Comparing sockaddr_in
I am writing a multiplayer game. In the game, all the clients connect to a server. When a client receives data, to ensure there is no hacking, I want to compare the sockaddr_in I get from recvfrom() to the sockaddr_in of the server. How can I do that?
Ilya
i wonder, would this work?
bool CompareIP(sockaddr_in ptAddr1, sockaddr_in ptAddr2){ if(ptAddr1.sin_addr.S_un.S_addr==ptAddr2.sin_addr.S_un.S_addr) return true;return false;}
Quote:Original post by crupp
actually, IP addresses can be faked. that's called "spoofing".
Yes. But only with raw sockets. And its non-trivial. And if you spoof your IP address, you can't get a reply to any data you send. So don't worry about it.
Additionally, many internet service providers won't actually accept spoofed packets -- the end-node routers (that you are talking to) will drop them.
If you want to be a little more secure about finding out who is actually talking to you, I wrote up a paper on Authentication for Games.
If you want to be a little more secure about finding out who is actually talking to you, I wrote up a paper on Authentication for Games.
The address you get from recvfrom will be the client one, not the server.
And you'll have to compare it anyway with a connected clients table to know who they are.
I am of course assuming that you are using UDP.
If you are using TCP you don't need to care about who someone is - it is normally safe to assume that if they are on the same socket, they are the same person - TCP hijacking is extremely difficult.
Essentially you'll only need to validate their identity when they open the socket if you're on TCP.
Mark
And you'll have to compare it anyway with a connected clients table to know who they are.
I am of course assuming that you are using UDP.
If you are using TCP you don't need to care about who someone is - it is normally safe to assume that if they are on the same socket, they are the same person - TCP hijacking is extremely difficult.
Essentially you'll only need to validate their identity when they open the socket if you're on TCP.
Mark
ah.. but I am writing code for client (server is done by someone else) and I only need to see if I am getting data from the server or not. Players will not talk to each other directly. The game is for school so I am not too woried about security ;)
Thank you,
Ilya
Thank you,
Ilya
Quote:Original post by markr
The address you get from recvfrom will be the client one, not the server.
And you'll have to compare it anyway with a connected clients table to know who they are.
I am of course assuming that you are using UDP.
If you are using TCP you don't need to care about who someone is - it is normally safe to assume that if they are on the same socket, they are the same person - TCP hijacking is extremely difficult.
Essentially you'll only need to validate their identity when they open the socket if you're on TCP.
Mark
Yeah, I am using UDP.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement