“This article has participated in the call for good writing activities, click to view: the back end, the big front end double track submission, 20,000 yuan prize pool waiting for you to challenge!”

Agreement: An agreement is an agreement whose specific content is a specification.

The seven-layer network model is shown as follows:

Communication over the Internet requires corresponding network protocols. TCP/IP is a protocol family developed for the use of the Internet. So, the protocol of the Internet is TCP/IP, and TCP/IP is the protocol of the Internet.

It mainly includes:

TCP/IP protocol

  • IP (IPv4, IPv6) corresponds to layer 3, the network layer, in the OSI reference model. The main function of the network layer is to “realize the communication between terminal nodes”. This communication between terminal nodes is also called point-to-point communication.
  • The data link layer, the next layer of the network, is mainly used for packet transfer between nodes connected to the same data link. Once across multiple data links, the network layer is needed. The network layer can span different data links, and data packets can be transmitted between nodes at both ends even on different data links
  • IP is roughly divided into three functional modules, which are IP addressing, routing (forwarding up to the end node), and IP subcontracting and packet grouping.

TCP

TCP: Transmission Control Protocol. Located at the network transport layer, TCP provides communication between applications. TCP provides reliable data transmission in the IP environment. The services it provides include data transmission, reliability, effective flow control, full duplex operation and multiplexing. Through connection-oriented, end-to-end, and reliable packet delivery. Generally speaking, it is to open up a connected channel for the data to be sent in advance, and then send the data.

TCP supports application protocols such as Telnet, FTP, and SMTP

  • TCP provides a connection-oriented, reliable byte stream service
  • In a TCP connection, only two parties communicate with each other
  • TCP uses verification, confirmation, and retransmission mechanisms to ensure reliable transmission
  • TCP sorts data into sections and uses cumulative validation to ensure that the order of the data is constant and non-repetitive
  • TCP uses the sliding window mechanism to control traffic, and dynamically changes the window size to control congestion

Note: TCP does not guarantee that the data will be received by the other party, because it is impossible. What TCP can do is, if possible, deliver the data to the receiver and notify the user otherwise (by aborting retransmission and breaking the connection). So TCP is not exactly a 100% reliable protocol. What it does provide is reliable delivery of data or reliable notification of failures.

UDP

UDP: User Datagram Protocol. UDP does not provide IP with reliability, flow control, or error recovery. Generally speaking, TCP corresponds to applications with high reliability requirements, while UDP corresponds to applications with low reliability requirements and low transmission economy.

UDP supports the following application-layer protocols: NETWORK File System (NFS), Simple Network Management Protocol (SNMP), DOMAIN Name System (DNS), and File Transfer Protocol (TFTP)

TCP is different from UDP

TCP UDP
Whether connection connection-oriented There is no connection
Transmission reliability reliable unreliable
Application scenarios Transfer large amounts of data A small amount of data
speed slow fast

Three-way handshake

  • TCP provides connection-oriented communication transport. Connection-oriented refers to the preparation work between the two ends before data communication begins.
  • The three-way handshake means that the client and server send three packets to confirm the establishment of a TCP connection. In socket programming, this process is triggered by the client executing connect.

The flow chart of the three-way handshake is as follows:

SYN: Synchronize Synchronization ACK Acknowledgment Established Seq Sequence number The lower case ACK is the acknowledged value

  • First handshake: the client sets the flag bit SYN to 1, randomly generates a value seq=J, and sends the packet to the server, and the client entersSYN_SENTStatus, waiting for confirmation from the server.
  • Second handshake: After the server receives the packet, the flag bit SYN=1 indicates that the client requests to establish a connection. The server sets the flag bit SYN and ACK to 1, ACK =J+1, randomly generates a value seq=K, and sends the packet to the client to confirm the connection requestListenEnter theSYN_RCVD(received).
  • Third handshake: After receiving the confirmation, the client checks whether the ACK is J+1 and ACK is 1. If yes, the client sets the flag ACK bit to 1, ACK =K+1, and sends the packet to the server. The server checks whether the ACK is K+1 and ACK is 1. The client and server enter the ESTABLISHED state and complete the three-way handshake. Data can then be transferred between the client and server.

Half-connection: During the TCP three-way handshake, the client initiates a connection to the server and the server responds, but the client does not initiate the third handshake.

