xref: /freebsd/share/man/man4/tcp.4 (revision 2f513db72b034fd5ef7f080b11be5c711c15186a)
1.\" Copyright (c) 1983, 1991, 1993
2.\"	The Regents of the University of California.
3.\" Copyright (c) 2010-2011 The FreeBSD Foundation
4.\" All rights reserved.
5.\"
6.\" Portions of this documentation were written at the Centre for Advanced
7.\" Internet Architectures, Swinburne University of Technology, Melbourne,
8.\" Australia by David Hayes under sponsorship from the FreeBSD Foundation.
9.\"
10.\" Redistribution and use in source and binary forms, with or without
11.\" modification, are permitted provided that the following conditions
12.\" are met:
13.\" 1. Redistributions of source code must retain the above copyright
14.\"    notice, this list of conditions and the following disclaimer.
15.\" 2. Redistributions in binary form must reproduce the above copyright
16.\"    notice, this list of conditions and the following disclaimer in the
17.\"    documentation and/or other materials provided with the distribution.
18.\" 3. Neither the name of the University nor the names of its contributors
19.\"    may be used to endorse or promote products derived from this software
20.\"    without specific prior written permission.
21.\"
22.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32.\" SUCH DAMAGE.
33.\"
34.\"     From: @(#)tcp.4	8.1 (Berkeley) 6/5/93
35.\" $FreeBSD$
36.\"
37.Dd December 2, 2019
38.Dt TCP 4
39.Os
40.Sh NAME
41.Nm tcp
42.Nd Internet Transmission Control Protocol
43.Sh SYNOPSIS
44.In sys/types.h
45.In sys/socket.h
46.In netinet/in.h
47.In netinet/tcp.h
48.Ft int
49.Fn socket AF_INET SOCK_STREAM 0
50.Sh DESCRIPTION
51The
52.Tn TCP
53protocol provides reliable, flow-controlled, two-way
54transmission of data.
55It is a byte-stream protocol used to
56support the
57.Dv SOCK_STREAM
58abstraction.
59.Tn TCP
60uses the standard
61Internet address format and, in addition, provides a per-host
62collection of
63.Dq "port addresses" .
64Thus, each address is composed
65of an Internet address specifying the host and network,
66with a specific
67.Tn TCP
68port on the host identifying the peer entity.
69.Pp
70Sockets utilizing the
71.Tn TCP
72protocol are either
73.Dq active
74or
75.Dq passive .
76Active sockets initiate connections to passive
77sockets.
78By default,
79.Tn TCP
80sockets are created active; to create a
81passive socket, the
82.Xr listen 2
83system call must be used
84after binding the socket with the
85.Xr bind 2
86system call.
87Only passive sockets may use the
88.Xr accept 2
89call to accept incoming connections.
90Only active sockets may use the
91.Xr connect 2
92call to initiate connections.
93.Pp
94Passive sockets may
95.Dq underspecify
96their location to match
97incoming connection requests from multiple networks.
98This technique, termed
99.Dq "wildcard addressing" ,
100allows a single
101server to provide service to clients on multiple networks.
102To create a socket which listens on all networks, the Internet
103address
104.Dv INADDR_ANY
105must be bound.
106The
107.Tn TCP
108port may still be specified
109at this time; if the port is not specified, the system will assign one.
110Once a connection has been established, the socket's address is
111fixed by the peer entity's location.
112The address assigned to the
113socket is the address associated with the network interface
114through which packets are being transmitted and received.
115Normally, this address corresponds to the peer entity's network.
116.Pp
117.Tn TCP
118supports a number of socket options which can be set with
119.Xr setsockopt 2
120and tested with
121.Xr getsockopt 2 :
122.Bl -tag -width ".Dv TCP_FUNCTION_BLK"
123.It Dv TCP_INFO
124Information about a socket's underlying TCP session may be retrieved
125by passing the read-only option
126.Dv TCP_INFO
127to
128.Xr getsockopt 2 .
129It accepts a single argument: a pointer to an instance of
130.Vt "struct tcp_info" .
131.Pp
132This API is subject to change; consult the source to determine
133which fields are currently filled out by this option.
134.Fx
135specific additions include
136send window size,
137receive window size,
138and
139bandwidth-controlled window space.
140.It Dv TCP_CCALGOOPT
141Set or query congestion control algorithm specific parameters.
