The "Getting Bolo to work over the internet" challenge

[LaPorta]

Hello everyone,

There's something that has been frustrating both myself and others who have tried to play Bolo over the internet of late: it simply does not work. There appears to be something that the internet either does now or does not support that it did previously that breaks its ability to play games over the UDP/IP protocol. This limits Bolo to local AppleTalk networks, or rigged "AppleTalk over Internet" solutions, none of which I know how to make work. My challenge is this: if you have some sort of way to work around this already (AppleTalk tunneling over the internet that is easy to do) or something, please let me know. If this is really as difficult as I am lead to believe, necessitating some sort of add-on, reprogramming, or separate background application on the host computer, I'll front $50 to the person who pulls it off. If anyone else would really like to see this happen, feel free to say "Hey, I'll add $5 to that!" or whatever you want. Only catch: this needs to work on a real OS 7/8/9 computer, and not within SheepShaver, Basilisk or some such.

Anyone can help with this?

 

[olePigeon]

There used to be Bolo servers that would let you play over the internet.  Unfortunately the tracker server software appears to have disappeared.  I tried asking about the server software on various forums (including emailing Stuart Cheshire), but I got no replies.

Perhaps someone could figure out how it worked and make a new one.  That'd be really useful.  I've been dying for a game of Bolo.

 

[LaPorta]

The tracker itself I still have a copy of. The server is a different matter, yes. However, that is not the main issue I am hoping to address. The issue is Bolo itself. If you know someone's IP, and they are hosting, and you attempt to join...it no longer works. Something is fundamentally broken with the way that Bolo sends/receives game information, and I don't know exactly what it is or how to fix it.

 

[cheesestraws]

Do you have packet captures of a connection attempt being made?

 

[techknight]

its probably firewalls now. whoever is hosting a game needs to forward ports. 

 

[cheesestraws]

I was thinking that.  Either that or NAT.

 

[techknight]

Yea its an issue. thats why these days, any time I deploy a machine out there in the wild that I have to remotely manage, I use reverse SSH instead of standard SSH for this very reason. 

 

[LaPorta]

I have ports for Bolo forwarded through my router to my PowerTower Pro, so

It should work at least in theory. If I recall, the last person I tried with verified the port was open from His end. We will have to see what we find.

 

[olePigeon]

According to old USENET posts, the server software is required for NAT.  It handled IP forwarding.

 

[LaPorta]

You mean some server somewhere in the internet? I would figure that using someone's IP address would just connect to that address. So...does that mean it always connects to this mythical server and then the server connects to the IP address you typed?

 

[olePigeon]

@LaPorta One of many mythical servers, from what I understand, yes.  There used to be plenty of them.  You had to manually type in the "Bolo Tracker" when you started a game so it would show up on one of the servers, which would handle the IP forwarding.  Then someone made a hack (0.99.7bv) that integrated support for 3rd party software called "Internet Bolo Buddy" to automatically obtain a list of games on the Bolo Tracker, then auto-fill the tracker IP to register / join an internet based game.

Unfortunately, yes, we need to either track down the Bolo Tracker server software, or somehow reverse engineer it.  The only other option would be to manually bridge AppleTalk networks.

Stuart Cheshire is still employed at Apple, but he hasn't replied to any of my emails.  I even left a voice mail.  *shrug*

 

[LaPorta]

Yes, I still have my copy of Internet Bolo Budy. In fact, it still has the addresses for the servers in it (although they of course are no longer active). I wonder if there is a way to just recreate the actual server...

 

[cheesestraws]

Having thought about this, I bet Bolo is putting its own IP address in its packets.  I've had this suspicion for a while now, and today on the documentation page for bbraun's AppleTalk VPN (http://www.synack.net/~bbraun/avpn.html) I found a note that Bolo does precisely this on AppleTalk, putting its own AppleTalk address in packets, and that the AppleTalk VPN fixes up the packets to make them actually work.  In this case, you could probably come up with an ALG like for other protocols that need this (e.g. SIP), which would be unwieldy but not the end of the world...

 

[cheesestraws]

(Parenthetically, this is an interesting software design choice

 

[olePigeon]

@cheesestraws Bolo was originally written for the BBC Micro.

 

[cheesestraws]

Bolo was originally written for the BBC Micro.

Yup, I knew that but I didn't realise any of that version was actually left in the current one.  I'm especially pleased with the 'DDH', which are the initials of the pseudonym the author used for the BBC Micro version

 

[cheesestraws]

@LaPorta just helped me grab some packet captures from Bolo attempting to connect, and that, along with a sarcastic comment in the README, demonstrates why this doesn't work.  The answer is, as I suspected, NAT.

When Bolo is negotiating its communications, it embeds the IP address it thinks of as the sender into packets.  And, crucially, it trusts the networking information in the payload of the packet above the actual routing information in the packet itself.  This is a decidedly questionable bit of design; not just now, but it was already questionable design back then.  The author in the README rants about how he considers the OSI 7 layer model to be a trendy magic bullet; this is as may be, but if he'd paid more attention to layered models of networking in general, this would still be working.

This means that any normal end-user network connection sharing will break this, as will several other kinds of non-trivial routing policy.  All of these require that the application use the information in the routing information in the packet itself to function, and don't try to second-guess the network.  And, if the readme is to be believed, this failure is due to Attitude. 

So yay for Attitude.

In fairness, much higher-profile protocols from much more august bodies have fallen into similar traps; SIP, for example, the VoIP protocol, does kind of similar (though perhaps not through Attitude).  In those cases, because they're reasonably high-profile, a lot of routers will essentially fix the traffic silently on the way through to make it "look" right.  But the interest in Bolo is, unfortunately, insufficient to divert the entire home router industry into fixing up its traffic on the way through like it was for SIP.

Which is a shame.

The same approach could be taken here, though: if the Bolo protocol is documented anywhere, someone could make a UDP proxy that would quietly rewrite the packets on the way through.  This wouldn't be that difficult, but would require a bit of finesse.  I know that bbraun's AppleTalk over IP stuff does fixups for Bolo specifically to mitigate this problem, by replacing the "fake" addresses in the packets with "real" ones, so that could perhaps act as a basis here.

The other option is essentially to run a VPN either to the Mac itself or to a router upstream of it such that there is no address translation between the players.  This is a pain but is feasible; someone with a Mikrotik RouterBoard or similar could set up a little VPN concentrator.

 

[Scott Squires]

I would love to get Bolo working. It would be awesome to have people to play with. The easy way would be for one of us to throw wireguard onto one of our servers and let people route their Bolo traffic through that.

Realistically, probably at most 3 people would actually take the steps needed to configure their networks for that.

Another option is for someone to develop a patch that changes Bolo to use proper network addresses. But I have never been good at binary patching. Reverse engineering the network protocol and writing a proxy is probably easier. But a patch would be more user-friendly and attract more players. Unless we're talking about a proxy that could run locally on the Mac. That would be pretty easy for users.

 

[Scott Squires]

I came across this and thought I had found something important. But turns out it's just the "game info" packet for trackers.

View attachment infopacketsource.txt