Half-open: In a TCP connection, if one end of the connection is closed or abnormally closed, the connection is half-open. Solve the half-open problem: introduce a heartbeat mechanism to detect the half-open state.

Semi-closed: When the client sends a FIN request to the server to close the TCP connection and the server replies with an ACK but does not immediately send the FIN to the client, the client is in the semi-closed state. In this case, the client can receive data from the server, but the client cannot send data to the server.

What is the SYN flood attack?

In the three-way handshake, after the server sends a SYN-ACK, the TCP connection before it receives an ACK from the client is called half-open connect. The server is in the SYN_RCVD state. After receiving the ACK, the server changes to ESTABLISHED.

Syn attack is to attack the client in a short period of time the IP address of the forged a lot does not exist, sends a Syn packet to the server constantly responded server packages, and wait for the customer to confirm, because the source address is not exist, the server needs to continually resend until timeout, the forgery of the Syn packet will occupy not connected queue for a long time, Normal SYN requests are discarded, and the target system runs slowly. In serious cases, network congestion or even system breakdown occurs.

SYN attack is a typical DoS/DDoS attack.

SYN attacks are very easy to detect. When you see a lot of semi-connected states on the server, especially if the source IP address is random, you can basically tell that this is a SYN attack. On Linux/Unix, you can use the netstats command to detect SYN attacks.

/ / check whether be Syn attack netstat - n - p TCP | grep SYN_RCVDCopy the code

SYN attacks cannot be completely blocked unless TCP is redesigned. We minimize the damage caused by SYN attacks. Common SYN attack defense methods are as follows:

  • Shorten SYN Timeout
  • Increase the maximum number of connections
  • Filtering gateway Protection
  • The SYN cookies technology

Why do YOU need 3 connections?

The last confirmation from client A to server B is to prevent invalid packets from client A from being sent to server B

For example, client A sends A request for connection for the first time, but it does not reach server B for various reasons. Then client A considers that it failed and sends A new request for connection, and receives A reply from server B and establishes A connection. However, the first failed connection request happens to be sent to server B, so server B thinks that the client sent two connection requests, when in fact client A only wants to establish A connection request, which causes A waste of resources. So with A third connection, client A sends an acknowledgement request after two requests, because client A knows which requests he sends are really needed and which are to be discarded.

What happens if the server never receives an ACK from the client during the three-way handshake?

The server sets a timer for each half-connection to be completed. If the server does not receive an ACK message from the client within the specified time, it sends a SYN-ACK message to the client again. The server does not give up the syn-ACK message until the number of retries exceeds a certain number. At this point, the server needs to allocate kernel resources to maintain half-connections.

Why is the initial sequence number Seq initialized randomly?

This is mainly to ensure network security. If the initial serial number is not randomly generated, hackers will easily obtain the initial serial number of communication between you and other hosts, and forge the serial number to attack, which has become a very common means of network attack.

Four times to wave

  • To terminate a TCP connection, the client and server need to send a total of four packets to confirm the disconnection. In socket programming, this process is triggered by either the client or the server executing a close.
  • A TCP connection is full-duplex. Therefore, each direction must be closed separately. After completing the data transmission task, one party sends a FIN to terminate the connection in this direction. However, data can still be sent on this TCP connection until a FIN is also sent in that direction. The party that closes first performs an active shutdown, while the other party performs a passive shutdown.

The flow chart of four waves is as follows:

  • The interrupt end can be either a client or a server.
  • First wave: The client sends a FIN=M to close the data transfer from the client to the server and the client enters the FIN_WAIT_1 state. This means “I have no more data to send to you from the client”, but if you have data to send from the server, there is no need to close the connection and continue to send data.
  • Second wave: After receiving the FIN, the server sends ack=M+1 to tell the client that I have received your request, but I am not ready yet. Please continue to wait for my message. That’s when the client comes inFIN_WAIT_2Status: Continues to wait for FIN packets from the server.
  • Third wave: When the server confirms that data has been sent, it sends a FIN=N packet to the client to tell the client that all data has been sent and that it is ready to close the connection. Server AccessLAST_ACKState.
  • Fourth wave: After receiving the FIN=N packet, the client knows that it can close the connection. However, the client still does not trust the network and sends ack=N+1 to the server for fear of closing the connectionTIME_WAITIf the Server does not receive an ACK, it can be retransmitted. When the server receives an ACK, it knows it is ready to disconnect. If the client waits for 2MSL and still does not receive a reply, then the server is shut down normally, then the client can also close the connection. Four handshakes were completed.

