Lines Matching +full:non +full:- +full:active
3 .\" Copyright (c) 2010-2011 The FreeBSD Foundation
50 protocol provides reliable, flow-controlled, two-way
52 It is a byte-stream protocol used to
58 Internet address format and, in addition, provides a per-host
70 .Dq active
73 Active sockets initiate connections to passive
77 sockets are created active; to create a
87 Only active sockets may use the
119 .Bl -tag -width ".Dv TCP_FUNCTION_BLK"
122 by passing the read-only option
136 bandwidth-controlled window space.
161 For passively-created sockets, the
167 but that fall back to using a non-TFO
174 pre-shared key (PSK) mode of operation in which the TFO server requires the
184 requires the client-supplied cookie to equal
185 .Bd -literal -offset left
186 SipHash24(key=\fI16-byte-psk\fP, msg=\fIcookie-sent-to-client\fP)
189 Multiple concurrent valid pre-shared keys are supported so that time-based
191 The default number of concurrent pre-shared keys is 2.
204 TCP sockets are FIB-aware.
228 If the tunable is set to 0, all sockets added to a load-balancing group created
242 option accepts a per-socket timeout argument of
244 in seconds, for new, non-established
273 to set the per-socket interval, in seconds, between keepalive probes sent
288 and allows a per-socket tuning of the number of probes sent, with no response,
313 By default, a sender- and
314 .No receiver- Ns Tn TCP
326 to set the per-socket interval, in seconds, in which the connection must
342 option use on a per-connection basis.
345 .No sender- Ns Tn TCP
353 When this option is set to a non-zero value,
358 This option enables the use of MD5 digests (also known as TCP-MD5)
372 administrator to add a tcp-md5 key entry to the system's security
376 This entry can only be specified on a per-host basis at this time.
380 However, during connection negotiation, a non-signed segment will be accepted if
382 When a non-signed segment is accepted, the established connection is not
391 Enable in-kernel Transport Layer Security (TLS) for data written to this
403 Enable in-kernel TLS for data read from this socket.
413 .Bl -tag -width "Dv TCP_REUSPORT_LB_NUMA"
444 Incoming connection requests that are source-routed are noted,
463 .Bl -tag -width ".Va v6pmtud_blackhole_mss"
524 .Bl -tag -compact
558 When non-zero, all client-supplied TFO cookies will be considered to be valid.
563 are non-zero, a new key will be automatically generated after this specified
576 Read-only.
585 Read-only.
587 When zero, no new active (i.e., client) TFO connections can be created.
590 The transition from enabled to disabled does not affect any active TFO
595 Read-only.
598 Read-only,
600 The maximum number of pre-shared keys supported.
601 Read-only.
604 Read-only.
606 The current number of pre-shared keys installed.
607 Read-only.
609 When a failure occurs while trying to create a new active (i.e., client) TFO
610 connection, new active connections on the same path, as determined by the tuple
612 will be forced to be non-TFO for this many seconds.
620 When non-zero, pre-shared key (PSK) mode is enabled for all TFO servers.
621 On the transition from enabled to disabled, all installed pre-shared keys are
626 On the transition from enabled to disabled, all installed keys and pre-shared
630 is non-zero and there are no keys installed, a new key will be generated
640 Install a new pre-shared key by writing
677 .Bl -tag -compact
701 Any non-zero setting will be reset to zero, once the purge
703 .Bl -tag -compact
718 .Tn SYN-SENT
728 Start with small values for lower-capacity links.
757 Timeout, in milliseconds, for new, non-established
791 That prevents self-inflicted packet losses once the application starts to
801 Number of active protocol control blocks
802 (read-only).
810 A CSV list of template_spec=percent key-value pairs which controls the per
834 .Bl -tag -compact
853 the system-calculated automatic limit and the user-specified
881 (smoothed round-trip time)
893 For this reason, we use 200ms of slop and a near-0
901 .Bl -tag -compact
916 Enable support for RFC 3390, which allows for a variable-sized
920 particularly affects short transfers and high-bandwidth large
921 propagation-delay connections.
936 Enable Lost Retransmission Detection for SACK-enabled sessions, enabled by
939 mandatory Retransmission Timeout (RTO), followed by slow-start.
940 LRD will try to resend the repeatedly lost packet, preventing the time-consuming
941 RTO and performance reducing slow-start or purge of the SACK scoreboard.
955 SACKed - even if no traditional duplicate ACKs were observed.
978 .Tn SYN-ACK
992 control-block hash table
993 (read-only).
1038 .Bl -tag -width Er
1121 .%T "Improving TCP's Robustness to Blind In-Window Attacks"