One, a brief introduction
- TCP is a connection-oriented transport layer protocol. This is implemented at the network layer through virtual links. This section describes the data exchange modes
- TCP is all point-to-point.
- TCP provides reliably delivered services with no errors, no loss, no duplication, and sequential arrival.
- Full duplex service is provided. You need a send cache and a receive cache. Because when sending, it is not guaranteed to be sent successfully, and may be resent; When sending packets, multiple packet segments may need to be sent. The unsent packet segments must be kept in the buffer. The buffer is also needed to cache the received message and then send it to the application layer when it reaches a certain point.
- TCP Byte – oriented stream. The data TCP is about to send is treated as a long string of byte streams, so some segmentation may be required depending on the situation.
2. Format of the TCP segment header
- The source port number and destination port number are the same as those of UDP.
- The ordinal seq is used to indicate the position of the first byte of the current byte stream. Because the byte stream may be cut into multiple pieces, you need to identify where you are by ordinal number.
- The acknowledgement number, ACK, should be the content sent when the receiver returns to the sender. Indicates the byte stream from which I want to receive the byte stream, and the byte stream before the confirmation number has already been received by me.
- Data offset (header length) : this is used to indicate the length of the header, in 4B. The length of the front can be up to 60B
- Flag bits. These flag bits are very important.
- URG: URG=1: indicates that the current packet segment contains urgent data and needs to be sent immediately. Instead of queuing in the cache queue, you can skip to the front and send. Use in conjunction with the emergency pointer.
- ACK number: After the connection is established, ACK is set to 1. All subsequent packets must be set to 1.
- Push bit PSH: This flag bit is mainly applied to the receiver. If PSH is 1, the data in the receiving buffer is directly uploaded to the application layer.
- Reset RST: When RST=1, it indicates that the connection is faulty and you need to release the connection and reconnect.
- Synchronization bit SYN: During handshake, both the client and server set the SYN to 1, indicating that the client is in the connection request state.
- Stop bit: FIN=1: indicates that the data in this packet segment has been processed and the connection can be released.
- Window: used by receiver to sender to indicate how much space the current receive cache has for receiving data.
- Checksum: As with UDP, add a dummy header and calculate the checksum. The fourth field, which identifies the protocol, is set to 6.
- Emergency pointer: Used with the emergency bit URG. The field that indicates where the current segment is critical.
- Options: Additional fields can be added.
TCP connection management
1. Connection establishment (three-way handshake)
- First, the most important flag bit in the connection state is SYN, which indicates that a connection is being requested. The SYN and ACK flags must be paired. The requester sends a SYN and must receive an ACK.
- The second sequence number is seQ and ack, which appear in pairs and represent the start sequence number of the packet segment and the sequence number of the acknowledgement received.
1.1 The first handshake
- The first handshake is when the client sends a request to the server.
- First set the SYN to 1 to indicate that the connection process is currently being requested.
- In addition, a random SEQ is generated to indicate the start sequence number of the current packet segment. (The reason for random generation is to prevent conflicts between requests)
1.2 Second handshake
- When the server receives the connection request from the client.
- First, the SYN is also set to 1, indicating that it is in the process of resuming a connection request, which is also a connection request process for the server.
- Setting ACK to 1 indicates that the client’s SYN request has been acknowledged.
- For the received serial number seQ, you need to reply with an ACK number to indicate that you have received it and that the next serial number you want to receive is SEQ +1
- You also need to generate a random sequence number seQ for the current packet segment
- The server allocates cache and variables
1.3 The third handshake
- When the client receives the reply from the server.
- In response to a SYN request from the server, an ACK=1 must be returned indicating that the client agrees to synchronize.
- For server SEQ, send ack= SEq +1
- For the ACK of the server, the start sequence number of a packet is ACK +1
- The data area can now carry data over
- The client also allocates caches and variables
1.4 Purpose of the three-way handshake
- Because SYN requests and ACK acknowledgments must be two-way acknowledgments. When the client sends a SYN to the server, the ACK from the server is required. When a server sends a SYN, it also needs ACK from the server.
- If two handshakes are used, only one confirmation can be completed at most. It is possible that the client takes a long time to reach the server for the first handshake due to network problems. The client thought it had timed out and abandoned the connection. However, the server does not know that the client has abandoned the connection and directly establishes the connection, which will cause a waste of resources.
- If a four-way handshake is used, the server sends the SYN and ACK separately. In fact, they are not necessary. Therefore, they can be combined into a single message segment. Hence the use of tertiary connections
1.5 SYN Flood Attack
2. The connection is released
- To clarify in advance, the most important connection release flags are the end FIN and the acknowledgement ACK.
2.1 First wave
- For the first wave, the client initiates the request.
