Interviewer: why does TCP shake hands three times and break up four times? Most people can't answer!

author ： Can't wait for Harmonica \
source ：cnblogs.com/Courage129/p/14324605.html

TCP Protocol Brief

TCP The agreement is the transportation layer of the five layer agreement , The following depends on the network layer 、 The link layer 、 The physical layer , Want to send a message to another machine ( Suppose it's a server ) Upper peer layer , Each dependent layer will wrap the message , for example TCP The protocol depends on the network layer IP agreement , Therefore, the message sent will be encapsulated as follows :

TCP agreement

When the packet arrives at the server , The network layer of the server will affect IP Unpacking of relevant agreement contents 、 check , Then the transport layer pairs TCP The layer is unsealed , Unsealing involves a series of steps , For example, what is this packet for ？ Did you send it to me ? These operations need to be carried out according to TCP The header information of the message , The first part contains the following ：

TCP The first letter of the message

Mainly through the first information to understand what this package is for , About the first message , Here are a few things that need to be used :

ACK：TCP Provisions of the agreement , Only ACK=1 Effective when , It also specifies that all messages sent after the connection is established ACK It has to be for 1
SYN(SYNchronization)： Used to synchronize sequence Numbers when connection is established . When SYN=1 and ACK=0 when , Indicates that this is a connection request message . The other party agrees to establish a connection , In response message SYN=1 and ACK=1. therefore , SYN Set up 1 This represents a connection request or connection acceptance message .
FIN （finis）： That's it , The end means , Used to release a connection . When FIN = 1 when , Indicates that the data of the sender of this message segment has been sent , And ask to release the connection .

「 Be careful 」 ：·URG、ACK、PSH、PST、RST、SYN、FIN There is only one , It's just 0 perhaps 1 Two kinds of state .

TCP Protocol three handshakes

「 The first handshake 」 ： The client first sends a message segment requesting connection to the server , This segment SYN Bit is set to 1, Serial number Seq(Sequence Number) Set to a certain value , Assuming that X, After sending out, the client enters SYN_SEND state , Wait for the server to confirm ;

「 The second handshake 」 ： Server received SYN Message segment . The server received... From the client SYN Message segment , Need to be on this SYN Message segment to confirm , Set up Acknowledgment Number by x+1(Sequence Number+1); meanwhile , Send it by yourself SYN Request information , take SYN The position is 1,Sequence Number by y; The server puts all the above information into a message segment （ namely SYN+ACK Message segment ） in , Send it to the client , At this time, the server enters SYN_RECV state ;

「 The third handshake 」 ： Client receives server's SYN+ACK Message segment . And then Acknowledgment Number Set to y+1, Send to server ACK Message segment , After this message segment is sent , Both the client and the server enter ESTABLISHED state , complete TCP Three handshakes .

Finished three handshakes , The client and server can start to transmit data . That's all TCP General introduction of three handshakes .

Why shake hands three times instead of two ?

Why do you have to make three connections ？ Twice ? In Xie Xiren's 《 computer network 》 That's what China said ：

In order to prevent the invalid connection request message segment from suddenly transferring to the server , So there's a mistake . as follows ：

“ Invalid connection request message segment ” In such a case ：client The first connection request segment sent is not lost , But in a network node for a long time , So that it will not arrive until some time after the connection is released server. Originally, this is a message segment that has already failed . but server After receiving this invalid connection request message segment , I mistook it for client A new connection request issued again . So I went to client Send confirmation message segment , Agree to establish a connection .
Suppose you don't use “ Three handshakes ”, So as long as server Send a confirmation , A new connection is established . Because now client No connection request was made , So I won't pay any attention to server The confirmation of , Nor to server send data . but server But think that a new transport connection has been established , And kept waiting client Send data . such ,server A lot of resources are wasted .
use “ Three handshakes ” The method can prevent the above phenomenon . For example, the situation just now ,client No direction server To send out a confirmation .server Because no confirmation can be received , You know client No connection required .”, It prevents the server from waiting all the time and wasting resources .

What to do if the third handshake fails ?

stay tcp Three handshakes After the second handshake connect Successfully returned If the third handshake ack Lost the bag here The client has considered the connection successful , If there is no heartbeat package in the application layer , The client will always maintain this connection How to avoid this situation ？

The second handshake server received SYN package , Then send out SYN+ACK The packet acknowledges receipt and requests a connection , Server entry SYN_RECV state . At this time, the client sends the message for the third handshake ACK To the server failed , The server can't get in ESTABLISH state , You can't transmit data at this time , Whether the client actively sends data or not , The server will have a timer to send the second step SYN+ACK Data packets , If the client sends again ACK success , Establishing a connection .

