DDraceNetwork - developer

DDraceNetwork

Development / developer

Development discussion. Logged to https://ddnet.tw/irclogs/ Connected with DDNet's IRC channel, Matrix room and GitHub repositories — IRC: #ddnet on Quakenet | Matrix: #ddnet-developer:matrix.org GitHub: https://github.com/ddnet

Between 2019-07-02 00:00:00Z and 2019-07-03 00:00:00Z

Just Scroll a bit up next time

when you login with rcon, is the password sent encrypted?

no

I thought about a couple ways to secure atleast the authentication part, but nothing short of actually encrypting the entire connection came to mind

10:16

CHAP would require the server to know the plaintext of the passwords, which is undesirable

you could make sure that the client doesn't send the password out, but preventing MITM would require at least authenticating the rcon connection

10:20

(one could make sure …)

how are you supposed to authenticate a client without it ever sending the password nor you knowing the plaintext of the password?

https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol

Secure Remote Password protocol

The Secure Remote Password protocol (SRP) is an augmented password-authenticated key agreement (PAKE) protocol, specifically designed to work around existing patents.Like all PAKE protocols, an eavesdropper or man in the middle cannot obtain enough information to be able to b...

Such a complex protocol

10:26

Looks like it's based on prime factorization being difficult

there are other zero knowledge proofs that do not rely on that

10:27

(if this one does)

10:28

no, from the first glance, it looks like it depends on the difficulty of the discrete logarithm problem

I want to remember you all: "We havnt enough time to port ddnet to 0.7, but we are adding useless things, new bugs, trying to fix bugs and waste the time for nothing" In real: " Oh we are all tired"

yeah, appears so

10:29

@Deleted User be our guest, go ahead and port ddnet to 0.7

Only if u assist me and we make a closed src and slap all people

Adding small stuff and fixing bugs takes about an hour out of my day, at that pace I'll have a 0.7 port done in about a decade

10:30

I doubt anyone else on the team spends much more then 2-3 hours a day

i thing ddnet stuff is big enough to port it to 0.7 ez

that adds up to a whopping 10 hours a day with a generous estimate, it'd still take a year to port

10:32

and for what? making you and @ChillerDragon happy?

dont write chillerdragon in the chat

10:33

0.6 is dead

10:33

thats the mainsreason

0.7 is dead

10:35

you know the best, they only get 1 server with some ppl

10:36

and its a race mod

10:36

hilarious isnt it? teeworldsa itself is dead

10:36

ddnet should be standalone

10:36

and no one cares about a pretty menu which we can debate whether its pretty

10:36

ddnet has way more utility than tw 0.7

10:37

they added controller support, yeah we will do perfect pixel aim with that

10:37

they are the oens

10:37

adding useless stuff

xD

ur just biased af

10:37

or trolling

10:37

us

dont be salty on me

10:37

ryomadzuki -,-

0.7 makes me mad

@heinrich5991 such a weird protocol

, first half looks like a diffie hellman kex

why we dont rename ddnet to tw 0.8

ddnet is 12.5

10:38

way more versions

10:38

than 0.7

10:38

:)

10:38

there u have

10:38

we can brag about a higher version number

10:39

troll

troll

10:39

hes a troll

ik

10:39

i know him

I mean it's vali

lol

10:40

you dumb? call me again a troll and you die

10:40

see

10:40

funny af

ill hack u in a min bb

kk

@heinrich5991 did you know of it beforehand or how did you find it? I remember browsing around for a while when I implemented it and not getting anywhere

I found it when I researched how protocols handle passwords

10:48

also I had heard of zero knowledge proofs before, so it was kinda clear that something like that must exist

10:49

it's just kinda sad how little it's used ^^

@heinrich5991 do you know what the u term is supposed to prevent?

10:59

I feel it should work with u = 1, and still be secure, but I'm probably missing sth

looking at it quickly, it seems to be a "shared random number", i.e. a number that neither client nor server can set on its own

11:01

that's often useful

11:01

<food>

</food>

Image attachment

12:47

Not even working when using "cl_dummy_copy_moves"

[ddnet/ddnet] Pull request opened: #1804 Fix toggle not working with colors

Reported by @12pm on discord

status of my side project

Image attachment

feelsbadman

13:32

ill never finish a thing xD

I never finish a thing either, maybe we should collab

what u wanna do

If you finish the part I don't finish and I finish the part you don't, we might end up with a full project

nobody finishes anything

@Learath2 you forgot +toggle in your pr

@Learath2 https://itch.io/jams/starting-this-month monkaS

monkaS

Game Jams Starting This Month

why can't things be easy?

feelsbadman

is +toggle necessary even?

13:48

I mean +toggle doesn't support strings e.g.

it worked before

13:49

I would add it

why doesn't it support strings tho

because I guess the person who implemented it couldn't think of a use for it so he omitted it

@heinrich5991 do you think I should leave support for old masterservers in the client?

yes

16:30

uhm

16:31

@Learath2 I mean support for the old serverbrowse protocol yes, support for old masters no I guess

what are you talking about?

