TCP/IP详解 卷1：协议（英文版·第2版）

内容概要

　　《TCP/IP详解》是已故网络专家、著名技术作家W. Richard
Stevens的传世之作，内容详尽且极具权威，被誉为TCP/IP领域的不朽名著。
　　本书是《TCP/IP详解》的第1卷，主要讲述TCP/IP协议，结合大量实例讲述TCP/IP协议族的定义原因，以及在各种不同的操作系统中的应用及工作方式。第2版在保留Stevens卓越的知识体系和写作风格的基础上，新加入的作者Kevin
R.
Fall结合其作为TCP/IP协议研究领域领导者的尖端经验来更新本书，反映了最新的协议和最佳的实践方法。首先，他介绍了TCP/IP的核心目标和体系结构概念，展示了它们如何能连接不同的网络和支持多个服务同时运行。接着，他详细解释了IPv4和IPv6网络中的互联网地址。然后，他采用自底向上的方式来介绍TCP/IP的结构和功能：从链路层协议（如Ethernet和Wi-Fi），经网络层、传输层到应用层。
　　书中依次全面介绍了ARP、DHCP、NAT、防火墙、ICMPv4/ICMPv6、广播、多播、UDP、DNS等，并详细介绍了可靠传输和TCP，包括连接管理、超时、重传、交互式数据流和拥塞控制。此外，还介绍了安全和加密的基础知识，阐述了当前用于保护安全和隐私的重要协议，包括EAP、IPsec、TLS、DNSSEC和DKIM。
　　本书适合任何希望理解TCP/IP协议如何实现的人阅读，更是TCP/IP领域研究人员和开发人员的权威参考书。无论你是初学者还是功底深厚的网络领域高手，本书都是案头必备，将帮助你更深入和直观地理解整个协议族，构建更好的应用和运行更可靠、更高效的网络。

作者简介

　　Kevin R.
Fall博士有超过25年的TCP/IP工作经验，并且是互联网架构委员会成员。他是互联网研究任务组中延迟容忍网络研究组（DTNRG）的联席主席，该组致力于在极端和挑战性能的环境中探索网络。他是一位IEEE院士。
　　W. Richard
Stevens博士（1951—1999）是国际知名的Unix和网络专家，受人尊敬的技术作家和咨询顾问。他教会了一代网络专业人员使用TCP/IP的技能，使互联网成为人们日常生活的中心。Stevens于1999年9月1日去世，年仅48岁。在短暂但精彩的人生中，他著有多部经典的传世之作，包括《TCP/IP
详解》（三卷本）、《UNIX网络编程》（两卷本）以及《UNIX环境高级编程》。2000年他被国际权威机构Usenix追授“终身成就奖”。

