Motivation of VPN! Overview! VPN addressing and routing! Two basic techniques for VPN! ! How to guarantee privacy of network traffic?!

Similar documents
Overview. Last Lecture. This Lecture. Daemon processes and advanced I/O functions

Lecture 5 Overview! Last Lecture! This Lecture! Next Lecture! I/O multiplexing! Source: Chapter 6 of Stevens book!

EEC-484/584 Computer Networks

Overview. Daemon processes and advanced I/O. Source: Chapters 13&14 of Stevens book

Lecture 10 Overview!

Interprocess Communication Mechanisms

shared storage These mechanisms have already been covered. examples: shared virtual memory message based signals

Interprocess Communication Mechanisms

Interprocess Communication Mechanisms

CptS 360 (System Programming) Unit 17: Network IPC (Sockets)

Interprocess Communication

Memory-Mapped Files. generic interface: vaddr mmap(file descriptor,fileoffset,length) munmap(vaddr,length)

A Client-Server Exchange

UNIX Sockets. Developed for the Azera Group By: Joseph D. Fournier B.Sc.E.E., M.Sc.E.E.

Outline. Distributed Computer Systems. Socket Basics An end-point for a IP network connection. Ports. Sockets and the OS. Transport Layer.

Sockets Sockets Communication domains

NETWORK PROGRAMMING. Instructor: Junaid Tariq, Lecturer, Department of Computer Science

CS631 - Advanced Programming in the UNIX Environment Interprocess Communication II

Elementary TCP Sockets

Network programming(ii) Lenuta Alboaie

Lecture 7. Followup. Review. Communication Interface. Socket Communication. Client-Server Model. Socket Programming January 28, 2005

Outline. Operating Systems. Socket Basics An end-point for a IP network connection. Ports. Network Communication. Sockets and the OS

Introduction! Overview! Signal-driven I/O for Sockets! Two different UDP servers!

Application Programming Interfaces

CS 351 Week 15. Course Review

Contents. Part 1. Introduction and TCP/IP 1. Foreword Preface. xix. I ntroduction 31

Programming with TCP/IP. Ram Dantu

Client Server Computing

Group-A Assignment No. 6

Lecture 3 Overview! Last Lecture! TCP/UDP and Sockets introduction!

Oral. Total. Dated Sign (2) (5) (3) (2)

Standards / Extensions C or C++ Dependencies POSIX.1 XPG4 XPG4.2 Single UNIX Specification, Version 3

Outline. Distributed Computing Systems. Socket Basics (1 of 2) Socket Basics (2 of 2) 3/28/2014

Ports under 1024 are often considered special, and usually require special OS privileges to use.

Sockets 15H2. Inshik Song

Lecture 11: IP routing, IP protocols

sottotitolo Socket Programming Milano, XX mese 20XX A.A. 2016/17 Federico Reghenzani

Network Implementation

The User Datagram Protocol

Introduction to Computer Systems. Networks 2. c Theodore Norvell. The Sockets API

STUDY OF SOCKET PROGRAMMING

SOCKETS: INTRODUCTION

Light & NOS. Dan Li Tsinghua University

ECE 650 Systems Programming & Engineering. Spring 2018

ADVANCED I/O. ISA 563: Fundamentals of Systems Programming

UNIX Sockets. COS 461 Precept 1

Chapter 2 Applications and

CSC Systems Programming Fall Lecture - XXIII Final Review. Tevfik Koşar. Louisiana State University

Sistemas Operativos /2016 Support Document N o 1. Files, Pipes, FIFOs, I/O Redirection, and Unix Sockets

Using make. Using Variables in Makefiles. Implicit Rules. Static vs Dynamic Libraries. Libraries. Tevfik Ko!ar

CS 43: Computer Networks. 07: Concurrency and Non-blocking I/O Sep 17, 2018

UDP CONNECT TO A SERVER

We will cover in this order: 2.1, 2.7, 2.5, 2.4, 2.2

CSE/EE 461 Lecture 14. Connections. Last Time. This Time. We began on the Transport layer. Focus How do we send information reliably?