142See
143.Xr mod_cc 4
144for details.
145.It Dv TCP_CONGESTION
146Select or query the congestion control algorithm that TCP will use for the
147connection.
148See
149.Xr mod_cc 4
150for details.
151.It Dv TCP_FUNCTION_BLK
152Select or query the set of functions that TCP will use for this connection.
153This allows a user to select an alternate TCP stack.
154The alternate TCP stack must already be loaded in the kernel.
155To list the available TCP stacks, see
156.Va functions_available
157in the
158.Sx MIB Variables
159section further down.
160To list the default TCP stack, see
161.Va functions_default
162in the
163.Sx MIB Variables
164section.
165.It Dv TCP_KEEPINIT
166This
167.Xr setsockopt 2
168option accepts a per-socket timeout argument of
169.Vt "u_int"
170in seconds, for new, non-established
171.Tn TCP
172connections.
173For the global default in milliseconds see
174.Va keepinit
175in the
176.Sx MIB Variables
177section further down.
178.It Dv TCP_KEEPIDLE
179This
180.Xr setsockopt 2
181option accepts an argument of
182.Vt "u_int"
183for the amount of time, in seconds, that the connection must be idle
184before keepalive probes (if enabled) are sent for the connection of this
185socket.
186If set on a listening socket, the value is inherited by the newly created
187socket upon
188.Xr accept 2 .
189For the global default in milliseconds see
190.Va keepidle
191in the
192.Sx MIB Variables
193section further down.
194.It Dv TCP_KEEPINTVL
195This
196.Xr setsockopt 2
197option accepts an argument of
198.Vt "u_int"
199to set the per-socket interval, in seconds, between keepalive probes sent
200to a peer.
201If set on a listening socket, the value is inherited by the newly created
202socket upon
203.Xr accept 2 .
204For the global default in milliseconds see
205.Va keepintvl
206in the
207.Sx MIB Variables
208section further down.
209.It Dv TCP_KEEPCNT
210This
211.Xr setsockopt 2
212option accepts an argument of
213.Vt "u_int"
214and allows a per-socket tuning of the number of probes sent, with no response,
215before the connection will be dropped.
216If set on a listening socket, the value is inherited by the newly created
217socket upon
218.Xr accept 2 .
219For the global default see the
220.Va keepcnt
221in the
222.Sx MIB Variables
223section further down.
224.It Dv TCP_NODELAY
225Under most circumstances,
226.Tn TCP
227sends data when it is presented;
228when outstanding data has not yet been acknowledged, it gathers
229small amounts of output to be sent in a single packet once
230an acknowledgement is received.
231For a small number of clients, such as window systems
232that send a stream of mouse events which receive no replies,
233this packetization may cause significant delays.
234The boolean option
235.Dv TCP_NODELAY
236defeats this algorithm.
237.It Dv TCP_MAXSEG
238By default, a sender- and
239.No receiver- Ns Tn TCP
240will negotiate among themselves to determine the maximum segment size
241to be used for each connection.
242The
243.Dv TCP_MAXSEG
244option allows the user to determine the result of this negotiation,
245and to reduce it if desired.
246.It Dv TCP_NOOPT
247.Tn TCP
248usually sends a number of options in each packet, corresponding to
249various
250.Tn TCP
251extensions which are provided in this implementation.
252The boolean option
253.Dv TCP_NOOPT
254is provided to disable
255.Tn TCP
256option use on a per-connection basis.
257.It Dv TCP_NOPUSH
258By convention, the
259.No sender- Ns Tn TCP
260will set the
261.Dq push
262bit, and begin transmission immediately (if permitted) at the end of
263every user call to
264.Xr write 2
265or
266.Xr writev 2 .
267When this option is set to a non-zero value,
268.Tn TCP
269will delay sending any data at all until either the socket is closed,
270or the internal send buffer is filled.
271.It Dv TCP_MD5SIG
272This option enables the use of MD5 digests (also known as TCP-MD5)
273on writes to the specified socket.
274Outgoing traffic is digested;
275digests on incoming traffic are verified.
276When this option is enabled on a socket, all inbound and outgoing
277TCP segments must be signed with MD5 digests.
278.Pp
279One common use for this in a
280.Fx
281router deployment is to enable
282based routers to interwork with Cisco equipment at peering points.
