Either you waste lots of traffic bandwidth because you have to have a session identifier or nonce in every packet, or you have to map sessions to ports in order to guarantee persistance when the client drops its connection.
Other ways of doing session handling will lead to an attack surface that can probably be used for DoS attacks.
Maybe I am missing something: How would you solve this, given the limitations of UDP and TCP?
Either you waste lots of traffic bandwidth because you have to have a session identifier or nonce in every packet, or you have to map sessions to ports in order to guarantee persistance when the client drops its connection.
Other ways of doing session handling will lead to an attack surface that can probably be used for DoS attacks.
Maybe I am missing something: How would you solve this, given the limitations of UDP and TCP?