Network Programming and Python
The 200 value in the first line of the aforementioned headers is an HTTP status code,
which tells us whether there were any problems with the HTTP request or response.
200 means that everything went well, but other codes, such as the infamous 404 'not
found' can mean something went wrong. The urllib module would check these for
us and raise an exception. But here, we need to handle these ourselves.
So, there are clear benefits of using modules as far up the stack as possible. Our
resulting programs will be less complicated, which will make them quicker to write,
and easier to maintain. It also means that their error handling will be more robust,
and we will benefit from the expertise of the modules' developers. Also, we benefit
from the testing that the module would have undergone for catching unexpected
and tricky edge-case problems. Over the next few chapters, we'll be discussing more
modules and protocols that live at the top of the stack.
Programming for TCP/IP networks
To round up, we're going to look at a few frequently encountered aspects of TCP/
IP networks that can cause a lot of head-scratching for application developers who
haven't encountered them before. These are: firewalls, Network Address Translation,
and some of the differences between IPv4 and IPv6.
Firewalls
A firewall is a piece of hardware or software that inspects the network packets
that flow through it and, based on the packet's properties, it filters what it lets
through. It is a security mechanism for preventing unwanted traffic from moving
from one part of a network to another. Firewalls can sit at network boundaries or
can be run as applications on network clients and servers. For example, iptables
is the de facto firewall software for Linux. You'll often find a firewall built into
desktop anti-virus programs.
The filtering rules can be based on any property of the network traffic. The
commonly used properties are: the transport layer protocol (that is, whether traffic
uses TCP or UDP), the source and destination IP addresses, and the source and
destination port numbers.
A common filtering strategy is to deny all inbound traffic and only allow traffic that
matches very specific parameters. For example, a company might have a web server
it wants to allow access to from the Internet, but it wants to block all traffic from the
Internet that is directed towards any of the other devices on its network. To do so, it
would put a firewall directly in front of or behind its gateway, and then configure it
to block all incoming traffic, except TCP traffic with the destination IP address of the
web server, and the destination port number 80 (since port 80 is the standard port
number for the HTTP service).