IPv4 and ipv6 INTEROPERABILITY

Unix Network Programming Chapter 4. Elementary TCP Sockets 광운대학교컴퓨터과학과 정보통신연구실 석사과정안중현

UNIT IV- SOCKETS Part A

Socket Programming. Sungkyunkwan University. Hyunseung Choo Copyright Networking Laboratory

Socket Programming. CSIS0234A Computer and Communication Networks. Socket Programming in C

ELEC / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition

Review. Preview. Closing a TCP Connection. Closing a TCP Connection. Port Numbers 11/27/2017. Packet Exchange for TCP Connection

Any of the descriptors in the set {1, 4} have an exception condition pending

(Refer Slide Time: 1:09)

Interprocess Communication Mechanisms

Department of Computer Science

Processes and Threads

Interprocess Communication Mechanisms

socketservertcl a Tcl extension for using SCM_RIGHTS By Shannon Noe - FlightAware

Tutorial on Socket Programming

User Datagram Protocol

Operating Systems. Lecture 06. System Calls (Exec, Open, Read, Write) Inter-process Communication in Unix/Linux (PIPE), Use of PIPE on command line

Socket Programming for TCP and UDP

Network programming(i) Lenuta Alboaie

CS 351 Week Advanced UNIX Programming: Rochkind, Marc J. 1. To learn about System Interprocess Communication (IPC). 2. To learn about Sockets.

What s an API? Do we need standardization?

CS321: Computer Networks Introduction to Application Layer

Hybrid of client-server and P2P. Pure P2P Architecture. App-layer Protocols. Communicating Processes. Transport Service Requirements

Asynchronous Events on Linux

Chapter 6. What happens at the Transport Layer? Services provided Transport protocols UDP TCP Flow control Congestion control

Socket Programming. Dr. -Ing. Abdalkarim Awad. Informatik 7 Rechnernetze und Kommunikationssysteme

Computer Networks SYLLABUS CHAPTER - 2 : NETWORK LAYER CHAPTER - 3 : INTERNETWORKING

ECE 650 Systems Programming & Engineering. Spring 2018

CSC209H Lecture 9. Dan Zingaro. March 11, 2015

Linux Kernel Application Interface

Networked Applications: Sockets. End System: Computer on the Net

Randall Stewart, Cisco Systems Phill Conrad, University of Delaware

Chapter 8: I/O functions & socket options

CSC209: Software tools. Unix files and directories permissions utilities/commands Shell programming quoting wild cards files

CSC209: Software tools. Unix files and directories permissions utilities/commands Shell programming quoting wild cards files. Compiler vs.

CS 428/528 Computer Networks Lecture 01. Yan Wang

Problem Set: Processes

Programming Internet with Socket API. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

Operating Systems. 17. Sockets. Paul Krzyzanowski. Rutgers University. Spring /6/ Paul Krzyzanowski

The Fundamentals. Port Assignments. Common Protocols. Data Encapsulation. Protocol Communication. Tevfik Ko!ar

TCP/IP Stack Introduction: Looking Under the Hood!

Socket Programming. #In the name of Allah. Computer Engineering Department Sharif University of Technology CE443- Computer Networks

CSE 43: Computer Networks Structure, Threading, and Blocking. Kevin Webb Swarthmore College September 14, 2017

UNIX Network Programming

Interprocess Communication. Originally multiple approaches Today more standard some differences between distributions still exist

CHETTINAD COLLEGE OF ENGINEERING AND TECHNOLOGY DEPARTMENT OF MCA QUESTION BANK UNIT 1

Transcription:

Overview!! Last Lecture!! Daemon processes and advanced I/O functions!! This Lecture!! VPN, NAT, DHCP!! Source: Chapters 19&22 of Comer s book!! Unix domain protocols and non-blocking I/O!! Source: Chapters 15&16&17 of Stevens book!! Next Lecture!! Advanced UDP sockets and Threads!! Source: Chapters 22&26 of Stevens book! TELE 402 Lecture 11: Unix domain 1! Motivation of VPN!! How to guarantee privacy of network traffic?!! Leased line (circuit) from phone companies!! Too expensive!! Isolation of the private network!! not possible for most organizations!! Encryption of network traffic used by VPN!! It is cheap!! It guarantees privacy!! It has the flexibility of using Internet that has redundant routes without adding extra cost! TELE 402 Lecture 11: Unix domain 2! Two basic techniques for VPN! VPN addressing and routing!! Tunneling: uses IP-in-IP encapsulation!! Encryption! TELE 402 Lecture 11: Unix domain 3! TELE 402 Lecture 11: Unix domain 4!

VPN with private addresses! TELE 402 Lecture 11: Unix domain 5! Access Internet with private addresses?!! Application gateway (application program)!! Each application gateway handles only one specific service!! Multiple gateways are required for multiple services!! It lacks generality!! Network Address Translation (NAT)!! Provides transparent IP-level access to the Internet from a host with a private address.!! Change the source address of each outgoing datagram with G and replace the destination address in each incoming datagram with the private address of the right host! TELE 402 Lecture 11: Unix domain 6! NAT translation table creation!! Manual initialization!! By system admin!! Outgoing datagrams!! As a side effect of an internal host sending a datagram!! Incoming name lookups!! As a side effect of handling DNS lookups! Concurrent access!! How to allow multiple hosts to access a given external address concurrently?!! Multi-address NAT!! Assign multiple globally valid addresses to the NAT box!! Port-mapped NAT (NAPT)! TELE 402 Lecture 11: Unix domain 7! TELE 402 Lecture 11: Unix domain 8!

Issues on NAT!! NAT/NAPT problems with FTP!! How to make a protocol NAT friendly?!! How to find the global address of the NAT box?!! Differences between application gateway and NAT!! What are the problems with banning IP addresses at a web-server? What are the alternatives?! TELE 402 Lecture 11: Unix domain 9! DHCP!! Dynamic Host Configuration Protocol!! A successor to BOOTP!! Motivation!! Uses UDP messages for DHCP!! How can UDP be used without IP address for the client yet?!! The client uses the broadcast address in the request!! The server has to use the broadcast address as well. Why?! TELE 402 Lecture 11: Unix domain 10! DHCP message! DHCP states! TELE 402 Lecture 11: Unix domain 11! TELE 402 Lecture 11: Unix domain 12!

DHCP options! Options in DHCP reply! TELE 402 Lecture 11: Unix domain 13! TELE 402 Lecture 11: Unix domain 14! Discussion on DHCP!! Based on the DHCP states, use two DHCP servers and a client as a scenario to draw the sequence of actions in the protocol!! Pay attention to the destination address of the messages.!! Discuss the security risks associated with DHCP!! Consider a host that has a disk and uses DHCP to obtain an IP address. If the host stores its address on disk along with the date the lease expires, and then reboots within the lease period, can it use the address? Why or why not?! Unix domain sockets!! A way of performing client-server communication on a single host using the same socket API!! Two types: stream and datagram!! Why use Unix domain sockets?!! Unix domain sockets are twice as fast as a TCP socket!! Example: X Window System!! Can be used to pass descriptors between processes on the same host!! Can provide the client s credentials (user ID and group IDs) to the server for additional security check (newer implementations)! TELE 402 Lecture 11: Unix domain 15! TELE 402 Lecture 11: Unix domain 16!

