2.10 Network games

2.10.1 Choose your “public url”

Liquid War 6 needs to name your “node” (you can think as your server instance of the game) and have a unique URL (address) to publish and give to other nodes.

If only one network adapter is attached to your computer and your address IP is A.B.C.D then by default the game will pick automatically the address http://A.B.C.D:8056/ and it should work flawlessly.

Problems can arise if you have a peculiar network configuration, if you have multiple non-loopback network interfaces, if you use NAT to protect yourself from intruders and/or if your context forces you to do so. In that case, Liquid War won’t be able to guess a correct URL automatically. So you need to set it up manually either by editing the public-url entry in the config file, changing environment variable LW6_PUBLIC_URL or passing the --public-url=http://<host>:<port>/ argument when running the game. Typically, if you are behind a firewall which does NAT, use the firewall address. The right address is the address which, given to remote hosts, will allow them to connect on your game instance.

2.10.2 Starting a node

A node is started automatically when you run the game. Even if you don’t start to play, node starts in the background and exchanges data with other nodes, mostly to discover them and maintain its internal map of existing nodes and games.

So even without starting a network game, you should be able to point a web browser on your node and see a web page describing it. Your node address is displayed on stdout (console) when starting the game. If in doubt, try http://localhost:8056/ which should work unless you modified defaults settings.

When you start a network game, the program simply changes your node state from “idle” to “accepting connections”.

2.10.3 Connecting to a node

The interface should show you the list of available nodes, just pick one and try and connect to it.

Note that once you’re connected on a remote node, you’re still acting as an independant node, and other nodes might connect to your node as well as to the other nodes. In short, there’s no real server or client, everyone is a client for someone, and can act as a server.

Nodes connected together form a “community”, which can disband, accept new nodes, and in a general manner has its own immaterial life, the first node which created the game might disappear, game can continue without it.

This is why the main network module is called libp2p, this is a reference to the term “peer to peer”.

2.10.4 Communities

Once a node is connected to another one, they’ve started a “community”. Formally, a stand-alone node accepting for connection is already a community, even if it has only one member, but the only really interesting communities are those formed with several nodes.

A community can’t be reached through a given server, to connect to one you just need to connect on one of its member nodes. All nodes are equivalent, there’s no master, no root node, nodes collaborate to share the same real-time information and maintaine an up-to-date game state.

Of course, conflicts can arise, and in that case nodes need to agree on an acceptable solution. Normally, the program takes decisions automatically (for instance, it could decide to “kick” a node out of the community) so the player does not have to care about this, but this is expected to be one of the most tricky (and passionating) part of Liquid War 6 hacking.

2.10.5 Firewall settings

By default, Liquid War 6 will communicate on port 8056, in both TCP and UDP, and in both ways too (in/out). It’s possible to play with partial connectivity, in extreme case, you can even play without direct internet access, using only a mere web proxy.

However, things will go faster and be much easier if the program can use its default native protocol.

Here’s an example of a typicall iptables configuration which allows you to play the game full-featured. It’s assumed that by default all packets are dropped, this configuration will just open the necessary ports.

# outgoing TCP on port 8056 (liquidwar6)
iptables -A OUTPUT -p tcp --dport 8056 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --sport 8056 -m state --state ESTABLISHED -j ACCEPT
# incoming TCP on port 8056 (liquidwar6)
iptables -A INPUT -p tcp --dport 8056 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 8056 -m state --state ESTABLISHED -j ACCEPT
# outgoing UDP on port 8056 (liquidwar6)
iptables -A OUTPUT -p udp --dport 8056 --sport 1024:65535 -j ACCEPT
iptables -A INPUT -p udp --sport 8056 --dport 1024:65535 -j ACCEPT
# incoming UDP on port 8056 (liquidwar6)
iptables -A INPUT -p udp --dport 8056 --sport 1024:65535 -j ACCEPT
iptables -A OUTPUT -p udp --sport 8056 --dport 1024:65535 -j ACCEPT

If you can’t change firewall settings and only have access to the web through a web proxy, it can still be possible to play (with some restrictions such as your node not being seen by others) if mod-http is available. This in turn depends on wether libcurl support was activated when compiling the game. To use the proxy, you can set the http_proxy environment variable. For detailed informations, please refer to libcurl doccumentation.

2.10.6 Is the game secure?

As stated in the license, the program comes with NO WARRANTY. Period.

However, an important effort has been made so that it can reasonnably be used online, exposed to various “common” attacks.

As far as security is concerned, there are two different issues:

• vulnerability to general security attacks, people typically trying to gain prililedged access on your computer, relying on a security flaw in the program. A good firewall is a must-have, as you can never know for sure a program has no bugs. Running Liquid War 6 as an unpriviledged user (certainly not “root”) is also a good practice.
• vulnerability to players “cheating” and sending malicious informations to fake their moves, scores, and/or modify informations concerning other players. This is a very important point in Liquid War 6 since it has a multi-channel way of exchanging data (think of the web interface, you have no garantee of who the client is).

Here’s a list of various steps which have been taken to make the program more secure:

• a --skip-network option is here if you really do not want to be bothered by networking risks;
• program has basic password support so that you can deny access to unknown players;
• passwords are never sent in clear text over the network, only a hash (checksum) is sent;
• no use of well-known buffer overflow friendly functions like strcpy, equivalents such as strncpy are used;
• program never trusts what comes from network peers, when it wants to know something, it checks it out by itself, for instance, the node list is systematically verified by the local node before being used and/or published;
• the built-in web server is not a general purpose web server which will end up revealing some of your private files, it can only serve game-related pages;
• the very fact that the game has no central server makes it hard to attack it, because if someone wants to play “Oscar” annoying “Alice” and “Bob” he well need to fool all the nodes participating in a game, sending wrong informations to a single node won’t have much effect.

This being said, Liquid War 6 does not use any strong encryption library to protect the data it sends. All the checksum machinery might be vulnerable to a brute-force and/or strong cryptographic attack, so in theory it’s possible to fool the program.

In practise, if you want real privacy, play over a VPN (Virtual Private Network).