tcp: Add a sysctl to modify listening socket FIB inheritance

Introduce the net.inet.tcp.bind_all_fibs tunable, set to 1 by default
for compatibility with current behaviour. When set to 0, all TCP
l

tcp: Add a sysctl to modify listening socket FIB inheritance

Introduce the net.inet.tcp.bind_all_fibs tunable, set to 1 by default
for compatibility with current behaviour. When set to 0, all TCP
listening sockets are private to their FIB. Inbound connection requests
will only succeed if a matching inpcb is bound to the same FIB as the
request.

No functional change intended, as the new behaviour is not enabled by
default.

Reviewed by: glebius
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D48663

show more ...

tcp: retire sysctl variable functions_inherit_listen_socket_stack

The default was true and it is consistent to inherit the TCP function
block from the listener as most of the other parameters.

Revi

tcp: retire sysctl variable functions_inherit_listen_socket_stack

The default was true and it is consistent to inherit the TCP function
block from the listener as most of the other parameters.

Reviewed by: Peter Lei, cc
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D46141

show more ...

tcp: vnetify sysctl variables ack_war_timewindow and ack_war_cnt

As suggested by glebius@. While there, improve the documentation.

Reviewed by: Peter Lei, cc
MFC after: 1 week
Sponsored by: Netf

tcp: vnetify sysctl variables ack_war_timewindow and ack_war_cnt

As suggested by glebius@. While there, improve the documentation.

Reviewed by: Peter Lei, cc
MFC after: 1 week
Sponsored by: Netflix, Inc
Differential Revision: https://reviews.freebsd.org/D46140

show more ...

tcp: improve SEG.ACK validation

Implement the improved SEG.ACK validation described in RFC 5961.
In addition to that, also detect ghost ACKs, which are ACKs for data
that has never been sent.
The ad

tcp: improve SEG.ACK validation

Implement the improved SEG.ACK validation described in RFC 5961.
In addition to that, also detect ghost ACKs, which are ACKs for data
that has never been sent.
The additional checks are enabled by default, but can be disabled
by setting the sysctl-variable net.inet.tcp.insecure_ack to a
non-zero value.

PR: 250357
Reviewed by: Peter Lei, rscheff (older version)
MFC after: 1 week
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D45894

show more ...

Fix typos in man pages under /share/man

Found using: devel/py-proselint

tcp: for LRD move sysctl from tcp.do_lrd tp tcp.sack.lrd, remove sockopt

Moving lrd sysctl to the tcp.sack branch, since LRD only works with SACK.
Remove the sockopt to programmatically control LRD

tcp: for LRD move sysctl from tcp.do_lrd tp tcp.sack.lrd, remove sockopt

Moving lrd sysctl to the tcp.sack branch, since LRD only works with SACK.
Remove the sockopt to programmatically control LRD per session.

Reviewed By: #transport, tuexen, rrs
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D42851

show more ...

tcp: enable LRD by default

Lost Retransmission Detection was added as a
feature in May 2021, but disabled by default.

Enabling the feature by default to reduce the
flow completion time by avoiding

tcp: enable LRD by default

Lost Retransmission Detection was added as a
feature in May 2021, but disabled by default.

Enabling the feature by default to reduce the
flow completion time by avoiding RTOs when
retransmissions get lost too.

Reviewed By: tuexen, #transport, zlei
MFC after: 10 weeks
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D42845

show more ...

share: Remove ancient SCCS tags.

Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl

share: Remove ancient SCCS tags.

Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl script.

Sponsored by: Netflix

show more ...

[tcp] add PRR 6937bis heuristic and retire prr_conservative sysctl

Improve Proportional Rate Reduction (RFC6937) by using a
heuristic, which automatically chooses between
conservative CRB and more a

[tcp] add PRR 6937bis heuristic and retire prr_conservative sysctl

Improve Proportional Rate Reduction (RFC6937) by using a
heuristic, which automatically chooses between
conservative CRB and more aggressive SSRB modes.
Only when snd_una advances (a partial ACK), SSRB may be
used. Also, that ACK must not have any indication of
ongoing loss - using the addition of new holes into the
scoreboard as proxy for such an event.

