Multiplayer network games are unreachable

Bug #931181 reported by Ian Weisser on 2012-02-12
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
simutrans (Ubuntu)
Undecided
Ansgar Burchardt

Bug Description

A multiplayer game served from the Debian/Ubuntu package can only be joined by clients running the same package. A manually installed same-version of Simutrans cannot join the game. This locks out players on other platforms.

Similarly, a game served by a non-package version of Simutrans cannot be joined by the Debian/Ubuntu packaged client. This locks us out of everyone else's games.

To reproduce this problem using Simutrans 110.0.1 (In the Ubuntu 11.10 repos):

1) Install the simutrans and simutrans-pak64 packages.

2) Manually install the *same* release version and pak64 to a separate directory.
Manual download page: http://forum.simutrans.com/index.php?topic=7025.0

3) Start two instances of simutrans server. One each from the package-install and from the manual-install.

$ simutrans -server 13353
$ manual/simutrans/simutrans -server 13354

4) Try to join to each server from the package-installed client:

$ simutrans
Join to game on port 13353 - success
Join to game on port 13354 - fail

5) Try to join to each server from the manually-installed client:

$ manual/simutrans/simutrans
Join - to game on port 13353 fail
Join - to game on port 13354 success

Related branches

Ian Weisser writes:
> 4) Try to connect to each server from the package-installed client:
>
> $ simutrans
> Connect to game on port 13353 success
> Connect to game on port 13354 fail

Does it give an error message? Or output on the console?

Regards,
Ansgar

Ian Weisser (ian-weisser) wrote :
Ian Weisser (ian-weisser) wrote :
Ian Weisser (ian-weisser) wrote :
Ian Weisser (ian-weisser) wrote :
Ian Weisser (ian-weisser) wrote :
Ian Weisser (ian-weisser) wrote :

Attached -debug 3 output, client and server logs for 1) Succesful join by the packaged client and server, and 2) Failed join by the packaged client and manually-installed server. Plus a screenshot of the client upon fail.

The pak64 error message seems erroneous or symptomatic - the same error occurs even if an identical pak is manually-installed both client and server. I see no useful debug messages upon trying to connect through the client GUI. All GUI activity takes place in 'failed client output' between lines 793 and 795.

description: updated
description: updated
Dwachs (dwachs) wrote :

Imho this is due to the changed implementation of sha1 checksums. These checksums are used to decide whether a client can join a server, if checksums differ, clients are not let in. Suggested fix: revert the custom sha1 implementation to the implementation in the simutrans code.

Ian Weisser (ian-weisser) wrote :

You may be right. I went back through the logs and confirmed that the checksums of the same item were identical on the succesful join and different on the failed join.

Succesful (Ubuntu 11.10) server:
Message: pakset_info_t::debug: PostOffice -> sha1 = B80C3C262A2758C8FC54FF129272F564B7DA8AAF

Succesful (Ubuntu 11.10) client:
Message: pakset_info_t::debug: PostOffice -> sha1 = B80C3C262A2758C8FC54FF129272F564B7DA8AAF

Failed (Manually-installed) server:
Message: pakset_info_t::debug: PostOffice -> sha1 = 263C0CB8C858272A12FF54FC64F57292AF8ADAB7

Failed (Ubuntu 11.10) client:
Message: pakset_info_t::debug: PostOffice -> sha1 = B80C3C262A2758C8FC54FF129272F564B7DA8AAF

Interesting double-check:
$ openssl sha1 ${manual-pak}/building.PostOffice.pak
SHA1(/home/me/simutrans110/simutrans/pak/building.PostOffice.pak)= 8b1b5caa71013474039f357094cd1716bd3800bd

$ openssl sha1 ${deb-pak}/building.PostOffice.pak
SHA1(/usr/share/games/simutrans/pak/building.PostOffice.pak)= 8b1b5caa71013474039f357094cd1716bd3800bd

So the those pakset items (and, by extension, likely the entire pakset) are identical. And they are indeed checksummed differently in the Debian-package install.

Ian Weisser (ian-weisser) wrote :

Aha. It's the sha-1 patch.

The Debian patch that changed sha-1 is: http://anonscm.debian.org/gitweb/?p=pkg-games/simutrans.git;a=blob_plain;f=debian/patches/sha1-replacement.diff

I compiled r4359 (110.0.1) with the patch, and the binary can join (and serve) games played by the debian-packaged binary, but throws the pakset error when attempting to join a manually-installed version.

I compiled r4359 without the patch, and the binary had the opposite compatibility.

> Succesful (Ubuntu 11.10) client:
> Message: pakset_info_t::debug: PostOffice ->
> sha1 = B80C3C262A2758C8FC54FF129272F564B7DA8AAF
>
> Failed (Manually-installed) server:
> Message: pakset_info_t::debug: PostOffice ->
> sha1 = 263C0CB8C858272A12FF54FC64F57292AF8ADAB7

The two hashes are almost the same, except for their endianness:

 B8 0C 3C 26 ...
 26 3C 0C B8 ...

