As a review of computer networks, if you don’t remember, come and have a look, you can also find some problems when writing

HTTP

2. HyperText Transfer Protocol (HyperText Transfer Protocol) : an agreed code of conduct (rental agreement) between two or more participants for the same purpose. HTTP is a convention and specification for sending images, text, and other hypertext data between two points in the computer world

DNS

Domain Name System Translates Domain names into IP addresses at the network layer.

Does not mean that the domain name is useless,HTTP/1.1 specification, must carry the Host header in the request header, the purpose is when the request server has more than one virtual Host, through the Host to determine which Host to request. For example, in a server with www.a.com, www.b.com, if there is only one IP address, then the HTTP request does not know whether to request A or B.

DNS three-tier structure

  • 1 Root DNS Server Manages top-level DNS servers and returns the IP addresses of such top-level DNS servers as com and CN
  • 2 Top-level DNS Server Manages authoritative DNS servers in each domain. For example, the COM top-level DNS Server can return the IP address of a.com
  • The Authoritative DNS Server manages the IP addresses of hosts under its own domain name. For example, the Authoritative DNS Server can send the IP address of www.a.com

DNS Resolution Process

When you type a URL from the browser and press Enter, the browser extracts the domain name part, such as www.a.com.

  • 1 Search in the browser cache. If the browser has a cache result for the domain name, go to Step 2
  • 2 Search for the OPERATING system cache. If yes, return. If no, go to step 3
  • 3 Check the local host file to see whether the host name is mapped. If yes, the host name is displayed. If no, go to Step 4
  • 4 Send requests to the local DNS server and perform recursive or iterative query based on the configuration of the local DNS server.

Recursive query

  • 1 The local DNS server sends a request to the root DNS server (www.a.com === www.a.com.root, omitted by root) to query the NS records and IP address of the top-level domain name server (.com)
  • The two DNS servers send a request to the TOP-LEVEL domain name server (TLNS) on behalf of the client, that is, query “a.com”, and obtain the NS record and IP address of the next-level domain name (authoritative DOMAIN name server)
  • 3 The TOP-LEVEL domain name server sends a request to the authoritative DOMAIN name server based on the IP address, that is, query www.a.com. After obtaining the IP address, the top-level domain name server returns the request to the client

Iterative query

This machine has a DNS server, which can be static or DHCP dynamically allocated, famous as Google 8.8.8.8

Ruan yifeng big man DNS principle

content=”on”>

The HTTP message

HTTP/1.1 messages are encoded in ASCII, so we can read them directly

Three structures of HTTP packets

  • 1 The start line describes the basic information about the request
  • 2 Header key-value specifies the packet
  • 3 Data actually transmitted by the entity

An HTTP packet must contain a header, that is, the start line and the head. The header must be followed by an empty line, and the empty line is considered an entity

The starting line

The request line
  • 1 Request method
  • 2 the request URI
  • 3 Protocol version

For example, Get/HTTP/1.1

Uniform Resource Identifier (URI) : A uniform Resource Locator (URL) uniquely identifies a Resource. It identifies a Resource URN (UNIFORM Resource Locator) by its address Resource Name identifies a Resource by Name URI = URL + URN, so A URL is a subset of URIs, but URN is rarely used these days, so most of the time URI = URL

The status line
  • 1 the version number
  • 2 a status code
  • 3. Cause phrases

For example, HTTP/1.1 200 OK

The head
  • 1 Common header request packets and response packets can be added
  • 2 Entity header Describes the entity
  • Request header: Appears in the request header
  • 4 Response header: appears in the response header
Request header
  • 1 Accept: The MIME Type that the browser can Accept, that is, the data Type that accepts entities, such as text/ HTML
  • 2 Accept-encoding: indicates the compression format supported by the client, for example, gZip, Deflate, and BR
  • 3 Accept-language: indicates the natural Language supported by the client, for example, zh-cn,en
  • 4 Accept-Chartset: specifies the encoding format supported by the client, for example, UTF-8
  • 5 User-agent: indicates the User agent, which is used to determine the PC or mobile terminal
  • 6 Host: indicates the domain name, which indicates the requested Host. A server may have multiple virtual hosts
  • 7…

The request header also uses Q to indicate weights, such as accpet-language: zh-cn; Q = 0.9, en. Q =0.8 The larger q is, the more likely it is to obtain this resource. Above is the preference for obtaining simplified Chinese resources. “Separate, HTTP “,” than”; “Breaking sentences means a lot

Response headers
  • 1 Expires A date by which the browser determines whether to use a strong Cache. It takes precedence over cache-control
  • 2 Date Specifies the creation time of the response packet. The time in the header of the max-age parameter in cache-Control is required
  • 3 Location Redirection address
  • 4 set-cookie Sets the Cookie
  • 5 Content-type Specifies the MIME Type of entity data in packets
  • 6 Content-length Indicates the Length of the entity data in the packet. If this header exists, the packet is of fixed Length; otherwise, the packet is of indefinite Length

Fixed-length inclusion and indeterminate length inclusion

Short and long connections should be known before referring to fixed-length and indefinite-length packages.

Long connection and short connection

In the previous HTTP requests, the short connection was used, that is, the TCP connection was closed immediately after the response of a request, which would cause waste. Because TCP connections go through three handshakes and four waves, they are inefficient. HTTP/1.1 uses long connections by default, that is, a TCP connection is established in the first request and broken in the last response. Connection: keep-alive in the HTTP header indicates a long Connection. You can use Connection: close to disconnect the TCP Connection.

Question: When do I know to disconnect the TCP connection? Do TCP connections always take up memory?
  • 1 The TCP connection is disconnected when no request is received, that is, the timeout period
  • 2 Set the maximum number of requests, that is, the number of requests before the connection is disconnected.

All of these methods assume that the client’s request has ended. So how do you know that a response has been sent? The answer is the size of the data sent by content-Length, so if I send this much data, I’m done.

Question: If I upload a large file, should the server read the entire file before I upload it?

When the large file is finished, the client will wait for a long time, so I will transfer the large file while reading. Transfer-encoding: chunked means I’m transferring a chunk of data and not done yet. In the last chunked, the chunking transfer ends with 0CRLF indicating the chunking transfer:

Block transfers must be used in conjunction with long connections. Transfer-chunked and Content-Length are mutually exclusive and only one or the other will appear

Scope of the request

Problem: When we want to skip the beginning of a video and drag the progress bar to do so, we are actually making a scope request for a certain portion of the resource.

For example, if-range is a conditional request, Range: bytes=2564417-2761944 If a Range request is supported, 206 and part of the resource is returned. If a Range request is not supported, 200 OK and the entire resource is returned. If the Range request exceeds the resource size, 416 status code is returned

Determines whether the server supports range requests

By sending a HEAD request, accept-ranges: bytes in the response header indicates that range requests are supported and the size of the file can also be obtained

Making a range request

Range: bytes=x-y X -y indicates the offset to obtain the resource

The server processes scope requests

  • 1 Check whether the range request is valid. If only 200 bytes of data are requested, but 400-500 bytes of data are requested, the server will return 416 indicating that the range request is incorrect
  • 2 If the Range is correct, the server will add content-range: bytes x-y/ Length to the response header, read the fragment of the resource, and return a 206 status code indicating that the body is part of the original resource

Many piece of data

The above can fetch only one fragment, but it can also fetch multiple fragment data at once. A special MIME Type is multipart/byteranges and has a delimiter (boundary= XXX)

For example,

GET /16-2 HTTP/1.1
Host: www.chrono.com
Range: bytes=0-9, 20-29

Copy the code

The response

HTTP/1.1 206 Partial Content
Content-Type: multipart/byteranges; boundary=00000000001
Content-Length: 189
Connection: keep-alive
Accept-Ranges: bytes
 
 
--00000000001
Content-Type: text/plain
Content-Range: bytes 0-9/96
 
// this is
--00000000001
Content-Type: text/plain
Content-Range: bytes 20-29/96
 
ext json d
--00000000001--
Copy the code

And then we end up with –00000000001– notice we have — on both sides

The difference between segmented transmission and range request

The scope request is to request a certain part of the resources to be transmitted in segments. The server cannot know the size of the resources to be transmitted in the first time, so as to avoid the client to wait too long by reading and passing. At last, 0CRLF is passed to indicate the end of the segment transmission

Browser cache

Making good use of the browser cache is a great way to reduce network requests and relieve server stress.