283Support for this feature conforms to RFC 2385.
284.Pp
285In order for this option to function correctly, it is necessary for the
286administrator to add a tcp-md5 key entry to the system's security
287associations database (SADB) using the
288.Xr setkey 8
289utility.
290This entry can only be specified on a per-host basis at this time.
291.Pp
292If an SADB entry cannot be found for the destination,
293the system does not send any outgoing segments and drops any inbound segments.
294.It Dv TCP_STATS
295Manage collection of connection level statistics using the
296.Xr stats 3
297framework.
298.Pp
299Each dropped segment is taken into account in the TCP protocol statistics.
300.It Dv TCP_TXTLS_ENABLE
301Enable in-kernel Transport Layer Security (TLS) for data written to this
302socket.
303The
304.Vt struct tls_so_enable
305argument defines the encryption and authentication algorithms and keys
306used to encrypt the socket data as well as the maximum TLS record
307payload size.
308.Pp
309All data written to this socket will be encapsulated in TLS records
310and subsequently encrypted.
311By default all data written to this socket is treated as application data.
312Individual TLS records with a type other than application data
313(for example, handshake messages),
314may be transmitted by invoking
315.Xr sendmsg 2
316with a custom TLS record type set in a
317.Dv TLS_SET_RECORD_TYPE
318control message.
319The payload of this control message is a single byte holding the desired
320TLS record type.
321.Pp
322Data read from this socket will still be encrypted and must be parsed by
323a TLS-aware consumer.
324.Pp
325At present, only a single key may be set on a socket.
326As such, users of this option must disable rekeying.
327.It Dv TCP_TXTLS_MODE
328The integer argument can be used to get or set the current TLS mode of a
329socket.
330Setting the mode can only used to toggle between software and NIC TLS after
331TLS has been initially enabled via the
332.Dv TCP_TXTLS_ENABLE
333option.
334The available modes are:
335.Bl -tag -width "Dv TCP_TLS_MODE_IFNET"
336.It Dv TCP_TLS_MODE_NONE
337In-kernel TLS framing and encryption is not enabled for this socket.
338.It Dv TCP_TLS_MODE_SW
339TLS records are encrypted by the kernel prior to placing the data in the
340socket buffer.
341Typically this encryption is performed in software.
342.It Dv TCP_TLS_MODE_IFNET
343TLS records are encrypted by the network interface card (NIC).
344.El
345.El
346.Pp
347The option level for the
348.Xr setsockopt 2
349call is the protocol number for
350.Tn TCP ,
351available from
352.Xr getprotobyname 3 ,
353or
354.Dv IPPROTO_TCP .
355All options are declared in
356.In netinet/tcp.h .
357.Pp
358Options at the
359.Tn IP
360transport level may be used with
361.Tn TCP ;
362see
363.Xr ip 4 .
364Incoming connection requests that are source-routed are noted,
365and the reverse source route is used in responding.
366.Pp
367The default congestion control algorithm for
368.Tn TCP
369is
370.Xr cc_newreno 4 .
371Other congestion control algorithms can be made available using the
372.Xr mod_cc 4
373framework.
374.Ss MIB Variables
375The
376.Tn TCP
377protocol implements a number of variables in the
378.Va net.inet.tcp
379branch of the
380.Xr sysctl 3
381MIB.
382.Bl -tag -width ".Va TCPCTL_DO_RFC1323"
383.It Dv TCPCTL_DO_RFC1323
384.Pq Va rfc1323
385Implement the window scaling and timestamp options of RFC 1323
386(default is true).
387.It Dv TCPCTL_MSSDFLT
388.Pq Va mssdflt
389The default value used for the maximum segment size
390.Pq Dq MSS
391when no advice to the contrary is received from MSS negotiation.
392.It Dv TCPCTL_SENDSPACE
393.Pq Va sendspace
394Maximum
395.Tn TCP
396send window.
397.It Dv TCPCTL_RECVSPACE
398.Pq Va recvspace
399Maximum
400.Tn TCP
401receive window.
402.It Va log_in_vain
403Log any connection attempts to ports where there is not a socket
404accepting connections.
405The value of 1 limits the logging to
406.Tn SYN
407(connection establishment) packets only.
408That of 2 results in any
409.Tn TCP
410packets to closed ports being logged.
