Network BIND - how it works - help, details needed
 

I've been trying to figure out the details, but I can't, and I can't understand the few things I did find, I'm not network savvy. I was hoping someone could explain it in layman terms.

So, there are calls "send" "connect" "listen" and "bind" for different functions in the Linux network stack. The other ones seems clear enough, but what is the role of "bind", and how exactly does it work? What does it do? What role does it play in network input/output between the local host and https://foo.bar

Who request network binds and why? And in the context of firewalling and security, how does this affect security? From what I can see, blocking all inet bind requests does not prevent anything from working online. I'm running a firewall, so what would be the difference for the firewall if I block all bind requests(elsewhere) or don't?

Are network binds transparent in the context of firewall and security?

I'm hoping someone knowledgeable on this topic could enlighten me. Thanks in advance!

All IP packets have both a send and receive port. bind says what port the socket will receive packets on. If you only want to listen on one interface, you can also give its address to bind. If you only need to send, you don't have to bind and the send call will choose a port to send from and receive the reply on.

When a packet is received the network stack looks at the destination port to decide what socket gets the packet. bind is done so that protocols can reserve specific ports on which to receive connections. In your example https://foo.bar is bound to port 443.

So. Is it wrong to guess that bind might be more useful on servers and things like virtual machines and containers? And advanced network setups like tunnels and multiple acitive routing devices?

As oppose to say a web browser, where you expect to receive most traffic response on 443. I don't get it, because I send and receive data with a web browser without any issues, even if I block bind as a function entirely it makes no difference. Yet a browser like Firefox keeps making bind requests, and I don't understand why or how it works. Why does it want to bind some weird local looking address to port 443. What does that local address even represent, and what difference does it make.

I'm being real thick here, but I just don't understand it. You'll probably have to explain it to me like I was a 7 year old.

I'm sending a data request over 443 let's say to https://foo.bar, my browser handles that, and it will receive the information on port 443 if my system allows that. So bind annything if the chain is already predecided? Any bind is just superfluous in that case, isn't it? Or does it have something to do with firewall as well? Alike to, we bound there so we expect that response in that particular situation to that place, and if not something is wrong and we block?

I said I have a firewall, but I don't maintain it myself, it's part of my distro and generally pretty quiet.

I think you are confusing outgoing and incoming connections.

A web server must have the port 80 bound to its http service in order to receive incoming connections. Likewise port 443 for https service. Mail uses port 25, ssh uses port 22, etc for all the standard services.

An outgoing connection, as stated picks an available port and binds it as long as running so the remote server knows where to send replies. A web browser is an outgoing connection, while a server would listen on an IP/port pair (where it is bound) to allow incoming connections.

Most services listen on one port, but make a lasting connection that is handed off (bound) to a different port, thus keeping the incoming port open for more clients to contact it.

For example, a web browser client binds to its own port 15000 and makes a call to port 80 on the server. The server receives the request on port 80 but binds a new instance of the server to port 22229 and sends a reply to the client which establishes the connection from client port 15000 to server port 22229. All other data is passed through those two ports.
Now that communication is bound to those ports and IPs until the client drops the connection.

Most other services do similarly.
The bind function is necessary to make this happen within the network stacks, for both outgoing and incoming connections.

Thus bind is used at both the client and server ends to make a connection for communication.

You stated that your browser receives on port 443, but that is not correct. The browser never uses port 443 locally, only the https server uses that port to receive.

Here is a single https request and reply packet captured with tcpdump:
My PC sent an https request from port 35748 to Dest port https (443)
The reply from port 443 came back to my port 35748.

The HTTPS server is bound to port 443 so my browser knows where to send requests. My port 35748 was probably assigned automatically when the browser did the send.

Correct, then a handoff occurs where the server switches over to a child server and replies will come from a different port, usually at the same IP. Showing several following lines with tcp dump would reveal that.

The master http/https server is responsible for establishing the connection, the child server handles all the actual communication after the connection is properly established.

Any one who manages a web server knows how many children the master is allowed and can view how many are actually in use at any one time. Even my home system, with the default config, has 6 httpd processes running. One master and 5 children waiting for connections.