Mark Gritter (markgritter) wrote,
Mark Gritter

Good idea, bad idea

Good idea: When you copy part of a web page that has images (in Firefox, anyway), the text that gets copied has the alt-tags for the images. Travian (and problably other web sites I haven't noticed) sets things up so that the alt-tags transform back into the images in their internal forum. Elegant!

Bad idea: StreamSTAR's RPC system uses a per-"connection" UDP socket. (The RPC system is connection-oriented, it's just implemented on top of UDP.) When a new connection is made, a new socket is created, bound to the same source port as the "master" socket, and the connect()-ed to the remote address.

The problem here is that there's a window in which the socket can receive packets from any remote address.

1. Before:
socket M --> local *:20400 remote *:*

2. After create + bind
socket M --> local *:20400 remote *:*
socket N --> local *:20400 remote *:*

3. After connect
socket M --> local *:20400 remote *:*
socket N --> local *:20400 remote something:54321

So, should a packet show up between steps 2 and 3, it may get delivered to N even though it is not part of the new "connection".

We are currently trying to hack this by checking the real source address of any packet we read from socket N, but there is probably a more elegant solution... I just can't figure out what it is. bind-after-connect doesn't work because connect() assigns a local port.
Tags: networking, programming, web
  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 1 comment