411Any value unlisted above disables the logging
412(default is 0, i.e., the logging is disabled).
413.It Va msl
414The Maximum Segment Lifetime, in milliseconds, for a packet.
415.It Va keepinit
416Timeout, in milliseconds, for new, non-established
417.Tn TCP
418connections.
419The default is 75000 msec.
420.It Va keepidle
421Amount of time, in milliseconds, that the connection must be idle
422before keepalive probes (if enabled) are sent.
423The default is 7200000 msec (2 hours).
424.It Va keepintvl
425The interval, in milliseconds, between keepalive probes sent to remote
426machines, when no response is received on a
427.Va keepidle
428probe.
429The default is 75000 msec.
430.It Va keepcnt
431Number of probes sent, with no response, before a connection
432is dropped.
433The default is 8 packets.
434.It Va always_keepalive
435Assume that
436.Dv SO_KEEPALIVE
437is set on all
438.Tn TCP
439connections, the kernel will
440periodically send a packet to the remote host to verify the connection
441is still up.
442.It Va icmp_may_rst
443Certain
444.Tn ICMP
445unreachable messages may abort connections in
446.Tn SYN-SENT
447state.
448.It Va do_tcpdrain
449Flush packets in the
450.Tn TCP
451reassembly queue if the system is low on mbufs.
452.It Va blackhole
453If enabled, disable sending of RST when a connection is attempted
454to a port where there is not a socket accepting connections.
455See
456.Xr blackhole 4 .
457.It Va delayed_ack
458Delay ACK to try and piggyback it onto a data packet.
459.It Va delacktime
460Maximum amount of time, in milliseconds, before a delayed ACK is sent.
461.It Va path_mtu_discovery
462Enable Path MTU Discovery.
463.It Va tcbhashsize
464Size of the
465.Tn TCP
466control-block hash table
467(read-only).
468This may be tuned using the kernel option
469.Dv TCBHASHSIZE
470or by setting
471.Va net.inet.tcp.tcbhashsize
472in the
473.Xr loader 8 .
474.It Va pcbcount
475Number of active process control blocks
476(read-only).
477.It Va syncookies
478Determines whether or not
479.Tn SYN
480cookies should be generated for outbound
481.Tn SYN-ACK
482packets.
483.Tn SYN
484cookies are a great help during
485.Tn SYN
486flood attacks, and are enabled by default.
487(See
488.Xr syncookies 4 . )
489.It Va isn_reseed_interval
490The interval (in seconds) specifying how often the secret data used in
491RFC 1948 initial sequence number calculations should be reseeded.
492By default, this variable is set to zero, indicating that
493no reseeding will occur.
494Reseeding should not be necessary, and will break
495.Dv TIME_WAIT
496recycling for a few minutes.
497.It Va reass.cursegments
498The current total number of segments present in all reassembly queues.
499.It Va reass.maxsegments
500The maximum limit on the total number of segments across all reassembly
501queues.
502The limit can be adjusted as a tunable.
503.It Va reass.maxqueuelen
504The maximum number of segments allowed in each reassembly queue.
505By default, the system chooses a limit based on each TCP connection's
506receive buffer size and maximum segment size (MSS).
507The actual limit applied to a session's reassembly queue will be the lower of
508the system-calculated automatic limit and the user-specified
509.Va reass.maxqueuelen
510limit.
511.It Va rexmit_initial , rexmit_min , rexmit_slop
512Adjust the retransmit timer calculation for
513.Tn TCP .
514The slop is
515typically added to the raw calculation to take into account
516occasional variances that the
517.Tn SRTT
518(smoothed round-trip time)
519is unable to accommodate, while the minimum specifies an
520absolute minimum.
521While a number of
522.Tn TCP
523RFCs suggest a 1
524second minimum, these RFCs tend to focus on streaming behavior,
525and fail to deal with the fact that a 1 second minimum has severe
526detrimental effects over lossy interactive connections, such
527as a 802.11b wireless link, and over very fast but lossy
528connections for those cases not covered by the fast retransmit
529code.
530For this reason, we use 200ms of slop and a near-0
531minimum, which gives us an effective minimum of 200ms (similar to
532.Tn Linux ) .
533The initial value is used before an RTT measurement has been performed.
534.It Va initcwnd_segments
535Enable the ability to specify initial congestion window in number of segments.
