Socket

From Hackepedia
Jump to navigationJump to search

Sockets are an API for IPC or network communication with a process. For IPC Unix domain sockets are used, for network communication INET sockets are preferred. Sockets provide a descriptor to a process with which data or control data can be exchanged with the kernel.

Unix domain sockets

When a Unix domain socket is set up it is bound to the local systems filesystem. The path it can be bound to is limited to 103 characters (see /usr/include/sys/un.h) instead of the filesystem limit of 1023 characters. This means that a socket should be set up close to the root perhaps in /tmp (as sshd does). Unix domain sockets make preferred IPC in OpenBSD because of the availability of the getpeereid syscall which allows a daemon to check the credentials of who is connecting to the socket. A socket in the filesystem looks like this:

$ ls -l /tmp/ssh*
total 0
srwxr-xr-x  1 pbug  wheel  0 Oct  8 11:27 agent.1327

notice the 's' indicating that this file is a socket.


INET sockets

In order to communicate with the Internet a program can communicate with it via the Kernel which has a built-in internet stack. Common protocols that one can talk via sockets are TCP and UDP as well as ICMP which are grouped into the raw mode of sockets. When a program is a TCP server the common sequence of syscalls are socket(2), bind(2), listen(2), and accept(2). When a program is a TCP client the common sequence of syscalls are socket(2), connect(2). TCP and UDP sockets have ports to identify them. On a system one can use netstat to see this. In UNIX only root can bind to ports less than 1024 the rest is available for all users.

When a server is listening on a certain port it's difficult to regulate who connects to this port. Early implementations messed with TCP Wrappers which allowed one to set up a simple whitelist or blacklist of who can connect. This didn't cover UDP though and it was still required that the program accepted the connection before closing it, this means that someone could stealth scan a port and know that it was listening. Firewalls allowed finer control and aren't as revealing over open ports. BSD has ipfw, ipfw2, ipf and pf as firewalls.