If the client is connected to port 80 of the server, all data is sent to port 80. At this time, the port in tcp protocol is 80. However, the server only listens on port 80, and then uses a new socket to communicate with the client. The new socket port is reassigned. Assuming that the port number is assigned to 12345, the server sends the response data from this port and the long connection is established. After getting up, the server receives data from the new port 12345, but the client still sends the data to port 80 (because the client only knows the port exposed by the server when it creates a socket, the port is 80), then how is the server Get data on the new 12345 port? In other words, the destination port of the client's tcp protocol is 80. How does port 12345 receive data sent to port 80? CCNA 200-301 pdf free.
This problem is based on a wrong concept, so all the following reasoning is wrong.
Just like asking, Xiaoming has two heads. When someone nods to Xiaoming, which head should Xiaoming nod? Normal people have only one head, are there other options? If you have to say that Xiaoming is a conjoined baby, he has two heads! It can only be said that the other head is Daming, not Xiaoming!
The server listens on port = 80, and will always use port 80 to serve any connection requests from local clients, local area network clients, and Internet clients, without using any other ports!
What is the processing flow of the server? In summary, there are three processing branches:
1. When an external packet arrives, the TCP connection does not exist and the connection is legal
2. When the external packet arrives, the TCP connection already exists
3. When the external packet arrives, the TCP connection does not exist and the connection is illegal
Branch 1: When an external packet arrives, the TCP connection does not exist and the connection is legal
Create a new socket, socket can be understood as socket + plug, who is the socket?
The fixed combination of "IP + port number (80) of the server" can be regarded as a socket.
Who is the plug?
The temporary partner "Client's IP + Port Number" can be regarded as a plug.
In other words, is the server socket just plugged into the client? Once the plug is inserted into the socket, an end-to-end virtual connection is formed. The next communication between the client and the server is shuttled on this virtual connection.
Server customers are all over the world. There are even tens of millions of clients (plugs) to connect to the server (plug into the socket) during peak connection time, which means that there will be tens of millions of virtual connections (socket + plug, golden partner). How can the server quickly find this virtual connection pipeline?
ID = (source IP, destination IP, source port, destination port)
Through the combination of these four elements, can this virtual pipeline be uniquely identified?
It may be possible, but this way of looking up the table is too inefficient!
If you run a simple hash function on four elements, a globally unique ID value will be generated. Using this ID as a key to check the virtual connection table, the efficiency will be much improved.
ID = Hash (source IP, destination IP, source port, destination port)
In addition, in order to maximize the search efficiency, usually when organizing the virtual connection table, the ID is the primary key, establishing several levels of indexes, and the principle of looking up the dictionary.
Once the plug is inserted into the socket, will the next message belonging to this connection still enter branch 1?
Of course not, will enter branch 2!
Branch 2: When an external packet arrives, the TCP connection already exists
TCP calculates the ID based on the four elements of the received message, and searches in the TCP connection table with the ID value as a key. The ID that can enter the branch 2 processing flow must be the searched ID. The next processing flow is the normal TCP protocol processing flow, buffering data, updating status, sending confirmation messages, and so on. If the ID is not found, and the received message does not carry the SYN flag, sorry, this is an illegal message. Enter branch 3 processing flow.
Branch 3: When an external packet arrives, the TCP connection does not exist, and the connection is illegal. Sending data without establishing a connection is like going to bed without love. It is a rogue behavior and must be cracked down! How to combat it?
Send a Reset message to refuse!
If the rogue is deliberately attacking the server, the purpose is to consume the CPU overhead incurred by the server sending messages, and send 1000000+ sub-branch 3 illegal messages in one second, does the server also send 1000000+ reset messages?
For these abnormal conditions, the server only needs to preset the processing upper limit value to reach a certain upper limit, and only drop the packet without returning the packet. The traffic monitoring equipment on the front of the server will also monitor this abnormal situation and clean the traffic.
Then again, rogue rogues usually choose to send SYN to attack the server, which not only consumes the server's CPU, but also consumes the server's memory.
The above is the news sharing from the PASSHOT. I hope it can be inspired you. If you think today' s content is not too bad, you are welcome to share it with other friends. There are more latest Linux dumps, CCNA 200-301 dumps and CCNP Written dumps waiting for you.
Comments