[raiguard][1.1.104][Linux] UDP server IP_PKTINFO and IPV6_RECVPKTINFO for hosts with multiple IP addresses
Posted: Fri Mar 15, 2024 9:39 pm
NOTE: This may only apply to linux, as it is the only operating system I use, Windows may or may not have this problem.
Currently if the host computer hosting a multiplayer game has multiple IP addresses, the source address when sending back packets to the client may not be the same as the destination address used by the client to connect, which will cause most stateful firewall in-between to reject or drop the communication and game connection will fail.
It is mostly an issue with ipv6, since it is very common to have multiple IPV6 addresses on a given interface/subnet but not so common for IPV4.
It appears that something special needs to be done on a UDP server when the server binds to all addresses to properly track the clients destination IP used initially, since UDP is "connectionless". I wasn't aware of that particular thing myself until I faced this issue with Factorio when playing with a friend and using ipv6 and trying to use a specific address.
This is also described in this very old article for a similar challenge with a udp dns server: https://blog.powerdns.com/2012/10/08/on ... -addresses and demonstrated how it can be implemented in this code example: https://malahal.github.io/how-does-in6_ ... -work.html (which I confirmed this code still works to verify the concept / fix).
Now I have no way to really say that this is the solution or same bug for Factorio, but the behavior I have experimented is the same, I can only use one ipv6 address to connect (and it is not easy to determine which ipv6 address will work, you have to guess mostly and use tcpdump to confirm, as it seems a bit random or perhaps specific to the kernel or/and sysctl options).
Currently if the host computer hosting a multiplayer game has multiple IP addresses, the source address when sending back packets to the client may not be the same as the destination address used by the client to connect, which will cause most stateful firewall in-between to reject or drop the communication and game connection will fail.
It is mostly an issue with ipv6, since it is very common to have multiple IPV6 addresses on a given interface/subnet but not so common for IPV4.
It appears that something special needs to be done on a UDP server when the server binds to all addresses to properly track the clients destination IP used initially, since UDP is "connectionless". I wasn't aware of that particular thing myself until I faced this issue with Factorio when playing with a friend and using ipv6 and trying to use a specific address.
This is also described in this very old article for a similar challenge with a udp dns server: https://blog.powerdns.com/2012/10/08/on ... -addresses and demonstrated how it can be implemented in this code example: https://malahal.github.io/how-does-in6_ ... -work.html (which I confirmed this code still works to verify the concept / fix).
Now I have no way to really say that this is the solution or same bug for Factorio, but the behavior I have experimented is the same, I can only use one ipv6 address to connect (and it is not easy to determine which ipv6 address will work, you have to guess mostly and use tcpdump to confirm, as it seems a bit random or perhaps specific to the kernel or/and sysctl options).