536The default value is 10 as suggested by RFC 6928.
537Changing the value on fly would not affect connections using congestion window
538from the hostcache.
539Caution:
540This regulates the burst of packets allowed to be sent in the first RTT.
541The value should be relative to the link capacity.
542Start with small values for lower-capacity links.
543Large bursts can cause buffer overruns and packet drops if routers have small
544buffers or the link is experiencing congestion.
545.It Va newcwd
546Enable the New Congestion Window Validation mechanism as described in RFC 7661.
547This gently reduces the congestion window during periods, where TCP is
548application limited and the network bandwidth is not utilized completely.
549That prevents self-inflicted packet losses once the application starts to
550transmit data at a higher speed.
551.It Va rfc6675_pipe
552Calculate the bytes in flight using the algorithm described in RFC 6675, and
553is also a prerequisite to enable Proportional Rate Reduction.
554.It Va rfc3042
555Enable the Limited Transmit algorithm as described in RFC 3042.
556It helps avoid timeouts on lossy links and also when the congestion window
557is small, as happens on short transfers.
558.It Va rfc3390
559Enable support for RFC 3390, which allows for a variable-sized
560starting congestion window on new connections, depending on the
561maximum segment size.
562This helps throughput in general, but
563particularly affects short transfers and high-bandwidth large
564propagation-delay connections.
565.It Va sack.enable
566Enable support for RFC 2018, TCP Selective Acknowledgment option,
567which allows the receiver to inform the sender about all successfully
568arrived segments, allowing the sender to retransmit the missing segments
569only.
570.It Va sack.maxholes
571Maximum number of SACK holes per connection.
572Defaults to 128.
573.It Va sack.globalmaxholes
574Maximum number of SACK holes per system, across all connections.
575Defaults to 65536.
576.It Va maxtcptw
577When a TCP connection enters the
578.Dv TIME_WAIT
579state, its associated socket structure is freed, since it is of
580negligible size and use, and a new structure is allocated to contain a
581minimal amount of information necessary for sustaining a connection in
582this state, called the compressed TCP TIME_WAIT state.
583Since this structure is smaller than a socket structure, it can save
584a significant amount of system memory.
585The
586.Va net.inet.tcp.maxtcptw
587MIB variable controls the maximum number of these structures allocated.
588By default, it is initialized to
589.Va kern.ipc.maxsockets
590/ 5.
591.It Va nolocaltimewait
592Suppress creating of compressed TCP TIME_WAIT states for connections in
593which both endpoints are local.
594.It Va fast_finwait2_recycle
595Recycle
596.Tn TCP
597.Dv FIN_WAIT_2
598connections faster when the socket is marked as
599.Dv SBS_CANTRCVMORE
600(no user process has the socket open, data received on
601the socket cannot be read).
602The timeout used here is
603.Va finwait2_timeout .
604.It Va finwait2_timeout
605Timeout to use for fast recycling of
606.Tn TCP
607.Dv FIN_WAIT_2
608connections.
609Defaults to 60 seconds.
610.It Va ecn.enable
611Enable support for TCP Explicit Congestion Notification (ECN).
612ECN allows a TCP sender to reduce the transmission rate in order to
613avoid packet drops.
614Settings:
615.Bl -tag -compact
616.It 0
617Disable ECN.
618.It 1
619Allow incoming connections to request ECN.
620Outgoing connections will request ECN.
621.It 2
622Allow incoming connections to request ECN.
623Outgoing connections will not request ECN.
624.El
625.It Va ecn.maxretries
626Number of retries (SYN or SYN/ACK retransmits) before disabling ECN on a
627specific connection.
628This is needed to help with connection establishment
629when a broken firewall is in the network path.
630.It Va pmtud_blackhole_detection
631Turn on automatic path MTU blackhole detection.
632In case of retransmits OS will
633lower the MSS to check if it's MTU problem.
634If current MSS is greater than
635configured value to try, it will be set to configured value, otherwise,
636MSS will be set to default values
637.Po Va net.inet.tcp.mssdflt
638and
639.Va net.inet.tcp.v6mssdflt
640.Pc .
641.It Va pmtud_blackhole_mss
642MSS to try for IPv4 if PMTU blackhole detection is turned on.
