Shulou(Shulou.com)06/03 Report--

Editor to share with you what python computer network-related knowledge points, I believe that most people do not know much about it, so share this article for your reference, I hope you will learn a lot after reading this article, let's go to know it!

Collation of knowledge points related to computer network: 1. OSI,TCP/IP, the architecture of five-layer protocol And each layer protocol? OSI layer (layer 7) physical layer, data link layer, network layer, transport layer, session layer, presentation layer, application layer TCP/IP layer (layer 4) network interface layer, network layer, transport layer, application layer five layer protocols (layer 5) physical layer, data link layer, network layer, transport layer, application layer

2. What are TCP and UDP? What's the difference between them?

TCP provides connection-oriented, reliable data flow transmission, while UDP provides non-connection-oriented, unreliable data flow transmission

Protocols corresponding to TCP:

(1) FTP: defines the file transfer protocol and uses port 21.

(2) Telnet: a port for remote login. Using port 23, users can connect to the computer remotely under their own identity and provide communication services based on DOS mode.

(3) SMTP: Mail transfer protocol for sending mail. The server opens port 25.

(4) POP3: it corresponds to SMTP, and POP3 is used to receive mail. The POP3 protocol uses port 110.

(5) HTTP: a transfer protocol for transferring hypertext from a Web server to a local browser.

Protocols corresponding to UDP:

(1) DNS: used for domain name resolution service to convert domain name addresses into IP addresses. DNS uses port 53.

(2) SNMP: simple Network Management Protocol, using port 161, is used to manage network devices. Due to the large number of network devices, connectionless services show their advantages.

(3) TFTP (Trival File Transfer Protocal), a simple file transfer protocol that uses UDP services on well-known port 69.

Comment

3. Please describe the process of TCP three-way handshake. Why three-way handshake?

First handshake: the client sends a syn packet (syn=x) to the server, enters the SYN_SEND state, and waits for the server to confirm

Second handshake: when the server receives the syn packet, it must confirm the customer's SYN (ack=x+1). At the same time, it also sends a SYN packet (syn=y), that is, the SYN+ACK packet, and the server enters the SYN_RECV state.

The third handshake: the client receives the SYN+ACK packet from the server and sends the confirmation packet ACK (ack=y+1) to the server. After the packet is sent, the client and the server enter the ESTABLISHED state and complete the three-way handshake.

The packet transmitted during the handshake does not contain data, and it is only after the three-way handshake that the client and the server officially begin to transmit data. Ideally, once a TCP connection is established, 4. Please describe the process of four breakups in TCP. Why do you need four breakups?

Similar to the "three-way handshake" of establishing a connection, disconnecting an TCP connection requires "four waves".

First wave: the active shutdown party sends a FIN to shut down the data transmission from the active party to the passive shutdown party, that is, the active shutdown party tells the passive shutdown party: I will not send you any more data (of course, if the data sent before the fin packet is not received, the active shutdown party will still resend the data if it does not receive the corresponding ack confirmation message), but the active shutdown party can also accept the data.

The second wave: after receiving the FIN packet, the passive closing party sends an ACK to the other party, confirming that the serial number is received by the serial number + 1 (same as SYN, a FIN occupies a serial number).

The third wave: the passive shutdown party sends a FIN to close the data transfer from the passive shutdown party to the active shutdown party, that is, to tell the active shutdown party that my data has been sent out and will not send you any more data.

The fourth wave: after the active closing party receives the FIN, it sends an ACK to the passive closing party, confirming that the serial number is received by the serial number + 1. At this point, four waves are completed.

5. Why wait for 2msl during the four breakups?

First, prevent the loss of the message segment of the fourth wave, and the server can not be shut down normally. If the fourth wave is lost, the server will resend the message of the third wave, requesting disconnection.

Second, 2MSL time can ensure the invalidation of all messages in this connection, prevent "invalid connection request message segment" from appearing in this connection, and avoid being regarded as a new connection request by the server.

6. What is the matter with TCP sticky bags and how to deal with them? does UDP have sticky bags?

The cause of sticky package:

Let's start with TCP: due to the mechanism of the TCP protocol itself (connection-oriented reliable protocol-three-way handshake mechanism), the client maintains a connection with the server (Channel), data can continuously send multiple packets to the server when the connection is open, but if the network packet sent is too small. Then he will enable the Nagle algorithm (configurable or not) to merge smaller packets (based on which the network latency of TCP is higher than that of UDP) and then send it (timeout or packet size is sufficient). In this way, when the server receives the message (data stream), it will not be able to distinguish which packets are sent separately by the client itself, resulting in sticky packets. After receiving the database, the server puts it into the buffer. If the message is not fetched from the cache in time, it may take out multiple packets at one time when fetching the data, resulting in sticky packet phenomenon (specifically, for applications based on TCP protocol, packets are not used to describe them, but streams are used to describe them). Personally, I think that the sticky packets generated by the server receiver should have nothing to do with the linear scan frequency of the select polling mechanism in the way the linux kernel handles socket.

Some of the existing open source materials are summarized as follows (common solutions):

One is to adopt the way of delimiter, that is, when we encapsulate the packet to be transmitted, we use a fixed symbol as the Terminator (the data cannot contain the Terminator in the data). That is, if the sticky packet is artificially separated, if there is no Terminator in a packet, it is considered that there is a subpacket, then wait for the next packet to appear and then combine into a complete packet. This method is suitable for data transmitted by text, such as using delimiters such as / rBand.

The other is to add length to the packet, that is, to encapsulate the length information of the packet (or the information that can calculate the total length of the packet) at a fixed position in the packet. After receiving the data, the server first parses the packet length, and then intercepts the packet according to the packet length (this method often occurs in custom protocols). However, there is a small problem, that is, if the client encapsulates the data length of the first packet incorrectly, it is likely to cause an error in parsing all the packets received later (due to the streaming transmission mechanism after TCP establishes a connection). This problem can only be eliminated when the client closes the connection and reopens it. I checked the data length when dealing with this problem. The defective packets received will be discarded artificially at the right time (the client has an automatic retransmission mechanism, so it will not cause data incompleteness at the application layer)

UDP does not have the problem of sticking packets, because when UDP is sent, it is not optimized by Negal algorithm, and multiple packets will not be merged and sent at once. In addition, at the receiving end of the UDP protocol, a chain structure is used to record each arriving UDP packet, so that the receiving application can only read one packet from the socket receiving buffer at a time. That is, the sender send several times, and the receiver must recv several times (no matter how large the buffer is specified during recv).

7. What about time_wait? What could be the reason why there is too much close_wait?

What is close_wait: during the process of closing the TCP connection, the server receives the FIN message segment of the client for the first wave, and after the server sends the ACK message segment for the second wave, the server enters the close_wait state.

(it remains to be verified whether the second wave or the third wave is after sending the ACK message or the FIN message.)

What could be the reason for too much close_wait:

Program problem: to be more specific, the server-side code, without writing the close function to close the socket connection, will not send a FIN message segment; or if there is an endless loop, the server-side code will never be able to execute close. The client response is too slow or the timeout setting is too small:. 8. What's the difference between epoll,select? Edge trigger, horizontal trigger difference?

The network communication of Linux has successively launched three modes: select, poll and epoll.

There are three problems with select:

(1) every time you call select, you need to copy the fd collection from the user mode to the kernel state, which will be very expensive in many cases of fd.

(2) at the same time, each call to select requires traversing all the fd passed in by the kernel, which is also very expensive in many cases of fd.

(3) the number of file descriptors supported by select is too small. The default is 1024.

Poll solves the third problem. The data structure of the descriptor FD in select is an array, and poll is changed to a linked list, which breaks through the limit of the number of fd.

But the first and second problems remain.

Epoll solves the first two problems on the basis of poll:

(1) for the first question, each time epoll registers a new event to the epoll handle (specify EPOLL_CTL_ADD in epoll_ctl), it copies all fd into the kernel instead of repeating it during epoll_wait. This epoll ensures that each fd is copied only once during the entire process.

(2) for the second question, epoll sets up a separate ready list, and when the fd is ready (readable / writable), put it into the ready list. Epoll_wait only needs to traverse the ready list instead of traversing all the fd, saving a lot of CPU time.

Epoll has two working modes: LT and ET. The default working mode is LT (horizontal trigger), and the high-speed working mode is ET (edge triggered).

LT is that fd notifies users as long as they are readable or writable, and ET notifies users only when unreadable becomes readable or unwritable becomes writable.

ET calls the system much less than LT, so ET is a high-speed working mode with much higher efficiency.

When using ET mode, users must read / write fd continuously (until an EAGAIN error is returned). Otherwise, if the read / write is not finished, the system will assume that the state has not changed, will not repeat the notification, and the fd will die.

9. Briefly describe the ports you know and the corresponding services. (at least 5)

21 ftp

22 ssh

23 telnet

53 dns

3306 mysql

Redis 6079

80 http

443 https

10. What is the HTTP protocol? How does it work? the HTTP protocol (HyperText Transfer Protocol, Hypertext transfer Protocol) is a transfer protocol for transferring hypertext from a WWW server to a local browser. It can make browsers more efficient and reduce network transmission. It not only ensures that the computer transmits hypertext documents correctly and quickly, but also determines which part of the transferred document and which part of the content is displayed first (for example, text precedes graphics) and so on. A HTTP operation is called a transaction, and the whole process is as follows: 1) address resolution, such as requesting this page with a client browser: http://localhost.com:8080/index.htm decomposes the protocol name, hostname, port, object path, etc., for our address The result of the resolution is as follows: protocol name: http hostname: localhost.com port: 8080 object path: / index.htm in this step, you need the domain name system DNS to resolve the domain name localhost.com to get the IP address of the host. 2) encapsulate the HTTP request packet to encapsulate the above part into a HTTP request packet combined with the local information. 3) encapsulate the TCP packet and establish a TCP connection (TCP's three-way handshake) before the HTTP work starts, the client (Web browser) first establishes a connection with the server through the network, which is done through TCP, which together with the IP protocol builds Internet, the famous TCP/IP protocol suite. Therefore, Internet is also called TCP/IP network. HTTP is a higher-level application layer protocol than TCP. According to the rules, only after the establishment of the lower-layer protocol can the connection of the higher-layer protocol be carried out. Therefore, the TCP connection should be established first. The port number of the TCP connection is 80. This is port 8080 4) after the client sends a request command to establish a connection, the client sends a request to the server in the format of uniform Resource Identifier (URL), protocol version number, followed by MIME information including request modifiers, client information, and content. 5) the server responds to the request and gives the corresponding response information in the format of a status line, including the protocol version number of the information, a success or error code, followed by MIME information, including server information, entity information and possible content. The entity message is that after the server sends the header message to the browser, it sends a blank line to indicate that the sending of the header information ends here. Then, it sends the actual data requested by the user in the format described by the Content-Type response header message. 6) the server closes the TCP connection. In general, once the Web server sends the request data to the browser, it closes the TCP connection. Then if the browser or server adds this line of code Connection:keep-alive to its header information

