ios telegram_Telegram-iOS部分4的源代码演练：MTProto连接

ios telegram

Mirror of hubo.dev

hubo.dev的镜像

TCP is the only active MTProto transport on Telegram-iOS as I explained in the previous post. Let’s continue with the implementation details of connection management for MTProto.

牛逼 CP是电报，iOS的唯一活动MTProto运输正如我在以前的帖子解释。 让我们继续进行MTProto连接管理的实现细节。

The major parts of network code reside in modules TelegramCore and MTProtoKit. I started my reading to answer a simple question:

网络代码的主要部分位于模块TelegramCore和MTProtoKit 。 我开始阅读以回答一个简单的问题：

How many connections are used by MTProtoKit during the first login process?

MTProtoKit在首次登录过程中使用了多少个连接？

The result surprised me: 20 TCP connections to Telegram data centers and 8 HTTPS requests to external services. The common best practice should be using as few connections as possible.

结果使我感到惊讶：与电报数据中心的20 TCP连接和与外部服务的8 HTTPS请求。 常见的最佳做法是使用尽可能少的连接。

Before diving into the code to reveal the reason, please let me introduce some important concepts.

在深入研究代码以揭示原因之前，请让我介绍一些重要的概念。

1.连接的基本概念 (1. Basic Concepts of Connections)

数据中心 (Data Center)

Telegram divides its backend servers into 5 data centers. Each has an id and an alias. Alias is useful to compose URIs for HTTP transport, which is not used in the iOS app. Telegram backend associates a registered account to a master DC id. It requires the client to use the correct master data center to access the user data and might use other DC ids to download images, files, etc.

Telegram将其后端服务器分为5个数据中心。 每个都有一个ID和一个别名。 别名对于撰写用于HTTP传输的URI很有用，iOS应用程序中未使用。 电报后端将注册帐户与主DC ID相关联。 它要求客户端使用正确的主数据中心来访问用户数据，并且可能使用其他DC ID来下载图像，文件等。

DDC 2, venusDC 3, auroraDC 4, vestaDC 5, flora

DDC 2，金星DC 3，极光DC 4，vestaDC 5，菌群

Each data center can be connected via multiple IP addresses. It’s common to NOT use domain names directly due to several reasons:

每个数据中心可以通过多个IP地址连接。 由于以下几个原因，通常不直接使用域名是很常见的：

• The system DNS service might be unstable, or even untrustful.

  系统DNS服务可能不稳定，甚至不可信 。

• IP addresses and ports need to change frequently to react to network issues. Static IPs could be inaccessible in some regions. Then elastic IPs could be deployed to proxy traffic to data centers. The app should be able to update its endpoint configuration in time.
  IP地址和端口需要经常更改以对网络问题做出React。 在某些地区可能无法访问静态IP。 然后可以部署弹性IP，以代理到数据中心的流量。 该应用程序应该能够及时更新其端点配置。
• Solutions like Geo DNS is good for very coarse-grained IP selection. It’s better for the backend to control it directly.
  Geo DNS之类的解决方案非常适合粗粒度的IP选择。 后端最好直接控制它。

Telegram-iOS includes several seed addresses for a cold start:

Telegram-iOS包括几个用于冷启动的种子地址：

Telegram owns four AS numbers to announce the IPs: AS62014, AS62041, AS59930, and AS44907. More static IPs can be found by searching with the AS numbers if you’re interested in it.

Telegram拥有四个用于发布IP的AS号： AS62014 ， AS62041 ， AS59930和AS44907 。 如果您感兴趣，可以通过搜索AS号找到更多静态IP。

端点发现 (Endpoint Discovery)

Telegram-iOS can update endpoints from internal and external services. The approaches work as complementary to others to maximize the success rate of updating. The result is persisted in Keychain with key datacenterAddressSetById.

Telegram-iOS可以从内部和外部服务更新端点。 这些方法与其他方法互补，可以最大程度地提高更新的成功率。 结果通过键datacenterAddressSetById在钥匙串中。

• DNS-over-HTTPS via the JSON API from Google Public DNS. tapv3.stel.com is the hostname to resolve, and the parameter random_padding is set to prevent possible side-channel attacks. An example of request and response is below:

  通过Google Public DNS中的JSON API通过HTTPS进行DNS转换 。 tapv3.stel.com是要解析的主机名，并且将参数random_padding设置为可以防止可能的旁通道攻击。 请求和响应的示例如下：

Google service responds with several DNS TXT records, that can be merged and transformed into a valid base64 string. The client has the RSA public key to decode the data and deserialize it into a list of MTBackupDatacenterAddress.

Google服务以多个DNS TXT记录作为响应，这些记录可以合并并转换为有效的base64字符串 。 客户端具有RSA公钥以解码数据并将其反序列化为MTBackupDatacenterAddress列表。

There is a trick inside the code. Besides a normal request to "dns.google.com", another request is sent to "https://www.google.com/resolve" with the Host header being set to "dns.google.com". It looks like it’s doing domain fronting to a subdomain of Google, which makes the DNS request pretend to be visiting Google Search. If you check the commit history, domain fronting was used on other self-owned domains: dns-telegram.appspot.com and tcdnb.azureedge.net. It became obsolete as the technique is not supported anymore.

代码内部有一个窍门。 除了对"dns.google.com"的正常请求外， "dns.google.com"另一个请求发送到"https://www.google.com/resolve" ，并将“ Host标头设置为"dns.google.com" 。 看起来它正在将域名转发到Google的子域，这使DNS请求假装正在访问Google搜索。 如果您检查提交历史记录，则在其他自有域上使用了域前沿： dns-telegram.appspot.com和tcdnb.azureedge.net 。 由于不再支持该技术，它已过时。

• DNS-over-HTTPS via Cloudflare. The implementation is similar to the Google solution.

  通过Cloudflare通过HTTPS进行