Unix domain socket protocol address!! Are pathnames within the normal filesystem!! Cannot read from or write to these files except as a socket! TELE 402 Lecture 11: Unix domain 17! Socket address structure! struct sockaddr_un {sa_family_t sun_family;! char sun_path[104]; }!! sun_family should be AF_LOCAL!! sun_path is a pathname string terminated with a \0. The unspecified address is indicated by a null string as the pathname.!! The pathname should be an absolute pathname, not a relative pathname.!! The macro SUN_LEN calculates the length of a sockaddr_un structure.! TELE 402 Lecture 11: Unix domain 18! sockpair function 1!! Creates two sockets that are then connected together! int socketpair(int family,! int type,! int protocol,! int sockfd[2])! sockpair function 2!! The two sockets created are returned as sockfd[0] and sockfd[1], which are unnamed.!! There is no implicit bind involved.!! They form a stream pipe if their type is SOCK_STREAM. The pipe is full-duplex.!! family must be AF_LOCAL!! protocol must be 0!! type can be either SOCK_STREAM or SOCK_DGRAM.! TELE 402 Lecture 11: Unix domain 19! TELE 402 Lecture 11: Unix domain 20!

Differences from inet sockets 1!! Default file permissions for a pathname created by bind should be 0777, modified by umask value.!! The pathname associated with a Unix domain socket should be an absolute pathname, not a relative name.!! The pathname specified in a call to connect must be a pathname currently bound to an open Unix domain socket of the same type.!! A bind will fail if the pathname already exists (use unlink before bind)!! The permission testing for connect of a Unix domain socket is the same as if open had been called for writeonly access.! Differences from inet sockets 2!! Unix domain stream sockets are similar to TCP sockets!! They provide a byte stream with no record boundaries.!! If a call to connect finds that the listening socket s queue is full, ECONNREFUSED is returned immediately!! DGRAM sockets are similar to UDP sockets!! They provide an unreliable datagram service that preserves record boundaries.!! Sending a datagram on an unbound Unix domain datagram socket does not bind a pathname to the socket (bind must be called).! TELE 402 Lecture 11: Unix domain 21! TELE 402 Lecture 11: Unix domain 22! Passing descriptors 1!! Descriptors can be shared between processes in the following ways!! A child process shares all the open descriptors with the parent after a call to fork!! All descriptors normally remain open when exec is called!! Pass descriptors using Unix domain sockets and recvmsg! Passing descriptors 2!! Steps involved in passing a descriptor!! Create Unix domain sockets (preferably SOCK_STREAM) and connect them for communication between a server and a client!! One process opens a descriptor. Any type of descriptor can be exchanged.!! Sender builds a msghdr structure containing the descriptor to be passed, and calls sendmsg with the structure across one of the Unix domain sockets!! Reciever calls recvmsg to receive the descriptor from the other Unix domain socket.!! Client and server must have an application protocol so they know when the descriptor is to be passed.! TELE 402 Lecture 11: Unix domain 23! TELE 402 Lecture 11: Unix domain 24!

Example 1! Example 2!! Refer to unixdomain/mycat.c, unixdomain /myopen.c, unixdomain/openfile.c, lib/read_fd.c, and lib/write_fd.c! TELE 402 Lecture 11: Unix domain 25! TELE 402 Lecture 11: Unix domain 26! Passing user credentials 1!! User credentials (user ID, group IDs) can be passed along a Unix domain socket as the fcred structure! struct fcred { uid_t fc_ruid;! gid_t fc_rgid;! char fc_login[maxlogname];! uid_t fc_uid;! short fc_ngroups;! gid_t fc_groups[ngroups];}! Passing user credentials 2!! The above information is always available on a Unix domain socket, subject to the following conditions!! The credentials are sent as ancillary data when data is sent on the Unix domain socket, but only if the receiver of the data has enabled the LOCAL_CREDS socket option. The level for this option is 0.!! On a datagram socket, the credentials accompany every datagram. On a stream socket, the credentials are sent only once (the first time data is sent)!! Credentials cannot be sent along with a descriptor!! Users are not able to forge credentials! TELE 402 Lecture 11: Unix domain 27! TELE 402 Lecture 11: Unix domain 28!

