Foundations of Python Network Programming 978-1-4302-3004-5
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
CHAPTER 2 ■ UDP<br />
So binding to an IP interface might limit which external hosts can talk to you; but it will certainly not<br />
limit conversations with other clients on the same machine, so long as they know the IP address that<br />
they should use to connect.<br />
Second, what happens if we try to run two servers at the same time? Stop all <strong>of</strong> the scripts that are<br />
running, and we can try running two servers on the same box. One will be connected to the loopback:<br />
$ python udp_remote.py server 127.0.0.1<br />
Listening at ('127.0.0.1', 1060)<br />
And then we try running a second one, connected to the wildcard IP address that allows requests<br />
from any address:<br />
$ python udp_remote.py server<br />
Traceback (most recent call last):<br />
...<br />
socket.error: [Errno 98] Address already in use<br />
Whoops! What happened? We have learned something about operating system IP stacks and the<br />
rules that they follow: they do not allow two different sockets to listen at the same IP address and port<br />
number, because then the operating system would not know where to deliver incoming packets. And<br />
both <strong>of</strong> the servers just shown wanted to hear packets coming from the localhost to port 1060.<br />
But what if instead <strong>of</strong> trying to run the second server against all IP interfaces, we just ran it against<br />
an external IP interface—one that the first copy <strong>of</strong> the server is not listening to? Let us try:<br />
$ python udp_remote.py server 192.168.5.130<br />
Listening at ('192.168.5.130', 1060)<br />
It worked! There are now two servers running on this machine, one <strong>of</strong> which is bound to the inwardlooking<br />
port 1060 on the loopback interface, and the other looking outward for packets arriving on port<br />
1060 from the network to which my wireless card has connected. If you happen to be on a box with<br />
several remote interfaces, you can start up even more servers, one on each remote interface.<br />
Once you have these servers running, try to send them some packets with the client program. You<br />
will find that each request is received by only one server, and that in each case it will be the server that<br />
holds the particular IP address to which you have directed the UDP request packet.<br />
The lesson <strong>of</strong> all <strong>of</strong> this is that an IP network stack never thinks <strong>of</strong> a UDP port as a lone entity that is<br />
either entirely available, or else in use, at any given moment. Instead, it thinks in terms <strong>of</strong> UDP “socket<br />
names” that are always a pair linking an IP interface—even if it is the wildcard interface—with a UDP<br />
port number. It is these socket names that must not conflict among the listening servers at any given<br />
moment, rather than the bare UDP ports that are in use.<br />
One last warning: since the foregoing discussion indicated that binding your server to the interface<br />
127.0.0.1 protects you from possibly malicious packets generated on the external network, you might<br />
think that binding to one external interface will protect you from malicious packets generated by<br />
malcontents on other external networks. For example, on a large server with multiple network cards, you<br />
might be tempted to bind to a private subnet that faces your other servers, and think thereby that you<br />
will avoid spo<strong>of</strong>ed packets arriving at your Internet-facing public IP address.<br />
Sadly, life is not so simple. It actually depends on your choice <strong>of</strong> operating system, and then upon<br />
how it is specifically configured, whether inbound packets addressed to one interface are allowed to<br />
appear at another interface. It might be that your system will quite happily accept packets that claim to<br />
be from other servers on your network if they appear over on your public Internet connection! Check<br />
with your operating system documentation, or your system administrator, to find out more about your<br />
particular case. Configuring and running a firewall on your box could also provide protection if your<br />
operating system does not.<br />
29