netcode is a secure client/server protocol built on top of UDP.
It's intended for use by real-time multiplayer games, which need a connection oriented protocol but without the head of line blocking of TCP.
netcode has the following features:
- Secure client connection with connect tokens. Only clients you authorize can connect to your server. This is perfect for a game where you perform matchmaking in a web backend then send clients to a server.
- Client slot system. Servers have n slots for clients. Client are assigned to a slot when they connect to the server and are quickly denied connection if all slots are taken.
- Fast clean disconnect on client or server side of connection to open up the slot for a new client, plus timeouts for hard disconnects.
- Encrypted and signed packets. Packets cannot be tampered with or read by parties not involved in the connection. Cryptography is performed by the excellent sodium library.
- Many security features including robust protection against maliciously crafted packets, packet replay attacks and packet amplification attacks.
- Support for packet tagging which can significantly reduce jitter on Wi-Fi routers. Read this article for more details.
netcode is stable and production ready.
Start by generating a random 32 byte private key. Do not share your private key with anybody.
Especially, do not include your private key in your client executable!
Here is a test private key:
static uint8_t private_key[NETCODE_KEY_BYTES] = { 0x60, 0x6a, 0xbe, 0x6e, 0xc9, 0x19, 0x10, 0xea,
0x9a, 0x65, 0x62, 0xf6, 0x6f, 0x2b, 0x30, 0xe4,
0x43, 0x71, 0xd6, 0x2c, 0xd1, 0x99, 0x27, 0x26,
0x6b, 0x3c, 0x60, 0xf4, 0xb7, 0x15, 0xab, 0xa1 };Create a server with the private key:
char * server_address = "127.0.0.1:40000";
struct netcode_server_config_t server_config;
netcode_default_server_config( &server_config );
memcpy( &server_config.private_key, private_key, NETCODE_KEY_BYTES );
struct netcode_server_t * server = netcode_server_create( server_address, &server_config, time );
if ( !server )
{
printf( "error: failed to create server\n" );
return 1;
}Then start the server with the number of client slots you want:
netcode_server_start( server, 16 );To connect a client, your client should hit a REST API to your backend that returns a connect token.
Using a connect token secures your server so that only clients authorized with your backend can connect.
netcode_client_connect( client, connect_token );Once the client connects to the server, the client is assigned a client index and can exchange encrypted and signed packets with the server.
For more details please see client.c and server.c
This repository holds the implementation of netcode in C.
Other netcode implementations include:
- netcode C# implementation
- netcode Golang implementation
- netcode Rust implementation (updated fork of vvanders/netcode.io)
- netcode Rust implementation (new from scratch Rust implementation)
- netcode for Unity
- netcode for UE4
- netcode for Typescript
If you'd like to create your own implementation of netcode, please read the netcode 1.02 standard.
These people are awesome:
- Val Vanders - Rust Implementation
- Walter Pearce - Rust Implementation
- Isaac Dawson - Golang Implementation
- Alan Stagner - Unity integration, C# implementation
- Jérôme Leclercq - Support for random connect token nonce
- Randy Gaul - Discovered vulnerability in replay protection
- Benny Chen - Typescript Implementation
- Benny Nazimov - Rust implementation
Thanks for your contributions to netcode!
The author of this library is Glenn Fiedler.
Other open source libraries by the same author include: reliable, serialize, and yojimbo.
If you find this software useful, please consider sponsoring it. Thanks!