TCP/IP A protocol family is a set of protocols , Also called Internet protocol family , The only way for computers to follow these rules , To communicate .TCP and IP It's just that 2 It's an important agreement , So use TCP/IP To name this internet protocol family , In fact, he basically includes four layers of agreement .
As mentioned above TCP/IP Macroscopically, it is divided into four layers , Next, the specific functions of the next four layers .
application layer Provide different network service protocols directly for users , such as HTTP、Email、FTP etc. , These protocols are designed to meet different needs in real life . Users also operate and assemble data in this layer most of the time , To put it bluntly
socket Programming ！ As for the specific data is how to network transmission , It's up to the next three levels .
The transport layer provides communication services for the application layer , Belong to the highest level of communication oriented part , It's also the bottom layer of user functions . The transport layer provides logical communication for applications that communicate with each other . It mainly includes
TCP The protocol and
UDP agreement .
TCP Provide connection oriented data flow support 、 reliability 、 flow control 、 Multiplexing and other services .
UDP No complex control mechanism .
The role of the transport layer ：
Segment and encapsulate the data from the application layer .
Provide end-to-end transport services .
Build logical communication between sending host and receiving host .
The function of network layer is to realize data packet Route selection and forward . Wan usually uses many hierarchical routers to connect to distributed hosts or LANs , therefore , The two communication hosts are generally connected through multiple intermediate node routers . The task of the network layer is to select these intermediate nodes , To determine the communication path between the two hosts . At the same time, the details of network topology connection are hidden from the upper layer protocol , So that in the transport layer and network applications , The two sides of the communication are directly connected .
IP The agreement is at this level , Provides routing and addressing functions , Enable two terminal systems to interconnect and determine the best path , And has the certain congestion control and the flow control ability .
The data link layer implements the network driver of the network card interface , To handle the transmission of data over physical media . Two commonly used protocols in the data link layer are ARP agreement （Address Resolve Protocol, Address resolution protocol ） and RARP agreement （ReverseAddress Resolve Protocol, Reverse Address Resolution Protocol ）. They achieve IP Address and machine physics MAC The translation between addresses .
utilize TCP/IP When protocol family communicates with network , Communicate with each other in hierarchical order . The sender goes down from the application layer , The receiver goes up from the link layer .
When the sender transmits data between layers , When passing through a layer, it will be marked with the first information of the layer . conversely , When the receiver transmits data between layers , When passing through a layer, the corresponding head will be eliminated .
This way of wrapping data and information is called encapsulation .
But one thing to note , IP There are layers Maximum Transmission Unit Maximum transmission unit MTU The limit , In the same way, in a data transmission TCP There are layers Maximum Segment Size Maximum segment length MSS The limit ,
Ethernet MTU yes 1500, basic IP The length of bow is 20,TCP The first is 20, therefore MSS The maximum value of is 1460(MSS Excluding the first part of the agreement , Only application data ).
So a large application layer information transmission may be divided into several blocks and then transmitted one by one . The receiver receives the application layer data of each packet and assembles it into application layer data , Then a request is received , This is also Content-Length The meaning of field existence .
OSI also called Open system interconnection communication reference model , It's a conceptual model proposed by the international organization for standardization , A standard framework that attempts to interconnect computers worldwide as networks , It focuses on what the necessary functions of the communication protocol are .
The real network transmission protocol in real life , Focus on the implementation of the protocol on the computer, which program should be developed .
OSI Follow TCP/IP difference
OSI Introduced services 、 Interface 、 agreement 、 Concept of layering ,TCP/IP Learn from it OSI These concepts are based on TCP/IP Model .
OSI There's a model before a protocol , There are standards before practice .
TCP/IP First there are protocols and applications, then there are models , And it's a reference OSI Model .
OSI It's a theoretical model , and TCP/IP Has been widely used , Become the de facto standard of Internet connection .
After the introduction of the macro TCP/IP After protocol cluster , Now let's go From top to bottom Enter the world of the Internet .
HyperText Transfer Protocol, also called Hypertext transfer protocol .HTTP It's about transferring text between any two points in the computer world 、 picture 、 Conventions and specifications for hypertext data such as audio and video .
