Computer Network
    Socket Programming Explained Simply

    Socket Programming Explained Simply

    A socket is just an open file with a descriptor.

    Addresses live in 16-byte structs: 2 bytes for protocol family, 2 bytes for port, 4 bytes for IP address, and 8 bytes for alignment padding.

    The generic socket structure: 2 bytes for protocol family, 14 bytes for address data. The functions accept, bind, and connect all use this generic structure.

    The socket function creates a socket descriptor, but not yet open. Connect blocks until the connection succeeds or fails.

    Network byte order (big-endian): High bytes go to low addresses, low bytes to high addresses. For example, when transmitting a 4-byte integer, the order is bits 0-7, then bits 8-15.

    Server side: Bind tells the kernel to associate the server’s socket address with socket descriptor sockfd. Listen turns sockfd into a listening socket listenfd, distinguishing servers from clients. Accept fills addr with the client’s socket address when a connection arrives. It returns the connected descriptor and uses Unix RIO for reading and writing. Each accept call creates a new connected descriptor. The connected descriptor goes back to the client, which returns from connect.

    Client and server pass data by reading and writing: clientfd and connfd respectively.

    Use getaddrinfo and getnameinfo to abstract different IP protocol versions. When the client calls close, the server reads EOF and closes too. Service ends.

    TCP SYN Queue and Accept Queue

    Async I/O for Sockets

    If the socket runs in non-blocking mode, errno gets set to EWOULDBLOCK or EAGAIN. Use poll or select to check whether you can receive or transmit data.

    CGI-Bin

    Call executable files in the client directory through URL paths. Fork creates child processes. Execve runs the program at the given path. Servers pass parameters to child processes through environment variables. Child processes write to stdout. Redirect stdout to the connected descriptor first.

    HTTP

    Request structure: One request line: | method | URI | version Multiple header lines, ending with a blank line

    Response structure: One response line: | version | status code | status message Response headers + blank line Response body

    Network Security

    SYN Flood Attack

    The attack exploits three-way handshake by sending SYN packets but never replying with ACK. This forces the server to maintain many half-open connections while consuming CPU time and memory, leading to stack overflow.

    Solutions:

    1. Shorten SYN timeout
    2. SYN cookies identify IPs. Drop repeated packets from IPs sending too many
    3. Load balancing at DNS layer
    Single Sign-On (SSO)SSL Protocol