这篇文章只是介绍, 之后的文章才是正题. 此篇文章大体介绍了 :
- 文本格式传输的低效率问题, 为了可读性而产生了太多冗余无用数据
- 为什么不用目前已经有了的库比如Protocol Buffers:因为我们不需要版本信息,也不需要什么跨语言的支持。所以让我们直接忽略掉这些功能并用我们自己的不带属性的二进制流进行代替,在这个过程中我们可以获得更多的控制性和灵活性
- 要注意大小端的问题
- 实现一个位打包器, 工作在32位或者64位的级别, 而不是是工作在字节这个级别。因为现代机器对这个长度进行了专门的优化而不应该像1985年那样在字节的级别对缓冲区进行处理。
- 要注意防止恶意数据包的问题 :
- 我们需要实现一个方法来判断整数值是否超出预期范围,如果超出了就要中止网络包的读取和解析,因为会有一些不怀好意的人给我们发送恶意网络包希望我们的程序和内存崩溃掉。网络包的读取和解析的中止必须是自动化的,而且不能使用异常处理,因为异常处理太慢了会拖累我们的程序。
- 如果独立的读取和写入函数是手动编解码的,那么维护它们真的是一个噩梦。我们希望能够为包一次性的编写好序列化代码并且没有任何运行时的性能消耗(主要是额外的分支、虚化等等)。
- 我们为了不想自己手动检查各种可能会被攻击的地方, 需要实现检查自动化, 在下一篇文章 构建游戏网络协议二之序列化策略 里将会说。
. . .
原文标题 : Reading and Writing Packets (Best practices for reading and writing packets)
Hi, I’m Glenn Fiedler and welcome to Building a Game Network Protocol.
In this article we’re going to explore how AAA multiplayer games like first person shooters read and write packets. We’ll start with text based formats then move into binary hand-coded binary formats and bitpacking.
At the end of this article and the next, you should understand exactly how to implement your own packet read and write the same way the pros do it.
Consider a web server. It listens for requests, does some work asynchronously and sends responses back to clients. It’s stateless and generally not real-time, although a fast response time is great. Web servers are most often IO bound.
Game server are different. They’re a headless version of the game running in the cloud. As such they are stateful and CPU bound. The traffic patterns are different too. Instead of infrequent request/response from tens of thousands of clients, a game server has far fewer clients, but processes a continuous stream of input packets sent from each client 60 times per-second, and broadcasts out the state of the world to clients 10, 20 or even 60 times per-second.
And this state is huge. Thousands of objects with hundreds of properties each. Game network programmers spend a lot of their time optimizing exactly how this state is sent over the network with crazy bit-packing tricks, hand-coded binary formats and delta encoding.
What would happen if we just encoded this world state as XML?
1 | <world_update world_time=”0.0”> |
Pretty verbose… it’s hard to see how this would be practical for a large world.
JSON is a bit more compact:
1 | { |
But it still suffers from the same problem: the description of the data is larger than the data itself. What if instead of fully describing the world state in each packet, we split it up into two parts?
A schema that describes the set of object classes and properties per-class, sent only once when a client connects to the server.
Data sent rapidly from server to client, which is encoded relative to the schema.
The schema could look something like this:
1 | { |
The schema is quite big, but that’s beside the point. It’s sent only once, and now the client knows the set of classes in the game world and the number, name, type and range of properties per-class.
With this knowledge we can make the rapidly sent portion of the world state much more compact:
1 | { |
And we can compress it even further by switching to a custom text format:
1 | 0.0 |
As you can see, it’s much more about what you don’t send than what you do.
The Inefficiencies of Text
We’ve made good progress on our text format so far, moving from a highly attributed stream that fully describes the data (more description than actual data) to an unattributed text format that’s an order of magnitude more efficient.
But there are inherent inefficiencies when using text format for packets:
We are most often sending data in the range A-Z, a-z and 0-1, plus a few other symbols. This wastes the remainder of the 0-255 range for each character sent. From an information theory standpoint, this is an inefficient encoding.
