Multiplayer network games are unreachable

Ian Weisser writes:
> 4) Try to connect to each server from the package-installed client:
>
> $ simutrans
> Connect to game on port 13353 success
> Connect to game on port 13354 fail

Does it give an error message? Or output on the console?

Regards,
Ansgar

Attached -debug 3 output, client and server logs for 1) Succesful join by the packaged client and server, and 2) Failed join by the packaged client and manually-installed server. Plus a screenshot of the client upon fail.

The pak64 error message seems erroneous or symptomatic - the same error occurs even if an identical pak is manually-installed both client and server. I see no useful debug messages upon trying to connect through the client GUI. All GUI activity takes place in 'failed client output' between lines 793 and 795.

Imho this is due to the changed implementation of sha1 checksums. These checksums are used to decide whether a client can join a server, if checksums differ, clients are not let in. Suggested fix: revert the custom sha1 implementation to the implementation in the simutrans code.

You may be right. I went back through the logs and confirmed that the checksums of the same item were identical on the succesful join and different on the failed join.

Succesful (Ubuntu 11.10) server:
Message: pakset_info_t::debug: PostOffice -> sha1 = B80C3C262A2758C8FC54FF129272F564B7DA8AAF

Succesful (Ubuntu 11.10) client:
Message: pakset_info_t::debug: PostOffice -> sha1 = B80C3C262A2758C8FC54FF129272F564B7DA8AAF

Failed (Manually-installed) server:
Message: pakset_info_t::debug: PostOffice -> sha1 = 263C0CB8C858272A12FF54FC64F57292AF8ADAB7

Failed (Ubuntu 11.10) client:
Message: pakset_info_t::debug: PostOffice -> sha1 = B80C3C262A2758C8FC54FF129272F564B7DA8AAF

Interesting double-check:
$ openssl sha1 ${manual-pak}/building.PostOffice.pak
SHA1(/home/me/simutrans110/simutrans/pak/building.PostOffice.pak)= 8b1b5caa71013474039f357094cd1716bd3800bd

$ openssl sha1 ${deb-pak}/building.PostOffice.pak
SHA1(/usr/share/games/simutrans/pak/building.PostOffice.pak)= 8b1b5caa71013474039f357094cd1716bd3800bd

So the those pakset items (and, by extension, likely the entire pakset) are identical. And they are indeed checksummed differently in the Debian-package install.

Aha. It's the sha-1 patch.

The Debian patch that changed sha-1 is: http://anonscm.debian.org/gitweb/?p=pkg-games/simutrans.git;a=blob_plain;f=debian/patches/sha1-replacement.diff

I compiled r4359 (110.0.1) with the patch, and the binary can join (and serve) games played by the debian-packaged binary, but throws the pakset error when attempting to join a manually-installed version.

I compiled r4359 without the patch, and the binary had the opposite compatibility.

> Succesful (Ubuntu 11.10) client:
> Message: pakset_info_t::debug: PostOffice ->
> sha1 = B80C3C262A2758C8FC54FF129272F564B7DA8AAF
>
> Failed (Manually-installed) server:
> Message: pakset_info_t::debug: PostOffice ->
> sha1 = 263C0CB8C858272A12FF54FC64F57292AF8ADAB7

The two hashes are almost the same, except for their endianness:

 B8 0C 3C 26 ...
 26 3C 0C B8 ...

Just read the second one backwards.

I still am not sure when I'll have time to look at this in more detail
though :/

I replaced the SHA-1 implementation in Debian as the one currently used
seemed to be non-free (there isn't a license statement anywhere and [1]
looked like it was freeware on 2011-02-15 according to my notes).

Regards,
Ansgar

[1] <http://www.packetizer.com/security/sha1/>

What is the problem with this license ?

