Proposal: implement server pak isolation
This describes a proposal to improve current downloading system and provide a way to isolate certain custom paks coming from the servers to address security and convenience issues.
- Adds a way to isolate server specific content into subfolders per server basis (server namespace), making the content only be loaded once connected to the corresponding server.
- Adds a way to whitelist the sharable content using external list of pak name and their hashes. This will effectively help to whitelist all map content and what not, making the content to be downloaded directly into the mod directory.
The file structure would look like this:
etmain/ .server_89422727960 (isolated content under the server namespace) ~~~~~~~~~~~etmain_menu.pk3 .server_10923023911527960 zzz_pak_161208.pk3 1944_beach.pk3 (sharable content) adlernest.pk3 jaymod/ .server_89422727960 ~~~~fav6.pk3 zz_jaymod-0.6d2.pk3 jaymod-2.2.0.pk3
As said above, each server specific content would be downloaded in the server namespace directory, and be effectively isolated from other servers’ content; and be loaded only once connected to the server, making all paks to work again as expected in-game, effectively avoiding any naming collisions. This also makes no custom paks to be loaded upon the game start, making all menus, sounds, shaders etc untouched, providing pure mod experience.
- No malicious paks will affect the startup ETLegacy experience. (No nasty hacks to make you connecting to undesired servers)
- No more server dictated custom menus. (You are still allowed to install any custom menus on your own)
- Easy to perform cleanups, effectively excluding any sharable paks. (So no maps or other important paks will be removed, if cleanup command is performed)
- Servers will still be able to push their custom paks following any naming conventions to vanilla clients. (No any changes for older clients)
- Basically, server admins won’t need to be forced to do any changes to their paks what so ever. (No work should be done by server holders)
- Only whitelisted (secured) paks will be loaded as shared, everything else gets isolated. (Isolates all the potentially malicious content. You will able to disable the whitelisting for specific pak types.)
- No more zzz-fighting for ETLegacy clients. (This stays untouced for older clients)
The listed benefits will sure make ETLegacy client more secure and convenient to use in eyes of players.
- Non whitelisted (or non sharable) content might be downloaded more than once, if it is presented on multiple servers. (This is usually hardly an issue, as these paks are quite small)
- Sharable pak (eg. maps) should be whitelisted before they can be downloaded directly into mod root directory. (configurable)
- Server namespace the directory name inside each mod folder, that will contain .server_ prefix followed by the server ip: .server_12700127960.
- Sharable content the content that does not get isolated by the server namespace on each download, but rather stored directly in the mod directory, and is accessible on any server connect session.
- Secure content essentially the whitelisted sharable content.
- Isolated content any content that doesn’t suit under the sharable or secure content rules.
What suits the sharable content?¶
- Depending on configuration, any dynamic libraries containing paks are eligible to be sharable contents, and hence be saved in mod directory.
- Depending on configuration, any BSP containing paks are eligible to be sharable contents.
- Any whitelisted paks, are considered to be sharable contents.
What is white list?¶
Essentially this is a list of paks, that are considered to be safe to download in mod directory. Whitelist is distributed across the clients in form of database containing pair of pak name and sha1 hash. If downloaded pak is not contained in white list, the pak is going to be moved in server namespace. The white list will be curated by the community, predominantly mod and map files will be included in the list.
Configurations¶You would be able configure the specifics of the behavior using next cvars for certain pak types:
- 0 (default) disables whitelisting for downloaded paks that contain dynamic libraries (dll), saves the pak directly into the mod directory.
- 1 runs the downloaded dll pak against the white list, if pak is in white list, saves it in mod directory, otherwise isolates it in server namespace.
- 0 disables whitelisting for downloaded paks that contain BSP, saves the pak directly into the mod directory.
- 1 (default) runs the downloaded map pak against the white list, if pak is in white list saves it in mod directory, otherwise isolates it in server namespace.
Every other file not contained in the white list gets isolated in the server namespace.
client: removed deprecated /clean command, refs #1161
This is phased out in favour of pak isolation feature.