facility, which means that packets may be lost, arrive multiple times,
or out of order. Moreover, packets can be fragmented or defragmented. </p>
+SUBSECTION(«Network Address Translation (NAT)»)
+
+<p> IP addresses are a global resource, so each address must only be
+assigned to at most one device. The <em>Internet Assigned Numbers
+Authority</em> (IANA) coordinates who is entitled to use any given
+range of IPv4 addresses. However, a number IP ranges, for example the
+ranges 10.0.0.0-10.255.255.255 and 192.168.0.0-192.168.255.255, are
+reserved for local use only so that these addresses can be assigned
+in multiple local networks without interfering with each other. </p>
+
+<p> In a network which contains only local addresses, the devices
+can communicate with each other, but they will not be able to access
+public world-wide services. To illustrate how NAT works around this
+restriction, consider a desktop computer in a local network which
+intents to perform a web search by contacting a public web server
+which is <em>not</em> a member of the local network. </p>
+
+<p> The desktop is configured to route packets which are not
+destined for the local network through a dedicated machine, called
+the <em>router</em>. The router has two IP addresses: one address
+in the local network and a public NAT address. As traffic passes
+from the desktop through the router to the web server, the router
+alters the source address of each IP packet (the local address of the
+desktop) to the public NAT address of the router, and keeps track of
+all thusly forwarded connections. When a reply arrives at the router,
+it uses the connection tracking data stored during the outbound phase
+to determine the address in the local network to which to forward the
+reply. This time the router alters the <em>destination</em> address
+of the packet to the local address of the desktop and forwards the
+packet to the desktop via the local network. </p>
+
+<p> NAT can be seen as providing a kind of privacy mechanism because
+machines on the internet cannot monitor which hosts are sending and
+receiving traffic. They only see the NAT address. NAT has also
+downsides though: Pinpointing the source of a problem becomes harder,
+and encryption becomes more difficult. For example you can not encrypt
+the IP address because the router must be able to change it. </p>
+
EXERCISES()
<ul>
devices can be connected.
»)
-HOMEWORK(«
-
-Illustrate how <em> network address translation </em> (NAT) works
-on the basis of a web search initiated from a desktop computer in a
-local network and discuss the implications that NAT has on privacy.
-
-», «
-
-<p> The desktop is configured to route packets which are not destined
-for the local network through a dedicated machine, called the <em>
-router</em>. In particular, all internet traffic is sent to the router.
-The router has two IP addresses: one address in the local network
-and a public NAT address. As traffic passes from the desktop through
-the router to the web server in the internet, the source address of
-each IP packet (the local address of the desktop) is changed on the
-fly to the public NAT address of the router. The router tracks each
-active connection. When a reply arrives at the router, it uses the
-connection tracking data stored during the outbound phase to determine
-the address in the local network to which to forward the reply. This
-time it overwrites the destination address of the IP packet with the
-local address of the desktop. </p>
-
-<p> NAT can be seen as providing a kind of privacy mechanism because
-machines on the internet cannot monitor which hosts are sending and
-receiving traffic. They only see the NAT address. NAT has also
-downsides though: Pinpointing the source of a problem becomes harder,
-and encryption becomes more difficult. For example you can not encrypt
-the IP address because the router must be able to change it. </p>
-
-»)
-
HOMEWORK(«
Run <code> tracepath wikipedia.org</code>. Explain how this command
works and how it can be used to identify networking problems.
SECTION(«Application Layer»)
-<p> Application layer protocols define how the server side of a network
-service communicates with clients that connect to the server by
-connecting a specific TCP or UDP port. Services are often associcated
-with port numbers which can be registred at the <em> Internet Assigned
-Numbers Authority </em> (IANA). </p>
+<p> Application layer protocols define how the server side of
+a network service communicates with clients that connect to the
+server by connecting a specific TCP or UDP port. Services are often
+associcated with port numbers which can be registred at the IANA. </p>
<p> Examples for application layer protocols which are employed on top of
TCP are the <em> Hypertext Transfer Protocol </em> (HTTP, port 80)
<code>..</code> which refer to the directory itself and its parent
directory, respectively. </p>
+<p> One consequence of the special meaning of the path components
+<code>.</code> and <code>..</code> is that there are infinitely
+many paths which refer to the same file. Indeed, given the path
+<code>/foo/bar</code>, one may construct different paths which
+refer to the same file by inserting any number of <code>/.</code>
+or <code>../foo</code> after the first component. For example,
+<code>/foo/./bar</code> and <code>/foo/../foo/bar</code> both refer
+to the same file. If relative paths have to be taken into account as
+well, even more paths can be constructed. </p>
+
+<p> This illustrates the fundamental difference between a path and a
+file. Paths can be mapped to files, but not the other way around. In
+particular, there is no such thing like "the list of paths which
+have changed since yesterday". Also, it is incorrect to assume
+that two files are different just because their paths are different.
