| Author |
Thread Statistics | Show CCP posts - 12 post(s) |
|
CCP Fallout
   |
Posted - 2010.12.02 22:22:00 -
[1]
A number of players have been experiencing socket closed errors since EVE Online: Incursion 1.0.0. Our investigations have led to the discovery of at least one vendor of traffic shapers flagging EVE Online network traffic as a ôBitTorrent encrypted transfer.ö Many universities are blocking all such traffic, and we are still trying to establish if more vendors are flagging our network client erroneously. Please note that not all closed socket errors may be related to this particular problem, and we are continuously investigating closed socket issues and encourage you to continue reporting this issue whenever you encounter it by filing a petition.
Why did this occur? When we released Incursion 1.0.0, we made a change to the client/server handshake. For those unfamiliar with this term, it is essentially the client saying ôhi, letÆs establish a connectionö and the server responding with ôthis is our current version information, number of logged in users, and other information of interest to you.ö The client then responds with a positive message (i.e. if the version information is correct, you can log in immediately) or will contact the update servers if the client version you are using is out-of-date. This change, essentially increasing the number of fields from six to seven, resulted in a bit in our handshake packet to change from a "6" to a "7" which was enough to cause the signature for the EVE Online client in this particular vendor's whitelist to no longer match. Note: This could be the cause of the closed socket errors many have been recently reporting; however, as noted above, we are still investigating this particular issue.
The vendor in question has modified their signature to remove the false positive and restore the Eve Online client to the whitelist. This particular vendor's signatures are normally updated on Mondays; however, they may issue the update earlier if itÆs requested by affected users (i.e. network sysadmins at universities). The vendor has no mechanism to push an update sooner. The patches must be applied by the device administrators. We suggest that, if you are affected by this issue, you contact your network sysadmins and explain what is occurring and how they can resolve the issue with their vendor. You may wish to provide them with the following email address ([email protected]) and they can discuss the matter in detail with our security team.
We will continue investigating any connectivity issues and will work with any third-party vendors to resolve any further false positives we may become aware of. We apologize for this inconvenience.
Fallout
Associate Community Manager
CCP Hf, EVE Online
Contact us |
|
|
CCP Sreegs
C C P
C C P Alliance
|
Posted - 2010.12.03 02:06:00 -
[2]
 Originally by: Solore Dotor
I filed a ticket with WPI netops.. there's about a 0.05% chance they'll actually do it. If they don't do it, is CCP saying I'm out of luck and I should close my accounts?
Hey guys we said the latest this should be fixed is Monday. That's when the vendor pushes the updated signatures to their clients (your schools). If you can get your school's admins to contact support for their p2p filtering solution they have a signature ready for them that will fix it which they have to apply. |
|
|
CCP Sreegs
C C P
C C P Alliance
|
Posted - 2010.12.03 02:38:00 -
[3]
Originally by: therealdhs
So all of the schools in question (Big list here) use the same traffic shaping programs?
While I'd love to go to the IT department and ask them to update their signatures, it would waste everyone's time if it was for a program they don't use, and wouldn't get an update for.
All of the schools who have been willing to communicate with me what they use, use the same traffic shaping equipment. I have no way of knowing what any particular school is using if they don't tell me. I've called more schools than I have fingers in the past two days and the ones who responded were using the same device. |
|
|
CCP Sreegs
C C P
C C P Alliance
|
Posted - 2010.12.03 02:50:00 -
[4]
Originally by: therealdhs
Can't ask for much more than that, and if everyone you've contacted uses the same program, I'm sure it's widespread. As I stated in my first post, can you provide the name of the program? I could probably track down whoever manages it if I knew a little bit about it.
It will be your network or security staff in IT. It's a traffic shaping appliance, used to control bandwidth basically. Some of the schools I talked to seemed to be hesitant to share the details about the product they were using. I've emailed them back but unless they tell me it's ok to divulge the vendor I'm going to respect their desire to keep it under wraps. Without them being forthright with me this issue would have been a real problem to resolve. |
|
|
CCP Sreegs
C C P
C C P Alliance
|
Posted - 2010.12.03 03:43:00 -
[5]
Originally by: Solore Dotor
ohhh didn't realise it was a push. i thought netops would have to do it themselves and they're too lazy to be bothered
Don't hold me to that as my memory's fuzzy but I was told specifically that updates are done on Mondays. |
|
|
CCP Sreegs
C C P
C C P Alliance
|
Posted - 2010.12.03 10:02:00 -
[6]
Edited by: CCP Sreegs on 03/12/2010 10:02:08
Originally by: Zagdul
Edited by: Zagdul on 03/12/2010 09:26:11
Originally by: CCP Fallout
This change, essentially increasing the number of fields from six to seven, resulted in a bit in our handshake packet to change from a "6" to a "7" which was enough to cause the signature for the EVE Online client in this particular vendor's whitelist to no longer match.
Has any testing been done to change the 7 to an 8 or 9?
Edit: To clarify, I understand you can't go backwards. That said, what about setting up dummy packets for future expansion??