Server cache

The response header lets you know if and for how long the server can cache the resource from the client

Cache-control
  • 1 max-age: 30 s 30 s, the client can cache the resource if you have request the resources in the 30 s, so it is good to send him directly, calculation (associated with the creation time of the response message, that is, the Date field in the header, from that time after 30 s, this resource is failure, so it is also possible in the process of transmission resources on the failure)
  • 2 no-store: no cache is allowed and every request is sent to the source server
  • 3 No-cache: it can be cached, but must be verified with the source server before using it.
  • 4 must-revalidate: If the resource has not expired, you must continue to use it. If it has expired, you must verify with the source server that the resource is up-to-date

Cache-control: max-age=0 CTRL +F5: no-cache

Expires

The value is a date and time that is less precise than the system time and has a lower priority than cache-control.

ETag

ETag is an entity tag that uniquely identifies resources. You can use ETag to accurately identify resource changes. Etags can be “strong” or “weak”. A strong ETag requires that resources match exactly at the byte level. A weak ETag requires that resources remain semantically (functionally) unchanged, but some internal changes may occur (such as the order of tags in HTML, Or a few extra Spaces) example:

  • Strong ETag, the client has a 10 byte data, the server’s same data added a meaningless space, the client does not want the original, must be new.
  • Weak Tag, same with extra space
Last-modified

The last modification time of the file, which has a lower priority than ETag, is ignored if there is an ETag

max-stale

How long after the resource expires, I can still use the cache directly

min-fresh

For example, if the resource min-fresh: 10 is about to expire for 8s, then the cache is not used. The cache must be used for more than 10s

Conditions of the request

The condition request means that if my condition is met, the server will process it. If my condition is Not met, the server will reply 304 Not Modified

  • 1 “if-modified-since “, If the resource has changed Since this date, the server processes the request, otherwise replies to 304, which is the last-modified date of the response header in the same request URL
  • 2 “if-none-match “, If the server does not Match the resource with this identifier, the server processes the request, otherwise reply 304

Conditional requests are negotiated caching

If there is no cache-control or Expires, but last-modifed, the browser will enforce strong caching with max-age=(date-last-Modified) * 10%.

Proxy server cache

Cache-control

  • Public Anyone can cache resources
  • Private does not allow proxy servers to cache resources
  • S-maxage is similar to max-age, but applies to the proxy server

Proxy server

There are four types of agents

  • Anonymous proxy: completely “hides” the proxied machine, the outside world only sees the proxy server
  • Transparent proxy: As the name implies, it is “transparent and open” during transmission, with the outside world knowing both the proxy and the client
  • Forward proxy: Close to the client and send requests to the server on behalf of the client
  • Reverse proxy: Close to the server and responds to requests from clients on behalf of the server

The role of agency

  • Load balancing: Distribute requests across multiple machines to cluster access
  • Content caching: Returns a response instead of the source server
  • Security protection: protect the proxy machine
  • Data processing: provides additional functions such as compression and encryption
  • Health check: Monitors back-end servers through heartbeat mechanisms and removes them from the cluster if they are faulty

Proxy fields

  • Via: Each time the proxy node is passed, the proxy server’s own information is added to the end of the field
  • X-forwarded-for: Each forwarded-TO agent adds its own IP address to the end of each forwarded-to agent, including clients
  • X-real-ip: obtains the Real IP address of the client

The agency agreement

X-forwarded-for adds information. HTTP packets must be parsed, but HTTPS does. This raises the cost of forwarding. Therefore, the PROXY protocol is used to add PROXY IP address type IP address of the requester target IP address Request port Number Target port number For example, PROXY TCP4(TCP6) 1.1.1.1 2.2.2.2 55555 80\r\n

PROXY TCP4 1.1.1.1 2.2.2.2 55555 80\r\n GET/HTTP/1.1\r\n Host: www.xxx.com\r\n \r\n \nCopy the code

HTTPS

HTTPS is the SSL/TLS layer on top of HTTP. It used to be HTTP Over TCP/IP, so HTTPS is HTTP Over SSL/TLS. Of course, the underlying layer still relies on TCP. Let’s start with the problems. HTTP has some problems

  • The transmitted data is in plain text and can be monitored easily
  • The transmitted data can be tampered with and the client does not know if the data is complete
  • The browser does not know if the response is from the real server, and the identity is not verified

How to solve these problems

I’ll say the answer first, and then see how HTTPS is guaranteed. Data plaintext problem, using symmetric encryption and asymmetric encryption combined use to encrypt data transmission. The integrity of the data, USES the algorithm to generate the, the algorithm is using hash function or hash function How to guarantee the identity of the communicating parties, through the digital signature, asymmetric encryption with public and private keys (below), because the private key is secret, the man only communicate with you know, you can use the public key, Then we can make sure we don’t understand the identity don’t worry, let’s take a look

Why use symmetric encryption and asymmetric encryption mixed encryption way?

