Configuration
This document describes the FigNet configuration model and the current security-related fields.
The authoritative configuration classes live in:
FigNet/Core/Configuration.csFigNetUnity/FigNet_Unity/Assets/FigNetCore/FigNet/Core/Configuration.cs
See also:
Default Config Location
FN.LoadConfig() loads the main application config from the executable/config directory.
Current default filenames:
- native runtime:
ServerConfig.yaml - Unity resource sample:
ServerConfig.xml
Top-Level Configuration
Fields:
ApplicationType:ClientorServerFrameRate: update/tick rate used by the runtime loopLoggingMethod: logging target such asCONSOLE,FILE, orNONEAppSecretKey: app-level shared secret still used by current bootstrap/auth flowsModules: server-side module listGames: server-side game assembly listServerConfigs: listening endpointsPeerConfigs: outbound/client connectionsSubscribeDebugMessages: optional debug subscriptions
Server Secure Datagram Identity
The runtime does not use a pinned public-key config field for secure datagram transports.
Current behavior:
- secure datagram servers generate one in-memory keypair per process lifetime
- that keypair is shared by all secure datagram listeners in the same process
- restarting the server creates a new keypair
- nothing needs to be copied into config on either side
This keeps setup simple and ensures the bootstrap/auth payloads are still protected once the secure session is established.
For a stronger future trust model, see Secure Bootstrap over HTTPS.
ServerConfig
Each ServerConfig defines one listening endpoint.
Fields:
NameAppNamePortProviderMaxChannelsMaxConnectionsDisconnectTimeoutMaxSendQueueSizeMaxReceiveQueueSizeIsMultiThreadedLoggingLevelIsSecureEnableDebugMessagesCertificate
Behavior note:
ServerConfigs[].LoggingLevelis the startup default for that listener.- The admin panel live log-level control does not rewrite this value.
- Runtime overrides are process-scoped and are cleared on restart.
Security note:
IsSecureis only meaningful for stream transports such asTCPandWebSocket.- It means
TLS/WSS. - It does not control datagram secure-session encryption.
PeerConfig
Each PeerConfig defines one outbound connection.
Fields:
NameAppNamePeerIpPortProviderAutoConnectMaxChannelsDisconnectTimeoutMaxSendQueueSizeMaxReceiveQueueSizeIsMultiThreadedOnApplicationPauseTimeoutInMinutesLoggingLevelIsSecureEnableDebugMessagesCertificate
Security note:
- Stream transports rely on
IsSecureforTLS/WSS. - Secure datagram clients do not require a pinned public-key field in config.
Current Transport Security Rules
Datagram
Providers:
ENetLiteNetLib
Rules:
Message.IsEncrypted = trueuses the app-layer secure session.- Plaintext datagrams include packet magic automatically.
- Encrypted datagrams do not include packet magic.
Stream
Providers:
TCPWebSocketWebSocketCoreWebSocketNative
Rules:
- No app-layer secure session.
- No packet magic.
IsSecure = truemeans useTLS/WSS.Message.IsEncrypteddoes not cause app-layer encryption on stream transports.
Example Server YAML
ApplicationType: Server
FrameRate: 128
LoggingMethod: CONSOLE
AppSecretKey: "123"
Modules:
- AssemblyName: EntangleServer
Type: EntangleServer.Modules.Lobby.FNELobby
ServerConfigs:
- Name: Entangle
AppName: entangle
Port: 5559
Provider: ENet
MaxChannels: 4
MaxConnections: 4095
DisconnectTimeout: 30000
MaxSendQueueSize: 4096
MaxReceiveQueueSize: 2048
IsMultiThreaded: true
LoggingLevel: Info
IsSecure: false
- Name: EntangleWeb
AppName: entangle
Port: 9000
Provider: WebSockets
MaxChannels: 8
MaxConnections: 5000
DisconnectTimeout: 30000
MaxSendQueueSize: 4096
MaxReceiveQueueSize: 2048
IsMultiThreaded: true
LoggingLevel: Info
IsSecure: true
Example Client Shape
Module-specific client configs in the repo expose:
AppSecrectKey- transport selection / endpoint settings
- optional
IsSecurefor stream transports
There is no longer a pinned-key field to keep in sync between server and clients.
Recommended Production Practice
For the active low-friction runtime:
- use secure datagram when you need encrypted bootstrap payloads
- use
TLS/WSSfor stream transports - assume datagram secure session protects confidentiality and integrity, not stable server identity
For future hosted fleets and stronger server identity, see Secure Bootstrap over HTTPS.