-------------------------
Week 10 Notes for CST8165
-------------------------
-Ian! D. Allen - idallen@idallen.ca - www.idallen.com

Remember - knowing how to find out an answer is more important than
memorizing the answer.  Learn to fish!  RTFM!  (Read The Fine Manual)

Keep up on your readings (Course Outline: average 4 hours/week homework)

Your second midterm test is this in class week (Week 10).

Review:
------

- the TCP "ACK" field
  - selective ACK - SACK
- TCP windowing
  - function of the "zero" window
- fragmentation (three evils)
  - Path Maximum Transmission Unit (PMTU) discovery
- congestion control
  - Explicit Congestion Notification (ECN)
    - incompatible change that breaks older routers
  - Slow Start
- the purpose of RFC1122 and RFC1123 (and RFC1127)

Server: Handling multiple simultaneous connections
--------------------------------------------------

How does a Unix/Linux program handle multiple simultaneous connections?

- if your server process is blocked on an accept() or read(), it can't
  process other client connections
- if your client process is blocked reading your keyboard, it can't
  display input coming from the server; if it is blocked on the server,
  it isn't reading your keyboard
- need to block and listen to multiple file descriptors at the same time
  and continue if input is received on *any* of them

Three Solutions to concurrency: fork(), select(), threads

A.  fork() separate processes to handle each file descriptor
    - e.g. server forks a new child process for each new client connection
    - e.g. client forks into one process for keyboard, one for server socket
    - forking (duplicating process address space) is expensive
    - forked processes can't communicate with each other (unless you
      explicitly set up inter-process communication sockets)

B.  use one single process and the system call select() to listen to
    multiple file descriptors at the same time
    - no need to fork()
    - one single process handles all the file descriptors
    - more complex than a forking server
    - single process can provide inter-client data transfer among the 
      many descriptors
    
C.  run separate process threads

Q: Name and describe three ways a server program can handle multiple
   simultaneous connections.

The fork() and select() methods are the traditional designs.  Threads are
relatively new and some thread libraries may be buggy (be careful).

We already implemented a fork() client and server; our next try is select().

Using select() to handle multiple connections:
---------------------------------------------

- the select() system call listens to multiple I/O descriptors all
  at the same time and unblocks when I/O is possible on *any* of them
- select() I/O descriptors are represented in bit vectors:
    * FD_ZERO(fd_set *set) -- clears a file descriptor set
    * FD_SET(int fd, fd_set *set) -- adds fd to the set
    * FD_CLR(int fd, fd_set *set) -- removes fd from the set
    * FD_ISSET(int fd, fd_set *set) -- tests to see if fd is in the set

http://beej.us/guide/bgnet/output/html/singlepage/bgnet.html#select
http://beej.us/guide/bgnet/examples/selectserver.c

Write the PDL for the selectserver.c program.

1) See section "6.2. select()--Synchronous I/O Multiplexing"
   in http://beej.us/guide/bgnet/output/html/singlepage/bgnet.html
   Do a read-through of code that uses the select() syscall.

2) Write the PDL for selectserver.c and rework it (and the code)
   to reduce the number of indentation levels.  (See the hints for
   reducing indentation in the Notes file deep_indentation.txt )

More descriptions of how select() works are here:

  "man select_tut"  ( http://swoolley.homeip.net/man.cgi/select_tut )
  http://www.mksxserver.com/docs/man3/select.3.asp
  http://www.opengroup.org/onlinepubs/007908799/xsh/select.html
  http://www.lowtek.com/sockets/select.html
  http://www.developerweb.net/forum/showthread.php?t=2933

===============================================================================

Testing - black box vs. white box, "behavioral" vs. "structural"
-------
 - I don't have time to read and test all your code; you have to do it

  http://www.scism.sbu.ac.uk/law/Section5/chap3/s5c3p23.html

   "White box testing is concerned only with testing the software
    product, it cannot guarantee that the complete specification
    has been implemented. Black box testing is concerned only with
    testing the specification, it cannot guarantee that all parts
    of the implementation have been tested. Thus black box testing
    is testing against the specification and will discover faults of
    omission, indicating that part of the specification has not been
    fulfilled. White box testing is testing against the implementation
    and will discover faults of commission, indicating that part of the
    implementation is faulty. In order to fully test a software product
    both black and white box testing are required."

  http://www.faqs.org/faqs/software-eng/testing-faq/section-13.html

   "One has to use a mixture of different methods so that they aren't
    hindered by the limitations of a particular one.  Some call this
    "gray-box" or "translucent-box" test design, but others wish we'd
    stop talking about boxes altogether."

Q: what type of tests exercise every line of code, especially each of
   the exceptions?

Q: what type of tests verify that the code matches the specifications?

Q: What is the difference between white-box and black-box testing of a
    piece of code?  Give the advantages and disadvantages of each method,
    especially with regard to testing the specification.

Q: Which type of testing is most likely to discover code security flaws?