We need to talk about symmetric and asymmetric encryption first

Symmetric encryption

Symmetric encryption is the encryption and decryption of data through a session key, that is, both parties open the data through a key, so the question is, every day many clients request, how can I give this key to them secretly? Finally found that no matter how to send, will be someone to get, only through symmetric encryption is unable to complete encryption. Common symmetric encryption algorithms :AES,CHACHA20, then look at asymmetric encryption

Asymmetric encryption
  • Asymmetric encryption means that the server generates a pair of keys, including a public key and a private key. The data encrypted by the public key must be unlocked by the private key, but the public key cannot be unlocked
  • The data encrypted by the private key must be unlocked by the public key, and the server must keep the private key secret from anyone. Public keys can be given around
  • In this way, both the server and the client have a set of public and private keys. If you want to send a message to me, you can encrypt it with my public key and I can decrypt it with my private key. In this way, the communication between the two sides can be secure
  • Common ECDHE, RSA algorithms, they will be different in TLS handshake, later

But is it safe?

  • 1. How does the client know that the public key it obtains must belong to the server? The middleman replaces the public key with his own, the client encrypts it with his public key, he decrypts it with his private key, and gets the client’s information.
  • 2, asymmetric encryption algorithm is slow, symmetric encryption is about hundreds of times worse, for users, too painful, wait so long

For asymmetric algorithm encryption and decryption is too complex to lead to slow speed, so the use of fast encryption symmetric encryption and asymmetric encryption combined to encrypt data, problem 1 later, about identity authentication

TLS is equal to the SSL3.0

integrity

Now that we’ve done data encryption, let’s look at how to achieve integrity, where we need to introduce a digest algorithm, okay

The algorithm

Abstract algorithm can be understood as special compression, compress a long string of data into a fixed length, unique string, and it is one-way, irreversible, no key can be unlocked, even if you change a punctuation mark in the original data, the generated summary is completely different. Summary of common algorithm, MD5, SHA – 1, SHA – 2 as long as we use data to generate a unique abstract, and put it behind the attached to the original, after client received, also according to this algorithm is the same, if two identical, that the data is complete, if not, are directly to lose, because being tampered with. If the abstract is transmitted in plaintext, the middleman can simply replace the data and generate a summary himself, and the client can reproduce the same once. This is not secure, so it is necessary to ensure confidentiality to transmit the summary, so as to ensure data integrity

A digital signature

Now, the third problem, how to authenticate, is through digital signature. In real life, how to authenticate a company is through a stamp or a signature. Here we can also complete identity authentication by signing.

  • The server encrypts data with its private key, and if the ciphertext is decrypted using the server’s public key, it is a message from the server
  • What data is encrypted with a private key? Too much data can be slow, so smart people encrypt abstracts with private keys to authenticate themselves
  • In this way the digital signature completes both the integrity and authentication issues
The digital certificate

Going back to the above question, how does the client know that the public key he has obtained must belong to the server? , because even if the server encrypts the session key with its private key, the middleman can directly replace the entire encrypted message, encrypt the data with the middleman’s private key and send it to the client. In this way, it is actually communicating with the middleman. How can we ensure that the public key obtained is the server? This brings in the CA mechanism

CA (Certificate Authority)

It’s like a police station in the real world, you can trust it, you have to trust it, otherwise you can’t proceed, it signs the public key, so you can be sure that the public key is from the server, the system has a trusted CA certificate server first submits the public key to the CA, The CA organization then puts the serial number, purpose, issuer, validity time and so on into a package and signs, forming a digital certificate. Certificate contains two main things, digital signatures and public key server in the TLS handshake, send the digital certificate to the client, the client will be based on the system’s built-in CA public key to decrypt the message, the server public key and data, according to the algorithm, data summary, again to decrypt data are consistent, If yes, the public key of the server is obtained.

