Microsoft DirectX 9.0

Packet Signing

Microsoft?DirectPlay?provides packet signing to prevent malicious users from sending spoofed Internet Protocol (IP) packets that corrupt the link between peers or between clients and a server. Packet signing is performed by attaching a "signature" to each packet before sending. This signature is 8 bytes. Any packet received without the correct signature is silently ignored by DirectPlay.

Packet signing does not encrypt the data that is sent over the link, nor does it provide a form of authentication. It should be used to prevent third parties from inserting invalid data into a DirectPlay game session. Some other mechanism needs to be used if you want the application to authenticate the users connecting to the game.

Packet signing is set when the session is started by the host. The host determines the type of signing by setting either the DPNSESSION_FAST_SIGNED or DPNSESSION_FULL_SIGNED flag in the DPN_APPLICATION_DESC structure when calling IDirectPlay8Peer::Host or IDirectPlay8Server::Host. Players connecting to the session can set either flag when calling IDirectPlay8Peer::Connect or IDirectPlay8Client::Connect, but they will use whichever type of signing the host has selected. Once connected, clients can determine which type of signing the session is using by calling IDirectPlay8Peer::GetApplicationDesc or IDirectPlay8Client::GetApplicationDesc. The dwFlags member of the DPN_APPLICATION_DESC structure will contain one of the signing flags.

Note  All players must be using Microsoft DirectX?9.0 or later in order to use packet signing in a session.

Fast Signing

Fast signing creates the lowest overhead on your game. All it does is add the same 8-byte value to each packet. Fast signing is recommended for all DirectPlay sessions created. However, it is vulnerable to a malicious attack if a third-party user has access to the packets being exchanged and can determine the 8-byte value.

Full Signing

Full signing adds computational overhead to your game. Each packet sent and received has to be hashed over in order to compute its signature. Full signing uses the Secure Hash Algorithm version 1.0. Once the session has been established, access to the packets does not enable a third-party user to compromise the link. However, if a third-party user reads the initial connection sequence between two computers, that user may be able to compromise the link.

© 2002 Microsoft Corporation. All rights reserved.