+The concept of hard- and soft links discussed below further complicates
+the relationship between paths and files. </p>
+
SUBSECTION(«Globbing»)
<p> Globbing, also known as <em>pathname expansion</em>, is a pattern
globbing available to other applications. These are implemented as
part of libc. </p>
-
<p> There are a few quirks related to globbing which are worth to
point out. First, if no valid path matches the given pattern, the
expansion of the pattern is, by definition according to POSIX, the
for large filesystems, and the result is unreliable anyway unless
the filesystems are mounted read-only. </p>
+<p> It is possible to choose among all possible paths which refer
+to the same file a <em>canonical</em> path, that is, a shortest
+(counting characters) absolute path which does not contain any soft
+links. In fact, the POSIX standard requires each Unix system library
+to provide the <code>realpath()</code> library function which performs
+the following substitutions on the given path: First, the path to
+the current working directory is prepended if the given path is
+relative (does not begin with a slash). Second, symbolic links are
+replaced by their targets. Third, any occurrences of <code>/.</code>
+and <code>foo/..</code> are removed. The thusly transformed path is
+returned by the function as the canonical path. </p>
+
+<p> Each path can be canonicalized in this way, but not all paths
+which refer to the same file give rise to the same canonical path. For
+example, <code>/tmp/foo</code> and <code>/tmp/bar</code> could refer
+to regular files which are hard links of each other. In this case the
+paths refer to the same file, yet the paths are different and already
+canonicalized. The same can happen when a file system (or a subtree
+of it) is <em>bind mounted</em>. That is, the file system tree is
+visible at two or more locations in the global directory tree. </p>
+
EXERCISES()
<ul>
file type for hard links? </li>
</ul>
-HOMEWORK(«
-How many paths are there that refer to the same file?
-», «
-Given the path <code>/foo/bar</code>, one may construct different paths
-which refer to the same file by inserting any number of <code>/.</code>
-or <code>../foo</code> after the first component. For example,
-<code>/foo/./bar</code> and <code>/foo/../foo/bar</code> both refer
-to the same file. If relative paths have to be taken into account as
-well, even more paths can be constructed easily. Hence the answer is:
-arbitrary many.
-
-This illustrates the fundamental difference between a path and a
-file. Paths can be mapped to files, but not the other way around. In
-particular, there is no such thing like "the list of paths which have
-changed since yesterday".
-
-The concept of hard- and soft links complicates the situation further.
-»)
-
HOMEWORK(«
Given two paths, how can one tell if they refer to the same file?
», «
»)
-HOMEWORK(«
-
-Is it possible to choose among all possible paths which refer to the
-same file a <em>canonical</em> path? That is, a shortest (counting
-characters) absolute path which does not contain any soft links?
-
-», «
-
-<p> The POSIX standard requires each Unix system library to provide
-the <code>realpath()</code> function which performs the following
-substitutions on the given path: First, the path to the current
-working directory is prepended if the given path is relative
-(does not begin with a slash). Second, symbolic links are replaced
-by their targets. Third, any occurrences of <code>/.</code> and
-<code>foo/..</code> are removed. The thusly transformed path is
-returned by the function as the canonical path. </p>
-
-<p> Although each path can be canonicalized in this way, not all paths
-which refer to the same file give rise to the same canonical path. For
-example, <code>/tmp/foo</code> and <code>/tmp/bar</code> could refer
-to regular files which are hard links of each other. In this case the
-paths refer to the same file, yet the paths are different and already
-canonicalized. The same can happen when a file system (or a subtree
-of it) is <em>bind mounted</em>. That is, the file system tree is
-visible at two or more locations in the global directory tree. </p>
-
-The message of this exercise is to convince the reader that it is
-incorrect to assume that two files are different because their paths
-are different.
-
-»)
-
SECTION(«Processes»)
<p> A <em>program</em> consists of instructions and data stored in
projects / aple.git / commitdiff