The TLS handshake

Now what does a TLS handshake look like

  • The client and server establish a TCP three-way handshake
  • The Client sends Client Hello, which contains the cipher suite, a random number Client_Random, and the protocol version number such as TLS1.2.
  • The Server sends Server Hello, which contains the key suite selected by the Server, a random number Server_Random, and the version number, to the client
  • The server sends a digital certificate to prove its identity.
  • If the ECDHE algorithm is used for the key Exchange, then the Server issues a Server key Exchange, which represents the public key of the Exchange algorithm. If the ECDHE algorithm is used for the calculation, then a Server Params is generated. Per_master is used to generate the last random number, absolutely confidential), so the Server Params, generated digest, encrypted with the private key sent to the client
  • The Server sends Server Hello Done to indicate that the greeting is complete
  • After receiving the digital certificate from the server, the Client verifies it with the method mentioned above to ensure that it communicates with the server and gets the public key at the same time. Then it calculates a public key Client Params for key exchange according to the ECDHE algorithm and generates a summary. After encrypting the public key obtained by the certificate, it sends the summary to the server. Issue a Client Key Exchange
  • After receiving the Client Key Exchange, the server unlocks the message with its own private Key and obtains the public Key for Key Exchange given by the Client. At this time, the server has its own private Key based on the Key Exchange algorithm, and the public Key given by the Client, and calculates a pre-master Key Pre_Master. Based on Client_Random,Server_Random,Pre_Master, click, calculate a session key that can be used to encrypt data and is private
  • After the Client sends the Client Key Exchange, the same steps are taken to calculate the same session Key according to Client_Random,Server_Random, and Pre_master. In this way, both the Client and the server have session keys
  • After that, the client sends a Change Cipher Spec and a Finished packet to summarize the previously sent information, encrypt it, and send it to the server to verify that the obtained keys are the same. If it’s the same then we’ll just encrypt the communication.
  • The server also sends Change Ciper Spec and Finished packets. After both parties verify that encryption and decryption are OK, encryption is used for communication
  • HTTPS security is ensured.
There is about key exchange

Asymmetric encryption mainly guarantees the secure exchange of Pre_Master. Pre_Master is the key for generating session keys and must be delivered safely. Both the server and client calculate a public key and a private key according to the key exchange algorithm ECDHE algorithm, and send the public key to each other. After receiving the public key of the other party, the Pre_Master is directly calculated according to the ECDHE algorithm, and the session key is generated using the previous Client_Random,Server_Random, and Pre_Master. The Pre_Master is guaranteed by the algorithm, so it is difficult for others to guess. (The RSA algorithm is different. The RSA algorithm directly generates a random number from the client, encrypts the public key obtained from the certificate and sends it to the server. However, RSA does not have forward security.)

1 – Client Hello
Handshake Protocol: Client Hello Version: TLS 1.2 (0x0303) Random: 1CBF803321FD2623408Dfe... Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xC02F) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)Copy the code
Cipher suite

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

  • ECDHE stands for key exchange algorithm, other also RSA…
  • RSA Indicates the encryption digest algorithm to complete identity authentication
  • AES_128 the symmetric encryption algorithm of AES is used. The key length is 16bytes
  • In GCM grouping mode, fixed-length keys are used to encrypt data of any length
  • SHA256 digest algorithm, which compresses data into a string, produces a completely different HASH with slight differences.
2 – Server Hello
Handshake Protocol: Server Hello Version: TLS 1.2 (0x0303) Random: 0E6320F21Bae50842E96... Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)Copy the code
3 – Key Exchange
Handshake Protocol: Server Key Exchange
    EC Diffie-Hellman Server Params
        Curve Type: named_curve (0x03)
        Named Curve: x25519 (0x001d)
        Pubkey: 3b39deaf00217894e...
        Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
        Signature: 37141adac38ea4...
Copy the code

TLS1.3

Distinguishes TLS1.2 from TLS1.3, and uses THE Extension protocol and supported_versions to mark TLS1.3

Handshake Protocol: Client Hello
    Version: TLS 1.2 (0x0303)
    Extension: supported_versions (len=11)
        Supported Version: TLS 1.3 (0x0304)
        Supported Version: TLS 1.2 (0x0303)
Copy the code
Strengthen the security

