Commit Graph

84 Commits

Author SHA1 Message Date
Michael Tuexen
202a205fc2 Fix a grammar error.
Reported by:i hiren, vangyzen
MFC after: 1 month
X-MFC:	r307727
Sponsored by: Netflix
2016-10-21 18:45:09 +00:00
Michael Tuexen
b8835a8a6b Document the TCP sysctl variables insecure_rst and insecure_syn.
MFC after: 1 month
Sponsored by: netflix
2016-10-21 11:29:25 +00:00
Randall Stewart
587d67c008 Here we update the modular tcp to be able to switch to an
alternate TCP stack in other then the closed state (pre-listen/connect).
The idea is that *if* that is supported by the alternate stack, it
is asked if its ok to switch. If it approves the "handoff" then we
allow the switch to happen. Also the fini() function now gets a flag
to tell if you are switching away *or* the tcb is destroyed. The
init() call into the alternate stack is moved to the end so the
tcb is more fully formed before the init transpires.

Sponsored by:	Netflix Inc.
Differential Revision:	D6790
2016-08-16 15:11:46 +00:00
Jonathan T. Looney
cf3c688cc9 Document support for alternate TCP stacks.
Differential Revision:	https://reviews.freebsd.org/D6940
Reviewed by:	hiren
Approved by:	re (gjb)
Sponsored by:	Juniper Networks
2016-06-28 13:37:01 +00:00
Don Lewis
c12cebd635 Document new net.inet.tcp.ecn.enable sysctl settings.
MFC after:	1 month (with r300240)
2016-05-19 23:03:07 +00:00
Gleb Smirnoff
d519cedbad Provide new socket option TCP_CCALGOOPT, which stands for TCP congestion
control algorithm options.  The argument is variable length and is opaque
to TCP, forwarded directly to the algorithm's ctl_output method.

Provide new includes directory netinet/cc, where algorithm specific
headers can be installed.

The new API doesn't yet have any in tree consumers.

The original code written by lstewart.
Reviewed by:	rrs, emax
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D711
2016-01-22 02:07:48 +00:00
Hiren Panchasara
356c7958a4 Add sysctl tunable net.inet.tcp.initcwnd_segments to specify initial congestion
window in number of segments on fly. It is set to 10 segments by default.

Remove net.inet.tcp.experimental.initcwnd10 which is now redundant. Also remove
the parent node net.inet.tcp.experimental as it's not needed anymore and also
because it was not well thought out.

Differential Revision:	https://reviews.freebsd.org/D3858
In collaboration with:	lstewart
Reviewed by:		gnn (prev version), rwatson, allanjude, wblock (man page)
MFC after:		2 weeks
Relnotes:		yes
Sponsored by:		Limelight Networks
2015-10-27 09:43:05 +00:00
Sean Bruno
f0d27ac9c1 Correct naming of sysctl pmtud_blackhole_activated_min_mss.
Clarify some statements around PMTUD blackhole detection to make
the behavior more clear in the man page.

Submitted by:	Mikhail <mp@lenta.ru>
MFC after:	2 weeks
2014-12-28 20:56:03 +00:00
Christian Brueffer
d1e159345b New sentence -> new line; use macros where appropriate. 2014-10-14 12:29:24 +00:00
Sean Bruno
d6f180ad78 Bump .Dd
Submitted by:	gjb
MFC after:	2 weeks
Relnotes:	yes
2014-10-13 21:08:27 +00:00
Sean Bruno
33b8f2518c Update tcp(4) with plpmtud blackhole sysctls
Submitted by:	Mikhail <mp@lenta.ru>
MFC after:	2 weeks
Relnotes:	yes
2014-10-13 21:04:14 +00:00
Eitan Adler
dda5b39711 multiple: Remove 3rd clause from BSD license where approved by the
regents and renumber.

This patch skips files in contrib/ and crypto/

Acked by:	imp
Discussed with:	emaste
2014-03-14 03:07:51 +00:00
Gleb Smirnoff
2f3eb7f4d8 Make TCP_KEEP* socket options readable. At least PostgreSQL wants
to read the values.