At the same time to wave

The above is the case where one party takes the initiative to close and the other party is passive to close. In practice, active closure will be initiated at the same time.

The process is as follows:

How does TCP ensure reliable transmission

How to ensure reliable transmission in TCP protocol

1. Acknowledgement and retransmission: The recipient acknowledges the packet after receiving it, and the sender retransmits the packet if it does not receive any acknowledgement after a period of time.

2. Verify data

3. Reasonable data fragmentation and sorting:

  • UDP: The IP packet is greater than 1500 bytes and MTU. In this case, the IP layer of the sender needs to be fragmented. The datagram is divided into several pieces, so that each piece is smaller than the MTU. The receiver IP layer needs to reorganize the datagram. This would do a lot more, and worse, because of the nature of UDP, when a piece of data is lost in transmission, it cannot be reorganized. Will cause the entire UDP datagram to be discarded.
  • TCP fragments the data according to the MTU. The receiver caches the data that does not arrive in sequence, and then delivers the data to the application layer.

4. Flow control: When the receiver has no time to process the data of the sender, it can prompt the sender to reduce the sending rate to prevent packet loss. 5. Congestion control: Reduce data transmission when the network is congested.

TCP Details 2

Improves reliability through serial numbers and acknowledgement responses

  • In TCP, when data from the sender reaches the receiving host, the receiving host returns a notification that the message has been received. This message is called an acknowledgement reply (ACK). After sending data, the sender waits for the peer to confirm the reply. If there is an acknowledgement reply, data has been successfully delivered to the peer end. Otherwise, the possibility of data loss is high.
  • If no acknowledgement is received within a certain period of time, the sender considers that the data has been lost and resends the data. Thus, even if packet loss occurs, data can still reach the peer end and reliable transmission can be achieved.
  • Failure to receive an acknowledgement does not necessarily mean that data is lost. It is also possible that the data has already been received by the other party, but the acknowledgement returned was lost en route. In this case, the sender mistakenly thinks that the data has not reached the destination and resends the data.
  • In addition, there may be other reasons for the delay in the arrival of acknowledgements, and it is not uncommon for acknowledgements to arrive after the source host has retransmitted data. In this case, the source host only needs to retransmit data according to the mechanism.
  • It is not desirable for the target host to receive the same data repeatedly. In order to provide reliable transmission to upper-layer applications, the target host must discard duplicate packets. For this we introduced serial numbers.
  • The serial number is the sequential number assigned to each byte (8-bit byte) of the sent data. The receiving end queries the sequence number and data length in the TCP header of the received data and sends back the sequence number to be received as an acknowledgement. Through the sequence number and acknowledgement number, TCP can identify whether data has been received and determine whether data needs to be received, thus achieving reliable transmission.

Determination of retransmission timeout

  • The retransmission timeout is the specific amount of time that you wait for a confirmation reply to arrive before retransmitting data. If no acknowledgement is received within the specified time, the sender resends the data. Ideally, find a minimum time within which the confirmation reply is guaranteed to return.
  • TCP requires high performance communication regardless of network environment and must maintain this feature regardless of changes in network congestion. To do this, it calculates the round trip time and its deviation each time it sends a packet. Add this round trip time and the deviation time, and the retransmission timeout is a value slightly greater than the sum.
  • On BSD Unix and Windows systems, timeouts are controlled in units of 0.5 seconds, so retransmission timeouts are integer multiples of 0.5 seconds. Initially, however, the default value for its retransmission timeout is generally set to about 6 seconds.
  • If no acknowledgement is received after the data is retransmitted, the data is sent again. In this case, the waiting time for confirmation will increase by two times and four times exponentially.
  • In addition, the data will not be retransmitted indefinitely and repeatedly. If no acknowledgement is returned after a certain number of retransmissions, the system determines that the network or the peer host is abnormal and forcibly closes the connection. Notify the application of abnormal communication and forcibly terminate.