URI：Uniform Resource Identifier Uniform resource identifier , It means web Every available resource on the ,URI It's just a Concept , It doesn't matter how , The point is to identify a resource .
URN ：Universal Resource Name Unified resource name , By a unique name in a specific namespace or ID To identify resources .
URL：Universal Resource Locator Uniform resource locator ,URL It's actually URI A subset of , It not only identifies a resource, but also tells you how to access it , A standard URL Must include ：protocol、host、port、path.
protocol： What kind of protocol is adopted by both sides of communication ,HTTP、ftp、file etc.
IP： The reality of the server IP Address .
Port： Service resources in IP Exposed ports on the machine .
path： The storage path of resources on the server , It's usually a file or access directory .
query： Optional configuration , use & Division , Parameter with KV Way to store .
Give an example of the relationship between the three ：
You want to find someone , People here are a resource URI.
If you use ID number + I'll find the name URN, ID number + The name only identifies people as a resource , But we can't confirm the address of the resource .
If you use the address ：XX province XX City XX District XX unit XX The occupants of the room Namely URL, It's not just about people , And located its address
request and Respond to All messages are sent by
Start line 、
Blank line 、
Entity Four parts , It's just
Start line not quite the same .
The request line contains 3 Parts of ： Request method 、URL、 Protocol version . They are separated by spaces , The request line ends with a carriage return + A newline ending .
Request method ： Indicates what you want to do with the target resource ,HTTP1.1 Defines the 8 Request method , The most common one is GET and POST.
URL： The specified address is the target address of this visit .
Protocol version ： Specifies the... Currently supported by the client HTTP edition ,HTTP At present, the common ones are 1.1、 2.0、3.0 Three versions , If the requestor specifies 1.1, The responder will also use HTTP 1.1 Reply to the agreement .
Request header To inform the server of the request and some additional information about the client itself , Each request header is a Key value pair , The key and value are separated by a colon . Each request header forms a separate line , They all end with a carriage return and a newline . In all request headers , Only Host It's necessary , Other request headers are optional , List some common request headers ：
Contains only a carriage return and a line feed , Nothing else . This blank line marks the end of the request header , It is necessary .
It's usually user-defined Information body , In the header, you can pass Content-Type Specify the type .
Specifies the return information corresponding to HTTP edition 、 Response information status code 、 Simple reason .
As for blank lines and message bodies, they are almost like requests , The message body type is determined by the Content-Type designated .
HTTP The protocol specifies a lot of header fields , Can achieve a variety of functions , But basically it can be divided into the following four categories ：
General fields ： It can appear in both the request header and the response header .
Request fields ： Can only appear in the request header , Further explain the request information or additional conditions .
Response fields ： It can only appear in the response header , Supplement the information of the response message .
Entity fields ： It's actually a generic field , But specifically describe body Additional information about .
Through to HTTP Setting of header field ,HTTP It provides the following important functions ：
Content negotiation ： The client and the server have agreed on the content of the response resource , Like language 、 Character set 、 Encoding mode 、 Compression type .
Cache management : According to the characteristics of resources, we can check whether the resources are cached to the client , Be careful max-age、no-cache、no-store、must-revalidate The difference between .
Entity type ： Through analysis Content-Type To get requests and responses MIME type .
Connection management ： Read configuration parameters to achieve long and short connection .
HTTP It's transmitted in clear text , There are several risks ：
The risk of eavesdropping ： Confidentiality of information , For example, the communication content can be obtained on the communication link .
Risk of tampering ： Information integrity , For example, forcing spam .
Pretend to be a risk ： Identity recognition , For example, fake websites like Taobao .
Mixed encryption Achieve the confidentiality of information .
Abstract algorithm The way to achieve integrity , It can generate unique serial numbers for data .
Put the server
Public key Put in
digital certificate in , It's solved
Pretend to be The risk of .
Here we need to pay attention to the general situation HTTP The default is 80 port , and HTTPS Default 443 port .
encryption algorithm It is divided into
Symmetric encryption Follow
Asymmetric encryption .