The TCP connection will remain open after it is sent, so the browser can continue to send requests over the same connection. Staying connected saves the time it takes to establish a new connection for each request and saves network bandwidth.

11. HTTP message structure

Request message HTTP request message consists of four parts: request line, request header, blank line and request content.

12. Differences between GET and POST requests

1. GET requests are usually used to request data acquisition.

POST is generally used when sending data to the background

2. The GET request can also be passed to the background, but its parameters are visible in the url of the browser's address bar, so the privacy and security is poor, and the length of the parameters is limited.

POST request delivery parameters are placed in Request body and will not be displayed in url. It is safer than GET, and the length of the parameters is unlimited.

3. There is no effect when GET requests to refresh the browser or roll back.

The data request will be resubmitted when POST rollback

4. GET requests can be cached

POST requests will not be cached

5. GET requests are kept in the browser history

POST requests are not retained in the browser history

6. GET requests can be collected as bookmarks

POST cannot be collected as a bookmark

7. GET requests can only be url encoded (application/x-www-form-urlencoded)

POST supports multiple encodings (application/x-www-form-urlencoded or multipart/form-data). Use multiple encoding for binary data. )

8. The common way to make a GET request is through the url address bar.

The most common POST is to send data requests through form forms. 13. What are the common status codes in HTTP? 301302404500502504, etc.

In HTTP, "status codes 301,302,401,403,404,500,504 mean

301 (permanent Mobile)

The requested web page has been permanently moved to a new location. When the server returns this response (the response to a GET or HEAD request), it automatically moves the requestor to a new location. You should use this code to tell Googlebot that a web page or Web site has been permanently moved to a new location.

302 (temporary Mobility)

The server currently responds to requests from web pages in different locations, but the requester should continue to use the original location to respond to future requests. This code, similar to the 301 code that responds to GET and HEAD requests, automatically redirects the requestor to a different location, but you should not use this code to tell Googlebot that a web page or website has moved, as Googlebot continues to crawl and index the original location.

400 (error request)

The server does not understand the syntax of the request.

401 (unauthorized)

The request requires authentication. The server may return this response for a web page requested after login.

403 (prohibited)

The server rejected the request. If you see this status code when Googlebot attempts to crawl a valid page on your site (you can see this information on the web crawl page diagnosed by the Google webmaster tool), your server or host may have denied Googlebot access.

404 (not found)

The server could not find the requested web page. For example, this code is often returned for pages that do not exist on the server.

If you do not have a robots.txt file on your site and you see this status code on the robots.txt page of the diagnostics tab of the Google webmaster tool, this is the correct status code. However, if you have a robots.txt file and see this status code, your robots.txt file may be misnamed or in the wrong location (it should be in the top-level domain, named robots.txt).

If you see this status code for a URL crawled by Googlebot (on the HTTP error page of the Diagnostics tab), Googlebot may be following an invalid link from another page (an old link or a mistakenly typed link).

500 (server internal error)

The server encountered an error and was unable to complete the request.

501 (not yet implemented)

The server does not have the ability to complete the request. For example, this code may be returned when the server does not recognize the request method.

502 (wrong gateway)

The server received an invalid response from the upstream server as a gateway or proxy.

503 (service not available)

The server is currently unavailable (due to overload or downtime maintenance). Usually, this is only a temporary state.

14. What is the difference between HTTP and HTTPS?

The difference between http protocol and https protocol: different transmission information security, different connection mode, different port, different certificate application method.

I. the security of transmitting information is different.

1. Http protocol: it is a hypertext transfer protocol, and the information is transmitted in clear text. If the user intercepts the transmission message between the Web browser and the website server, the message can be read directly.

2. Https protocol: it is a secure ssl encryption transmission protocol, which encrypts the communication between the browser and the server to ensure the security of data transmission.

What's the difference between http and https?

What's the difference between http and https? In windowsserver2003 remote mid-end service, does windowsserver2003 support a total of 2 remote users to connect at the same time or two by default if more than one is required to pay? how to encrypt https? How to decrypt it? Can you talk about it?

Deployment

, I'll answer and share.

Report

18 answers

# Spring Festival # get together at home or go out for fun this Spring Festival?

Recall dreams in the south of the Yangtze River

2019-08-08

The difference between http protocol and https protocol: different transmission information security, different connection mode, different port, different certificate application method.

I. the security of transmitting information is different.

1. Http protocol: it is a hypertext transfer protocol, and the information is transmitted in clear text. If the user intercepts the transmission message between the Web browser and the website server, the message can be read directly.

2. Https protocol: it is a secure ssl encryption transmission protocol, which encrypts the communication between the browser and the server to ensure the security of data transmission.

Second, different ways of connection

1. Http protocol: the connection of http is simple and stateless.

2. Https protocol: it is a network protocol built by SSL+HTTP protocol that can carry out encrypted transmission and identity authentication.

Third, different ports

1. Http protocol: the port used is 80.

2. Https protocol: the port used is 443.00.

IV. Different ways of applying for certificates

1. Http agreement: apply free of charge.

2. Https protocol: you need to apply for a certificate from ca. Generally, there are few free certificates, and you need to pay a fee.

15. The entire process performed after entering www.baidu.com in the browser.

. Application layer: the client browser resolves to www.baidu.com 's IP address 220.181.27.48 through DNS, and finds the client-server path through this IP address. The client browser initiates a HTTP session to 220.161.27.48, then encapsulates the packet through TCP and enters it into the network layer.

DNS parses IP:

HTTP access server:

2. Transport layer: in the transport layer of the client, the HTTP session request is divided into message segments, and the source and destination ports are added. For example, the server uses port 80 to listen for the client's request, and the client randomly selects a port such as 5000 to exchange with the server, and the server returns the corresponding request to the client's port 5000. Then use the IP address of the IP layer to find the destination.

3. The network layer of the client does not care about the application layer or the transport layer. The main thing to do is to determine how to get to the server by looking up the routing table, which may pass through multiple routers. These are all done by the router. Determine which path to get to the server by looking up the routing table, in which routing protocol is used.

Routing Protocol:

There are two main types of routing protocols on the Internet:

Interior Gateway Protocol IGP (Interior Gateway Protocol) is a routing protocol used within an autonomous system. At present, this kind of routing protocols are the most widely used, such as RIP and OSPF protocols. External Gateway Protocol EGP (External Gateway Protocol) if the source and destination stations are in different autonomous systems, when data packets are transmitted to the boundaries of one autonomous system, it is necessary to use a protocol to transmit routing information to another autonomous system. Such a protocol is the external gateway protocol EGP. At present, BGP-4 is the most widely used external gateway protocol.

1) RIP protocol

How it works:

Routing Information Protocol (RIP) is the first widely used protocol among the interior gateway protocols (IGP). RIP is a distributed routing protocol based on distance vector. The RIP protocol requires every router in the network to maintain a record of the distance from itself to every other destination network. Interpretation of distance: the distance from a router to a directly connected network is defined as 1. The distance from a router to a network that is not directly connected is defined as the number of routers passed by plus 1. The "distance" in the RIP protocol is also known as the "hop count" because the hop count is added to each router that passes. The "distance" here actually refers to the "shortest distance". RIP believes that a good route is that it passes through a small number of routers, that is, "short distance". RIP allows a path to contain up to 15 routers. A maximum distance of 16:00 is considered unreachable. It can be seen that RIP only applies to

Mini Internet. RIP cannot use multiple routes between two networks at the same time. RIP chooses a route with the least number of routers (that is, the shortest route) even if there is another high-speed (low-latency) route with more routers.

2) Interior Gateway Protocol OSPF (Open Shortest Path First)

Basic features:

"Open" indicates that the OSPF protocol is not controlled by a single vendor, but is published publicly. "shortest path first" is due to the use of the shortest path algorithm SPF proposed by Dijkstra. OSPF is just the name of a protocol, and it does not mean that other routing protocols are not "shortest path first". Is a distributed link-state protocol.

How it works:

The method used here is flooding to send information to all routers in this autonomous system. The information sent is the link state of all routers adjacent to this router, but this is only part of the information that the router knows. "Link state" is to indicate which routers this router is adjacent to, and the "metric" of the link.

The router uses flooding to send this information to all routers only when the link state changes.

3) external Gateway Protocol BGP

BGP is a protocol for exchanging routing information between routers in different autonomous systems. The Border Gateway Protocol (BGP) can only strive to find a better route to the destination network (not in circles), but not to find the best route.

BGP spokesperson: the administrator of each autonomous system should select at least one router as the "BGP spokesman" for that autonomous system. Generally speaking, two BGP speakers are connected through a shared network, and BGP speakers are often BGP border routers, but they may not be BGP border routers.

BGP exchanges routing information:

In order to exchange routing information with BGP speakers in other autonomous systems, a BGP speaker must first establish a TCP connection, and then exchange BGP messages on this connection to establish a BGP session (session), and use the BGP session to exchange routing information. Using TCP connections to provide reliable services also simplifies routing protocols. Two BGP speakers who exchange routing information using TCP connections become neighbors or peers of each other.

4. In the link layer of the client, the packet is sent to the router through the link layer, the MAC address of a given IP address is found through the neighbor protocol, and then an ARP request is sent to find the destination address. If you get a response, you can use the ARP request to answer the exchange of IP packets can now be transmitted, and then send IP packets to the address of the server.

