DDraceNetwork - developer

DDraceNetwork

Development / developer

Development discussion. Logged to https://ddnet.tw/irclogs/ Connected with DDNet's IRC channel, Matrix room and GitHub repositories — IRC: #ddnet on Quakenet | Matrix: #ddnet-developer:matrix.org GitHub: https://github.com/ddnet

Between 2020-08-10 00:00:00Z and 2020-08-11 00:00:00Z

[ddnet-maps:master] 1 new commit

52055fe A The Dungeon - ddnet-maps

[ddnet/ddnet] Issue opened: #2547 CC-BY-NC-SA skin license

lightbulb, tank, emo, bunny, hedgehog, napoleon, roman, caesar, nosey, savage: Copyright Lappi CC-BY-NC-SA license

I would argue that CC-BY-NC-SA is too restrictive. It certainly does not line up with the rest of ddnet's source and data licenses. Unless Lappi re-licenses, we should delete these skins.

Hey, my server still gets flooded with (connecting) players, it took them a bit but after some days after I initially fixed the ddnet tokens, it still happens. How?

12:26

https://github.com/fokkonaut/F-DDrace/commit/11139517273d831bfff9451f2fb17d99a5ff3167

Fix ddnet tokens · fokkonaut/F-DDrace@1113951

12:28

I really need help at this point, to me it seemed to work

https://github.com/fokkonaut/F-DDrace/blob/1edb14df728b2bcbdd0e5d57fc2d7f9b8bff3ea0/src/engine/shared/network_server.cpp#L97-L111

fokkonaut/F-DDrace

F-DDrace is a server mod for Teeworlds 0.7 developed by fokkonaut. - fokkonaut/F-DDrace

14:58

one problem is probably there

14:58

sha256_update(&Sha256, (unsigned char*)&Addr, sizeof(20)); //omit port, bad idea?

14:58

only hashes sizeof(20) = 4 bytes

14:58

that is just the address type, so it is the same token for everyone

14:58

@fokkonaut ^

Huh? I got this from ddnet

nice, that's how you find a ddnet vulnerability

xd

15:02

Whats the problem here?

https://github.com/ddnet/ddnet/commit/2f760e3e40b58a838191e60127a84bafa7bf70ea

Forgot to drop port · ddnet/ddnet@2f760e3

15:03

sizeof(20) is 4

15:03

so you're only hashing the first 4 byte of the NETADDR struct

why did learath do thaz

cuz 20 is a int right, sizeof gets the size of the type

15:04

why is 20 there

probably meant 20 instead of sizeof(20)

@Learath2

still questionable code, but might work

:D

15:05

thanks for looking into it @heinrich5991, also good for ddner :)

has been in the code for 2 months

ddnet*

sizeof(20)??? god I'm dense

kek

1

xD

@Learath2 why is the port omitted?

because that's what @timakro did

15:19

I think it's because the masterserver uses 2 different ports to communicate

yep

teeworlds 0.7 also hashes the port

15:22

@timakro can you elaborate why this is necessary?

I think the hacky way tokens are handled in the register code only stores one token per master server ip

What learath said. It's just using the same token logic for the connless master server communication as for communication with regular 0.7 clients

15:24

We could differentiate there but I was just lazy ^^

the regular 0.7 server also hashes the port together with the IP address, that can't be the only thing

@heinrich5991 but 0.7 tokenmanager handles all tokens per ip+port

Yeah but we don't have to, right?

the way we did it is very much a hack

that is, I can't think of a new attack that this would enable

If it's coming from the same ip it should be fine

yes, what I said above, I can't see any new attack vectors that this opens up (edited)

15:26

it's something that should probably be mentioned in the PR though

15:26

that we no longer hash the full net address

You can hijack other teeworlds players in your LAN :)

oh yes CGNAT

15:27

so there is a problem there

never heard of that

another time that shows that just because we don't see a problem doesn't mean there isn't onbe

15:27

I should really not compromise on security

CG what

@timakro where the provider does the NAT

15:27

when you don't get a full IPv4 address anymore

15:28

but share it with others

Wow

so we should hash IP address and port

Didn't know there is something like that

"carrier grade network address translation"

15:28

https://en.wikipedia.org/wiki/Carrier-grade_NAT

Carrier-grade NAT

Carrier-grade NAT (CGN or CGNAT), also known as large-scale NAT (LSN), is an approach to IPv4 network design in which end sites, in particular residential networks, are configured with private network addresses that are translated to public IPv4 addresses by middlebox network ...

