Microsoft DirectX 9.0 SDK Update (Summer 2003) |
Packet Signing
Microsoft® DirectPlay® provides packet signing to prevent malicious users from sending spoofed Internet Protocol (IP) packets that corrupt the link between peers or between clients and a server. Packet signing is performed by attaching a "signature" to each packet before sending. This signature is 8 bytes. Any packet received without the correct signature is silently ignored by DirectPlay.
Packet signing does not encrypt the data that is sent over the link, nor does it provide a form of authentication. It should be used to prevent third parties from inserting invalid data into a DirectPlay game session. Some other mechanism needs to be used if you want the application to authenticate the users connecting to the game.
Packet signing is set when the session is started by the host. The host determines the type of signing by setting either the DPNSESSION_FAST_SIGNED or DPNSESSION_FULL_SIGNED flag in the DPN_APPLICATION_DESC structure when calling IDirectPlay8Peer::Host or IDirectPlay8Server::Host. Players connecting to the session can set either flag when calling IDirectPlay8Peer::Connect or IDirectPlay8Client::Connect, but they will use whichever type of signing the host has selected. When connected, clients can determine which type of signing the session is using by calling IDirectPlay8Peer::GetApplicationDesc or IDirectPlay8Client::GetApplicationDesc. The dwFlags member of the DPN_APPLICATION_DESC structure will contain one of the signing flags.
Fast Signing
Fast signing creates the lowest overhead on your game. It merely adds the same 8-byte value to each packet. Fast signing is recommended for all DirectPlay sessions created. However, it is vulnerable to a malicious attack if another user has access to the packets being exchanged and can determine the 8-byte value.
Full Signing
Full signing adds computational overhead to your game. Each packet sent and received has to be hashed over in order to compute its signature. Full signing uses the Secure Hash Algorithm version 1.0. When the session has been established, access to the packets does not enable another user to compromise the link. However, if another user reads the initial connection sequence between two computers, that user may be able to compromise the link.