From ba41fa6d627e040e4ab0e3d78ba964cc32e2f038 Mon Sep 17 00:00:00 2001
From: Michael Davidsaver <mdavidsaver@gmail.com>
Date: Fri, 18 May 2018 15:17:01 -0700
Subject: [PATCH] notes

---
 src/remote/channelSearchManager.cpp | 2 ++
 src/server/responseHandlers.cpp     | 1 +
 2 files changed, 3 insertions(+)

diff --git a/src/remote/channelSearchManager.cpp b/src/remote/channelSearchManager.cpp
index 0fe9da1..c69b5f8 100644
--- a/src/remote/channelSearchManager.cpp
+++ b/src/remote/channelSearchManager.cpp
@@ -50,6 +50,8 @@ public:
 namespace epics {
 namespace pvAccess {
 
+// these are byte offset in a CMD_SEARCH request message
+// used to mangle a buffer to support incremental construction.  (ick!!!)
 const int ChannelSearchManager::DATA_COUNT_POSITION = PVA_MESSAGE_HEADER_SIZE + 4+1+3+16+2+1+4;
 const int ChannelSearchManager::CAST_POSITION = PVA_MESSAGE_HEADER_SIZE + 4;
 const int ChannelSearchManager::PAYLOAD_POSITION = 4;
diff --git a/src/server/responseHandlers.cpp b/src/server/responseHandlers.cpp
index c2eb0be..1b97405 100644
--- a/src/server/responseHandlers.cpp
+++ b/src/server/responseHandlers.cpp
@@ -283,6 +283,7 @@ void ServerSearchHandler::handleResponse(osiSockAddr* responseFrom,
     const int32 count = payloadBuffer->getShort() & 0xFFFF;
 
     // TODO DoS attack?
+    //   You bet!  With a reply address encoded in the request we don't even need a forged UDP header.
     const bool responseRequired = (QOS_REPLY_REQUIRED & qosCode) != 0;
 
     //