ARP (address Resolution Protocol)

No matter what protocol is used at the network layer, hardware addresses must eventually be used when transmitting data frames on the links of the actual network. Each host has an ARP cache (ARP cache), which contains a mapping table of IP addresses to hardware addresses of hosts and routers on the local area network. When host A wants to send an IP Datagram to a host B on the local local area network, it first checks its ARP cache to see if there is an IP address of host B. If so, the corresponding hardware address can be found, and then the hardware address is written into the MAC frame, and then the MAC frame is sent to the hardware address through the local area network.

16. Common encryption algorithms and principles

Symmetric encryption algorithm

The symmetric encryption algorithm uses single key encryption. In the process of communication, the sender divides the original data into blocks of fixed size, encrypts the key and encryption algorithm one by one, and sends it to the receiver. After receiving the encrypted message, the receiver combines the key and decryption algorithm to decrypt the original data. Because the encryption and decryption algorithm is public, in this process, the secure transmission of the key has become a vital issue. The key is usually passed to each other physically through negotiation between the two parties, or to the other party through a third-party platform. Once the key is leaked in this process, the malicious person can intercept and decrypt the encrypted transmission with the corresponding algorithm.

Principle of symmetric encryption algorithm

Symmetric encryption algorithm has the advantages of open algorithm, small amount of computation, high encryption speed and efficiency, but it also has some shortcomings, such as single key, difficult key management and so on.

Common symmetric encryption algorithms are:

DES: packet encryption algorithm that encrypts data in 64-bit packets and uses the same algorithm for encryption and decryption.

3DES: triple data encryption algorithm that applies the DES encryption algorithm three times to each block of data.

AES: advanced encryption standard algorithm, is a block encryption standard adopted by the federal government of the United States, used to replace the original DES, has been widely used.

Blowfish:Blowfish algorithm is a 64-bit packet and variable key length symmetric key block cipher algorithm, which can be used to encrypt 64-bit long strings.

Asymmetric encryption algorithm

Asymmetric encryption algorithm uses two different passwords, public key and private key, to encrypt and decrypt. The public key and the private key exist in pairs, and the public key is extracted from the private key and made public to everyone. If the data is encrypted with the public key, only the corresponding private key can be decrypted, and vice versa.

The following figure shows the common flow of a simple asymmetric encryption algorithm:

Asymmetric encryption process

The sender Bob obtains its corresponding public key from the receiver Alice, and then encrypts the plaintext with the corresponding asymmetric algorithm, sends it to Alice;Alice to receive the encrypted ciphertext, and decrypts the plaintext with its own private key and asymmetric algorithm. The security of this simple asymmetric encryption algorithm is higher than that of symmetric encryption algorithm, but its deficiency is that it can not confirm the source legitimacy of the public key and the integrity of the data.

Asymmetric encryption algorithm has the advantages of high security and negative and complex algorithm strength, but its disadvantages are long time consumption and slow speed, so it is only suitable for encrypting a small amount of data. its common algorithms include:

The RSA:RSA algorithm is based on a very simple number theory fact: it is very easy to multiply two large primes, but it is extremely difficult to factorize the product at that time, so the product can be made public as an encryption key, which can be used for encryption or signature.

DSA: digital signature algorithm, which can only be used for signature, not for encryption and decryption.

DSS: digital signature standard, skills for signature, can also be used for encryption and decryption.

ELGamal: using the principle of discrete logarithm to encrypt and decrypt or sign data, its speed is the slowest.

One-way encryption

One-way encryption algorithm is often used to extract data fingerprints and verify the integrity of data. The sender encrypts the plaintext through an one-way encryption algorithm to generate a fixed-length ciphertext string, and then passes it to the receiver. After receiving the encrypted message, the receiver decrypts the encrypted message, encrypts the plaintext obtained by decryption using the same one-way encryption algorithm, and obtains the encrypted ciphertext string. Then compare it with the ciphertext string sent by the sender, if the ciphertext string before and after transmission is consistent, it means that the data is not damaged in the process of transmission; if inconsistent, the data is lost in the process of transmission. One-way encryption algorithm can only be used to encrypt data and can not be decrypted. It is characterized by fixed-length output and avalanche effect. Common algorithms include: MD5, sha1, sha224 and so on. Their common uses include: digital digest, digital signature and so on.

One-way encryption verification process

Key exchange

Key exchange IKE (Internet Key Exchange) usually means that both parties exchange keys to encrypt and decrypt data. There are two common ways of key exchange:

1. Public key encryption, the public key is encrypted and transmitted to the other party through the network for decryption. The disadvantage of this method is that it is very likely to be intercepted and cracked, so it is not commonly used.

2. Diffie-Hellman,DH algorithm is a key exchange algorithm, which is neither used for encryption nor digital signature. The ingenuity of the DH algorithm is that both parties who need secure communication can use this method to determine the symmetric key. You can then use this key for encryption and decryption. Note, however, that this key exchange protocol / algorithm can only be used for the exchange of keys, not for message encryption and decryption. After both parties have determined which key to use, they will use other symmetric keys to operate the encryption algorithm to actually encrypt and decrypt the message. The DH algorithm encrypts the parameters shared by both parties, private parameters and algorithm information, and then the two sides exchange the calculated results, and then carry out a special algorithm with their own private parameters after the exchange is completed. After the calculation by both parties, the result is the same, this result is the key.

