TCP Three-time handshake explanation

excerpt from Baidu Encyclopedia:

three-time handshakeLockThis entry is compiled and applied to the scientific entry of "Science China" encyclopedia. three handshake (three times handshake;three-way handshake) The so-called "three-time handshake" is how the amount of data sent each time is tracked to synchronize the sending and receiving of data segments, The number of data confirmations determined based on the amount of data received and when the data is sent, when it is received, and when it is canceled, and a virtual connection is established. to provide reliable delivery, TCP sends the sequence number of the packets in a specific order before sending new data, and it needs the acknowledgement message after the packets are delivered to the target. TCP is always used to send large amounts of data. TCP is also used when the application makes a confirmation when it receives the data. Chinese name three-time handshake Foreign names Three-way Handshake Nickname TCP Handshake Protocol Applied Disciplines Computer Transfer Protocol scope of applicable fields Computer Catalogue 1 Process ▪ first time ▪ second time ▪ third time 2 Not connected queue 3 Backlog Parameters 4 TCP Header Structure 5 Closing the TCP connection: improved three-time handshake 6 Flag Control 7 Data transfer 8 Sequence Identification 9 SYN Flood attack based on three-time handshake ▪ Fundamentals weaknesses of the ▪TCP protocol stack Process First time first handshake: When a connection is established, the client sends a SYN packet (SYN=J) to the server and enters the syn_sent state, waiting for the server to confirm; SYN: Synchronous sequence Number (Synchronize Sequence Numbers). second time Second handshake: The server receives the SYN packet, it must confirm the customer's SYN (ACK=J+1), and also send itself a SYN packet (syn=k), that is, the Syn+ack packet, when the server enters the SYN_RECV state; third time Third handshake: The client receives the server's Syn+ack packet, sends the acknowledgment packet ack (ACK=K+1) to the server, and the packet is sent, the client and the server enter the established (TCP connection succeeded) State and complete the three handshake. After three handshakes, the client and server begin transmitting data, and in the above process there are some important concepts: Queue not connected In the three-time handshake protocol, the server maintains an disconnected queue, which is listed as a SYN package (SYN=J) for each client, which indicates that the server has received a SYN packet and has issued a confirmation to the customer that it is waiting for the customer's confirmation package. The connections identified by these entries are in the SYN_RECV state of the server, and when the server receives the customer's confirmation package, the entry is deleted and the server enters the established state. Backlog Parameters indicates the maximum number of connections the kernel has queued for the corresponding socket. Syn-ack retransmission Times three-time Handshake protocol The server sends out the Syn-ack package, if not received the customer confirmation package, the server carries on the first retransmission, waits for some time still not to receive the customer confirmation package, carries on the second retransmission, if the retransmission frequency exceeds the system specified maximum retransmission number, the system will remove the connection information from the half-connection queue. Note that the time to wait for each retransmission is not necessarily the same. UNIX Network Programming notes that there has never been a formal definition of a backlog parameter, and the BSD 4.2 Handbook declares its definition to be: "The maximum length the queue of pending connections may grow to , that is, the maximum length that a queue that is not processed by a connection may grow to, and the POSIX specification copies the definition verbatim. However, this definition does not specify whether the connection refers to a connection in the SYN_RCVD state or to a established state that is not accepted by the process, or both. regardless of which one the backlog parameter refers to, it is necessary for the server to handle the connection that is already in the established State as soon as possible. And just for the backlog, we need to take a larger value in response to a large number of service requests. Half-connection survival time Is the maximum time that the entry for a semi-connected queue survives, that is, the maximum time that the server receives a SYN packet to confirm that the message is invalid, which is the maximum wait time sum of all retransmission request packets. Sometimes we also call the half-connection survival time timeout time, syn_recv survival time. TCP Header Structure The connection-oriented TCP three-time handshake is the basis for the existence of the SYN flood. The TCP protocol header has a minimum of 20 bytes, including the following areas (due to the different translations, the corresponding English words are given in the article): TCP Source Port: A 16-bit source port that contains ports that initialize traffic. The function of the source port and the source IP address is to indicate the return address of the message. TCP Destination port (Destination port): 16-bit destination port domain defines the purpose of the transfer. This port indicates the application address interface on the message receiving computer. TCP serial Number (sequence code, Sequence number): 32-bit serial numbers are used by the receiving computer, and the re-segmented report Wencheng the original form. When a SYN occurs, the sequence code is actually the initial sequence code (ISN), and the first number according to Byte is isn+1. This serial number (sequence code) is used to compensate for inconsistencies in the transmission. TCP Answer Number (acknowledgment): The 32-bit serial number is used by the receiving computer, and the Wencheng initial form of the fragmented report. If an ACK control bit is set, this value represents a sequence code for the package to be received. Data Offset (Hlen): 4 bits includes the TCP header size, indicating where the data begins. TCP Four-time wave end connection reserved (Reserved): 6-bit domain, these bits must be 0. Reserved for defining new uses in the future. flag (Code Bits): 6-bit flag domain. Indicated as: Emergency sign, meaningful answer flag, push, reset connection flag, sync serial number flag, complete send data flag. In order are: URG, ACK, PSH, RST, SYN, FIN. window: 16-bit, used to indicate the size of each TCP data segment you want to receive. Check Bit (Checksum): 16-bit TCP header. The source machine calculates a numerical value based on the data content, and the receiving information is exactly the same as the source machine numerical results, thus proving the validity of the data. priority pointer (emergency, Urgent Pointer): 16 bits, pointing to bytes that are followed by the priority data, only valid when the URG flag is set. If the URG flag is not set, the emergency domain is populated. Expedite processing of data segments marked as urgent. option: The length is variable, but the length must be one byte. If there is no option, the field representing this byte is equal to 0. Close TCP connection: Improved three-time handshake for an already established connection, TCP uses an improved three-time handshake to release the connection (using a message segment with a fin-attached tag). The steps for TCP to close the connection are as follows: In the first step, when host A's application notifies the TCP that the data has been sent, TCP sends a message segment with the Fin additional tag (fin for English finish) to Host B. In the second step, after receiving this fin message, Host B does not immediately reply to host A with fin message segment, but first sends a confirmation sequence ACK to host a, and notifies itself of the corresponding application: the other party requests that the connection be closed (the purpose of the first ACK is to prevent this time, The other party re-transmitted fin message segment). In the third step, Host B's application tells TCP that I want to close the connection completely and TCP sends a FIN segment to host A. in the fourth step, when host a receives this fin segment, it sends an ACK to Host B to indicate that the connection is completely released. [1]