kb/network-l4

Linux networking: transport layer and above (L4+)

TCP, UDP, and DNS on Linux: the transport layer and above. The TCP three-way handshake and TCP states, conntrack, NAT and masquerade, DNS resolution, the TLS handshake, ports and sockets. This is how the Linux kernel handles connections at the transport level and the protocols above it.

14 статей в категории

§ статьи

coapCoAP: REST for Constrained Devices over UDPCoAP is REST over UDP for low-power IoT devices. 4-byte header, GET/POST/PUT/DELETE, response codes like HTTP. Observe for notifications. DTLS for security. Used in LwM2M, Thread.
dhcp-protocolDHCP: Dynamic Host Configuration ProtocolDHCP gives a host its IP address, subnet mask, gateway, and DNS via broadcast. 4 packets: DORA = Discover (client), Offer (server), Request (client), Ack (server). The lease renews at 50% of the TTL.
dns-resolutionDNS: ResolutionName-to-IP resolution goes through NSS: first `/etc/hosts`, then DNS via `/etc/resolv.conf`. The order is set in `/etc/nsswitch.conf`.
grpc-basicsgRPC: HTTP/2 + Protobuf RPC FrameworkgRPC = HTTP/2 + Protocol Buffers + code generation. Four RPC types: unary (like REST), server-stream, client-stream, bidirectional. Strong typing, binary wire format, multi-language support. grpcurl is curl for gRPC.
http-protocolHTTP/1.1, HTTP/2, HTTP/3HTTP/1.1 is a text-based protocol with keep-alive. HTTP/2 is binary with multiplexing over a single TCP connection. HTTP/3 carries HTTP/2 semantics over QUIC/UDP without TCP head-of-line blocking.
http2-internalsHTTP/2: Binary Framing, HPACK, Stream MultiplexingHTTP/2 is binary multiplexing over a single TCP connection. HPACK compresses headers through an indexed dictionary. Streams are independent. Server push is deprecated. On a loss-prone link, HoL blocking is a real problem, solved by QUIC.
natNAT: Network Address TranslationNAT rewrites the src or dst address of a packet at a router. Masquerade is the common case: the src IP is replaced with the router's outbound address so hosts on a private network can reach the public internet.
portPort: How Multiple Services Share One IPA 16-bit number (0-65535) that identifies the **destination process** on a host. IP says which host; port says which process. 80 is HTTP, 443 is HTTPS, 22 is SSH.
tcp-keepaliveTCP keepaliveKeepalive sends probes on an idle TCP connection to detect a dead peer (NAT timeout, crashed host). Linux defaults: 7200s idle, 75s between probes, 9 probes. Enabled via setsockopt(SO_KEEPALIVE).
tcp-statesTCP states (LISTEN, ESTABLISHED, TIME_WAIT)A TCP session moves through 11 states from LISTEN to CLOSED. The most important in production: LISTEN, ESTABLISHED, TIME_WAIT, CLOSE_WAIT.
tcp-handshakeTCP three-way handshakeTCP connection opens with three packets: SYN from the client, SYN-ACK from the server, ACK from the client. After that the connection is Established and data transfer can begin.
tls-handshakeTLS HandshakeTLS is the encryption layer above TCP. Before data flows, both sides run a handshake: they exchange keys, verify the certificate, and agree on a cipher.
udp-basicsUDP: User Datagram ProtocolUDP delivers datagrams without establishing a connection, without retransmits, and without ordering guarantees. Header is 8 bytes. Use it for DNS, DHCP, QUIC, VoIP, and any case where latency matters more than reliability.
websocketWebSocket: Bidirectional Channel over HTTPWebSocket is a bidirectional channel over a single TCP connection. The upgrade from HTTP/1.1 uses the Upgrade header; after that, both sides exchange binary frames. Typical use cases: real-time UI, chats, dashboards, live updates.

← вернуться ко всем категориям базы знаний