书籍目录

Foreword v
Chapter 1 Introduction
1.1 Architectural Principles
1.1.1 Packets, Connections, and Datagrams
1.1.2 The End-to-End Argument and Fate Sharing
1.1.3 Error Control and Flow Control
1.2 Design and Implementation
1.2.1 Layering
1.2.2 Multiplexing, Demultiplexing, and Encapsulation in
Layered
Implementations
1.3 The Architecture and Protocols of the TCP/IP Suite
1.3.1 The ARPANET Reference Model
1.3.2 Multiplexing, Demultiplexing, and Encapsulation in
TCP/IP
1.3.3 Port Numbers
1.3.4 Names, Addresses, and the DNS
1.4 Internets, Intranets, and Extranets
1.5 Designing Applications
1.5.1 Client/Server
1.5.2 Peer-to-Peer
1.5.3 Application Programming Interfaces (APIs)
Preface to the Second Edition vii
Adapted Preface to the First Edition xiii
1.6 Standardization Process
1.6.1 Request for Comments (RFC)
1.6.2 Other Standards
1.7 Implementations and Software Distributions
1.8 Attacks Involving the Internet Architecture
1.9 Summary
1.10 References
Chapter 2 The Internet Address Architecture
2.1 Introduction
2.2 Expressing IP Addresses
2.3 Basic IP Address Structure
2.3.1 Classful Addressing
2.3.2 Subnet Addressing
2.3.3 Subnet Masks
2.3.4 Variable-Length Subnet Masks (VLSM)
2.3.5 Broadcast Addresses
2.3.6 IPv6 Addresses and Interface Identifiers
2.4 CIDR and Aggregation
2.4.1 Prefixes
2.4.2 Aggregation
2.5 Special-Use Addresses
2.5.1 Addressing IPv4/IPv6 Translators
2.5.2 Multicast Addresses
2.5.3 IPv4 Multicast Addresses
2.5.4 IPv6 Multicast Addresses
2.5.5 Anycast Addresses
2.6 Allocation
2.6.1 Unicast
2.6.2 Multicast
2.7 Unicast Address Assignment
2.7.1 Single Provider/No Network/Single Address
2.7.2 Single Provider/Single Network/Single Address
2.7.3 Single Provider/Multiple Networks/Multiple Addresses
2.7.4 Multiple Providers/Multiple Networks/Multiple Addresses
(Multihoming)
Contents xvii
2.8 Attacks Involving IP Addresses
2.9 Summary
2.10 References
Chapter 3 Link Layer
3.1 Introduction
3.2 Ethernet and the IEEE 802 LAN/MAN Standards
3.2.1 The IEEE 802 LAN/MAN Standards
3.2.2 The Ethernet Frame Format
3.2.3 802.1p/q: Virtual LANs and QoS Tagging
3.2.4 802.1AX: Link Aggregation (Formerly 802.3ad)
3.3 Full Duplex, Power Save, Autonegotiation, and 802.1X Flow
Control
3.3.1 Duplex Mismatch
3.3.2 Wake-on LAN (WoL), Power Saving, and Magic Packets
3.3.3 Link-Layer Flow Control
3.4 Bridges and Switches
3.4.1 Spanning Tree Protocol (STP)
3.4.2 802.1ak: Multiple Registration Protocol (MRP)
3.5 Wireless LANs—IEEE 802.11(Wi-Fi)
3.5.1 802.11 Frames
3.5.2 Power Save Mode and the Time Sync Function (TSF)
3.5.3 802.11 Media Access Control
3.5.4 Physical-Layer Details: Rates, Channels, and
Frequencies
3.5.5 Wi-Fi Security
3.5.6 Wi-Fi Mesh (802.11s)
3.6 Point-to-Point Protocol (PPP)
3.6.1 Link Control Protocol (LCP)
3.6.2 Multi link PPP (MP)
3.6.3 Compression Control Protocol (CCP)
3.6.4 PPP Authentication
3.6.5 Network Control Protocols (NCPs)
3.6.6 Header Compression
3.6.7 Example
3.7 Loopback
3.8 MTU and Path MTU
3.9 Tunneling Basics
3.9.1 Unidirectional Links
x viii Contents
3.10 Attacks on the Link Layer
3.11 Summary
3.12 References
Chapter 4 ARP: Address Resolution Protocol
4.1 Introduction
4.2 An Example
4.2.1 Direct Delivery and ARP
4.3 ARP Cache
4.4 ARP Frame Format
4.5 ARP Examples
4.5.1 Normal Example
4.5.2 ARP Request to a Nonexistent Host
4.6 ARP Cache Timeout
4.7 Proxy ARP
4.8 Gratuitous ARP and Address Conflict Detection (ACD)
