TCP operation principle

TCP

TCP (Transmission Control Protocol Transmission Control Protocol ) is a connection-oriented, reliable, based on the byte stream transport layer communication protocol defined by the IETF RFC 793.

In the simplified OSI model of computer networks, it completes the fourth layer the transport layer functions specified, User Datagram Protocol (UDP) is the same layer [1] Another important transmission protocol.

In the Internet protocol suite (Internet protocol suite) in, TCP layer is located above the IP layer, the intermediate layer below the application layer.

Often you need a reliable application layer between different hosts, like pipelines are connected, but the IP layer does not provide a mechanism for flow, but to provide an unreliable packet switching. [1]

TCP layer to the application layer gateway for transmitting transmission data stream represented by 8-bit bytes, and the TCP data stream partitioned into segments of suitable length (typically by the data link layer of the network connection computer limiting the maximum transmission unit ([1] MTU) a).

After the result of TCP packets to the IP layer, from which the packet transmitted to the network entity to the receiving terminal [1] of the TCP layer.

To ensure TCP packet loss does not occur, give each packet a sequence number, but also ensures that the serial number sequentially transmitted to the receiving end of the packet reception entity.

Then the receiving side has successfully received packet entity sends back a corresponding acknowledgment (the ACK); If the sender entity reasonable round-trip time ( the RTT within) no acknowledgment is received, then the corresponding data packet is assumed to have been will be lost retransmission.

TCP checksum with a function to check if data has an error; checksum is calculated for transmission and reception. [1]

TCP three-way handshake

The so-called three-way handshake (Three-Way Handshake) namely the establishment of a TCP connection, refers to the establishment of a TCP connection, the client and the server needs to send a total of three packages to confirm the establishment of the connection. In socket programming, this process is triggered by the execution client connect, the entire process as shown below:

TCP three-way handshake .png

(1) The first handshake: Client SYN flag bit is set to 1, a randomly generated value seq = J, and the packet is sent to the Server, Client enters the SYN_SENT state, waiting for acknowledgment Server.

(2) The second handshake: Server receives the packet data from the flag bit SYN = 1 know Client requests to establish a connection, Server SYN and ACK flag bit are set to 1, ack = J + 1, a randomly generated value seq = K, and transmits the data packet to acknowledge a connection request to the Client, Server enters SYN_RCVD state.

(3) third handshake: the Client receives acknowledgment, checking whether the ack J + 1, ACK is 1, then if the correct ACK flag is set to 1, ack = K + 1, and the data packet to Server, Server checks whether the ack K + 1, ACK is 1, if correct, the connection is established, Client and Server enters eSTABLISHED state, complete the three-way handshake, then you can begin to transfer data between Client and Server.

Simply put,

1, a connection is established, the client sends a SYN packet (SYN = i) to the server, and proceeds to SYN-SEND state, waiting for the server to confirm

2, the server receives a SYN packet, must confirm the customer SYN (ack = i + 1), while themselves sends a SYN packet (SYN = k), i.e., SYN + ACK packet, then the server enters a state SYN-RECV

3, the client receives the SYN + ACK packet to the server, the server sends an acknowledgment message ACK (ack = k + 1), this packet is sent, the client and server into the ESTABLISHED state, complete the three-way handshake, the client and the server begins transmitting data.

SYN attack :

In the three-way handshake process, Server after sending the SYN-ACK, before receiving the ACK TCP connection is called the Client connection half (half-open connect), Server SYN_RCVD state at this time, when the ACK is received, Server into ESTABLISHED status. Client SYN attack is a large number of forged IP address does not exist in a short time, and continue to send Server SYN packet, Server reply to the confirmation packet, and wait for confirmation of the Client, since the source address does not exist, therefore, Server requires constant weight hair until the timeout, the forged SYN packet will take up production time is not connection queue, leading to the normal SYN requests because the queue is full are discarded, thereby causing network congestion or even system failure. SYN attack a typical DDOS attack detection SYN attack is very simple, that is, when a large number of semi-connected state Server and the source IP address is random, it can be concluded that the attack was a SYN, use the following command allows the in force:

#netstat -nap | grep SYN_RECV

TCP four wave

The so-called fourth wave (Four-Way Wavehand) TCP connection is terminated, it refers to disconnect a TCP connection, the client and the server needs to send a total of four packages to confirm the connection is broken. In socket programming, the process by the client or the server performs close to trigger either the entire process as shown below:

TCP four waved .png

Since the TCP connection is full-duplex, thus, each direction must be shut down separately, this principle is that when one task is finished sending data, sending a FIN to terminate the connection in this direction, but means receives a FIN There is no data on the flow in that direction, that is no longer receive data, but still be able to send data over the TCP connection until this direction also send a FIN. To shut down one of the first active close, while the other performs a passive closed, the description is the case of FIG.

(1) First Wave: Client sends a FIN, for closing the data transfer Client Server tenderer, Client enters FIN_WAIT_1 state.

(2) Second wave: Server receives the FIN, ACK to send a Client, the acknowledgment number for the receipt number +1 (the same SYN, FIN a occupy a sequence number), Server enters CLOSE_WAIT state.

(3) Third Wave: Server sends a FIN, for closing the Client Server data transfer, LAST_ACK Server enters state.

(4) Fourth wave: the Client receives the FIN, Client enters TIME_WAIT state, and then sends an ACK to the Server, for the receipt of the acknowledgment number number + 1, Server enters the CLOSED state, four complete wave.

Why is a three-way handshake to establish a connection, and close the connection is four times waving it?

This is because the server in the LISTEN state, received after establishing a connection request SYN packet, the SYN ACK and placed in a packet sent to the client. The connection is closed, upon receipt of each other's FIN message that just means the other party no longer send data but also receive data, it may not own all the data are sent to each other, so one's own can close immediately, you can also send some data to the other party, and then sent FIN message to the other party to agree to close the connection now, therefore, own FIN and ACK generally transmitted separately.

Why go through the TIME_WAIT state 2MSL (maximum segment lifetime) CLOSE to return to the state?

There are two reasons: First, to ensure the full-duplex connection TCP protocol can be reliably closed Second, to ensure the connection of repetitive data segments disappear from the network

Let me talk about the first point, if the Client direct CLOSED, then due to the unreliability of IP or other network protocol reasons, resulting in Client Server does not receive a response last ACK. Then after a timeout Server will continue to send FIN, this time due to the Client has been CLOSED, and can not find a corresponding connection with the FIN retransmission, and finally Server will receive an RST instead of ACK, Server will think is a connection error report the problem to the top. While such a situation will not cause data loss, but causes the TCP protocol does not meet the requirements of a reliable connection. So, Client not directly enter CLOSED, but to keep the TIME_WAIT, when received FIN again, to ensure that the other party received ACK, the last correctly close the connection.

Besides the second point, if the Client direct CLOSED, and then again Server to initiate a new connection, we can not guarantee that this new connection port to connect just closed is different. That it is possible to connect the new and old connection port number is the same. What problem does not occur in general, but there are special circumstances: assuming that the new connection has been closed and the old port number is the same, some of the data if the previous connections are still stranded in the network, these delays in establishing data only after reaching a new connection Server, due to the new connection and the old connection port number is the same, and because the TCP protocol judgments based on different connections are socket pair, then, the TCP protocol is considered that a delay of the data belongs to the new connection, so it is really new and packet connections occur confused. Therefore, the TCP connection will have to wait twice the MSL in the TIME_WAIT state, so you can ensure that all data in this connection have disappeared from the network.

 

 

 

Guess you like

Origin www.cnblogs.com/zuichuyouren/p/11094687.html