What the hell are the three-way handshake and the four-way wave?

[[382042]]

This article is reprinted from the WeChat public account "Java Geek Technology", the author is a fan of Yaxue. Please contact the Java Geek Technology public account to reprint this article.

In the past, there were always interviewers who liked to ask, do you know what a three-way handshake is? What is a four-way wave? Why does a handshake require three times and a wave requires four times? Today we will talk about this in detail.

1. What is TCP

The TCP protocol, to put it simply, is the Transmission Control Protocol. Why is it called that? Because this protocol is used to control the transmission of data, and I'm sure everyone has no objection to this.

TCP is sometimes called "socket" in many books. In fact, this is the translation. In the original book, it may mean a place on a surface or machine with holes for connecting a piece of electrical equipment. Then, after the translator's hand, it is translated into the meaning of socket. In fact, everyone knows it well. There are almost no people who ask about this. So everyone just needs to know it.

We all know that network protocols are layered, 7 layers (5 layers), which can be divided into non-standard 7 layers or standard 5 layers (some people say 4 layers, the difference is not big, just one less physical layer). In fact, I personally feel that this standard is still vague and has subtle differences, as shown in this picture.

The concept of layering is different. If you divide it according to the OSI seven-layer model structure, it is layer 7, and if you divide it according to TCP/IP, it is layer 4. The TCP here is in our data transmission layer, because after all, as Ah Fen said before, it is the transmission control protocol.

2.TCP protocol message

In the TCP/IP layering, even in the data transmission layer, there are non-TCP protocols, such as UDP, as shown in the figure below.

TCP and UDP are the two most famous transport layer protocols, both of which use IP as the network layer protocol.

Although TCP uses unreliable IP services, the transport layer services it provides are more reliable.

Then let's first take a look at what the TCP protocol header looks like. Only by making the abstract things more concrete can we deepen our understanding.

TCP data is encapsulated in an IP datagram, as shown in the figure above, and what we need to analyze is the TCP datagram.

Each TCP segment contains the source and destination port numbers, which are used to find the sending and receiving application processes. These two values ​​plus the source and destination IP addresses in the IP header uniquely identify a TCP connection.

Now we have to see what's inside.

• 16-bit source port number and 16-bit destination port number: In fact, it is equivalent to a socket, which can also be called the source process and destination process of the data.
• 32-bit sequence number: The sequence number is used to identify the data byte stream sent from the TCP sender to the TCP receiver. It indicates the first data byte in this segment.
• 4-bit header length: indicates how many 4 bytes (32 bits) the TCP header has
• 6-bit flag bit: This is the highlight

URG Emergency pointer valid

ACK Confirms that the sequence number is valid

The PSH receiver should hand over this segment to the application layer as soon as possible.

RST Reestablish connection

SYN Synchronization Sequence Number is used to initiate a connection. This flag and the next flag will be introduced in Chapter 18.

FIN The sender completes the sending task

• 16-bit window size: The window size is the number of bytes, starting from the value indicated by the acknowledgment number field, which is the byte that the receiver is expecting to receive.
• 16-bit urgent pointer: mainly to see what data is urgent
• 16-bit checksum: The 16-bit checksum covers the entire TCP segment: the TCP header and the TCP data. This is a mandatory field that must be calculated and stored by the sender and verified by the receiver.

3. What does TCP's three-way handshake connection look like?

Since our article is about TCP's three-way handshake and four-way handshake, it must be about connection, not other things. So what does this connection process refer to?

Let's understand it from the picture, which is easier to understand.

• TCP first handshake: The TCP process on the server side first creates a transmission control block TCB, ready to accept the connection request from the client process, then the server process is in the LISTEN state, waiting for the client's connection request, and sends a connection request segment to the server. The SYN=1 and ACK=0 in the header of the segment, and selects an initial sequence number seq=i. TCP stipulates that the segment with SYN=1 cannot carry data, but it consumes a sequence number. At this time, the TCP client process enters the SYN-SENT (synchronous sent) state.

Simply put, the SYN-SENT state, the synchronous sent state, is the state of the first handshake.

