rfc6265 http state(cookie)

cookie:xxx set-cokie:xxx

一些概念

  • client A program that establishes connections for the purpose of sending requests.

  • user agent The client which initiates a request. These are often browsers, editors, spiders (web-traversing robots), or other end user tools.

  • server An application program that accepts connections in order to service requests by sending back responses.

  • origin server The server on which a given resource resides or is to be created.

  • proxy An intermediary program which acts as both a server and a client for the purpose of making requests on behalf of other clients.

  • gateway A server which acts as an intermediary for some other server. Unlike a proxy, a gateway receives requests as if it were the origin server for the requested resource; the requesting client may not be aware that it is communicating with a gateway.

实例

== Server -> User Agent ==
Set-Cookie: lang=en-US; Expires=Wed, 09 Jun 2021 10:18:14 GMT
== User Agent -> Server ==
Cookie: SID=31d4d96e407aad42; lang=en-US

The Domain attribute specifies those hosts to which the cookie will be sent. For example, if the value of the Domain attribute is "example.com", the user agent will include the cookie in the Cookie header when making HTTP requests to example.com, www.example.com, and www.corp.example.com.

rfc7519 jwt

rfc1180 tcp/ip tutorial

 ----------------------------
| network applications |
| |
|... \ | / .. \ | / ...|
| ----- ----- |
| |TCP| |UDP| |
| ----- ----- |
| \ / |
| -------- |
| | IP | |
| ----- -*------ |
| |ARP| | |
| ----- | |
| \ | |
| ------ |
| |ENET| |
| ---@-- |
----------|-----------------
|
-----------o--------------------
Ethernet Cable
框(boxes):表示数据经过计算机时,在这些地方处理数据
框之间的连线(lines):表示数据的流经路径
最下面的横线:表示一根以太网网线(Ethernet cable)
o 符号:收发器(transceiver)
* 符号:IP 地址
@ 符号:以太网地址

In summary: if it is on an Ethernet it is called an Ethernet frame; if it is between the Ethernet driver and the IP module it is called a IP packet; if it is between the IP module and the UDP module it is called a UDP datagram; if it is between the IP module and the TCP module it is called a TCP segment (more generally, a transport message); and if it is in a network application it is called a application message. more RFC 1122

不同以太网的两个机器A, B通过路由器 R 间接转发

  • 源 IP 和源以太网地址是 A 的。
  • 目的 IP 地址是 B 的 IP 地址
  • 目的以太网地址是 R 的以太网地址:因为 A 的 IP 模块需要将这个 IP 包发送给 R 做转发。

hosts 文件相当于计算机本地的 dns 服务器

每个计算机都有自己的路由表

--------------------------------------------------------------------
|network direct/indirect flag router interface number|
--------------------------------------------------------------------
|223.1.2 direct <blank> 1 |
|223.1.3 indirect 223.1.2.4 1 |
|223.1.4 indirect 223.1.2.4 1 |
--------------------------------------------------------------------
TABLE 11. Alpha Route Table with Numbers

UDP 保留了应用定义的消息边界(message boundary defined by the application) 。它不会将应用的两条消息合并,或者将一条消息做拆分。 TCP 提供了面向连接的字节流( connection-oriented byte stream),而非无连接的数据报传送服务

证书与公钥基础设施

TCP 793 TCP 9293

翻译: https://blog.csdn.net/aigoogle/article/details/121036557

tcp 首部

可以把数据看做是连接上的字节流。发送方通过SEND指令发送数据,如果发送数据中指定了PUSH标志,数据会立即从发送方缓存中发送出去。

 0                   1                   2                   3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Port | Destination Port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Acknowledgment Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data | |C|E|U|A|P|R|S|F| |
| Offset| Rsrvd |W|C|R|C|S|S|Y|I| Window |
| | |R|E|G|K|H|T|N|N| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum | Urgent Pointer |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| [Options] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
: Data :
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

校验和: 参与的部分: 伪首部, tcp首部, tcp数据 对IP头部中每16bit进行二进制求和, 校验和在计算时, 校验和字段视为全 0 伪首部: 伪首部共有12字节: 源IP地址、目的IP地址、保留字节(置0)、传输层协议号(TCP是6)、TCP报文长度(报头+数据)。 每一个字节对应一个序列号 重传队列里是 tcp 包而不是字节流 维护 tcp 连接状态的变量: TCP 控制块(TCB)

基本数据

  • 发送序列变量

    ISS     - 初始序列号(Initial Send Sequence number)
    SND.UNA - 发送但未确认的
    SND.NXT - 下次发送的字节序列号
    SND.WND - 发送窗口大小, swnd=min(cwnd, rwnd)
    CONGESTION WINDOW (cwnd) - 拥塞避免中使用

    SND.UP - 紧急数据指针
    SND.WL1 - 上次更新窗口使用的字节序列号
    SND.WL2 - 上次更新窗口使用的确认序列号
    1 2 3 4
    ----------|----------|----------|----------
    SND.UNA SND.NXT SND.UNA
    +SND.WND
    1 - 已经被确认的字节序列
    2 - 未确认的字节序列
    3 - 新数据发送可以使用的字节序列
    4 - 还没有分配的,未来会用的字节序列号

  • 接受序列变量

    IRS     - 连接建立时初始序列号(Initial Receive Sequence number)
    RCV.NXT - 下次希望接收的字节序列号
    RCV.WND - 接收窗口大小(也叫 advertised window, 因为流量控制中这个 window 被用来通知 sender?)

