Unix Domain Socket (UDS)
A Unix domain socket, Unix socket, or IPC socket (inter-process communication socket) is a data communications endpoint for exchanging data between processes executing on the same host operating system. Valid socket types in the UNIX domain are:
SOCK_STREAM(compare to TCP) – for a stream-oriented socketSOCK_DGRAM(compare to UDP) – for a datagram-oriented socket that preserves message boundaries (as on most UNIX implementations, UNIX domain datagram sockets are always reliable and don’t reorder datagrams)SOCK_SEQPACKET(compare to SCTP) – for a sequenced-packet socket that is connection-oriented, preserves message boundaries, and delivers messages in the order that they were sent
The Unix domain socket facility is a standard component of POSIX operating systems.
The API for Unix domain sockets is similar to that of an Internet socket, but rather than using an underlying network protocol, all communication occurs entirely within the operating system kernel.
Unix domain sockets may use the file system as their address name space. (Some operating systems, like Linux, offer additional namespaces.) Processes reference Unix domain sockets as file system inodes, so two processes can communicate by opening the same socket.
In addition to sending data, processes may send file descriptors across a Unix domain socket connection using the sendmsg() and recvmsg() system calls. This allows the sending processes to grant the receiving process access to a file descriptor for which the receiving process otherwise does not have access.
This can be used to implement a rudimentary form of capability-based security.[4] For example, this allows the Clam AntiVirus scanner to run as an unprivileged daemon on Linux and BSD, yet still read any file sent to the daemon’s Unix domain socket.
UDS vs TCP
IPC with UDS looks very similar to IPC with regular TCP sockets using the loop-back interface (localhost or 127.0.0.1), but there is a key difference: performance. While the TCP loop-back interface can skip some of the complexities of the full TCP/IP network stack, it retains many others, e.g., 应答(ACKs), 计算校验和(checksum)打包拆包, 维护序号, TCP flow control, and so on). These complexities are designed for reliable cross-machine communication, but on a single host they’re an unnecessary burden.
为什么有这些区别,网络协议是为不可靠的通讯设计的,而IPC 机制本质上是可靠的通讯。
There are some additional differences. For example, since UDS use paths in the filesystem as their addresses, we can use directory and file permissions to control access to sockets, simplifying authentication.
The big disadvantage of UDS compared to TCP sockets is the single-host restriction, of course. For code written to use TCP sockets we only have to change the address from local to remote and everything keeps working. That said, the performance advantages of UDS are significant enough, and the API is similar enough to TCP sockets that it’s quite possible to write code that supports both (UDS on a single host, TCP for remote IPC) with very little difficulty.
SOCK_STREAM vs SOCK_DGRAM
- Stream socket allows for reading arbitrary number of bytes, but still preserving byte sequence. In other words, a sender might write 4K of data to the socket, and the receiver can consume that data byte by byte. The other way around is true too - sender can write several small messages to the socket that the receiver can consume in one read. Stream socket does not preserve message boundaries.
- Datagram socket, on the other hand, does preserve these boundaries - one write by the sender always corresponds to one read by the receiver (even if receiver’s buffer given to
read(2)orrecv(2)is smaller then that message).
So if your application protocol has small messages with known upper bound on message size you are better off with SOCK_DGRAM since that’s easier to manage.
If your protocol calls for arbitrary long message payloads, or is just an unstructured stream (like raw audio or something), then pick SOCK_STREAM and do the required buffering.
Performance should be the same since both types just go through local in-kernel memory, just the buffer management is different.
Demo
C
下面通过一个简单的 demo 来理解相关概念。程序分为服务器端和客户端两部分,它们之间通过 unix domain socket 进行通信。
服务器端程序
下面是一个非常简单的服务器端程序,它从客户端读字符,然后将每个字符转换为大写并回送给客户端:
#include <stdlib.h>
#include <stdio.h>
#include <stddef.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <errno.h>
#include <string.h>
#include <unistd.h>
#include <ctype.h>
#define MAXLINE 80
char *socket_path = "server.socket";
int main(void)
{
struct sockaddr_un serun, cliun;
socklen_t cliun_len;
