Page 1 of 2

BlueBox and WebPlayer - will it ever work?

Posted: 20 Apr 2011, 07:13
by COB
I had a problem to make Smartfox 1.0, it's BlueBox and WebPlayer work together. I tried hard but without success, so I was waiting for the SFS2X BlueBox... and now I'm stuck in the same place.
My project is now using SFS2X. Standard connection is made on port 9933 and BlueBox connection should be made on 8080. In Unity3d editor I use WebPlayer as a target build, so everything should behave the same as on normal WebPlayer. I additionaly put crossdomain.xml in jetty www/root.
These are the ways how I force Smartfox to use BlueBox.
1. Remove: Security.PrefetchSocketPolicy(serverIP, 9933);. Unity3d tries to download policy from port 843, but file is not served there, so it switches to BlueBox. Then policy file is downloaded properly from www/root and application works fine.
2. Set port to 9934 (or other bad value). Behavior is almost the same. This time unity tries to prefetch policy from 9934 (because of: Security.PrefetchSocketPolicy(serverIP, 9934)), then 843 and after that switches to BlueBox and everything is fine.

The problem is, that it does not work when I made the actual build and run it from the browser. In this case Unity tries to download policy file from 838 (and 9934 in second scenario), but then does not switch to BlueBox. I tried to add Security.PrefetchSocketPolicy(serverIP, 8080);, but this also does not work. In this case Unity3d tries to download crossdomain.xml through socket connection, not through http and jetty server, so the server returns "400 Bad Request". For me is obvious that I use BlueBox, because I can't use direct socket connection. However this security mechanism always forces me to do this.
Does anybody manage to solve this issue? Am I doing something wrong? I will do any test, I can get Wireshark logs, etc. I will appreciate your help.

I forgot to add that when I use PC as target platform everything is fine. BlueBox is used and because of the build type, the policy file is not downloaded. This shows that the problem concerns the policy file and WebPlayer as a build.

Posted: 20 Apr 2011, 09:02
by ThomasLund
Its not a easy issue to solve. The way Unity webplayer requires you to prefetch the policy file makes it really hard to do these things in the current setup.

The best way would be if the bluebox server part could serve you the policy file. I dont think it can/does at the moment.

The other is to move your server to listen on e.g. port 80 (port forwarding?). But then you might as well run non-bluebox in the first place with sockets over port 80

You could maybe also have a policy file server on port 80 and then run bluebox over 8080 if you really want to do that.

But generally - sorry - no easy lunch here. We didnt invent the Unity policy file stuff, so its very annoying to us too.

If you have any good ideas yourself, then shoot away!

/Thomas

Posted: 20 Apr 2011, 11:46
by COB
ThomasLund wrote:Its not a easy issue to solve. The way Unity webplayer requires you to prefetch the policy file makes it really hard to do these things in the current setup.

The best way would be if the bluebox server part could serve you the policy file. I dont think it can/does at the moment.
BlueBox serves the policy as any other file on www server. It's even downloaded when I put: Security.PrefetchSocketPolicy(serverIP, 8080); in Unity3d and set build as a WebPlayer (but this seems to be not needed in editor WebBuild). However, Unity behaves different when I run the real WebPlayer. In this case Unity doesn't reach this step, because it tries to download policy file through standard socket connection.
ThomasLund wrote: The other is to move your server to listen on e.g. port 80 (port forwarding?). But then you might as well run non-bluebox in the first place with sockets over port 80
My server can listen on port 80, but this doesn't change anything. Still direct socket connection will be not possible because of... PROXY.
PROXY is my second problem. I assume that WebPlayer should work with the browser PROXY settings, but there is a problem with policy file. In fact, I even can't use standalone app version, because in this case I can't pass the PROXY. I've written that standalone app works well, but without PROXY and not really in E2E environment.
ThomasLund wrote: You could maybe also have a policy file server on port 80 and then run bluebox over 8080 if you really want to do that.
As I said earlier, I can use any port for my server, but I can't reach it directly beacause I have to pass the PROXY.
ThomasLund wrote:
But generally - sorry - no easy lunch here. We didnt invent the Unity policy file stuff, so its very annoying to us too.