    RCV.UP - 紧急数据指针
    1 2 3
    ----------|----------|----------
    RCV.NXT RCV.NXT
    +RCV.WND
    1 - 被确认的序列号
    2 - 打算接收的序列号
    3 - 还未被分配的序列号

    其他:
    注: 以下这些变量都是以 byte 为单位, 也有例外, 如有些实现中 cwnd 就是以 segment 数量为单位
    SENDER MAXIMUM SEGMENT SIZE (SMSS)
    RECEIVER MAXIMUM SEGMENT SIZE (RMSS)
    effective window - min(cwnd, rwnd), 也就是 swnd
    advertised window - 也就是 rev.wnd
    loss window (LW) - tcp sender 检测到丢包后设置 cwnd 的大小
    restart window(RW) - tcp 闲置一段时间后重启时 cwnd 的大小
    flight size - 已发送但未确认的大小
    duplicate ack - 全部符合以下情况 ack 被认为是 duplicate 的
    1. the receiver of the ACK has outstanding data ?
    2. 到来的 ack 没有数据
    3. syn 和 fin 标志全都是 off
    4. ack number 等于 连接中最大的 ack number
    5. ack 中的 revwnd 等于最近的ack 的 revwnd

    当接收窗口大小为0时,除了ack数据段以外, 其他数据都不会被接收。 所以,TCP可以在窗口为0的情况下继续发送数据和接收确认。 但是即使接收窗口为0,TCP也必须接收带有RST和URG标识的数据段。

  • closed 状态不存在 TCB

  • ISN(Initial Sequence Number) 为了避免冲突,当之前连接实体发送的数据段还在网络上传输时,新的连接实体应该避免使用相同的序列号。处理这个问题的一种方法是在从重新引导恢复后故意延迟一个 MSL 的发射段——这就是“静默时间”规范。 当一个新的连接实体建立时,初始序列号选择器会选择一个新的32的初始序号。选择器使用一个32位的时钟,时钟以4微秒一个的速度增长。所以ISN会大概4.5个小时循环一次。因为我们假定一个数据段在网络中最多存留一个MSL(最大段生命周期)时间段,并且MSL比4.5个小时短很多,所以我们判断,ISN是唯一的。(对于流量特别大的网络可以增加 timestamp 选项继续预防) ISN = M + F(localip, localport, remoteip, remoteport, secretkey) 加密是为了防止有人猜出 ISN 冒充通信

TCP静默时间概念

如果重复使用相同的端口号和序列空间,则主机重新启动后,由于网络中的旧段和新段之间的混淆,数据可能会被损坏。下面讨论的“安静时间”概念解决了这个问题

如果在一个主机组成的计算机网络系统中, 主机突然宕机了, 并且没有保存所有处于活跃状态(Closed以外的其他状态)的连接的状态信息的情况下,主机重启后需要等待约定的一段时间(1 MSL = 2min)才能开始重新建立连接。 这个连接实例发送的数据序列号, 有可能与之前连接实例发送的, 并且在网络中传输中的数据序列号相等或者有重叠。在不了解一个指定的连接之前的序号的情况下,TCP规范规定TCP发送模块应该等待一个MSL时间,来让之前连接实例发送的数据段从网络上排空。 但是当今这个问题已经不再重要, 因为 (a) ISS(初始序列号) 和临时端口随机化降低了重新启动后重用端口号和序列号的可能性, (b) 随着链路变得更快,互联网的有效 MSL 已经下降,以及 (c) 无论如何,重新启动通常需要比 MSL 更长的时间。

如果没有静默时间

  1. 重启后新的链接可能收到上次链接的数据包
  2. 新的数据可能被当做重复数据丢掉(上次链接的数据顶掉了新数据?)

