Differential D27272 Diff 80008 head/share/man/man4/tcp.4

Changeset View

Standalone View

head/share/man/man4/tcp.4

	Show All 28 Lines
	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT			.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY			.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF			.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	.\" SUCH DAMAGE.			.\" SUCH DAMAGE.
	.\"			.\"
	.\" From: @(#)tcp.4 8.1 (Berkeley) 6/5/93			.\" From: @(#)tcp.4 8.1 (Berkeley) 6/5/93
	.\" $FreeBSD$			.\" $FreeBSD$
	.\"			.\"
	.Dd July 23, 2020			.Dd November 25, 2020
	.Dt TCP 4			.Dt TCP 4
	.Os			.Os
	.Sh NAME			.Sh NAME
	.Nm tcp			.Nm tcp
	.Nd Internet Transmission Control Protocol			.Nd Internet Transmission Control Protocol
	.Sh SYNOPSIS			.Sh SYNOPSIS
	.In sys/types.h			.In sys/types.h
	.In sys/socket.h			.In sys/socket.h
	▲ Show 20 Lines • Show All 249 Lines • ▼ Show 20 Lines
	Manage collection of connection level statistics using the			Manage collection of connection level statistics using the
	.Xr stats 3			.Xr stats 3
	framework.			framework.
	.Pp			.Pp
	Each dropped segment is taken into account in the TCP protocol statistics.			Each dropped segment is taken into account in the TCP protocol statistics.
	.It Dv TCP_TXTLS_ENABLE			.It Dv TCP_TXTLS_ENABLE
	Enable in-kernel Transport Layer Security (TLS) for data written to this			Enable in-kernel Transport Layer Security (TLS) for data written to this
	socket.			socket.
	The			See
	.Vt struct tls_so_enable			.Xr ktls 4
	argument defines the encryption and authentication algorithms and keys			for more details.
	used to encrypt the socket data as well as the maximum TLS record
	payload size.
	.Pp
	All data written to this socket will be encapsulated in TLS records
	and subsequently encrypted.
	By default all data written to this socket is treated as application data.
	Individual TLS records with a type other than application data
	(for example, handshake messages),
	may be transmitted by invoking
	.Xr sendmsg 2
	with a custom TLS record type set in a
	.Dv TLS_SET_RECORD_TYPE
	control message.
	The payload of this control message is a single byte holding the desired
	TLS record type.
	.Pp
	At present, only a single transmit key may be set on a socket.
	As such, users of this option must disable rekeying.
	.It Dv TCP_TXTLS_MODE			.It Dv TCP_TXTLS_MODE
	The integer argument can be used to get or set the current TLS transmit mode			The integer argument can be used to get or set the current TLS transmit mode
	of a socket.			of a socket.
	Setting the mode can only used to toggle between software and NIC TLS after			See
	TLS has been initially enabled via the			.Xr ktls 4
	.Dv TCP_TXTLS_ENABLE			for more details.
	option.
	The available modes are:
	.Bl -tag -width "Dv TCP_TLS_MODE_IFNET"
	.It Dv TCP_TLS_MODE_NONE
	In-kernel TLS framing and encryption is not enabled for this socket.
	.It Dv TCP_TLS_MODE_SW
	TLS records are encrypted by the kernel prior to placing the data in the
	socket buffer.
	Typically this encryption is performed in software.
	.It Dv TCP_TLS_MODE_IFNET
	TLS records are encrypted by the network interface card (NIC).
	.It Dv TCP_TLS_MODE_TOE
	TLS records are encrypted by the NIC using a TCP offload engine (TOE).
	.El
	.It Dv TCP_RXTLS_ENABLE			.It Dv TCP_RXTLS_ENABLE
	Enable in-kernel TLS for data read from this socket.			Enable in-kernel TLS for data read from this socket.
	The			See
	.Vt struct tls_so_enable			.Xr ktls 4
	argument defines the encryption and authentication algorithms and keys			for more details.
	used to decrypt the socket data.
	.Pp
	Each received TLS record must be read from the socket using
	.Xr recvmsg 2 .
	Each received TLS record will contain a
	.Dv TLS_GET_RECORD
	control message along with the decrypted payload.
	The control message contains a
	.Vt struct tls_get_record
	which includes fields from the TLS record header.
	If an invalid or corrupted TLS record is received,
	recvmsg 2
	will fail with one of the following errors:
	.Bl -tag -width Er
	.It Bq Er EINVAL
	The version fields in a TLS record's header did not match the version required
	by the
	.Vt struct tls_so_enable
	structure used to enable in-kernel TLS.
	.It Bq Er EMSGSIZE
	A TLS record's length was either too small or too large.
	.It Bq Er EMSGSIZE
	The connection was closed after sending a truncated TLS record.
	.It Bq Er EBADMSG
	The TLS record failed to match the included authentication tag.
	.El			.El
	.Pp			.Pp
	At present, only a single receive key may be set on a socket.
	As such, users of this option must disable rekeying.
	.It Dv TCP_RXTLS_MODE
	The integer argument can be used to get the current TLS receive mode
	of a socket.
	The available modes are the same as for
	.Dv TCP_TXTLS_MODE .
	.El
	.Pp
	The option level for the			The option level for the
	.Xr setsockopt 2			.Xr setsockopt 2
	call is the protocol number for			call is the protocol number for
	.Tn TCP ,			.Tn TCP ,
	available from			available from
	.Xr getprotobyname 3 ,			.Xr getprotobyname 3 ,
	or			or
	.Dv IPPROTO_TCP .			.Dv IPPROTO_TCP .
	▲ Show 20 Lines • Show All 372 Lines • ▼ Show 20 Lines
	.Xr getsockopt 2 ,			.Xr getsockopt 2 ,
	.Xr socket 2 ,			.Xr socket 2 ,
	.Xr stats 3 ,			.Xr stats 3 ,
	.Xr sysctl 3 ,			.Xr sysctl 3 ,
	.Xr blackhole 4 ,			.Xr blackhole 4 ,
	.Xr inet 4 ,			.Xr inet 4 ,
	.Xr intro 4 ,			.Xr intro 4 ,
	.Xr ip 4 ,			.Xr ip 4 ,
				.Xr ktls 4 ,
	.Xr mod_cc 4 ,			.Xr mod_cc 4 ,
	.Xr siftr 4 ,			.Xr siftr 4 ,
	.Xr syncache 4 ,			.Xr syncache 4 ,
	.Xr tcp_bbr 4 ,			.Xr tcp_bbr 4 ,
	.Xr setkey 8 ,			.Xr setkey 8 ,
	.Xr tcp_functions 9			.Xr tcp_functions 9
	.Rs			.Rs
	.%A "V. Jacobson"			.%A "V. Jacobson"
	Show All 31 Lines