The text representation of integer values are in the general case much less efficient than the binary format. For example, in text format the worst case unsigned 32 bit integer 4294967295 takes 10 bytes, but in binary format it takes just four.
In text, even the smallest numbers in 0-9 range require at least one byte, but in binary, smaller values like 0, 11, 31, 100 can be sent with fewer than 8 bits if we know their range ahead of time.
If an integer value is negative, you have to spend a whole byte on ’-’ to indicate that.
Floating point numbers waste one byte specifying the decimal point.
The text representation of numerical values are variable length: “5”, “12345”, “3.141593”. Because of this we need to spend one byte on a separator after each value so we know when it ends.
Newlines ‘\n’ or some other separator are required to distinguish between the set of variables belonging to one object and the next. When you have thousands of objects, this really adds up.
In short, if we wish to optimize any further, it’s necessary to switch to a binary format.
Switching to a Binary Format
In the web world there are some really great libraries that read and write binary formats like BJSON, Protocol Buffers, Flatbuffers, Thrift, Cap’n Proto and MsgPack.
In manay cases, these libraries are great fit for building your game network protocol. But in the fast-paced world of first person shooters where efficiency is paramount, a hand-tuned binary protocol is still the gold standard.
There are a few reasons for this. Web binary formats are designed for situations where versioning of data is _extremely_important. If you upgrade your backend, older clients should be able to keep talking to it with the old format. Data formats are also expected to be language agnostic. A backend written in Golang should be able to talk with a web client written in JavaScript and other server-side components written in Python or Java.
Game servers are completely different beasts. The client and server are almost always written in the same language (C++), and versioning is much simpler. If a client with an incompatible version tries to connect, that connection is simply rejected. There’s simply no need for compatibility across different versions.
So if you don’t need versioning and you don’t need cross-language support what are the benefits for these libraries? Convenience. Ease of use. Not needing to worry about creating, testing and debugging your own binary format.
But this convenience is offset by the fact that these libraries are less efficient and less flexible than a binary protocol we can roll ourselves. So while I encourage you to evaluate these libraries and see if they suit your needs, for the rest of this article, we’re going to move forward with a custom binary protocol.
Getting Started with a Binary Format
One option for creating a custom binary protocol is to use the in-memory format of your data structures in C/C++ as the over-the-wire format. People often start here, so although I don’t recommend this approach, lets explore it for a while before we poke holes in it.
First define the set of packets, typically as a union of structs:
1 | struct Packet |
When writing the packet, set the first byte in the packet to the packet type number (0, 1 or 2). Then depending on the packet type, memcpy the appropriate union struct into the packet. On read do the reverse: read in the first byte, then according to the packet type, copy the packet data to the corresponding struct.
It couldn’t get simpler. So why do most games avoid this approach?
The first reason is that different compilers and platforms provide different packing of structs. If you go this route you’ll spend a lot of time with #pragma pack trying to make sure that different compilers and different platforms lay out the structures in memory exactly the same way.
The next one is endianness. Most computers are mostly little endian these days but historically some architectures like PowerPC were big endian. If you need to support communication between little endian and big endian machines, the memcpy the struct in and out of the packet approach simply won’t work. At minimum you need to write a function to swap bytes between host and network byte order on read and write for each variable in your struct.
There are other issues as well. If a struct contains pointers you can’t just serialize that value over the network and expect a valid pointer on the other side. Also, if you have variable sized structures, such as an array of 32 elements, but most of the time it’s empty or only has a few elements, it’s wasteful to always send the array at worst case size. A better approach would support a variable length encoding that only sends the actual number of elements in the array.
But ultimately, what really drives a stake into the heart of this approach is security. It’s a massive security risk to take data coming in over the network and trust it, and that’s exactly what you do if you just copy a block of memory sent over the network into your struct. Wheee! What if somebody constructs a malicious PacketB and sends it to you with numElements = 0xFFFFFFFF?
You should, no you must, at minimum do some sort of per-field checking that values are in range vs. blindly accepting what is sent to you. This is why the memcpy struct approach is rarely used in professional games.