Symmetric encryption ： Encryption and decryption use a key , It's fast , The key must be kept secret , No secure key exchange . Common encryption algorithms are AES、DES、RC4、BlowFish etc. .
Asymmetric encryption ： Use Public key and Private key Two keys , The public key can be distributed arbitrarily while the private key is kept secret , Solved the key exchange problem, but it was slow . The derivation from private key to public key is one-way , It can guarantee the security of the private key . Common encryption algorithms are RSA、 DSA、Diffie-Hellman etc. .
HTTPS It's using
Symmetric encryption +
Asymmetric encryption =
Mixed encryption The way ：
Before the establishment of communication Asymmetric encryption Exchange secret keys in different ways , In the future, asymmetric encryption will not be used .
In the process of communication Symmetric encryption Encryption of plaintext data by means of session secret key .
The main feature of the algorithm is that the encryption process does not need a key , And encrypted data cannot be decrypted , At present, the only thing that can be decrypted is CRC32 Algorithm , Only by inputting the same plaintext data and passing through the same message digest algorithm can we get the same ciphertext .
Message digest algorithm is mainly used in
digital signature field , As a summary algorithm for plaintext . The famous summarization algorithms are RSA The company's MD5 Algorithm and SHA-1 Algorithms and a lot of variations .
The client generates the digest from the plaintext data through the specified digest algorithm .
Plaintext data + Abstract algorithm It's encrypted by public key and then transmitted .
After receiving the message, the server decrypts the message with the private key to get the plaintext + Abstract .
The server uses the same digest algorithm to digest plaintext .
Compare the two summaries generated by the client and the server , In order to check whether the data is complete .
Asymmetric encryption , The client saves the public key ,
How to ensure the accuracy of public key is a difficult problem , If someone steals the server's public key to do something , In the whole process of data transmission, the client and server are not aware of the existence of a third party , But the information has been leaked for a long time ！
The key to the problem is How to ensure that the client receives the server's public key ！ here digital certificate And that's what happened , It encrypts data based on the private key mentioned above , Public key decryption to verify its identity .
authority Certification authority , There are only a few authoritative companies in the world , The organization uses RSA Generate a pair of public and private keys .
Server public key content + Issuer ID + To whom is the certificate issued Subject + The period of validity + Other information = In plain text P
In plain text P after Hash Algorithm to generate H1, use CA The private key pair of H1 Conduct RSA Encrypted access S.
P + S = digital certificate .
After the client gets the digital certificate , Use the same Hash Algorithm to P Conduct Hash To calculate the H2.
We use it CA Public key decryption S I got a H3.
Compare H2 Follow H3 Whether or not the same , It also shows that this certificate OK. Different explanation P Has been modified or the certificate is not CA Issued by .
You can take out the server public key correctly , Get it done ！
to TCP Three handshakes of , Then prepare for encrypted communication , Before you start encrypting communications , Client and server must first establish connection and exchange parameters , This process is called handshaking
HandShake, That's what I said all the time SSL/TLS modular , So what is its main workflow , You can think of it as ClientHello、ServerHello、Finish.
The client sends an encrypted communication request to the server : Given by client SSL/TLS Agreement version No + A client generated random number
Random1+ Client supported encryption methods .
Server side confirmation SSL/TLS Does the version support , Confirm the encryption algorithm used , Generate random number
Random2( Used to generate session secret key ), Build server digital certificate .
Client certificate verification
Client pass CA The public key confirms the authenticity of the server's digital certificate , Retrieve the server public key .
The client generates a random number
Random3, Encrypted with the server's public key
PreMaster KeyAnd send it to The server , Send another appointment encryption algorithm .
The server decrypts with the private key
Random3. So far, both the server and the client use the same encryption algorithm Random1 + Random2 + Random3 =
Conversation key Session Key, Later communication will use this to encrypt communication .
The client generates a summary of the previous handshake message and encrypts it with the agreed secret key , This is the first encrypted message sent by the client . The server will decrypt with the secret key after receiving it , If it can be solved, it means that the secret keys negotiated above are consistent .
The server finally responded
Random3+ Final encryption algorithm It is finally decided that
Conversation key Session Key.
The server tells the client that the encryption algorithm has changed , I'll use it later Session Key Encrypted information .
