Unreal v227 Manual/Server admin tools

From Oldunreal-Wiki
Revision as of 19:34, 27 June 2022 by Neon Knight (talk | contribs)
Jump to navigation Jump to search
Unreal v227 Manual
Main pageNew maps and itemsNew menu optionsVideo renderersAudio renderersServer admin toolsNew mod authoring toolsFrequently Asked Questions
Unreal v227 Manual
<- Previous Audio renderers
Next -> New mod authoring tools

Here are the new tools that serveradmins can use for their servers:

Unreal Integrity

Unreal v227’s own anticheat system. Before Unreal 227, cheat protections were stand-alone mods purely scripted. A general weakness of all of them is that they are all working within the limits of script alone. So, how to catch a DLL hack...?

The two main goals in 227 have been bug reduction and added security. The Unreal Integrity 227 package is the answer to the latter, capable of doing full file checks online comparing file checksums of the files the client is using towards either known lists of files or files the server can load itself.

Unreal Integrity should be able to catch any modified file in Unreal. Patches and exploit-fixes outside of this package take care of a lot of cheats (exploits) as well, so even without using this special package your online experience should already be improved.

Note!
Full anticheat protection can only be reached with disabling older clients, so if you need to secure your server, you have to set Unreal.ini, Section [IpDrv.TcpNetDriver], AllowOldCLients=False.

Unreal Integrity should come readily installed already after you patched your Unreal to version 227. Nevertheless, you should ensure the u-file is present in your system directory and that this entry exists in your Unreal.ini:

ServerPackages=UnrealIntegrity

Unreal Integrity performs the following checks:

  1. Client Unreal Version
  2. Client Computer Name
  3. Client Console
  4. Certain Fabrications of specific values
  5. Unreal.exe, all loaded package files including DLLs, the Linux versions .bin and .so as well...
  6. All checks are timed, failure to give expected replies to the server will lead to a kick (and possibly an automated ban).

In order to enable Unreal Integrity, add the package's main mutator on server startup (UnrealIntegrity.IntegrityServer):

Unreal.exe ...Game?Mutator=UnrealIntegrity.IntegrityServer ...

The settings are saved in UnrealIntegrity.ini. The settings can be accessed at Advanced Options -> Networking -> Unreal Integrity. The default settings should be "all right" for the Joe Average server, you may want to change some of them depending on the type of server you run.

  • bPerformEndGameCheck - checks the client not only when joining but also when the game has ended.
  • CheckTimeOut - how long the server will wait for integrity response from the client.
  • min_ReCheck Time - how long to wait until a midgame check will be performed (when a player dies).

The following options define how to act if the specific event happens:

  • event_ClientTimeOut
  • event_DuplicatePackage
  • event_FabricatedReply
  • event_IllegalClientRequest
  • event_IllegalConsole
  • event_ModifiedPackage
  • event_UnknownPackage

Possible options are:

  • bTellPlayers - tell other players what happened
  • bKick - kick the client
  • bSessionBan - temporarily ban the client for the duration the current map is being played.
  • bBan - full ban of the client until admin removes the entry manually.

Unreal Integrity also comes with another .ini file, SHALinkerCache.ini, which takes care about the checksums used to validate the client. All packages meant to be validated need to be entered here. However, you don't need to add them manually, there are new commands that do this for you. There are two types of sections: [Linker] and [SHA].

The [Linker] section contains linker information about .u files and provides basic security against modified files and hacks. This protection was specifically implemented to check pre 227 clients and should be able to detect the currently known bots and cheats. Note that this protection is limited to Unreal packages (no dll and exe files) and may not be able to detect newer cheats. 227j contains already the checksums of the older clients for 224,225,226b and 226f as well as some popular packages. In order to add more entries, use the command:

ucc engine.linkerupdate <path>\<filename>.<extension>

It accepts also the "*" wildcard, this way you can easily add the custom packages running on your server. Example:

ucc engine.linkerupdate .\*.u

Meanwhile, the [SHA] section contains SHA256 checksums for the files of 227* clients. These checksums are used to validate all files in use, including native .exe and .dll files (also applies to Linux .so and .bin files) and is way extensive than the checks possible on pre-227i clients. In order to add new entries, you can use the command:

ucc engine.shaupdate <path>\<filename>.<extension>

It also accepts the wildcard "*", this will create checksums for every file (but it makes no sense for .ini files). Example:

ucc engine.shaupdate ..\SystemClassic\*

It is also possible to use some other tool to create the SHA256 checkum and add it manually.

Unreal Integrity was created with mod-compatibility in mind. It will not try to validate server actors that do not exist on clients and it will automatically try to find files and packages in its home directory system if a package name is encountered which is not yet loaded in the current session.

There is one interface in the Unreal Integrity server. Mods may indicate that "NOW" would be a good time for rechecks on players. Basically every round-based gametype is a prime example for such a feature, because the mod knows when a round is over, at which time checks would (not likely) interfere with any player-critical gameplay.

For mods it is not needed to use this 227 feature to actually HAVE 227 at compile time in order to use it. What mods have to do is:

  • Find the "UnrealServer" mutator (e.g. via "IsA(...)")
  • call "trigger()" on it, using the mutator itself as first parameter

Example code:

// demonstration code how to suggest to the mutator
// when to perform rechecks of everyone from OUTSIDE 227
// MOD PROGRAMMERS: COPY AND PASTE THIS INTO YOUR CODE :)
final function TriggerInGameChecks()
{
	local Mutator mut;
	for(mut = Level.Game.BaseMutator; mut != none; mut = mut.NextMutator)
	{
		if (mut.IsA('IntegrityServer'))
			mut.Trigger(mut,none);
	}
}

You can also initiate mid-game scan for one specific player by giving a trigger instigator:

final function MidGameScanClient( PlayerPawn Other )
{
	local Mutator mut;
	for(mut = Level.Game.BaseMutator; mut != none; mut = mut.NextMutator)
	{
		if (mut.IsA('IntegrityServer'))
			mut.Trigger(mut,Other);
	}
}

Unlike other packages, the Unreal Integrity package CAN NOT BE MADE NETCOMPATIBLE across versions, so with each new Unreal patch, a new Integrity Package must be created.

Server administrators will need to adjust their mutator line in the server startup and possibly the serverpackages if the updater did not take care of it. Other than that, everything is supposed to remain as is.

New admin commands

v227 introduces a slew of new commands specifically for online match administration:

  • uhelp: Prints the explanations below.
  • uplayers: Shows name, ID, IP-Address, IdentNr and Identity for all players.
  • ukickid: Kicks a player with a given ID.
  • ubanid: Kickbans a player with a given ID (full ban by IP and Name, even after a restart of the game/server).
  • ubanlist: Shows a list with all banned players.
  • uunban: Unbans a player with the number X (see in banlist for the ban number).
  • utempbanid: Kickbans a player until server is restarted.
  • utempbanlist: Shows a list of temp-banned players.
  • utempunban: Unbans a temp-banned player with the number X (see in tempbanlist for the ban-number).
  • utempunbanall: Unbans all temp-banned players.
  • uknownnames: Shows known names of players on server.

While inside server and logged in as administrator add the keyword admin in front of each command (except for uhelp).

You can also bind a key to the action UShowAdminMenu in the following ways:

  • UMenu: Options → Preferences → Controls → Admin Menu
  • Classic Menu: Options → Customize Controls → Admin Menu
  • Advanced Options: Advanced → Raw Key Bindings → writing UShowAdminMenu on your key of choice
  • User.ini: looking for the key you wish to bind UShowAdminMenu to in [Engine.Input].

The banning system logs the PlayerName and includes three checks:

  • Player IP
  • Player IdentNr which collects one unique identify number, based on informations from the client (No information is collected from the client, just a checksum).
  • Player Identity which collects another one unique identify number, based on informations from the client (No information is collected from the client, just a checksum).

The Player IP check is done pre-login, checks for the IP and disconnects directly. The other checks need the client to be logged in, but if they were already banned, they will be kicked and put on tempban with IP so that the next attempt will be caught before login again.

The disconnected client gets either "You have been banned" or "You have been temporarily banned" (only for 227 clients, older clients will only get connection failure).

Banned players will be stored in Security.ini and stay there until unbanned. Tempbanned players will be banned until a map change or a server restart.

HTTP Redirection

Unreal v227 allows HTTP redirection for serveradmins. The settings to control downloads are in the server's Unreal.ini file (or advanced options). These are the settings for downloads sent directly from the Unreal server:

[IpDrv.TcpNetDriver]
AllowDownloads=True
MaxDownloadSize=0
DownloadManagers=IpDrv.HTTPDownload
DownloadManagers=Engine.ChannelDownload

Setting AllowDownloads to False disables all autodownloads sent directly from the Unreal server. This setting has no effect on redirected downloads.

MaxDownloadSize=0 means allow autodownload of any sized file directly from the Unreal server. Otherwise the value is in BYTES. We recommend that rather than disabling all downloads, you set the MaxDownload size to an appropriate value. For example, MaxDownloadSize=100000 will allow mutators and other small packages to be downloaded, but will not allow large files such as maps to be downloaded. Turning off all downloads may make it hard for older clients to get on your server if you are using a lot of custom maps, mutators or other custom packages. This setting also has no effect on redirected downloads.

Redirection can also be done to an external server. These are the settings for redirecting downloads to a remote website site:

[IpDrv.HTTPDownload]
RedirectToURL=http://www.website.com/full/path/to/directory/
UseCompression=True
ProxyServerPort=3128
ProxyServerHost=

In order to enable redirected downloads, you need to set the RedirectToURL variable to point to the website where the files will be autodownloaded from. If a client running 226 or earlier connects to your server, it will ignore the redirection and attempt to download the file directly from the server, so it's important to configure the non-redirected download options even if you intend use redirected downloads.

Finally, HTTP Redirect supports compressed downloads. If UseCompression is set to True, the files must be stored on the remote website as compressed .uz files. You can create a compressed .uz file by using the command ucc compress from the command line. Typing ucc help compress will give you a list of supported options (currently this is only a list of filenames or wildcards to compress). If UseCompression is set to False, the custom package files should be put on the website as they are. Here are some examples of ucc compress:

ucc compress ..\maps\dk*.unr
ucc compress ..\textures\customskins1.utx ..\textures\customskins1.utx ..\maps\DMDeck16.unr
Note!
Make sure the names of the packages (example:DMDeck16.unr) used in the Unreal server match exactly the filename on the HTTP-Server. Here, DMDeck16.uz must be strictly case sensitive, as dmdeck16.uz will NOT work, and the Unreal server will fall back to Engine.ChannelDownload.