Linux C Program Linux network programming (21)

Linux Network programming
The theoretical basis of network programming essentials
Network model, address, port, TCP/IP protocol

The TCP/IP protocol is currently the most widely used network communication protocol in the world
Most applications in the daily use of this series of protocols (browse the Web, send and receive email, QQ chat, etc.)

1. Network Models and protocols
TCP/IP layer features:
(1). Network interface layer TCP/IP the bottom layer, including a variety of logical link control and media Access Protocol
(2). The Internet Layer Network layer is responsible for establishing a virtual path between the sending side and the receiving end the main protocol IP protocol
The IP protocol does not guarantee complete data to the destination, which is done by the transport layer above him.
This layer of ARP Protocol (Address Resolution Protocol) and RARP (anti-Address Resolution Protocol) are used for IP addresses and physical addresses (usually the mutual conversion of network card addresses).
If there is a problem with the data during transmission, the ICMP protocol of the layer generates an error message
(3). Transport Layer
TCP (Transmission Control Protocol) or UDP (User Datagram Protocol) protocol,
Error control, transmission confirmation, lost retransmission


(4). Application Layer
Users are provided with a series of access network protocols: FTP protocol for transferring files, Telnet protocol for remote login, SMTP protocol for sending e-mail, most commonly used for browsing Web page HTTP protocol
A very popular point-to-point shared file protocol in recent years, the BitTorrent protocol, which is based on the HTTP protocol

TCP/IP consists of a number of protocols that form a protocol cluster, such as Tcp,ip,udp,ftp,http

2. Address
In order for computers on the network to communicate with each other, there must be a unique identifier to differentiate each computer on the network
There are two types of identifiers that can be used:
Physical Address and IP address

For Ethernet, the physical address is a 48 bit string, this address in the network card production process has been fixed, can not be changed, the world's only.
There are multiple network cards, one network interface, which is a multi-homed computer.

3.IP Address
The TCP/IP protocol enables the computer to communicate with the underlying network, which can be Ethernet, Token Ring, or other types of networks.
Because the physical address relies on the underlying network, different underlying networks use different physical addresses.
Computers on the network must be identified using a common address that is not related to the underlying network.
IP consists of a 32-bit bit: The network number where the computer resides and the host number assigned to the computer by that network.
IP addresses are divided into five categories according to a certain format:
A,b,c,d,e class

Class A: 0+ network id+ host ID (24-bit) 1.0.0.0-127.255.255.255
Class B: id+ network host ID (16-bit) 128.0.0.0-191.255.255.255
Class C: 110+ network id+ Host ID (8-bit) 192.0.0.0-223.255.255.255
Class D: 1110+ multicast address 224.0.0.0-239.255.255.255
Class E: 11110+ reserved Address 240.0.0.0-247.255.255.255


Each host on TCP/IP also has a 32-bit subnet mask: The network number and host number used to differentiate IP addresses

The subnet mask and IP address are bitwise and the network number where the IP address can be obtained, the network number is the number of the network in which a host is located,
Eg: host ip:222.197.168.244 subnet mask is 255.255.255.0 bitwise AND = 222.197.168.0, then this machine is located in the network number 222.197.168.0

In recent years, with more and more computers involved in the Internet, IP addresses are running out. The IPV6 is then presented, using 128 bits to identify the IP address

4. Ports
The TCP,UDP protocol uses 16-bit port numbers to identify them.
The port number is an unsigned integer with a range of 0-2 of 16 square 0-65535
The port number is divided into two parts:
(1). Reserved port, range 0-1023, for use by authoritative authority, such as: 21TCP Port for FTP protocol. The 80TCP port is dedicated to the HTTP protocol.


5.IP protocol
The most important protocol of the network layer
Regardless of the protocol used by the transport layer, the IP protocol is relied upon to confirm the route to the destination computer.
The IP protocol is primarily used to determine routing.
When there are multiple routes to the same destination, the IP protocol chooses a shortest route to stream the data to the destination computer.
The IP protocol also defines a set of rules:
(1), destination does not exist, unreachable, discard data in the transfer packet.
(2). Define data cell format, called IP datagram, consists of IP header and data two parts

6. User Datagram Protocol UDP
Located at the transport layer, on the network layer under the application layer. The UDP protocol provides an application with a service that is non-connectivity oriented. There is no need to establish a connection.

7. Transmission Control Protocol TCP
TCP provides a link-oriented, reliable data service.
Communication process:
(1). The initiating package of the connection sends a packet to the destination computer to make a connection
(2). The server receives the request, responds to the client's sync signal, and sends its own sync signal to the client
(3). The client responds to the synchronization signal sent by the server, the connection is established, and the data can be transferred.

Shut down:
(1); Request the host to send a request to close the connection to the other party
(2) When the other party receives a request to close the link, it sends a confirmation packet to receive the request and closes the socket link.
(3); Request the host to confirm the packet, send a confirmation packet, tell the other party to send a confirmation packet received, request the host to close his socket connection.

8 Socket Programming

9. Writing Secure Code
Causes of security problems:
A user or administrator lacks security awareness, inherent flaws in the TCP/IP protocol, and security vulnerabilities in the program.
The most threatening is a buffer overflow vulnerability

(1). Cyber attack
Common network attack methods:
(1). Scanning and probing
(2). Monitoring
(3). Denial of Service
(4). Malicious software
(2). Buffer Overflow
The data filled into the buffer exceeds the capacity of the buffer, and the overflow data is overwritten with the original legitimate data.
Root cause: The C + + language is unsafe, there is no mechanism to check the bounds of references and arrays, pointers, resulting in cross-border access.
In Linux, processes in-memory data are divided into 3 parts: text segments, data segments, stack segments
Text Segments: Executable code and read-only data, usually properties are read-only
Data segments: Storing global variables, static variables,
Stack segments: temporary variables, function arguments on the stack, memory dynamically allocated by the malloc function is called a heap.

The program receives input data externally--the system allocates memory to hold data (buffers)--when the input exceeds the buffer capacity, the data is stored in the buffer, overwriting legitimate data outside the original buffer.

Prevent buffer overflow:
Strict bounds checking is done on the program-defined buffers.
Avoid using the strcpy vulnerability function. Use strncpy or memcpy instead

(3). Input check:

Further learning: TCP/IP detailed, network interconnection with TCP/IP, UNIX network programming

Linux C Program Linux network programming (21)