[crossfire] new metaserver

Fri May 27 10:58:19 CDT 2005

tchize wrote:
>

      MM this doesn't look like what i had in mind during irc chat. Here is my 

     >

      analysis of problem (no implementation done yet):

  A few notes.

>

     >

     >

      Problem:

     >

       Metaserver currently down

     >

      Reason:

     >

       DOS attack (polluted server list?)

  My understanding is a flood of client requests trying to get data from the 
metaserver.  Unknown if this is broken clients or something else.  That said, 
the current metaserver implementation isn't that good (one change I made was to 
not send metaserver info to someone that connected in last minute or so). 
However other things could be done, like also putting a small sleep in the 
sending of data.

>

      - Somebody could register lots of fake servers (DOS) resulting in client 

     >

      having to download a huge list of servers.

  Correct.

>

      - Somebody could register a server, faking another server, to gather 

     >

      passwords.

  Yes - that could be improved by having the metaserver verify the hostname 
provided against IP.  The problem here is that DNS lookups can be a slow 
operation, so can't be done in the very simple script used now.  And if a 
threaded/forked call is done, you then have to sort out data consistency and 
file locking.

>

      - If the server crash and re-register to metaserver, old entry is not deleted, 

     >

      resulting in pollution of list when a server is unstable.

  Not true.  Metaserver has no idea when it gets the UDP packet from the server 
if that server has restarted or if it is one of the periodic updates.  It looks 
through the entries it has, and if it finds a matching one, updates it.

  The problem has been people running servers on dynamic ip adresses.  It is the 
IP address the server uses to match for duplicates.  So what happens is someone 
is running the server on a server that gets it via DHCP, and that server is 
restarting or whatever with new IP addresses, so you get a flood from that.  One 
change was to reduce the timeout of servers we haven't get info from from 1 day 
to something like 60 minutes (even that is actually a bit long - if we haven't 
gotten data, unlikely server is up)

>

      - The informations from metaserver can not be trusted in any way.

     >

      - If metaserver crash, no client can see a list of servers

     >

      - udp/ip used for registering make it easy to do impersonate ips (attacker 

     >

      potentially untrackable)

  all true.

>

     >

      Overall client process:

     >

      - get the metaserverlist from sf if possible and check signature. If anything 

     >

      fails, fallback to cached list. If cached list fail, fall back to static list

  Note that this would seem to put a single point of failure on SF being up.  It 
often is, but doesn't always seem to be the case.

  However, looking at the proposal, I have a few questions/thoughts.

  Since it seems that server admins will need to notify the metaserver admin to 
be listed, and it seems that some amount of the dynamic data currently listed 
won't be as up to date (due to timing, or perhaps not being included), it seems 
that this isn't that far away from just having a static HTML page that someone 
updates that is then replicated.  Which of course isn't really what the 
metaserver is about.

  Just a thought - has anyone looked at what other games do (nettrek I think 
would be one example) - presumably, some games have already put a lot of thought 
into this - it could be simpler to just grab there server and client code and go 
from there.