• TCP second handshake: After receiving the request message from the client, if the server agrees to establish a connection, it sends a confirmation to the client. The confirmation message contains SYN=1, ACK=1, confirmation number ack=i+1, and selects an initial sequence number seq=j for itself. This message segment is also a message segment with SYN=1, which cannot carry data, but it also consumes a sequence number. At this time, the TCP server enters the SYN-RCVD (synchronous reception) state

This second handshake will enter the synchronous reception state.

• TCP third handshake: The client enters the ESTABLISHED (connection established) state. After the TCP client process receives the confirmation from the server process, it also needs to give confirmation to the server. The ACK of the confirmation segment is 1, the confirmation number is ack=j+1, and its own sequence number is seq=i+1. The TCP standard stipulates that the ACK segment can carry data, but if it does not carry data, the sequence number will not be consumed. Therefore, if it does not carry data, the sequence number of the next segment is still seq=i+1.

When the third handshake connection is completed, it indicates that the connection has been completely established, and data can be transmitted at this time.

Sometimes people will ask, why is it three handshakes instead of two, or four or five? Generally speaking, it is the interviewer who asks this question. If you have already talked about the three handshakes during the interview, he will sometimes ask this question and ask you to talk about your own understanding. So why?

The primary reason for using a three-way handshake for TCP connections is stated in RFC 793: the principle reason for the three-way handshake is to prevent old duplicate connection initiations from causing confusion.

Translated, the main reason for the three-way handshake is to prevent confusion caused by old repeated connection initiations.

That is to say, if the client sends multiple SYN messages to establish a connection in succession, network congestion will occur, and an "old SYN message" will arrive at the server earlier than the "latest SYN" message. At this time, the server will send a SYN + ACK message to the client. After receiving it, the client can determine that this is a historical connection (serial number expired or timed out) based on its own context, then the client will send a RST message to the server, indicating that the connection is terminated.

If it is a two-way handshake, then it's over. At this time, it is impossible to determine whether this connection is a historical connection, interrupted or not, and there is no way to handle it. However, a three-way handshake can provide enough context to determine whether this connection is a historical connection when the client sends a message for the third time.

So why not four connections? You can continue to turn to the above figure. If it is a four-way connection, it means that ACK and SYN are separated, and the two steps of seq=y and ack=x+1 are separated. Although four-way handshakes can also complete this step, in order to save trouble, people still do it in three steps. In this way, it can also ensure that the initial sequence numbers of both parties can be reliably synchronized. Why spend one more step?

4. Four waves of TCP connection

Since we performed three handshakes during TCP connection, why do we have to wave hands four times when it is interrupted? We still have to understand this from the picture.

• Client A sends a FIN to close the data transmission from client A to server B.
• Server B receives this FIN and sends back an ACK with the confirmation number being the received number plus 1 (segment 5). Like SYN, a FIN will occupy one sequence number.
• Server B closes the connection with client A and sends a FIN to client A
• Client A sends back an ACK message to confirm, and sets the confirmation number to the received number plus 1

So why four times? When I was interviewing someone before, a buddy told me that since TCP connection is full-duplex, each direction must be closed separately. This was a general statement, but it didn't explain clearly why we had to wave our hands four times, which was the most embarrassing. Then I asked him what it looked like in detail, and he gave a good answer.

So why?

This is because when the server's SOCKET in the LISTEN state receives the connection request of the SYN message, it can send ACK and SYN (ACK is a response, and SYN is a synchronization) in one message. But when closing the connection, when receiving the other party's FIN message notification, it only means that the other party has no data to send to you; but not all your data may be sent to the other party, so you may not close the SOCKET immediately, that is, you may need to send some data to the other party before sending a FIN message to the other party to indicate that you agree to close the connection, so the ACK message and FIN message here are sent separately in most cases.

That is to say, when closing, in order to confirm whether to close the connection, the ACK message and the FIN message are sent separately. At this time, the number of waves changes from three to four. Is this easier to understand?

5. Article references

• TCP/IP Explained
• "Detailed explanation of the "three-way handshake" and "four-way wave" of TCP connection"
• TCP-IP Detailed Explanation Volume 1: Protocols
• "JAVA Network Programming (3rd Edition)"