Real Software Forums
http://forums.realsoftware.com/

ServerSocket Example Project ActiveConnections
http://forums.realsoftware.com/viewtopic.php?f=2&t=45847
Page 1 of 4

Author:  p0wn3d [ Thu Nov 08, 2012 7:51 am ]
Post subject:  ServerSocket Example Project ActiveConnections

Hi All,

Having downloaded the ServerSocketServer example project I am trying to understand how to communicate with a single connected client referencing it's remote IP address.

I have added a method to the ServerSocket with a Method Name of "ActiveConnections" with both Parameters and Return Type fields left "blank" with the following Code.

dim Data As string = "hello"

If UBound(ServerSocket.ActiveConnections) > 0 Then
Dim i As Integer
For i = 1 to UBound(ServerSocket.ActiveConnections)

If ServerSocket.ActiveConnections(i).RemoteAddress = "10.10.10.1" Then
ServerSocket.ActiveConnections(i).Write Data
End If
Next

End If

The problem is that I am getting the following error at debug time.

This Method requires fewer parameters than were passes
If ServerSocket.ActiveConnections(i).RemoteAddress = "10.10.10.1"

Maybe it's just me but there seems to be very little resource in the tutorials/language reference to help understand how SocketServer.ActiveConnections() can be used to send data to a single socket instance.


Any Help would be really appreciated...

:wink:

Author:  Thom McGrath [ Thu Nov 08, 2012 8:12 am ]
Post subject:  Re: ServerSocket Example Project ActiveConnections

IP Addresses are not unique. You should generate your own identifier of some sort.

Anyway, your issue is that ServerSocket.ActiveConnections is not an array, it is a method that returns an array. You should do something like
Dim Pool() As TCPSocket = ServerSocket.ActiveConnections()
If Pool <> Nil Then
For Each Socket As TCPSocket In Pool
If Socket.SomeIdentifier = TheIdentifierYouWant Then
Socket.Write(Data)
Exit For Socket
End If
Next
End If

Author:  J.Sh3ppard [ Thu Nov 08, 2012 11:27 am ]
Post subject:  Re: ServerSocket Example Project ActiveConnections

Thom McGrath wrote:
IP Addresses are not unique.



What?
I'll admit I am rusty on my networking but I'm pretty sure IP addresses are unique during that connection.

Example :
If you've got 1,000 users connected to your chat server there will be 1,000 unique IP addresses connected. One for each user's connection/hardware. No two IP addresses will be the same. That is one of the major purposes of having an IP address. Unique identification.

It is also true that each hardware's assigned IP address may change over time while not connected (I am not sure if they have the ability to change an IP address while an active connection is happening, I have never heard of this). This is especially true when dynamic IP addresses are used as opposed to static IP addresses which change less often. That means that user 'Sam' can connect to the server this moment and have an IP address of 23.34.12.10. Then for whatever reason ISP changes, hardware resets, etc. Sam's hardware / access point has been assigned a different IP address.

That means when he reconnects to your server Sam's IP address is now different to what it previously was. It may now be 26.34.111.32 but the number is still unique. Only Sam's hardware is using that number on the internet. No other user will have that exact IP address. His IP address changing happens before the user connects to your server so don't think you have to do anything on the server end, you don't.

Most of us currently still use IPv4 type IP addresses but because there are so many hardware devices continuously being used we are running out of IPv4 addresses. There are not enough numbers to support all of the devices. That is why we're going to switching to using IPv6 in the near future. Many of today's devices are already IPv6 compatible / enabled.


If you are using a private message type chat function where user A is trying to private chat user B, then using the IP addresses is a good choice. Same is true for doing a broadcast/shout type message where all users receive the message (Assuming we're talking about TCPsocket connections which is what you should be using).

I don't know what Thom is talking about.

Author:  timhare [ Thu Nov 08, 2012 11:44 am ]
Post subject:  Re: ServerSocket Example Project ActiveConnections

If Sam and Joe are sitting next to each other on the couch and they both connect to your serversocket, they will have the same RemoteAddress (assuming NAT traversal).