The server will also generate a digest of the handshake message and encrypt it with a secret key , This is the first encrypted message sent by the server . The client will decrypt with the secret key after receiving it , It shows that the key to negotiation is the same .
Send data normally
thus , Both sides have safely negotiated the same secret key , SSL/TLS The handshake phase is over . All application layer data will be encrypted with this secret key before passing through TCP For reliable transmission .
at present HTTP Version is divided into HTTP/1.1、HTTP/2、HTTP/3 Three versions , The mainstream uses the first two .
HTTP/1.1 Compared with the old version, the advantages and disadvantages are as follows ：
TCP Start using long connections instead of short ones to avoid unnecessary performance overhead .
Like sending ABC when B There's no need to wait for the delivery of A Start sending after sending B.
request / The response header is sent without compression , Can only compress Body part .
Send redundant configuration information back and forth .
Can cause head obstruction .
FIFO Pattern , There is no concept of priority .
Only client requests , Server response .
HTTP/2 The protocol is based on HTTPS Of , We have done the downward compatibility and the following optimization .
The head of compression ： introduce
HPACK Algorithm , Maintain a header table at both the client and the server , All the fields are stored in this table , The head repeats the information back and forth, no longer sends the original value, just send the index number directly .
Binary transmission ： The new version uses a more computer friendly binary mode of transmission , Data is transmitted by frame .
Streaming priority transmission ： Press Stream Distinguish between different request response packets , Every Stream They all have separate numbers . And you can also specify priorities .
Multiplexing ： Multiple streams in a connection can send and receive requests at the same time - Reply data frame , The packets in each stream are transmitted and assembled in sequence , Each stream is independent , So who's going to deal with the request first , Who can send the response to the other party first through the connection .
Server push ： The server will take the initiative Push may be used JS、CSS etc. static Variable .
Blocking problem ：HTTP/2 The frame transmission is carried out in the application layer , The final data has to be processed TCP transmission , and TCP It's a reliable connection , With packet loss retransmission function . If there is a packet loss, it will result in all HTTP The request is waiting for the lost packet to be retransmitted .
HTTP/3 hold TCP The agreement was changed to UDP, because UDP It doesn't matter the order 、 No matter what the packet loss is , meanwhile Google stay UDP It's also added on the basis of TCP Connection management 、 Congestion window 、 Flow control and other mechanisms , This set of agreements we call QUIC agreement . As a whole HTTP/3 The optimization points are as follows ：
QUIC A unique mechanism to ensure the reliability of transmission . When a packet loss occurs to a stream , It will only block the flow , Other streams will not be affected .
TLS The algorithm is also developed by 1.2 Upgrade to 1.3, The head compression algorithm is upgraded to QPack.
HTTP/3 Three communications before that TCP handshake + TLS Three encryption interactions .QUIC The bottom layer will 6 The two steps merged into one 3 Step .
QUIC It's a UDP Above TCP + TLS + HTTP/2 The protocol of multiplexing .
HTTP What's so powerful is that he just prescribed header + body Basic framework , It can be customized , At the same time, its bottom layer is pluggable components , such as SSL/TLS The addition of , Binary frame transfer ,UDP Replace TCP wait .
Whether it's TCP still QUIC It's guaranteed that Reliability of data transmission .
request - Response mode
HTTP yes be based on - request The response model realizes the transmission of data .
HTTP Every request of - Responses are stateless , Therefore, each sending and receiving message is completely independent , If you want to achieve some chain reaction, you need to use Session Follow Cookie Mechanism .
Application layer protocol
HTTP It's just a transport protocol defined in the application layer , The bottom layer of it is TCP Protocol transfer data .
common HTTP Status code There are five types .
I only gave a general explanation TCP/IP The application layer and the transport layer of the protocol , Network layer , Look at a more detailed version TCP/IP agreement .
HTTP Ten thousand character handout ：https://t.1yb.co/gcKW
Special topic of Kobayashi network ：https://t.1yb.co/fQG3
HTTP Status code ：http://tools.jb51.net/table/http_status_code
TCP/IP Explain ：https://developer.51cto.com/art/201906/597961.htm