Copyright (C) 1998, 2009
Paul E. Jones <email address hidden>

Freeware Public License (FPL)

This software is licensed as "freeware." Permission to distribute
this software in source and binary forms, including incorporation
into other products, is hereby granted without a fee. THIS SOFTWARE
IS PROVIDED 'AS IS' AND WITHOUT ANY EXPRESSED OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE. THE AUTHOR SHALL NOT BE HELD
LIABLE FOR ANY DAMAGES RESULTING FROM THE USE OF THIS SOFTWARE, EITHER
DIRECTLY OR INDIRECTLY, INCLUDING, BUT NOT LIMITED TO, LOSS OF DATA
OR DATA BEING RENDERED INACCURATE.

.. as to license: would it make anything better / easier if this license is included in the source code ?

Another idea: would it make inclusion easier if the implementation is changed using one with clear licensing?

For instance this one:

http://code.google.com/p/smallsha1/

Licensed under The BSD 2-Clause License

http://www.opensource.org/licenses/bsd-license.php

Any input appreciated!

> .. as to license: would it make anything better / easier if this license
> is included in the source code ?

Yes, that would help in any case as I would not have to search for it
somewhere else (most licenses also require this).

> What is the problem with this license ?
>
> Copyright (C) 1998, 2009
> Paul E. Jones <email address hidden>
>
> Freeware Public License (FPL)
>
> This software is licensed as "freeware." Permission to distribute
> this software in source and binary forms, including incorporation
> into other products, is hereby granted without a fee. THIS SOFTWARE
> IS PROVIDED 'AS IS' AND WITHOUT ANY EXPRESSED OR IMPLIED WARRANTIES,
> INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
> AND FITNESS FOR A PARTICULAR PURPOSE. THE AUTHOR SHALL NOT BE HELD
> LIABLE FOR ANY DAMAGES RESULTING FROM THE USE OF THIS SOFTWARE, EITHER
> DIRECTLY OR INDIRECTLY, INCLUDING, BUT NOT LIMITED TO, LOSS OF DATA
> OR DATA BEING RENDERED INACCURATE.

It does not allow modification and thus fails to meet section 3 of the
Debian Free Software Guidelines[1].

[1] <http://www.debian.org/social_contract#guidelines>

> Another idea: would it make inclusion easier if the implementation is
> changed using one with clear licensing?
>
> For instance this one:
>
> http://code.google.com/p/smallsha1/
>
> Licensed under The BSD 2-Clause License
>
> http://www.opensource.org/licenses/bsd-license.php

The license for that implementation does meet all DFSG requirements so
it should be fine (note that it's not the BSD-2-Clause license as it has
three clauses[2], but both are okay).

[2] <http://code.google.com/p/smallsha1/source/browse/trunk/sha1.cpp>

Thanks for looking into this, I still did not have time for it :-/

Regards,
Ansgar

Status changed to 'Confirmed' because the bug affects multiple users.

Tried the new 11.2.2 deb from Debian Sid in Ubuntu 12.04 - install failure (unmet dependency). That's obviously a different bug, and I'll track that down, but I couldn't test the fix in that deb.

Then I tried building from the Debian git repo. I confirmed that the source included the fix commit. It built and ran in Ubuntu 12.04...but Simutrans still failed to connect to multiplayer games, and with the same original pakset-doesn't-match error. The attached tarball contains the source and resulting debs.

Both tries used the simutrans-pak64 from Debian Sid.

I'm happy to keep testing, and happy to try some other .deb.

This bug was fixed in the package simutrans - 111.2.2-1

---------------
simutrans (111.2.2-1) unstable; urgency=low

  * New upstream release.
    + Includes fix for build failure. (Closes: #669475)
  * Backport patch to add missing include to csv.cc.
    + new patch: 0001-Add-stdlib-to-csv.h.patch
  * Fix Endianness issue with SHA1 replacement. (LP: #931181)
  * Build-depend on libpng-dev instead of libpng12-dev. (Closes: #662502)
  * Use debhelper compat level 9.
  * Use copyright format 1.0.
  * Bumped Standards-Version to 3.9.3.

 -- Ansgar Burchardt <email address hidden> Sun, 29 Apr 2012 14:40:06 +0200