I'm glad you got this to work :). I've always hoped someone would do exactly what you've done (use the data channel code on a server to do low-latency client<->server communication).
We're aware of the difficulty and are actively working on making it easier to work with just he components you need for data channels (ICE, DTLS, and SCTP). It might take a while, but it's one of our goals.
But yeah, I really hope it becomes easier to integrate, as right now that's the biggest barrier into putting it into my custom written C++ server that I use for all my games. They already support UDP-only communication for desktop and mobile builds and bringing it to web would make the experience a lot better. Thank you!
Or you can just wait until we have our code refactored :).
If possible I think it would be a good idea to break up the different parts of WebRTC so that they can work independently of each other. The abstractions are also a bit leaky, as you need to know about the underlaying layer to use it. Another approach would be having a low level API witch might be easier to implement in the browser, and then count on libraries to make good abstractions.
It was already bad enough 10ish years ago when it was a comparatively small pile of hacks, and there was hope that something could be done about it. But now? It's an enormous pile of hack upon hack. Full stack engineer? More like full hack engineer!
The main reason I worry about losing my job or moving to a new location is that web development jobs are a dime a dozen nowadays, while more traditional development is seeming less and less relevant. As much as I hate C++, I'll stick with it over the monstrosity that is Web 2.x.
[Insert the usual complaints about shitty languages, tooling, and gazillions of frameworks / reinvented wheels here.]
One thing I like about computers and programming is that it's all created by humans. I tried go into physics and biology but once you go deep nothing really makes any sense, it's all random. With programming there's always, most of the time, reason behind design decisions.
Also, I disagree that all of computing is built upon nothing but hacks. Computing is underpinned by lines of theory whose fundamentals can legitimately be described as elegant or even beautiful. I'm thinking of things like universal Turing machines, the lambda calculi, type theory, the structured programming theorem, theories of concurrent, parallel, and/or distributed computation, automata theory, computability theory, complexity/tractability, universal/abstract algebra, relational algebra, unification, etc., but the elegance doesn't end where the theory ends. Many people, including myself, would consider Lisp to be profoundly beautiful, for example, perhaps even on multiple levels. Whether you like the language or not, it was a crowning achievement of early computation science, and it is far from unique in that regard.
Although I personally loathe the state of Web development, I don't hate Web developers. On the contrary, I'm very glad that there's no shortage of people who seem to enjoy it—especially as a long-time Linux user, I'm glad that since the dawn of "Web 2.0", I've had to worry less and less about being left out because third-party developers decided not to support my OS: more and more, I can just pop open my Web browser and use the exact same software anyone would use on Windows or MacOS. It's a double-edged sword, for sure, since along with the convenience and compatibility, browsers have become insane, bloated resource hogs, and if I'm not connected to the Net, there's a chance I won't be able to use the software I want or access the data I want. On top, philosophically I can't help but feel that XaaS for various values of X and "the Cloud" are regressions back to a time when personal compute power was prohibitively expensive, for reasons that are billed as convenience but in reality only serve to remove the freedoms of end users; notwithstanding, I'm just going to focus on the technological issues that I perceive for now, since the philosophical issue(s) demand a different class of solution altogether, nor do said issue(s) belong uniquely to the Web.
I suppose most of the issues I have with the Web as a software platform stem primarily from one force: organic growth over the course of two decades, as opposed to thoughtful and deliberate design by an engineer or group of engineers. The way the Web is now, especially when viewed as a software delivery and execution platform rather than as a document delivery platform, it's a Frankenstein's monster that has been pieced together from numerous disparate protocols and data formats all designed by different people, revised by still more different people, and oftentimes extended by yet more different people in order to cover use cases that had not been considered by the original designer(s), and then connected in the most straightforward ways possible, where each connection might consist of an entirely different mechanism than any other (rather than, for example, extending the protocols such that they provide a uniform connection mechanism).
However, I don't think organic growth on its own necessarily leads to monstrosities. I think that the force of organic growth has been guided by a couple of factors, similar to how evolution is guided by various forms of selection. For one, throughout the history of the Web, the goalposts of its continued development have moved time and again. Once a system for the distributed service of hypertext documents, it quickly became a service for hypermedia in general. Then it became a service for interactive trinkets. And it quickly became a service for commerce and enterprise. With the advent of Java applets and ActionScript-programmable Flash "movies", it became a service (but not yet a platform) for the delivery of applications. Then, of course, AJAX sparked a fundamental change in how the Web was viewed by developers and users alike: it finally became not only an application delivery service, but also a software platform! Since then, the goalposts have shifted only slightly, and the majority of these goals can be summarized as a desire to further enrich the software platform, first by doing the things Flash was once used for, then the things Java was once used for, coming to the point where there is a desire for a Web page to be able to do the things native desktop applications are typically used for, including even AAA games. For each set of goalposts, the context of the design of new Web technology has been different; as such, the notion of what has constituted a "good" design decision has also changed: sometimes, what was a good design decision at the time became not-so-good in a new context. The result has been—rather than a clear progression towards a single goal—a bunch of tumorous outgrowths in various directions with a line of best fit trending from "hypertext document service" to "hardware and operating system abstraction layer and virtual machine for shitty, poorly-performing, inefficient, possibly-distributed applications". The curious "architecture" of the Web is reflected in the architecture of Web applications: the number and complexity of the technologies that are needed to create even the most basic Web application is, frankly, ridiculous. And on top of it all, where platforms with like goals such as the JVM and CLR manage to provide first-class support for multiple programming languages, the Web manages to offer only one, and it happens to be particularly grimy (my fingers are crossed for WebAssembly).
