CSCE 313 Lecture 23

From Notes
Jump to navigation Jump to search

« previous | Tuesday, April 17, 2012 | next »


Concurrent TCP Server

socket();
bind();
listen();

for (;;) {
    s_sock = accept(m_sock, (struct sockaddr*)&fsin, sizeof(fsin));
    if (s_sock < 0) perror("accept failed");

    if (fork() == 0) {
        close(m_sock);
        // handle request
        // close(s_sock); ???
        exit(0);
    }
    close(s_sock);
}

Cleaning Child Processes

When a child process exits, its information is retained. (Zombie)

Kernel sends SIGCHLD to parent process, which interrupts accept() call. 

ssock = accept(msock, (sruct sockaddr*)&fsin, &alen);
if (ssock < 0) {
    if (errno == EINTR) continue;
    perror("accept");
    exit(EXIT_FAILURE);
}

We must catch SIGCHLD and use wait3() or waitpid() to prevent zombies from being left behind. 

void cleanly_terminate_child(int sig) {
    int status;
    while (wait3(&status, WNOHANG, NULL) >= 0);
}

int main(int argc, char * argv[]) {
    // ...
    signal(SIGCHLD, cleanly_terminate_child);

    for (;;) {
        // ...
    }
}

Threads can be used instead, but they should have a detached state.


Non-blocking I/O using select()

Wait for any one of multiple IO events to occur

Avoid using multiple processes. 

fd_set rfds, afds;
int nfds = getdtablesize();
FD_ZERO(&afds); FD_SET(m_sock, &afds);

for (;;) {
    memcpy(&rfds, &afds, sizeof(rfds));
    select(nfds, &rfds, 0,0,0);
    if (FD_ISSET(m_sock, &rfds) {
        s_sock = accept();
        FD_SET(s_sock, &afds);
    }

    for (int fd = 0; fd < nfds; fd++) {
        if (fd != m_sock && FD_ISSET(fd, &rfds)) {
            // handle
            close(fd);
        }
    }
}

Multiprotocol

Some servers listen on both TCP and UDP. There are several master sockets in this case.

select() can be used to select which one (recvfrom() if udpsocket or accept if tcpsocket)



Security

A state of well-being of information and infrastructures in wh ich the possibility of successful yet undetected theft, tampering, and disruption of information and services is kept low or tolerable.

Computers, systems, networks are vulnerable

Attacks happen every second, and 25%+ are compromised

In 2003, $13 billion (worms & viruses) to $226 billion (all attacks) lost

Plenty of basic means for end-user protection: authentication, access control, integrity checking.

Vocabulary

(CIA)

Confidentiality
concealment of info or resources
Authenticity
Identification and assurance of the origin of information
Integrity
trustworthiness of data or resources in terms of preventing improper and unauthorized changes
Availability
ability to use information or resources as desired
Threat
potential violation of security
flaws in design, implementation, and operation
Attack
any action that violates security with an active adversary.

Eavesdropping

Message interception; attack on Confidentiality

Unauthorized access to information. For example, packet sniffers and wiretappers

Tampering

Message is intercepted and modified before reaching recipient; attack on integrity

Man in the Middle

Attack on integrity and authenticity User send data to server through an intruder.

When user logs off, intruder sends "OK", but keeps user logged in, and continues masquerading as user

Retrieved from "https://notes.komputerwiz.net/w/index.php?title=CSCE_313_Lecture_23&oldid=3266"