Can the out of sequence message complete TCP three handshakes

as follows TCP Handshake sequence ：

Ask which message in bold can be completed TCP Shake hands ？server Terminal accept Will you return ？
The answer is yes ：

• Just get to server The message ack Field equals server syn+1, To complete the handshake .

TCP The protocol is full duplex ,3rd ack Belong to server To client Direction syn The confirmation of ,server Just verify it ack Field as the root ,seq Can be regarded as client To server Direction ack A piggyback to data, The verification is not strict .

The following packetdrill Scripts can demonstrate ：

+0  socket(..., SOCK_STREAM, IPPROTO_TCP) = 3
+0  setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
+0  setsockopt(3, SOL_SOCKET, SO_RCVBUF, [8000], 4) = 0

+0  bind(3, ..., ...) = 0
+0  listen(3, 1) = 0

//  Start shaking hands 
+0  < S 0:0(0) win 1000 <mss 1000,sackOK,nop,nop>
+0  > S. 0:0(0) ack 1<...>
//  Complete handshake with out of sequence messages 
+.1 < P. 1000:5380(4380) ack 1 win 32792
//  The following is the normal sequential message , Open the notes for comparison 
//+.8 < . 1:1(0) ack 1 win 32792
+0  accept(3, ..., ...) = 4
+.2 %{
     assert 1 == tcpi_state }%
+.3 %{
     print tcpi_state, tcpi_ca_state }%
+.3 %{
     print tcpi_rcv_space }%
//  The third time of disorder ACK
+.8 < . 1:1(0) ack 1 win 32792
//  The first message out of order 
+.8 < . 1:1000(999) ack 1 win 32792

Start another terminal , Enter the following command line and execute packetdrill give the result as follows ：

~/test$ sudo bpftrace -e 'kr:inet_csk_accept/comm == "pdrill"/{
    $tp = (struct tcp_sock*)retval;$sk = (struct sock*)retval;printf("state:%d rcv_nxt:%d ofo_pkts:%d\n", $sk->sk_state, $tp->rcv_nxt, $tp->rcv_ooopack);}' --include "linux/tcp.h"
Attaching 1 probe...
state:1 rcv_nxt:1 ofo_pkts:1  #  explain ： Connected ESTABLISHED, Expect to receive 1 Number , Disordered message enters ofo queue

stay accept At the right time , come from client The third handshake ACK It hasn't arrived yet , But the disordered message arrived , Handshake can also be successful . The most important thing is 12 Yes "ack 1", If it is changed to other , Handshake will not complete .

It begins with ,server Received data Belong to 3rd ack A piggyback to , Disorder should be tolerated , Just in server Tolerance range , To complete the handshake , This tolerance range is determined by server Announcement window metrics . If the out of sequence message is as follows ：

+.1 < P. 11000:15380(4380) ack 1 win 32792

This message exceeds the notification window ,server It can be determined that it is forged or over issued , The message is discarded , The handshake couldn't be completed ,accept Will wait forever .

As a rule ,client Observe the limits of the notification window , Even if the order is disordered, it will eventually be covered by the window , So the design is reasonable . But the root cause , It's still in TCP full duplex , The two directions should be treated separately .

The above text can also be passed tcpdump Packet capture verification .

TCP syncookie Shaking hands can also tolerate disorder , This means that seq Code in cookie Why , But if seq No participation cookie Calculation , The following data loss problems may occur ：

so cookie In the case of handshake , Tolerance of disorder and data integrity cannot be achieved at the same time , Abandon data integrity and maintain robustness .

It's coming , Short summary TCP handshake .

TCP Handshake is 4 Second, not 3 Time , Every direction 2 Time . It's just server To client The direction is right syn Confirmation and server To client The direction of the syn combine 1 Time , Show 3 Just a handshake ：

Look at the wave stage , Because the two directions of transmission are independent of each other , Therefore, passive closing end pairs cannot be merged fin And their own fin.

Beneath the surface , Waving and shaking hands are essentially the same , Its core is TCP Full duplex .

Zhejiang Wenzhou leather shoes wet , It's not fat when it's raining .