uPnP
- Lucifer
- Project Developer
- Posts: 8640
- Joined: Sun Aug 15, 2004 3:32 pm
- Location: Republic of Texas
- Contact:
uPnP
http://www.virtualworlds.de/upnp/
Anybody fool with this before? Anyone who knows something about networking got a few minutes to look it over and figure our chances of adding uPnP support to the list for Bacchus?
Anybody fool with this before? Anyone who knows something about networking got a few minutes to look it over and figure our chances of adding uPnP support to the list for Bacchus?
-
- Dr Z Level
- Posts: 2246
- Joined: Sun Mar 20, 2005 4:03 pm
- Location: IM: [email protected]
-
- Dr Z Level
- Posts: 2246
- Joined: Sun Mar 20, 2005 4:03 pm
- Location: IM: [email protected]
I didn't mean for game data. Just negotiate the UDP connection via XMPP.z-man wrote:XMPP doesn't use UDP itself, right? It goes over TCP, and possibly over an external server. That's not suitable for game data.
Basically, this means the client and server pick out ports and tell each other their IP addresses. They send a dummy packet to each other to open the NAT up for that one "connection" (one of these will likely be lost), then their NATs are prepared to forward "response" packets back and forth.
-
- Dr Z Level
- Posts: 2246
- Joined: Sun Mar 20, 2005 4:03 pm
- Location: IM: [email protected]
Personally I conider uPnP a security risk so I disabled it on my router.
I don't want anything opening or closing FIREWALL ports on its own, thats my job.
Sure it makes it easier to use, but since I dont like uPnP and the risks involved I wouldnt want any users to get used to it either.
If they wanna run a server they should get themselves some knowledge about security or shouldnt run a server at all, that applies to ANY kind of service. http, ftp, mail, armagetron, whatever...
I don't want anything opening or closing FIREWALL ports on its own, thats my job.
Sure it makes it easier to use, but since I dont like uPnP and the risks involved I wouldnt want any users to get used to it either.
If they wanna run a server they should get themselves some knowledge about security or shouldnt run a server at all, that applies to ANY kind of service. http, ftp, mail, armagetron, whatever...
- bel
belenus: right, I share these concerns Is uPnP really just plug and play or is some form of authentication involved?
Luke: that depends on the pickiness of the NAT. An "allow outgoing connections only" on ComputerB would notice that the packet from ComputerA does not come from the port the own packet was sent to and would drop it.
Luke: that depends on the pickiness of the NAT. An "allow outgoing connections only" on ComputerB would notice that the packet from ComputerA does not come from the port the own packet was sent to and would drop it.
- Lucifer
- Project Developer
- Posts: 8640
- Joined: Sun Aug 15, 2004 3:32 pm
- Location: Republic of Texas
- Contact:
I saw something about auth methods, but it was more like bitching.
Umm, I'm not going to do this, I was sorta asking for volunteers. If nobody volunteers, it doesn't get done. I'd kinda see it being a setting, arma should never do this by itself, so people would say "I cant see my server!" and we'd ask did you set "USE_UPNP"?
On the one hand, I agree with belenus that uPnP is pretty crappy and dangerous and ill-conceived. On the other hand, people just want to run servers, and after you get it set up it isn't that hard to run a server...
Umm, I'm not going to do this, I was sorta asking for volunteers. If nobody volunteers, it doesn't get done. I'd kinda see it being a setting, arma should never do this by itself, so people would say "I cant see my server!" and we'd ask did you set "USE_UPNP"?
On the one hand, I agree with belenus that uPnP is pretty crappy and dangerous and ill-conceived. On the other hand, people just want to run servers, and after you get it set up it isn't that hard to run a server...
I do not see the problem with Armagetron using uPnP but the user activating uPnP on Windows and/or the Router and not knowing the consequences of it.
The problem I have is that it also allows other programs to use that functionality and not everything is so friendly as Armagetron.
There is still the issue that not every router allows for uPnP and for those that do some have it off by default, which is good, so what is easier and more secure, directing the user to enable port forwarding or enabling uPnP?
I just wouldn't feel good when advising someone to enable uPnP and will not offer any help to someone on how to do so.
The problem I have is that it also allows other programs to use that functionality and not everything is so friendly as Armagetron.
There is still the issue that not every router allows for uPnP and for those that do some have it off by default, which is good, so what is easier and more secure, directing the user to enable port forwarding or enabling uPnP?
I just wouldn't feel good when advising someone to enable uPnP and will not offer any help to someone on how to do so.
- bel
-
- Dr Z Level
- Posts: 2246
- Joined: Sun Mar 20, 2005 4:03 pm
- Location: IM: [email protected]
Except that if both ends negotiate the ports, it would come from the right port...z-man wrote:Luke: that depends on the pickiness of the NAT. An "allow outgoing connections only" on ComputerB would notice that the packet from ComputerA does not come from the port the own packet was sent to and would drop it.