Jump to content
Akinari

rAthena Goals

Recommended Posts

Awesome...  ^ ^
Keep it up sir...

 

Share this post


Link to post
Share on other sites

This is the reason why i keep learning about everything on RO but it takes time and patience you rA team are my motivation and inspiration thank you for providing us the emulator more power 

  • Upvote 1

Share this post


Link to post
Share on other sites

My server's goal matches this 100%.

No customizations, no deviations from official behavior.

If you (the rAthena devs) need a guinea pig server, we (my server/community) are willing to help anywhere possible. ;)

  • Upvote 1

Share this post


Link to post
Share on other sites

+1B

 

i like this line: we can close the gap between the official servers and ourselves.

Share this post


Link to post
Share on other sites

How about SECURITY?

As i see you start apply to much good features for emulator + optimizations. Rathena stable as never.

But let's talk about another problem: SECURITY;

Can are developers & community start&grow security part?

I talking about server-side protection against 3rd party tools & problems:

  • packet-flooding/spam;
  • encrypting packets (like it do hercules with some 2012-13*.exe)
  • Protecting against bots

Maby now is the time start to think about this problems together and let's fight with it?

What are you can say guys?

Share this post


Link to post
Share on other sites

Bot detection is not within the scope of this project, as every server will have different requirements and tolerances when it comes to anti-bot systems. As for packet flooding/spam, that also depends. A general DDoS protection is impossible, this needs to be handled at the network level. Attacks that involve WPE or other packet crafting to induce undesired or abusive behaviors should definitely be reported and will be handled based on severity.

 

As far as encrypting packets go, I'm not sure where we stand on this. Lighta is our main dev who handles the packet system.

Share this post


Link to post
Share on other sites

I do not talk about DDoS.

DDoS it's network problem, and #1 problem in internet. Against DDoS many services to solve it.

I talking about packet-security, server-side delays, packet encryption by knowed algorythms. 

I do not talk about client-side protection.

Try to understand me please.

Share this post


Link to post
Share on other sites

If there's something that can be exploited from the client side, whether through client bugs/exploits or through crafted packets, that results in undesired or potentially dangerous server-side behavior, then it should be reported and will be handled based on severity. This has nothing to do with securing the client, but whether the server is hardened against input from the client that could lead to abuse. Packet obfuscation is a different story entirely, that's about potentially securing the communication between server and client. I'm not the one that handles the general packet routines so I couldn't tell you where we're at as far as implementing it.

 

I mentioned the quip on DDoS because you mentioned "packet flooding" and I was responding in a general tone that handling such issues is impossible from the server end. There could still be specific denial of service attacks we can and should handle, but when people say "packet flooding" they generally mean distributed denial of service (the extra D) so I wanted to clarify a bit on that. And anti-bot I brought up because that's commonly referenced as part of "server security".

 

I'm not sure how to make this any clearer. If you have any examples of potentially insecurity of any kind and are unsure about other people finding out about it, you can always PM me and I can make sure it gets listed as a private bug so it can't be actively exploited until it gets fixed. If it's something that we can't handle or is better handled outside the scope of this project, then we will let you know. But we will ALWAYS take reports of potential security flaws seriously. Security and stability go hand in hand, you can't have one without the other. A stable server is a secure server.

Share this post


Link to post
Share on other sites

We with you have two different "security".

I talking about server-side security against 3rd party software.

You talking about server-side security against bugs/exploits/duplications etc.

Do not teach me please, i am not newbie in security. If my language looks like it 13 years boy, is't it.

I just say about next step feature of developing, but you wont to do anything, even understand of i talking about.

I hope rAthena community & other developers understand how is important.

Share this post


Link to post
Share on other sites

I'm not referring to just the official Ragnarok Online client when I say client. A client is anything that communicates to the server that isn't another server. A client can be anything from a legitimate player on an official client, a bot created to emulate a player, someone using WPE to craft packets, or someone simply sending garbage to the server on the ports it listens on.

It doesn't matter what generates the packets or where they come from, what matters is how the server handles it. If the server can be induced to produce undesired behavior, whether that's something in game like bypassing restrictions or manipulating the server state, or something more severe like being able to crash the server or break out of the server and run arbitrary code, it needs to be fixed and we will put any and all resources into fixing it.

The server must be able to handle legitimate input as well as be able to handle illegitimate input gracefully. When the latter doesn't occur is when potential security flaws occur. It doesn't matter how the input was generated or how it gets there.

Share this post


Link to post
Share on other sites

keep it cool guys.

So ya I do not believe is rA role to secure client side. Or at least not now. This may evolve as we standing on supporting only few client so we could build on it but it look more like a side project.

