We relased our first asset “RSockpol” - a secure, configurable and fast replacement for the Unity socket policy server (aka “sockpol.exe”).
About
Whenever you need your web-based game/application to access a web address (e.g. download asset bundles, access a RESTful server), this web address needs a “Socket policy server” to be accessible.
We were using the standard “sockpol.exe” from Unity quite a while, until we discovered, how unreliable and dangerous this software is.
Here are some of our concerns:
because of the fixed port 843, which is an official system port (all ports below 1024 are system reserved ports), it needs to run as root under a Mac or Linux machine. This means that, if a bad guy somehow gains control over the “sockpol”-process, he could do anything on your machine – like wipe all data from the system… This is a severe and unnecessary security risk!
Any established connection to the “sockpol.exe” stays open until the server receives the command "". When you like to monitor your “sockpol” process with a tool like CheckHost, the server will end up with unclosed connections and every connection consumes a lot of performance - we realized that one unclosed connection leads up to 50% CPU consumption. Again, if a bad guy wanted to do ugly stuff like a “denial-of-service” of your socket policy server by sending simple socket connections, he could easily do that. That would bring your server down and hinder your real customer from using your product/services!
“sockpol.exe” doesn’t write any log files. For us, it’s very interesting to know what’s going on on our servers. We would like to know how many connections have our servers handled etc.
Lack of configuration options - port is fixed in code, time-out not implemented
No simple tests for the socket policy server available
To run “sockpol.exe” under Mac or Linux, you have to install Mono. In our case, we had to install the whole thing on server for this little “EXE” - we don’t use any “Mono” specific apps, so for us, it’s just an unnecessary dependency. But this is very individual – probably you use it and love it
Key features:
Our solution includes:
Non-blocking, reliable socket policy server alternative for Unity
Port, time-out and queue size for incoming connections are freely configurable
Full customizable logging (incl. rolling file appenders with size settings)
Multi-threaded
Much faster response time (20%-50%)
Test-scene for Unity
Configurable test-application (load-test with threads and iterations)
Runs on Windows, Mac and Unix/Linux
Extensive tests, documentation and support!
Full C# and Java source code provided
Important:
Needs Java7 or higher on the target machine, but the installation steps are mentioned inside the documentation.
Stefan, it didn’t work for me. Neither on my Win7 nor on my Win Server 2012 (where I absolutely need it to work). I made sure I have java 1.8 on both the Win7 and the headless Win Server.
Here’s what I get on Win Server 2012:
C:\Users\Administrator\Documents\RSockpol>java -jar rsockpol.jar
07:21:51,094 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Could NOT
find resource [logback.groovy]
07:21:51,094 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Could NOT
find resource [logback-test.xml]
07:21:51,095 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Found res
ource [logback.xml] at [file:/C:/Users/Administrator/Documents/RSockpol/logback.
xml]
07:21:51,096 |-WARN in ch.qos.logback.classic.LoggerContext[default] - Resource
[logback.xml] occurs multiple times on the classpath.
07:21:51,096 |-WARN in ch.qos.logback.classic.LoggerContext[default] - Resource
[logback.xml] occurs at [jar:file:/C:/Users/Administrator/Documents/RSockpol/lib
/wichtel-0.2.3.jar!/logback.xml]
07:21:51,096 |-WARN in ch.qos.logback.classic.LoggerContext[default] - Resource
[logback.xml] occurs at [file:/C:/Users/Administrator/Documents/RSockpol/logback
.xml]
07:21:51,231 |-INFO in ch.qos.logback.classic.joran.action.ConfigurationAction -
debug attribute not set
07:21:51,244 |-INFO in ch.qos.logback.core.joran.action.AppenderAction - About t
o instantiate appender of type [ch.qos.logback.core.rolling.RollingFileAppender]
07:21:51,266 |-INFO in ch.qos.logback.core.joran.action.AppenderAction - Naming
appender as [mainFileAppender]
07:21:51,323 |-INFO in ch.qos.logback.core.joran.action.NestedComplexPropertyIA
Assuming default type [ch.qos.logback.classic.encoder.PatternLayoutEncoder] fo
r [encoder] property
07:21:51,428 |-INFO in ch.qos.logback.core.rolling.FixedWindowRollingPolicy@75ca
b9 - No compression will be used
07:21:51,442 |-INFO in ch.qos.logback.core.rolling.RollingFileAppender[mainFileA
ppender] - Active log file name: ./logs/rsockpol.log
07:21:51,442 |-INFO in ch.qos.logback.core.rolling.RollingFileAppender[mainFileA
ppender] - File property is set to [./logs/rsockpol.log]
07:21:51,445 |-INFO in ch.qos.logback.classic.joran.action.LoggerAction - Settin
g level of logger [com.crosstales] to INFO
07:21:51,445 |-INFO in ch.qos.logback.classic.joran.action.RootLoggerAction - Se
tting level of ROOT logger to ERROR
07:21:51,445 |-INFO in ch.qos.logback.core.joran.action.AppenderRefAction - Atta
ching appender named [mainFileAppender] to Logger[ROOT]
07:21:51,446 |-INFO in ch.qos.logback.classic.joran.action.ConfigurationAction -
End of configuration.
07:21:51,449 |-INFO in ch.qos.logback.classic.joran.JoranConfigurator@f7fe8e - R
egistering current configuration as safe fallback point
It stops there and nothing else. Connecting to it doesn’t yield anything.
No panic - everything looks great so far
As you can see in the documentation at page 9, that’s the expected console output. There is nothing more to see…
Please check:
Did you set the correct port in the Unity test scene and is the server port (standard is 65432 instead of 843) accessible from your test machine?
Did you fetch the policy in your Unity-app with “Security.PrefetchSocketPolicy(yourServerIP, yourServerPort, yourTimeout);”?
What’s the content of the “rsockpol.log”-file (inside the log-directory)?
What’s the content of your standard.properties - are the ports etc. set correct?
If you still can’t run it, please send me a email with some more details, the log and configuration files and we will figure out a solution.
I configured standard file for port 5199, the prefetch from Unity is also pointing to port 5199. I doublechecked that the port is allowed in the firewall as well.
here’s what I get from the log file after numerous attempts:
2015-06-13 07:16:24,748 [Thread-1] INFO c.c.r.server.SocketPolicyServer - Socket policy server startet on port: 5199
2015-06-13 07:16:24,761 [Thread-1] INFO c.c.r.server.SocketPolicyServer - Total runtime: 0 Days 0 Hours 0 Minutes 0 Seconds
2015-06-13 07:16:24,764 [Thread-1] INFO c.c.r.server.SocketPolicyServer - Total requests: 0
2015-06-13 07:21:51,503 [Thread-1] INFO c.c.r.server.SocketPolicyServer - Socket policy server startet on port: 5199
2015-06-13 07:21:51,511 [Thread-1] INFO c.c.r.server.SocketPolicyServer - Total runtime: 0 Days 0 Hours 2 Minutes 40 Seconds
2015-06-13 07:21:51,514 [Thread-1] INFO c.c.r.server.SocketPolicyServer - Total requests: 0
2015-06-13 07:31:35,389 [Thread-1] INFO c.c.r.server.SocketPolicyServer - Socket policy server startet on port: 5199
2015-06-13 07:31:35,396 [Thread-1] INFO c.c.r.server.SocketPolicyServer - Total runtime: 0 Days 0 Hours 12 Minutes 17 Seconds
2015-06-13 07:31:35,398 [Thread-1] INFO c.c.r.server.SocketPolicyServer - Total requests: 0
