Grim doesn't exempt Geyser players on server that run Velocity and NanoLimbo

[noiverre]

Describe the false positive and how to replicate it

1. Install Velocity server
2. Install Geyser and Floodgate
3. Install NanoLimbo server
4. Connect NanoLimbo to backend and Velocity
5. Install floodgate in backend server
6. Login using bedrock client, in this case I use Minecraft for Android

On velocity:

On backend, floodgate is installed both in velocity and in backend server:

Grim version

grimac-2.3.39.jar

Server version

Plugins

[noiverre]

Saw other issue related to Bedrock checks, this line doesn't appear in the console

[09:58:02 INFO]: [floodgate] Floodgate player logged in as .Define_Outside joined (UUID: 00000000-0000-0000-0009-01f7ed6f3737) [09:58:03 INFO]: .Define_Outside joined the game [09:58:03 INFO]: .Define_Outside[/123.456.789.123:0] logged in with entity id 128 at ([world]-2.5, 101.0, 3.5)

[09:58:20 INFO]: This player is exempt from all checks! [09:58:20 INFO]: User connection state: PLAY

[MachineBreaker]

Did you configured correctly Floodgate?

[noiverre]

remote:
  # The IP address of the remote (Java Edition) server
  # If it is "auto", for standalone version the remote address will be set to 127.0.0.1,
  # for plugin versions, it is recommended to keep this as "auto" so Geyser will automatically configure address, port, and auth-type.
  # Leave as "auto" if floodgate is installed.
  address: auto
  # The port of the remote (Java Edition) server
  # For plugin versions, if address has been set to "auto", the port will also follow the server's listening port.
  port: 25560
  # Authentication type. Can be offline, online, or floodgate (see https://github.com/GeyserMC/Geyser/wiki/Floodgate).
  # For plugin versions, it's recommended to keep the `address` field to "auto" so Floodgate support is automatically configured.
  # If Floodgate is installed and `address:` is set to "auto", then "auth-type: floodgate" will automatically be used.
  auth-type: floodgate
  # Allow for password-based authentication methods through Geyser. Only useful in online mode.
  # If this is false, users must authenticate to Microsoft using a code provided by Geyser on their desktop.
  allow-password-authentication: true
  # Whether to enable PROXY protocol or not while connecting to the server.
  # This is useful only when:
  # 1) Your server supports PROXY protocol (it probably doesn't)
  # 2) You run Velocity or BungeeCord with the option enabled in the proxy's main config.
  # IF YOU DON'T KNOW WHAT THIS IS, DON'T TOUCH IT!
  use-proxy-protocol: false
  # Forward the hostname that the Bedrock client used to connect over to the Java server
  # This is designed to be used for forced hosts on proxies
  forward-hostname: false

[noiverre]

Should I remove floodgate in Velocity and use floodgate in backend only? the key.pem has different value

[MachineBreaker]

Should I remove floodgate in Velocity and use floodgate in backend only? the key.pem has different value

Afaik you need to have the same key Proxy <-> Backend

[noiverre]

I set up the same key.pem by copying it both in Velocity and backend, it's still checking on Geyser players

[MWHunter]

https://github.com/GeyserMC/Geyser/wiki/Floodgate/f4fa39c2b1f9517af7da0c7729b1ad709a688a45#running-floodgate-on-spigot-servers-behind-bungeecord-or-velocity

[noiverre]

Looks like I misconfigured Geyser. My player-info-forwarding is modern whereas it's required to use LEGACY

Haven't tested it yet, will give update after I test this

[noiverre]

I followed the tutorial above, here's the result using LEGACY forwarding

On backend

On velocity

I also enabled send-floodgate-data to true in floodgate config in Velocity

There's no this line

INFO]: This player is exempt from all checks! INFO]: User connection state: PLAY

However, the user isn't stuck anymore by bad packets check etc, it works fine

Then, I tried to use MODERN forwarding, but keeping send-floodgate-data to true

It also works, I guess this is an issue from Geyser?

[MWHunter]

If the player is exempt from all checks that means they bedrock - since grim isn't designed for bedrock users