Http masterservers

i.e. faster serverlist reload in the "internet" and "ddnet" and "kog" tab

but if you remove support for vanilla masters you could also break compat to old serverinfo protocol, just keep the new one

16:48

to reduce attack surface on affected servers

they will eventually close the 0.6 masters

16:48

we should become standalone

why should they?

0.5 servers are still running btw

rly

yes

anyway no one plays vanilla

sadly

im happy

this is not true and ddnet isn't the only mod that people play

16:49

fng is not based on ddnet e.g.

but ddnet can implement a more mod friendly protocol

16:49

which other would follow

16:50

the master servers

yea

16:54

also thinking about a tcp implementation could be interesting

16:55

maybe its possible to force other mods to follow

tcp for gameplay nope

16:55

http for masters yes

16:55

which is tcp

16:55

tcp doesnt make sense on game

if I remember correctly, mc uses tcp

16:56

and it makes sense, at least if you think about "how to stop the ddos"

no it doesnt

16:56

read about tcp and udp

16:57

idk why mc uses tcp but most games use udp

I haven't thought about the DoS protection angle, but ryozuki is right about udp being the better fit for games

i mean, tcp would make sense for chat but nothing else

tcp has the "head of line" blocking problem. if you miss a single data packet, you won't get new data until that gets resent

and why not use both? tcp for handshaking and server info, but udp for the game traffic?

that would be possible

yea forgot about the package loss problematic

is there some cheap/free protection for generic tcp services? I'd guess there only is for http

I believe cloudflare also supports tcp. but most hoster (for example ovh) provide a more or less good protection for tcp

it would increase latency for sure

if you use tcp only maybe, but mixed could be interesting

protection involves proxying right? on udp it would increase that low latency required for gameplay

you forget that the for example nfo (which is used by ddnet) supports udp and tcp protections, but I guess tcp is more reliable

they already on nfo iirc

https://www.cloudflare.com/products/cloudflare-spectrum/ ← doesn't seem like cloudflare is offering protection for tcp/udp for free/cheap

TCP and UDP Security | Prevent Gaming DDoS Attacks | Cloudflare

Increase TCP and UDP security and prevent DDoS attacks for gaming, mail, SSH, and other services with Cloudflare Spectrum.

17:01

(that's what @Deleted User said)

http://puu.sh/DNNy1/5b56194307.png nobys fng server is based on ddnet and its the most popular one

Embedded image

17:02

@noby

GWpingSock

ur white theme is horrible

quoting using pictures is annoying

just use ">"

is the http master already wip?

@Learath2 is working on it

@Learath2 how is your progress?

u

17:06

@heinrich5991 how am i going to flex my white theme then?

@Deleted User gimme a day or two and it should be ready, then give it a day or two for review

and another two weeks to fix all the bugs?

17:07

yep sounds about right

@ChillerDragon

Image attachment

hehe

Image attachment

heinrich white themer confirmed

@Deleted User I had it mostly working, then I noticed I kinda went overboard and removed the entire support for serverinfo packets and old masters, neither could servers register on old masters

17:09

so I started again

@Learath2 ill gladly try to break ur api

@Learath2 I feel like the review could take longer than a day or two

will*

17:09

yeah

17:09

it will take weeks for sure

at least I might have some strong opinion on doing things right™

@heinrich5991 pls send your strong opinions before I finish up

but breaking the old-ish support sounds right to me?

@Learath2 I haven't seen it yet, how can I comment on it

i wish we could remake the map format in a sane and human way

@Ryozuki this is important enough that it'll prolly get a lot more attention then some other prs

@Learath2 please share some API calls, the design for registering, the IPv6 compatibility, the way forward for server pings in the client

oh IPv6 compatibility

for some of the things that might be contentious

@Learath2 also the ability to blacklist a server ip

does that even require anything specific? as long as the server registers from an ipv6 address it should register just fine

no, we're not introducing a protocol that doesn't have proper ipv6 support IMO

just ship both ips

no. we need a way for a server to identify ipv4 and ipv6 address so it doesn't appear twice in the serverbrowser

17:13

also it needs to register for both, if possible

17:13

(currently it only registers for one)

ye, my ISP doesnt have ipv6 support

I haven't seen a single household isp that gives out ipv6 yet

but ds-lite is really a thing nowadays, so supporting ipv6 seems necessary

oh i had one that does

17:14

orange

but yeah, it'd be stupid not to support it

but most vps

17:14

have ipv6

17:14

like almost all

almost, ye

I have a working IPv6

pff, this complicates everything

yes, I know ^^

I got a sudden urge to drop this

(edited)

bluekitty

17:15

@Learath2 i fell u

17:15

feel

17:15

*

17:15

how would one support both ips and recognize them as the same? the client would also need to request which one prefers right

i have seen cases where ds lite increased the ping for ipv4 by 20 ms compared to ipv6

This sounds wrong though, the server shouldn't have to know their ip

17:16

sounds very counterintuitive

@redix ipv6 should be more perfomant

17:16

easier routing tables

17:16

or something like that

i have a full dualstack now and both have the same ping

If I let the server dictate what ip they are registering with, it's no longer guaranteed that they own the ip

@Learath2 I'd alternatingly heartbeat via ipv4 and ipv6 maybe

17:17

you can set curl options to say that only IPvX ought to be used

yeah, I guess that could work, but how is curl supposed to know which ipv6 address to use as source?

how is it supposed to know which ipv4 address to use as source? – the OS is doing that

how do you make sure curl and the server is using the same network interface?

ipv4 cant connect to ipv6 right?

it's not that common to have a block of ipv4 addresses, it's very common for ipv6 addresses

and why not simply using something like a token/ident number so that the master knows which ips are together?

you hope for the best(?)

u can abuse it

oh, another point: please still have a way do port-forward checking, with a way to disable it on the server side

17:20

(this should mostly fix the "invalid ipv6" problem)

@Deleted User yeah, that's what I have in mind, we already send a secret, so I'll use that

17:21

port-forward checking? do we really need this?

and why don't you ship external ipv4/v6 ip within the register packet?

I think we should do it, yes

@Deleted User then idk if the server actually owns the ip, then i need some packet to verify that, etc. way more work

17:22

@heinrich5991 hmm, just have the master twping the server on the given port?

could be abused - possibly -

@Deleted User yeah, make those 2 days more like a month or so

a year*

and I'm bound to get way more busy with exams on september, so I guess http masters 2020?

feelsbadman

17:25

who keeps ddosing the masterserver anyway?

17:25

he gains literally no benefit

17:25

and ddnet has its own sv list

17:25

this is completly dumb

port forward checking... what are we checking even?

that the server is reachable

I guess I can just send a connless tw packet on the port, and have the server reply with it

ye

yes, I'd pack the response into the next heartbeat packet though

17:27

that way, we don't require the masterserver to listen for udp packets

sure

(and could potentially spoof the source address of these packets if that's allowed anywhere, in order to not give away the real source)

I mean we could probably get some server in a third world country

17:28

or maybe vali would share

17:29

@heinrich5991 any strong opinion on how I should be verifying the json schema?

using a library

17:30

like any sane person

I think it should only be verified on the client side, what do you think?

17:32

(the serverinfo json schema)

17:32

i.e. like it's done today

17:33

@Learath2 maybe I don't understand the question correctly

Well the server has to drop invalid heartbeats aswell

17:33

and the server list is essentially a list of objects with a subset of the elements of a heartbeat

17:34

so at either side I need to verify that the json is not malformed

you could just put the published object in a "info" subobject or so

17:34

then you don't have to touch it on the masterserver side

17:36

cloudflare was down today btw

17:36

i.e. don't host all masterservers on cloudflare

@heinrich5991 would you be okay with letting servers host arbitrary data on our masterservers?

yes, until it is abused

17:40

maybe put a size limit on it

Things that sound like big problems to me sound like no problem to you, and things that I wouldn't even think about are problems for you

17:40

It's like we think in opposite ways

that's the upside of not working alone on a project I guess?

true

(I'd want this info to be as open as possible for mods, and previously they could also send any data to the clients)

I'd want to strictly regulate it, so that when the client gets an "info" field it knows exactly what's in it and it's always enough to construct a CServerInfo object and the people that host masters know exactly what they are hosrting

I'd validate that on the client side – and just skip any entries that don't conform to the client's schema (but allow extra fields)

17:46

I feel like restricting fields doesn't help the masters not hosting content they don't want, we have many free-form strings in there

17:46

a size limit can reduce the most rampant abuse

but for the extra-fields maybe implement a protocol version?

(size limit in bytes)

sent by server

but then mods can't put their own fields without cooperation by the masters

*clients

17:48

the idea would be you create a protocol which could be extended but has a version number so the client always knows whats inside

17:48

the main problem would be the client then

what problem with "my" system are you trying to solve? what doesn't work there?

imagine vers 1 has no banner url, but vers 2 has one, so the client knows what the additional field means if there is a proper version shipped with (edited)

17:50

so it would be possible to create fields with a general description, more or less. I hope you get the idea

17:51

the banner url is a good example. so you discuss on github how to implement it, just add it, go one up in the version and newer clients know how to parse the new field instead of just displaying bullshit maybe

extra fields aren't a problem in JSON

so presenting a preview instead of the url

they're just ignored by the client if it doesn't know them

ye but I meant the parsing later

17:52

hmpf.

@jao translaten for me pls

Image attachment

21:46

monkaS

what exactly

wats statt

linux instead of windows

ohh

21:46

toptri

brownbear

1

Exported 301 message(s)