Skip to main content

Configuration

This document describes the FigNet configuration model and the current security-related fields.

The authoritative configuration classes live in:

  • FigNet/Core/Configuration.cs
  • FigNetUnity/FigNet_Unity/Assets/FigNetCore/FigNet/Core/Configuration.cs

See also:

Default Config Location

FN.LoadConfig() loads the main application config from the executable/config directory.

Current default filenames:

  • native runtime: ServerConfig.yaml
  • Unity resource sample: ServerConfig.xml

Top-Level Configuration

Fields:

  • ApplicationType: Client or Server
  • FrameRate: update/tick rate used by the runtime loop
  • LoggingMethod: logging target such as CONSOLE, FILE, or NONE
  • AppSecretKey: app-level shared secret still used by current bootstrap/auth flows
  • Modules: server-side module list
  • Games: server-side game assembly list
  • ServerConfigs: listening endpoints
  • PeerConfigs: outbound/client connections
  • SubscribeDebugMessages: optional debug subscriptions

Server Secure Datagram Identity

The runtime does not use a pinned public-key config field for secure datagram transports.

Current behavior:

  • secure datagram servers generate one in-memory keypair per process lifetime
  • that keypair is shared by all secure datagram listeners in the same process
  • restarting the server creates a new keypair
  • nothing needs to be copied into config on either side

This keeps setup simple and ensures the bootstrap/auth payloads are still protected once the secure session is established.

For a stronger future trust model, see Secure Bootstrap over HTTPS.

ServerConfig

Each ServerConfig defines one listening endpoint.

Fields:

  • Name
  • AppName
  • Port
  • Provider
  • MaxChannels
  • MaxConnections
  • DisconnectTimeout
  • MaxSendQueueSize
  • MaxReceiveQueueSize
  • IsMultiThreaded
  • LoggingLevel
  • IsSecure
  • EnableDebugMessages
  • Certificate

Behavior note:

  • ServerConfigs[].LoggingLevel is the startup default for that listener.
  • The admin panel live log-level control does not rewrite this value.
  • Runtime overrides are process-scoped and are cleared on restart.

Security note:

  • IsSecure is only meaningful for stream transports such as TCP and WebSocket.
  • It means TLS/WSS.
  • It does not control datagram secure-session encryption.

PeerConfig

Each PeerConfig defines one outbound connection.

Fields:

  • Name
  • AppName
  • PeerIp
  • Port
  • Provider
  • AutoConnect
  • MaxChannels
  • DisconnectTimeout
  • MaxSendQueueSize
  • MaxReceiveQueueSize
  • IsMultiThreaded
  • OnApplicationPauseTimeoutInMinutes
  • LoggingLevel
  • IsSecure
  • EnableDebugMessages
  • Certificate

Security note:

  • Stream transports rely on IsSecure for TLS/WSS.
  • Secure datagram clients do not require a pinned public-key field in config.

Current Transport Security Rules

Datagram

Providers:

  • ENet
  • LiteNetLib

Rules:

  • Message.IsEncrypted = true uses the app-layer secure session.
  • Plaintext datagrams include packet magic automatically.
  • Encrypted datagrams do not include packet magic.

Stream

Providers:

  • TCP
  • WebSocket
  • WebSocketCore
  • WebSocketNative

Rules:

  • No app-layer secure session.
  • No packet magic.
  • IsSecure = true means use TLS/WSS.
  • Message.IsEncrypted does not cause app-layer encryption on stream transports.

Example Server YAML

ApplicationType: Server
FrameRate: 128
LoggingMethod: CONSOLE
AppSecretKey: "123"

Modules:
- AssemblyName: EntangleServer
Type: EntangleServer.Modules.Lobby.FNELobby

ServerConfigs:
- Name: Entangle
AppName: entangle
Port: 5559
Provider: ENet
MaxChannels: 4
MaxConnections: 4095
DisconnectTimeout: 30000
MaxSendQueueSize: 4096
MaxReceiveQueueSize: 2048
IsMultiThreaded: true
LoggingLevel: Info
IsSecure: false

- Name: EntangleWeb
AppName: entangle
Port: 9000
Provider: WebSockets
MaxChannels: 8
MaxConnections: 5000
DisconnectTimeout: 30000
MaxSendQueueSize: 4096
MaxReceiveQueueSize: 2048
IsMultiThreaded: true
LoggingLevel: Info
IsSecure: true

Example Client Shape

Module-specific client configs in the repo expose:

  • AppSecrectKey
  • transport selection / endpoint settings
  • optional IsSecure for stream transports

There is no longer a pinned-key field to keep in sync between server and clients.

For the active low-friction runtime:

  • use secure datagram when you need encrypted bootstrap payloads
  • use TLS/WSS for stream transports
  • assume datagram secure session protects confidentiality and integrity, not stable server identity

For future hosted fleets and stronger server identity, see Secure Bootstrap over HTTPS.