diff options
Diffstat (limited to 'share/man/man4/tcp.4')
| -rw-r--r-- | share/man/man4/tcp.4 | 89 |
1 files changed, 78 insertions, 11 deletions
diff --git a/share/man/man4/tcp.4 b/share/man/man4/tcp.4 index 39db12752937..fcfda42908d8 100644 --- a/share/man/man4/tcp.4 +++ b/share/man/man4/tcp.4 @@ -31,7 +31,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd November 30, 2023 +.Dd June 27, 2025 .Dt TCP 4 .Os .Sh NAME @@ -200,6 +200,35 @@ The alternate TCP stack must already be loaded in the kernel. To list the available TCP stacks, see .Va functions_available in the +.Sx FIB support +TCP sockets are FIB-aware. +They inherit the FIB of the process which created the socket, or that of the +listening socket for sockets created by +.Xr accept 2 . +In particular, the FIB is not inherited from that of the interface where the +initiating SYN packet was received. +When an incoming connection request arrives to a listening socket, the initial +handshake also occurs in the FIB of the listening socket, not that of the +received packet. +.Pp +By default, a TCP listening socket can accept connections originating from any +FIB. +If the +.Va net.inet.tcp.bind_all_fibs +tunable is set to 0, a listening socket will only accept connections +originating +from the FIB's listening socket. +Connection requests from other FIBs will be treated as though there is no +listening socket for the destination address and port. +In this mode, multiple listening sockets owned by the same user can listen on +the same address and port so long as they belong to different FIBs, similar to +the behavior of the +.Dv SO_REUSEPORT +socket option. +If the tunable is set to 0, all sockets added to a load-balancing group created +with the +.Dv SO_REUSEPORT_LB +socket option must belong to the same FIB. .Sx MIB (sysctl) Variables section further down. To list the default TCP stack, see @@ -418,7 +447,7 @@ and the reverse source route is used in responding. The default congestion control algorithm for .Tn TCP is -.Xr cc_newreno 4 . +.Xr cc_cubic 4 . Other congestion control algorithms can be made available using the .Xr mod_cc 4 framework. @@ -432,6 +461,17 @@ branch of the MIB, which can also be read or modified with .Xr sysctl 8 . .Bl -tag -width ".Va v6pmtud_blackhole_mss" +.It Va ack_war_timewindow , ack_war_cnt +The challenge ACK throttling algorithm defined in RFC 5961 limits +the number of challenge ACKs sent per TCP connection to +.Va ack_war_cnt +during the time interval specified in milliseconds by +.Va ack_war_timewindow . +Setting +.Va ack_war_timewindow +or +.Va ack_war_cnt +to zero disables challenge ACK throttling. .It Va always_keepalive Assume that .Dv SO_KEEPALIVE @@ -611,11 +651,6 @@ Defaults to 60 seconds. List of available TCP function blocks (TCP stacks). .It Va functions_default The default TCP function block (TCP stack). -.It Va functions_inherit_listen_socket_stack -Determines whether to inherit listen socket's TCP stack or use the current -system default TCP stack, as defined by -.Va functions_default . -Default is true. .It Va hostcache The TCP host cache is used to cache connection details and metrics to improve future performance of connections between the same hosts. @@ -699,6 +734,9 @@ Default is false. .It Va insecure_syn Use criteria defined in RFC793 instead of RFC5961 for accepting SYN segments. Default is false. +.It Va insecure_ack +Use criteria defined in RFC793 for validating SEG.ACK. +Default is false. .It Va isn_reseed_interval The interval (in seconds) specifying how often the secret data used in RFC 1948 initial sequence number calculations should be reseeded. @@ -742,21 +780,34 @@ Minimum TCP Maximum Segment Size; used to prevent a denial of service attack from an unreasonably low MSS. .It Va msl The Maximum Segment Lifetime, in milliseconds, for a packet. +.It Va msl_local +The Maximum Segment Lifetime, in milliseconds, for a packet when both endpoints +are local. +.Va msl_local +is only used if +.Va nolocaltimewait , +which is deprecated, is zero. .It Va mssdflt The default value used for the TCP Maximum Segment Size .Pq Dq MSS for IPv4 when no advice to the contrary is received from MSS negotiation. -.It Va newcwd +.It Va newcwv Enable the New Congestion Window Validation mechanism as described in RFC 7661. This gently reduces the congestion window during periods, where TCP is application limited and the network bandwidth is not utilized completely. That prevents self-inflicted packet losses once the application starts to transmit data at a higher speed. .It Va nolocaltimewait -Suppress creation of TCP +Suppress the creation of TCP .Dv TIME_WAIT states for connections in which both endpoints are local. +The default is 0. +.Va nolocaltimewait +is deprecated and will be removed in +.Fx 16 . +.Va msl_local +can be used instead. .It Va path_mtu_discovery Enable Path MTU Discovery. .It Va pcbcount @@ -833,10 +884,13 @@ segment is lost (default and maximum is 12). .It Va rexmit_drop_options Drop TCP options from third and later retransmitted SYN segments of a connection. -.It Va rexmit_initial , rexmit_min , rexmit_slop +.It Va rexmit_initial , rexmit_min , rexmit_slop , rexmit_max Adjust the retransmit timer calculation for .Tn TCP . -The slop is +A new connection starts with timer set to +.Va rexmit_initial . +The +.Va rexmit_slop typically added to the raw calculation to take into account occasional variances that the .Tn SRTT @@ -856,6 +910,11 @@ For this reason, we use 200ms of slop and a near-0 minimum, which gives us an effective minimum of 200ms (similar to .Tn Linux ) . The initial value is used before an RTT measurement has been performed. +The +.Va rexmit_min +and +.Va rexmit_max +set minimum and maximum timer values that a connection may have. .It Va rfc1323 Implement the window scaling and timestamp options of RFC 1323/RFC 7323 (default is 1). @@ -1032,6 +1091,7 @@ when trying to use a TCP function block that is not available; .El .Sh SEE ALSO .Xr getsockopt 2 , +.Xr setfib 2 , .Xr socket 2 , .Xr stats 3 , .Xr sysctl 3 , @@ -1075,6 +1135,13 @@ when trying to use a TCP function block that is not available; .%T "The Addition of Explicit Congestion Notification (ECN) to IP" .%O "RFC 3168" .Re +.Rs +.%A "A. Ramaiah" +.%A "R. Stewart" +.%A "M. Dalal" +.%T "Improving TCP's Robustness to Blind In-Window Attacks" +.%O "RFC 5961" +.Re .Sh HISTORY The .Tn TCP |