Most Efficient and Secured way to Send/Receive Messages over UDP

Hello everyone.

im trying to Send/Receive messages between Server and Clients.
for the moment im simply sending my buffers as byte[]'s

but It’s a massive security risk to take data coming in over the network and trust it.
that’s exactly what im doing when i just copy a block of memory into a struct and if somebody constructs a malicious Packet (Tn) and sends it the Server will Crash for sure .
i know i can do some sort of per-field checking that values are in range but this is not a good approach for performance.

any suggestions will be much appreciated !!

 

Not really the right forum, but anyway.

Usually you'd serialize the data using a fast well know/trusted library, such as Protocol Buffers, and this will handle it all for you.

If the received packet does not fit the template the deserializer will throw an exception that you can catch and handle. You still need to validate individual fields but you can at least trust the received data structure should be correct.

 

sorry for this
i thought it was related cause i built it using DOTS, also my code is kind of inspired by the New NetCode.

is there a way to use this approach with burst ? (try cactch)

do you think it can be more efficient to use this approach with DataStreams (DataStreamWriter, DataStreamReader) ?

 

This doesn't really make much sense tbh. These libraries are unlikely to be written in burst and your network layer should probably exist outside of your ECS game loop.

I reckon there 3 primary steps.

1. Network layer needs to receive packet and deserialize it into whatever format you desire. Whether it's a Dictionary<string, string> or a struct with specific fields. Depends entirely on you.

2. Validate fields. For example, if it has a command ID field, make sure the value falls within the legit specific range of values.

3. Export to ECS world. The command is likely to be for a specific entity or entities so you need to apply this to them.

Now 2 and 3 order can be reversed. You could totally export to ECS world before validating and simply do the validation when it is handled in the ECS world. Though I reckon ideally you'd do validation both sides. Before exporting you'd make sure data is valid and makes sense and after exporting you'd make sure what the command is trying to do is legal in the current game state.

~

Anyway there are a lot of different ways you can handle networking and it depends heavily on the networking library you are using and how much of this it handles for you automatically. This advice might make no sense if your library automatically does a lot of this in the background for you.

 

Have you tried looking at the networking code in Unity's FPS Sample?

You may also want to take a look at Unity's preview multiplayer API which is on GitHub and in alpha.

 

Just throwing this out there in case you end up looking for a nice serialization library. I highly recommend MessagePack C#.

 

+1 for MessagePack C#, I'm a huge fan

 

@MostHated yes im a fan too ^_^

 

Everyone use it, god, I thought I was special you broke my heart