im trying to Send/Receive messages between Server and Clients.
for the moment im simply sending my buffers as byte[ ]'s
but It’s a massive security risk to take data coming in over the network and trust it.
that’s exactly what im doing when i just copy a block of memory into a struct and if somebody constructs a malicious Packet (Tn) and sends it the Server will Crash for sure :(.
i know i can do some sort of per-field checking that values are in range but this is not a good approach for performance.
Usually you’d serialize the data using a fast well know/trusted library, such as Protocol Buffers, and this will handle it all for you.
If the received packet does not fit the template the deserializer will throw an exception that you can catch and handle. You still need to validate individual fields but you can at least trust the received data structure should be correct.
This doesn’t really make much sense tbh. These libraries are unlikely to be written in burst and your network layer should probably exist outside of your ECS game loop.
I reckon there 3 primary steps.
Network layer needs to receive packet and deserialize it into whatever format you desire. Whether it’s a Dictionary<string, string> or a struct with specific fields. Depends entirely on you.
Validate fields. For example, if it has a command ID field, make sure the value falls within the legit specific range of values.
Export to ECS world. The command is likely to be for a specific entity or entities so you need to apply this to them.
Now 2 and 3 order can be reversed. You could totally export to ECS world before validating and simply do the validation when it is handled in the ECS world. Though I reckon ideally you’d do validation both sides. Before exporting you’d make sure data is valid and makes sense and after exporting you’d make sure what the command is trying to do is legal in the current game state.
~
Anyway there are a lot of different ways you can handle networking and it depends heavily on the networking library you are using and how much of this it handles for you automatically. This advice might make no sense if your library automatically does a lot of this in the background for you.