即使发送窗口为0,TCP发送模块在收到用户传过来的数据后,也要发送最少一个字节。 即使接收窗口为0,发送方也要定时发送数据到接收方, 接收方也要处理 URG 和 RST 报文。 当接收窗口为0时,发送方的数据重试间隔为2分钟。当任一个TCP接收窗口为0时,定时发送数据会把接收方重新打开的窗口通知到发送方,这样是很有必要的。

在这些更高性能(100GB/s)的情况下,TCP 时间戳选项和保护序列保护 (PAWS) [ 47 ]提供了检测和丢弃旧重复项所需的功能。

TCP state switch

    TCP Peer A                                           TCP Peer B
1. CLOSED LISTEN
2. SYN-SENT --> <SEQ=100><CTL=SYN> --> SYN-RECEIVED
3. ESTABLISHED <-- <SEQ=300><ACK=101><CTL=SYN,ACK> <-- SYN-RECEIVED
4. ESTABLISHED --> <SEQ=101><ACK=301><CTL=ACK> --> ESTABLISHED
5. ESTABLISHED --> <SEQ=101><ACK=301><CTL=ACK><DATA> --> ESTABLISHED

TCP Peer A TCP Peer B
1. ESTABLISHED ESTABLISHED
2. (Close)
FIN-WAIT-1 --> <SEQ=100><ACK=300><CTL=FIN,ACK> --> CLOSE-WAIT
3. FIN-WAIT-2 <-- <SEQ=300><ACK=101><CTL=ACK> <-- CLOSE-WAIT
4. (Close)
TIME-WAIT <-- <SEQ=300><ACK=101><CTL=FIN,ACK> <-- LAST-ACK
5. TIME-WAIT --> <SEQ=101><ACK=301><CTL=ACK> --> CLOSED
6. (2 MSL)
CLOSED

三次握手

三向握手的主要原因是为了防止旧的重复连接启动造成混乱 另解释: 三次握手其实是四次合并为三次, 四次握手每两次确定一个 ISN

三次握手步骤是必须的(四次握手的中间两次合并成一次),第一个 SYN 的接收方无法知道该段是否是旧段,除非它记住连接上使用的最后一个序列号(这并不总是可能的),因此它必须要求发送方验证这一点同步。

同时启动
TCP Peer A TCP Peer B
1. CLOSED CLOSED
2. SYN-SENT --> <SEQ=100><CTL=SYN> ...
3. SYN-RECEIVED <-- <SEQ=300><CTL=SYN> <-- SYN-SENT
4. ... <SEQ=100><CTL=SYN> --> SYN-RECEIVED

5. SYN-RECEIVED --> <SEQ=100><ACK=301><CTL=SYN,ACK> ...
6. ESTABLISHED <-- <SEQ=300><ACK=101><CTL=SYN,ACK> <-- SYN-RECEIVED
7. ... <SEQ=100><ACK=301><CTL=SYN,ACK> --> ESTABLISHED

从旧的重复 syn 中恢复

TCP Peer A                                           TCP Peer B
1. CLOSED LISTEN
2. SYN-SENT --> <SEQ=100><CTL=SYN> ...
3. (duplicate) ... <SEQ=90><CTL=SYN> --> SYN-RECEIVED
4. SYN-SENT <-- <SEQ=300><ACK=91><CTL=SYN,ACK> <-- SYN-RECEIVED
A 发现 ack 有问题, 重置链接
5. SYN-SENT --> <SEQ=91><CTL=RST> --> LISTEN
重新开始三次握手
6. ... <SEQ=100><CTL=SYN> --> SYN-RECEIVED
7. ESTABLISHED <-- <SEQ=400><ACK=101><CTL=SYN,ACK> <-- SYN-RECEIVED
8. ESTABLISHED --> <SEQ=101><ACK=401><CTL=ACK> --> ESTABLISHED

半开链接

如果 TCP 对等方之一在另一方不知情的情况下关闭或中止了其一端的连接,或者连接的两端由于故障或原因而变得不同步,则称已建立的连接是“半开”的

    TCP Peer A                                      TCP Peer B
1. (REBOOT) (send 300,receive 100)
2. CLOSED ESTABLISHED
3. SYN-SENT --> <SEQ=400><CTL=SYN> --> (??)
4. (!!) <-- <SEQ=300><ACK=100><CTL=ACK> <-- ESTABLISHED
5. SYN-SENT --> <SEQ=100><CTL=RST> --> (Abort!!)
6. SYN-SENT CLOSED
7. SYN-SENT --> <SEQ=400><CTL=SYN> -->

主动方导致半开连接发现↓
TCP Peer A TCP Peer B
1. (REBOOT) (send 300,receive 100)
2. (??) <-- <SEQ=300><ACK=100><DATA=10><CTL=ACK> <-- ESTABLISHED
3. --> <SEQ=100><CTL=RST> --> (ABORT!!)

四次挥手

CLOSE 的用户可以继续 RECEIVE,直到 TCP receiver被告知远程对等点也已 CLOSE。因此,程序可以启动多个 SEND,然后启动 CLOSE,然后继续接收,直到收到信号表明由于远程对等点已关闭而导致接收失败。 即使没有未完成的 RECEIVE,TCP 实现也会向用户发出远程对等点已关闭的信号,因此用户可以优雅地终止其端。TCP 实现将在连接关闭之前可靠地传送所有已发送的缓冲区,因此不希望返回任何数据的用户只需等待听到连接成功关闭即可知道所有数据均已在目标 TCP 端点处收到。用户必须继续读取他们关闭的发送连接,直到 TCP 实现指示没有更多数据为止。

本质上分为三种情况:

  • 1)用户通过告诉 TCP 实现关闭连接来启动(图 12中的 TCP 对等点 A )。 A 不再接受 send, 进入 finwait1, A fin 之前的所有段都将重传直到 B 确认

  • 2)远程 TCP 端点通过发送 FIN 控制信号(图 12中的 TCP 对等点 B )来启动。 B 将用 CLOSE 进行响应,此时 TCP 端点可以在发送任何剩余数据后向另一个 TCP 对等方发送 FIN。TCP 端点然后等待,直到它自己的 FIN 被确认,然后它删除连接。如果未收到 ACK,则在用户超时后,连接将中止并通知用户 如果本地 TCP 连接由于从远程端接收到 FIN 或 RST 而被远程端关闭,则必须通知本地应用程序它是正常关闭还是中止

  • 3)两个用户同时关闭(图 13)。

    连接两端的用户同时 CLOSE 导致 FIN 段交换(图 13)。当 FIN 之前的所有段均已处理并确认后,每个 TCP 对等方都可以确认其收到的 FIN。双方都会在收到这些 ACK 后删除连接。

同时关闭
TCP Peer A TCP Peer B
1. ESTABLISHED ESTABLISHED
2. (Close) (Close)
FIN-WAIT-1 --> <SEQ=100><ACK=300><CTL=FIN,ACK> ... FIN-WAIT-1
<-- <SEQ=300><ACK=100><CTL=FIN,ACK> <--
... <SEQ=100><ACK=300><CTL=FIN,ACK> -->
3. CLOSING --> <SEQ=101><ACK=301><CTL=ACK> ... CLOSING
<-- <SEQ=301><ACK=101><CTL=ACK> <--
... <SEQ=101><ACK=301><CTL=ACK> -->
4. TIME-WAIT TIME-WAIT
(2 MSL) (2 MSL)
CLOSED CLOSED

半关闭连接

由于 TCP 连接的两个方向是独立关闭的,因此一个连接有可能是“半关闭”的,即仅在一个方向上关闭,而允许主机在半关闭的方向上继续在开放方向上发送数据。 主机可以实现“半双工”TCP 关闭序列,从而使调用 CLOSE 的应用程序无法继续从连接读取数据 (MAY-1)。如果这样的主机发出 CLOSE 调用,而接收到的数据仍在 TCP 连接中等待,或者如果在调用 CLOSE 后收到新数据,则其 TCP 实现 应该发送 RST 以表明数据已丢失(SHLD-3)。 当主动关闭连接时,它必须在 TIME-WAIT 状态中停留 2xMSL(最大段生命周期)的时间 (MUST-13)。但是,它可以接受来自远程 TCP 端点的新 SYN,以直接从 TIME-WAIT 状态 (MAY-2) 重新打开连接

  1. 为新连接分配其初始序列号,使其大于其在前一个连接化身中使用的最大序列号,并且

  2. 如果 SYN 被证明是旧的副本,则返回到 TIME-WAIT 状态。

复位出现的三种情况

  1. 如果连接不存在(CLOSED),则发送重置以响应除另一个重置之外的任何传入分段。通过这种方式,与现有连接不匹配的 SYN 段将被拒绝。

    如果传入的段设置了 ACK 位,则重置会从该段的 ACK 字段中获取其序列号;否则,重置的序列号为零,并且 ACK 字段设置为传入分段的序列号和分段长度之和。连接保持在 CLOSED 状态。

  2. 如果连接处于任何非同步状态(LISTEN、SYN-SENT、SYN-RECEIVED),并且传入分段确认尚未发送的内容(分段携带不可接受的 ACK),或者传入分段具有安全级别或如果隔间(附录 A.1)与连接请求的级别和隔间不完全匹配,则发送重置。

    如果传入的分段具有 ACK 字段,则重置会从该分段的 ACK 字段中获取其序列号;否则,重置的序列号为零,并且 ACK 字段设置为传入分段的序列号和分段长度之和。连接保持相同状态。

  3. 如果连接处于同步状态(ESTABLISHED、FIN-WAIT-1、FIN-WAIT-2、CLOSE-WAIT、CLOSING、LAST-ACK、TIME-WAIT),任何不可接受的段(窗口外序列号或不可接受的确认号)必须用包含当前发送序列号和指示预期接收的下一个序列号的确认的空确认段(没有任何用户数据)进行响应,并且连接保持在相同状态。