4.9 The arp Command
4.10 Using ARP to Set an Embedded Device’s IPv4 Address
4.11 Attacks Involving ARP
4.12 Summary
4.13 References
Chapter 5 The Internet Protocol (IP)
5.1 Introduction
5.2 IPv4 and IPv6 Headers
5.2.1 IP Header Fields
5.2.2 The Internet Checksum
5.2.3 DS Field and ECN (Formerly Called the ToS Byte or IPv6
Traffic Class)
5.2.4 IP Options
5.3 IPv6 Extension Headers
5.3.1 IPv6 Options
5.3.2 Routing Header
5.3.3 Fragment Header
5.4 IP Forwarding
5.4.1 Forwarding Table
5.4.2 IP Forwarding Actions
Contents xix
5.4.3 Examples
5.4.4 Discussion
5.5 Mobile IP
5.5.1 The Basic Model: Bidirectional Tunneling
5.5.2 Route Optimization (RO)
5.5.3 Discussion
5.6 Host Processing of IP Datagrams
5.6.1 Host Models
5.6.2 Address Selection
5.7 Attacks Involving IP
5.8 Summary
5.9 References
Chapter 6 System Configuration: DHCP and Autoconfiguration
6.1 Introduction
6.2 Dynamic Host Configuration Protocol (DHCP)
6.2.1 Address Pools and Leases
6.2.2 DHCP and BOOTP Message Format
6.2.3 DHCP and BOOTP Options
6.2.4 DHCP Protocol Operation
6.2.5 DHCPv6
6.2.6 Using DHCP with Relays
6.2.7 DHCP Authentication
6.2.8 Reconfigure Extension
6.2.9 Rapid Commit
6.2.10 Location Information (LCI and LoST)
6.2.11 Mobility and Handoff Information (MoS and ANDSF)
6.2.12 DHCP Snooping
6.3 Stateless Address Autoconfiguration (SLAAC)
6.3.1 Dynamic Configuration of IPv4 Link-Local Addresses
6.3.2 IPv6 SLAAC for Link-Local Addresses
6.4 DHCP and DNS Interaction
6.5 PPP over Ethernet (PPPoE)
6.6 Attacks Involving System Configuration
6.7 Summary
6.8 References
xx Contents
Chapter 7 Firewalls and Network Address Translation (NAT)
7.1 Introduction
7.2 Firewalls
7.2.1 Packet-Filtering Firewalls
7.2.2 Proxy Firewalls
7.3 Network Address Translation (NAT)
7.3.1 Traditional NAT: Basic NAT and NAPT
7.3.2 Address and Port Translation Behavior
7.3.3 Filtering Behavior
7.3.4 Servers behind NATs
7.3.5 Hairpinning and NAT Loopback
7.3.6 NAT Editors
7.3.7 Service Provider NAT (SPNAT) and Service Provider IPv
Transition
7.4 NAT Traversal
7.4.1 Pinholes and Hole Punching
7.4.2 UNilateral Self-Address Fixing (UNSAF)
7.4.3 Session Traversal Utilities for NAT (STUN)
7.4.4 Traversal Using Relays around NAT (TURN)
7.4.5 Interactive Connectivity Establishment (ICE)
7.5 Configuring Packet-Filtering Firewalls and NATs
7.5.1 Firewall Rules
7.5.2 NAT Rules
7.5.3 Direct Interaction with NATs and Firewalls: UPnP,
NAT-PMP,
and PCP
7.6 NAT for IPv4/IPv6 Coexistence and Transition
7.6.1 Dual-Stack Lite (DS-Lite)
7.6.2 IPv4/IPv6 Translation Using NATs and ALGs
7.7 Attacks Involving Firewalls and NATs
7.8 Summary
7.9 References
Chapter 8 ICMPv4 and ICMPv6: Internet Control Message
Protocol
8.1 Introduction
8.1.1 Encapsulation in IPv4 and IPv6
8.2 ICMP Messages
8.2.1 ICMPv4 Messages
Contents xxi
8.2.2 ICMPv6 Messages
8.2.3 Processing of ICMP Messages
8.3 ICMP Error Messages
8.3.1 Extended ICMP and Multipart Messages
8.3.2 Destination Unreachable (ICMPv4 Type 3, ICMPv6 Type 1)
and Packet Too Big (ICMPv6 Type 2)
8.3.3 Redirect (ICMPv4 Type 5, ICMPv6 Type 137)
8.3.4 ICMP Time Exceeded (ICMPv4 Type 11, ICMPv6 Type 3)
8.3.5 Parameter Problem (ICMPv4 Type 12, ICMPv6 Type 4)
8.4 ICMP Query/Informational Messages
8.4.1 Echo Request/Reply (ping) (ICMPv4 Types 0/8, ICMPv6
Types
129/128)
8.4.2 Router Discovery: Router Solicitation and Advertisement
(ICMPv4 Types 9, 10)
