Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[CSM] Add flavour limits controlled by server #5930

Merged
merged 13 commits into from Jul 18, 2017

Conversation

@nerzhul
Copy link
Member

commented Jun 6, 2017

Server send flavour limits to client permitting to disable or limit some Lua calls

  • CSM_FL_LOOKUP_NODES: Limit node lookups for 8 nodes in player range
  • CSM_FL_CHAT_MESSAGES: Disable chat message sending from CSM
  • CSM_FL_READ_ITEMDEFS: Disable itemdef lookups
  • CSM_FL_READ_NODEDEFS: Disable nodedef lookups

Remove get_node_or_nil, get_node now have the get_node_or_nil behaviour

Add a parameter (server-side) to set node lookup limit (default 8) when enable LOOKUP_NODE Flavour

@@ -672,6 +673,9 @@ class Server : public con::PeerHandler, public MapEventReceiver,
std::unordered_map<std::string, ModMetadata *> m_mod_storages;
float m_mod_storage_save_timer;

// CSM flavour limits byteflag
u64 m_csm_flavour_limits = CSMFlavourLimits::CSM_FBL_NONE;

This comment has been minimized.

Copy link
@bigfoot547

bigfoot547 Jun 6, 2017

Contributor

For this to work, you need to #include "networkprotocol.h because that is where the CSMFlavorLimits is declared.

@nerzhul

This comment has been minimized.

Copy link
Member Author

commented Jun 6, 2017

@tenplus1

This comment has been minimized.

Copy link
Contributor

commented Jun 6, 2017

+1 we need a way for servers to disable csm elements or csm completely.

@paramat

This comment has been minimized.

Copy link
Member

commented Jun 6, 2017

Thanks.
I strongly feel all node getters should be disableable, no range limiting, no exceptions.
Also, an option for a server to block all client-provided clientmods if it wishes, so that all clients have the same experience even if a certain feature is harmless and not usable for cheating. Opinions about what can be unregulated will differ.
Generally, servers should continue to have absolute power over CSM if they wish.

(Some players are stating that server owners are mean and will abuse this, not at all, server owners generally care about the fun of their players and are usually more mature and better behaved than the players.)

@red-001

This comment has been minimized.

Copy link
Contributor

commented Jun 6, 2017

+1 to the idea but the implementation could be improved. It would be best to have a client-sided list of dangerous functions since that would allow adding new functions that could be used for cheating without having to worry about older servers not knowing about them.
A way for servers to whitelist or blacklist extra functions could of course be added.

@nerzhul

This comment has been minimized.

Copy link
Member Author

commented Jun 6, 2017

@red-001 it's why flavour is nice because you define some sets or flavours and you can apply it on many functions without needed both side support

@nerzhul nerzhul force-pushed the nerzhul:csm_flavour_blacklist branch 2 times, most recently from d375fbb to 7a99078 Jun 8, 2017

@nerzhul

This comment has been minimized.

Copy link
Member Author

commented Jun 8, 2017

I added limits for reading nodedefs and itemdefs

@bigfoot547

This comment has been minimized.

Copy link
Contributor

commented Jun 8, 2017

@nerzhul

This comment has been minimized.

Copy link
Member Author

commented Jun 9, 2017

someone on IRC said his game was based on recipe discovery, now we don't have recipes but node and item defs, i just thought some games wants to limit this to prevent discovery of new features in a specific gameplay, i just prevented the future question on those APIs. Don't forget flavour will be disabled and should be enabled by server owners

@red-001

This comment has been minimized.

Copy link
Contributor

commented Jun 9, 2017

@nerzhul when you actually implement the chat message sending restriction could you add a heavily rate limited exception for chat commands?

@paramat

This comment has been minimized.

Copy link
Member

commented Jun 9, 2017

I understand that old clients will be able to get around these restrictions, so a server wishing to enforce restrictions will have to disallow old clients.

Does this PR include a way to disalble all clientmod functions?
For example, many functions will of course be considered completely 'harmless', but a server may wish that all its players have the same game experience and so wish to disallow harmless functions also.

@red-001

This comment has been minimized.

Copy link
Contributor

commented Jun 9, 2017

I do believe it has already been pointed out that disabling all functions isn't possible since we need some of them for bultin. If you disable all functions players are just not going to update if they want to use CSM which will defeat the point of this or at least increase the period of time during which people will just use old clients.

@red-001

This comment has been minimized.

Copy link
Contributor

commented Jun 9, 2017

Plus safe functions will only affect the client so by that logic we should remove texture-packs.

@nerzhul

This comment has been minimized.

Copy link
Member Author

commented Jun 9, 2017

the idea is to control risky features, which can be part of a gameplay

@nerzhul nerzhul added this to Feature PR in Minetest 5.0.0 blockers Jun 10, 2017

@paramat

This comment has been minimized.

Copy link
Member

commented Jun 12, 2017

I do believe it has already been pointed out that disabling all functions isn't possible since we need some of them for bultin.

Ok, so i mean that functions that are not essential for builtin, but are not also considered harmful for a server, should still be disableable.

If you disable all functions players are just not going to update if they want to use CSM

I'm not proposing disabling all functions, 'flavours' are options for servers, only some would disable all functions including the non-harmful ones because servers care about their popularity. There is also singleplayer.
I feel that functions that are not obviously harmful should still be disableable, as a server may wish that all clients have a similar client experience.

by that logic we should remove texture-packs.

No, by that logic we should add a way for a server to disable client-chosen texture packs. This is a reasonable suggestion because a server may rely on a particular texture pack to work properly and look right.

Your arguments here are ridiculous and seem biased in order to resist the requests for restrictions, you have done this quite often during the issue discussion. By reacting this way you run the risk of losing people's trust that you are genuinely trying to fix this issue instead of misleading people.
I'm not sure i trust you with CSM restrictions, nerzhul seems more reasonable and trustworthy.
EDIT: I take that back after recent behaviour.

@red-001

This comment has been minimized.

Copy link
Contributor

commented Jun 12, 2017

Alright in that case I suggest we add a way to force texture and sound packs in the same release.

@paramat

This comment has been minimized.

Copy link
Member

commented Jun 12, 2017

Issue for my request #5974

@paramat

This comment has been minimized.

Copy link
Member

commented Jun 12, 2017

'send_chat_message' needs to be added to those functions considered potentially harmful, so included here as something disableable, reasons here #5915 (comment)

@red-001

This comment has been minimized.

Copy link
Contributor

commented Jun 12, 2017

@paramat no-one is disputing that anymore.

@nerzhul

This comment has been minimized.

Copy link
Member Author

commented Jun 12, 2017

@paramat just read the PR instead of complaining, the case is already in the scope.

@paramat

This comment has been minimized.

Copy link
Member

commented Jun 13, 2017

'send_chat_message' needs to be added to those functions considered potentially harmful,

Ok, sorry i missed that.

nerzhul added some commits Jul 15, 2017

@nerzhul nerzhul force-pushed the nerzhul:csm_flavour_blacklist branch from 02895f5 to 87d2c5a Jul 16, 2017

nerzhul added some commits Jul 16, 2017

@rubenwardy
Copy link
Member

left a comment

How about

getClient(L)->checkCSMFlavour(CSMFlavourLimit::CSM_FL_CHAT_MESSAGES)

instead of:

getClient(L)->getCSMFlavourLimits() & CSMFlavourLimit::CSM_FL_CHAT_MESSAGES

it could be inline, but makes the code more readable.

I'm also not convinced about mixing CSM things in Client methods such as getNode, however I don't mind if it's made more explicit (ie: renaming to csm_getNode)

# type: int
csm_flavour_limits (Client side modding flavour limits) int 3

# If CSM flavour for node range is enabled, sets the client range limit for get_node

This comment has been minimized.

Copy link
@rubenwardy

rubenwardy Jul 16, 2017

Member

Funky English

#   If the CSM flavour for node range is enabled, get_node is limited to
#   this many nodes from the player
* `minetest.get_node_or_nil(pos)`
* Same as `get_node` but returns `nil` for unloaded areas.
`{name="node_name", param1=0, param2=0}`, returns `nil`
for unloaded areas or flavour limited areas.

This comment has been minimized.

Copy link
@rubenwardy

rubenwardy Jul 16, 2017

Member

either make it return ignore, or rename the function to get_node_or_nil please (in order to make it consistent)

* @param p
* @param is_valid_position
* @return
*/
MapNode Client::getNode(v3s16 p, bool *is_valid_position)

This comment has been minimized.

Copy link
@rubenwardy

rubenwardy Jul 16, 2017

Member

csm_getNode ?
Not sure that this is the right place for the limits

This comment has been minimized.

Copy link
@nerzhul

nerzhul Jul 16, 2017

Author Member

it has as right place as privileges :), and not we cannot specialize a function to a unrelated object feature

@@ -91,6 +91,11 @@ int ModApiClient::l_send_chat_message(lua_State *L)
{
if (!lua_isstring(L, 1))
return 0;

// If server disable this API, discard

This comment has been minimized.

