使用 TCP 时是否需要使用校验和来保护我的消息? [英] Do I need to secure my messages with checksum when using TCP?
问题描述
使用 TCP 作为网络协议,在通过线路发送消息之前,我为每条消息的大小(以及可能的校验和?)添加前缀.我想知道,计算和传输消息的校验和是否有意义,以确保消息将被传递(如果以及何时传递)不变,例如因为一些网络错误.目前,在发送消息本身之前,我正在发送消息的 4 字节大小 + 2 字节校验和 (CRC-16).另一个端点正确识别预期的消息长度,读取它并验证校验和.
Using TCP as the network protocol, I prefix the size (and potentially checksum?) of each message before sending the message through the wire. I'd like to know, does it make sense to calculate and transmit the checksum of the message, to ensure that the message will be delivered (if and when it will be delivered) unchanged, e.g. because of some network error. Currently I'm sending 4-byte size + 2-byte checksum (CRC-16) of the message, before sending the message itself. The other endpoint correctly identifies expected message length, reads it, and validates the checksum.
我知道 TCP 具有内部数据包验证机制,我强烈认为我在应用程序级别的消息验证是多余的,但我不确定,在我做出决定之前需要您的建议.
I know that TCP has internal packet validation mechanism, and I have a strong feeling that my message validation at application level is redundant, but I'm not sure and need your advice before I make a decision.
我正在开发客户端-服务器应用程序,每天有数以万计的潜在连接到服务器.即使任何消息中的单个损坏字节也可能导致交换整个错误消息链,这是不可接受的(好吧,几乎所有客户端 - 服务器应用程序都有相同的要求,不是吗).所以我想确定 - 我可以安全地信任 TCP 的内部可靠性,还是提供我自己的校验和验证机制更好.我说的是小的两字节校验和(CRC-16),我不是在谈论数字签名消息等(并且系统是使用套接字在 .Net (C#) 中开发的,如果这有什么不同的话).
I'm in the process of developing the client-server application, with tens of thousands potential connections to the server daily. Even a single damaged byte in any of the messages might cause whole chain of incorrect messages exchanged, which is unacceptable (well, almost all client-server applications have the same requirements, don't they). So I want to be sure - can I safely trust TCP's internal reliability, or is it better to provide my own checksum validation mechanism. And I'm talking about small, two byte checksums (CRC-16), I'm not talking about digitally signing messages, etc. (And the system is developed in .Net (C#) using sockets, if that makes any difference).
推荐答案
根据这篇论文 校验和将无法检测大约 1600 万到 100 亿分之一的错误".假设数据包大小为 1024 字节,这相当于每 16 GB 到 10 TB 的网络流量就有一个未检测到的错误.
According to this paper "the checksum will fail to detect errors for roughly 1 in 16 million to 10 billion packets". Assuming a packet size of 1024 bytes, this amounts to one undetected error every 16 GB to 10 TB of network traffic.
许多协议,如 HTTP、FTP、SMTP 以及可能更多的协议都依赖于底层的校验和.鉴于上述数字,我认为这种做法有问题.
Many protocols like HTTP, FTP, SMTP and probably many more rely on the checksums in the underlying layers. It is my belief that this practice is questionable given the above numbers.
旁注:硬盘驱动器也是如此.典型的台式机驱动器在 10 TB 读取中具有 1 位的错误检测能力.读取您的 2 TB 磁盘 5 次,平均您将遭受一次损坏事件.
Sidenote: The same is true for hard drives as well. Typical desktop drives have an error detection capability of 1 bit in 10 TB read. Read your 2 TB disk 5 times and on average you will suffer one incident of corruption.
回答您的问题:如果您对非常罕见的虚假故障的容忍度为中到高,请不要费心进行校验和.如果您不能容忍任何损坏,请在您的协议中添加校验和.
To answer your question: if your tolerance for very rare, spurious failures is medium to high, don't bother checksumming. If you can't tolerate any corruption, add a checksum to your protocol.
这篇关于使用 TCP 时是否需要使用校验和来保护我的消息?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
