Jump to content
  • Advertisement
Sign in to follow this  
Lenox

MMORPGS and stuff of the such

This topic is 5032 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hey, I have a few questions, if ya don't mind my asking them. 1.) Can you use Winsock to create "Sessions" that last until something interrupts it? Which do you prefer, then? UDP or TCP? 2.) I've been thinking, for a good MMORPG, you need moderators and an admin to generally watch over your game. Well, suppose a moderator wants to ban(or kick) a user from your game, how would you disconnect the client when they are not the ones who clicked "ban" (or "kick")? 3.) Whats an easy way to prevent packet spoofing? (A method commonly used in Diablo II (Packet Spoofing that is)) Thank you for any help in advance, -Lenox

Share this post


Link to post
Share on other sites
Advertisement
Quote:
Original post by Lenox
1.) Can you use Winsock to create "Sessions" that last until something interrupts it?


I don't understand the question. TCP is connection-oriented anyway and thus has sesssions anyway. UDP is not so you have to do your own session management.

Quote:

Which do you prefer, then? UDP or TCP?


They both have their uses. Some games use them both.

Quote:

2.) I've been thinking, for a good MMORPG, you need moderators and an admin to generally watch over your game. Well, suppose a moderator wants to ban(or kick) a user from your game, how would you disconnect the client when they are not the ones who clicked "ban" (or "kick")?


Err, you just do. The same server process serves everyone (or on really big MMORPGs there are several machines, but ignorign that). So it can do anything in response to any stimulus, that's how the gameplay works.

Quote:

3.) Whats an easy way to prevent packet spoofing? (A method commonly used in Diablo II (Packet Spoofing that is))


TCP is very difficult (practically impossible) to spoof, so you could use TCP for any data which are extremely important (but not time critical).

However the easiest way is to assign a random key or ID to each client when they connect and insist that all subsequent packets from them contain it.

You should allow multiple users by IP address (to be compatible with NAT) and also key by client port number, so that in order to spoof correctly, the attacker needs to know:
- IP address of legitimate client
- Source port number of legitimate client
- The random key you assigned the client at connection time.

The server SHOULD check all three.

If the key is, say, 32 bits, that makes it extremely difficult.

In order to stop people from creating connections that are spoofed in the first place (i.e. forging their IP), on option is to use TCP for login purposes, and assigning the unique key.

- Client connects using TCP
- Sends credentials (i.e. username, password, character name etc)
- Gets some kind of reponse containing a UDP key
- Client now sends UDP packets containing their unique key
- After the first UDP packet, the server remembers the IP address and port number of that UDP session along with the unique key, and rejects any packets where they are unknown or don't match
- TCP connection remains open with occasional messages from server to client to check it's still alive. If it fails to respond in a timely fashion (or the connection gets reset), server assumes it's gone.

and it should still work with NAT too.

Mark

Share this post


Link to post
Share on other sites
Quote:
Original post by Lenox
1.) Can you use Winsock to create "Sessions" that last until something interrupts it? Which do you prefer, then? UDP or TCP?


you can use either TCP or UDP. most games use UDP, however, in the case of MMORPG's, TCP is definetly acceptable. i know that some commercial games use TCP, and others UDP. pick which you think is best for your situation. (make sure to do lots of research too)

Quote:

2.) I've been thinking, for a good MMORPG, you need moderators and an admin to generally watch over your game. Well, suppose a moderator wants to ban(or kick) a user from your game, how would you disconnect the client when they are not the ones who clicked "ban" (or "kick")?


im not sure i understood this question (the last part of it confused me). however you can kick and ban people pretty easily, especially if your using a higher level library. also, in a MMORPG its especially easier to ban someone since you can ban or even delete their account and ban their email address (or credit card) from creating a new account.

Quote:

3.) Whats an easy way to prevent packet spoofing? (A method commonly used in Diablo II (Packet Spoofing that is))


encyption is one way to slow down people from reverse engineering your protocol, however it is inevitable. really, what you need to do is design your game from the ground up to be as secure as possible. the client should just be a window to the world. if they hack their client or spoof packets, this should give them no advantage. with each packet and client->server interaction you design, you have to keep security in mind. the server should be authoratative over everything (or almost everything). that is, the client should never tell the server "this is my position", or "im picking up this item", or "im doing X damage" , or "im using this item", etc. the client should instead send generic commands "i want to move here", "i want to pick up the item which is sitting at X,Y,Z", "im attacking this character", "i want to use the item in slot # 5", etc. you should design your game knowing that your users will be smart enough to write their own client, and it shouldnt matter.