If it doesn't work all the time , The server must have timed out （ Probably 64s） Set up , After timeout, it will send... To the client 「RTS message 」 ( Connection reset ), Get into CLOSED state , prevent SYN Flooding attack , At this time, the client should also close the connection .

「SYN Flooding attack ：」

SYN The attack used TCP Three times mobile phone system , The attack side uses forged IP Address sends a request to the attacked end , And the response from the attacked end The message will never reach its destination , that 「 The attacked end consumes resources while waiting to close the connection 」 , If there are thousands of such connections , Host resources will be exhausted , So as to achieve the purpose of attack .

TCP The agreement broke up four times

Or this picture town post ：

TCP The agreement broke up four times

Four breakups , It means one end （ Can make the client , It can also be server-side ） Want to end the session disconnect , Then the specific process is ：

「 First break up 」 ： host 1, Set up Serial number Seq(Sequence Number) and Confirmation package ACK(Acknowledgment Number), hypothesis seq by x+2,ACK=y+1, then FIN The flag bit is set to 1, Host computer 2 send out FIN Message segment ; And then the mainframe 1 Get into FIN_WAIT_1 state ; This means host 1 No data to send to the host 2 了 ;

「 Second break up 」 ： host 2 Received the host 1 Sent FIN Message segment , Host computer 1 Go back to one ACK Message segment ( Its value is received FIN The message seq value +1); host 1 Get into FIN_WAIT_2 state , Wait for the disconnection request packet of host 2 FIN;

「 The third break up 」 ： host 2 Host computer 1 send out FIN Message segment , It means I can disconnect , Request close connection , At the same time, the host 2 Get into CLOSE_WAIT state ;

「 The fourth break up 」 ： host 1 Received the host 2 Sent FIN Message segment , Host computer 2 send out ACK Message segment , The value is just received FIN package Seq value +1, And then the mainframe 1 Get into TIME_WAIT state ; host 2 Received the host 1 Of ACK After message segment , Just close the connection ; here , host 1 wait for 2MSL I still haven't received a reply , Then prove Server The end is closed normally , Good. , host 1 You can also close the connection .

Why wave four times

TCP It's full duplex mode , That means , When the host 1 issue FIN In the message segment , It's just the host 1 There is no data to send , host 1 Tell the host 2, Its data has all been sent ; however , This time the mainframe 1 It's still acceptable to come from the host 2 The data of ; When the host 2 return ACK In the message segment , Indicates that it already knows the host 1 No data sent , But the host 2 You can still send data to the host 1 Of ; When the host 2 Also sent FIN In the message segment , This time is the host 2 There's no data to send , Will tell the host 1, I also have no data to send , After that, we will happily interrupt this TCP Connect . If you want to correctly understand the principle of four breakups , You need to understand the state changes in the process of four breakups .

Four wave state explanation

「FIN_WAIT_1」 : This state needs to be explained , Actually FIN_WAIT_1 and FIN_WAIT_2 The real meaning of state is waiting for each other FIN message . And the difference between these two states is ：FIN_WAIT_1 State is actually when SOCKET stay ESTABLISHED In the state of , It wants to actively close the connection , Sent... To the other party FIN message , At this point the SOCKET That is to enter into FIN_WAIT_1 state .「 That is to say , issue FIN After the package, enter FIN_WAIT_1 state 」

And when the other side responds ACK After the message , Then go to FIN_WAIT_2 state , Of course, in the actual normal situation , No matter what the other party's situation , We should respond immediately ACK message , therefore FIN_WAIT_1 State is generally more difficult to see , and FIN_WAIT_2 State can be used sometimes netstat notice .「 That is to say , issue ACK After the message, enter FIN_WAIT_2 state 」

「 The initiative FIN_WAIT_2」 ： This state has been explained in detail above , actually FIN_WAIT_2 In state SOCKET, Indicates a half connection , That is to say, there is a demand for close Connect , But also tell the other person , I still have some data to transmit to you (ACK Information ), Close the connection later .

