UNIX domain sockets are a method by which processes on the same host can communicate. Communication is bidirectional with stream sockets and unidirectional with datagram sockets.

UNIX domain sockets use the file system as the address name space i.e, instead of identifying a server by an IP address and port, a UNIX domain socket is known by a pathname. This means you can use UNIX file permissions to control access to communicate with them. I.e., you can limit what other processes can connect to the daemon — maybe one user can, but the web server can’t, or the like. With IP sockets, the ability to connect to your daemon is exposed off the current system, which means anyone can connect to your socket, so additional steps may have to be taken for security. On the other hand, you get network transparency.

With UNIX domain sockets, you can actually retrieve the credential of the process that created the remote socket, and use that for access control also, which can be quite convenient on multi-user systems.

UNIX domain sockets have explicit knowledge that they’re executing on the same system. They avoid the extra context switches and No checksums are calculated, no headers are inserted, no routing is performed, etc. Because they have access to the remote socket buffer, they can also directly provide feedback to the sender when it is filling, or more importantly, emptying, rather than having the added overhead of explicit acknowledgement and window changes. The one piece of functionality that UNIX domain sockets don’t provide that TCP does is out of band data.

Leave a Reply

Your email address will not be published. Required fields are marked *