    如果传入段的安全级别或隔离与连接请求的级别和隔离不完全匹配,则会发送重置并且连接进入CLOSED 状态。重置从传入分段的 ACK 字段中获取其序列号。

分段

术语“分段”是指 TCP 在从发送应用程序获取字节流并将该字节流打包为 TCP 分段时执行的活动。

Eff.snd.MSS = min(SendMSS+20, MMS_S) - TCPhdrsize - IPoptionsize

  • MSS: 可接收的 tcp 段的数据部分的大小(byte)
  • SendMSS: 接收到的 MSS 大小, 默认ipv4:536, ipv6:1220
  • MMS_S: tcp 可以传输的最大大小
  • TCPhdrsize is the size of the fixed TCP header and any options
  • IPoptionsize is the size of any IPv4 options or IPv6 extension headers associated with a TCP connection.

对于 IPv4,IP 层默认有效 MTU 小于或等于 576,而对于 IPv6,则为 1280。 使用这些固定值会限制 TCP 连接性能和效率。 因此强烈建议实施路径 MTU 发现 (PMTUD) 和分组层路径 MTU 发现 (PLPMTUD Packetization Layer Path MTU Discovery),以便 TCP 改进分段决策。

超时重传 RFC 6298

RTO (retransmission timeout) 为了计算 RTO, tcp 发送方维持两个变量: SRTT (smoothed round-trip time) and RTTVAR (round-trip time variation)

规则

  1. 直到发送方接收方之间的 RTT 测量出来, 发送方令 RTO=1 秒
  2. 当 RTT 测量为 R 时, 令
    1. SRTT=R
    2. RTTVAR=R/2
    3. RTO=SRTT+max(G, K*RTTVAR), 其中 K=4, G 为时间粒度, 一般只有当 K*RTTVAR=0 才会应用
  3. 当后续 RTT 测量为 R` 时
    1. RTTVAR = (1 - beta) * RTTVAR + beta * |SRTT - R'| beta=1/4
    2. SRTT = (1 - alpha) * SRTT + alpha * R' alpha=1/8
  4. 不论计算结果如何, RTO总是>=1 秒

RTO timer 管理

  1. 当含有 data 的包发送(或重传), 如果 timer 没有启动, 则启动 timer
  2. 当所有发出的 data 都被 ack 了, 关闭 timer
  3. 当收到了新数据的 ack, 重启 timer
  4. 当重传时, timer 超时时
    1. 重传最早的没有 ack 的段
    2. 令 RTO=RTO*2
    3. 开启重传 timer, 使用上述的 RTO
    4. 如果在握手(SYN)期间等待 ack 超时, 并且 RTO<3 秒, 则当数据传输开始时必须令 RTO=3 秒

拥塞控制 RFC 5681

TCP 端点必须实现基本拥塞控制算法慢启动、拥塞避免和 RTO 指数退避

slow start

当 cwnd < ssthresh 时 涉及变量: sender 端的 cwnd, rcv 端的 rwnd, ssthresh(slow start threshold)

每当收到一个 ack cwnd += min (N, SMSS) N 是收到的 ack 确认的字节数, smss 是 SENDER MAXIMUM SEGMENT SIZE

congestion avoidance

当 cwnd > ssthresh 时 涉及变量: sender 端的 cwnd, rcv 端的 rwnd, ssthresh(slow start threshold)

每一个 RTT cwnd += min (N, SMSS) The RECOMMENDED way to increase cwnd during congestion avoidance is to count the number of bytes that have been acknowledged by ACKs for new data. When the number of bytes acknowledged reaches cwnd, then cwnd can be incremented by up to SMSS bytes.

当发送方通过计时器发现 segment 丢失, 且这个 segment 还没有重新发送时 ssthresh = max (FlightSize / 2, 2*SMSS) 如果发现时 segment已经重新发送, 则 ssthresh 保持不变

fast retransmit fast recovery

A TCP receiver SHOULD send an immediate duplicate ACK when an out-of-order segment arrives.

三个重复 ack 代表包丢失, 收到三个 ack 不管计时器是否超时都立即重传

fast retransmit执行后, 直到收到不重复 ack, 都进行 fast recovery 算法

步骤如下:

  1. 在发送方收到的第一个和第二个重复 ACK 上,TCP 应发送一段以前未发送的数据,前提是接收方的通告窗口允许,总 FlightSize 将保持小于或等于 cwnd 加 2*SMSS,并且新数据可用于传输。???
  2. 收到第三个 ack 时, ssthresh = max (FlightSize / 2, 2*SMSS)
  3. 重传第一个发送但未确认的segment, cwnd=ssthresh+3*SMSS (3 来自于三个 ack 对应的三个其他segment)
  4. 三个 ack 之后的每一个重复 ack, cwnd += SMSS (因为每收到一个重复 ack 代表一个 segment 离开了网络而被 rcv 接收到了)
  5. 当 cwnd 和 rwnd 允许时, sender 应该发送 1*SMSS 没有发送过的数据
  6. 当收到没有被 ack 过的 segment 的 ack 时, 令 cwnd=ssthresh