MFC after: 4 weeks
Reviewed By: #transport, kbowling, rrs
Sponsored By: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D28822

show more ...

Remove $FreeBSD$: one-line nroff pattern

Remove /^\.\\"\s*\$FreeBSD\$$\n/

tcp(4): fix a misnomer

This is almost certainly not the meaning of PCB used here.

Reviewed by: markj
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.fr

tcp(4): fix a misnomer

This is almost certainly not the meaning of PCB used here.

Reviewed by: markj
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40786

show more ...

tcp: make the maximum number of retransmissions tunable per VNET

Both Windows (TcpMaxDataRetransmissions) and Linux (tcp_retries2)
allow to restrict the maximum number of consecutive timer based
ret

tcp: make the maximum number of retransmissions tunable per VNET

Both Windows (TcpMaxDataRetransmissions) and Linux (tcp_retries2)
allow to restrict the maximum number of consecutive timer based
retransmissions. Add that same capability on a per-VNet basis to
FreeBSD.

Reviewed By: cc, tuexen, #transport
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D40424

show more ...

tcp: retire net.inet.tcp.tcp_require_unique_port

It was a safe belt just in case if the new port allocation
behaviour introduced in 25102351509 would cause a problem.

Reviewed by: markj, rscheff,

tcp: retire net.inet.tcp.tcp_require_unique_port

It was a safe belt just in case if the new port allocation
behaviour introduced in 25102351509 would cause a problem.

Reviewed by: markj, rscheff, tuexen
Differential revision: https://reviews.freebsd.org/D38353

show more ...

tcp_rack: Add a manual page

- add a manual page for tcp_rack(4)
- link it in the tcp(4) and tcp_bbr(4) man pages
- hook it up to build in the Makefile

Reviewed by: pauamma
MFC after: 2 weeks
Differ

tcp_rack: Add a manual page

- add a manual page for tcp_rack(4)
- link it in the tcp(4) and tcp_bbr(4) man pages
- hook it up to build in the Makefile

Reviewed by: pauamma
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D37209

show more ...

tcp.4: undocument compressed TIME_WAIT

tcp: honor rfc1323 sysctl on passive sessions

On passive sessions, honor the local settings disabling or
enabling window scaling and timestamp options.

Reviewed By: tuexen, #transport
Sponsored

tcp: honor rfc1323 sysctl on passive sessions

On passive sessions, honor the local settings disabling or
enabling window scaling and timestamp options.

Reviewed By: tuexen, #transport
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D36874

show more ...

tcp: allow window scale and timestamps to be toggled individually

Simple change to allow for the individual toggling of
RFC7323 window scaling and timestamp option.

Reviewed By: rrs, tuexen, gl

tcp: allow window scale and timestamps to be toggled individually

Simple change to allow for the individual toggling of
RFC7323 window scaling and timestamp option.

Reviewed By: rrs, tuexen, glebius, guest-ccui, #transport
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D36863

show more ...

Tcp progress timeout

Rack has had the ability to timeout connections that just sit idle automatically. This
feature of course is off by default and requires the user set it on (though the socket opt

Tcp progress timeout

Rack has had the ability to timeout connections that just sit idle automatically. This
feature of course is off by default and requires the user set it on (though the socket option
has been missing in tcp_usrreq.c). Lets get the progress timeout fully supported in
the base stack as well as rack.

Reviewed by: tuexen
Sponsored by: Netflix Inc
Differential Revision: https://reviews.freebsd.org/D36716

show more ...

tcp: Functional implementation of Accurate ECN

The AccECN handshake and TCP header flags are supported,
no support yet for the AccECN option. This minimalistic
implementation is sufficient to suppor

tcp: Functional implementation of Accurate ECN

The AccECN handshake and TCP header flags are supported,
no support yet for the AccECN option. This minimalistic
implementation is sufficient to support DCTCP while
dramatically cutting the number of ACKs, and provide ECN
response from the receiver to the CC modules.

Reviewed By: #transport, #manpages, rrs, pauamma
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D21011

show more ...

tcp.4: Add missing sysctls, other fixes

Add some of the missing sysctls to tcp.4, using references to other
man pages where they exist. Added sysctls include recvbuf and sendbuf
controls for automa

tcp.4: Add missing sysctls, other fixes

Add some of the missing sysctls to tcp.4, using references to other
man pages where they exist. Added sysctls include recvbuf and sendbuf
controls for automatic buffer sizing. Updated recvspace and sendspace.

Add sysctl.8 to "see also" and intro to variable section. Rename
"MIB Variables" section to "MIB (sysctl) Variables", as most people
will associate with sysctl.

Reviewed by: manpages(pauamma), tuexen
Differential Revision: https://reviews.freebsd.org/D36004

show more ...

tcp.4: Sort sysctl variables

In preparation for updates including missing variables, sort the
sysctl variables in the MIB variables section alphabetically.
Add a new "hostcache" entry for the hostca

tcp.4: Sort sysctl variables

In preparation for updates including missing variables, sort the
sysctl variables in the MIB variables section alphabetically.
Add a new "hostcache" entry for the hostcache node, containing the
intro text that was previously in hostcache.enable. Also cleanups
per review comments.

Reviewed by: transport(tuexen), manpages(bcr)
Differential Revision: https://reviews.freebsd.org/D35844
MFC after: 1 week

(cherry picked from commit 5cf709ce72c0b6eb4b4d57db015a65f8a84166d5)

show more ...

inet.4 tcp.4 udp.4: update date, fix typo

Update .Dd for man pages pushed yesterday; fix typo in inet.4.

inet.4 tcp.4 udp.4: Replace *CTL_* OID macro names with sysctl names

Older sysctls with constant OID macros were identified with those
in inet.4, tcp.4, and udp.4; newer sysctls with automatic numbe

inet.4 tcp.4 udp.4: Replace *CTL_* OID macro names with sysctl names

Older sysctls with constant OID macros were identified with those
in inet.4, tcp.4, and udp.4; newer sysctls with automatic numbering
were identified by sysctl names. No one remembers the OID macros,
or knows what they are; sysctls are always done by name now, usually
via sysctl(8).

Replace the OID macro names with sysctl names so that there is one
uniform identifier type; sysctl names were previously in parens.
Make the formatting a little more consistent in this area. In inet.4
and udp.4, move the "ip." or "udp." prefix from each entry into the
top-level name at the start of the section, as they are all the same.

Reviewed by: rpokala
Differential Revision: https://reviews.freebsd.org/D35806

show more ...

syncache: accept packet with no SA when TCP_MD5SIG is set

When TCP_MD5SIG is set on a socket, all packets are dropped that don't
contain an MD5 signature. Relax this behavior to accept a non-signed

syncache: accept packet with no SA when TCP_MD5SIG is set

When TCP_MD5SIG is set on a socket, all packets are dropped that don't
contain an MD5 signature. Relax this behavior to accept a non-signed
packet when a security association doesn't exist with the peer.

This is useful when a listen socket set with TCP_MD5SIG wants to handle
connections protected with and without MD5 signatures.

Reviewed by: bz (previous version)
Sponsored by: nepustil.net
Sponsored by: Klara Inc.
Differential Revision: https://reviews.freebsd.org/D33227

show more ...

tcp: document TCP Fast Open (RFC 7413) in tcp(4)

Adds documentation for the TCP_FASTOPEN socket option
and related MIB variables to the tcp(4) manual page.

PR: 257907
Reviewed by: gbe
MFC after: 3

tcp: document TCP Fast Open (RFC 7413) in tcp(4)

Adds documentation for the TCP_FASTOPEN socket option
and related MIB variables to the tcp(4) manual page.

PR: 257907
Reviewed by: gbe
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D31764

show more ...