Network Servers: URIs, HTTP, RPC Jeff Chase Duke University

advertisement
Duke Systems
Network Servers: URIs, HTTP, RPC
Jeff Chase
Duke University
Heap manager
• Hours spent for 90+ points:
– 4, 4, 5, 6, 6, 8, 10, 10, 10, 10, 12,…
– 20, 20+, 24,
– 40, 65
• If it were a contest, winners are:
– 13 students: 92-93% success rate on canned test
– Tyler Nisonoff: consumes half the CPU as runner up, 92%
– Ben Berg
– Tamara Silbergleit
– Ang Li
– Kuang Han
– Matthew Tse
MacOS X
“tiny” heap
MacOS X
“small” heap
Heap manager: lessons
• “Real” heap managers are more complex:
– They maintain multiple free lists for different size
blocks.
– And possibly different data structures for different
size blocks.
– Be sure that you understand why.
• Debugging takes a lot of time and doesn’t teach you
much and forces you to sit in front of a computer
which is unhealthy and painful and frustrating when
you could be outside in sunlight and fresh air.
– Thought question: what do you wish we had told you?
End-to-end application delivery
Where is your application?
Where is your data?
Where is your OS?
Cloud and Software-as-a-Service (SaaS)
Rapid evolution, no user upgrade, no user data management.
Agile/elastic deployment on virtual infrastructure.
Services
service
RPC
content
provider
GET
(HTTP)
etc.
Clients
initiate connection
and send requests.
Server
listens for and
accepts clients,
handles requests,
sends replies
Networking
endpoint
port
operations
advertise (bind)
listen
connect (bind)
close
channel
binding
connection
node A
write/send
read/receive
node B
Some IPC mechanisms allow communication across a network.
E.g.: sockets using Internet communication protocols (TCP/IP).
Each endpoint on a node (host) has a port number.
Each node has one or more interfaces, each on at most one network.
Each interface may be reachable on its network by one or more names.
E.g. an IP address and an (optional) DNS name.
A simple, familiar example
“GET /images/fish.gif HTTP/1.1”
URL
URIs and URLs
[image: msdn.microsoft.com]
Android content providers: URIs
Define the provider's authority string, its content URIs, and
column names….To avoid conflicts with other providers, you
should use Internet domain ownership (in reverse) as the basis
…for Android package names…define your provider authority
as an extension of the name of the package containing [it]…
Developers usually create content URIs from the authority by
appending paths that point to individual tables…
By convention, providers offer access to a single row in a table
by accepting a content URI with an ID value for the row at the
end of the URI. …
[images from http://www.tutos-android.com/contentprovider-android]
Taking it to the net
The network stack
NFS
(files)
HTTP
(web)
SMTP
(email)
SSH
(login)
RPC
Applications
Abstraction
UDP
Transport
(L4)
TCP
Network packet
(L3)
IP
Ethernet
ATM
PPP
Interfaces
RPC
call
return
return
call
Client
stub
Server
stub
send
recv
send
recv
RPC: Language Integration
Stubs link with the client/server code to “hide” the boundary crossing.
– Marshal arguments/results
– Propagate exceptions
– Binding: need some way to
name the server
– Stubs are auto-generated
from an Interface Description
Language (IDL) file.
RPC Execution
• How is this different
from a local procedure
call?
• How is it different from
a system call?
The network stack, simplified
Internet client host
Internet server host
Client
User code
Server
TCP/IP
Kernel code
TCP/IP
Sockets interface
(system calls)
Hardware interface
(interrupts)
Network
adapter
Hardware
and firmware
Global IP Internet
Network
adapter
Web services
• HTTP is the standard for web systems.
– GET, PUT, POST, DELETE
• Various standards and styles layer above it.
• The Android content provider URI form is in the style
of REST, as used in popular SaaS frameworks.
• What’s important is that the URI/URL authority
always has the info to bind a channel to the server.
– Translate domain name to an IP address and port using
DNS service (later).