Anything other than a 6 would have broken the signature. Going forward they're ignoring that bit. |
|
|
CCP Sreegs
C C P
C C P Alliance
|
Posted - 2010.12.03 14:24:00 -
[7]
Originally by: CCP Sreegs
Hey guys we said the latest this should be fixed is Monday. That's when the vendor pushes the updated signatures to their clients (your schools). If you can get your school's admins to contact support for their p2p filtering solution they have a signature ready for them that will fix it which they have to apply.
Ok I need to add an addendum to this... The updates are released by the vendor on Monday. It is up to the administrator of the device to update their devices. One would hope that your administrators would want to update their signatures but we have no way of forcing them to do so.
So, while it may not be what you all want to hear it's the facts as they stand. We don't control your school's networks and we are not their customer, you are, so it will be up to you guys to pressure them to get this done if they don't do it in a timely fashion. I'd recommend linking them this thread and they can email me if they have questions. |
|
|
CCP Sreegs
C C P
C C P Alliance
|
Posted - 2010.12.03 19:20:00 -
[8]
Edited by: CCP Sreegs on 03/12/2010 19:22:26
Originally by: sacredchord
I appreciate all the work that's been done on this CCP side, it speaks wonders for your dedication as a company. Furthermore I have a request. I'm sure many students are in the same boat as me at the moment, being that the IT departments at our specific schools are giant bureaucratic cluster***s that take quite some time to process tickets. I will attempt to take this up with my department today, but what assurance (to the extent that assurances are possible in this sort of thing) do I have the vendor update will solve the problem? If you all at CCP are pretty certain this will do the trick, I'll try to submit a ticket and push it through today. However, my IT department is not very receptive to repeat traffic with regards to things they do not deep as 'their problem' (prior gaming experience attests to this. Of course I understand your guesses are the best you can give for now, but any advice you have is appreciated. Again, thank you for the outstanding work so far, the dedication is appreciated.
A cooperative university has tested the signature. It works. The only reason it wouldn't work would be if they're not using the same device, which will make me very angry as I won't sleep for a few more days trying to find out wtf.
:edit: I've also reviewed the new signature with the vendor and compared it to packet traces and we're both on the same page. The theory is sound and the one instance I've been able to see it tested in has validated its authenticity. I wish I could contribute more here but I have no insight into other people's networks so I'm doing a lot of shooting in the dark here. |
|
|
CCP Sreegs
C C P
C C P Alliance
|
Posted - 2010.12.03 19:24:00 -
[9]
Originally by: Bacon Baron
Can we confirm that the update is ready to be deployed by the colleges, and that it fixes it?
If so, I will pester ResNet repeatedly until they push it out.
An "emergency patch" is available from support for their traffic shaping/p2p filtering product. The full signature update which will be available Monday will contain the same fix if they are scared of the unofficial patch. |
|
|
CCP Sreegs
C C P
C C P Alliance
|
Posted - 2010.12.07 13:47:00 -
[10]
Originally by: Calo Lin
Looks like it is going faster, got in instally. took sometime to load things, still get fps drops doesnt matter what settings i use, best performence or not.
open cargoholes, seeing information on people works fast. Jumping through gates works instally. Have not yet deployet drones or been in combat.
edit: what have they fixed bahnhof?
If it's what we've been discussing in this thread they simply applied a signature update to their traffic shapers. |
|
|
CCP Warlock
|
Posted - 2010.12.08 22:24:00 -
[11]
Originally by: W Junior88
IT IS CCP PROBLEM.
Because it didn't happen before incursion patch.
Why do we have to change ISP just because a game's patch?
It is totally ridiculous.
It is more than a tad annoying on our side as well. There is an important principle of network theory called the End to End Principle - which essentially states that it is the endpoints that make protocol decisions, and only the endpoints. However, as so often happens, the nice tidy world of network theory meets real life, and it doesn't all quite work out as the designers intended. The ISP's doing this kind of filtering is a violation of that principle, a somewhat necessary one from their perspective, but still.
As CCP Sreegs has explained, we changed our protocol exchange to improve it a little, and discovered it was being used as an identifier for EVE traffic. It was never intended for that purpose, and nobody asked us if it would be a good idea to use it for that.
If you contact your ISP, this should be an easy issue for them to fix on their side. Ask them to contact us, at [email protected] and we will provide any assistance they need. This sort of thing happens fairly frequently unfortunately. There's a lot of sorting out behind the scenes that goes on between ISP's and network providers that isn't usually exposed to public view.
|
|
|
CCP Sreegs
C C P
C C P Alliance
|
Posted - 2010.12.16 02:35:00 -
[12]
Originally by: Abstract Uncertainty
Still can't connect from my residence at Montana State University. I have asked the network operations guys to contact [email protected] but who knows if they will listen to me.
CCP, can you just roll back the extra bit you added that is flagging this all as p2p/bt traffic? I have happily played eve for years and now i cant even log in. I have to go to a coffee store to change my training queue.
I cannot afford to pay for a game I cannot play (on three accounts). Im sure you understand.
For clarification... We didn't add a bit or just change an arbitrary number. We changed something that happened to involve a simple bit from the TCP handshake perspective that is actually quite necessary and quite unsimple. I can try giving your network guys a call tomorrow but I have to remind you that YOU are their customer, not me. I'm just some strange dude calling about their network equipment and that doesn't tend to be well received. |
|
| |
|