From: Ryan Anderson <ryan@michonline.com>
To: netfilter@lists.netfilter.org
Subject: Doing MASQ for Asheron's Call
Date: Fri, 10 Oct 2003 19:45:27 -0400 [thread overview]
Message-ID: <20031010234527.GR27657@michonline.com> (raw)
In the 2.2 days, this game (Asheron's Call) would work with
ip_masq_loose_udp turned on. (I think that's the right name.)
In 2.4, this functionality appears to be gone, at least with that name.
From my reading of Netfilter/Conntrack howtos, it would seem that a
NAT/CONNTRACK helper pair would do the job, but a confirmation would be
appreciated.
The game works, for a single machine, with a simple port-forwarding
mechanism - the trick is that making it work for multiple machines
becomes a significant amount of maintenace.
The protocol is fairly simple - the client begins sending from UDP:9000
to UDP:9000 on the server, then to UDP:9001 on the server.
The server replies using the same ports - and eventually hands the
client off to another server, which then uses the same port and replies
back to the client.
i.e (some duplicate lines remove for succinctness.):
08:15:35.019186 c.c.c.c.9000 > s.s.s.47.9000: udp 20
08:15:35.019354 c.c.c.c.9000 > s.s.s.47.9001: udp 20
08:15:35.022703 c.c.c.c.9000 > s.s.s.47.9000: udp 292
08:15:35.150427 s.s.s.47.9000 > c.c.c.c.9000: udp 36
08:15:35.019186 c.c.c.c.9000 > s.s.s.47.9000: udp 20
08:15:35.019354 c.c.c.c.9000 > s.s.s.47.9001: udp 20
08:15:35.022703 c.c.c.c.9000 > s.s.s.47.9000: udp 292
08:15:35.280787 s.s.s.48.9000 > c.c.c.c.9000: udp 122
Note the new server IP. There has not been a packet from the client to
this IP.
Later on, another wrinkle appears:
08:15:36.309581 s.s.s.48.9001 > c.c.c.c.9000: udp 28
Same (new) server, a new port.
Eventually, more wrinkles:
8:15:46.830392 s.s.s.48.9000 > c.c.c.c.9000: udp 36
08:15:46.884290 s.s.s.56.9004 > c.c.c.c.9000: udp 90
08:15:46.884655 s.s.s.56.9004 > c.c.c.c.9000: udp 28
08:15:47.104630 s.s.s.56.9005 > c.c.c.c.9000: udp 484
08:15:47.104752 s.s.s.56.9005 > c.c.c.c.9000: udp 484
Another new server, 2 new ports.
The only sane thing is that the following rules appear to be true:
The servers are fairly close to each other, IP-address wise -
i.e, a blatant assumption of "within the same /24 block" should
be safe.
The *client* only ever uses a single port to communicate to the
servers.
Is this supportable with conntrack? I took a stab at writing a module 9
months ago, and got lost trying to figure out if I could support the /24
idea sanely.
I can provide a full tcpdump log of the game starting up until fully
functional, if that would help, but I believe I have an accurate summary
of the protocol above.
Thanks in advance to anyone willing to help with this,
--
Ryan Anderson
sometimes Pug Majere
next reply other threads:[~2003-10-10 23:45 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-10-10 23:45 Ryan Anderson [this message]
-- strict thread matches above, loose matches on Subject: below --
2003-10-11 0:19 Doing MASQ for Asheron's Call Daniel Chemko
2003-10-11 1:42 ` Ryan Anderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20031010234527.GR27657@michonline.com \
--to=ryan@michonline.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox