1 / 122

Writing secure and reliable online game services for fun & profit by Patrick Wyatt

Writing secure and reliable online game services for fun & profit by Patrick Wyatt. This presentation has extensive comments included in the inline notes that may not be visible in sites like SlideShare. Robust services & software.

kirby
Télécharger la présentation

Writing secure and reliable online game services for fun & profit by Patrick Wyatt

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Writing secure and reliable online game servicesfor fun & profitby Patrick Wyatt

  2. This presentation has extensive comments included in the inline notes that may not be visible in sites like SlideShare

  3. Robustservices & software

  4. Lead/network programmer: Warcraft, Diablo, Starcraft, battle.netlead programmer: Guild Wars file streaminglead programmer: Guild Wars server backendtechnical lead: TERA account & billing platform Why are we here?

  5. Linux (epoll) inteventcnt = epoll_wait ( backend_fd, epoll_events, epoll_eventmax, timeout); if (expect_false(eventcnt < 0)) { if (errno != EINTR) Windows (iocp) rv = GetQueuedCompletionStatus( _pr_completion_port, &bytes, &key, &olp, timeout); if (rv == 0 && olp == NULL) { Why are we here?

  6. Too low level! Why are we here?

  7. Reliability Why are we here?

  8. ReliabilitySecurity Why are we here?

  9. ReliabilitySecurityScalability Why are we here?

  10. ReliabilitySecurityScalability Why are we here?

  11. Reliability

  12. Send(&important_msg)… time passes …Receive(&reply) What could go wrong?

  13. Hardware failurefat-fingered a server What could go wrong?

  14. Hardware failurefat-fingered a server What could go wrong?

  15. Network congestionBogus network code What could go wrong?

  16. Network congestionBogus network code What could go wrong?

  17. Socket disconnectioncrashy game code What could go wrong?

  18. Socket disconnectioncrashy game code What could go wrong?

  19. Plan for failure What could go wrong?

  20. ReliableTransactions

  21. This is one transactionbegin transaction UPDATE items SET gold = gold + @gift WHERE id = @receiver UPDATE items SET gold = gold - @gift WHERE id = @givercommit transaction What could go wrong?

  22. This is two transactionsbegin transaction UPDATE items SET gold = gold + @gift WHERE id = @receiver UPDATE items SET gold = gold - @gift WHERE id = @givercommit transaction i *in SQL Server What could go wrong?

  23. This is onetransactionbegin transaction UPDATE items SET gold = gold + @gift WHERE id = @receiver UPDATE items SET gold = gold - @gift WHERE id = @givercommit transaction What could go wrong?

  24. Error:Double-tap transactions What could go wrong?

  25. User: <clicks buy> What could go wrong?

  26. User: <clicks buy>Hey: why so long?!? What could go wrong?

  27. User: <clicks buy>Hey: why so long?!?<clicks buy again> What could go wrong?

  28. Web server solution:redirect after POST What could go wrong?

  29. What does yourserver do? What could go wrong?

  30. "My account … was billed today for over 500 dollars in 15 dollar increments."-- Warhammer Online customer What could go wrong?

  31. Idempotenttransactionsto the rescue What could go wrong?

  32. Idempotenttransactionsto the rescue*different from impotent What could go wrong?

  33. IDEMPOTENT [ahy-duhm-poht-nt]=> can be applied multiple times without changing the result What could go wrong?

  34. buy(item) What could go wrong?

  35. buy(item, GUID)now with idempotency™ What could go wrong?

  36. create table items … item fieldstransactId GUID UNIQUEend What could go wrong?

  37. Error:Invalid state transition What could go wrong?

  38. Game server executes partial transaction=> DB now in invalid stateGame server talks to credit-card processorGame server finishes transaction=> DB becomes valid again What could go wrong?

  39. Game server executes partial transaction=> DB now in invalid stateGame server talks to credit-card processorGame server finishes transaction=> DB becomes valid again What could go wrong?

  40. May seem obvious: after every commit the DB must be in a valid state What could go wrong?

  41. This is the Cin ACIDAtomicity - commit all or nothingConsistency - data valid before and afterIsolation- intermediate data not visibleDurability - must persist after transaction What could go wrong?

  42. SQL does ACID*you* need to ensure your data is meaningful What could go wrong?

  43. SQL does ACIDwe need to ensure our data is meaningful What could go wrong?

  44. Error:Distributed transaction failure What could go wrong?

  45. GameSrv_TradeItem (…) { DB1->Send(p1, ADD, item);… crash here … DB2->Send(p2, REMOVE, item);} What could go wrong?

  46. GameSrv_TradeItem (…) { DB1->Send(p1, ADD, item); … crash here … DB2->Send(p2, REMOVE, item);} What could go wrong?

  47. Ignore the errortech support will fixask hackers not to exploit What could go wrong?

  48. Ignore the errortech support will fixask hackers not to exploit What could go wrong?

  49. Ignore the errortech support will fixask hackers not to exploit What could go wrong?

  50. Rollback the transaction What could go wrong?

More Related