Changeset View
Standalone View
share/man/man4/tcp.4
Show All 28 Lines | ||||||||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |||||||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |||||||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |||||||||
.\" SUCH DAMAGE. | .\" SUCH DAMAGE. | |||||||||
.\" | .\" | |||||||||
.\" From: @(#)tcp.4 8.1 (Berkeley) 6/5/93 | .\" From: @(#)tcp.4 8.1 (Berkeley) 6/5/93 | |||||||||
.\" $FreeBSD$ | .\" $FreeBSD$ | |||||||||
.\" | .\" | |||||||||
.Dd January 8, 2022 | .Dd February 25, 2022 | |||||||||
.Dt TCP 4 | .Dt TCP 4 | |||||||||
.Os | .Os | |||||||||
.Sh NAME | .Sh NAME | |||||||||
.Nm tcp | .Nm tcp | |||||||||
.Nd Internet Transmission Control Protocol | .Nd Internet Transmission Control Protocol | |||||||||
.Sh SYNOPSIS | .Sh SYNOPSIS | |||||||||
.In sys/types.h | .In sys/types.h | |||||||||
.In sys/socket.h | .In sys/socket.h | |||||||||
▲ Show 20 Lines • Show All 653 Lines • ▼ Show 20 Lines | ||||||||||
.It 0 | .It 0 | |||||||||
Disable ECN. | Disable ECN. | |||||||||
.It 1 | .It 1 | |||||||||
Allow incoming connections to request ECN. | Allow incoming connections to request ECN. | |||||||||
Outgoing connections will request ECN. | Outgoing connections will request ECN. | |||||||||
.It 2 | .It 2 | |||||||||
Allow incoming connections to request ECN. | Allow incoming connections to request ECN. | |||||||||
Outgoing connections will not request ECN. | Outgoing connections will not request ECN. | |||||||||
(default) | (default) | |||||||||
.El | .El | |||||||||
pauamma_gundo.comUnsubmitted Done Inline Actions
pauamma_gundo.com: | ||||||||||
.It Va ecn.maxretries | .It Va ecn.maxretries | |||||||||
Number of retries (SYN or SYN/ACK retransmits) before disabling ECN on a | Number of retries (SYN or SYN/ACK retransmits) before disabling ECN on a | |||||||||
specific connection. | specific connection. | |||||||||
This is needed to help with connection establishment | This is needed to help with connection establishment | |||||||||
when a broken firewall is in the network path. | when a broken firewall is in the network path. | |||||||||
.It Va ecn.generalized | ||||||||||
Enable sending all segments as ECN capable transport, | ||||||||||
including SYN, SYN/ACK, and retransmissions. | ||||||||||
This may only be enabled when ECN support itself is also active. | ||||||||||
Done Inline Actions
pauamma_gundo.com: | ||||||||||
Disabling ECN support will disable this feature automatically. | ||||||||||
Settings: | ||||||||||
.Bl -tag -compact | ||||||||||
.It 0 | ||||||||||
Regular RFC3168 operation. | ||||||||||
Send only new data segments as ECN capable transport. | ||||||||||
(default) | ||||||||||
Done Inline Actions
Typo and move full stop to a more natural place. pauamma_gundo.com: Typo and move full stop to a more natural place. | ||||||||||
.It 1 | ||||||||||
Support generalized ECN (ECN++), and send all segments of an ECN-enabled | ||||||||||
session as ECN capable transport. | ||||||||||
Also control packets to non-established and non-listening ports are | ||||||||||
identically marked, if outgoing sessions would request ECN. | ||||||||||
Done Inline Actionss/identially/identically/ bcr: s/identially/identically/ | ||||||||||
pauamma_gundo.comUnsubmitted Done Inline ActionsCan you explain what you mean by that? I'm arguably not the indended audience, but if I don't understand it, there's a chance some of the intended audience and or some interested readers won't either. pauamma_gundo.com: Can you explain what you mean by that? I'm arguably not the indended audience, but if I don't… | ||||||||||
rscheffAuthorUnsubmitted Done Inline ActionsWhen a host receives a TCP packet to a port which is not listening, or no connection exists, or the header information is in some other way not acceptable, the host may respond with a RST (reset) packet. Some of these RST packets are sent from "regular" TCP processing (e.g. outside the sequence window) and others from non-open ports. Making these distinctable by carrying different markings - depending which code path was sending them - would give clues as to what ports/services may be reachable, and give rise to more targetted attacks. rscheff: When a host receives a TCP packet to a port which is not listening, or no connection exists, or… | ||||||||||
pauamma_gundo.comUnsubmitted Done Inline ActionsGotcha, thanks. Would "This value also uses ECN for RST replies to probes of non-open ports." mean the same? It looks clearer to me. pauamma_gundo.com: Gotcha, thanks. Would "This value also uses ECN for RST replies to probes of non-open ports."… | ||||||||||
.El | ||||||||||
.It Va pmtud_blackhole_detection | .It Va pmtud_blackhole_detection | |||||||||
Enable automatic path MTU blackhole detection. | Enable automatic path MTU blackhole detection. | |||||||||
In case of retransmits of MSS sized segments, | In case of retransmits of MSS sized segments, | |||||||||
the OS will lower the MSS to check if it's an MTU problem. | the OS will lower the MSS to check if it's an MTU problem. | |||||||||
If the current MSS is greater than the configured value to try | If the current MSS is greater than the configured value to try | |||||||||
.Po Va net.inet.tcp.pmtud_blackhole_mss | .Po Va net.inet.tcp.pmtud_blackhole_mss | |||||||||
and | and | |||||||||
.Va net.inet.tcp.v6pmtud_blackhole_mss | .Va net.inet.tcp.v6pmtud_blackhole_mss | |||||||||
▲ Show 20 Lines • Show All 164 Lines • ▼ Show 20 Lines | ||||||||||
system default tcp stack, as defined by | system default tcp stack, as defined by | |||||||||
.Va functions_default . | .Va functions_default . | |||||||||
Default is true. | Default is true. | |||||||||
.It Va insecure_rst | .It Va insecure_rst | |||||||||
Use criteria defined in RFC793 instead of RFC5961 for accepting RST segments. | Use criteria defined in RFC793 instead of RFC5961 for accepting RST segments. | |||||||||
Default is false. | Default is false. | |||||||||
.It Va insecure_syn | .It Va insecure_syn | |||||||||
Use criteria defined in RFC793 instead of RFC5961 for accepting SYN segments. | Use criteria defined in RFC793 instead of RFC5961 for accepting SYN segments. | |||||||||
Default is false. | Default is false. | |||||||||
.It Va ts_offset_per_conn | .It Va ts_offset_per_conn | |||||||||
Done Inline ActionsWas removing this intended as part of this review? pauamma_gundo.com: Was removing this intended as part of this review? | ||||||||||
Done Inline ActionsI'm confused, there is no change here on reviews.freebsd.org; it may be that this diff was uploaded just prior to a flurry of tcp related (including man page) changes, which I have not yet rebased the patch to... rscheff: I'm confused, there is no change here on reviews.freebsd.org; it may be that this diff was… | ||||||||||
When initializing the TCP timestamps, use a per connection offset instead of a | When initializing the TCP timestamps, use a per connection offset instead of a | |||||||||
per host pair offset. | per host pair offset. | |||||||||
Default is to use per connection offsets as recommended in RFC 7323. | Default is to use per connection offsets as recommended in RFC 7323. | |||||||||
.It Va perconn_stats_enable | .It Va perconn_stats_enable | |||||||||
Controls the default collection of statistics for all connections using the | Controls the default collection of statistics for all connections using the | |||||||||
.Xr stats 3 | .Xr stats 3 | |||||||||
framework. | framework. | |||||||||
0 disables, 1 enables, 2 enables random sampling across log id connection | 0 disables, 1 enables, 2 enables random sampling across log id connection | |||||||||
▲ Show 20 Lines • Show All 109 Lines • Show Last 20 Lines |