L18-Transport Layer，TCP and UDP

OSI model¹

• layer2

  • ARP：已知 IP 地址，获得目的设备的 MAC 地址
  • DHAP：第一次链接互联网时获得配置
  • WPA：设备链接 wifi，加密

• layer3

  • BGP：通过 AS 运输 packets

• transport layer protocol(layer 4) <--TODAY

  • TCP
  • UDP

IP 的问题

best effort to transport ，但是不保证送到，也不防止篡改

大小有限

包到达的顺序可能为乱序——label

包也可能丢掉——重新发送

TCP

• Provides a byte stream abstraction

  • Bytes go in one end of the stream at the source and come out at the other end at the destination
  • TCP automatically breaks streams into segments, which are sent as layer 3 packets

• Provides ordering

  • Segments contain sequence numbers, so the destination can reassemble the stream in order

• Provides reliability

  • The destination sends acknowledgements (ACKs) for each sequence number received
  • If the source doesn’t receive the ACK, the source sends the packet again

• Provides ports

  • Multiple services can share the same IP address by using different ports

ports

• Ports help us distinguish between different applications on the same computer or server

​​

Establishing Sequence Numbers

• Each TCP connection requires two sets of sequence numbers

  • One sequence number for messages from the client to the server
  • One sequence number for messages from the server to the client

• Before starting a TCP connection, the client and server must agree on two initial sequence numbers (ISNs)

  • The ISNs are different and random for every connection (for security reasons, as we’ll see soon)

用于标识每个新连接的第一个字节。它有助于确保数据按顺序传输，并且可以检测丢失或错序的数据包。如果数据丢失或到达目的地时顺序不正确，TCP 模块能够根据序列号重新传输或重新排序数据以恢复原始顺序

从一个随机数开始，防止攻击

3-way handshake

达成随机数同意的方法

1. SYN，客户端发送一个随机数给 server
2. SYN-ACK，服务器发送另外一个随机数，另外发送 x+1 给客户端表达收到
3. ACK，客户端发送 x+1, y+1

​​

send data with TCP

在 TCP 连接建立后，客户端和服务器可以开始传输数据。数据被分段并封装在 TCP 段中进行传输。每个 TCP 段都包含一个序列号（Seq）和一个确认号（Ack）。

序列号（Seq）用于标识段中第一个字节的位置。它有助于确保数据按顺序传输，并且可以检测丢失或错序的数据包。如果数据丢失或到达目的地时顺序不正确，TCP 模块能够根据序列号重新传输或重新排序数据以恢复原始顺序。

确认号（Ack）用于确认已成功接收的数据。当接收方收到一个 TCP 段时，它会发送一个带有 Ack 标志位的段作为响应，其中包含下一个期望接收的字节的序列号。发送方可以根据确认号来确定哪些数据已被成功接收，并相应地更新其发送窗口。

通过使用序列号和确认号，TCP 能够提供可靠的数据传输服务。

假设我们已经达成了一致

...

The TCP handlers on each side track which TCP segments have been received for each connection

• A connection is identified by these 5 values (sometimes called a 5-tuple)

  • Source IP
  • Destination IP
  • Source Port
  • Destination Port
  • Protocol

retransmission

丢包问题。当对方收到 ACK，不再重新传输

中止 TCP 链接

• To end a connection, one side sends a packet with the FIN (finish) flag set, which should then be acknowledged
• To abort a connection, one side sends a packet with the RST (reset) flag set

TCP flag

• ACK

  • Indicator that the user is acknowledging the receipt of something (in the ack number) 标志收到
  • Pretty much always set except the very first packet

• SYN

  • Indicator of the beginning of the connection 标志开始连接

• FIN

  • One way to end the connection 结束链接的方法之一
  • Requires an acknowledgement
  • No longer sending packets, but will continue to receive

• RST

  • One way to end a connection 结束链接的方法之一
  • Does not require an acknowledgement
  • No longer sending or receiving packets

TCP attack

TCP hijacking：Data injection/ RST injection

• RST injection: Spoofing a RST packet to forcibly terminate a connection

  • Same requirements as packet injection, so easy for on-path and MITM attackers, but hard for off-path attackers
  • Often used in censorship scenarios to block access to sites

【有的国家会用这些技术审核网页，我擦我不好说】

​​

TCP spoofing:Spoofing a TCP connection to appear to come from another source IP address

​​

UDP

​​

• Provides a datagram abstraction

  • A message, sent in a single layer 3 packet (though layer 3 could fragment the packet)

  • Max size limited by max size of packet

  • Applications break their data into datagrams, which are sent and received as a single unit

    • Contrast with TCP, where the application can use a bytestream abstraction

• No reliability or ordering guarantees, but adds ports

  • It still has best effort delivery

• Much faster than TCP, since there is no 3-way handshake

  • Usually used by low-latency, high-speed applications where errors are okay (e.g. video streaming, games)

UDP attack

很容易注入数据

‍