Share this post


Link to post
Share on other sites
Quote:
Original post by Lenox
1.) Can you use Winsock to create "Sessions" that last until something interrupts it? Which do you prefer, then? UDP or TCP?

dependon on if you want to send the client absolute data updates or by hinting at sprite movment and leting the client figure it out
the first wastes bandwidth and would be best with UDP but is easy to program, the second conserves bandwidth and would be best with TCP but would be hard to program and could possibly be hacked since you need to let the cliend decide sprite positions

Quote:
Original post by graveyard filla
Quote:

3.) Whats an easy way to prevent packet spoofing? (A method commonly used in Diablo II (Packet Spoofing that is))


encyption is one way to slow down people from reverse engineering your protocol, however it is inevitable. really, what you need to do is design your game from the ground up to be as secure as possible. the client should just be a window to the world. if they hack their client or spoof packets, this should give them no advantage. with each packet and client->server interaction you design, you have to keep security in mind. the server should be authoratative over everything (or almost everything). that is, the client should never tell the server "this is my position", or "im picking up this item", or "im doing X damage" , or "im using this item", etc. the client should instead send generic commands "i want to move here", "i want to pick up the item which is sitting at X,Y,Z", "im attacking this character", "i want to use the item in slot # 5", etc. you should design your game knowing that your users will be smart enough to write their own client, and it shouldnt matter.

you may need to balance this with how much server prossesing power and bandwith your willing to waste, on one end you could have the client do a few function to saver server load or on the opposite end encrypt all data, in short you can have as much security as you want but you have to pay for it.

Share this post


Link to post
Share on other sites
Just for some clarity on #2 (Hopefully), I meant maybe sending a packet to "Kill" the client's session, and send him back to the main menu (Which, I can do that part, but its the former that I have problems with). Also, if you're saying it'd take alot of bandwith for the server (Which, seems reasonable), then that is not a problem. If I keep my company in my current city, and use my current ISP, then we will have unlimited bandwith as well as a nice connection :P. I know it'll be a few years before I even get 1/4th done, but I'm just wanting to get the project going. I even have a name for it, lol. Aeudora Aiudao Adakitsa.

Also, thank you for the responses, they were greatly appreciated.

Share this post


Link to post
Share on other sites
Quote:
Original post by Kaze
you may need to balance this with how much server prossesing power and bandwith your willing to waste, on one end you could have the client do a few function to saver server load or on the opposite end encrypt all data, in short you can have as much security as you want but you have to pay for it.


you would be surprised.. a lot of the times, security and bandwith go hand in hand.

for example, lets say you had a "hide" skill in your game, where the player could hide to go invisable. now, if you wanted to do this un-securely, you would send a packet to all players around the person who hid saying "this guy is now hiding". your client would then stop drawing that character.

however, this is easily hacked. a person could write a program to see hidden people because their position is still in memory.

the secure way to do it would be "this guy is now hiding". however, from then on, you stop sending position updates about this client to the other clients. this way, they will never know where the client truly is (unless he stood completely still after he hid). in this case, security saves bandwith. (well, maybe not in some cases, for example, if they hide but then immediately un-hide)

there are also a lot of other situations where security helps save on bandwith. although, of course there are situations where it doesnt. usually you want to write all of these important things secure, because if a player figures out how to teleport himself around the world at will, or kill people on site, etc, it will ruin the game a lot faster then some lag ever could. really, balancing out security, bandwith, and latency hiding is one of the most fun parts about network programming. to me at least [smile].

[Edited by - graveyard filla on January 6, 2005 1:48:18 PM]

Share this post


Link to post
Share on other sites
I'm sorry to bring up this extremely old post (ok, not extremely, but still), but I have another question, and didn't think it'd be right to create another topic, when it is related to this one.

Is it ok to make a client program and a server program seperate so that no one can host my game unless given authorization?

Share this post


Link to post
Share on other sites
yes, of course.. the client and server can definetly be seperate programs, in fact it will probably be easier to code that way (even my online pong clone had the server as a seperate program).

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!