TCP protocol and TCP normal connection and disconnection

I. Introduction to the TCP protocol
TCP, full name transfer Control Protocol, the Chinese name is the transmission protocol, it works in the OSI Transport layer, providing reliable connection-oriented transport services.
The main task of TCP is to establish a connection and then receive and transmit data from an application-level program. TCP uses the virtual Circuit connection method to work, before sending the data it needs to establish a connection between the sender and the receiver, after the data is sent, the sender waits for a confirmation response from the receiver, otherwise the sender will consider the data to be lost and resend the data.
Let's introduce the TCP header structure and how it works:
1. TCP Header
The total TCP header length is a minimum of 20 bytes, and its header structure is shown

bit 0                                                  15   bit 16                             31

6

TD width= "valign=" Top ">

Source Port ( - )			Destination Port ( - )
Serial Number ( + )
32
TCP offset ( 4 Span style= "font-family: ' The song Body '; >)	reserved ( 6 )	window ( 16 )
Checksum ( - )			Emergency ( - )
Options ( 0 or + )
Data (variable)

SOURCE port: Specifies the port number of the sending port
Destination port: Specifies the port number of the receiving end
Ordinal: Indicates the position of the segment in the segment ordinal that will be transmitted
Confirmation Number: Specifies the serial number of the successful received segment, the confirmation number contains the next sequence number expected to be received at the end of the sending confirmation
TCP Offset: Specifies the length of the segment header. The length of the Chito depends on the options set in the Segment Header options field
Reserved: A reserved field is specified for future use
Flags: SYN, ACK, PSH, PST, URG, FIN
SYN: Indicates synchronization
ACK: Indicates confirmation
PSH: Indicates that data is sent to the receiving process as soon as possible
PST: Indicates a reset connection
URG: Indicates an emergency pointer
FIN: Indicates sender completes data send
It is important to note that:
(A) Do not confuse the ACK ordinal ack with the acknowledgment in the flag.
(B) Confirmation Party ack= Initiator req+1, paired on both ends.
window: Specifies instructions about the size of the next segment that the sending side can transmit
Checksum: The checksum contains the TCP segment header and Data section, which is used to verify the reliability of the segment header and data parts
Emergency: Indicates the end contains emergency information, only the end Urg flag position is 1 o'clock the emergency pointer will be effective
Options: Indicates the recognized segment size, timestamp, end of the option field, and bounds options that specify the option field
2. How TCP Works
1) TCP connection establishment: TCP connection Establishment process is also known as TCP three-time handshake. First, the sending host initiates a synchronous (SYN) request to the receiving host to establish a connection, and the receiving host responds to a synchronous/ACK (Syn/ack) response to the sending host after the request is received, and the sender host receives the packet and sends an acknowledgment (ACK) to the receiving host. TCP connection is successfully established at this time;
2) TCP connection shutdown: After the sender host and destination host establish a TCP connection and complete the data transfer, a packet will be sent with the end tag set to 1 to close the TCP connection and free up the buffer space occupied by the connection;
3) TCP Reset: TCP allows a sudden interruption of the connection during transmission, which is called TCP reset;
4) TCP Data Sorting and confirmation: TCP is a reliable transmission protocol, which uses serial number and confirmation number to track the reception of data during transmission;
5) TCP retransmission: In the transmission process of TCP, if in the retransmission timeout time does not receive the receiver host to a packet acknowledgment reply, the sender host considers this packet is lost, and sends this packet again to the receiver, this is called the TCP retransmission;
6) TCP delay Acknowledgement: TCP does not always acknowledge the data immediately after it is received, it allows the host to send its own acknowledgement to the client while receiving the data.
7) TCP Data Protection (checksum): TCP is a reliable transmission protocol that provides checksum computation to achieve the integrity of the data during transmission.

Iii. 11 states of TCP

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/8B/C5/wKioL1hYqpyiPLPbAAJ86YxRWjo066.png "title=" TCP state transition diagram. png "alt=" Wkiol1hyqpyiplpbaaj86yxrwjo066.png "/>

CLOSED: Represents the initial state. The same for both server and C clients.
LISTEN: Indicates the listening state. The server has called the Listen function and can start the accept connection.
Syn_sent: Indicates that the client has sent a SYN message. When the client calls the Connect function to initiate a connection, it first sends a SYN to the server, then enters the syn_sent state itself, and waits for the server to send Ack+syn.
Syn_rcvd: Indicates that the server received the client to send the SYN message. After the server receives this message, it enters the SYN_RCVD state and then sends the Ack+syn to the client.
Established: Indicates that the connection has been established successfully. The server enters this state after sending the Ack+syn, and the client receives an ACK and enters that state.
Fin_wait_1: Indicates that the connection is actively closed. Whichever side calls the close function to send fin messages will enter this state.
Fin_wait_2: Indicates that the passive shut-down party agrees to close the connection. When the active shut-down connector receives an ACK returned by the passive shutdown, it enters that state.
Time_wait: To receive the other's fin message and send an ACK message, just wait 2MSL to return to the closed state. If the fin_wait_1 state, received the other side with the FIN flag and the ACK sign of the message, you can go directly into the time_wait state, without having to go through the fin_wait_2 state.
CLOSING: Indicates that both sides close the connection at the same time. If both sides call the close function almost at the same time, there will be a case where both sides send fin messages at the same time, the closing state will appear, indicating that both sides are closing the connection.
Close_wait: Indicates that the passive shut-down party waits for shutdown. When the other side calls the close function to send the FIN message, the response to the other ACK message, at this time into the close_wait state.
Last_ack: Indicates that the passive shut-down party sends a fin message, waits for the other's ACK message status, and then enters the closed state when the ACK is received.

describes 2MSL time
2MSL time, when the client finally sends an ACK to the server, does not immediately enter the closed state, this 2MSL time is to prevent the client sent the ACK packet loss and let the server has been in Last_ack State, Let the service side in the Last_ack timeout to re-send fin.