I don't have the time to patch it up

I guess we have enough 0.7 clients that disabling it until a fix is not feasible?

That's insane, it's bad enough that you have to pay enormous sums to get a static ip at your home

@timakro it's mostly a consequence of not having enough IPv4 addresses

Yep, if only ipv6 was widely supported ...

15:30

I'm living in a dorm of my university where I get a static IPv4 for free, but we don't have IPv6 .. its wild

15:32

I'm curious how you would fix it, I don't even know why the masterservers use different ports. I just remember being stuck on this for a while until I figured it out and then just went the quick route (like usually with this project ^^)

yes, waay to many 0.7 clients

15:33

the masterservers use different ports so that they can "check" whether you have ports forwarded

15:33

if they just reply back on the same port, the NAT will route it back (because it's seen as part of the same UDP "connection")

15:34

so they use a different port to check if outside clients could possibly connect. not bulletproof, some NATs separate by IP address not IP address and port

Ah makes sense

15:37

You should just omit the port for master server communication then, this should be relatively easy to do. Just gotta figure out a not too painful path to pass that information down. Unless the master servers use CGNAT this will be fine

15:41

The core reason why this hack (and also some others) are required here is that the vanilla 0.7 servers use randomly generated tokens and store them. I decided to use ip hash tokens everywhere because I didn't want to include the logic for storing tokens.

[ddnet/ddnet] Pull request closed: #2541 Arrow key support in editor

15:50

[ddnet:master] 8 new commits

02f6e70 Right click: Don't remove selection of layers - def- 8174dfa Editor: Support up/down keys to switch layers - def- c66201d Editor: Get rid of some debugging output - def- 4c9d03c Editor: Left/Right switch between layers/images/sounds - def- 1ad43a7 Editor: Support up/down for images/sounds - def- 29332ea Editor: Add ctrl+n for new map, ctrl+a to append map, add hints - def- 2857016 Prevent crash by keeping m_SelectedImage/Sound in correct range - def- 9d4a771 Merge pull request #2541 from def-/pr-editor - def-

15:50

[ddnet/ddnet] Pull request closed: #2545 Version 14.3

15:50

[ddnet:master] 2 new commits

4ceb4dd Version 14.3 - def- 77d6197 Merge pull request #2545 from def-/pr-version-14.3 - def-

15:51

[ddnet-web:pr-14.3] 1 new commit

2230a9f Version 14.3 - def-

[ddnet/ddnet] Pull request opened: #2548 Move skins license information to its own file

[ddnet/ddnet] Pull request opened: #2549 Satisfy old C standard

system.c:2325:2: error: ‘for’ loop initial declarations are only allowed in C99 or C11 mode
  for(int cursor = 0, pos = 0; pos <= truncation_len && cursor < dst_size && size != cursor; cursor = str_utf8_forward(src, cursor), pos++)

@heinrich5991 Zwelf : We don't bundle sqlite3 on Linux and Mac? On Mac build I get "You must install SQLite3 to compile DDNet"

16:16

@timakro My home connection is with Vodafone atm and they don't offer IPv6 either...

i think its rare to not have sqlite3 in linux

16:16

i dont have ipv6 either

ok, for Linux it uses the bundled one correctly

[ddnet/ddnet] Pull request opened: #2550 Try to fix bundling SQLite3 on Mac

Ok, this seems to work: https://github.com/ddnet/ddnet/pull/2550

Fix bundling SQLite3 on Mac by def- · Pull Request #2550 · ddnet/dd...

Verified locally

[ddnet/ddnet] Pull request closed: #2550 Fix bundling SQLite3 on Mac

17:13

[ddnet:master] 2 new commits

0a9eb72 Fix bundling SQLite3 on Mac - def- 2d01f91 Merge #2550 - bors[bot]

Oh well, another linking error on Mac:

Undefined symbols for architecture x86_64:
  "___isOSVersionAtLeast", referenced from:
      _singleipconnect in libcurl.a(libcurl_la-connect.o)
      _sectransp_connect_common in libcurl.a(libcurl_la-sectransp.o)
      _sectransp_connect_step2 in libcurl.a(libcurl_la-sectransp.o)
      _sectransp_version_from_curl in libcurl.a(libcurl_la-sectransp.o)

Weird that this pops up now, I don't remember changing anything recently with curl

17:30

@Learath2 @heinrich5991 any ideas?