Got rid of some buggy and weak encryption algorithms, leaving only five

The forward security

If the encryption system uses RSA in the server certificate for key exchange, once the private key is compromised or cracked (using social engineering or a supercomputer), the hacker can use the private key to decrypt the “pre-master” of all previous messages, calculate the session key, and decrypt all ciphertext. If the current key is cracked, all previous communications will be affected. And ECDHE algorithm in each handshake will generate a pair of temporary public and private keys, each time the key is different, namely “once a secret”, even if the hacker cracked the great effort this time of the session key, only the communication be attacked, the history of the news before will not be affected, is still safe.

1-RTT

TLS1.2 requires two RTT handshakes, while TLS1.3 compresses the handshake process and reduces the handshake time to 1-RTT.

  • In “Client Hello”, use support_groups to attach the supported curve, use key_share to attach the Client public key parameter (Client_Param) for the curve, and use signature_algorithms to attach the signature algorithm
  • Server Hello returns the selected password suite, a random number and version number, In addition to key_share, Server_Param, you can get Client Random and Server Random, Client Params and Server Params directly to calculate the session key, and only need 1 RTT
  • After calculating the session key, the server directly sends Change Cipher Spec to enter encrypted communication and send certificates that are encrypted
  • The client sends a Change Ciper Spec and Finished message to encrypt communication without waiting for a reply
Additional performance optimizations
  • Session ID: The client stores an ID and sends it to the server when connecting to the server. The server stores the master key and other related information in the memory, bypassing certificate verification and key exchange, and putting pressure on the server
  • Session Ticket: When the storage pressure is transferred to the client, the client uses the session_ticket extension to send Ticket instead of Session ID. After the server decrypts the packet and verifies the validity period, the Session can be resumed and the communication can be encrypted.
  • PSK: The validation phase also takes the data, one less request, to achieve 0-RTT

HTTP/2

HTTP2 is based on Google’s SPDY protocol,

The head of compression

HPACK

HPACK is an algorithm designed to compress header data. It establishes a dictionary at both ends of the client and server, uses index numbers to represent repeated strings, and uses Huffman encoding to compress integers and strings, which can achieve a high compression rate of 50%-80%.

Binary framing

HTTP/1 uses ASCII encoding, whereas HTTP/2 splits the original header+body message into several binary frames, using HEADERS frames to store the header DATA and DATA frames to store the DATA

Virtual flow

How do you concatenate multiple frames once they arrive at their destination? HTTP/2 adopts the concept of stream, which is a bidirectional transmission sequence of binary frames. The frame of the same message carries the same stream ID, and the data frames of the same stream are assembled in order, which is the request/response message in HTTP/1. So HTTP/2 can send multiple frames simultaneously on the same TCP connection, which is called multiplexing. For a stream, a message is an ordered frame, but for a TCP connection, a message is an out-of-order frame, with multiple requests/responses out of order, no queueing, and no queue head blocking. Control frames can also be used to adjust the priority of the request response

Introduction to HTTP/2 connections

HTTP/2 must be based on SSL/TLS. After the TLS handshake is complete, the client needs to send a connection preface using HTTP/1 request-message mode with the special keyword PRI

PRI * HTTP / 2.0 \ r \ n \ r \ nSM \ r \ n \ r \ nCopy the code

Upon receiving this request, the server knows that the client wants to use HTTP/2 Western medicine

HTTP/2 Prepare request packets

The first step is to compress the header, HPACK is specially for compression HTTP header algorithm, is the client and server jointly maintain an index table, compression and decompression is to look up the table and update the table operation. HTTP/2 abolished the concept of an opening line and introduced pseudo-header fields, such as :authority for domain name, :method for request method, and :status for status code. These common header fields are in a static table, like the number 2 for GET, but what about custom fields, which are used in dynamic tables, which are added to static tables, and GET better and better as more and more HTTP/2 messages are sent, and eventually the header gets a few bytes at a time.

Binary frame

Once the header is compressed, HTTP/2 sends the packet in binary frames. HTTP / 2 frame structure


I am a non-class rookie, if there is any wrong please point out, thank you for reading, if you can, click a like, thank you very much (^-^) I haven’t finished writing, will update later