From: Ryan Anderson <ryan@michonline.com>
To: netfilter@lists.netfilter.org
Subject: Doing MASQ for Asheron's Call
Date: Fri, 10 Oct 2003 19:45:27 -0400 [thread overview]
Message-ID: <20031010234527.GR27657@michonline.com> (raw)
In the 2.2 days, this game (Asheron's Call) would work with
ip_masq_loose_udp turned on. (I think that's the right name.)
In 2.4, this functionality appears to be gone, at least with that name.
From my reading of Netfilter/Conntrack howtos, it would seem that a
NAT/CONNTRACK helper pair would do the job, but a confirmation would be
appreciated.
The game works, for a single machine, with a simple port-forwarding
mechanism - the trick is that making it work for multiple machines
becomes a significant amount of maintenace.
The protocol is fairly simple - the client begins sending from UDP:9000
to UDP:9000 on the server, then to UDP:9001 on the server.
The server replies using the same ports - and eventually hands the
client off to another server, which then uses the same port and replies
back to the client.
i.e (some duplicate lines remove for succinctness.):
08:15:35.019186 c.c.c.c.9000 > s.s.s.47.9000: udp 20
08:15:35.019354 c.c.c.c.9000 > s.s.s.47.9001: udp 20
08:15:35.022703 c.c.c.c.9000 > s.s.s.47.9000: udp 292
08:15:35.150427 s.s.s.47.9000 > c.c.c.c.9000: udp 36
08:15:35.019186 c.c.c.c.9000 > s.s.s.47.9000: udp 20
08:15:35.019354 c.c.c.c.9000 > s.s.s.47.9001: udp 20
08:15:35.022703 c.c.c.c.9000 > s.s.s.47.9000: udp 292
08:15:35.280787 s.s.s.48.9000 > c.c.c.c.9000: udp 122
Note the new server IP. There has not been a packet from the client to
this IP.
Later on, another wrinkle appears:
08:15:36.309581 s.s.s.48.9001 > c.c.c.c.9000: udp 28
Same (new) server, a new port.
Eventually, more wrinkles:
8:15:46.830392 s.s.s.48.9000 > c.c.c.c.9000: udp 36
08:15:46.884290 s.s.s.56.9004 > c.c.c.c.9000: udp 90
08:15:46.884655 s.s.s.56.9004 > c.c.c.c.9000: udp 28
08:15:47.104630 s.s.s.56.9005 > c.c.c.c.9000: udp 484
08:15:47.104752 s.s.s.56.9005 > c.c.c.c.9000: udp 484
Another new server, 2 new ports.
The only sane thing is that the following rules appear to be true:
The servers are fairly close to each other, IP-address wise -
i.e, a blatant assumption of "within the same /24 block" should
be safe.
The *client* only ever uses a single port to communicate to the
servers.
Is this supportable with conntrack? I took a stab at writing a module 9
months ago, and got lost trying to figure out if I could support the /24
idea sanely.
I can provide a full tcpdump log of the game starting up until fully
functional, if that would help, but I believe I have an accurate summary
of the protocol above.
Thanks in advance to anyone willing to help with this,
--
Ryan Anderson
sometimes Pug Majere
next reply other threads:[~2003-10-10 23:45 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-10-10 23:45 Ryan Anderson [this message]
-- strict thread matches above, loose matches on Subject: below --
2003-10-11 0:19 Doing MASQ for Asheron's Call Daniel Chemko
2003-10-11 1:42 ` Ryan Anderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20031010234527.GR27657@michonline.com \
--to=ryan@michonline.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.