Blocking and nonblocking 1!! Input operations: read, readv, recv, recvfrom, and recvmsg!! Blocking: if there is no data available in the socket receive buffer, the process is put to sleep!! Nonblocking: if there is no data available, the process is returned an error of EWOULDBLOCK! Blocking and nonblocking 2!! Output operations: write, writev, send, sendto, and sendmsg!! Blocking: if there is no room in the socket send buffer, the process is put to sleep!! Nonblocking: if there is no room at all in the socket send buffer, the process is returned an error of EWOULDBLOCK!! In general UDP does not block since it does not have a socket send buffer. Some implementations might block in the kernel due to buffering and flow control.! TELE 402 Lecture 11: Unix domain 29! TELE 402 Lecture 11: Unix domain 30! Blocking and nonblocking 3!! Accepting incoming connections: accept!! Blocking: if there is no new connection available, the process is put to sleep!! Nonblocking: if there is no new connection available, the process is returned an error of EWOULDBLOCK!! Initiating outgoing connections: connect!! Blocking: the process is blocked for at least the round trip time (RTT) to the server!! Nonblocking: if a connection cannot be established immediately, the connection establishment is initiated but the error of EINPROGRESS is returned!! Some connections can be established immediately, e.g. when the server and the client are on the same host! Simple version of example1!! Use fork to remove blocking factors!! Refer to strclifork.c! TELE 402 Lecture 11: Unix domain 31! TELE 402 Lecture 11: Unix domain 32!

Nonblocking connect 1!! To set a socket nonblocking, use fcntl to set O_NONBLOCK flag!! Three uses for nonblocking connect!! Overlap other processing with the three-way handshake!! Should use select to test the connection later!! Establish multiple connections at the same time!! Shorten the timeout for connect using select with a specified time limit!! Example!! Overlap other processing with three-way handshake!! Use select to shorten timeout.! TELE 402 Lecture 11: Unix domain 33! Nonblocking connect 2!! There are a couple of details to attend if we use this technique:!! If the server is on the same host, the connection is normally established immediately. We need to handle this.!! Berkeley derived have the following rules:!! The descriptor is writable when the connection completes successfully!! If connection establishment encounters an error, the descriptor becomes both readable and writable! TELE 402 Lecture 11: Unix domain 34! Web client!! Use multiple connections to send requests and to receive response. (refer to nonblock/web.c)!! Control flow!! Associate each request with a nonblocking socket whose connection is initiated, depending on the maximum allowable connections.!! Use select to wait for any socket to be ready!! Scan the request array to find out if their sockets are readable or writable, and react to each situation accordingly!! Writable: send request.!! readable: receive response.!! Repeat the above until all requests are processed! TELE 402 Lecture 11: Unix domain 35! Nonblocking accept!! Normally nonblocking accept is not necessary if we use select, since when select returns there must be a completed connection!! However, there is a possibility (because the server is doing something else) that between the call select and the call accept, the client sends a RST to close the connection, which will cause accept to block!! To fix the problem!! Always set a listening socket nonblocking!! Ignore the following errors on the call to accept: EWOULDBLOCK, ECONNABORTED, EPROTO, and EINTR! TELE 402 Lecture 11: Unix domain 36!

ioctl!! ioctl has traditionally been the system interface used for everything that did not fit into some other nicely defined category!! Posix is getting rid of ioctl!! However, numerous ioctls remain for implementation-dependent features related to network programming!! Obtaining the interface information!! Accessing the routing table!! Accessing the ARP cache!! The ioctls introduced here are implementation dependent and may not be supported by Linux! TELE 402 Lecture 11: Unix domain 37! ioctl! int ioctl(int fd,! int request,! void *arg)!! Requests can be divided into six categories!! Socket operations!! File operations!! Interface operations!! ARP cache operations!! Routing table operations!! Streams system! TELE 402 Lecture 11: Unix domain 38! Interface configuration! SIOCGIFCONF!! Get interface configuration information!! Use SIOCGIFCONF, SIOCGIFFLAGS, and SIOCGIFBRDADDR requests!! And others!! ifconf structure is used as the argument! TELE 402 Lecture 11: Unix domain 39! TELE 402 Lecture 11: Unix domain 40!

SIOCGIFCONF! TELE 402 Lecture 11: Unix domain 41!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback