Important: UNet is a deprecated solution, and a new Multiplayer and NetworkingThe Unity system that enables multiplayer gaming across a computer network. More info See in Glossary Solution (Netcode for GameObjects) is under development. For more information and next steps see the information on the Unity Netcode for GameObjects website. |
Unity Multiplayer can make use of an encryption Plug-inA set of code created outside of Unity that creates functionality in Unity. There are two kinds of plug-ins you can use in Unity: Managed plug-ins (managed .NET assemblies created with tools like Visual Studio) and Native plug-ins (platform-specific native code libraries). More info
See in Glossary, so that all data you send over the network passes through the encryption plug-in before being sent. This allows you to protect your game against cheating by packet manipulation and attacks on your dedicated game servers.
Unity Multiplayer does not have a built-in encryption plug-in, so you must provide your own plug-in that implements an encryption algorithm, and which implements the mandatory functions listed further below.
The following diagram illustrates how Unity Multiplayer uses your encryption Plug-in, if you provide one.
To instruct your game or app to use an encryption Plug-in, you must call UnityEngine.Networking.NetworkTransport.LoadEncryptionLibrary(path)
where path
is the path to your compiled plugin. Typically on Windows it will be string.Format("{0}/Plugins/UnetEncryption.dll", Application.dataPath)
.
When you call this function, Unity checks the file exists, and that it implements all the mandatory functions (listed below). These are the functions that Unity’s multiplayer system itself will call. If you create your own encryption plugin, you will likely need to add more functions that you call from your C# code. For example, to initialise your algorithm or to provide your plug-in with key values. You can do this in the usual way for native plugins callable from C#.
Note: The location of a plugin in the built version of your game is not necessarily the same as in your Assets folder, and it may differ between target platforms. You may need to write code that detects the current runtime environment and select the correct path based on that.
You can get a sample encryption plugin and a sample Unity project using it from Unity’s GitHub. This is provided to illustrate a starting point for implementing your own Plug-in.
Any encryption Plug-in you create or use must provide the following functions. Unity will fail to load the plug-in if it does not define these. These are the functions that will be called by the Unity runtime itself. Plugins will typically provide additional functions to be called from the user’s C# code, for example for registering keys.
int UNetEncryptionLib_Encrypt(
void * payload,
int payload_len,
void * dest,
int & dest_len,
int connection_id,
bool isConnect);
This function performs the encryption. This is called by Unity’s networking whenever a packet is to be sent over the network.
Encrypt
must return zero on success. On any other return value, the runtime will drop the packet without sending it.
int UNetEncryptionLib_Decrypt(
void * payload,
int payload_len,
void * dest,
int & dest_len,
int & key_id);
This function performs the decryption. This is called by Unity networking whenever a packet is received from the network.
payload
is the received packet.payload_len
is the length in bytes of the payload buffer.dest
is the buffer into which the plugin should write the decrypted data.dest_len
is the capacity in bytes of the dest buffer. The plugin must replace this value with the number of bytes actually written into dest.key_id
is an integer identifier. The plugin should write a value that uniquely identifies the decryption key used. On the server this value will be passed back into ConnectionIdAssigned
if a new connection is accepted.
Decrypt
must return zero on success. On any other return value, the packet is dropped without being processed further.
unsigned short UNetEncryptionLib_SafeMaxPacketSize(
unsigned short mtu);
You should call this function from your game to modify ConnectionConfig.PacketSize
(also known as the maximum transmission unit, or MTU) before calling NetworkTransport.AddHost
.
For example, your game might normally use an MTU of 1000 bytes. If ConnectionConfig.PacketSize
is set to 1000 bytes before passing it into NetworkTransport.AddHost
(via HostConfig.DefaultConfig
), then the NetworkTransport layer will send no more than 1000 bytes of cleartext in a single packet.
An encryption plugin will typically add some overhead due to header information placed before the payload, as well as rounding-up the payload to an encryption block size. For example, if you are sending 18 bytes of cleartext, and the plug-in needs to add 49 bytes of header and using AES to encrypt data with a block size of 16 bytes, then the algorithm would produce a packet of 81 bytes (18 bytes of cleartext rounds up to 32 bytes of ciphertext, and then an additional 49 bytes of header).
Unity calls this function to ensure that packets that are about to be sent do not go over the limit of what’s possible to send, given the network MTU and your encryption algorithm’s ciphertext expansion and padding.
mtu
is the maximum transmission unit. The largest packet size that you want the plugin to generate.The maximum amount of cleartext that should be provided to a single call to Encrypt, in order for the plugin to generate packets not larger than the MTU.
You must set the maximum packet size in your connection config to tell Unity Multiplayer to split data up so that it fits your encryption requirements. If you notice that some of your messages do not successfully transmit over the network, it could be because they were dropped due to exceeding the maximum packet size.
void UNetEncryptionLib_ConnectionIdAssigned(
int key_id,
unsigned short connection_id);
This is called on the server when a new connection has been accepted and an ID assigned to it.
key_id
The key identifier, which was written by the corresponding previous call to Decrypt
for this packet.connection_id
The connection id that will be used from this point forth. In particular, as a parameter to subsequent Encrypt
calls when sending packets back to the client.When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.
More information
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. Some 3rd party video providers do not allow video views without targeting cookies. If you are experiencing difficulty viewing a video, you will need to set your cookie preferences for targeting to yes if you wish to view videos from these providers. Unity does not control this.
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.