The lesson of all this (and it's not a lesson unique to the Web by any means), is this: backwards compatibility is a bitch.
tl;dr all these young punks need to get off my lawn
However from the pure engineering side things don't look so great for the reasons Matheus28 already mentioned: WebRTC (even data channels only) is a big stack of massive complexity. It's not something you want to implement or understand fully on your own within a reasonable amount of time (like you could do with WebSockets).
The most reasonable way to get WebRTC support seems like integrating Googles native WebRTC library. However one downside is that it's a big dependency with which a lot of people might be uncomfortable bringing in (although you say you are working on making it smaller). The other downside is that it's not only big but a native dependency, which I and other people want to avoid wherever possible in non C/C++ land.
The alternative solution would be to develop a pure Go/.NET core/Java/etc. WebRTC data channel solution. However for this most of the required subcomponents are missing. Imho neither of those even support the required DTLS encryption in the (extended) standard libraries, and there are also no libraries for SCTP on top of UDP around. Therefore getting this to work is a serious effort, and anybody who approaches it must ask himself if the effort is justified or if Websockets and HTTP streaming are not good enough. For the latter one the performance might even reach WebRTC data channel performance if QUIC gets standardized and widely deployed.
I think the situation might be different if WebRTC data channels would only have standardized a UDP or possibly encrypted UDP. Anybody who would have needed it could still be able to implement streams and multiplexing on top of it on server and client(JS) side. The current solution provides a nicer out of the box API, but supporting it outside of the browser is hard.
Matheus28: Did you actually get it to work or did you give up? (pthathcerg: The comment only claims they "analyzed the possibility".)
Because SCTP is configurable, we can open multiple data channels with different settings, which saves us tons of work!
Typically we have:
an unreliable and unordered data channel for game state data and user inputs
a reliable and ordered data channel for chat messages, scores and deaths
Anyway, I've been idly thinking of ways to try to kindle an interest in programming in the guy, since he's very smart and seems to like computers. I played Cookie Clicker with him, and then showed him how to "hack" it from the console by playing with the JS a little bit (it's all local).
But since he loves diep so much I think that would really give him motivation to learn more if he could fiddle with things in that game somehow. But I realize it's harder given that it's a client/server model. I don't suppose you have any ideas of things we could try? Is there a client-only mode where we can fiddle in the console? Or is the server code open source so I could run it locally or something?
Oh, ha, and something that's been killing me... why's it called "diep"?
For Diep.io, it's completely server side and very little happens on the client side. That is intentional as Agar.io had a problem with "private servers" popping up which were actually people ripping (read stealing) the client side code, putting their ads in there, hosting it on their own website and pointing it at their server emulator.
It comes from an old game I made when I was a kid called Diepix. There's no reason for the name "Diepix" other than sounding cool.
These devs could do:
This could solve this diep.io monthly updates issue. I really hope you allow more devs.
And also (if you dont know what discord is, discord is a website where people can chat live), Join the Diep.io discord made from the moderators of the Diep.io subreddit: https://discordapp.com/invite/YDSF2wD#discordbutton
Also if it's not a secret what backend did you use to handle so many concurrent connections and how many were you able to keep per box?
It's a custom written WebSocket implementation, see https://news.ycombinator.com/item?id=13267261
I think Agar.io has around 190 players per server. Diep.io has around 72.
Per server you mean like in a game room or is one game room equal to one linux box? If so, I guess then that handling the game logic was the bottleneck, not the number of concurrent connections?
Also, congrats on the success and making some really cool games.
Per game room (each room is a process). I end up just using boxes that have 1 CPU core and run just that game room in there. Except for some dedicated servers that have 40+ cores, in which we run 40+ processes.
On Agar.io doing all the collision checking and encoding the packets is the biggest bottleneck. Similarly for Diep.io. Number of players of course increases those two factors almost linearly. For example, Diep.io doesn't process shapes that aren't being transmitted to anyone.
I was inspired by your games to try something similar for the latest Ludum Dare: http://www.bemmu.com/compo/ludum/37/index.html
At first I tried checking every creature for collisions against everything else, but unsurprisingly that was too slow (N^2). To reduce the checks I put each creature in a grid cell based on their position, then check for collisions only against creatures in the same or adjacent cells.
I think overlapping grids would be even more efficient, or perhaps to do these checks on GPU.
WebRTC leaks true IP addresses unless it is outright disabled in [supported] browsers. It is a huge annoyance, and I would be hard-pressed to view it as more than a gimmick that complicates the already messy landscape of web development.
To me the best way to do this involve knowing how often the TCP socket is doing retransmissions, which is an information typically not available at the WebSocket level.
OT question.. how much $ do you make on those?
Also have you tried with a webworker or something similar.
We're at a point now where you're certainly not wrong, it just feels really wrong.
When I started development WebRTC wasn't very well supported, now I am considering using a hybrid. I already use two websockets, one for binary state snapshots and the other for JSON important updates like entity creation and chat. It would be interesting to implement WebRTC to my servers just for the state snapshots.
You can beat on them for missing the bonus questions, but they're the only one answered all of the questions on the main exam correctly and they were the first ones done...
I have to warn you though, the server-side WebRTC libraries are not very mature
yet. I advise you to do thorough research before building your game.
There are two bindings for Go built on top of the WebRTC code at webrtc.org:
By the way, I work on the WebRTC team at Google, and I don't think it would be that hard to write a data channel server in Go. Here's how you should do it.
1. Get an "SDP offer" from the client. Parse it mainly to get the DTLS fingerprint. You may also choose to get the SCTP max message size.
2. Open a UDP socket. Listen for incoming STUN binding requests and send back binding responses:
You can see how the WebRTC client code constructs requests here:
You can see how the WebRTC client code processes responses here:
Or you can read the RFC (warning: not light reading):
3. Once a valid STUN binding request is received, listen for DTLS packets and hand those over to BoringSSL. Also listen to when BoringSSL wants to send a packet and send those out on the UDP socket back to the client.
You can see how the WebRTC client code passes DTLS packets down to BoringSSL here:
You can see how the WebRTC client code gets packets to send from BoringSSL here:
4. Once BoringSSL finishes the DTLS handshake and is processing incoming SCTP packets, listen for those and hand those over to usrsctplib. Also listen to packets usrsctplib wants to send and hand those over to DTLS to send.
You can see how the WebRTC client code reads decrypted packets from BoringSSL here:
And how it passes them down to usrsctplib here:
You can see how the WebRTC client code gets packets to send from usrsctplib here:
And how it passes them to BoringSSL here:
5. Process data channel messages from usrsctplib and send data channel message through usrsctplib. Note that you can ignore the whole "OPEN message" protocol if you call PeerConnection.createDataChannel with the "negotiated: true" option on the WebRTC client side. You can specify the SID you want to use for the data channel as well.
You can see how the WebRTC client code passes messages to usrsctplib here:
And how it receives them:
6. Serialize an "SDP answer" message which basically just hands back the same looking blob of text, but with a different DTLS fingerprint (the one for the certificate of the server). It also must have two random strings: the ICE username fragment (ufrag) and ICE password (pwd). If you pass that answer to the WebRTC client, all the ICE, DTLS, and SCTP work should happen and after around 6 round trips on the network, you should incoming and outgoing messages.
Ok, that probably sounds like a lot, but most of the work is done by BoringSSL and usrsctplib. The bulk of the Go code would be implementing the STUN messages and gluing everything together. Good luck to whoever tries :).
I do think WebRTC is "the future," but we don't seem to be moving AT ALL towards that future. Having multiple implementations would move the needle. Otherwise, there was this big leap forward when it was developed and added to browsers, but not much since.
How much does this sort of thing (and the hardware / capability it's running on) change in 20 years? I wonder if it's worth revisiting.
I like the idea of P2P and UDP for better latency.
But how dangerous is this?
Check your ones at https://www.privacytools.io/webrtc.html
I really don't know why the local IP addresses must be known to the server, maybe there are good technical reasons, but it's not OK.
So they can pair you with other clients sharing a local network with you? This allows the client to talk peer to peer over their LAN which is extremely valuable.
I'm not really sure that it is practical with large LANs (a /16) but it doesn't look impossible. If they design for privacy they could develop an algorithm that works.
And if I connect with a VPN I probably don't want to bypass it. I've got customers that accept unconveniences to protect their network with VPNs. Should browsers break it with WebRTC? I didn't think so. It's a vulnerability that I keep blocked.
> I'm not really sure that it is practical with large LANs (a /16) but it doesn't look impossible. If they design for privacy they could develop an algorithm that works.