流量控制 RFC793

接收方控制发送方发送的速度

接收方发出的每一个 ack 都包含接收方还可以接收的包的数量

TCP Connection Failures

有两个阈值 R1, R2, 衡量重传次数, 超过 R1 向 ip 层传递消极信息, 超过 R2 关闭连接 R1>=3次, R2≈100 秒

窗口管理

0 窗口探测

发送 TCP 对等方必须定期传输至少一个八位字节的新数据(如果可用),或者即使发送窗口为零也必须重新传输到接收 TCP 对等方,以便“探测”窗口。

术语

ACK A control bit (acknowledge) occupying no sequence space, which indicates that the acknowledgment field of this segment specifies the next sequence number the sender of this segment is expecting to receive, hence acknowledging receipt of all previous sequence numbers. connection A logical communication path identified by a pair of sockets. datagram A message sent in a packet-switched computer communications network. Destination Address The network-layer address of the endpoint intended to receive a segment. FIN A control bit (finis) occupying one sequence number, which indicates that the sender will send no more data or control occupying sequence space. flush To remove all of the contents (data or segments) from a store (buffer or queue). fragment A portion of a logical unit of data. In particular, an internet fragment is a portion of an internet datagram. header Control information at the beginning of a message, segment, fragment, packet, or block of data. host A computer. In particular, a source or destination of messages from the point of view of the communication network. Identification An Internet Protocol field. This identifying value assigned by the sender aids in assembling the fragments of a datagram. internet address A network-layer address. internet datagram A unit of data exchanged between internet hosts, together with the internet header that allows the datagram to be routed from source to destination. internet fragment A portion of the data of an internet datagram with an internet header. IP Internet Protocol. See [1] and [13]. IRS The Initial Receive Sequence number. The first sequence number used by the sender on a connection. ISN The Initial Sequence Number. The first sequence number used on a connection (either ISS or IRS). Selected in a way that is unique within a given period of time and is unpredictable to attackers. ISS The Initial Send Sequence number. The first sequence number used by the sender on a connection. left sequence This is the next sequence number to be acknowledged by the data-receiving TCP endpoint (or the lowest currently unacknowledged sequence number) and is sometimes referred to as the left edge of the send window. module An implementation, usually in software, of a protocol or other procedure. MSL Maximum Segment Lifetime, the time a TCP segment can exist in the internetwork system. Arbitrarily defined to be 2 minutes. octet An eight-bit byte. Options An Option field may contain several options, and each option may be several octets in length. packet A package of data with a header that may or may not be logically complete. More often a physical packaging than a logical packaging of data. port The portion of a connection identifier used for demultiplexing connections at an endpoint. process A program in execution. A source or destination of data from the point of view of the TCP endpoint or other host-to-host protocol. PUSH A control bit occupying no sequence space, indicating that this segment contains data that must be pushed through to the receiving user. RCV.NXT receive next sequence number RCV.UP receive urgent pointer RCV.WND receive window receive next sequence number This is the next sequence number the local TCP endpoint is expecting to receive. receive window This represents the sequence numbers the local (receiving) TCP endpoint is willing to receive. Thus, the local TCP endpoint considers that segments overlapping the range RCV.NXT to RCV.NXT + RCV.WND - 1 carry acceptable data or control. Segments containing sequence numbers entirely outside this range are considered duplicates or injection attacks and discarded. RST A control bit (reset), occupying no sequence space, indicating that the receiver should delete the connection without further interaction. The receiver can determine, based on the sequence number and acknowledgment fields of the incoming segment, whether it should honor the reset command or ignore it. In no case does receipt of a segment containing RST give rise to a RST in response. SEG.ACK segment acknowledgment SEG.LEN segment length SEG.SEQ segment sequence SEG.UP segment urgent pointer field SEG.WND segment window field segment A logical unit of data. In particular, a TCP segment is the unit of data transferred between a pair of TCP modules. segment acknowledgment The sequence number in the acknowledgment field of the arriving segment. segment length The amount of sequence number space occupied by a segment, including any controls that occupy sequence space. segment sequence The number in the sequence field of the arriving segment. send sequence This is the next sequence number the local (sending) TCP endpoint will use on the connection. It is initially selected from an initial sequence number curve (ISN) and is incremented for each octet of data or sequenced control transmitted. send window This represents the sequence numbers that the remote (receiving) TCP endpoint is willing to receive. It is the value of the window field specified in segments from the remote (data-receiving) TCP endpoint. The range of new sequence numbers that may be emitted by a TCP implementation lies between SND.NXT and SND.UNA + SND.WND - 1. (Retransmissions of sequence numbers between SND.UNA and SND.NXT are expected, of course.) SND.NXT send sequence SND.UNA left sequence SND.UP send urgent pointer SND.WL1 segment sequence number at last window update SND.WL2 segment acknowledgment number at last window update SND.WND send window socket (or socket number, or socket address, or socket identifier) An address that specifically includes a port identifier, that is, the concatenation of an Internet Address with a TCP port. Source Address The network-layer address of the sending endpoint. SYN A control bit in the incoming segment, occupying one sequence number, used at the initiation of a connection to indicate where the sequence numbering will start. TCB Transmission control block, the data structure that records the state of a connection. TCP Transmission Control Protocol: a host-to-host protocol for reliable communication in internetwork environments. TOS Type of Service, an obsoleted IPv4 field. The same header bits currently are used for the Differentiated Services field [4] containing the Differentiated Services Codepoint (DSCP) value and the 2-bit ECN codepoint [6]. Type of Service See "TOS". URG A control bit (urgent), occupying no sequence space, used to indicate that the receiving user should be notified to do urgent processing as long as there is data to be consumed with sequence numbers less than the value indicated by the urgent pointer. urgent pointer A control field meaningful only when the URG bit is on. This field communicates the value of the urgent pointer that indicates the data octet associated with the sending user's urgent call.

