Comparative analysis of TCP/UDP protocol

Enterprise 2022-04-27 14:09:40 views: null

Difference between TCP and UDP:

TCP provides reliable service, no loss, no duplication. UDP has no guarantees.

TCP header 20 bytes, UDP header 8 bytes, etc.

TCP stands for Transmission Control Protocol. This protocol can provide connection-oriented, reliable, point-to-point communication.

UDP stands for User Datagram Protocol, which can provide connectionless and unreliable point-to-multipoint communication.

Detailed explanation of TCP protocol

TCP header

main component:

  • Serial number : The random number generated by the computer when the connection is established is used as its initial value. The random number generation rule is: the counter that increases by 1 every 4 seconds plus the hash (source port + source ip + destination ip + destination port) to ensure the serial number It is unique within 4.55 hours. It is transmitted to the receiving host through the syn packet, and the size of the [data bytes] is [accumulated] each time data is sent. Mainly used to ensure the orderliness of network packets .
  • Response sequence number : refers to the sequence number of the next [expected] received data, generally means that the data before the response sequence number has been confirmed to be received. The main role is to ensure the reliable transmission of network packets.
  • Control bits :

1. SYC: When this bit is 1, it means that the connection is to be established and the serial number is initialized.

2. ACK: When this bit is 1, the field of "Acknowledgment Response" becomes valid. TCP stipulates  SYN that this bit must be set except for the packet  when the connection is initially established 1 .

3.RST: When this bit is 1, it means that the connection must be forcibly disconnected if there is an exception in the TCP connection.

4.FIN: When this bit is 1, it means that there will be no more data to be sent in the future, and it is hoped that the connection will be disconnected. When the communication ends and the connection is desired to be disconnected, the hosts on both sides of the communication can exchange TCP segments with the FIN bit set to 1.

What is TCP?

TCP is a connection-oriented, reliable, byte stream-based transport layer communication protocol.

  • Connection-oriented : The sender and the receiver establish a connection channel. In order to maintain the reliability of the connection, a certain data structure is used to maintain the interaction state of the two parties.
  • Reliability : No matter how the network link changes, TCP can guarantee that a packet will reach the receiving end.
  • Byte stream : A stream is sent when it is sent, with no beginning and no end. So no matter how big the message is, it can be transmitted, and the message is [ordered], and the order and correctness of the message are guaranteed by the sequence number.

What is a TCP connection?

Some state information used to ensure reliability and flow control maintenance, the combination of these information includes: socket socket, sequence number and window size.

Establishing a TCP connection requires the client and the server to reach a consensus on the above three pieces of information:

  • Socket: consists of source, destination IP and port number
  • Serial number: used to ensure ordering
  • Window size: used for flow control

How to determine a unique connection?

A unique connection is determined by these four elements, the source and destination addresses are stored in the IP header, and the source and destination ports are stored in the TCP header.

There is an IP server listening on a port, what is the maximum number of TCP connections for it?

For ipv4, the maximum number of client IPs is 2 to the 32th power, and the maximum number of ports is 2 to the 16th power, that is, the maximum number of TCP connections of a single server on the server is about 2 to the 48th power.

However, this number is only a theoretical maximum value. In fact, the server will be limited by file descriptors and memory .

  • File descriptor limit: Sockets are all files, which correspond to an fd (file descriptor) at the operating system level, so first configure the number of file descriptors through ulimit
  • Memory limit: each TCP connection takes up a certain amount of memory

Private message me to receive the latest and most complete C++ audio and video learning and improvement materials, including ( C/C++ , Linux , FFmpeg , webRTC , rtmp , hls , rtsp , ffplay , srs )

Difference between UDP and TCP

What is the UDP protocol?

1.UDP is connectionless,

2. After UDP sends network packets, there is no guarantee that the message will not be lost, and it is not guaranteed to arrive in order.

3. UDP is a stateless protocol. The protocol header only contains the source and destination ports, and does not use a specific data structure to save the interaction state between the client and the server.

4. UDP will not perform congestion control. When sending network packets, it will not perform congestion control according to the congestion of the network channel.

UDP header

  • UDP header is fixed to 64 bytes
  • Destination and source ports: Identifies which process the message needs to be sent to
  • Packet length: identifies the total length of the header and data
  • Checksum: Check the validity of the message, designed to ensure reliability

Difference between TCP and UDP

1. Connection

  • TCP is a connection-oriented transmission protocol, and a connection needs to be established before data transmission
  • UDP does not need to establish a connection and transmits data immediately

2. Service object

  • TCP is a one-to-one two-point service, that is, a connection has only two endpoints
  • UDP supports one-to-one, one-to-many, and many-to-many interactive communication

3. Reliability

  • TCP is a reliable exchange of data, and data can arrive without errors, loss, repetition, and on-demand.
  • UDP does not guarantee reliable interactive data, and the reliability mainly depends on the network environment

4. Congestion control, flow control

  • TCP ensures the security of data transmission through flow control and congestion control
  • UDP will not sense whether the transmission channel is blocked, the receiving pressure of the receiver, even if the network is congested, it will not control the sending rate autonomously

5. Header overhead

  • The TCP header is much larger than UDP, and is 20 bytes when the [options] field is not used.
  • The length of the UDP header is 8 bytes, and it is fixed and the overhead is small

Main application scenarios of TCP and UDP

Since TCP is connection-oriented and can ensure reliable data transmission, it is mainly used for:

  • SFTP file transfer
  • http,https

Since UDP is connectionless, data transmission is simple and efficient, but data transmission does not guarantee security and reliability, so it is suitable for

  • Small-packet traffic, such as DNS
  • Video and audio transmission
  • broadcast communication

TCP connection establishment

TCP is a connection-oriented protocol, so a connection must be established before using TCP, and the connection is established through a three-way handshake .

Three-way handshake steps:

1. At the beginning, both the client and the server are in the closed state. First, the server actively listens to a certain port and enters the listen state.

2. The client randomly generates an initial sequence number client_isn, places the value in the [Sequence Number] field of the TCP header, and changes the SYN flag to 1, indicating a SYN message. Then the message is sent to the server, indicating that a connection request is initiated to the server. The message does not contain application layer data, and then the client is in the SYN-SENT state.

3. After the server receives the SYN request, it randomly generates an initial sequence number server_isn and places it in the [Sequence Number] field, and then adds the sequence number field client_isn+1 of the received SYN request packet and places it in the [Confirmation Response Number] ], then change the SYN and ACK flags to 1. Finally, the message is sent to the client, and the message does not contain application layer data, and then the server is in the SYN-RCVD state.

4. After the client receives the message from the server, it must respond to the last response message to the server, set the ACK flag of the header of the message to 1, fill in the [response sequence number] field into server_isn+1, and send the message to the server. This time, the packet can carry the data sent by the client to the server, and then the client enters the established state.

Why does TCP use a three-way handshake instead of a two-way handshake?

1. Two handshakes: The establishment of historical connections cannot be prevented, which will cause waste of resources on both sides, and cannot reliably synchronize the serial numbers of both sides

The client continuously sends multiple SYN messages to establish a connection. In the case of network congestion, etc.:

  • An "old SYN message" arrives at the server earlier than the "latest SYN" message;
  • Then the server will return a  SYN + ACK message to the client at this time;
  • After receiving it, the client can judge that this is a historical connection (sequence number expired or timed out) according to its own context, then the client will send a  RST message to the server, indicating that the connection is aborted.

The client continuously sends multiple SYN messages to establish a connection. In the case of network congestion, etc.:

  • An "old SYN message" arrives at the server earlier than the "latest SYN" message;
  • Then the server will return a  SYN + ACK message to the client at this time;
  • After receiving it, the client can judge that this is a historical connection (sequence number expired or timed out) according to its own context, then the client will send a  RST message to the server, indicating that the connection is aborted.

2. Synchronize the initial serial numbers of both parties

Both client and server requests must be back and forth, so as to ensure that the initial sequence numbers of both parties are reliably synchronized.

SYN attack

We all know that the establishment of a TCP connection requires a three-way handshake. Assuming that the attacker forges messages with different IP addresses in a short time SYN , the server enters the state every time it receives a  SYN message SYN_RCVD , but the message sent by the server  ACK + SYN cannot get the unknown IP address. The host's  ACK response will fill up the server's SYN receive queue (unconnected queue) over time , making the server unable to serve normal users.

Solution one:

  • Adjust the acceptable number of SYN connections by adjusting the linux kernel parameters, adjusting the size of the SYN queue
net.core.netdev_max_backlog
  • Adjust the maximum number of SYN_RCVD state connections:
net.ipv4.tcp_max_syn_backlog
  • When the processing capacity is exceeded, the RST is directly returned to the new SYN, and the connection is discarded
net.ipv4.tcp_abort_on_overflow

Solution two:

Set tcp_syncookies to deal with SYN attacks

net.ipv4.tcp_syncookies = 1
  • When the "SYN queue" is full, subsequent servers receive SYN packets and do not enter the "SYN queue";
  • Calculate a  cookie value and return it to the client with the "serial number" in SYN + ACK,
  • When the server receives the client's response packet, the server will check the validity of the ACK packet. If it is legal, put it directly into the "Accept Queue".
  • accpet() Finally, the application takes the connection from the "Accept queue" by calling  the socket interface.

Solution three:

Defend against SYN attacks by introducing an intermediate proxy.

Method 1: The agent completes both receiving the SYN request and responding to the SYN-ACK request. After receiving the ACK request of the third handshake, the agent and the server formally establish a connection.

Method two:

After the server responds to the SYN-ACK request, the agent immediately sends an ACK request to the server, so that the SYN queue request can be released immediately. Server disconnected.

TCP connection disconnected

Implementation process:

1. When the client intends to close the connection, it sends a message with a FIN flag of 1 to the server, and then the client enters the state of fin_wait1.

2. After receiving the FIN message, the server returns an ACK message to the client and enters the close_wait state.

3. After the client receives the ACK reply from the server, it enters the FIN_WAIT2 state.

4. After the server finishes processing the data, it actively sends a FIN message to the client, and then the server enters the LAST_ACK state.

5. After the client receives the FIN message, it returns an ACK response message, and then enters the TIME_WAIT state.

6. After the server receives the ACK response message, it enters the close state

7. The client automatically enters the CLOSE state after waiting for 2MSL in the TIME_WAIT state.

From the above process, we can know that both the client and the server need a FIN and ACK, so it is called four wave.

Why do you need to wave four times instead of three?

1. When the server receives the FIN message, there may be some data in processing that has not been processed, so the server cannot immediately enter the close state, but can only reply to the client immediately. I received the client's close request.

2. After the server has processed all the message data, only it knows the specific processing time, so it needs to actively notify the client after processing, and now the request can be closed.

Why TIME_WAIT wait time is 2MSL?

2MSL represents the maximum validity period of a packet back and forth in the network, so that some blocked network packets can be received within the maximum validity period

Why have TIME_WAIT state?

1. Prevent packets from old connections

After  2MSL this time, the data packets in both directions are discarded, so that the data packets of the original connection disappear naturally in the network, and the data packets that appear again must be generated by the newly established connection.

2. Ensure that the connection is properly closed

The role of TIME-WAIT is to wait enough time to ensure that the last ACK can be received by the passive closing party, thereby helping it to close properly. The server has waited for a period of time and has not received the ACK from the client, and will resend a FIN request, and the client will reply an ACK message again after receiving the FIN request.

 

Guess you like

Origin blog.csdn.net/m0_60259116/article/details/124405638
Recommended
The United States plans to restrict the export of large AI models to China and Russia
Apple to reach agreement with OpenAI to bring ChatGPT to iPhone
Ranking
whisper-webui installation tutorial is silky and easy to use
[Base] Laravel concepts laravel basis, the custom service provider: Contracts, ServiceContainer, ServiceProvider, Facades relations
Import torchvision error problem solving DLL: module not found
observer & watch & notify = pub & sub
A small turntable program [HTML + CSS + JS]
CorelDRAW 2018 shortcuts Daquan
Supervise el botón de menú para lograr un gatillo de presión prolongada
JS将时间秒转换成天小时分钟秒的字符串
RIP basic configuration
[Deleted] solution to a problem a few questions (Noip1994)
Daily
More
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)

Code World

© 2018 codetd.com