643.It Va v6pmtud_blackhole_mss
644MSS to try for IPv6 if PMTU blackhole detection is turned on.
645.It Va pmtud_blackhole_activated
646Number of times configured values were used in an attempt to downshift.
647.It Va pmtud_blackhole_activated_min_mss
648Number of times default MSS was used in an attempt to downshift.
649.It Va pmtud_blackhole_failed
650Number of connections for which retransmits continued even after MSS
651downshift.
652.It Va functions_available
653List of available TCP function blocks (TCP stacks).
654.It Va functions_default
655The default TCP function block (TCP stack).
656.It Va functions_inherit_listen_socket_stack
657Determines whether to inherit listen socket's tcp stack or use the current
658system default tcp stack, as defined by
659.Va functions_default .
660Default is true.
661.It Va insecure_rst
662Use criteria defined in RFC793 instead of RFC5961 for accepting RST segments.
663Default is false.
664.It Va insecure_syn
665Use criteria defined in RFC793 instead of RFC5961 for accepting SYN segments.
666Default is false.
667.It Va ts_offset_per_conn
668When initializing the TCP timestamps, use a per connection offset instead of a
669per host pair offset.
670Default is to use per connection offsets as recommended in RFC 7323.
671.It Va perconn_stats_enable
672Controls the default collection of statistics for all connections using the
673.Xr stats 3
674framework.
6750 disables, 1 enables, 2 enables random sampling across log id connection
676groups with all connections in a group receiving the same setting.
677.It Va perconn_stats_sample_rates
678A CSV list of template_spec=percent key-value pairs which controls the per
679template sampling rates when
680.Xr stats 3
681sampling is enabled.
682.El
683.Sh ERRORS
684A socket operation may fail with one of the following errors returned:
685.Bl -tag -width Er
686.It Bq Er EISCONN
687when trying to establish a connection on a socket which
688already has one;
689.It Bo Er ENOBUFS Bc or Bo Er ENOMEM Bc
690when the system runs out of memory for
691an internal data structure;
692.It Bq Er ETIMEDOUT
693when a connection was dropped
694due to excessive retransmissions;
695.It Bq Er ECONNRESET
696when the remote peer
697forces the connection to be closed;
698.It Bq Er ECONNREFUSED
699when the remote
700peer actively refuses connection establishment (usually because
701no process is listening to the port);
702.It Bq Er EADDRINUSE
703when an attempt
704is made to create a socket with a port which has already been
705allocated;
706.It Bq Er EADDRNOTAVAIL
707when an attempt is made to create a
708socket with a network address for which no network interface
709exists;
710.It Bq Er EAFNOSUPPORT
711when an attempt is made to bind or connect a socket to a multicast
712address.
713.It Bq Er EINVAL
714when trying to change TCP function blocks at an invalid point in the session;
715.It Bq Er ENOENT
716when trying to use a TCP function block that is not available;
717.El
718.Sh SEE ALSO
719.Xr getsockopt 2 ,
720.Xr socket 2 ,
721.Xr stats 3 ,
722.Xr sysctl 3 ,
723.Xr blackhole 4 ,
724.Xr inet 4 ,
725.Xr intro 4 ,
726.Xr ip 4 ,
727.Xr mod_cc 4 ,
728.Xr siftr 4 ,
729.Xr syncache 4 ,
730.Xr setkey 8 ,
731.Xr tcp_functions 9
732.Rs
733.%A "V. Jacobson"
734.%A "R. Braden"
735.%A "D. Borman"
736.%T "TCP Extensions for High Performance"
737.%O "RFC 1323"
738.Re
739.Rs
740.%A "A. Heffernan"
741.%T "Protection of BGP Sessions via the TCP MD5 Signature Option"
742.%O "RFC 2385"
743.Re
744.Rs
745.%A "K. Ramakrishnan"
746.%A "S. Floyd"
747.%A "D. Black"
748.%T "The Addition of Explicit Congestion Notification (ECN) to IP"
749.%O "RFC 3168"
750.Re
751.Sh HISTORY
752The
753.Tn TCP
754protocol appeared in
755.Bx 4.2 .
756The RFC 1323 extensions for window scaling and timestamps were added
757in
758.Bx 4.4 .
759The
760.Dv TCP_INFO
761option was introduced in
762.Tn Linux 2.6
763and is
764.Em subject to change .
765