HTTP

rfc2616 http1.1

cachable 是什么?

状态码

100 Continue 告知 c 已经收到请求的初始部分, c 应该继续发送或者发送完无视, s 必须给出最终响应

101 Switching Protocols s 响应 c 更换协议的请求 server will switch protocols to those defined by the response's Upgrade header field immediately after the empty line which terminates the 101 response.

200 OK 回复信息如下 GET an entity corresponding to the requested resource is sent in the response; HEAD the entity-header fields corresponding to the requested resource are sent in the response without any message-body; POST an entity describing or containing the result of the action;

201 Created 请求被接受并且在响应前产生了可以通过 uri 访问的新资源

202 Accepted 请求被接受但未处理完

203 Non-Authoritative Information 未要求必须使用, 可用 200 代替

204 No Content 无 body

205 Reset Content c 应该重置发送请求的页面, 这个请求是为了让 c 能进行下一次表单发送 此响应无 entity(entity 就是 header+body)

206 Partial Content 响应了get 请求的一部分, header 中需要有一些特定字段说明响应了哪些

300 Multiple Choices 请求对应了多个资源, 需要响应可选择的资源有哪些

301 Moved Permanently 请求的资源转移到了一个新的永久 uri, 并且所有引用都改用新的 uri The new permanent URI SHOULD be given by the Location field in the response

302 Found 寻找的资源临时放在另一个 uri, 下次请求不用临时 uri 而是用之前的 If you want to send visitors to an alternative page when visiting this particular page, and you want to reuse the URL in the future, use a 302.

303 See Other 类似 302

304 Not Modified c 使用了 conditional get, 请求被接受但是文档没变, 就回复 304, 无 body

305 Use Proxy 请求必须使用 305 响应中提供的 proxy

306 (Unused) 保留, 未使用

307 Temporary Redirect 寻找的资源临时放在另一个 uri, 下次请求不用临时 uri 而是用之前的, 可以代替 302? Use this redirect if you’re sure the move is temporary and you’ll still need the original URL later on.

400 Bad Request 由于语法问题 s 无法理解请求

401 Unauthorized 请求需要权限, The client MAY repeat the request with a suitable Authorization header field

402 Payment Required 保留, 未使用

403 Forbidden s 理解请求但拒绝完成请求, c 不应该再发送同样的请求

404 Not Found s 没有找到符合 Request-URI 的资源

405 Method Not Allowed 方法不允许

406 Not Acceptable 指代服务器端无法提供与 Accept-Charset 以及 Accept-Language 消息头指定的值相匹配的响应。

407 Proxy Authentication Required This code is similar to 401 (Unauthorized), but indicates that the client must first authenticate itself with the proxy.