Just read the second one backwards.

I still am not sure when I'll have time to look at this in more detail
though :/

I replaced the SHA-1 implementation in Debian as the one currently used
seemed to be non-free (there isn't a license statement anywhere and [1]
looked like it was freeware on 2011-02-15 according to my notes).

Regards,
Ansgar

[1] <http://www.packetizer.com/security/sha1/>

Dwachs (dwachs) wrote :

What is the problem with this license ?

Copyright (C) 1998, 2009
Paul E. Jones <email address hidden>

Freeware Public License (FPL)

This software is licensed as "freeware." Permission to distribute
this software in source and binary forms, including incorporation
into other products, is hereby granted without a fee. THIS SOFTWARE
IS PROVIDED 'AS IS' AND WITHOUT ANY EXPRESSED OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE. THE AUTHOR SHALL NOT BE HELD
LIABLE FOR ANY DAMAGES RESULTING FROM THE USE OF THIS SOFTWARE, EITHER
DIRECTLY OR INDIRECTLY, INCLUDING, BUT NOT LIMITED TO, LOSS OF DATA
OR DATA BEING RENDERED INACCURATE.

Dwachs (dwachs) wrote :

.. as to license: would it make anything better / easier if this license is included in the source code ?

Dwachs (dwachs) wrote :

Another idea: would it make inclusion easier if the implementation is changed using one with clear licensing?

For instance this one:

http://code.google.com/p/smallsha1/

Licensed under The BSD 2-Clause License

http://www.opensource.org/licenses/bsd-license.php

Any input appreciated!

Ansgar Burchardt (aburch) wrote :

> .. as to license: would it make anything better / easier if this license
> is included in the source code ?

Yes, that would help in any case as I would not have to search for it
somewhere else (most licenses also require this).

> What is the problem with this license ?
>
> Copyright (C) 1998, 2009
> Paul E. Jones <email address hidden>
>
> Freeware Public License (FPL)
>
> This software is licensed as "freeware." Permission to distribute
> this software in source and binary forms, including incorporation
> into other products, is hereby granted without a fee. THIS SOFTWARE
> IS PROVIDED 'AS IS' AND WITHOUT ANY EXPRESSED OR IMPLIED WARRANTIES,
> INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
> AND FITNESS FOR A PARTICULAR PURPOSE. THE AUTHOR SHALL NOT BE HELD
> LIABLE FOR ANY DAMAGES RESULTING FROM THE USE OF THIS SOFTWARE, EITHER
> DIRECTLY OR INDIRECTLY, INCLUDING, BUT NOT LIMITED TO, LOSS OF DATA
> OR DATA BEING RENDERED INACCURATE.

It does not allow modification and thus fails to meet section 3 of the
Debian Free Software Guidelines[1].

[1] <http://www.debian.org/social_contract#guidelines>

> Another idea: would it make inclusion easier if the implementation is
> changed using one with clear licensing?
>
> For instance this one:
>
> http://code.google.com/p/smallsha1/
>
> Licensed under The BSD 2-Clause License
>
> http://www.opensource.org/licenses/bsd-license.php

The license for that implementation does meet all DFSG requirements so
it should be fine (note that it's not the BSD-2-Clause license as it has
three clauses[2], but both are okay).

[2] <http://code.google.com/p/smallsha1/source/browse/trunk/sha1.cpp>

Thanks for looking into this, I still did not have time for it :-/

Regards,
Ansgar

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in simutrans (Ubuntu):
status: New → Confirmed
Changed in simutrans (Ubuntu):
assignee: nobody → Ansgar Burchardt (aburch)
status: Confirmed → Fix Committed
Ian Weisser (ian-weisser) wrote :

Tried the new 11.2.2 deb from Debian Sid in Ubuntu 12.04 - install failure (unmet dependency). That's obviously a different bug, and I'll track that down, but I couldn't test the fix in that deb.

Then I tried building from the Debian git repo. I confirmed that the source included the fix commit. It built and ran in Ubuntu 12.04...but Simutrans still failed to connect to multiplayer games, and with the same original pakset-doesn't-match error. The attached tarball contains the source and resulting debs.

Both tries used the simutrans-pak64 from Debian Sid.

I'm happy to keep testing, and happy to try some other .deb.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package simutrans - 111.2.2-1

---------------
simutrans (111.2.2-1) unstable; urgency=low

  * New upstream release.
    + Includes fix for build failure. (Closes: #669475)
  * Backport patch to add missing include to csv.cc.
    + new patch: 0001-Add-stdlib-to-csv.h.patch
  * Fix Endianness issue with SHA1 replacement. (LP: #931181)
  * Build-depend on libpng-dev instead of libpng12-dev. (Closes: #662502)
  * Use debhelper compat level 9.
  * Use copyright format 1.0.
  * Bumped Standards-Version to 3.9.3.

 -- Ansgar Burchardt <email address hidden> Sun, 29 Apr 2012 14:40:06 +0200

Changed in simutrans (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers