Changeset View
Changeset View
Standalone View
Standalone View
head/share/man/man4/tcp.4
Show All 28 Lines | |||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||||
.\" SUCH DAMAGE. | .\" SUCH DAMAGE. | ||||
.\" | .\" | ||||
.\" From: @(#)tcp.4 8.1 (Berkeley) 6/5/93 | .\" From: @(#)tcp.4 8.1 (Berkeley) 6/5/93 | ||||
.\" $FreeBSD$ | .\" $FreeBSD$ | ||||
.\" | .\" | ||||
.Dd July 23, 2020 | .Dd November 25, 2020 | ||||
.Dt TCP 4 | .Dt TCP 4 | ||||
.Os | .Os | ||||
.Sh NAME | .Sh NAME | ||||
.Nm tcp | .Nm tcp | ||||
.Nd Internet Transmission Control Protocol | .Nd Internet Transmission Control Protocol | ||||
.Sh SYNOPSIS | .Sh SYNOPSIS | ||||
.In sys/types.h | .In sys/types.h | ||||
.In sys/socket.h | .In sys/socket.h | ||||
▲ Show 20 Lines • Show All 249 Lines • ▼ Show 20 Lines | |||||
Manage collection of connection level statistics using the | Manage collection of connection level statistics using the | ||||
.Xr stats 3 | .Xr stats 3 | ||||
framework. | framework. | ||||
.Pp | .Pp | ||||
Each dropped segment is taken into account in the TCP protocol statistics. | Each dropped segment is taken into account in the TCP protocol statistics. | ||||
.It Dv TCP_TXTLS_ENABLE | .It Dv TCP_TXTLS_ENABLE | ||||
Enable in-kernel Transport Layer Security (TLS) for data written to this | Enable in-kernel Transport Layer Security (TLS) for data written to this | ||||
socket. | socket. | ||||
The | See | ||||
.Vt struct tls_so_enable | .Xr ktls 4 | ||||
argument defines the encryption and authentication algorithms and keys | for more details. | ||||
used to encrypt the socket data as well as the maximum TLS record | |||||
payload size. | |||||
.Pp | |||||
All data written to this socket will be encapsulated in TLS records | |||||
and subsequently encrypted. | |||||
By default all data written to this socket is treated as application data. | |||||
Individual TLS records with a type other than application data | |||||
(for example, handshake messages), | |||||
may be transmitted by invoking | |||||
.Xr sendmsg 2 | |||||
with a custom TLS record type set in a | |||||
.Dv TLS_SET_RECORD_TYPE | |||||
control message. | |||||
The payload of this control message is a single byte holding the desired | |||||
TLS record type. | |||||
.Pp | |||||
At present, only a single transmit key may be set on a socket. | |||||
As such, users of this option must disable rekeying. | |||||
.It Dv TCP_TXTLS_MODE | .It Dv TCP_TXTLS_MODE | ||||
The integer argument can be used to get or set the current TLS transmit mode | The integer argument can be used to get or set the current TLS transmit mode | ||||
of a socket. | of a socket. | ||||
Setting the mode can only used to toggle between software and NIC TLS after | See | ||||
TLS has been initially enabled via the | .Xr ktls 4 | ||||
.Dv TCP_TXTLS_ENABLE | for more details. | ||||
option. | |||||
The available modes are: | |||||
.Bl -tag -width "Dv TCP_TLS_MODE_IFNET" | |||||
.It Dv TCP_TLS_MODE_NONE | |||||
In-kernel TLS framing and encryption is not enabled for this socket. | |||||
.It Dv TCP_TLS_MODE_SW | |||||
TLS records are encrypted by the kernel prior to placing the data in the | |||||
socket buffer. | |||||
Typically this encryption is performed in software. | |||||
.It Dv TCP_TLS_MODE_IFNET | |||||
TLS records are encrypted by the network interface card (NIC). | |||||
.It Dv TCP_TLS_MODE_TOE | |||||
TLS records are encrypted by the NIC using a TCP offload engine (TOE). | |||||
.El | |||||
.It Dv TCP_RXTLS_ENABLE | .It Dv TCP_RXTLS_ENABLE | ||||
Enable in-kernel TLS for data read from this socket. | Enable in-kernel TLS for data read from this socket. | ||||
The | See | ||||
.Vt struct tls_so_enable | .Xr ktls 4 | ||||
argument defines the encryption and authentication algorithms and keys | for more details. | ||||
used to decrypt the socket data. | |||||
.Pp | |||||
Each received TLS record must be read from the socket using | |||||
.Xr recvmsg 2 . | |||||
Each received TLS record will contain a | |||||
.Dv TLS_GET_RECORD | |||||
control message along with the decrypted payload. | |||||
The control message contains a | |||||
.Vt struct tls_get_record | |||||
which includes fields from the TLS record header. | |||||
If an invalid or corrupted TLS record is received, | |||||
recvmsg 2 | |||||
will fail with one of the following errors: | |||||
.Bl -tag -width Er | |||||
.It Bq Er EINVAL | |||||
The version fields in a TLS record's header did not match the version required | |||||
by the | |||||
.Vt struct tls_so_enable | |||||
structure used to enable in-kernel TLS. | |||||
.It Bq Er EMSGSIZE | |||||
A TLS record's length was either too small or too large. | |||||
.It Bq Er EMSGSIZE | |||||
The connection was closed after sending a truncated TLS record. | |||||
.It Bq Er EBADMSG | |||||
The TLS record failed to match the included authentication tag. | |||||
.El | .El | ||||
.Pp | .Pp | ||||
At present, only a single receive key may be set on a socket. | |||||
As such, users of this option must disable rekeying. | |||||
.It Dv TCP_RXTLS_MODE | |||||
The integer argument can be used to get the current TLS receive mode | |||||
of a socket. | |||||
The available modes are the same as for | |||||
.Dv TCP_TXTLS_MODE . | |||||
.El | |||||
.Pp | |||||
The option level for the | The option level for the | ||||
.Xr setsockopt 2 | .Xr setsockopt 2 | ||||
call is the protocol number for | call is the protocol number for | ||||
.Tn TCP , | .Tn TCP , | ||||
available from | available from | ||||
.Xr getprotobyname 3 , | .Xr getprotobyname 3 , | ||||
or | or | ||||
.Dv IPPROTO_TCP . | .Dv IPPROTO_TCP . | ||||
▲ Show 20 Lines • Show All 372 Lines • ▼ Show 20 Lines | |||||
.Xr getsockopt 2 , | .Xr getsockopt 2 , | ||||
.Xr socket 2 , | .Xr socket 2 , | ||||
.Xr stats 3 , | .Xr stats 3 , | ||||
.Xr sysctl 3 , | .Xr sysctl 3 , | ||||
.Xr blackhole 4 , | .Xr blackhole 4 , | ||||
.Xr inet 4 , | .Xr inet 4 , | ||||
.Xr intro 4 , | .Xr intro 4 , | ||||
.Xr ip 4 , | .Xr ip 4 , | ||||
.Xr ktls 4 , | |||||
.Xr mod_cc 4 , | .Xr mod_cc 4 , | ||||
.Xr siftr 4 , | .Xr siftr 4 , | ||||
.Xr syncache 4 , | .Xr syncache 4 , | ||||
.Xr tcp_bbr 4 , | .Xr tcp_bbr 4 , | ||||
.Xr setkey 8 , | .Xr setkey 8 , | ||||
.Xr tcp_functions 9 | .Xr tcp_functions 9 | ||||
.Rs | .Rs | ||||
.%A "V. Jacobson" | .%A "V. Jacobson" | ||||
Show All 31 Lines |