UT3 ICMP Fail

From UnrealAdminWiki

Here I will describe the bug that makes some servers invisible in server browser.


Contents

Symptom

Your server doesn't appear in the list of servers, and appears in favorites like offline one, with 999 ping, no player list, no map, etc. However, you can still join the server manually or through "Favorites". The server has its query port open, you can verify that using protocol description. The most interesting thing: if you run the game client with administrator rights, the server will appear in the list.

Introduction

This thing happened before, but it has been resolved pretty quickly so nobody noticed it. But around November 2009 it appeared again, and hasn't been fixed so far.

Technical Details

This bug has two sides: client and server. Server's part actually means GameSpy's one though, but it's closely related to server.

Client

It was easy to figure out with Wireshark that UT3 sends ICMP packets to some servers instead of using UDP query. ICMP is a control protocol and is unavailable to non-root users in most operating system. That applies to Windows too, since Winsock is based on Berkeley sockets. So when the game cannot send a packet, it consider the server offline. ICMP packets were just Echo Request, so they don't carry any data about player counts, etc. But response from GameSpy master server does.

The more difficult part was to figure out how game exactly discriminate the servers. Using certain reverse-engineered tool to query the master server didn't yield any results, there were no difference between "normal" and "ICMP" servers. Then I have tried to compare request sent by that tool and by the game. There actually were some differences. (I won't go into details for now, but if you're interested, let me know). So I hacked into that tool since it's open-source and made it send request identical to that the game sends. The difference between responses became obvious. With that flag set, master server give only ip:port pairs for "normal" servers, but for "ICMP" ones it also gives information like mapname, player counts, etc. And then ICMP is used to determine ping.

The fatal flaw was assumption that the game will always run with root rights. It wasn't true even for pre-Vista OSes. Most users did run everyting with admin rights, since entering admin password all the time was very inconvenient. And many application had and still have this flaw. Vista and later has some mechanism to work around this with VirtualStore, but XP didn't, and such legacy applications wouldn't run in XP at all with insufficient privileges. That's why very few people actually worked under limited account. But raw sockets cannot be worked around that easily, because they can be exploited to disturb the network. Well, back to the topic.

Server

The client side became clear. I thought I have gathered enough information so GameSpy or Epic Games could just fix it. I was wrong.

After some useless discussion at Epic's Forum some guy from Gamespy named recurve7 finally has shed some light. He said that the GameSpy uses certain probe packet to determine what kind of NAT the server has. If NAT appears to be strict, the server is flagged "ICMP". Note that it has nothing to do with STUN. The latter is implemented by Epic Games, and appears to do absolutely nothing.

In my opinion, the probe makes no sense. He also said that strict firewall would prevent the client from getting information about the server. It could make sense in P2P games, but how's client supposed to connect to game port if the firewall is strict, then? "Game port is open, but query one - isn't" case is silly.

It wouldn't be such problem if it really detected firewall correctly. But. I have launched a server behind a router, didn't forward or opened any ports. Started packet capture on the router. recurve7 said that probe should come to the query port. Thanks to NAT, my query port became 61210 instead of 6500. My unjoinable server appeared in the "ICMP" list at the master server with port 61210, as predicted. I launched Wireshark on the router, but didn't see any incoming packets on this port, besides replies on advertising packets. He also said that they should come from another host, so there definitely weren't any. Where did they gone? I don't know.

Despite there weren't any packets, it was indeed correct detection of my strict NAT. However, I wrote a simple script that fetches data from the master server, takes only "ICMP" servers and tries to use UDP query on them. The results were unsurprising. Almost all "ICMP" servers do have the query port open and responding. I guess the non-responding ones were firewalled listen servers, but it doesn't matter now. In short, probe is wrong, and ICMP isn't needed. The game worked without it before, and there were no problems.

Apparently the code that makes ICMP requests existed in the game from the begginning, but only 'recent' changes on the master-server triggers it.

Their position

Resolution: UT3 must be run as Administrator.

Flak

...this is very likely a client-query issue and not a host-listing issue, and is likely the result of some subset of the player community not running the game client as Administrator.

recurve7

Nor GameSpy nor Epic Games didn't acknowledge that this's their problem. They offered a work-around as a resolution. Obviously, average player sees no reason to run the game as Adminstrator. He's not even aware of servers he didn't see. If they released a patch that made UT3 request admin rights using Windows API, it would be a very bad solution, but still solution.

After our attempts to make them change their mind, Flak suddenly closed the thread, stating that any further communication for recurve7 should be sent to her via PM.

I've sent a PM on the 13th of January, but got no answer so far.


Conclusion

This's a very nasty bug that affects roughly one sixths of servers. The number of affected players is unknown, but it will affect more of them as number of Windows 7 machines increases.

Epic Games and GameSpy don't acknowledge it, but it's certainly a regression. It's not player's fault who doesn't run the game as Administrator.

I thought that many players' opinion about GameSpy that ruins the game was biassed. How could unchangable nicknames really ruin the game? Server browser? It's Epic's code built on top of GameSpy API. Minor problems with login, etc.? Epic Games' implementation would probably had such issues, too. But now it's clear that GameSpy really kills the game.

Links

the UnrealAdmin Page
Site Sponsor


GamingHosting
History
  • UT3 ICMP Fail