8.4.3 Home Agent Address Discovery Request/Reply (ICMPv6
Types
144/145)
8.4.4 Mobile Prefix Solicitation/Advertisement (ICMPv6 Types
146/147)
8.4.5 Mobile IPv6 Fast Handover Messages (ICMPv6 Type 154)
8.4.6 Multicast Listener Query/Report/Done (ICMPv6 Types
130/131/132)
8.4.7 Version 2 Multicast Listener Discovery (MLDv2) (ICMPv
Type 143)
8.4.8 Multicast Router Discovery (MRD) (IGMP Types 48/49/50,
ICMPv6 Types 151/152/153)
8.5 Neighbor Discovery in IPv6
8.5.1 ICMPv6 Router Solicitation and Advertisement (ICMPv6
Types
133, 134)
8.5.2 ICMPv6 Neighbor Solicitation and Advertisement (IMCPv6
Types
135, 136)
8.5.3 ICMPv6 Inverse Neighbor Discovery
Solicitation/Advertisement
(ICMPv6 Types 141/142)
8.5.4 Neighbor Unreachability Detection (NUD)
8.5.5 Secure Neighbor Discovery (SEND)
8.5.6 ICMPv6 Neighbor Discovery (ND) Options
8.6 Translating ICMPv4 and ICMPv6
8.6.1 Translating ICMPv4 to ICMPv6
8.6.2 Translating ICMPv6 to ICMPv4
8.7 Attacks Involving ICMP
x xii Contents
8.8 Summary
8.9 References
Chapter 9 Broadcasting and Local Multicasting (IGMP and MLD)
9.1 Introduction
9.2 Broadcasting
9.2.1 Using Broadcast Addresses
9.2.2 Sending Broadcast Datagrams
9.3 Multicasting
9.3.1 Converting IP Multicast Addresses to 802 MAC/Ethernet
Addresses
9.3.2 Examples
9.3.3 Sending Multicast Datagrams
9.3.4 Receiving Multicast Datagrams
9.3.5 Host Address Filtering
9.4 The Internet Group Management Protocol (IGMP) and Multicast
Listener
Discovery Protocol (MLD)
9.4.1 IGMP and MLD Processing by Group Members (“Group
Member Part”)
9.4.2 IGMP and MLD Processing by Multicast Routers
(“Multicast
Router Part”)
9.4.3 Examples
9.4.4 Lightweight IGMPv3 and MLDv2
9.4.5 IGMP and MLD Robustness
9.4.6 IGMP and MLD Counters and Variables
9.4.7 IGMP and MLD Snooping
9.5 Attacks Involving IGMP and MLD
9.6 Summary
9.7 References
Chapter 10 User Datagram Protocol (UDP) and IP Fragmentation
10.1 Introduction
10.2 UDP Header
10.3 UDP Checksum
10.4 Examples
10.5 UDP and IPv6
10.5.1 Teredo: Tunneling IPv6 through IPv4 Networks
Contents xxiii
10.6 UDP-Lite
10.7 IP Fragmentation
10.7.1 Example: UDP/IPv4 Fragmentation
10.7.2 Reassembly Timeout
10.8 Path MTU Discovery with UDP
10.8.1 Example
10.9 Interaction between IP Fragmentation and ARP/ND
10.10 Maximum UDP Datagram Size
10.10.1 Implementation Limitations
10.10.2 Datagram Truncation
10.11 UDP Server Design
10.11.1 IP Addresses and UDP Port Numbers
10.11.2 Restricting Local IP Addresses
10.11.3 Using Multiple Addresses
10.11.4 Restricting Foreign IP Address
10.11.5 Using Multiple Servers per Port
10.11.6 Spanning Address Families: IPv4 and IPv6
10.11.7 Lack of Flow and Congestion Control
10.12 Translating UDP/IPv4 and UDP/IPv6 Datagrams
10.13 UDP in the Internet
10.14 Attacks Involving UDP and IP Fragmentation
10.15 Summary
10.16 References
Chapter 11 Name Resolution and the Domain Name System (DNS)
11.1 Introduction
11.2 The DNS Name Space
11.2.1 DNS Naming Syntax
11.3 Name Servers and Zones
11.4 Caching
11.5 The DNS Protocol
11.5.1 DNS Message Format
11.5.2 The DNS Extension Format (EDNS0)
11.5.3 UDP or TCP
11.5.4 Question (Query) and Zone Section Format
11.5.5 Answer, Authority, and Additional Information Section
Formats
11.5.6 Resource Record Types
x xiv Contents
11.5.7 Dynamic Updates (DNS UPDATE)
11.5.8 Zone Transfers and DNS NOTIFY
11.6 Sort Lists, Round-Robin, and Split DNS
11.7 Open DNS Servers and DynDNS
11.8 Transparency and Extensibility
11.9 Translating DNS from IPv4 to IPv6 (DNS64)
11.10 LLMNR and mDNS
11.11 LDAP
11.12 Attacks on the DNS
11.13 Summary
11.14 References
Chapter 12 TCP: The Transmission Control Protocol
(Preliminaries)
12.1 Introduction
12.1.1 ARQ and Retransmission
12.1.2 Windows of Packets and Sliding Windows
12.1.3 Variable Windows: Flow Control and Congestion Control
12.1.4 Setting the Retransmission Timeout
12.2 Introduction to TCP
12.2.1 The TCP Service Model
12.2.2 Reliability in TCP
12.3 TCP Header and Encapsulation
12.4 Summary
12.5 References
Chapter 13 TCP Connection Management
13.1 Introduction
13.2 TCP Connection Establishment and Termination
13.2.1 TCP Half-Close
13.2.2 Simultaneous Open and Close
13.2.3 Initial Sequence Number (ISN)
13.2.4 Example
13.2.5 Timeout of Connection Establishment
13.2.6 Connections and Translators
13.3 TCP Options
13.3.1 Maximum Segment Size (MSS) Option
Contents xxv
13.3.2 Selective Acknowledgment (SACK) Options
13.3.3 Window Scale (WSCALE or WSOPT) Option
13.3.4 Timestamps Option and Protection against Wrapped
Sequence Numbers (PAWS)
13.3.5 User Timeout (UTO) Option
13.3.6 Authentication Option (TCP-AO)
13.4 Path MTU Discovery with TCP
13.4.1 Example
13.5 TCP State Transitions
13.5.1 TCP State Transition Diagram
13.5.2 TIME_WAIT (2MSL Wait) State
13.5.3 Quiet Time Concept
13.5.4 FIN_WAIT_2 State
13.5.5 Simultaneous Open and Close Transitions
13.6 Reset Segments
13.6.1 Connection Request to Nonexistent Port
13.6.2 Aborting a Connection
13.6.3 Half-Open Connections
13.6.4 TIME-WAIT Assassination (TWA)
13.7 TCP Server Operation
13.7.1 TCP Port Numbers
13.7.2 Restricting Local IP Addresses
13.7.3 Restricting Foreign Endpoints
13.7.4 Incoming Connection Queue
13.8 Attacks Involving TCP Connection Management
13.9 Summary
13.10 References
Chapter 14 TCP Timeout and Retransmission
14.1 Introduction
14.2 Simple Timeout and Retransmission Example
14.3 Setting the Retransmission Timeout (RTO)
14.3.1 The Classic Method
14.3.2 The Standard Method
14.3.3 The Linux Method
14.3.4 RTT Estimator Behaviors
14.3.5 RTTM Robustness to Loss and Reordering
x xvi Contents
14.4 Timer-Based Retransmission
14.4.1 Example
14.5 Fast Retransmit
14.5.1 Example
14.6 Retransmission with Selective Acknowledgments
14.6.1 SACK Receiver Behavior
14.6.2 SACK Sender Behavior
14.6.3 Example
14.7 Spurious Timeouts and Retransmissions
14.7.1 Duplicate SACK (DSACK) Extension
14.7.2 The Eifel Detection Algorithm
14.7.3 Forward-RTO Recovery (F-RTO)
14.7.4 The Eifel Response Algorithm
14.8 Packet Reordering and Duplication
14.8.1 Reordering
14.8.2 Duplication
14.9 Destination Metrics
14.10 Repacketization
14.11 Attacks Involving TCP Retransmission
14.12 Summary
14.13 References
Chapter 15 TCP Data Flow and Window Management
15.1 Introduction
15.2 Interactive Communication
15.3 Delayed Acknowledgments
15.4 Nagle Algorithm
15.4.1 Delayed ACK and Nagle Algorithm Interaction
15.4.2 Disabling the Nagle Algorithm
15.5 Flow Control and Window Management
15.5.1 Sliding Windows
15.5.2 Zero Windows and the TCP Persist Timer
15.5.3 Silly Window Syndrome (SWS)
15.5.4 Large Buffers and Auto-Tuning
15.6 Urgent Mechanism
15.6.1 Example
15.7 Attacks Involving Window Management
Contents xxvii
15.8 Summary
15.9 References
Chapter 16 TCP Congestion Control
16.1 Introduction
16.1.1 Detection of Congestion in TCP
16.1.2 Slowing Down a TCP Sender
16.2 The Classic Algorithms
16.2.1 Slow Start
16.2.2 Congestion Avoidance
16.2.3 Selecting between Slow Start and Congestion Avoidance
16.2.4 Tahoe, Reno, and Fast Recovery
16.2.5 Standard TCP
16.3 Evolution of the Standard Algorithms
16.3.1 NewReno
16.3.2 TCP Congestion Control with SACK
16.3.3 Forward Acknowledgment (FACK) and Rate Halving
16.3.4 Limited Transmit
16.3.5 Congestion Window Validation (CWV)
16.4 Handling Spurious RTOs—the Eifel Response Algorithm
16.5 An Extended Example
16.5.1 Slow Start Behavior
16.5.2 Sender Pause and Local Congestion (Event 1)
16.5.3 Stretch ACKs and Recovery from Local Congestion
16.5.4 Fast Retransmission and SACK Recovery (Event 2)
16.5.5 Additional Local Congestion and Fast Retransmit Events
16.5.6 Timeouts, Retransmissions, and Undoing cwnd Changes
16.5.7 Connection Completion
16.6 Sharing Congestion State
16.7 TCP Friendliness
16.8 TCP in High-Speed Environments
16.8.1 HighSpeed TCP (HSTCP) and Limited Slow Start
16.8.2 Binary Increase Congestion Control (BIC and CUBIC)
16.9 Delay-Based Congestion Control
16.9.1 Vegas
16.9.2 FAST
x xviii Contents
16.9.3 TCP Westwood and Westwood+
16.9.4 Compound TCP
16.10 Buffer Bloat
16.11 Active Queue Management and ECN
16.12 Attacks Involving TCP Congestion Control
16.13 Summary
16.14 References
Chapter 17 TCP Keepalive
17.1 Introduction
17.2 Description
17.2.1 Keepalive Examples
17.3 Attacks Involving TCP Keepalives
17.4 Summary
17.5 References
Chapter 18 Security: EAP, IPsec, TLS, DNSSEC, and DKIM
18.1 Introduction
18.2 Basic Principles of Information Security
18.3 Threats to Network Communication
18.4 Basic Cryptography and Security Mechanisms
18.4.1 Cryptosystems
18.4.2 Rivest, Shamir, and Adleman (RSA) Public Key
Cryptography
18.4.3 Diffie-Hellman-Merkle Key Agreement (aka Diffie-Hellman or
DH)
18.4.4 Signcryption and Elliptic Curve Cryptography (ECC)
18.4.5 Key Derivation and Perfect Forward Secrecy (PFS)
18.4.6 Pseudorandom Numbers, Generators, and Function
Families
18.4.7 Nonces and Salt
18.4.8 Cryptographic Hash Functions and Message Digests
18.4.9 Message Authentication Codes (MACs, HMAC, CMAC, and
GMAC)
18.4.10 Cryptographic Suites and Cipher Suites
18.5 Certificates, Certificate Authorities (CAs), and PKIs
18.5.1 Public Key Certificates, Certificate Authorities, and
X.509
18.5.2 Validating and Revoking Certificates
18.5.3 Attribute Certificates
Contents xxix
18.6 TCP/IP Security Protocols and Layering
18.7 Network Access Control: 802.1X, 802.1AE, EAP, and PANA
18.7.1 EAP Methods and Key Derivation
18.7.2 The EAP Re-authentication Protocol (ERP)
18.7.3 Protocol for Carrying Authentication for Network Access
(PANA)
18.8 Layer 3 IP Security (IPsec)
18.8.1 Internet Key Exchange (IKEv2) Protocol
18.8.2 Authentication Header (AH)
18.8.3 Encapsulating Security Payload (ESP)
18.8.4 Multicast
18.8.5 L2TP/IPsec
18.8.6 IPsec NAT Traversal
18.8.7 Example
18.9 Transport Layer Security (TLS and DTLS)
18.9.1 TLS 1.2
18.9.2 TLS with Datagrams (DTLS)
18.10 DNS Security (DNSSEC)
18.10.1 DNSSEC Resource Records
18.10.2 DNSSEC Operation
18.10.3 Transaction Authentication (TSIG, TKEY, and SIG(0))
18.10.4 DNSSEC with DNS64
18.11 DomainKeys Identified Mail (DKIM)
18.11.1 DKIM Signatures
18.11.2 Example
18.12 Attacks on Security Protocols
18.13 Summary
18.14 References
Glossary of Acronyms
Index

章节摘录

版权页：   插图：    1.1.2 The End-to-End Argument and Fate Sharing When large systems such as an operating system or protocol suite are being designed, a question often arises as to where a particular feature or function should be placed. One of the most important principles that influenced the design of the TCP/IP suite is called the end-to-end argument （SRC84）: The function in question can completely and correctly be implemented only with the knowledge and help of the application standing at the end points of the communication system. Therefore, providing that questioned function as a feature of the communication itself is not possible. （Sometimes an incomplete version of the function provided by the communication system may be useful as a performance enhancement.） This argument may seem fairly straightforward upon first reading but can have profound implications for communication system design. It argues that correctness and completeness can be achieved only by involving the application or ultimate user of the communication system. Efforts to correctly implement what the application is "likely" to need are doomed to incompleteness. In short, this principle argues that important functions （e.g., error control, encryption, delivery acknowledgment） should usually not be implemented at low levels （or layers; see Section 1.2.1） of large systems. However, low levels may provide capabilities that make the job of the endpoints somewhat easier and consequently may improve performance. A nuanced reading reveals that this argument suggests that lowlevel functions should not aim for perfection because a perfect guess at what the application may require is unlikely to be possible. The end-to-end argument tends to support a design with a "dumb" network and "smart" systems connected to the network. This is what we see in the TCP/IP design, where many functions （e.g., methods to ensure that data is not lost, controlling the rate at which a sender sends） are implemented in the end hosts where the applications reside. The selection of which functions are implemented together in the same computer or network or software stack is the subject of another related principle known as fate sharing （C88）. Fate sharing suggests placing all the necessary state to maintain an active communication association （e.g., virtual connection） at the same location with the communicating endpoints. With this reasoning, the only type of failure that destroys communication is one that also destroys one or more of the endpoints, which obviously destroys the overall communication anyhow. Fate sharing is one of the design philosophies that allows virtual connections （e.g., those implemented by TCP） to remain active even if connectivity within the network has failed for a （modest） period of time. Fate sharing also supports a "dumb network with smart end hosts" model and one of the ongoing tensions in today's Internet is what functions reside in the network and what functions do not. 1.1.3 Error Control and Flow Control There are some circumstances where data within a network gets damaged or lost. This can be for a variety of reasons such as hardware problems, radiation that modifies bits while being transmitted, being out of range in a wireless network, and other factors. Dealing with such errors is called error control, and it can be implemented in the systems constituting the network infrastructure, or in the systems that attach to the network, or some combination. Naturally, the end-to-end argument and fate sharing would suggest that error control be implemented close to or within applications. Usually, if a small number of bit errors are of concern, a number of mathemati cal codes can be used to detect and repair the bit errors when data is received or while it is in transit （LC04）. This task is routinely performed within the network. When more severe damage occurs in a packet network, entire packets are usu ally resent or retransmitted. In circuit-switched or VC-switched networks such as X.25, retransmission tends to be done inside the network. This may work well for applications that require strict in-order, error-free delivery of their data, but some applications do not require this capability and do not wish to pay the costs （such as connection establishment and potential retransmission delays） to have their data reliably delivered. Even a reliable file transfer application does not really care in what order the chunks of file data are delivered, provided it is eventually satis fied that all chunks are delivered without errors and can be reassembled back into the original order. As an alternative to the overhead of reliable, in-order delivery implemented within the network, a different type of service called best-effort delivery was adopted by Frame Relay and the Internet Protocol. With best-effort delivery, the network does not expend much effort to ensure that data is delivered without errors or gaps. Certain types of errors are usually detected using error-detecting codes or checksums, such as those that might affect where a datagram is directed, but when such errors are detected, the errant datagram is merely discarded without further action.

媒体关注与评论

“我认为本书之所以领先群伦、独一无二，是源于其对细节的注重和对历史的关注。书中介绍了计算机网络的背景知识，并提供了解决不断演变的网络问题的各种方法。本书一直在不懈努力以获得精确的答案和探索剩余的问题域。对于致力于完善和保护互联网运营或探究解决长期存在问题的可选方案的工程师，本书提供的见解将是无价的。作者对当今互联网技术的全面阐述和透彻分析是值得称赞的。” —Vint Cerf, 互联网先驱对本书第2版的评论：    本书第1版自1994年出版以来，深受读者欢迎。但是时至今日，第1版的内容有些已经比较陈旧，而且没有涉及IPv6。现在，这部世界领先的TCP/IP畅销书已经被彻底更新，反映了新一代基于TCP/IP的网络技术。这本书仍保留了Stevens卓越的写作风格，简明、清晰，并且可以快速找到要点。这本书虽然超过一千页，但是并不啰嗦，每章解释一个协议或概念，复杂的TCP被分散到多章。我很欣赏本书的一个地方是每章都描述了已有的针对协议的攻击方法。如果你必须自己实现这些协议，并且不希望自己和前人一样遭受同样的攻击，这些信息将是无价的。这本书是日常工作中经常和TCP/IP打交道或进行网络软件开发的人必需的，即使你的工作并不基于IP协议，这本书仍然包含很多你可以用到的好想法。”——摘自Amazon读者评论对本书第1版的赞誉：    这本书必定是TCP/IP开发人员和用户的圣经。在我拿到本书并开始阅读的数分钟内，我就遇到了多个曾经困扰我的同事及我本人许久的难题，Stevens清晰和明确的阐述让我豁然开朗。他揭秘了此前一些网络专家讳莫如深的许多奥妙。我本人参与过几年TCP/IP的实现工作，以我的观点，这本书堪称目前最详尽的参考书了。 ——Robert A. Ciampa，3COM公司网络工程师  《TCP/IP详解 卷1》对于开发人员、网络管理员以及任何需要理解TCP/IP技术的人来说，都是极好的参考书。内容非常全面，既能提供足够的技术细节满足专家的需要，同时也为新手准备了足够的背景知识和相关注解。——Bob Williams，NetManage公司营销副总裁

编辑推荐

《TCP/IP详解(卷1):协议(英文版•第2版)》适合任何希望理解TCP/IP协议如何实现的人阅读，更是TCP/IP领域研究人员和开发人员的权威参考书。无论你是初学者还是功底深厚的网络领域高手，《TCP/IP详解(卷1):协议(英文版•第2版)》都是案头必备，将帮助你更深入和直观地理解整个协议族，构建更好的应用和运行更可靠、更高效的网络。

图书封面

图书标签Tags

无

评论、评分、阅读与下载

---

    TCP/IP详解 卷1：协议（英文版·第2版） PDF格式下载

---