Definition of TCP
TCPThe full name isTransmission Control Protocol(Transmission Control Protocol), which is a kind of面向连接的transport可靠的layer基于字节流communication protocol. TCP is a transmission protocol specially designed to provide a reliable end-to-end byte stream on an unreliable Internet.
TCP's three-way handshake and four-way handshake can be said to be classic questions that are often discussed, and are usually used as common interview questions in major companies, with a certain level of differentiation. Seemingly simple interview question. If your answer does not meet the standard expected by the interviewer, it may be directly cool.
This article will focus on a series of core questions related to the three-way handshake and the four-way wave, and share how to answer and deal with common interview questions more accurately. In the future, you can talk to the tricky interviewer at will.
Respond gracefully to the three-way handshake
Three-way handshake : The server creates a new socket, binds the address information and starts listening, and enters the LISTEN state. After the client creates a new socket and binds address information, it calls connect, sends a connection request SYN, and enters the SYN_SENT state, waiting for the server's confirmation. Once the server monitors the connection request, it will put the connection into the kernel waiting queue, and send SYN and confirmation segment ACK to the client, and enter the SYN_RECD state. After receiving the SYN+ACK message, the client sends a confirmation message segment ACK to the server, enters the ESTABLISHED state, and starts reading and writing data. Once the server receives the confirmation message from the client, it enters the ESTABLISHED state and can read and write data.
Why is the handshake three times instead of two or four?
Answer : Twice is not safe, four times is not necessary. TCP communication needs to ensure that both parties have the ability to send and receive data. If the ACK response is received, it is considered that the other party has the ability to send and receive data. Therefore, both parties must send SYN to ensure that the other party has the ability to communicate. The first handshake is when the client sends SYN, the server receives it, and the server finds that the sending ability of the client and the receiving ability of the server are normal; the second handshake is when the server sends SYN+ACK, the client receives it, and the client gets The client’s sending and receiving capabilities are normal, and the server’s sending and receiving capabilities are also normal, but at this time the server cannot confirm whether the client’s receiving capabilities are normal; the third handshake client sends ACK, the server receives it, and the server can get the client’s sending. The receiving ability is normal, and the sending and receiving ability of the server itself is also normal.
Can the three-way handshake carry data?
Answer : The first and second handshakes cannot carry data, but the third handshake can carry data. Assuming that data can be carried for the first time, if someone maliciously attacks the server, a large amount of data will be put into the SYN message in the first handshake every time, and a large number of SYN messages will be sent repeatedly. At this time, the server will spend a lot of memory space to buffer these packets, the server is more likely to be attacked
What will the server do if the tcp three-way handshake fails?
Answer : There are two reasons for the handshake failure. The first is that the server does not receive the SYN, and then does nothing; the second is that the server does not receive an ACK response for a long time after the server replies with SYN+ACK, and the timeout occurs. After that, an RST reset connection message will be sent to release resources
What does ISN stand for? What's the point? Is the ISN fixed? Why should ISN be dynamic and random?
Answer : ISNThe full name Initial Sequence Numberis the origin of the byte data number of the TCP sender, telling the other party the initialization sequence number that I want to start sending data. If the ISN is fixed, it is easy for the attacker to guess the confirmation number of the subsequent sequence. For the sake of security, to avoid being guessed by a third party and sending a forged RSTmessage, so the ISN is dynamically generated.
What is a semi-join queue
Answer : After the server receives the SYN from the client for the first time, it will be in the SYN_RECD state, and the connection between the two parties has not been fully established at this time. The server will put the request connection in this state in a queue, and we call this queue a semi-connection queue. Of course, there is also a full connection queue, that is, the three-way handshake has been completed, and the established connection will be placed in the full connection queue. If the queue is full, packet loss may occur.