Like helvetica said, whenever is a legitimate client, or simply a telnet you could still send a shitload packets to server to rnu arbytrary code or whatever, this is far more important imo then encrypt packets. Encrypt make it a little harder to edit and also cause they attach some id/time on it prevent to redo the action. So that help that player don't cheat IG but doesn't really increase security imo.

To fix this I think we should work on fixing/review Wconversion branch in priority.

 

Now how we stand on this.

We could improve flushing some invalid data and add some tick check to prevent doing same action too fast.

If you using a non legitimate client you wont have a valid session recorded on serv and will be flushed really fast so it's "better" to enter and send a big chunk after.

Now for encryption is very simple to merge most of it, only issue is do we want to support many key at once ? Cause we currently support multiple-client at once (partially working, incoming 100% outgoing 60%), we would need to attach a key to each version, just like we attach a date anyway.

  • Upvote 1

Share this post


Link to post
Share on other sites

Dont argue if you know how then help. If not well just proud coz rathena is free wohooooo.... Nice work guyz!!!

  • Upvote 1

Share this post


Link to post
Share on other sites

Maybe I am ignorant, but I don't understand the bit about closing the gap between rAthena and Gravity official...

We are talking about the emulator itself of course, right? What do you think could be fixed or changed to close that gap? It seems to me that any gaps in feel between Gravity and privately run are in the hands of the Administrators behind each server.

I think the gap varies based on community interest too. PvP oriented servers aren't going to play like Gravity Official. Certain servers remove any sort of leveling or don't look into balancing enough (maybe they do, but they fail to balance as they increase the level/stat caps).

Am I totally off base? If you meant something other than 'the feel,' please let me know.

~Azura Skyy

Share this post


Link to post
Share on other sites

the emulator isnt build to follow what other private server wanted to be ..... but following what the kRO have ...

all the contents should be the same with kRO as many as possible ... 

 

the issue for balancing a server for other private ....most of the time it's their server problem ... 

rAthena will just adjust or implement everything based on kRO ..and not other private server ...

 

rAthena main aim for following the same contents of kRO.

Share this post


Link to post
Share on other sites

Maybe I am ignorant, but I don't understand the bit about closing the gap between rAthena and Gravity official...

We are talking about the emulator itself of course, right? What do you think could be fixed or changed to close that gap? It seems to me that any gaps in feel between Gravity and privately run are in the hands of the Administrators behind each server.

I think the gap varies based on community interest too. PvP oriented servers aren't going to play like Gravity Official. Certain servers remove any sort of leveling or don't look into balancing enough (maybe they do, but they fail to balance as they increase the level/stat caps).

Am I totally off base? If you meant something other than 'the feel,' please let me know.

~Azura Skyy

 

No you're right, the inevitable final product is wholly based on how the administration wants to run it. What our goal is here is that out of the box, our server should be a drop in replacement for Gravity's official servers. If you just pull from GIT and compile and load up the game you should get a 100% point for point accurate recreation of Ragnarok Online. And since this is a open source project, you are free to make modifications and extend it beyond the original gameplay Gravity envisioned, or maybe you just don't like Gravity did some things. That's totally up to you!

 

As far as we the core developers are concerned though, our goal is lock-step emulation with the official servers. Anything custom beyond that is for the community to provide. We provide the base product for everyone to build the game they wish to play.

Share this post


Link to post
Share on other sites

I think that the db paste should be update, because monsters like bakonawa and bangungot are with its items outdated.

Edited by wall_cf

Share this post


Link to post
Share on other sites
  • Stability

While we continue to fix bugs and add additional new content, it is extremely important that we remain focused on creating a project you can rely on to manage itself while you are away from your server. We want you to feel comfortable walking away knowing that you won't come back to a downed server

 

This sets rAthena apart from any other out there. Stable and reliable. For what I'm seeing is, every update is really tested before implementing it. Updates might be a bit slow at some point but when the updates are out, it sure is gonna work reliably. Cheers to rAthena's great developers and community. /no1 /no1 /no1

Share this post


Link to post
Share on other sites

keep it up rathena!!! because of this ill be having my own release of my works for free soon!!! /no1

Share this post


Link to post
Share on other sites

Thanks a ton for this post, I'm happy to see the community moving forward as a whole.

Share this post


Link to post
Share on other sites

Thanks a ton for this post, I'm happy to see the community moving forward as a whole.

Hello mr Sharpienero! Your youtube videos helped me a lot when i was starting my server!

  • Upvote 1

Share this post


Link to post
Share on other sites

rAthena Goals crash always XDDDDD

instead of making unproductive criticsm, i recommend you to file a bug report on the bug tracker section regarding your issues in rathena..

  • Upvote 5

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use and Privacy Policy.