Such as:

A has two parameters, p and g, A has its own private parameter, XTX B has two parameters p and g, and A has its own private parameter y. Both An and B use the same encryption algorithm to calculate their corresponding values: value_A=px%g,value_B=py%g then exchanges the calculated values, and then uses its own private parameter pairs to find the power, for example, after A gets the value_B value, it gets (py%g) x = pxy% g; after B gets the value_A value, it gets (px%g) y = p ^ xyg; the final result is consistent.

In the whole process, the third party can only get two values of p and g, and the two sides of the AB exchange the calculated results, so this approach is very safe.

Public key Infrastructure (PKI)

Public key Infrastructure (PKI) is a collection of hardware, software, personnel, policies and procedures, which is used to generate, manage, store, distribute and revoke keys and certificates based on public key cryptography mechanism. It consists of visa authority CA, registration authority RA, certificate revocation list CRL and certificate access library CB.

PKI uses certificates to manage public keys and generates certificates from users' public keys and other user information groups through a third-party trusted CA center, which is used to verify the identity of users.

A public key certificate is declared as a digital signature, which binds the value of the public key to the identity of the person, device, or service that holds the corresponding private key. The generation of public key certificate follows the provisions of X.509 protocol, which includes certificate name, certificate version, serial number, algorithm identification, issuer, validity period, effective start date, valid end date, public key, certificate signature and so on.

The process of CA certificate authentication is shown below. In order to prove to Alice that she is Bob and a public key is her own, Bob applies for a certificate from a CA institution that both Bob and Alice trust. Bob first generates a pair of key pairs (private key and public key), stores her own private key on her computer, and then applies for a certificate for CA with the public key. CA accepts the application and issues a digital certificate to Bob. The certificate contains the public key of Bob and other identity information. Of course, CA calculates the message digest of this information and encrypts the message digest (digital signature) with its own private key attached to the Bob certificate to prove that the certificate was issued by CA itself. After obtaining the certificate of Bob, Alice decrypts the message digest with the public key in CA's certificate (self-signed), and then sends the digest and the public key of Bob to the CA server for verification. After receiving the check request from Alice, CA will check whether the Bob certificate is legal according to the information provided by Alice, and reply the Alice certificate if it is confirmed to be legal. After receiving the confirmation reply from CA, Alice encrypts the email with the public key of Bob obtained from the certificate, sends it to Bob,Bob to receive, and then decrypts it with its own private key.

Python grammar related knowledge points collation: 1. Talk about the commands that are commonly used in Linux (no less than 20 high-level commands).

Tips

Ctrl + shift + enlarge the font display of the terminal window ctrl +-reduce the font display of the terminal window

Automatic completion

After typing out the first few letters of the file / directory / command, press the tab key if the input is not ambiguous, the system will automatically complete if there are other files / directories / commands, press the tab key again, the system will prompt for possible commands

Redirect command: >

Redirect the result of the command execution to a file, and save the contents that should be displayed on the terminal to the specified file.

Note: > output redirection will overwrite the original content, > > output redirection will be appended to the end of the file

Pipeline: |

Pipe: the output of one command can be used as the input of another command through the pipe.

We can understand the pipe in real life. One end of the pipe is stuffed in and the other is taken out. Here, the left and right ends of the "|" are divided into two ends, the left end is stuffed (write), and the right end is taken (read).

Create a link file: ln

Soft link: soft link does not take up disk space. If the source file is deleted, the soft link becomes invalid.

Ln source file link file

Hard links: hard links can only link ordinary files, not directories.

Ln-s source file link file

Note: if the soft link file and the source file are not in the same directory, the source file should use an absolute path, not a relative path

Text search: grep

The grep command is a powerful text search tool, and grep allows pattern lookups for text files. If a matching pattern is found, grep prints all lines containing the pattern

When entering string parameters in the grep command, it is best to enclose quotation marks or double quotation marks.

Grep [- option] 'search content string' filename

Option meaning

-v displays all lines that do not contain matching text (equivalent to inversion)

-n displays matching lines and line numbers

-I ignore case

Grep search content string can be a regular expression

Find files: find

It is usually used to search for qualified files in a specific directory, and it can also be used to search for files owned by specific users.

Command meaning

Find. /-name test.sh finds all files named test.sh in the current directory

Find. /-name '.sh' finds all files in the current directory with the suffix .sh

Find. /-name "[Amurz]" finds all files in the current directory that begin with uppercase letters

Packaging and compression: tar

Tar uses format: tar [options] to package filename files

Option meaning

-c generate archive files and create packaged files

-v lists the detailed process of archiving and unfiling, showing the progress

-f specifies the name of the archive file, and f must be followed by a .tar file, so you must put the option at the end

-x unlock the file

-z compression

Gz compressed format

The tar command has no compression function, it's just a packaged command.

But add an option (- z) to the tar command to call gzip to achieve a compression function

Compression usage: tar-zcvf compressed package name file 1 file 2.