Reported by:	sobomax
2013-11-08 13:04:14 +00:00
Maxim Konovalov
1e7c7d8cbc o Xr siftr.4 in order to expose it to a wider audience.
Reviewed by:	lstewart
2012-03-20 12:24:36 +00:00
Maxim Konovalov
593e5e2cd9 o Trim EoL whitespaces. 2012-03-19 19:25:22 +00:00
Ed Maste
caeb442fd2 Remove undesired sysctl(3) xref
Submitted by:	bde
2012-03-09 15:25:27 +00:00
Ed Maste
fb175d1c81 Correct markup, use proper reference for sysctl(3)
Submitted by:	brueffer@
2012-03-08 15:27:29 +00:00
Ed Maste
0ff32c4996 Inbound TCP-MD5 digest validation is now supported 2012-03-08 01:37:01 +00:00
Gleb Smirnoff
9077f38738 Add new socket options: TCP_KEEPINIT, TCP_KEEPIDLE, TCP_KEEPINTVL and
TCP_KEEPCNT, that allow to control initial timeout, idle time, idle
re-send interval and idle send count on a per-socket basis.

Reviewed by:	andre, bz, lstewart
2012-02-05 16:53:02 +00:00
Andre Oppermann
149f91412f Remove mention of ss_fltsz and ss_fltsz_local which were retired in r226447. 2011-11-14 15:14:42 +00:00
Lawrence Stewart
f772f9fe43 Rename the cc.4 and cc.9 modular congestion control related man pages to
mod_cc.4 and mod_cc.9 respectively to avoid any possible confusion with the cc.1
gcc man page. Update references to these man pages where required.

Requested by:	Grenville Armitage
Approved by:	re (kib)
MFC after:	3 days
2011-09-15 12:15:36 +00:00
Lawrence Stewart
29f269dc1f Final commit to round out the "Five New TCP Congestion Control Algorithms for
FreeBSD" FreeBSD Foundation funded project.

- Add new man pages for the modular congestion control, Khelp and Hhook
  frameworks (cc.4, cc.9, khelp.9 and hhook.9).

- Add new man pages for each available congestion control algorithm (cc_chd.4,
  cc_cubic.4, cc_hd.4, cc_htcp.4, cc_newreno.4 and cc_vegas.4).

- Add a new man page for the Enhanced Round Trip Time (ERTT) Khelp module
  (h_ertt.4).

- Update the TCP (tcp.4) man page to mention the TCP_CONGESTION socket option,
  cross reference to cc.4 and remove references to the retired
  "net.inet.tcp.newreno" sysctl MIB variable.

In collaboration with:	David Hayes <dahayes at swin edu au> and
				Grenville Armitage <garmitage at swin edu au>
Sponsored by:	FreeBSD Foundation
MFC after:	3 months
2011-02-21 11:56:11 +00:00
Bjoern A. Zeeb
7b2638182f Clarify when we switch from keepidle to keepinvtl intervals if sending
TCP keepalive probes is enabled.

Reviewed by:	gnn
MFC After:	3 days
2011-01-08 00:44:17 +00:00
Andre Oppermann
d8b03e05a9 The inflight bandwidth limiter was removed in r212765. 2010-09-16 22:11:55 +00:00
Rui Paulo
5f32510e53 Add ECN sysctls and ECN RFC. 2008-08-16 21:12:25 +00:00
Ruslan Ermilov
0d1778eac6 Kill whitespace at EOL. 2007-04-03 18:57:09 +00:00
Christian Brueffer
5e01c01abd More cleanup for rev. 1.56
Submitted by:	ru
2007-02-28 22:40:21 +00:00
Christian Brueffer
3eb3f72aca mdoc cleanup for the previous commit and touch .Dd 2007-02-28 21:36:11 +00:00
Mohan Srinivasan
535c755253 Update the tcp(4) manpage with the new (and some older undocumented) sysctls.
Remove a sysctl that is no longer used.
2007-02-28 19:32:46 +00:00
Bruce M Simpson
ed6e952c66 Document the existence of the TCP_INFO socket option.
Approved by:	rwatson
2007-01-22 14:16:47 +00:00
Gleb Smirnoff
85bfbb5f09 Fix markup bug in last commit.
Submitted by:	ru
2006-09-13 15:47:26 +00:00
Gleb Smirnoff
708e9ef188 Document net.inet.tcp.maxtcptw and net.inet.tcp.nolocaltimewait.
Wording by:	Devon O'Dell
2006-09-13 15:24:27 +00:00
Gleb Smirnoff
88cd456676 Remove all references to T/TCP, which was removed several months ago.
Approved by:	andre
2005-08-25 13:47:41 +00:00
Andre Oppermann
c94c54e4df Remove RFC1644 T/TCP support from the TCP side of the network stack.
A complete rationale and discussion is given in this message
and the resulting discussion:

 http://docs.freebsd.org/cgi/mid.cgi?4177C8AD.6060706

Note that this commit removes only the functional part of T/TCP
from the tcp_* related functions in the kernel.  Other features
introduced with RFC1644 are left intact (socket layer changes,
sendmsg(2) on connection oriented protocols)  and are meant to
be reused by a simpler and less intrusive reimplemention of the
previous T/TCP functionality.

Discussed on:	-arch
2004-11-02 22:22:22 +00:00
Andre Oppermann
27f15752ff Rephrase certain centences and sync description of default values to reality. 2004-10-23 18:37:23 +00:00
Maxim Konovalov
1e44bdd152 s/Oct /October/
Pointed out by:	ru
2004-10-13 12:05:33 +00:00
Maxim Konovalov
440eb923d0 Bump the date of the document. 2004-10-13 08:14:41 +00:00
Maxim Konovalov
4dfcafe73a Document net.inet.tcp.sack.initburst sysctl. 2004-10-12 13:52:46 +00:00
Andre Oppermann
24a098ea9b o Move the inflight sysctls to their own sub-tree under net.inet.tcp to be
more consistent with the other sysctls around it.
2004-08-03 13:54:11 +00:00
Maxim Konovalov
3ed6f7023e o Document net.inet.sack.enable sysctl. net.inet.sack.sackhole_limit
is not documented yet, it is not used at the moment and is the subject
of the future work.

Improved by:	ru
Not objected:	ps, jayanth
2004-07-10 17:55:13 +00:00
Mike Pritchard
c48524c2aa Spelling fixes. 2004-06-21 17:42:49 +00:00
Ruslan Ermilov
bf7f20c2b6 Assorted markup, spelling, and grammar fixes. 2004-06-16 08:33:57 +00:00
Simon L. B. Nielsen
ae4eb6f8e3 Correct the misuse of \- (mdoc(7) mathematical minus) when - (mdoc(7)
hyphen) is meant.

Mdoc(7) clue by:	ru
Reviewed by:		ru
2004-05-14 20:07:49 +00:00
Bruce M Simpson
88f6b0435e Shorten the name of the socket option used to enable TCP-MD5 packet
treatment.

Submitted by:	Vincent Jardin
2004-02-16 22:21:16 +00:00
Bruce M Simpson
6639682776 Spell tcp_signature_compute correctly. 2004-02-14 22:17:38 +00:00
Bruce M Simpson
1cfd4b5326 Initial import of RFC 2385 (TCP-MD5) digest support.
This is the first of two commits; bringing in the kernel support first.
This can be enabled by compiling a kernel with options TCP_SIGNATURE
and FAST_IPSEC.

For the uninitiated, this is a TCP option which provides for a means of
authenticating TCP sessions which came into being before IPSEC. It is
still relevant today, however, as it is used by many commercial router
vendors, particularly with BGP, and as such has become a requirement for
interconnect at many major Internet points of presence.

Several parts of the TCP and IP headers, including the segment payload,
are digested with MD5, including a shared secret. The PF_KEY interface
is used to manage the secrets using security associations in the SADB.

There is a limitation here in that as there is no way to map a TCP flow
per-port back to an SPI without polluting tcpcb or using the SPD; the
code to do the latter is unstable at this time. Therefore this code only
supports per-host keying granularity.

Whilst FAST_IPSEC is mutually exclusive with KAME IPSEC (and thus IPv6),
TCP_SIGNATURE applies only to IPv4. For the vast majority of prospective
users of this feature, this will not pose any problem.

This implementation is output-only; that is, the option is honoured when
responding to a host initiating a TCP session, but no effort is made
[yet] to authenticate inbound traffic. This is, however, sufficient to
interwork with Cisco equipment.

Tested with a Cisco 2501 running IOS 12.0(27), and Quagga 0.96.4 with
local patches. Patches for tcpdump to validate TCP-MD5 sessions are also
available from me upon request.

Sponsored by:	sentex.net
2004-02-11 04:26:04 +00:00
Ruslan Ermilov
fe08efe680 mdoc(7): Use the new feature of the .In macro. 2003-09-08 19:57:22 +00:00
Ruslan Ermilov
e91fabac7b mdoc(7) police: Tidy up the formatting. 2003-03-22 13:43:06 +00:00
Jeffrey Hsu
01f98321e6 Document the net.inet.tcp.rfc3390 sysctl variable. 2003-03-13 01:44:58 +00:00
Jeffrey Hsu
edcd017d67 Document the net.inet.tcp.rfc3042 sysctl variable. 2003-03-12 20:44:06 +00:00