408 Request Timeout c 没有在指定时间内发送请求

409 Conflict 资源状态冲突, 这个响应只有当 c 改变请求可以解决冲突时才发出 如 put

410 Gone 请求的资源永久无法访问了, 并且不知道转移到哪了

411 Length Required s 不接受没有Content-Length字段的请求

412 Precondition Failed 在 HTTP 协议中,响应状态码 412 Precondition Failed(先决条件失败)表示客户端错误,意味着对于目标资源的访问请求被拒绝。由首部字段 If-Unmodified-SinceIf-None-Match 规定的先决条件不成立的情况下。这时候,请求的操作——通常是上传或修改文件——无法执行,从而返回该错误状态码。

413 Request Entity Too Large 请求的 entity 太大了

414 Request-URI Too Long uri 太长

415 Unsupported Media Type 不支持的数据格式

416 Requested Range Not Satisfiable 服务器无法处理所请求的数据区间。最常见的情况是所请求的数据区间不在文件范围之内,也就是说,Range 首部的值,虽然从语法上来说是没问题的,但是从语义上来说却没有意义。

417 Expectation Failed 服务器无法满足 Expect 请求消息头中的期望条件。

500 Internal Server Error 服务器内部错误导致无法完成请求

501 Not Implemented 请求方法不支持 服务器必须支持的方法只有 get 和 head

502 Bad Gateway 它表示作为网关或代理的服务器,从上游服务器中接收到的响应是无效的。

503 Service Unavailable 由于s暂时的过载或维护无法处理请求, c 应该稍后再次请求, 延迟请求的时间写在响应中(Retry-After header), 如果没有这个 header, c 应该将其当成 500 响应

504 Gateway Timeout 扮演 gateway 和 proxy 的 s 没有按时收到上游的回复

505 HTTP Version Not Supported s 不支持这个 http 版本, 响应中应该包含支持的 http 版本

请求方式及其响应

OPTIONS HTTP OPTIONS 方法请求给定的 URL 或服务器的允许通信选项。客户端可以用这个方法指定一个 URL,或者用星号(*)来指代整个服务器。

GET 使用 GET 的请求应该只用于请求数据,而不应该包含数据

The semantics of the GET method change to a "conditional GET" if the request message includes an If-Modified-Since, If-Unmodified-Since, If-Match, If-None-Match, or If-Range header field. A conditional GET method requests that the entity be transferred only under the circumstances described by the conditional header field(s).

The semantics of the GET method change to a "partial GET" if the request message includes a Range header field. A partial GET requests that only part of the entity be transferred

HEAD HTTP HEAD 方法请求资源的标头信息,并且这些标头与 HTTP GET 方法请求时返回的一致。该请求方法的一个使用场景是在下载一个大文件前先通过 HEAD 请求读取其 Content-Length 标头的值获取文件的大小,而无需实际下载文件,以此可以节约带宽资源。 s 响应不能包含 body

POST PUTPOST 方法的区别是,PUT 方法是幂等的:调用一次与连续调用多次效果是相同的(即没有作用),而连续调用多次相同的 POST 方法可能会有副作用,比如多次提交同一订单。

PUT

The fundamental difference between the POST and PUT requests is reflected in the different meaning of the Request-URI. The URI in a POST request identifies the resource that will handle the enclosed entity. That resource might be a data-accepting process, a gateway to some other protocol, or a separate entity that accepts annotations. In contrast, the URI in a PUT request identifies the entity enclosed with the request -- the user agent knows what URI is intended and the server MUST NOT attempt to apply the request to some other resource. If the server desires that the request be applied to a different URI, it MUST send a 301 (Moved Permanently) response; the user agent MAY then make its own decision regarding whether or not to redirect the request.

DELETE HTTP DELETE 请求方法用于删除指定的资源。

The DELETE method requests that the origin server delete the resource identified by the Request-URI. This method MAY be overridden by human intervention (or other means) on the origin server. The client cannot be guaranteed that the operation has been carried out, even if the status code returned from the origin server indicates that the action has been completed successfully. However, the server SHOULD NOT indicate success unless, at the time the response is given, it intends to delete the resource or move it to an inaccessible location.

A successful response SHOULD be 200 (OK) if the response includes an entity describing the status, 202 (Accepted) if the action has not yet been enacted, or 204 (No Content) if the action has been enacted but the response does not include an entity.

TRACE HTTP TRACE 方法沿着通往目标资源的路径进行信息回环测试,提供一个有用的调试机制。

The TRACE method is used to invoke a remote, application-layer loop- back of the request message. The final recipient of the request SHOULD reflect the message received back to the client as the entity-body of a 200 (OK) response. The final recipient is either the

origin server or the first proxy or gateway to receive a Max-Forwards value of zero (0) in the request (see section 14.31). A TRACE request MUST NOT include an entity.

TRACE allows the client to see what is being received at the other end of the request chain and use that data for testing or diagnostic information. The value of the Via header field (section 14.45) is of particular interest, since it acts as a trace of the request chain. Use of the Max-Forwards header field allows the client to limit the length of the request chain, which is useful for testing a chain of proxies forwarding messages in an infinite loop.

If the request is valid, the response SHOULD contain the entire request message in the entity-body, with a Content-Type of "message/http". Responses to this method MUST NOT be cached.9.9 CONNECT

This specification reserves the method name CONNECT for use with a proxy that can dynamically switch to being a tunnel (e.g. SSL tunneling [44]).