TIME_WAIT reuse and RFC1337

TIME_WAIT reuse and RFC1337 quick recovery and reuse of TCP TIME_WAIT http://www.bkjia.com/net/201311/254232.html "Remove TIME_WAIT from the external ". In fact, the method is to use RESET to terminate a connection in the TW state. The reason why we want to terminate this TW connection is that we are angry with the socket that is bored and waiting for a line to crash. On the other hand, it also shows that we do not have the concept of old duplicate data, either we don't care about the losses it brings. For example, we use the SSL protocol to protect the connection. However, if you do not consider this extra protection, you can forgive us for our knowledge! For TCP specifications only, RFC1337 provides several shocking nightmare instances brought about by old duplicate. In view of the principle that the entire RFC document is never copied in depth, it is no longer posted here. It is better to read it directly. The examples are also very simple and easy to understand. This is because the TIME_WAIT state is terminated in advance. The reason for early termination is that an ACK is sent to a nonexistent connection, and then the other party resends a RESET. As to why an ACK is sent, in many cases, for example, if you receive an old duplicate data, for example, you receive a FIN, for example, you receive a specially constructed data that matches the TW socket. RFC1337 said that the harm caused by so many horrible old duplicate is simply to find a legitimate justification for the significance of TIME_WAIT. In any case, although TIME_WAIT is annoying, It is necessary. In Linux, RFC1337 is also a configuration, and its implementation is very simple, that is, the real-time receipt of a RESET should also ensure the TIME_WAIT status to the end, rather than directly releasing the TIME_WAIT connection. It is worth noting that many people will regard TIME_WAIT as "to prevent the use of the same IP address and port connection to the same service", it is understood that "the same IP address cannot be used, the same service is connected on the port! It's really putting the horse upside down! However, it may be because you read more books! In fact, there is only one purpose for TIME_WAIT, which is also the original intention of the Protocol designer, that is, "to confirm that all the data packets of the old connection either arrive or disappear ", the status of this object in the connected ESTABLISHED can be ensured through the ACK and window mechanisms. At the end of the final stage, external physical conditions have to be used, that is, wait for MSL to guarantee the status, blocking new connections is not an end, but a result. It is necessary to understand this point. You will get out of the misunderstanding that TIME_WAIT is no longer considered to block new connections! Since TIME_WAIT is not intended to block new connections, as long as it can prove that it is indeed a new connection rather than the residual data of the old connection, the connection is acceptable even if it matches the four tuples of TIME_WAIT, the TIME_WAIT connection can be reused. How can we ensure this? It's easy, just drop the old data out of the window. Therefore, as long as the initial serial number of the new connection is greater than the serial number at the end of the FIN package of the old connection, all the data of the old connection will be out of the window even if it is late, so that the new connection will not be damaged! Even if no serial number is used, the timestamp can still be used, because the TCP/IP specification specifies that the IP address is unique. According to this uniqueness, the new connection to reuse TIME_WAIT connection must come from the same machine, machine time increases monotonically and cannot be reversed. Therefore, as long as the new connection has a timestamp and its value is greater than the timestamp of the old connection FIN, the new connection is considered acceptable, the premise of reusing the TW connection mechanism with the timestamp is that the IP address is exported from the same machine. If this premise is not met, the TIME_WAIT connection cannot be reused based on this mechanism, therefore, it is natural to conclude that the NAT environment cannot be repeated. The purpose of airport security check is not to prevent you from boarding the plane. On the contrary, it is to ensure your security!