Copy link
@rubenwardy

rubenwardy Jul 16, 2017

Member
If server disabled
#ifndef SERVER
// Client API limitations
if (getClient(L) &&
getClient(L)->getCSMFlavourLimits() & CSMFlavourLimit::CSM_FL_LOOKUP_NODES) {

This comment has been minimized.

Copy link
@rubenwardy

rubenwardy Jul 16, 2017

Member

double indent on follow on

@paramat

This comment has been minimized.

Copy link
Member

commented Jul 17, 2017

Just noticed 'sound play' is in the CSM API, does that need a control too as it affects the server? maybe it could be soft-limited by to sounds only the local player hears?

@nerzhul

This comment has been minimized.

Copy link
Member Author

commented Jul 17, 2017

sound play permit CSM mod to play a sound, no need for server for that. It permits, for example to have sounds on formspec buttons without waiting server to send event for that, then reduce server load

@paramat

This comment has been minimized.

Copy link
Member

commented Jul 17, 2017

So 'sound play' doesn't play a sound for other players?

@nerzhul

This comment has been minimized.

Copy link
Member Author

commented Jul 17, 2017

absolutely no, CSM is for triggering local actions, not remote actions (chat is considered as a local action). You will play local sound

@paramat

This comment has been minimized.

Copy link
Member

commented Jul 17, 2017

Good :]

@nerzhul

This comment has been minimized.

Copy link
Member Author

commented Jul 18, 2017

i will merge this evening if no more things to change. It's time to push this and close all CSM controversy

@nerzhul nerzhul merged commit 79f19b8 into minetest:master Jul 18, 2017

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

Eurybot added a commit to MT-Eurythmia/minetest that referenced this pull request Jul 25, 2017

[CSM] Add flavour limits controlled by server (minetest#5930)
* [CSM] Add flavour limits controlled by server

Server send flavour limits to client permitting to disable or limit some Lua calls

* Add limits for reading nodedefs and itemdefs

* flavour: Add lookup node limits

* Merge get_node_or_nil into get_node.

Sending fake node doesn't make sense in CSM, just return nil if node is not available for any reason

* Add node range customization when noderange flavour is enabled (default 8 nodes)

* Limit nodes range & disable chat message sending by default

* Bump protocol version

@nerzhul nerzhul moved this from Feature PR to Done in Minetest 5.0.0 blockers Aug 16, 2017

@Lejo1

This comment has been minimized.

Copy link

commented Jun 19, 2018

Does this include Metadatas?
They should also have a flavour limit.

@SmallJoker

This comment has been minimized.

Copy link
Member

commented Jun 19, 2018

@Lejo1 What would you like to limit there? Metadata fields can already be set as private by the server, so I don't see a need for liming that too.

@nerzhul

This comment has been minimized.

Copy link
Member Author

commented Jun 19, 2018

meta limit is already limited by using private meta server side. Public meta are meant to be accessed by the client.

@nerzhul nerzhul deleted the nerzhul:csm_flavour_blacklist branch Jun 19, 2018

@Lejo1

This comment has been minimized.

Copy link

commented Jun 20, 2018

The nodemeta.
Its easily possible to check in a big radius for a chest/furnace using the meta.

@nerzhul

This comment has been minimized.

Copy link
Member Author

commented Jun 20, 2018

it's not the flavour responsibility. It's mod owner responibility to make meta private

@paramat paramat moved this from In Progress to Done in Server-sent Client Side Modding Jun 23, 2018

osjc added a commit to osjc/minetest that referenced this pull request Jan 11, 2019

[CSM] Add flavour limits controlled by server (minetest#5930)
* [CSM] Add flavour limits controlled by server

Server send flavour limits to client permitting to disable or limit some Lua calls

* Add limits for reading nodedefs and itemdefs

* flavour: Add lookup node limits

* Merge get_node_or_nil into get_node.

Sending fake node doesn't make sense in CSM, just return nil if node is not available for any reason

* Add node range customization when noderange flavour is enabled (default 8 nodes)

* Limit nodes range & disable chat message sending by default

* Bump protocol version

osjc added a commit to osjc/minetest that referenced this pull request Jan 23, 2019

[CSM] Add flavour limits controlled by server (minetest#5930)
* [CSM] Add flavour limits controlled by server

Server send flavour limits to client permitting to disable or limit some Lua calls

* Add limits for reading nodedefs and itemdefs

* flavour: Add lookup node limits

* Merge get_node_or_nil into get_node.

Sending fake node doesn't make sense in CSM, just return nil if node is not available for any reason

* Add node range customization when noderange flavour is enabled (default 8 nodes)

* Limit nodes range & disable chat message sending by default

* Bump protocol version
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.