Xiaohan decrypts the "three handshake" and "four waves" of TCP connections

     On the Internet, there are various "three-way handshake" and "four waved hands" about TCP. Today, Xiao Han explained it in an easy-to-understand way.

1. TCP's "three-way handshake" official answer

The so-called three-way handshake is the establishment of a TCP connection. This connection must be actively opened by one party and passively opened by the other party. The following is a diagram of the client actively initiating a connection:

Before the handshake, the client that actively opened the connection ends the CLOSED phase, and the passively opened server also ends the CLOSED phase and enters the LISTEN phase. Then began the "three handshake":

1) First, the client sends a TCP message to the server, where:

  • The flag bit is SYN, which means "request to establish a new connection";
  • The serial number is Seq=X (X is generally 1);
  • Then the client enters the SYN-SENT phase.

2) After the server receives the TCP message from the client, it ends the LISTEN phase. And return a TCP message, in which:

  • The flag bits are SYN and ACK, which means "confirm that the client's message Seq sequence number is valid, the server can normally receive the data sent by the client, and agree to create a new connection" (that is, tell the client that the server has received your data);
  • The serial number is Seq=y; the confirmation number is Ack=x+1, which means that the client's serial number Seq is received and its value is increased by 1 as the value of its own confirmation number Ack;
  • Then the server enters the SYN-RCVD phase.

3) After the client receives the TCP message from the server confirming the receipt of data, it is clear that the data transmission from the client to the server is normal, and the SYN-SENT phase ends. And returns the last TCP message. among them:

  • The flag bit is ACK, which means "Acknowledge that the server agrees to connect" (that is, tell the server that I know you have received the data I sent);
  • The serial number is Seq=x+1, which means that the confirmation number Ack from the server is received, and its value is used as its serial number value;
  • The confirmation number is Ack=y+1, which means that the server-side serial number Seq is received, and its value plus 1 is used as the value of its confirmation number Ack;
  • Then the client enters the ESTABLISHED phase.

After the server receives the TCP message "Acknowledge receipt of server data" from the client, it is clear that the data transmission from the server to the client is normal. End the SYN-SENT phase and enter the ESTABLISHED phase.

In the TCP message transmitted by the client and the server, the values ​​of the confirmation number Ack and the sequence number Seq of both parties are calculated on the basis of the Ack and Seq values ​​of each other, which ensures the continuity of TCP message transmission . Once the TCP message sent by one party is lost, the "handshake" cannot be continued, thereby ensuring the smooth completion of the "three-way handshake".

After that, the client and server perform normal data transmission. This is the "three-way handshake" process.

1.1 Come on, the "three handshake" that children can understand

Example: compare the client to a boy and the server to a girl. Explain the "three handshake" process with their interactions:

1) The boy likes girls, so he wrote a letter to tell the girl: I love you, please associate with me! ; After writing the letter, the boy waited anxiously because he didn't know if the letter could be delivered to the girl smoothly.

2) After the girl received the boy's love letter, she was very excited. It turns out that we are in love with each other! So I wrote a reply to the boy: I have received your love letter and I understand your intentions. In fact, I like you too! I am willing to associate with you! ; After writing the letter, the girl also waited anxiously, because she didn't know if the reply could be conveyed to the boy smoothly.

3) The boy was very happy after receiving the reply, because the girl received the sent love letter, and learned from the reply that the girl likes herself and is willing to associate with herself. Then the boy wrote another letter to tell the girl: I have received your thoughts and letters, thank you, and I love you!

The two sides know each other's information, and they are very happy to start the interaction and the end of the drama!

This is the popular version of the "three-way handshake", during which a total of three letters are exchanged, which is the "three-way handshake", to confirm whether the data transmission channels in both directions are normal.

1.2 Why is there a three-way handshake?

  • In order to prevent the server from opening some useless connections to increase server overhead and to prevent invalid connection request segments from being suddenly transmitted to the server, errors will occur.
  • Since network transmission is delayed (to pass network fiber and various intermediate proxy servers), during the transmission process, for example, the client initiates a request for SYN=1 to create a connection (first handshake).
  • If the server directly creates this connection and returns a data packet containing SYN, ACK, and Seq to the client, this data packet is lost due to network transmission. After the loss, the client has not received the data returned by the server. package.
  • The client may set a timeout period, and then close the connection creation request when the time is up. Re-issue the request to create a connection, and the server does not know it. If there is no third handshake to tell the server that the client has received the data transmitted by the server,
  • The server does not know whether the client has received the information returned by the server.

This process can be understood as:

  • In this way, there is no request to create or close the connection port on the server side, and the port on the server side remains open. When the client reissues the request due to timeout, the server will reopen a port connection. Then the last port on the server side that did not receive the requested data remains open. If things go on like this, more ports like this will cause serious waste of server-side overhead.
  • Another situation is that the request information sent by the client that has failed is transmitted to the server for some reason. The server thinks it is a valid request sent by the client, and an error occurs after receiving it.
  • Therefore, we need a "third handshake" to confirm this process, so that the client and server can promptly detect the connection creation failure caused by some network problems, so that the server port can be closed without waiting.
  • It can also be understood like this: the "third handshake" means that the client sends data to the server. This data is to tell the server whether the client has received the data passed by the server during the "second handshake". If the data sent is a "received" message, the server will normally establish a TCP connection after receiving it, otherwise the TCP connection will fail and the server will close the connection port. This reduces server overhead and errors in receiving invalid requests.

2. The official version of TCP's "Four Waves"

We are familiar with the "three-way handshake" because of its relative simplicity. However, we don't often hear the "four wave of hands", and even if we have heard it, we may not be able to explain its specific process in detail. Below, Xiaohan will give you a detailed, intuitive and complete introduction to the process of "waves four times".

The so-called four waves of hands are the release (release) of the TCP connection. The connection must be released by one party actively and the other party passively. The following is an illustration of the client's initiative to release the connection:

"The client that actively released the connection before the wave ends the ESTABLISHED phase. Then it starts "four waves":"

1) First, the client wants to release the connection, and sends a TCP message to the server, where:

  • The flag bit is FIN, which means "request to release connection";
  • The sequence number is Seq=U;
  • Then the client enters the FIN-WAIT-1 phase, which is the semi-closed phase. And stop sending data in the direction from the client to the server, but the client can still receive the data transmitted from the server.

Note: What is not sent here is the data transmitted during the normal connection (non-acknowledgement message), not all data, so the client can still send an ACK confirmation message.

2) After the server receives the TCP message sent from the client, it confirms that the client wants to release the connection, and then the server ends the ESTABLISHED phase, enters the CLOSE-WAIT phase (semi-closed state) and returns a TCP message. :

  • The flag bit is ACK, which means "receive the request to release the connection from the client";
  • The serial number is Seq=V;
  • The confirmation number is Ack=U+1, which means that on the basis of receiving the client message, the serial number Seq value plus 1 is used as the value of the confirmation number Ack of this paragraph;
  • Then the server is ready to release the connection from the server to the client. After the client receives the TCP message sent from the server, it confirms that the server has received the connection release request from the client, and then the client ends the FIN-WAIT-1 phase and enters the FIN-WAIT-2 phase

"The first "twice waves" not only let the server know that the client wants to release the connection, but also let the client know that the server understands its request to release the connection. Therefore, you can confirm that you close the client to the server. Connected"

3) After the server has sent the ACK confirmation message, after the CLOSED-WAIT phase, it is ready to release the connection from the server to the client, and sends a TCP message to the client again, in which:

  • The flag bit is FIN, ACK, which means "ready to release the connection". Note: The ACK here is not an acknowledgment message to confirm the receipt of the server-side message.
  • The sequence number is Seq=W;
  • The confirmation number is Ack=U+1; it means that on the basis of receiving the client message, the value of the sequence number Seq plus 1 is used as the value of the confirmation number Ack of this paragraph.

Then the server ends the CLOSE-WAIT phase and enters the LAST-ACK phase. And stop sending data in the direction from the server to the client, but the server can still receive the data transmitted from the client.

4) The client receives the TCP message sent from the server, confirms that the server is ready to release the connection, ends the FIN-WAIT-2 phase, enters the TIME-WAIT phase, and sends a message to the server. among them:

  • The flag bit is ACK, which means "received a signal that the server is ready to release the connection".
  • The sequence number is Seq=U+1; it means that on the basis of receiving the server-side message, the Ack value of its confirmation number is used as the value of the sequence number of this paragraph.
  • The confirmation number is Ack=W+1; it means that on the basis of receiving the server-side message, the Seq value of the sequence number is used as the value of the confirmation number of this paragraph.

Then the client began to wait for 2MSL in the TIME-WAIT phase

After receiving the TCP message from the client, the server ends the LAST-ACK phase and enters the CLOSED phase. This formally confirms the closing of the server-to-client connection.

After the client finishes waiting for 2MSL, it ends the TIME-WAIT phase and enters the CLOSED phase, thus completing the "four waves".

After the "twice wave" not only let the client know that the server is ready to release the connection, but also let the server know that the client understands that it is ready to release the connection. Therefore, it can be confirmed that the connection from the server to the client is closed, thus completing the "four waves".

As with "three waves", in the TCP messages transmitted by the client and the server, the values ​​of the confirmation number Ack and the sequence number Seq of both parties are calculated on the basis of the Ack and Seq values ​​of each other, which guarantees The continuity of TCP message transmission. Once a TCP message sent by one party is lost, it cannot continue to "wave", thus ensuring the smooth completion of the "four waves".

2.1 The popular understanding of "four waves" is coming

Example: compare the client to a boy and the server to a girl. Illustrate the process of "waves four times" through their breakup.

1) "Waving for the first time": After seeing people's hearts for a long time, the boy found that the girl had turned into an unpleasant look and couldn't bear it, so he decided to break up and wrote a letter to tell the girl.

2) "Waving for the second time": After the girl received the letter, she knew that the boy was going to break up with herself. She was furious and cursed in her heart: What are you, you weren't like this at the beginning! So he immediately wrote a reply to the boy: break up and break up, give me some time, I want to organize your things and return them to you! After the boy received the girl's first letter, he understood that the girl knew he was going to break up with her. Then wait for the girl to pack her things.

3) "Waving for the third time": A few days later, the girl sorted everything the boy gave, so she wrote to the boy again: I sorted your things, quickly take them away, and you and I will be cut off. !

4) "Fourth wave": After the boy received the girl's second letter, he knew that the girl had packed her things and could officially break up, so he wrote to the girl again and told the girl: I know, I'll get it back!

Both parties here have their own persistence.

Since the girl sent the second letter, she will send another letter urging the boy to pick up something if she does not receive a reply from the boy within one day!

Since the boy sent the second letter, he limited that within two days he would think that the girl had received his second letter; if he received the letter from the girl again within two days, he would be considered his second letter. The girl didn’t receive it, so I need to write another letter and wait two more days...

If both parties' letters can be received normally, at least four letters can be used to completely break up! This is the "four waves".

2.2 Why are there three "handshakes" but four "waves"?

The reason why TCP only needs the "three-way handshake" when establishing a connection is because in the second "handshake" process, the TCP message sent by the server to the client is marked with SYN and ACK. SYN is a request for connection flag, indicating that the server agrees to establish a connection; ACK is an acknowledgement message, indicating that the server has received its request message.

That is, the SYN connection establishment message and the ACK confirmation message are transmitted in the same "handshake", so the "three-way handshake" is not more or less, just so that the two parties clearly communicate with each other.

The reason why TCP needs to "wave hands four times" when releasing the connection is because the FIN release connection message and the ACK confirmation message are transmitted by the second and third "handshake" respectively. Why are they transmitted together when the connection is established, but separately when the connection is released?

  • When establishing a connection, the passive server ends the CLOSED phase and enters the "handshake" phase without any preparation. It can directly return SYN and ACK packets to start the connection.
  • When the connection is released, the passive server cannot immediately release the connection when it suddenly receives a request from the active client to release the connection. Because there is still necessary data to be processed, the server first returns an ACK to confirm the receipt of the message, and passes through CLOSE-WAIT After the phase is ready to release the connection, the FIN release connection message can be returned.

So it was "three handshake" and "four wave hands".

Guess you like

Origin blog.csdn.net/yeyslspi59/article/details/108547193