「 The initiative CLOSE_WAIT」 ： The meaning of this state is that it is waiting to close . How do you understand that ？ When the other side close One SOCKET Post send FIN Message to yourself , Your system will undoubtedly respond to a ACK Message to the other party , At this point, you will enter CLOSE_WAIT state . The next? , In fact, what you really need to consider is to see if you still have data to send to the other party , If not , Then you can close This SOCKET, send out FIN Message to the other party , That is, close the connection . So you're CLOSE_WAIT State, , What needs to be done is waiting for you to close the connection .

「 Passive party LAST_ACK」 : This state is relatively easy to understand , It's passively shut down when the party is sending FIN After the message , Finally, wait for each other's ACK message . When I received ACK After the message , That is to say, you can enter CLOSED Available state .「 That is, receiving the other party's FIN package , I sent it myself ACK as well as FIN Status after package 」

「 Passive party TIME_WAIT」 : It means that I have received FIN message , And sent out ACK message , Just wait 2MSL And then you can go back to CLOSED Available state . If FIN_WAIT1 State, , Received the other side at the same time with FIN Logo and ACK When the message is marked , You can go directly to TIME_WAIT state , Without going through FIN_WAIT_2 state .

「 The initiative CLOSED」 : Indicates that the connection is broken .

TCP State diagram

State diagram interpretation

CLOSED： The starting point , Enter this state when timeout or connection is closed .
LISTEN：svr The state of the end waiting to connect ,svr End to call socket, bind,listen function , You can enter this state . This is called passive application opening （ Wait for the client to connect ）.
SYN_SENT: Client initiates connection , send out SYN To the server . If the server cannot connect , Direct access CLOSED state .
SYN_RCVD： Follow 3 Corresponding , The server accepts the client's SYN request , The server side is made up of LISTEN Status entry SYN_RCVD state . At the same time, the server should respond to a ACK, At the same time send a SYN To the client ; Another situation , The client is initiating SYN At the same time, it receives the server SYN request , The client will be SYN_SENT To SYN_RCVD state .
ESTABLISHED： Server side and client side are finishing 3 The second handshake enters the state , It shows that the data transmission can be started . The above is a description of the state transition between the server and the client when establishing a connection . It's relatively simple and clear , If you're familiar with three handshakes , It's easy to understand the state transition when establishing a connection . Next, the server and the client carry out data transmission ...., Of course , There is also a lot of knowledge , stop here and now , Watch later . below , Let's take a look at the state transition instructions when the connection is closed , Closure needs to be done 4 The interaction between the two sides , It also includes dealing with the aftermath （TIME_WAIT state ）, Be careful , Here, the active shut-down party or the passive shut-down party does not refer to the server side or the client side , It's relative to who initiated the shutdown request first .
FIN_WAIT_1: Active Closing Party , By state 5 Enter this state . Specific actions are sent FIN Give each other .
FIN_WAIT_2: Active Closing Party , Receive the other party's FIN ACK, Enter this state . Therefore, the data of the other party can no longer be received . But be able to send data to the other party .
CLOSE_WAIT： Received FIN in the future , The passive closing party enters this state . Receive... During specific action FIN, Send... At the same time ACK.
LAST_ACK： The passive Closing Party , Initiate close request , By state 8 Enter this state . Send... When specific actions are taken FIN Give each other , While receiving ACK When entering CLOSED state .
CLOSING： When both sides initiate a close request at the same time , Will be FIN_WAIT_1 Enter this state . The specific action is , Received FIN request , Same as Respond to a ACK.
TIME_WAIT： The most tangled state is coming . It can be seen from the state diagram that , Yes 3 A state can be transformed into it , Let's analyze ：

a. from FIN_WAIT_2 Enter this state ： Initiated at different times FIN Under the circumstances ,
     After the active shutdown party completes the shutdown request initiated by itself , Received passive close party's FIN After entering the State .
b. from CLOSING Status entry : Both sides initiated the closure at the same time , It's all started FIN Request ,
     At the same time FIN And did it. ACK Under the circumstances , from CLOSING Status entry .
c. from FIN_WAIT_1 Status entry ： At the same time, I received FIN（ Initiate the other side ）,ACK（ Self initiated FIN Respond ）,
     And b The difference is that it's self initiated FIN Responsive ACK Prior to each other FIN Request arrival ,
     and b yes FIN First arrive . In this case, the probability is the least .

closed 4 The most difficult state to understand for a secondary connection is TIME_WAIT, There is TIME_WAIT Of 2 A reason ：