我的想法是这样的:

先关注于应用层的罗辑定义，比如走棋，创建对局，房间等。等应用层的逻辑定的差不多了，再详细考虑安全的问题．

目前是在每个 xml　数据包前面加了一个二进制的头，将来的想法是：服务器和客户端协商一个密钥，然后所有的xml数据都用这个密钥加密／压缩．

#pragma pack(push)
#pragma pack(1)
typedef struct tagTCPMSGHEADER
{
unsigned short hdlen; //header len.
unsigned char ver_major; //major version number, current is 0
unsigned char ver_minor; //minor version number, current is 1

unsigned short len; //data length
unsigned long crc; //data crc
unsigned long encrypt; //encrypt info, current is 0
unsigned short type; //text or binary, 0 xml, 1 binary

unsigned long seq; //sequence number, client fill this field, server's response will keep it.
unsigned long udata; //user data, client fill this field, server's response will keep it.
unsigned long reserved1; //reserved, should be zero
unsigned long reserved2; //reserved, should be zero
}transmitMsgHeader;

#pragma pack(pop)