Author:  J.Sh3ppard [ Thu Nov 08, 2012 11:49 am ]
Post subject:  Re: ServerSocket Example Project ActiveConnections

timhare wrote:
If Sam and Joe are sitting next to each other on the couch and they both connect to your serversocket, they will have the same RemoteAddress (assuming NAT traversal).


We are not talking about a local network connection we are talking about connections over the internet (right?)

I also don't think that is exactly true.

They will each have a unique sub-IP address assigned by their router.
Right? You can check against that.

For example no two users on the same router have the same sub IP address.
That is a main part of the router's job - to assign sub IP addresses and let multiple users share the main internet connection.


IF you are dealing with local connections then use the sub IP address OR disallow duplicate IP's by looping through your active connections and checking against them.

Author:  timhare [ Thu Nov 08, 2012 11:57 am ]
Post subject:  Re: ServerSocket Example Project ActiveConnections

Right, but RemoteAddress itself does not distinguish between them. They will both show the router's public IP address.

Author:  Thom McGrath [ Thu Nov 08, 2012 12:21 pm ]
Post subject:  Re: ServerSocket Example Project ActiveConnections

Yeah, the server cannot "see" anything past the router. So 1 or 17 people on the same network, it doesn't matter, the server will see them all at the same address. Heck, 2 instances on the same computer will have the same issue even without a router.

IP addresses are unique to a subnet, not globally unique. For identification purposes such as this, they are not unique enough.

Author:  J.Sh3ppard [ Thu Nov 08, 2012 4:04 pm ]
Post subject:  Re: ServerSocket Example Project ActiveConnections

Guys, the RS client knows it's sub-IP address.
This is to be posted to the server and to be used with the outside IP which the server knows.

That provides unique identification.

It's been a while so I don't remember the RS networking functions but I've done this.

Maybe later I'll look at some of my code and post it so the OP knows how to do it.

Author:  Thom McGrath [ Thu Nov 08, 2012 4:13 pm ]
Post subject:  Re: ServerSocket Example Project ActiveConnections

J.Sh3ppard wrote:
Guys, the RS client knows it's sub-IP address.

So? That means you need to build a unique id from the WAN IP, the LAN IP, and the subnet mask... and potentially the gateway IP, then send all that to the server. Even then, two connections from the same machine STILL fail this test.

Or just use a GUID function to generate a disposable identifier server side. One of these solutions is dramatically easier and more fool proof.

Author:  J.Sh3ppard [ Thu Nov 08, 2012 4:28 pm ]
Post subject:  Re: ServerSocket Example Project ActiveConnections

I've never had a problem getting the outside IP on the server, and getting the unique sub-ip from the RS client using socket.localaddress.

Thom McGrath wrote:
IP addresses are unique to a subnet, not globally unique. For identification purposes such as this, they are not unique enough.


When combined with the outside IP address the sub IP's are unique or at least they always have been for me and my projects.

Combine those two (the outside IP and it's internal sub-ip) for the user's unique ID and I've never encountered a problem.

To get the sub-IP you can use:
Router Assigned IP = tcpsocket.LocalAddress
It doesn't get any easier than that.

I'm betting it's easier for the OP to grab the sub-IP from the RS client and grab the outside IP on the server (as he's already done) than it is to do what you're saying. And what you're saying is also not 100% fool proof. We haven't even talked about spoofing yet.

The OP already has the code checking for an IP he just isn't using enough of the IP address.

Author:  Thom McGrath [ Thu Nov 08, 2012 4:45 pm ]
Post subject:  Re: ServerSocket Example Project ActiveConnections

J.Sh3ppard wrote:
I've never had a problem getting the outside IP on the server, and getting the unique sub-ip from the RS client using socket.localaddress.

Combine those two and I've never encountered a problem.

Router Assigned IP = tcpsocket.LocalAddress

I'm betting it's easier for the OP to grab the sub-IP from the RS client and grab the outside IP on the server than it is to do what you're saying. And what you're saying is also not 100% fool proof. We haven't even talked about spoofing yet.

