uPnP

What do you want to see in Armagetron soon? Any new feature ideas? Let's ponder these ground breaking ideas...
User avatar
Lucifer
Project Developer & Local Moonshiner
Posts: 8610
Joined: Sun Aug 15, 2004 3:32 pm
Location: Republic of Texas
Contact:

uPnP

Post by Lucifer »

http://www.virtualworlds.de/upnp/

Anybody fool with this before? Anyone who knows something about networking got a few minutes to look it over and figure our chances of adding uPnP support to the list for Bacchus?
Image

Be the devil's own, Lucifer's my name.
- Iron Maiden

User avatar
Z-Man
God & Project Admin
Posts: 11253
Joined: Sun Jan 23, 2005 6:01 pm
Location: Cologne, Jabber: [email protected]
Contact:

Post by Z-Man »

What would this be good for? Talking with routers to make them forward the right ports? If it is widely supported enough (30% minimum in actually active hardware), it'd get my vote.

User avatar
Lucifer
Project Developer & Local Moonshiner
Posts: 8610
Joined: Sun Aug 15, 2004 3:32 pm
Location: Republic of Texas
Contact:

Post by Lucifer »

Yes to the router thing, widely supported I don't know. Hell, I don't even know if my own router supports it. :)
Image

Be the devil's own, Lucifer's my name.
- Iron Maiden

Luke-Jr
Dr Z Level
Posts: 2246
Joined: Sun Mar 20, 2005 4:03 pm
Location: IM: [email protected]

Post by Luke-Jr »

If we move to XMPP authentication, we could go a bit further and have connection negotiation via XMPP also-- thus, easy UDP tunneling through 99% of NATs ;)

(XMPP seems to solve a lot of problems, doesn't it?)

User avatar
Z-Man
God & Project Admin
Posts: 11253
Joined: Sun Jan 23, 2005 6:01 pm
Location: Cologne, Jabber: [email protected]
Contact:

Post by Z-Man »

XMPP doesn't use UDP itself, right? It goes over TCP, and possibly over an external server. That's not suitable for game data.

User avatar
joda.bot
Match Winner
Posts: 421
Joined: Sun Jun 20, 2004 11:00 am
Location: Germany
Contact:

Post by joda.bot »

My router (WRT54gs) claims to support uPnP. I've seen this in some other routers as well, with Windows XP even normal users should be able to check for it, because if they have a uPnP enabled router Windows XP shows a gateway in the network environment (atleast as long as uPnP is enabled :)).

Luke-Jr
Dr Z Level
Posts: 2246
Joined: Sun Mar 20, 2005 4:03 pm
Location: IM: [email protected]g

Post by Luke-Jr »

z-man wrote:XMPP doesn't use UDP itself, right? It goes over TCP, and possibly over an external server. That's not suitable for game data.
I didn't mean for game data. Just negotiate the UDP connection via XMPP.
Basically, this means the client and server pick out ports and tell each other their IP addresses. They send a dummy packet to each other to open the NAT up for that one "connection" (one of these will likely be lost), then their NATs are prepared to forward "response" packets back and forth.

User avatar
Z-Man
God & Project Admin
Posts: 11253
Joined: Sun Jan 23, 2005 6:01 pm
Location: Cologne, Jabber: [email protected]
Contact:

Post by Z-Man »

I'd say both of them are likely to be lost :)

Luke-Jr
Dr Z Level
Posts: 2246
Joined: Sun Mar 20, 2005 4:03 pm
Location: IM: [email protected]

Post by Luke-Jr »

z-man wrote:I'd say both of them are likely to be lost :)
One will get through even if you do it manually:
ComputerA: nc -u -p 5555 ComputerB 4444
ComputerB: nc -u -p 4444 ComputerA 5555

the first packet in the netcat will be lost, but subsequent ones will not.

User avatar
belenus
Round Winner
Posts: 269
Joined: Wed Nov 30, 2005 6:22 pm
Location: Cologne
Contact:

Post by belenus »

Personally I conider uPnP a security risk so I disabled it on my router.
I don't want anything opening or closing FIREWALL ports on its own, thats my job.

Sure it makes it easier to use, but since I dont like uPnP and the risks involved I wouldnt want any users to get used to it either.

If they wanna run a server they should get themselves some knowledge about security or shouldnt run a server at all, that applies to ANY kind of service. http, ftp, mail, armagetron, whatever...
- bel

User avatar
Z-Man
God & Project Admin
Posts: 11253
Joined: Sun Jan 23, 2005 6:01 pm
Location: Cologne, Jabber: [email protected]
Contact:

Post by Z-Man »

belenus: right, I share these concerns :) Is uPnP really just plug and play or is some form of authentication involved?

Luke: that depends on the pickiness of the NAT. An "allow outgoing connections only" on ComputerB would notice that the packet from ComputerA does not come from the port the own packet was sent to and would drop it.

User avatar
belenus
Round Winner
Posts: 269
Joined: Wed Nov 30, 2005 6:22 pm
Location: Cologne
Contact:

Post by belenus »

z-man wrote:Is uPnP really just plug and play or is some form of authentication involved?
How would it auth? Against what? Just PnP...
- bel

User avatar
Lucifer
Project Developer & Local Moonshiner
Posts: 8610
Joined: Sun Aug 15, 2004 3:32 pm
Location: Republic of Texas
Contact:

Post by Lucifer »

I saw something about auth methods, but it was more like bitching.

Umm, I'm not going to do this, I was sorta asking for volunteers. :) If nobody volunteers, it doesn't get done. I'd kinda see it being a setting, arma should never do this by itself, so people would say "I cant see my server!" and we'd ask did you set "USE_UPNP"?

On the one hand, I agree with belenus that uPnP is pretty crappy and dangerous and ill-conceived. On the other hand, people just want to run servers, and after you get it set up it isn't that hard to run a server...
Image

Be the devil's own, Lucifer's my name.
- Iron Maiden

User avatar
belenus
Round Winner
Posts: 269
Joined: Wed Nov 30, 2005 6:22 pm
Location: Cologne
Contact:

Post by belenus »

I do not see the problem with Armagetron using uPnP but the user activating uPnP on Windows and/or the Router and not knowing the consequences of it.

The problem I have is that it also allows other programs to use that functionality and not everything is so friendly as Armagetron.

There is still the issue that not every router allows for uPnP and for those that do some have it off by default, which is good, so what is easier and more secure, directing the user to enable port forwarding or enabling uPnP?

I just wouldn't feel good when advising someone to enable uPnP and will not offer any help to someone on how to do so.
- bel

Luke-Jr
Dr Z Level
Posts: 2246
Joined: Sun Mar 20, 2005 4:03 pm
Location: IM: [email protected]

Post by Luke-Jr »

z-man wrote:Luke: that depends on the pickiness of the NAT. An "allow outgoing connections only" on ComputerB would notice that the packet from ComputerA does not come from the port the own packet was sent to and would drop it.
Except that if both ends negotiate the ports, it would come from the right port...

Post Reply