Chapter 12: Networks
Figure 12-25.tcp_v4_do_rcvis a multiplexer that splits the code flow into different branches on the basis
of the socket state.The sections below deal with the individual options and associated actions but do not coverallof the
sometimes tricky and seldom used oddities of the TCP protocol. For this, see specialized publications
such as [WPR+01], [Ben05], and [Ste94].Three-WayHandshake
A connection must be established explicitly between a client and a host before a TCP link can be used. As
already noted, a distinction is made betweenactiveandpassiveconnection setup.The kernel (i.e., the kernel of both machines involved in the connection) sees the following situation
immediately prior to connection establishment — the state of the client process socket is CLOSED, that
of the server socket is LISTEN.A TCP connection is set up by means of a procedure that involves the exchange of three TCP packets and
is therefore known as athree-way handshake. As the state diagram in Figure 12-25 shows, the following
actions take place:❑ The client sends SYN to the server^26 to signal a connection request. The socket state of the client
changes from CLOSED to SYN_SENT.
❑ The server receives the connection request ona listening socket and returns SYN and ACK.^27
The state of the server socket changes from LISTEN to SYN_REC.
❑ The client socket receives the SYN/ACK packetand switches to the ESTABLISHED state, indi-
cating that a connection has been set up. An ACK packet is sent to the server.
❑ The server receives the ACK packet and also switches to the ESTABLISHED state. This concludes
connection setup on both sides, and data exchange can begin.In principle, a connection could be established using only one or two packets. However, there is then a
risk of faulty connections as a result of leftover packets of old connections between the same addresses
(IP addresses and port numbers). The purpose of the three-way handshake is to prevent this.A special characteristic of TCP links immediatelybecomes apparent when connections are established.
Each packet sent is given a sequence number, and receipt of each packet must be acknowledged by the
TCP instance at the receiving end. Let us take a look at the log of a connection request to a web server^28 :1 192.168.0.143 192.168.1.10 TCP 1025 > http [SYN] Seq=2895263889 Ack=0
2 192.168.1.10 192.168.0.143 TCP http > 1025 [SYN, ACK] Seq=2882478813 Ack=2895263890
3 192.168.0.143 192.168.1.10 TCP 1025 > http [ACK] Seq=2895263890 Ack=2882478814
The client generates random sequence number 2895263889 for the first packet; it is stored in the SEQ field
of the TCP header. The server responds to the arrival of this packet with a combined SYN/ACK packet
with a new sequence number (in our example, 2882478813 ). What we are interested in here is the contents
of the SEQ/ACK field (the numeric field, not the flag bit). The server fills this field by adding the number
of bytes received+1 to the sequence number received (the underlying principle is discussed below).(^26) This is the name given to an empty packet with a set SYN flag.
(^27) This step could be split into two parts by sending one packet with ACK and a second with SYN, but this is not done in practice.
(^28) Network connection data can be captured with tools such astcpdumpandwireshark.