<>TCP The process of "three grips and four swings" and related problems

<> one TCP Connection transfer for

TCP Connection transmission needs to go through three stages :

TCP The connection is established in the client server mode , The application process that initiatively initiates connection establishment is called customer , The application process passively waiting for the connection to be established is handed over to the server .

TCP Three handshakes are required to establish the connection , The release of the connection requires four waves , study TCP Before three handshakes and four waves , Need to be familiar with TCP Header format for , especially TCP In the header 6 Control bits .

<> two TCP Three handshakes

<>2.1 process

To put it simply, there are three steps :

* First handshake : Client sends connection request message segment to server . This message segment contains its own initial serial number of data communication . After the request is sent , The client enters SYN-SENT state .
* The Second Handshake : After the server receives the connection request message segment , If you agree to connect , A reply will be sent , The response will also contain its own initial serial number of data communication , Enter after sending
* Third handshake : After the client receives the connection consent reply , Also send a confirmation message to the server . After the client sends this message segment, it enters ESTABLISHED
state , After receiving this response, the server also enters ESTABLISHED state , The connection is established successfully .
<>2.2 SYN Flooding attack

* SYN Flooding attack occurs in OSI Fourth floor , Use in this way TCP Characteristics of the protocol , Three handshakes .
* Attacker sends TCP
SYN,SYN yes TCP The first packet in the triple handshake , And when the server returns ACK after , The attacker will not reconfirm it , And this TCP The connection is suspended , That is, the so-called semi connected state , If the server cannot receive the reconfirmation , It will also be sent repeatedly ACK To the attacker . This will waste the resources of the server .
An attacker sends a large number of such TCP connect , Because none of them can complete three handshakes , So on the server , these TCP Connections are consumed due to pending status CPU And memory , Finally, the server may crash , Can not provide services for normal users .
* to guard against SYN Attack measures : Reduce the waiting time of the host so that the host can release the occupation of half connections as soon as possible , Received a short time IP Repetition of SYN Discard subsequent requests .
<>2.3 Why three handshakes

* To confirm that the receiving and sending capacities of both parties are normal
* If you shake hands twice , The following occurs :
If the client sends a connection request , However, the confirmation was not received due to the loss of the connection request message , So the client retransmits the connection request again . Later received confirmation , Connection established .

After data transmission , The connection is released , The client sends two connection request message segments in total , The first one is missing , The second one reaches the server , However, the first lost segment only stays at some network nodes for a long time , The server does not arrive until some time after the connection is released , At this time, the server mistakenly thinks that the client sends a new connection request , Then, a confirmation message segment is sent to the client , Agree to establish connection ,
No triple handshake , As long as the server sends a confirmation , A new connection will be established , At this time, the client ignores the confirmation sent by the server , Nor send data , The server is waiting for the client to send data , Waste of resources .

( This is mainly to prevent the invalid connection request message segment from being sent to the B, Thus an error occurs .)

<> three TCP Four waves

<>3.1 process

To put it simply, there are four steps :

* First wave : If the client thinks that the data transmission is completed , Then it needs to send a connection release request to the server .
* Second wave : After the server receives the connection release request , Will tell the application layer to release TCP link . Then it will send ACK package , And enter CLOSE_WAIT
state , This indicates that the connection from the client to the server has been released , No longer receive data sent by the client . But because TCP The connection is bidirectional , So the server can still send data to the client .
* Third wave : The server will continue to send data if there is still unfinished data at this time , After completion, a connection release request will be sent to the client , Then the server enters LAST-ACK state .
* Fourth wave : After the client receives the release request , Send a confirmation response to the server , The client enters TIME-WAIT state . This status will continue
2MSL( Maximum segment lifetime , Refers to the lifetime of the message segment in the network , Timeout will be discarded ) time , If there is no retransmission request from the server within this time period , Just enter CLOSED
state . After the server receives the acknowledgement , Then enter CLOSED state .
<>3.2 Why must I wait 2MSL Time of

Why? A stay TIME-WAIT Status must wait 2MSL Time of ?

MSL maximum segment lifetime Maximum Segment Lifetime,MSL=2

answer : Two reasons :① ensure A Last sent ACK Message segment can arrive B.② prevent “ Invalid connection request message segment ” Appear in this connection .

1) this ACK Message segment may be lost , Make in LAST-ACK Stateful B Unable to receive a response to the sent FIN+ACK Acknowledgement of message segment ,B Timeout retransmission FIN+ACK Message segment , and A Can in 2MSL Received this retransmission within time FIN+ACK Message segment , next A Retransmission once confirmation , Restart 2MSL timer , last A and B All into CLOSED state ,
if A stay TIME-WAIT Status does not wait for a period of time , Instead, send it out ACK Release connection immediately after message segment , Cannot be received B Retransmitted FIN+ACK Message segment , So the confirmation message segment will not be sent again , be B Unable to enter into CLOSED state .
2)A After sending the last ACK After message segment , Re pass 2MSL, All message segments generated during the duration of this connection can disappear from the network , So that the old connection request message segment will not appear in the next new connection .
<>3.3 Why do I need four waves

Because when the server receives the SYN After connection request message , Can be sent directly SYN+ACK message . among ACK The message is used for answering ,SYN Messages are used for synchronization . But when you close the connection , When the server receives FIN Message time , Probably not immediately SOCKET, So you can only reply to one first ACK message , Tell clients ,“ You sent it FIN I got the message ”. Only when all the messages on my server are sent , I can send FIN message , Therefore, they cannot be sent together , So it takes four waves .