfered	Number of bytes already uploaded or 0 if connection isn't uploading.
	UploadTotalSize	The size of the file in bytes or 0 if connection isn't uploading.
Returns:	Whether it worked out good (`true`) or bad (`false`, e.g. no connection for Addr).