Skip to content

Enable TCPAllowConnect option#1084

Draft
AntlerForce wants to merge 2 commits into
beyond-all-reason:masterfrom
AntlerForce:TCPAllowConnect
Draft

Enable TCPAllowConnect option#1084
AntlerForce wants to merge 2 commits into
beyond-all-reason:masterfrom
AntlerForce:TCPAllowConnect

Conversation

@AntlerForce

@AntlerForce AntlerForce commented Nov 19, 2025

Copy link
Copy Markdown
Collaborator

There is a springsettings.cfg option in Recoil called TCPAllowConnect that is not set by BAR. This is why LuaSocket connections from anywhere are currently permitted. If we want to block unauthorized luasocket connections we need to add the following to config:
TCPAllowConnect = 127.0.0.1:-1 server4.beyondallreason.info:8200

We need to allow 127.0.0.1:-1 because spring-launcher connects to loopback with a new port each time, this appears in infolog like so:

[t=00:00:04.694745][f=-000001] [spring-launcher] Connecting to 127.0.0.1:36303

This PR uncomments the dumpConfig function to perceive current luasocket restrictions in log. If done correctly, they will appear like this:

[t=00:00:13.818422] [LuaSocket] TCP_CONNECT ALLOW 127.0.0.1 -1
[t=00:00:13.818433] [LuaSocket] TCP_CONNECT ALLOW server4.beyondallreason.info 8200
[t=00:00:13.818441] [LuaSocket] TCP_CONNECT ALLOW 135.125.188.130 8200
[t=00:00:13.818452] [LuaSocket] TCP_LISTEN  ALLOW * -1
[t=00:00:13.818460] [LuaSocket] UDP_LISTEN  ALLOW * -1

This PR does not enforce this config for everyone, as it is read-only from lua and according to spring documentation, can only be set from unitsync. So it remains as draft until that is figured out.
https://springrts.com/wiki/Lua_Socket

@AntlerForce AntlerForce marked this pull request as draft November 19, 2025 23:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant