As a review of computer networks, if you don’t remember, come and have a look, you can also find some problems when writing
HTTP
2. HyperText Transfer Protocol (HyperText Transfer Protocol) : an agreed code of conduct (rental agreement) between two or more participants for the same purpose. HTTP is a convention and specification for sending images, text, and other hypertext data between two points in the computer world
DNS
Domain Name System Translates Domain names into IP addresses at the network layer.
Does not mean that the domain name is useless,HTTP/1.1 specification, must carry the Host header in the request header, the purpose is when the request server has more than one virtual Host, through the Host to determine which Host to request. For example, in a server with www.a.com, www.b.com, if there is only one IP address, then the HTTP request does not know whether to request A or B.
DNS three-tier structure
- 1 Root DNS Server Manages top-level DNS servers and returns the IP addresses of such top-level DNS servers as com and CN
- 2 Top-level DNS Server Manages authoritative DNS servers in each domain. For example, the COM top-level DNS Server can return the IP address of a.com
- The Authoritative DNS Server manages the IP addresses of hosts under its own domain name. For example, the Authoritative DNS Server can send the IP address of www.a.com
DNS Resolution Process
When you type a URL from the browser and press Enter, the browser extracts the domain name part, such as www.a.com.
- 1 Search in the browser cache. If the browser has a cache result for the domain name, go to Step 2
- 2 Search for the OPERATING system cache. If yes, return. If no, go to step 3
- 3 Check the local host file to see whether the host name is mapped. If yes, the host name is displayed. If no, go to Step 4
- 4 Send requests to the local DNS server and perform recursive or iterative query based on the configuration of the local DNS server.
Recursive query
- 1 The local DNS server sends a request to the root DNS server (www.a.com === www.a.com.root, omitted by root) to query the NS records and IP address of the top-level domain name server (.com)
- The two DNS servers send a request to the TOP-LEVEL domain name server (TLNS) on behalf of the client, that is, query “a.com”, and obtain the NS record and IP address of the next-level domain name (authoritative DOMAIN name server)
- 3 The TOP-LEVEL domain name server sends a request to the authoritative DOMAIN name server based on the IP address, that is, query www.a.com. After obtaining the IP address, the top-level domain name server returns the request to the client
Iterative query
This machine has a DNS server, which can be static or DHCP dynamically allocated, famous as Google 8.8.8.8
Ruan yifeng big man DNS principle
content=”on”>
The HTTP message
HTTP/1.1 messages are encoded in ASCII, so we can read them directly
Three structures of HTTP packets
- 1 The start line describes the basic information about the request
- 2 Header key-value specifies the packet
- 3 Data actually transmitted by the entity
An HTTP packet must contain a header, that is, the start line and the head. The header must be followed by an empty line, and the empty line is considered an entity
The starting line
The request line
- 1 Request method
- 2 the request URI
- 3 Protocol version
For example, Get/HTTP/1.1
Uniform Resource Identifier (URI) : A uniform Resource Locator (URL) uniquely identifies a Resource. It identifies a Resource URN (UNIFORM Resource Locator) by its address Resource Name identifies a Resource by Name URI = URL + URN, so A URL is a subset of URIs, but URN is rarely used these days, so most of the time URI = URL
The status line
- 1 the version number
- 2 a status code
- 3. Cause phrases
For example, HTTP/1.1 200 OK
The head
- 1 Common header request packets and response packets can be added
- 2 Entity header Describes the entity
- Request header: Appears in the request header
- 4 Response header: appears in the response header
Request header
- 1 Accept: The MIME Type that the browser can Accept, that is, the data Type that accepts entities, such as text/ HTML
- 2 Accept-encoding: indicates the compression format supported by the client, for example, gZip, Deflate, and BR
- 3 Accept-language: indicates the natural Language supported by the client, for example, zh-cn,en
- 4 Accept-Chartset: specifies the encoding format supported by the client, for example, UTF-8
- 5 User-agent: indicates the User agent, which is used to determine the PC or mobile terminal
- 6 Host: indicates the domain name, which indicates the requested Host. A server may have multiple virtual hosts
- 7…
The request header also uses Q to indicate weights, such as accpet-language: zh-cn; Q = 0.9, en. Q =0.8 The larger q is, the more likely it is to obtain this resource. Above is the preference for obtaining simplified Chinese resources. “Separate, HTTP “,” than”; “Breaking sentences means a lot
Response headers
- 1 Expires A date by which the browser determines whether to use a strong Cache. It takes precedence over cache-control
- 2 Date Specifies the creation time of the response packet. The time in the header of the max-age parameter in cache-Control is required
- 3 Location Redirection address
- 4 set-cookie Sets the Cookie
- 5 Content-type Specifies the MIME Type of entity data in packets
- 6 Content-length Indicates the Length of the entity data in the packet. If this header exists, the packet is of fixed Length; otherwise, the packet is of indefinite Length
Fixed-length inclusion and indeterminate length inclusion
Short and long connections should be known before referring to fixed-length and indefinite-length packages.
Long connection and short connection
In the previous HTTP requests, the short connection was used, that is, the TCP connection was closed immediately after the response of a request, which would cause waste. Because TCP connections go through three handshakes and four waves, they are inefficient. HTTP/1.1 uses long connections by default, that is, a TCP connection is established in the first request and broken in the last response. Connection: keep-alive in the HTTP header indicates a long Connection. You can use Connection: close to disconnect the TCP Connection.
Question: When do I know to disconnect the TCP connection? Do TCP connections always take up memory?
- 1 The TCP connection is disconnected when no request is received, that is, the timeout period
- 2 Set the maximum number of requests, that is, the number of requests before the connection is disconnected.
All of these methods assume that the client’s request has ended. So how do you know that a response has been sent? The answer is the size of the data sent by content-Length, so if I send this much data, I’m done.
Question: If I upload a large file, should the server read the entire file before I upload it?
When the large file is finished, the client will wait for a long time, so I will transfer the large file while reading. Transfer-encoding: chunked means I’m transferring a chunk of data and not done yet. In the last chunked, the chunking transfer ends with 0CRLF indicating the chunking transfer:
Block transfers must be used in conjunction with long connections. Transfer-chunked and Content-Length are mutually exclusive and only one or the other will appear
Scope of the request
Problem: When we want to skip the beginning of a video and drag the progress bar to do so, we are actually making a scope request for a certain portion of the resource.
For example, if-range is a conditional request, Range: bytes=2564417-2761944 If a Range request is supported, 206 and part of the resource is returned. If a Range request is not supported, 200 OK and the entire resource is returned. If the Range request exceeds the resource size, 416 status code is returned
Determines whether the server supports range requests
By sending a HEAD request, accept-ranges: bytes in the response header indicates that range requests are supported and the size of the file can also be obtained
Making a range request
Range: bytes=x-y X -y indicates the offset to obtain the resource
The server processes scope requests
- 1 Check whether the range request is valid. If only 200 bytes of data are requested, but 400-500 bytes of data are requested, the server will return 416 indicating that the range request is incorrect
- 2 If the Range is correct, the server will add content-range: bytes x-y/ Length to the response header, read the fragment of the resource, and return a 206 status code indicating that the body is part of the original resource
Many piece of data
The above can fetch only one fragment, but it can also fetch multiple fragment data at once. A special MIME Type is multipart/byteranges and has a delimiter (boundary= XXX)
GET /16-2 HTTP/1.1
Host: www.chrono.com
Range: bytes=0-9, 20-29
Copy the codeThe response
HTTP/1.1 206 Partial Content
Content-Type: multipart/byteranges; boundary=00000000001
Content-Length: 189
Connection: keep-alive
Accept-Ranges: bytes
--00000000001
Content-Type: text/plain
Content-Range: bytes 0-9/96
// this is
--00000000001
Content-Type: text/plain
Content-Range: bytes 20-29/96
ext json d
--00000000001--
Copy the codeAnd then we end up with –00000000001– notice we have — on both sides
The difference between segmented transmission and range request
The scope request is to request a certain part of the resources to be transmitted in segments. The server cannot know the size of the resources to be transmitted in the first time, so as to avoid the client to wait too long by reading and passing. At last, 0CRLF is passed to indicate the end of the segment transmission
Browser cache
Making good use of the browser cache is a great way to reduce network requests and relieve server stress.
Server cache
The response header lets you know if and for how long the server can cache the resource from the client
Cache-control
- 1 max-age: 30 s 30 s, the client can cache the resource if you have request the resources in the 30 s, so it is good to send him directly, calculation (associated with the creation time of the response message, that is, the Date field in the header, from that time after 30 s, this resource is failure, so it is also possible in the process of transmission resources on the failure)
- 2 no-store: no cache is allowed and every request is sent to the source server
- 3 No-cache: it can be cached, but must be verified with the source server before using it.
- 4 must-revalidate: If the resource has not expired, you must continue to use it. If it has expired, you must verify with the source server that the resource is up-to-date
Cache-control: max-age=0 CTRL +F5: no-cache
Expires
The value is a date and time that is less precise than the system time and has a lower priority than cache-control.
ETag
ETag is an entity tag that uniquely identifies resources. You can use ETag to accurately identify resource changes. Etags can be “strong” or “weak”. A strong ETag requires that resources match exactly at the byte level. A weak ETag requires that resources remain semantically (functionally) unchanged, but some internal changes may occur (such as the order of tags in HTML, Or a few extra Spaces) example:
- Strong ETag, the client has a 10 byte data, the server’s same data added a meaningless space, the client does not want the original, must be new.
- Weak Tag, same with extra space
Last-modified
The last modification time of the file, which has a lower priority than ETag, is ignored if there is an ETag
max-stale
How long after the resource expires, I can still use the cache directly
min-fresh
For example, if the resource min-fresh: 10 is about to expire for 8s, then the cache is not used. The cache must be used for more than 10s
Conditions of the request
The condition request means that if my condition is met, the server will process it. If my condition is Not met, the server will reply 304 Not Modified
- 1 “if-modified-since “, If the resource has changed Since this date, the server processes the request, otherwise replies to 304, which is the last-modified date of the response header in the same request URL
- 2 “if-none-match “, If the server does not Match the resource with this identifier, the server processes the request, otherwise reply 304
Conditional requests are negotiated caching
If there is no cache-control or Expires, but last-modifed, the browser will enforce strong caching with max-age=(date-last-Modified) * 10%.
Proxy server cache
Cache-control
- Public Anyone can cache resources
- Private does not allow proxy servers to cache resources
- S-maxage is similar to max-age, but applies to the proxy server
Proxy server
There are four types of agents
- Anonymous proxy: completely “hides” the proxied machine, the outside world only sees the proxy server
- Transparent proxy: As the name implies, it is “transparent and open” during transmission, with the outside world knowing both the proxy and the client
- Forward proxy: Close to the client and send requests to the server on behalf of the client
- Reverse proxy: Close to the server and responds to requests from clients on behalf of the server
The role of agency
- Load balancing: Distribute requests across multiple machines to cluster access
- Content caching: Returns a response instead of the source server
- Security protection: protect the proxy machine
- Data processing: provides additional functions such as compression and encryption
- Health check: Monitors back-end servers through heartbeat mechanisms and removes them from the cluster if they are faulty
Proxy fields
- Via: Each time the proxy node is passed, the proxy server’s own information is added to the end of the field
- X-forwarded-for: Each forwarded-TO agent adds its own IP address to the end of each forwarded-to agent, including clients
- X-real-ip: obtains the Real IP address of the client
The agency agreement
X-forwarded-for adds information. HTTP packets must be parsed, but HTTPS does. This raises the cost of forwarding. Therefore, the PROXY protocol is used to add PROXY IP address type IP address of the requester target IP address Request port Number Target port number For example, PROXY TCP4(TCP6) 1.1.1.1 2.2.2.2 55555 80\r\n
PROXY TCP4 1.1.1.1 2.2.2.2 55555 80\r\n GET/HTTP/1.1\r\n Host: www.xxx.com\r\n \r\n \nCopy the codeHTTPS
HTTPS is the SSL/TLS layer on top of HTTP. It used to be HTTP Over TCP/IP, so HTTPS is HTTP Over SSL/TLS. Of course, the underlying layer still relies on TCP. Let’s start with the problems. HTTP has some problems
- The transmitted data is in plain text and can be monitored easily
- The transmitted data can be tampered with and the client does not know if the data is complete
- The browser does not know if the response is from the real server, and the identity is not verified
How to solve these problems
I’ll say the answer first, and then see how HTTPS is guaranteed. Data plaintext problem, using symmetric encryption and asymmetric encryption combined use to encrypt data transmission. The integrity of the data, USES the algorithm to generate the, the algorithm is using hash function or hash function How to guarantee the identity of the communicating parties, through the digital signature, asymmetric encryption with public and private keys (below), because the private key is secret, the man only communicate with you know, you can use the public key, Then we can make sure we don’t understand the identity don’t worry, let’s take a look
Why use symmetric encryption and asymmetric encryption mixed encryption way?
We need to talk about symmetric and asymmetric encryption first
Symmetric encryption
Symmetric encryption is the encryption and decryption of data through a session key, that is, both parties open the data through a key, so the question is, every day many clients request, how can I give this key to them secretly? Finally found that no matter how to send, will be someone to get, only through symmetric encryption is unable to complete encryption. Common symmetric encryption algorithms :AES,CHACHA20, then look at asymmetric encryption
Asymmetric encryption
- Asymmetric encryption means that the server generates a pair of keys, including a public key and a private key. The data encrypted by the public key must be unlocked by the private key, but the public key cannot be unlocked
- The data encrypted by the private key must be unlocked by the public key, and the server must keep the private key secret from anyone. Public keys can be given around
- In this way, both the server and the client have a set of public and private keys. If you want to send a message to me, you can encrypt it with my public key and I can decrypt it with my private key. In this way, the communication between the two sides can be secure
- Common ECDHE, RSA algorithms, they will be different in TLS handshake, later
But is it safe?
- 1. How does the client know that the public key it obtains must belong to the server? The middleman replaces the public key with his own, the client encrypts it with his public key, he decrypts it with his private key, and gets the client’s information.
- 2, asymmetric encryption algorithm is slow, symmetric encryption is about hundreds of times worse, for users, too painful, wait so long
For asymmetric algorithm encryption and decryption is too complex to lead to slow speed, so the use of fast encryption symmetric encryption and asymmetric encryption combined to encrypt data, problem 1 later, about identity authentication
TLS is equal to the SSL3.0
integrity
Now that we’ve done data encryption, let’s look at how to achieve integrity, where we need to introduce a digest algorithm, okay
The algorithm
Abstract algorithm can be understood as special compression, compress a long string of data into a fixed length, unique string, and it is one-way, irreversible, no key can be unlocked, even if you change a punctuation mark in the original data, the generated summary is completely different. Summary of common algorithm, MD5, SHA – 1, SHA – 2 as long as we use data to generate a unique abstract, and put it behind the attached to the original, after client received, also according to this algorithm is the same, if two identical, that the data is complete, if not, are directly to lose, because being tampered with. If the abstract is transmitted in plaintext, the middleman can simply replace the data and generate a summary himself, and the client can reproduce the same once. This is not secure, so it is necessary to ensure confidentiality to transmit the summary, so as to ensure data integrity
A digital signature
Now, the third problem, how to authenticate, is through digital signature. In real life, how to authenticate a company is through a stamp or a signature. Here we can also complete identity authentication by signing.
- The server encrypts data with its private key, and if the ciphertext is decrypted using the server’s public key, it is a message from the server
- What data is encrypted with a private key? Too much data can be slow, so smart people encrypt abstracts with private keys to authenticate themselves
- In this way the digital signature completes both the integrity and authentication issues
The digital certificate
Going back to the above question, how does the client know that the public key he has obtained must belong to the server? , because even if the server encrypts the session key with its private key, the middleman can directly replace the entire encrypted message, encrypt the data with the middleman’s private key and send it to the client. In this way, it is actually communicating with the middleman. How can we ensure that the public key obtained is the server? This brings in the CA mechanism
CA (Certificate Authority)
It’s like a police station in the real world, you can trust it, you have to trust it, otherwise you can’t proceed, it signs the public key, so you can be sure that the public key is from the server, the system has a trusted CA certificate server first submits the public key to the CA, The CA organization then puts the serial number, purpose, issuer, validity time and so on into a package and signs, forming a digital certificate. Certificate contains two main things, digital signatures and public key server in the TLS handshake, send the digital certificate to the client, the client will be based on the system’s built-in CA public key to decrypt the message, the server public key and data, according to the algorithm, data summary, again to decrypt data are consistent, If yes, the public key of the server is obtained.
The TLS handshake
Now what does a TLS handshake look like
- The client and server establish a TCP three-way handshake
- The Client sends Client Hello, which contains the cipher suite, a random number Client_Random, and the protocol version number such as TLS1.2.
- The Server sends Server Hello, which contains the key suite selected by the Server, a random number Server_Random, and the version number, to the client
- The server sends a digital certificate to prove its identity.
- If the ECDHE algorithm is used for the key Exchange, then the Server issues a Server key Exchange, which represents the public key of the Exchange algorithm. If the ECDHE algorithm is used for the calculation, then a Server Params is generated. Per_master is used to generate the last random number, absolutely confidential), so the Server Params, generated digest, encrypted with the private key sent to the client
- The Server sends Server Hello Done to indicate that the greeting is complete
- After receiving the digital certificate from the server, the Client verifies it with the method mentioned above to ensure that it communicates with the server and gets the public key at the same time. Then it calculates a public key Client Params for key exchange according to the ECDHE algorithm and generates a summary. After encrypting the public key obtained by the certificate, it sends the summary to the server. Issue a Client Key Exchange
- After receiving the Client Key Exchange, the server unlocks the message with its own private Key and obtains the public Key for Key Exchange given by the Client. At this time, the server has its own private Key based on the Key Exchange algorithm, and the public Key given by the Client, and calculates a pre-master Key Pre_Master. Based on Client_Random,Server_Random,Pre_Master, click, calculate a session key that can be used to encrypt data and is private
- After the Client sends the Client Key Exchange, the same steps are taken to calculate the same session Key according to Client_Random,Server_Random, and Pre_master. In this way, both the Client and the server have session keys
- After that, the client sends a Change Cipher Spec and a Finished packet to summarize the previously sent information, encrypt it, and send it to the server to verify that the obtained keys are the same. If it’s the same then we’ll just encrypt the communication.
- The server also sends Change Ciper Spec and Finished packets. After both parties verify that encryption and decryption are OK, encryption is used for communication
- HTTPS security is ensured.
There is about key exchange
Asymmetric encryption mainly guarantees the secure exchange of Pre_Master. Pre_Master is the key for generating session keys and must be delivered safely. Both the server and client calculate a public key and a private key according to the key exchange algorithm ECDHE algorithm, and send the public key to each other. After receiving the public key of the other party, the Pre_Master is directly calculated according to the ECDHE algorithm, and the session key is generated using the previous Client_Random,Server_Random, and Pre_Master. The Pre_Master is guaranteed by the algorithm, so it is difficult for others to guess. (The RSA algorithm is different. The RSA algorithm directly generates a random number from the client, encrypts the public key obtained from the certificate and sends it to the server. However, RSA does not have forward security.)
1 – Client Hello
Handshake Protocol: Client Hello Version: TLS 1.2 (0x0303) Random: 1CBF803321FD2623408Dfe... Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xC02F) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)Copy the codeCipher suite
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- ECDHE stands for key exchange algorithm, other also RSA…
- RSA Indicates the encryption digest algorithm to complete identity authentication
- AES_128 the symmetric encryption algorithm of AES is used. The key length is 16bytes
- In GCM grouping mode, fixed-length keys are used to encrypt data of any length
- SHA256 digest algorithm, which compresses data into a string, produces a completely different HASH with slight differences.
2 – Server Hello
Handshake Protocol: Server Hello Version: TLS 1.2 (0x0303) Random: 0E6320F21Bae50842E96... Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)Copy the code3 – Key Exchange
Handshake Protocol: Server Key Exchange
EC Diffie-Hellman Server Params
Curve Type: named_curve (0x03)
Named Curve: x25519 (0x001d)
Pubkey: 3b39deaf00217894e...
Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
Signature: 37141adac38ea4...
Copy the codeTLS1.3
Distinguishes TLS1.2 from TLS1.3, and uses THE Extension protocol and supported_versions to mark TLS1.3
Handshake Protocol: Client Hello
Version: TLS 1.2 (0x0303)
Extension: supported_versions (len=11)
Supported Version: TLS 1.3 (0x0304)
Supported Version: TLS 1.2 (0x0303)
Copy the codeStrengthen the security
Got rid of some buggy and weak encryption algorithms, leaving only five
The forward security
If the encryption system uses RSA in the server certificate for key exchange, once the private key is compromised or cracked (using social engineering or a supercomputer), the hacker can use the private key to decrypt the “pre-master” of all previous messages, calculate the session key, and decrypt all ciphertext. If the current key is cracked, all previous communications will be affected. And ECDHE algorithm in each handshake will generate a pair of temporary public and private keys, each time the key is different, namely “once a secret”, even if the hacker cracked the great effort this time of the session key, only the communication be attacked, the history of the news before will not be affected, is still safe.
1-RTT
TLS1.2 requires two RTT handshakes, while TLS1.3 compresses the handshake process and reduces the handshake time to 1-RTT.
- In “Client Hello”, use support_groups to attach the supported curve, use key_share to attach the Client public key parameter (Client_Param) for the curve, and use signature_algorithms to attach the signature algorithm
- Server Hello returns the selected password suite, a random number and version number, In addition to key_share, Server_Param, you can get Client Random and Server Random, Client Params and Server Params directly to calculate the session key, and only need 1 RTT
- After calculating the session key, the server directly sends Change Cipher Spec to enter encrypted communication and send certificates that are encrypted
- The client sends a Change Ciper Spec and Finished message to encrypt communication without waiting for a reply
Additional performance optimizations
- Session ID: The client stores an ID and sends it to the server when connecting to the server. The server stores the master key and other related information in the memory, bypassing certificate verification and key exchange, and putting pressure on the server
- Session Ticket: When the storage pressure is transferred to the client, the client uses the session_ticket extension to send Ticket instead of Session ID. After the server decrypts the packet and verifies the validity period, the Session can be resumed and the communication can be encrypted.
- PSK: The validation phase also takes the data, one less request, to achieve 0-RTT
HTTP/2
HTTP2 is based on Google’s SPDY protocol,
The head of compression
HPACK
HPACK is an algorithm designed to compress header data. It establishes a dictionary at both ends of the client and server, uses index numbers to represent repeated strings, and uses Huffman encoding to compress integers and strings, which can achieve a high compression rate of 50%-80%.
Binary framing
HTTP/1 uses ASCII encoding, whereas HTTP/2 splits the original header+body message into several binary frames, using HEADERS frames to store the header DATA and DATA frames to store the DATA
Virtual flow
How do you concatenate multiple frames once they arrive at their destination? HTTP/2 adopts the concept of stream, which is a bidirectional transmission sequence of binary frames. The frame of the same message carries the same stream ID, and the data frames of the same stream are assembled in order, which is the request/response message in HTTP/1. So HTTP/2 can send multiple frames simultaneously on the same TCP connection, which is called multiplexing. For a stream, a message is an ordered frame, but for a TCP connection, a message is an out-of-order frame, with multiple requests/responses out of order, no queueing, and no queue head blocking. Control frames can also be used to adjust the priority of the request response
Introduction to HTTP/2 connections
HTTP/2 must be based on SSL/TLS. After the TLS handshake is complete, the client needs to send a connection preface using HTTP/1 request-message mode with the special keyword PRI
PRI * HTTP / 2.0 \ r \ n \ r \ nSM \ r \ n \ r \ nCopy the codeUpon receiving this request, the server knows that the client wants to use HTTP/2 Western medicine
HTTP/2 Prepare request packets
The first step is to compress the header, HPACK is specially for compression HTTP header algorithm, is the client and server jointly maintain an index table, compression and decompression is to look up the table and update the table operation. HTTP/2 abolished the concept of an opening line and introduced pseudo-header fields, such as :authority for domain name, :method for request method, and :status for status code. These common header fields are in a static table, like the number 2 for GET, but what about custom fields, which are used in dynamic tables, which are added to static tables, and GET better and better as more and more HTTP/2 messages are sent, and eventually the header gets a few bytes at a time.
Binary frame
Once the header is compressed, HTTP/2 sends the packet in binary frames. HTTP / 2 frame structure
I am a non-class rookie, if there is any wrong please point out, thank you for reading, if you can, click a like, thank you very much (^-^) I haven’t finished writing, will update later