Graceful answer four times waved
Wave four times : When the client actively calls close, it sends the end segment FIN report to the server and enters the FIN_WAIT1 state; the server will receive the end segment FIN report, and the server returns the confirmation segment ACK and enters the CLOSE_WAIT state. At this time, if the server has data to send, the client still needs to receive it. After receiving the server's confirmation of the end segment, the client will enter the FIN_WAIT2 state and begin to wait for the server's end segment; after the server-side data is sent, when the server actually calls close to close the connection, it will send a message to the client. The end segment FIN packet, at this time the server enters the LAST_ACK state, waiting for the last ACK; the client receives the end segment sent by the server, enters TIME_WAIT, and sends the delivery confirmation segment ACK; the server receives For the ACK confirmed by the end segment, enter the CLOSED state and disconnect. The client has to wait for 2MSL before entering the CLOSED state
Why is it three times for a handshake but four for a wave?
Answer : In fact, during the TCP handshake, the receiving end combines the SYN packet and the ACK confirmation packet into one packet and sends it, so the sending of one packet is reduced. For the four hand wavings, since TCP is full-duplex communication, sending a FIN request by the active closing party does not mean that the connection is completely disconnected, but only means that the active closing party no longer sends data. The receiver may still send data, so the data channel from the server to the client cannot be closed immediately, so the FIN packet from the server and the ACK packet to the client cannot be combined and sent, and the ACK can only be confirmed first, and when the server does not need to send data When sending FIN packets, four data packet interactions are required for four waved hands
What is the function of the TIME_WAIT state, and why the active closing party does not directly enter the CLOSED state to release resources?
Answer : If the active closing party enters the CLOSED state, and the passive closing party does not get an ACK confirmation after sending the FIN packet, it will retransmit a FIN packet after a timeout. If the client does not have the TIME_WAIT state and directly enters the CLOSED state to release resources, the next time a new client is started, it may use the same address information as the previous client. There are two hazards. The first is the newly started new client. When the client binds the address successfully, it will receive a retransmitted FIN packet, which will affect the new connection. The second is if the new client sends a SYN connection request to the same server, but at this time the server is in the LAST_ACK state, requiring an ACK instead of a SYN, so it will send a RST re-establishment request.
Why does the TIME_WAIT state need to go through 2MSL to enter the CLOASE state?
Answer : MSL refers to the maximum lifetime of packets in the network. After the client sends the FIN confirmation packet ACK to the server, the ACK packet may not arrive. If the server does not receive the ACK packet, it will resend the FIN packet. Therefore, after the client sends the ACK, it needs to set aside 2MSL time (the ACK arrives at the server + the server sends the FIN retransmission packet, one back and forth) to wait for confirmation that the server has not received the ACK packet. That is to say, if the client does not receive the FIN packet retransmitted by the server after waiting for 2MSL, it can confirm that the server has received the ACK packet sent by the client.
What is the reason for a large number of TIME_WAIT on a host? How should it be handled?
Answer : TIME_WAIT is caused by the active closing party. A large number of TIME_WAIT on a host proves that a large number of active closing connections have been initiated on this host. Common in some crawler servers. At this time, we should adjust the waiting time of TIME_WAIT, or turn on the socket address reuse option
What is the reason for a large number of CLOSE_WAIT on a host? How should it be handled?
Answer : CLOSE_WAIT is the state after the passive closing party receives a FIN request and responds, waiting for further processing by the upper program. If a large number of CLOSE_WAIT appears, it may be that the host program of the passive closing party forgot the last step to disconnect and call close to release resources. This is a BUG. You only need to add the corresponding close to solve the problem
Keep alive mechanism in tcp connection management
Answer : In tcp communication, if there is no data exchange between the two ends for a long time , then every once in a while , the server will send a keep-alive detection datagram to the client, asking the client to reply. If no response is received multiple times in a row , the connection is considered disconnected. The default is 7200s for a long time, 75s by default for a certain period of time, and 9 times if there is no response for many times in a row. These data can be modified in the socket, interface: Setsockopt