- If the client sets FIN to 1, the client requests to release the connection.
- And set the serial number to a random number u
2.2 Second wave
- On the second wave, the server replies to the client.
- Set ACK to 1 and confirm the sequence number of the first wave. ACK =u+1
- And set the serial number to a random number V
- The reason why the FIN does not reply to the packet this time is that the server may not have finished sending the data at hand and therefore needs to continue sending the packet instead of immediately ending the request.
2.3 Third wave
- The third wave is again sent from the server to the client.
- This time, the server initiates the disconnection request and sets FIN=1
- In addition, ACK is set to 1 and ACK =u+1, indicating that this is a supplement to the previous client disconnection request.
- Again, a random number W will be generated
2.4 Fourth wave
- The fourth wave is acknowledged by the client to the server.
- The client acknowledges the FIN request from the server. ACK=1. And ack=w+1, indicating that this is confirmation of the third wave.
- Set the serial number to U +1.
- This completes the shutdown operation.
2.5 The purpose of the four waves
- It’s similar to the three-way handshake, except that disconnection is a process of mutual consent.
- But the difference is that the client is sure that there is no message to send, the request is disconnected;
- But the server is not. When the server receives the disconnect request, it may still have data to send. Therefore, on the server side, the acknowledgement message is separated from the disconnection request message. When receiving a client request to disconnect, first send an ACK to tell it I received it and don’t send it again! The server then continues to complete the work at hand, and when it is done, requests a disconnect.
Four, TCP reliable transmission
- Reliable transmission ensures that the byte stream read by the receiver process from the cache is exactly the same as the byte stream sent by the sender.
1. Check
- Same procedure as UDP using checksum
2. The serial number
- The serial number is the part of the data used to determine the current message segment and its position in the byte stream. An ordinal number is one byte.
3. Confirm
- Is closely related to the ACK field of the header field. A byte stream that allows the sender to confirm which part of the content it is currently receiving and where it wants to start later.
- It is worth mentioning that TCP uses cumulative acknowledgment, and if a part is missing, ack is always the sequence number of the first byte of the missing part. Until the default byte stream arrives. (For example, if the byte stream starting with 4 has not arrived, ack will only send 4 even if the byte stream starting with 7 has arrived.)
4. The retransmission
- When the sender does not receive an acknowledgement within the specified time, the sender retransmits.
- The retransmission time, in TCP, uses an adaptive algorithm, simply speaking, is the weighted average round-trip time statistics, so as to determine the retransmission time.
- TCP also uses a redundant ACK mechanism. When the recipient receives a packet segment larger than the expected ACK sequence number, the expected ACK sequence number still contains the sequence number of the missed packet segment. If the sender receives three redundant ACKS, it determines that the packet segment has been lost and quickly retransmits the packet.
Five, TCP flow control
- The receiver asks the sender to slow down so that the receiver can receive in time.
- TCP uses the sliding window mechanism to control traffic.
- The buffer to be sent is actually a queue/array, and the window consists of two Pointers, starting and ending. The size of this window is determined by the minimum RWND and CWND of the congestion window returned by the receiver. In simple terms, the size of the current content can be controlled by controlling the size of the window.
- As much data as the receiver can receive, the sender will send the contents of the window to the receiver by setting the window size. The sender waits until the receiver confirms it is ready to receive again. After the receiver confirms and tells the sender the window size that can be sent, the sender can send data again.
- The following is an actual case where the recipient has resized the sliding window three times.
- It’s worth noting that the third time you resize the sliding window to 0, the sender can’t send any more messages and will wait there. If the receiver sends the Settings slide window again, the sender can continue sending. The sender also has a timer when it pauses and sends a probe segment when it has not reached the window size.
TCP congestion control
- Congestion control is caused by the limited network resources, large amounts of data are injected on the network, and the throughput of the network is not enough to carry such a large load.
- Network congestion is a global issue, not caused by a single host.
- Congestion control, like flow control, is realized by controlling the size of the sending window. The size of the send window is equal to
Min{accept window RWND, congestion window CWND}
- The congested window is self-consciously modified by the sender.
1. Slow start & Congestion avoidance
- The process is as follows: at the beginning, the congestion window grows exponentially, and when it grows to 1/2 of the size of the window that caused the congestion last time, the addition increases; When incrementing to network congestion, the congestion window immediately drops to 1 and starts again.
- Slow start is exponential growth from 1.
- Congestion avoidance is the incremental part of the process.
2. Fast retransmission & fast recovery
- The process is as follows: Start slow and avoid congestion. However, when network congestion is reached, the size of congestion window will not be directly reduced to 1, but will be halved, and then continue to increase.
- Among them, the operation of halving the congested window to continue is called fast recovery.
- Network congestion is determined by receiving three ACK acknowledgments.