Four, TCP three-time handshake and its state transition

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/8B/C5/wKioL1hYqd7A4Hb-AACTTUEc00o575.png "title=" Tcp-ip three-time handshake process and its state change. png "alt=" Wkiol1hyqd7a4hb-aacttuec00o575.png "/>

1, first handshake
Client sends a SYN message from the closed state to the server, the SEQ flag position in the SYN message is changed to 1, and the serial number seq is randomly generated as x, and the client enters the syn_sent state.
2, second handshake
Server side from the closed state to open into the listen listening state, when the client sends a SYN message, send the syn+ack message, the SEQ and ACK flag in the message is replaced by 1, and the last serial number seq is a random y, The acknowledgment number ACK is the client serial number x+1, and the server side enters the SYN_RCVD state.
3, the third handshake
Client receives the server side sends the SYN+ACK message, sends the ACK message, the ACK message in the ACK flag position is changed to 1, the serial number seq is x+1, the confirmation number ACK is the server side serial number y+1, simultaneously enters the established state. After receiving the ACK message sent by the client, the server enters the established state. The connection is completed to this TCP three-time handshake.

Supplement:
SYN attack
during three handshake, after the server sends Syn-ack, the TCP connection before receiving the ACK from the client is called a semi-connection (Half-open Connect), and the server side is in SYN_RCVD state. When an ACK is received, the server is transferred to the established state. SYN attack is the client in a short period of time to forge a large number of non-existent IP address, and to the server to continuously send SYN packets, server-side reply acknowledgement packet, and wait for the client to confirm, because the source address is not present, so the server needs to continue to resend until time-out, These bogus SYN packets take the time to occupy the disconnected queue, causing the normal SYN request to be discarded because the queue is full, causing network congestion and even system paralysis. SYN attack is a typical DDoS attack, the way to detect SYN attacks is very simple, that is, when the server side has a large number of semi-connected state and the source IP address is random, you can conclude that the SYN attack, using the following command can be used:
#netstat-nap | grep SYN _RECV

Five, TCP four waves and their state transitions

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/8B/C8/wKiom1hYqbKQsvA-AACJ6ohv0kc390.png "title=" Tcp-ip four wave waving process and its state change. png "alt=" Wkiom1hyqbkqsva-aacj6ohv0kc390.png "/>

1, first wave
1) The client in the established state, send a fin message, fin message in the FIN flag position for 1, the serial number seq for the last sent serial number plus 1, here we use N, and enter the Fin_wait_1 state.
2, the second Wave
2) The server side received the client's fin message, send an ACK message, ACK message in the ACK flag position for 1, the confirmation number ACK is n+1, while entering the close_wait state, when TCP is in a semi-closed state.
3) The client receives the ACK message sent by the server to enter the Fin_wait_2 state
3, the third wave of the hand
4) after the server will transmit data, send fin message, fin message in the fin sign position for 1, The serial number seq is the last sent serial number plus 1, where we use M to enter the Last_ack state.
4, Fourth Wave
5) After the client receives the fin message sent by the server, sends an ACK message, the ACK signal position in the ACK message is changed to 1, the serial number seq is n+1, the ACK number is m+1, and enters the TIME_WAIT state, And wait for 2MSL (60 seconds) time, after time-out to enter the closed state.
6) The server side received the client's ACK message into the closed state

Six, the problem
1, why the connection is three handshake, and close the connection is four waves?
1) Since the TCP connection is full-duplex
2) when the server end receives the client side of the SYN connection request message, the Syn+ack message can be sent directly. Where the ACK message is used to answer, the SYN message is used for synchronization. However, when the connection is closed, when the server end receives fin messages, it is likely that the socket will not be closed immediately, so you can only reply to an ACK message to the client side, "You send fin message I received." Only when all the messages on the end of my server are sent, can I send fin messages, so I can't send them together. Therefore, four-step handshake is required.

2, why does the time_wait state need to go through 2MSL (maximum message segment lifetime 60s) to return to the close status?
A: Although according to reason, four messages are sent, we can go directly to the close state, but we must pretend that the network is unreliable, there can be a last ACK lost. So the TIME_WAIT state is used to re-send the possible missing ACK messages.
1) Implement TCP full-duplex reliable shutdown
2) allow old duplicate messages to disappear

This article is from the "Hyun-dimensional" blog, please be sure to keep this source http://xuanwei.blog.51cto.com/11489734/1884213

TCP protocol and TCP normal connection and disconnection