-z: specifies that the format of the package is: file.tar.gz

Decompression usage: tar-zxvf compressed package name

-z: specifies that the format of the package is: file.tar.gz

Bz2 compressed format

Compression usage: tar-jcvf compressed package name file

Decompression usage: tar-jxvf compressed package name

Zip compressed format

The target file that is compressed through zip does not need to specify an extension, and the default extension is zip.

Compressed files: zip target files (no extension) source files

Decompress files: unzip-d decompress directory files and compress files

two。 A brief description of interpretive and compiled programming languages?

Programs written in an interpretive language do not need to be compiled, and when executed, there is a special interpreter that can translate VB language into machine language, and each statement is translated only when executed. In this way, the interpretive language has to be translated every time it is executed, and the efficiency is relatively low.

Before a program written in a compiled language can be executed, a special compilation process is needed. Through the compilation system, the source high-level program is compiled into a machine language file, which is translated only once and does not need to be translated at runtime, so the program execution efficiency of the compiled language is high, but it cannot be generalized.

3. Do you know what the .pyc file is in python?

Before we talk about this, let's talk about two concepts, the PyCodeObject and the pyc file.

In fact, PyCodeObject is the result of the actual compilation of python compiler.

When the python program is running, the result of the compilation is saved in the PyCodeObject in memory, and when the python program is finished, the python interpreter writes the PyCodeObject back to the pyc file. When the python program runs for the second time, the program will first look for the pyc file on the hard disk, and if it finds it, it will load it directly, otherwise it will repeat the above process. So we should locate PyCodeObject and pyc files in this way, and we say that pyc files are actually a persistent storage method of PyCodeObject. 4. The difference between mutable objects and immutable objects in python

Mutable object: the value of the object stored in the address will not be changed (the so-called change is that the original object has not changed after creating a new address and putting the value of the new object in the new address)

Immutable object: the value of the object stored in the address will change in place

Int str float tuple are immutable objects, and tuple is a little special (explained below)

Dict set list is a mutable object

5. What is the problem of string concatenation using + directly? how to optimize it?

The reason for the inefficiency of "+": the method of concatenating strings through "+" in Python is extremely inefficient, which is rooted in that the PyStringObject object in Python is an immutable object. This means that when you do string concatenation, you actually have to create a new PyStringObject object. In this way, if you want to connect N PyStringObject objects, then you must do a memory request and memory removal work. There is no doubt that this will seriously affect the efficiency of Python implementation.

Official recommendation: the practice is to use the join operation of PyStringObject objects to connect a group of PyStringObject objects stored in list or tuple. This method only needs to allocate memory once, and the execution efficiency will be greatly improved.

Join execution process: when performing the join operation, it will first count the total number of PyStringObject objects in list and the total length of strings maintained by these PyStringObject objects, and then apply for memory to copy all the strings maintained by PyStringObject objects in list to the newly opened memory space. Note: after only one request for memory space, the connection operation of N PyStringObject objects is completed. Compared to the "+" operator, the more PyStringObject objects to be connected, the more efficient the improvement will be.

6. What's the difference between lists and tuples? What's the difference between a list and a collection?

7. How is the bottom layer of the dictionary implemented in python?

Dictionaries are implemented through hash tables or hash tables. Dictionaries are also called associative arrays, also called hash arrays, and so on. In other words, the dictionary is also an array, but the index of the array is the hash value of the key processed by the hash function. The purpose of the hash function is to make the keys evenly distributed in the array and can be addressed in memory with O (1) time complexity, so as to achieve fast search and modification. The difficulty in designing the hash function in the hash table is to distribute the data evenly in the hash table so as to minimize hash collisions and conflicts. Because different keys may have the same hash value, that is, conflicts may occur, advanced hash functions can minimize the number of conflicts. Such advanced hash functions are not included in Python, and several important hash functions (for handling strings and integers) are common types. In general, the specific process of creating a hash table is as follows:

Data addition: convert key into an integer number through a hash function, then take the remainder of the number as the subscript of the array, and store the value in the array space with this number as the subscript. Data query: use the hash function again to convert key to the corresponding array subscript and navigate to the location of the array to get value.

The hash function is a mapping, so the setting of the hash function is flexible, as long as the hash function value obtained by any keyword falls within the range allowed by the table length. In essence, the hash function can not make an one-to-one mapping relationship, its essence is a many-to-one mapping, which leads to the following concept-hash conflict or hash collision. Hash collisions are inevitable, but a good hash function should be designed to avoid hash collisions as much as possible.

8. The difference between is and =

The difference between is and =

Is is the identity operator = = is the comparison operator

As for, we generally say that the difference between is and = is nothing more than what we are comparing.

Is compares whether the id address of a variable is the same, that is, whether it points to the same memory address = = compares whether the value of the variable is the same, that is, as long as it has the same memory address, as long as it has the same value. What is the difference between a deep copy and a shallow copy? How to achieve it?

Shallow copy

A shallow copy copies each property of an object in turn, but when the attribute value of an object is a reference type, it actually copies its reference, and changes when the value that the reference points to changes. Object.assign, extension operator..., Array.prototype.slice (), Array.prototype.concat (), etc.

Deep copy

The value of the variable is copied deeply, and for the referenced data, it is recursively returned to the base type and then copied. The deeply copied object is completely isolated from the original object and does not affect each other, and the modification of one object will not affect the other object 10. What is the purpose of the pass statement in Python?

Only the framework idea is written when writing the code, and the specific implementation can be occupied by pass before it is written, so that the program does not report errors and will not do any operation.

11. Can you explain * args and * kwargs?

When we don't know how many arguments to pass to the function, for example, we pass a list or tuple to the function, we use * args

When we don't know how many keyword parameters to pass, we use * * kwargs to collect keyword parameters

twelve。 What are iterators, iterable objects, and generators, respectively? What is the role and usage scenario of the generator? What is the iterator protocol?

The object needs to provide a next method, which either returns the next item in the iteration or causes a StopIteration exception to terminate the iteration.

Iterable object

The object that implements the iterator protocol is the iteratable object (by implementing the iter method)

Agreement

The protocol is a stipulation that the iterator protocol can be implemented by iterating objects, and Python's built-in tools (such as for,sum,min,max,in) can use the iterator protocol to access the object. For example, a file can be traversed by a for loop because the file object implements the iterator protocol, that is, it has a next () method.

Iterator

Define

Is the object that implements the iter () and next () methods. Where iter () returns the iterator itself, and next () returns the next element of the container, throwing a StopInteration exception at the end.

Generator

Define

Generator is a simple and powerful tool for creating iterators. They are written like regular functions, except that they need to return a number.

Use the yield statement when using the data. Each time next () is called, the generator returns the position it left (it remembers the location where the statement was last executed

And all the data values.

The generator provides support for deferred operations. The so-called delayed operation means that the results are produced only when needed, rather than immediately.

Creation mode

Generator expression

Similar to the list derivation, the original [] is replaced by (). The generator returns an object that produces results on demand, rather than building a list of results one at a time

Generator function

The same as the regular function definition, but the return statement return is replaced by the yield statement. The return statement returns one result at a time, suspending the state of the function in the middle of each result, so that the next time you continue to execute .13 from where it left. How yield and return work

The differences are summarized as follows:

1) the types of returned values are different:

A) return returns the value of its subsequent expression can be of any type, temporarily called T type

B) while yield return returns type IEnumerable, it is always an enumerable object, and the expression after yield return is of type T.

So how do you form enumerable objects? It depends on how many times the yield return statement is executed, how many times the final enumerable object has as many elements, and how many times it is executed. I don't think I need to say, such as loops, or even simply copy a few times. It is important to note that the expressions after each yield return should be of the same or compatible type, all of which are of type T.

2) the program control flow is different:

A) the return statement returns the method, and no further statements are executed.

B) yield return does not return the method, but continues to execute the following statement, just calculating an element value of the enumerable object eventually returned by the record.

14. Please explain the closures in Python?

In some languages, when you can (nest) define another function in a function, a closure may occur if the internal function references the variables of the external function. Closures can be used to create relationships between a function and a set of "private" variables. These private variables can maintain their persistence during the process that a given function is called multiple times. Wikipedia

In easier-to-understand words, when a function is returned as an object, with an external variable, a closure is formed.

15. What is the decorator in python? How to achieve it? Use the scene?

Decorator is a high-level syntax in the Python language. The main function is to process a function, method, or class to add additional functionality to existing objects to improve the readability of the code.

Decorator is a kind of design pattern, which is used in scenarios with faceted requirements, such as inserting logs, performance testing, transaction processing, etc.

16. What packages do you usually use in python? 17. How is map implemented in python?

1 introduction and syntax of the map () function:

Map is a python built-in function that maps the specified sequence according to the function provided.

The format of the map () function is:

Map (function,iterable,...)

The first parameter accepts a function name, and the subsequent parameter accepts one or more iterable sequences, returning a collection.

Act the function on each element in list in turn to get a new list and return it. Note that map does not change the original list, but returns a new list.

18. How does Python manage memory?

To put it simply, allocator requests a certain amount of memory space from the system in advance and formats it. Whenever there is a memory request that meets the conditions, allocator directly selects a piece of memory that meets the conditions to allocate to this requirement. If the pre-requested memory is exhausted, allocator will request more memory from the system and format it (provided that it does not exceed the pre-set maximum capacity of the memory pool), and then allocate the memory. When an object is reclaimed, if the occupied memory was previously allocated by allocator from the memory pool, the reclaimed memory is also returned to the memory pool for the next memory request. If the memory requirement of the application is greater than the threshold set by pymalloc, the interpreter passes the request to the underlying C function to implement

19. Briefly describe what is process-oriented programming and object-oriented programming?

Process-oriented programming is carried out step by step in accordance with the process, process-oriented; to put it simply, it is to analyze the steps needed to solve the problem, and then use function calls step by step to achieve. For example: if you need to shop online, then you need to go to this website first, then enter your user name and password to log in, and then realize the functions such as shopping payment. And the step to achieve this is a process-oriented programming.

These are all the contents of this article entitled "what are the knowledge points related to computer network in python?" Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.