Read and Write Functions
The next level of sophistication is read and write functions per-packet.
Start with the following simple operations:
1 | void WriteInteger( Buffer & buffer, uint32_t value ); |
These operate on a structure which keeps track of the current position:
1 | struct Buffer |
The write integer function looks something like this:
1 | void WriteInteger( Buffer & buffer, uint32_t value ) |
And the read integer function looks like this:
1 | uint32_t ReadInteger( Buffer & buffer ) |
Now, instead of copying across packet data in and out of structs, we implement read and write functions for each packet type:
1 | struct PacketA |
When reading and writing packets, start the packet with a byte specifying the packet type via ReadByte/WriteByte, then according to the packet type, call the read/write on the corresponding packet struct in the union.
Now we have a system that allows machines with different endianness to communicate and supports variable length encoding of elements.
What if we have a value in the range [0,1000] we really only need 10 bits to represent all possible values. Wouldn’t it be nice if we could write just 10 bits, instead of rounding up to 16? What about boolean values? It would be nice to send these as one bit instead of 8!
One way to implement this is to manually organize your C++ structures into packed integers with bitfields and union tricks, such as grouping all bools together into one integer type via bitfield and serializing them as a group. But this is tedious and error prone and there’s no guarantee that different C++ compilers pack bitfields in memory exactly the same way.
A much more flexible way that trades a small amount of CPU on packet read and write for convenience is a bitpacker. This is code that reads and writes non-multiples of 8 bits to a buffer.
Writing Bits
Many people write bitpackers that work at the byte level. This means they flush bytes to memory as they are filled. This is simpler to code, but the ideal is to read and write words at a time, because modern machines are optimized to work this way instead of farting across a buffer at byte level like it’s 1985.
If you want to write 32 bits at a time, you’ll need a scratch word twice that size, eg. uint64_t. The reason is that you need the top half for overflow. For example, if you have just written a value 30 bits long into the scratch buffer, then write another value that is 10 bits long you need somewhere to store 30 + 10 = 40 bits.
1 | uint64_t scratch; |
When we start writing with the bitpacker, all these variables are cleared to zero except buffer which points to the start of the packet we are writing to. Because we’re accessing this packet data at a word level, not byte level, make sure packet buffers lengths are a multiple of 4 bytes.
Let’s say we want to write 3 bits followed by 10 bits, then 24. Our goal is to pack this tightly in the scratch buffer and flush that out to memory, 32 bits at a time. Note that 3 + 10 + 24 = 37. We have to handle this case where the total number of bits don’t evenly divide into 32. This is actually the common case.
At the first step, write the 3 bits to scratch like this:
1 | xxx |
scratch_bits is now 3.
Next, write 10 bits:
1 | yyyyyyyyyyxxx |
scratch_bits is now 13 (3+10).
Next write 24 bits:
1 | zzzzzzzzzzzzzzzzzzzzzzzzyyyyyyyyyyxxx |
scratch_bits is now 37 (3+10+24). We’re straddling the 32 bit word boundary in our 64 bit scratch variable and have 5 bits in the upper 32 bits (overflow). Flush the lower 32 bits of scratch to memory, advance word_index by one, shift scratch right by 32 and subtract 32 from scratch_bits.
scratch now looks like this:
1 | zzzzz |
We’ve finished writing bits but we still have data in scratch that’s not flushed to memory. For this data to be included in the packet we need to make sure to flush any remaining bits in scratch to memory at the end of writing.
When we flush a word to memory it is converted to little endian byte order. To see why this is important consider what happens if we flush bytes to memory in big endian order:
1 | DCBA000E |
Since we fill bits in the word from right to left, the last byte in the packet E is actually on the right. If we try to send this buffer in a packet of 5 bytes (the actual amount of data we have to send) the packet catches 0 for the last byte instead of E. Ouch!
But when we write to memory in little endian order, bytes are reversed back out in memory like this:
1 | ABCDE000 |
And we can write 5 bytes to the network and catch E at the end. Et voilà!
Reading Bits
To read the bitpacked data, start with the buffer sent over the network:
1 | ABCDE |
The bit reader has the following state:
1 | uint64_t scratch; |
To start all variables are cleared to zero except total_bits which is set to the size of the packet as bytes 8, and bufferwhich points to the start of the packet.
The user requests a read of 3 bits. Since scratch_bits is zero, it’s time to read in the first word. Read in the word to scratch, shifted left by scratch_bits (0). Add 32 to scratch_bits.
The value of scratch is now:
1 | zzzzzzzzzzzzzzzzzzzyyyyyyyyyyxxx |
Read off the low 3 bits, giving the expected value of:
1 | xxx |
Shift scratch to the right 3 bits and subtract 3 from scratch_bits:
1 | zzzzzzzzzzzzzzzzzzzyyyyyyyyyy |
Read off another 10 bits in the same way, giving the expected value of:
1 | yyyyyyyyyy |
Scratch now looks like:
1 | zzzzzzzzzzzzzzzzzzz |
The next read asks for 24 bits but scratch_bits is only 19 (=32-10-3).
It’s time to read in the next word. Shifting the word in memory left by scratch_bits (19) and or it on top of scratch.
Now we have all the bits necessary for z in scratch:
1 | zzzzzzzzzzzzzzzzzzzzzzzz |
Read off 24 bits and shift scratch right by 24. scratch is now all zeros.
We’re done!
Beyond Bitpacking
Reading and writing integer values into a packet by specifying the number of bits to read/write is not the most user friendly option.
Consider this example:
1 | const int MaxElements = 32; |
This code looks fine at first glance, but let’s assume that some time later you, or somebody else on your team, increases MaxElements from 32 to 200 but forget to update the number of bits required to 7(注意看WriteBits( writer, numElements, 6 )
的6, 现在需要7了). Now the high bit of numElements are being silently truncated on send. It’s pretty hard to track something like this down after the fact.
The simplest option is to just turn it around and define the maximum number of elements in terms of the number of bits sent:
1 | const int MaxElementBits = 7; |
Another option is to get fancy and work out the number of bits required at compile time:
1 | template <uint32_t x> struct PopCount |
Now you can’t mess up the number of bits, and you can specify non-power of two maximum values and it everything works out.
1 | const int MaxElements = 32; |
But be careful when array sizes aren’t a power of two! In the example above MaxElements is 32, so MaxElementBits is 6. This seems fine because all values in [0,32] fit in 6 bits. The problem is that there are additional values within 6 bits that are outside our array bounds: [33,63]. An attacker can use this to construct a malicious packet that corrupts memory!
This leads to the inescapable conclusion that it’s not enough to just specify the number of bits required when reading and writing a value, we must also check that it is within the valid range: [min,max]. This way if a value is outside of the expected range we can detect that and abort read.
I used to implement this using C++ exceptions, but when I profiled, I found it to be incredibly slow. In my experience, it’s much faster to take one of two approaches: set a flag on the bit reader that it should abort, or return false from read functions on failure. But now, in order to be completely safe on read you must to check for error on every read operation.
1 | const int MaxElements = 32; |
If you miss any of these checks, you expose yourself to buffer overflows and infinite loops when reading packets. Clearly you don’t want this to be a manual step when writing a packet read function. You want it to be automatic, just read the NEXT ARTICLE.