[ddnet/ddnet] Pull request closed: #2549 Satisfy old C standard

17:35

[ddnet:master] 2 new commits

467778f Satisfy old C standard - def- 0403e77 Merge pull request #2549 from def-/pr-for-loop-c - def-

17:36

[ddnet/ddnet] Pull request closed: #2548 Move skins license information to its own file

17:36

[ddnet:master] 2 new commits

d085356 Move skins license information to its own file - def- 8239836 Merge pull request #2548 from def-/pr-skins-license - def-

@deen are you still linking with compiler-rt properly?

I thought so, didn't change anything

[ddnet-web:master] 1 new commit

8e8f406 7event3 - def-

18:20

[ddnet/ddnet] Issue opened: #2551 Opengl3 causes text entities to render as black blocks

Noticed locally, Im 'corneum has the same issue.

18:21

[ddnet-web:master] 1 new commit

ec25aeb 7event4 - def-

@Learath2 linking curl or linking DDNet? (edited)

18:39

because I didn't change curl since May 1

uhm, I think it only gets linked while linking ddnet

i have a problem that appeared about 2 years ago. so i never close my client. sometimes when i leave my pc for an hour i logout but its still running. when i come back, login and try to go back in my client it instantly crashes. it is only after i lock/unlock my pc and i figure that a little time has to pass. its not a big deal to just restart the client but sometimes i loose mapping progress

I googled for the issue and found my own fix, yay: https://github.com/ddnet/ddnet/commit/e8bd8459a6f556594f48f33f4d145033bc89d46f No idea why we removed it again, I guess I'll try readding

18:47

or maybe I'll rebuild osxcross first

18:47

might be a local clang update somehow disabling it

18:50

@heinrich5991 @Learath2 I see: Manually-specified variables were not used by the project: CMAKE_TOOLCHAIN_FILE. is it related?

Oh that's quite odd

18:52

Did we change something about cmake?

18:53

We removed it because it creates executables that won't run on newer macOS

18:53

___isOSVersionAtLeast isn't in the flat namespace anymore so dyld won't find it

[ddnet/ddnet] Pull request opened: #2552 Flag afk when player timed-out

Timed out players kills entire team especially on t0 maps. So i just thought we can flag them as afk.

[ddnet/ddnet] Pull request opened: #2553 Add OpenGL error handling

Don't merge yet, since i don't know if this should be merged at all. (only for OpenGL3 commands rn) Might help with #2551, if the driver knows the error(e.g. texture incompleteness) and is able to output it. @def- you can try and see if the program outputs an error with that code, else it's hard to predict the error :D

hi if u touch a startline in practice mode and /r before touching the ground, it will tp you back behind the startline and also reset ur time at the top of the screen to the server time

19:27

and if u touch startline again it wont put it to 0:00 but you are still technically racing cause you can't join another team (edited)

19:28

might be a little bug

@Learath2 any idea how to fix?

20:05

@louis so then you can't finish?

@deen you can link verbosely to see if compiler-rt is getting pulled in

@deen

20:08

Hello how i can start translate game for Ukrainian

20:08

?

@deen ye u cant finish in practice (it doesn't say "your team finished in 00:00 but because you're in practice mode blah blah") it acts as if u never touched start

@Deleted User check in data/languages/ukrainean.txt

thats where?

20:09

on github? (edited)

where DDNet.exe is

oh

you can edit it and restart client to try it

on files?

yes, file. when it's done, upload on github.

bruh but where that

20:09

on data

20:09

oh

20:09

sry

20:09

lel

@deen the docs say you can try

 echo "int main(void){return 0;}" | xcrun clang -xc -o/dev/null -v - 2>&1 | \ grep "libclang_rt" 1>/dev/null && echo "Success"

ok, that's not working

20:16

I rebuilt osxcross and compiler-rt though

20:16

just a ./build.sh; ./build_compiler_rt.sh

And did you execute the commands build_compiler_rt.sh tells u to?