If you have any good ideas yourself, then shoot away!

/Thomas
At the moment I have no ideas. I know only that without corporate network support this project has no future.

Posted: 20 Apr 2011, 15:50
by ThomasLund
I unfortunately do not control or have any influence on how Unity does its security :-(

I'll try to look into this, but there is not much that can be done different imho.

/Thomas

Posted: 20 Apr 2011, 16:06
by COB
I really appreciate your help and I'm waiting for any hints if you figure out something. I've posted similar thread on the Unity3d forum. The situation is confusing because as you said the problem may be more on the Unity side, but on the other hand it concerns BlueBox, which is SFS tool, so in fact it should be solved in some cooperation...
I tried to use also Network.useProxy, but I'm not sure if it will work for me and especially if it will be taken into account by BlueBox. When WebPlayer is used PROXY setting should be obtained from the browser. Do you know if it's possible to make BlueBox cooperate with such PROXY?

Posted: 21 Apr 2011, 08:42
by ThomasLund
The API does not use the Unity networking code, but uses the Mono networking classes. So I would not think that part would work for you.

Will try to see whats possible and what not. But I'm pretty sure that the Unity guys are not going to change their (new and shiney) security stuff back to happier days. Had several discussions with them already ;-)

But lets see

/Thomas

Posted: 21 Apr 2011, 14:05
by COB
At the moment I assume that usage of BlueBox is at huge risk, so I'm looking for some other solutions (maybe I will have to ask for some help from my corporate network administrators). However, I highly doubt, that they will connect me with the outside world (Internet) without any PROXY. Is it possible to pass such proxy maybe with some additional configuration? It is used for the http traffic. I have it's IP address and generaly it doesn't block any page, but brobably uses some filtering.

Posted: 27 Apr 2011, 11:38
by COB
ThomasLund wrote:The API does not use the Unity networking code, but uses the Mono networking classes. So I would not think that part would work for you.
At the moment I know that communication without PROXY will not be possible, so I have two general questions.
First one concerns Bluebox -> is it compatible with http PROXY? I mean, will it take automatically the browser settings and not connect directly with the provided address, but through the appropriate http PROXY?
My second question concerns PROXY in standard (not BlueBox) connection. Is it possible to connect through PROXY (maybe SOCKS) in that case?

Posted: 27 Apr 2011, 15:43
by ThomasLund
From the documentation on MSDN it looks like the WebClient will attempt automatic proxy discovery and use the IE Internet settings

http://msdn.microsoft.com/en-us/library/fze2ytx2.aspx

The API uses the following:

Code: Select all

			// Create HTTP loader and send
			WebClient webClient = GetWebClient ();
			Uri uri = new Uri(bbUrl);
			webClient.UploadValuesAsync (uri, "POST", formData);
		}

		private WebClient GetWebClient ()
		{
			WebClient webClient = new WebClient ();
			webClient.UploadValuesCompleted += OnHttpResponse;
			return webClient;
		}
So it does not specify either null proxy (to turn off automatic usage) or specifies anything manually.

So - if I read the MSDN page correct, then "By default, the Internet Explorer proxy settings are used to detect the proxy."

Have you tried to specify those? And it still doesnt work?

Edit:
An idea: Possibly the problem might come from Unity not being able to run through a proxy when running webplayer security. Just a thought that I have no idea on how to check.

/Thomas

Posted: 27 Apr 2011, 16:16
by COB
ThomasLund wrote:From the documentation on MSDN it looks like the WebClient will attempt automatic proxy discovery and use the IE Internet settings

http://msdn.microsoft.com/en-us/library/fze2ytx2.aspx

The API uses the following:

Code: Select all

			// Create HTTP loader and send
			WebClient webClient = GetWebClient ();
			Uri uri = new Uri(bbUrl);
			webClient.UploadValuesAsync (uri, "POST", formData);
		}

		private WebClient GetWebClient ()
		{
			WebClient webClient = new WebClient ();
			webClient.UploadValuesCompleted += OnHttpResponse;
			return webClient;
		}
So it does not specify either null proxy (to turn off automatic usage) or specifies anything manually.