Yes, but your method is exactly as susceptible to spoofing. And it's absolutely more complex. Watch this:
Protected Function CreateIDString(Length As Integer = 12, Chars As String = "") As String
if chars = "" then
chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
end
dim m as integer = len(chars)
dim i,r as integer
dim s(-1) as string
redim s(length)

for i = 1 to length
r = ceil(rnd * m)
s(i - 1) = mid(chars,r,1)
next

return join(s,"")
End Function


Then your socket constructor:
Super.Constructor
Self.Identifier = CreateIDString(32)


Done. Every connection now has a unique ID. Well, the odds of collision are about as good as being killed in a supernova. But it's still dramatically more reliable than trying to build an identifier from client information.

I mean, what about two users inside a company on different subnets. There's a collision under your proposal if they have the same LAN IP. Just because you've never run into the problem doesn't mean it doesn't exist. You can combine all the hardware specs you want, there is still a far greater chance of collision than just using a large random string or an official GUUID function.

Heck, you can just use an incrementing integer!

IP Addresses are not meant to be used in this way.

Author:  J.Sh3ppard [ Thu Nov 08, 2012 5:06 pm ]
Post subject:  Re: ServerSocket Example Project ActiveConnections

What you're saying also works but it can also be spoofed/hacked.


I use randomly generated unique ID's with php sessions using HTTP. Partially because it's stateless and I usually didn't make the client (a web browser). I don't think I've ever needed to generate a random ID for TCP work.


Don't forget their userid login information is also unique (or should be) and can be used as part of the identifier.

Using an IP address to help stop a spoof or other attack - someone who's copied or duplicated the unique ID is good. Without checking the IP addresses it's easier for them to spoof.

Author:  Thom McGrath [ Thu Nov 08, 2012 5:10 pm ]
Post subject:  Re: ServerSocket Example Project ActiveConnections

J.Sh3ppard wrote:
What you're saying also works but it can also be spoofed/hacked.

That's true of any time you have to trust the client. Including asking the client its LAN address.

Author:  J.Sh3ppard [ Thu Nov 08, 2012 5:54 pm ]
Post subject:  Re: ServerSocket Example Project ActiveConnections

You may also need to give access to some users to certain areas while preventing access to others giving each user an access level or levels. You can easily do this by storing your access level values in the database with the user's name/id. It can be as easy as storing in the database like Ashley:1,4,69. The numbers represent what features or areas the user can access.

Want to know if Ashley has access to area 69? Check it.
Checking against a randomly generated ID does nothing for this and it seems like it would create more work than necessary (to me).

If you want something more secure you can of course encrypt the access levels or use something else entirely. I'm assuming you're not working on the next NSA defense system. If someone has access to your server they can pretty much do anything they want anyway.

As I wrote it's been a long time since I've done this stuff but I've never had a problem and I'm starting to kind of remember some details as we keep discussing of what I've done in the past.

What Thom is suggesting (using a unique random ID) is how HTTP -a stateless connection is handled. When developing using HTTP, I too use a randomly generated ID (php sessions). The reason is so the user doesn't need to re-login with every request. The new connection is made, the unique ID is sent and that's verification enough in most cases. That might be one reason why Thom is suggesting using a random ID.

If you have a unique user ID that's been authenticated and logged in and not disconnected, why would you want to generate a random ID representing that user instead of using his unique login ID?

His username IS (part of ) the unique ID. Even if in wackyworld you somehow get two identical IP's they will still be unique because of their unique user ID attached to them making up the identifier. So Ashley and Joe could be using the same everything having the same IP (not likely) but still be unique users because their identification includes their unique username.

Author:  timhare [ Thu Nov 08, 2012 6:35 pm ]
Post subject:  Re: ServerSocket Example Project ActiveConnections

We've drifted through a lot of different scenarios here. Thom basically said, "RemoteAddress isn't necessarily unique, so devise some other identifier." You have provided a few different ways of building that identifier. You're both saying pretty much the same thing.

Page 1 of 4 All times are UTC - 5 hours
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/