Not even a little bit practical. Most big lans disallow broadcasts, or limit them in various ways. The only way for peers to find each other is to know each other's private IP address. And private IP addresses contain nothing of value.
Now if you're using a VPN which you intend to use to protect your privacy, well... There are countless of other problems with that if you just turn that on, use the same software as always, and think you are now 'anonymous'.
> And if I connect with a VPN I probably don't want to bypass it. I've got customers that accept unconveniences to protect their network with VPNs. Should browsers break it with WebRTC? I didn't think so. It's a vulnerability that I keep blocked.
It's not a vulnerability. It is a very, very useful feature. You just happen to think that enabling a VPN will magically give you a privacy shield, which is misguided at best.
A great series for you to read.
Udp is good.
client to client sessions are terrible over the internet.
(it's called peer-to-peer instead of client-to-client, because there is no client role in such a system).
Didn't know that. But makes sense.
In the WebRTC case, the server could simply be a "peer" too :)
In terms of plain and direct security holes in WebRTC, there is an extended attack surface. But your browser has this enabled anyway, no matter what you as an application developer or end user do.
In terms of security properties delivered to the application/end user, there are security and privacy advantages in end-to-end communication instead of involving servers. But it all depends on your use case and threat model.
But having random sites doing this, didn't feel right to me.
Also there's no reason to allow silent P2P connections.
I don't think WebRTC is ready yet for games, too much complexity on the server side.
Instead, he's using websockets for his web game.
Disclosure: we work for a WebRTC company.
Getting started with webrtc datachannels is easy and you can even have your server in Python Flask, but keep in mind you'll have to handle multiple concurrent connections.
Here's a simple file sharing demo I made a while ago https://github.com/suhithr/CampFile
Going to also shamelessly promote our webrtc platform www.temasys.io It has very strong support for data channel, and socket messaging.
Safari currently lacks support everywhere.
WebSockets are just too slow
Not sure status of this standard, or plans for adoption. As long as proper steps are taken to allow for secure implementations I'm all for it.
Is that still the case or do the guarantee a non-blocking protocol?
The big difference comes in with packet drops. TCP, with its delivery and order guarantees, will cause huge outliers in latency. Even when those outliers are rare, they will make your game look completely janky. With good broadband, those outliers will be very, very rare, and the game will look good.
You're trying to turn a stream protocol into a message based protocol and you're going to experience an impedance mismatch if you try to use the wrong protocol for your use case.
Definitely. But the reality is that it won't bite you for the part of your audience that's on premium broadband and corporate networks. Conversely, it's going to really really suck for people in crowded apartments on WiFi and bad connections of all kinds. I know this because I'm operating an MMO server on Amazon AWS right now.
Depends what kind of game you're making.
Does anybody have any experience using WebRTC out of the browser context? E.g. using Android's webRTC lib without using a browser?
For example if a new Android device comes out you can run into issues regarding gain and echoing, they also maintain a list of pecular devices which don't strictly adhere to standards (Mostly Samsung devices). So you end up having to upgrade to a later version. Which ends up causing regressions in many other devices which previously had no issues.
I am ofcourse talking about Google's WebRTC. The best thing to a stable version, is the commit hash used in chrome, but they have just as many regressions as any other version. Building it is also a bit of a pain, although no where near as bad as it used to be, but once it's set up it does the job quite well.
Sadly I believe its as production ready as its ever going to be, they seem to be taken the motto of "move fast and break things". The issue isn't the project, its the carefree way that its being handled.
WebRTC is a technology. It is not an application, and cannot replace applications.
In the cases of some of those applications, it could conceivably be used to implement future versions of those applications -- but that certainly doesn't equate to "killing" them.
I wasn't saying that it would kill them out of the box. I am thinking that those application rely of a heavy dose of proprietary technology in order to pull off their magic, and WebRTC is going to enable countless competitors to arise with much less investment in tech.
In the long run, this tends to kill off established applications.
I know it can feel good to tell people they are wrong, but you are off the mark.
The point was WebRTC could kill these technologies, all of which are proprietary or one-trick ponies. At least that was my question. I was looking for what others thought on the topic. I clearly was not trying to convince anyone IRC was purely proprietary, and anyone who would read what I wrote and would think that was clearly looking for a fight. I'm not interested. Move along.
- https://talky.io (commercial)
- https://simplewebrtc.com/ (mit licensed)
So basically finding out which IP address the master must send to the client is a huge pain. WebRTC does it automatically (to traverse NATs).
Also what is XSS?
If your entity state changes ("move player 1 to 3,4", "open door 3") are dropped/switch order, the logic no worker works. This way the unreliability seems to leak directly to game logic/scripting layer.
On the face of it the complexity cost seems high for supporting bad network connections. A normal TCP connection rarely sees losses or reorderings. There are exceptions (twitch games) of course.