So - if I read the MSDN page correct, then "By default, the Internet Explorer proxy settings are used to detect the proxy."
This should concern only WebPlayer or any platform?
ThomasLund wrote: Have you tried to specify those? And it still doesnt work?
These settings are specified. Moreover, I even can't change them. However in PROXY configuration there is some reference to file with some kind of script that does PROXY configuration. There is some kind of "routing" specified. Some local domains are forwarded to some local IP addresses and everything else goes through PROXY. Maybe there is a risk that this a bit more advanced configuration is not "transfered" to .NET. I will try to check some Wireshark logs to see if some communication with PROXY appears.
ThomasLund wrote: Edit:
An idea: Possibly the problem might come from Unity not being able to run through a proxy when running webplayer security. Just a thought that I have no idea on how to check.

/Thomas
My general problem is that Unity editor behaves differently than WebPlayer even if platform is set to WebPlayer in both cases.
By the way, when I run my app from editor and not in corporate network (no PROXY) and force it to use BlueBox, after some time app crashes with error. I don't remember what text is displayed on the poppup, but it is something with "nodes". Too many ar something like that.

Posted: 28 Apr 2011, 20:12
by COB
I've checked the Wireshark traces and PROXY settings are not taken into account in WebPlayer as well as in standalone build.

Posted: 29 Apr 2011, 15:47
by ThomasLund
I'll try to raise a bug report about it @ Unity. But it might take ages or even forever.

:/

Posted: 01 May 2011, 11:19
by KlingOne
So do I understand this properly that there is currently no way of getting the webplayer of unity 3 to work with bluebox?
If so it might be a good idea to mention that somewhere in the official bluebox doc so that people do not start projects believing this would work when in reality it doesn't.
The other is to move your server to listen on e.g. port 80 (port forwarding?). But then you might as well run non-bluebox in the first place with sockets over port 80
If you run a non-bluebox version with socket 80 wouldn't you then need a second server to host the unity webplayer since that also needs to be hosted on port 80 or am I missing something here?
Or is it possible to connect to smartfox via udp right away so that the http server can listen to socket 80 tcp connections and smartfox listens for port 80 udp connections?

Posted: 02 May 2011, 11:03
by COB
KlingOne wrote: If you run a non-bluebox version with socket 80 wouldn't you then need a second server to host the unity webplayer since that also needs to be hosted on port 80 or am I missing something here?
Or is it possible to connect to smartfox via udp right away so that the http server can listen to socket 80 tcp connections and smartfox listens for port 80 udp connections?
Yes when non-bluebox SFS is working on port 80, WebPlayer has to be available through http server on different port. This is not a problem when BlueBox is available, because its http server can serve also a WebPlayer. However, access to the WebPlayer is not a problem at least for me even on port 8080, because browser uses its PROXY settings as for any other page and there is no crossdomain policy issue at this level. Unfortunately, BlueBox with Unity doesn't use PROXY setting and there are also some problems with the crossdomain policy.
I don't think that it's possible to use SFS with UDP only.
At the moment I don't know for what purposses BlueBox was made. My idea was that it will be able to put traffic into http and then pass http PROXY. For direct socket connections probably http PROXY will not work and SOCKS PROXY will be needed. When both raw socket and BlueBox connections are not PROXY (SOCKS/http) compatible, I don't know if there is any advantage in using the BlueBox.


p.s. There is also another strange thing concerning BlueBox which I described here:
http://forums.smartfoxserver.com/viewtopic.php?t=10890

Posted: 10 May 2011, 13:28
by COB
On http://www.smartfoxserver.com/products/ I see:
BlueBox: firewall and proxy traversal add-on
Something has changed in SFS 1? Or maybe proxy is supported on other platforms except Unity3D?