Time_wait status, port number classification, and ports classification in TCP four waves

1. TCP four times Wave
   

650) this.width=650; "title=" Qq20160804193043.png "src=" http://s5.51cto.com/wyfs02/M02/85/70/ Wkiom1ejjvytbuhjaaiadeiuii4677.png-wh_500x0-wm_3-wmp_4-s_4040190579.png "alt=" Wkiom1ejjvytbuhjaaiadeiuii4677.png-wh_50 "/>

TCP Four waves, the TIME_WAIT state is the state that the client is in when the server sends a fin interrupt request to the client.

According to the TCP protocol defined by the 3-time handshake disconnection rules, initiate the socket active shutdown of the socket will enter the TIME_WAIT state. The TIME_WAIT state will last 2 MSL (Max Segment Lifetime), and the default is 4 minutes, or 240 seconds, under Windows. The socket in the TIME_WAIT state cannot be reused. The specific phenomenon is for a server processing a large number of short connections, if the server actively shut down the client connection, will result in a large number of servers in the TIME_WAIT state of the socket, or even more than the socket in the established state, Severely affects the processing power of the server and even exhausts the available sockets to stop the service.

Describe the process:
The client calls the close () function, sends a fin to the server, requests that the connection be closed, the server returns a confirmation ACK to the client after receiving the fin, and closes the read channel (it is unclear to see the difference between shutdown and close), This means that you can no longer read from this connection and now read returns 0. The TCP state of the server is now converted to the close_wait state.
After the client receives confirmation of its fin, it closes the write channel and no longer writes any data to the connection.
The server then calls close () to close the connection, sends a fin,client to the client when it receives the ACK acknowledgment, and the client closes the read channel and enters the TIME_WAIT state.
The server receives a confirmation ACK from the client to its own fin, closes the write channel, and the TCP connection is converted to closed, that is, the connection is closed.
The client waits twice times the maximum data segment lifetime in the TIME_WAIT state before entering the closed state, and the TCP protocol closes the connection process completely.

The above is the TCP protocol to close the connection process, now say the time_wait state.
As you can see from the above, the party that initiates the operation to close the connection will reach the TIME_WAIT state, and this state should be kept maximum Segment lifetime twice times. Why do you do this instead of going directly into the closed state?

There are two reasons:
One, to ensure that the TCP protocol full-duplex connection can be reliably shut down
Second, to ensure that the connection of the duplicate data segment from the network disappeared

First, the 1th, if the client directly closed, then due to the IP protocol is not reliable or other network reasons, causing the server did not receive the client's final reply ack. Then the server will continue to send fin after timeout, when the client is already closed, unable to find the connection to the re-issued fin, and finally the server will receive the RST instead of Ack,server will think it is a connection error report to the top. Such a situation does not result in data loss, but it causes the TCP protocol to not meet the requirements of a reliable connection. Therefore, the client is not directly into the closed, but to maintain the time_wait, when again received fin, can ensure that the other side received an ACK, and finally close the connection correctly.

Besides, 2nd, if the client closed directly and then initiates a new connection to the server, we cannot guarantee that the new connection will be different from the port number of the newly closed connection. That is, it is possible that the port number of the new connection and the old connection is the same. Generally, there is no problem, but there is a special case: Assume that the new connection and the old connection port number that has been closed is the same, if some data of the previous connection is still stranded in the network, the delay data after establishing a new connection before the server, because the new connection and the old connection port number is the same, And because the TCP protocol determines that different connections are based on the socket pair, the TCP protocol considers the deferred data to be a new connection, which is confused with a real new connected packet. So the TCP connection also waits twice times the MSL in the TIME_WAIT state, which ensures that all data for this connection disappears from the network.

How to avoid time_wait State occupation Resources

If it is a client, we generally do not worry, because the client generally choose a temporary port, re-create the connection will be a new port allocation. You do not need to do this unless you specify that the client uses a port.

If the server is actively shutting down the connection and terminates abnormally, because it is always using a well-known server port number, the TIME_WAIT state of the connection will cause it to not restart, but we can force the process to use the socket's option SO_REUSEADDR immediately using the Time_ The port that the wait state's connection occupies.
With socksetopt settings, even if sock is in the TIME_WAIT state, the socket address that is bound to it can be reused immediately.

It is also possible to quickly reclaim a closed socket by modifying the kernel parameter/proc/sys/net/ipv4/tcp_tw/recycle, so that the TCP connection does not enter the TIME_WAIT state at all, allowing the application to immediately reuse the local socket address.

2.listen function

To understand the meaning of the backlog parameter, we must understand that for a listening socket,kernel maintainer two queues:
1. A queue that does not complete the connection, which maintains a connection that has received the Client SYN section information and waits for the three-way handshake to complete, the state of the socket is SYN_RCVD
2. A completed connection queue that contains the connections that have completed a three-way handshake, the status of the socket is established
The backlog parameter is historically defined as the sum of the size of the above two queues
The backlog value in the berkely implementation is the top two teams list and multiply by 1.5
When the client's first SYN arrives, TCP adds a new record to the unfinished queue and then replies to the second section in the client's three-way handshake (SYN on the server and ACK for the client), which persists until the last sub-section of the three-way handshake arrives. or until timeout (Berkeley time to define this timeout as 75 seconds)
If the queue is full when the client SYN arrives, TCP ignores the subsequent incoming SYN, but does not send the RST information to the client because the client is now allowed to retransmit the SYN section, and if an error message is returned, Then the client will not be able to tell whether the server port on the corresponding ports on the corresponding application or the service port on the corresponding ports on the queue is full of two cases

3. Port number Classification

By port number can be divided into 3 major categories:
(1) Recognized ports (well known Ports): from 0 to 1023, they are tightly bound (binding) to some services. Usually the communication of these ports clearly indicates the protocol of a certain service. For example: Port 80 is actually always HTTP traffic.
(2) Register port (registered Ports): from 1024 to 49151. They are loosely tied to some services. This means that there are many services bound to these ports, which are also used for many other purposes. For example: Many systems handle dynamic ports starting around 1024.
(3) dynamic and/or private ports (and/or private Ports): from 49152 to 65535. In theory, these ports should not be assigned to the service. In fact, machines typically allocate dynamic ports from 1024 onwards. But there are exceptions: Sun's RPC port starts at 32768.
0 is typically used to analyze the operating system. This approach works because "0" is an invalid port in some systems and will produce different results when you try to connect it using a typical closed port. A typical scan: Use an IP address of 0.0.0.0, set the ACK bit and broadcast on the Ethernet layer.

Time_wait status, port number classification, and ports classification in TCP four waves