译者:陈敬凤(nunu) 审校:崔国军(飞扬971)
在这个系列文章中,我将完全从头开始为动作游戏(比如说第一人称射击游戏、近身格斗和实时多人在线战斗竞技场游戏都是动作游戏)基于UDP协议构建一个专业级别的游戏网络协议。我所使用的工具只包括我的Macbook Pro、 Sublime Text 3(这是一个很好用的编辑器,非常值得一试)、我信赖的C++编译器和一组UDP套接字。
1 | <world_update world_time=“0.0”> |
1 | { |
- 一个模式来描述物体类的几何以及每个类的属性。
- 数据相对于该模式进行编码来快速下发给各个客户端。
1 | { |
1 | { |
1 | 0.0 |
更糟糕的是如果你有一个很大的表示位置的数值,比如”12134.534112”。 你仍然需要6位精度的准确性所以现在你需要使用12个字节来表示这个浮点数。而这样所占据的空间是二进制表示法的3倍大小。你还会为每一个‘,’分隔符浪费一个字节。
在网络世界中存在一些用来读取和写入二进制格式的库,比如BJSON,、Protocol Buffers、 Flatbuffers、 Thrift、 Cap’n Proto 和 MsgPack。这几乎都是常识了。
使用二进制格式进行传说网络数据的优点有:1) 你不必自己动手写一个序列化层。2)这些库往往是语言无关的,所以你可以在程序的前端(也就是客户端)使用一种语言而在程序的后端(也就是服务端)使用另外一种语言,而在这种情况下手,程序的前端和程序的后端仍然是可以进行通信的。3)提供了版本信息,这样的话,如果你的客户端使用的是一个比较旧版本的协议,而服务器使用的是一个比较新版本的协议的话,它们仍然是可以进行通信的。反过来也是一样。
如果你在用C或C++对你的游戏进行编码,你可能想知道为什么不能直接使用memcpy(这是一个函数,可以直接进行内存拷贝, 将n字节长的内容从一个内存地址复制到另一个地址)把我的结构拷贝到数据包里面?很多人会经常从这里开始,因此尽管我不推荐这种方法,还是让我们看下这个方法,看看如果用这个方法来进行网络包传递的话会有哪些问题。
1 | struct Packet |
1 | void WriteInteger( Buffer & buffer, uint32_t value ); |
1 | struct Buffer |
1 | void WriteInteger( Buffer & buffer, uint32_t value ) |
1 |
1 | struct PacketA |
当对数据包进行读取和写入的时候,通过ReadByte / WriteByte函数来在数据包的数据之前加上一个字节,用来表明数据包的类型,然后根据数据包的类型,调用联合体里面对应数据包结构里面读取或者写入函数。
同样的,如果是一个布尔值(只有真和假两种情况)只需要一位就能表示,但是它们必须取整为一个字节,这就浪费了7位!现在你可以通过用C++结构来实现你的数据包以及对C++的位域进行序列化并使用一些联合方面的技巧来对这个值进行取整,但是你真的能保证两个完全不同的C ++编译器用完全相同的方式来在内存对位域进行打包?据我所知,应该是不可能的。
如果有人构造了一个elementCount = 255的恶意的数据包,会发生什么?会发生内存崩溃!当然你可以手动设置一个阈值,对读入的数据的大小进行限制,或者手动对它们进行检查,如果出现问题就中止读取,但是你真正想要的一个知道每个要读取的域的最小/最大值到底是多少的系统,并且在任何数据包中对应的值如果超出预期的范围就会自动中止读取,这样在你的代码看到这些不合法的值之前,这些值就已经被丢弃了。
1 | uint64_t scratch; |
比方说,我们要写入3位数据,然后是10位数据,再然后是24位数据。你的目标是在临时缓冲区对这块数据使用一个比较紧密的打包方式并把整理好的数据刷新到内存中去,一次是32位(一个字长)。需要注意的是3 + 10 + 24 = 37,这是故意设计的。你必须处理这种情况。
1 | xxx |
1 | yyyyyyyyyyxxx |
1 | zzzzzzzzzzzzzzzzzzzzzzzzyyyyyyyyyyxxx |
临时缓冲区的长度现在就是37位(10+3+24)。我们正在跨越32位字的边界,并有5位会写入到uint64_t结构的上半32位中(所以这实际是一个溢出)。现在bit_index >= 32,刷新低32位的数据到内存中去,并对word_index加1,然后从临时缓冲区的长度减去32并向对临时缓冲区向右偏移32位。
1 | zzzzz |
1 | DCBA000E |
1 | ABCDE000 |
其代码类似于 :
1 | class BitWriter |
1 | ABCDE |
1 | ABCDE000 |
现在,这里有一点很微妙的地方。当我在网络上发送一个数据包的时候,我真的不知道它到底包含了多少位的数据(否则的话我将不得不将这个数据包的大小直接记录在数据包的包头里面),而且这是一个带宽的浪费。但是通过在网络的另外一侧使用recvfrom函数我确实知道到底这个数据包的内容的长度是多少,因此当5个字节大小的数据包从网络上到达的时候,我可以直接认为缓冲区中的位的大小是数据包字节大小乘以8。因此,实际上,位读取器认为这个分组中要被读取的比特数为5 8 = 40,而不是37。
1 | uint64_t scratch; |
现在通过把临时缓冲区的内容拷贝到另外一个变量里面来读取前面的3位并通过& ( (1<<3 ) – 1 )进行遮罩处理,来给出最后输出的结果:
1 | xxx |
1 | zzzzzzzzzzzzzzzzzzzyyyyyyyyyy |
1 | zzzzzzzzzzzzzzzzzzz |
恩。接下来的读取调用请求24位数据的内容,但是临时缓冲区的位数只有19了(19 = 32-10-3 )。。。现在是时候来读取下一个字了。这个字多半是零因为我们已经对它们进行了清除,但是它还有多余的5位我们需要在接下来进行读取。现在我们准备读取临时缓冲区里面有关z的比特位了:
1 | zzzzzzzzzzzzzzzzzzzzzzzz |
1 | class BitReader |
1 | const int MaxElements = 32; |
第一种方法很容易出错,让我们假设在一段时间以后,你把MaxElements的值从32提高到100,但是你没有修改需要序列化的比特的数目,也就是需要序列化的比特的数目还是6(注意看WriteBits( writer, numElements, 6 )的6, 现在需要7了)。哎呦。因为你忘记了在读取和写入函数里面更新比特的数目,那么现在当你在发送数据的时候你会把高位进行截断。事后追查这样的事情是相当困难的。让我们通过增加一些编译时候的检测来计算出所需要的比特的位数:
1 | template <uint32_t x> struct PopCount |
1 | const int MaxElements = 32; |
当然现在也有机会犯错。MaxElements的值是32所以BITS_REQUIRED(0,32) 返回的是6,因为5比特所能得到的取值范围只有【0,31】。这没什么问题,但是现在我们有概率把未定义的值进行插入,如果有一个恶意发送者发送了一个取值范围在【33,63】之间的值的话。当你在长度为32的数组里面读入63个整数的时候会发生什么?当然,你可以对取值范围进行限制来修正这个问题,但是仔细想想。。。如果你从位读取器得到了一个值但是它超出了取值范围,你要么就是让读取和写入操作完全不同步(这显然是你自己的错误)或者有人试图坑你。所以,不要对取值范围进行限制。如果遇到这种情况,直接停止对数据包的读取并且丢弃这个数据包。我还想在这里提到一个陷阱,因为这个陷阱看上去很方便,但是其实它会让代码运行的很慢。我有一次使用异常实现了数据包的读取中断。它看上去很棒,因为在一个递归的位打包器读取函数里面你可能会有28层调用堆栈,而你想要做的不过是展开堆栈然后回到数据包读取函数调用的地方,但是异常真的太慢太慢了。为了取代异常,有两种方法可以运行的快得多:1)在位读取器那里设置一个值表明这个数据包应该被丢弃,2)升级数据包的读取函数让它在读取失败的时候返回false。但是现在,你可以使用这里面的任意一种方法,为了实现读取时候的安全性,你需要检测上面说的标记或者在每一次读取的时候返回一个值,否则如果遇到读取失败的情况,你还是会一直继续读取直到把内存全部耗光。
1 | const int MaxElements = 32; |
如果你觉得这篇文章有价值的话,请在patreon上支持我的写作,这样我会写的更快。你可以在BSD 3.0许可下访问到这篇文章里面的代码。非常感谢你的支持!