• The URI path is interpreted by the server: it may
encode the name of a file on the server, or a program
entry point and arguments, or…
“Web-oriented
architecture”
“CRUD”
TCP/IP connection
socket
Client
socket
TCP byte-stream connection
(128.2.194.242, 208.216.181.15)
Client host address
128.2.194.242
Server
Server host address
208.216.181.15
[adapted from CMU 15-213]
TCP/IP connection
Client socket address
128.2.194.242:51213
Client
Server socket address
208.216.181.15:80
Connection socket pair
(128.2.194.242:51213, 208.216.181.15:80)
Client host address
128.2.194.242
Server
(port 80)
Server host address
208.216.181.15
Note: 80 is a well-known port
associated with Web servers
Note: 51213 is an
ephemeral port allocated
by the kernel
[adapted from CMU 15-213]
TCP/IP Ports
• What port number to connect to?
– We have to agree on well-known ports for common services
– Look at /etc/services
• Ports 1023 and below are ‘reserved’ This port
abstraction is an Internet Protocol (L4) concept.
– Source/dest port is named in every packet.
– Kernel looks at port to demultiplex incoming traffic.
• Clients need a return port, but it can be an
ephemeral port assigned dynamically by the kernel.
Packet demultiplexing
WebServer Flow
Create ServerSocket
TCP socket space
connSocket = accept()
read request from
connSocket
128.36.232.5
128.36.230.2
state: listening
address: {*.6789, *.*}
completed connection queue:
sendbuf:
recvbuf:
state: established
address: {128.36.232.5:6789, 198.69.10.10.1500}
sendbuf:
recvbuf:
read
local file
write file to
connSocket
close connSocket
state: listening
address: {*.25, *.*}
completed connection queue:
sendbuf:
recvbuf:
Discussion: what does step do and how long
does it take?
Server listens on a socket
struct sockaddr_in socket_addr;
sock = socket(PF_INET, SOCK_STREAM, 0);
int on = 1;
setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof on);
memset(&socket_addr, 0, sizeof socket_addr);
socket_addr.sin_family = PF_INET;
socket_addr.sin_port = htons(port);
socket_addr.sin_addr.s_addr = htonl(INADDR_ANY);
if (bind(sock, (struct sockaddr *)&socket_addr, sizeof socket_addr) < 0) {
perror("couldn't bind");
exit(1);
}
listen(sock, 10);
Accept loop
while (1) {
int acceptsock = accept(sock, NULL, NULL);
char *input = (char *)malloc(1024*sizeof (char));
recv(acceptsock, input, 1024, 0);
int is_html = 0;
char *contents = handle(input,&is_html);
free(input);
…send response…
close(acceptsock);
}
Send HTTP/HTML response
const char *resp_ok = "HTTP/1.1 200 OK\nServer: BuggyServer/1.0\n";
const char *content_html = "Content-type: text/html\n\n";
send(acceptsock, resp_ok, strlen(resp_ok), 0);
send(acceptsock, content_html, strlen(content_html), 0);
send(acceptsock, contents, strlen(contents), 0);
send(acceptsock, "\n", 1, 0);
free(contents);
Anatomy of an HTTP Transaction
unix> telnet www.aol.com 80
Trying 205.188.146.23...
Connected to aol.com.
Escape character is '^]'.
GET / HTTP/1.1
host: www.aol.com
Client: open connection to server
Telnet prints 3 lines to the terminal
Client: request line
Client: required HTTP/1.1 HOST header
Client: empty line terminates headers.
Server: response line
Server: followed by five response headers
HTTP/1.0 200 OK
MIME-Version: 1.0
Date: Mon, 08 Jan 2001 04:59:42 GMT
Server: NaviServer/2.0 AOLserver/2.3.3
Content-Type: text/html
Server: expect HTML in the response body
Content-Length: 42092
Server: expect 42,092 bytes in the resp body
Server: empty line (“\r\n”) terminates hdrs
<html>
Server: first HTML line in response body
...
Server: 766 lines of HTML not shown.
</html>
Server: last HTML line in response body
Connection closed by foreign host. Server: closes connection
unix>
Client: closes connection and terminates
[CMU 15-213]
A Short Quiz: HTTPS/SSL
1. What is the most important advantage of symmetric
crypto (DES) relative to asymmetric crypto (RSA)?
2. What is the most important advantage of
asymmetric crypto relative to symmetric crypto?
3. What is the most important limitation/challenge for
asymmetric crypto with respect to security?
4. Why does SSL “change ciphers” during the
handshake?
5. How does SSL solve the key distribution problem
for symmetric crypto?
6. Is key exchange vulnerable to man-in-the-middle
attacks?
Download