Told me nothing:

./build_compiler_rt.sh
## Building compiler-rt (release/10.x) ##

20:19

looks like it failed I guess

20:19

So I guess I have to rerun this every time my system clang is updated then

[ddnet/ddnet] Issue closed: #2156 Run eval `osxcross-conf` before compilation

@deen why that not setup

20:22

a languege

20:22

on game

I don't understand

im added some words

20:24

but we dont replace on game

did you restart the game after editing and saving the file?

yes

you should only edit the text after ==

20:25

not the original english text

im maked that

20:26

im edited after==

20:26

example Kill=Вбити

20:26

Look that?

Looks very wrong

It should be

Kill
== Вбити

?

20:27

lol wut

u need to follow the correct format

just replace words

bruh

[ddnet/ddnet] Pull request opened: #2554 Fix the same token being generated for each client

Theoretically, a regression test would be nice here, but we don't really have the infrastructure… This fixes a spoofing vulnerability.

@Learath2 they pipe all errors to /dev/null, thus I missed interesting stuff like: fatal: Unable to create '/home/deen/git/osxcross/build/compiler-rt/.git/index.lock': Permission denied

@heinrich5991 didnt read the whole conversation, why cant I just use sizeof(Addr)m

20:46

?"

20:47

*

timakro and Learath2 said their 0.7 compatibility code relied on the port not being hashed

[ddnet:master] 2 new commits

fabc194 Flag afk when player timed-out - ardadem 62a2271 Merge #2552 - bors[bot]

20:48

[ddnet/ddnet] Pull request closed: #2552 Flag afk when player timed-out

[ddnet/ddnet] Pull request opened: #2555 Pr chinese translation

found some problems with chinese translation

21:27

[ddnet/ddnet-web] Pull request closed: #88 Version 14.3

21:27

[ddnet-web:master] 2 new commits

2230a9f Version 14.3 - def- 271e2e7 Merge pull request #88 from ddnet/pr-14.3 - def-

21:28

[ddnet:14.3] 8 new commits

467778f Satisfy old C standard - def- d085356 Move skins license information to its own file - def- 0a9eb72 Fix bundling SQLite3 on Mac - def- 2d01f91 Merge #2550 - bors[bot] 0403e77 Merge pull request #2549 from def-/pr-for-loop-c - def- 8239836 Merge pull request #2548 from def-/pr-skins-license - def- fabc194 Flag afk when player timed-out - ardadem 62a2271 Merge #2552 - bors[bot]

21:32

[ddnet-web:master] 1 new commit

6181946 DDNet 14.3 news post - def-

[ddnet:master] 3 new commits

b56cd3f removed the s - plsplsplslol 9787f20 fixed translation because the original translator thought that this was supposed to mean a person left the game - plsplsplslol 3108b51 Merge #2555 - bors[bot]

21:40

[ddnet/ddnet] Pull request closed: #2555 Pr chinese translation

21:41

[ddnet-libs:master] 1 new commit

e786490 Rename sqlite3.dll - def-

21:43

[ddnet:master] 1 new commit

e0c0646 Version 14.3.1 - def-

21:46

[ddnet/ddnet] Pull request closed: #2554 Fix the same token being generated for each client

21:46

[ddnet:master] 2 new commits

2db4e2a Fix the same token being generated for each client - heinrich5991 d44d596 Merge pull request #2554 from heinrich5991/pr_ddnet_fix_token - def-

21:50

[ddnet/ddnet] Issue closed: #2551 Opengl3 causes text entities to render as black blocks

@heinrich5991 so i can use the sizeof(addr) instead? i only use it for ddnet connections, not for 0.7 ones

I believe sizeof(addr) is what caused your undebuggable issues before, because addr contained padding bytes

21:57

22 or sizeof(addr)-2 would work

as i said, i only use it for 0.6

21:58

should be no problem there

21:58

my issue had another cause and was only on 0.7

22:00

ill just go with 20 nvm

no padding isuses that redix fixed?

[ddnet-web:master] 1 new commit

38d416f Version 14.3.1 - def-

Exported 199 message(s)