int listenfd, connfd, size;
char buf[MAXLINE];
int i, n;
if ((listenfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
perror("socket error");
exit(1);
}
memset(&serun, 0, sizeof(serun));
serun.sun_family = AF_UNIX;
strcpy(serun.sun_path, socket_path);
size = offsetof(struct sockaddr_un, sun_path) + strlen(serun.sun_path);
unlink(socket_path);
if (bind(listenfd, (struct sockaddr *)&serun, size) < 0) {
perror("bind error");
exit(1);
}
printf("UNIX domain socket bound\n");
if (listen(listenfd, 20) < 0) {
perror("listen error");
exit(1);
}
printf("Accepting connections ...\n");
while(1) {
cliun_len = sizeof(cliun);
if ((connfd = accept(listenfd, (struct sockaddr *)&cliun, &cliun_len)) < 0){
perror("accept error");
continue;
}
while(1) {
n = read(connfd, buf, sizeof(buf));
if (n < 0) {
perror("read error");
break;
} else if(n == 0) {
printf("EOF\n");
break;
}
printf("received: %s", buf);
for(i = 0; i < n; i++) {
buf[i] = toupper(buf[i]);
}
write(connfd, buf, n);
}
close(connfd);
}
close(listenfd);
return 0;
}
int socket(int family, int type, int protocol);
使用 UNIX domain socket 的过程和网络 socket 十分相似,也要先调用 socket() 创建一个 socket 文件描述符。
- family 指定为 AF_UNIX,使用 AF_UNIX 会在系统上创建一个 socket 文件,不同进程通过读写这个文件来实现通信。
- type 可以选择 SOCK_DGRAM 或 SOCK_STREAM。SOCK_STREAM 意味着会提供按顺序的、可靠、双向、面向连接的比特流。SOCK_DGRAM 意味着会提供定长的、不可靠、无连接的通信。
- protocol 参数指定为 0 即可。
UNIX domain socket 与网络 socket 编程最明显的不同在于地址格式不同,用结构体 sockaddr_un 表示,网络编程的 socket 地址是 IP 地址加端口号,而 UNIX domain socket 的地址是一个 socket 类型的文件在文件系统中的路径,这个 socket 文件由 bind() 调用创建,如果调用 bind() 时该文件已存在,则 bind() 错误返回。因此,一般在调用 bind() 前会检查 socket 文件是否存在,如果存在就删除掉。
网络 socket 编程类似,在 bind 之后要 listen,表示通过 bind 的地址(也就是 socket 文件)提供服务。
接下来必须用 accept() 函数初始化连接。accept() 为每个连接创立新的套接字并从监听队列中移除这个连接。
客户端程序
下面是客户端程序,它接受用户的输入,并把字符串发送给服务器,然后接收服务器返回的字符串并打印:
#include <stdlib.h>
#include <stdio.h>
#include <stddef.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <errno.h>
#include <string.h>
#include <unistd.h>
#define MAXLINE 80
char *client_path = "client.socket";
char *server_path = "server.socket";
int main() {
struct sockaddr_un cliun, serun;
int len;
char buf[100];
int sockfd, n;
if ((sockfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0){
perror("client socket error");
exit(1);
}
// 一般显式调用bind函数,以便服务器区分不同客户端
memset(&cliun, 0, sizeof(cliun));
cliun.sun_family = AF_UNIX;
strcpy(cliun.sun_path, client_path);
len = offsetof(struct sockaddr_un, sun_path) + strlen(cliun.sun_path);
unlink(cliun.sun_path);
if (bind(sockfd, (struct sockaddr *)&cliun, len) < 0) {
perror("bind error");
exit(1);
}
memset(&serun, 0, sizeof(serun));
serun.sun_family = AF_UNIX;
strcpy(serun.sun_path, server_path);
len = offsetof(struct sockaddr_un, sun_path) + strlen(serun.sun_path);
if (connect(sockfd, (struct sockaddr *)&serun, len) < 0){
perror("connect error");
exit(1);
}
while(fgets(buf, MAXLINE, stdin) != NULL) {
write(sockfd, buf, strlen(buf));
n = read(sockfd, buf, MAXLINE);
if ( n < 0 ) {
printf("the other side has been closed.\n");
}else {
write(STDOUT_FILENO, buf, n);
}
}
close(sockfd);
return 0;
}
与网络 socket 编程不同的是,UNIX domain socket 客户端一般要显式调用 bind 函数,而不依赖系统自动分配的地址。客户端 bind 一个自己指定的 socket 文件名的好处是,该文件名可以包含客户端的 pid 等信息以便服务器区分不同的客户端。
Running
分别把服务器端程序和客户端程序保存为 server.c 和 client.c 文件,并编译:
$ gcc server.c -o server
$ gcc client.c -o client
先启动服务器端程序,然后启动客户端程序输入字符串并回车:
$ ./client
aaa
AAA
ss
SS
$ ./server
UNIX domain socket bound
Accepting connections ...
received: aaa
�received: ss
看看当前目录下的文件:
$ ls *socket
client.socket server.socket
Examples
Full duplex pipe using socketpair()
int socketpair(int domain, int type, int protocol, int sv[2]);
Returns 0 if OK, -1 on error
- same picture as the one for
pipe()but arrows going both ways
Passing file descriptors
- duplicate a file descriptor across running processes
Connect UDS
curl
$ curl --unix-socket /tmp/gateway_http.sock -H 'Content-Type: application/json' --data '{"user_id":"test_json_user_name"}' 'http://127.0.0.1:9995/demo.golang.user.get.info' -v
nc
$ echo hello | nc -U /tmp/spex.sock
Reference
- https://en.wikipedia.org/wiki/Unix_domain_socket
- https://man7.org/linux/man-pages/man7/unix.7.html
- https://www.cnblogs.com/sparkdev/p/8359028.html
- https://www.ibm.com/docs/en/ztpf/2020?topic=considerations-unix-domain-sockets
- https://serverfault.com/questions/124517/what-is-the-difference-between-unix-sockets-and-tcp-ip-sockets
- http://www.cs.columbia.edu/~jae/4118/L09-domain-sockets.html
- https://stackoverflow.com/questions/13953912/difference-between-unix-domain-stream-and-datagram-sockets
- https://eli.thegreenplace.net/2019/unix-domain-sockets-in-go/