unix-socket

I have a Go program hosting a simple HTTP service on localhost:8080 so I can connect my public nginx host to it via the proxy_pass directive, as a reverse proxy to serve part of my site's requests. This is all working great, no problems there. I want to convert the Go program to host the HTTP service on a Unix domain socket instead of a local TCP socket for improved security and to reduce the unnecessary protocol overhead of TCP. PROBLEM : The problem is that Unix domain sockets cannot be reused once they are bind() to, even after program termination. The second time (and every time after) I

I'm writing an application that listens for UDP packets over a unix domain socket. Consider the following code block. int sockfd; struct sockaddr_un servaddr; sockfd = socket(AF_LOCAL, SOCK_DGRAM, 0); if(sockfd < 0) { perror("socket() failed"); } unlink(port); bzero(&servaddr, sizeof(servaddr)); servaddr.sun_family = AF_LOCAL; strcpy(servaddr.sun_path, port); if(bind(sockfd, (struct sockaddr *)&servaddr, sizeof(servaddr)) < 0) { perror("bind() failed"); close(sockfd); } int n; struct sockaddr_un cliaddr; socklen_t len = sizeof(cliaddr); discovery_msgs client_message; bzero(&client_message,

In my Linux system ephemeral port range is showing different ranges as follows $ cat /proc/sys/net/ipv4/ip_local_port_range 32768 61000  cat /etc/sysctl.conf | grep net.ipv4.ip_local_port_range net.ipv4.ip_local_port_range = 9000 65500 Which will be the effective ephemeral port range in my system? Following command will list the ephemeral port range in Linux system sysctl -A | grep ip_local_port_range If we don't want to reboot, after editing /etc/sysctl.conf file if we execute following command it will be effective. sysctrl -p /etc/sysctl.conf . The truth of the matter of effective range is

I'm just starting with socket programming in UNIX and I was reading the man pages for the socket system call. I'm a bit confused about the AF_LOCAL argument and when it is used. The manual just says local communication. Wouldn't an AF_INET format also work for local communication? AF_LOCAL uses UNIX domain sockets which are local to the filesystem and can be used for internal communications. AF_INET is an IP socket. AF_LOCAL will not incur some performance penalties related to sending data over IP. See this old but very nice discussion of the topic. 来源： https://stackoverflow.com/questions

Writing the C source below using Unix local sockets I got an error about the address already in use. After having checked man 7 Unix for further informations I tried to create a sub-folder where executing my program (obviously modifying the sun_path field on the current folder) but the error was ever the same. Is there someone able to help me? Source code: #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/socket.h> #include <sys/types.h> #include <sys/un.h> #include <unistd.h> #include <errno.h> #define MAXLEN 128 int main (int argc, char *argv[]){ struct sockaddr_un

I have a program that is listening to a Unix Domain Socket. When a client connects to the socket I'd like to find out which program connected and then decide if I allow the connection or not (based on the user/group settings). Is this possible under Linux, and if so, how? Yes, this is possible on Linux, but it won't be very portable. It's achieved using what is called "ancillary data" with sendmsg / recvmsg . Use SO_PASSCRED with setsockopt Use SCM_CREDENTIALS and the struct ucred structure This structure is defined in Linux: struct ucred { pid_t pid; /* process ID of the sending process */

There are these two ways of running PHP-FPM. I know that nothing is bullet-proof in tech, but what are the pros and cons from both methods? The difference is mainly the added overhead of using the full network stack to "pack" and "unpack" every piece of data. Mind you that the overhead is negligible for most deployments Using a socket (e.g. listen = '/tmp/php-fpm.sock') makes sense when both the front-end (e.g. Nginx) and php-fpm are in the same box and You have the option to scale horizontally both the front and back-end together (say you are building a container with both and you can create