xref: /freebsd/share/man/man4/tcp.4 (revision 32100375a661c1e16588ddfa7b90ca8d26cb9786)
1.\" Copyright (c) 1983, 1991, 1993
2.\"	The Regents of the University of California.
3.\" Copyright (c) 2010-2011 The FreeBSD Foundation
4.\" All rights reserved.
5.\"
6.\" Portions of this documentation were written at the Centre for Advanced
7.\" Internet Architectures, Swinburne University of Technology, Melbourne,
8.\" Australia by David Hayes under sponsorship from the FreeBSD Foundation.
9.\"
10.\" Redistribution and use in source and binary forms, with or without
11.\" modification, are permitted provided that the following conditions
12.\" are met:
13.\" 1. Redistributions of source code must retain the above copyright
14.\"    notice, this list of conditions and the following disclaimer.
15.\" 2. Redistributions in binary form must reproduce the above copyright
16.\"    notice, this list of conditions and the following disclaimer in the
17.\"    documentation and/or other materials provided with the distribution.
18.\" 3. Neither the name of the University nor the names of its contributors
19.\"    may be used to endorse or promote products derived from this software
20.\"    without specific prior written permission.
21.\"
22.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32.\" SUCH DAMAGE.
33.\"
34.\"     From: @(#)tcp.4	8.1 (Berkeley) 6/5/93
35.\" $FreeBSD$
36.\"
37.Dd April 27, 2020
38.Dt TCP 4
39.Os
40.Sh NAME
41.Nm tcp
42.Nd Internet Transmission Control Protocol
43.Sh SYNOPSIS
44.In sys/types.h
45.In sys/socket.h
46.In netinet/in.h
47.In netinet/tcp.h
48.Ft int
49.Fn socket AF_INET SOCK_STREAM 0
50.Sh DESCRIPTION
51The
52.Tn TCP
53protocol provides reliable, flow-controlled, two-way
54transmission of data.
55It is a byte-stream protocol used to
56support the
57.Dv SOCK_STREAM
58abstraction.
59.Tn TCP
60uses the standard
61Internet address format and, in addition, provides a per-host
62collection of
63.Dq "port addresses" .
64Thus, each address is composed
65of an Internet address specifying the host and network,
66with a specific
67.Tn TCP
68port on the host identifying the peer entity.
69.Pp
70Sockets utilizing the
71.Tn TCP
72protocol are either
73.Dq active
74or
75.Dq passive .
76Active sockets initiate connections to passive
77sockets.
78By default,
79.Tn TCP
80sockets are created active; to create a
81passive socket, the
82.Xr listen 2
83system call must be used
84after binding the socket with the
85.Xr bind 2
86system call.
87Only passive sockets may use the
88.Xr accept 2
89call to accept incoming connections.
90Only active sockets may use the
91.Xr connect 2
92call to initiate connections.
93.Pp
94Passive sockets may
95.Dq underspecify
96their location to match
97incoming connection requests from multiple networks.
98This technique, termed
99.Dq "wildcard addressing" ,
100allows a single
101server to provide service to clients on multiple networks.
102To create a socket which listens on all networks, the Internet
103address
104.Dv INADDR_ANY
105must be bound.
106The
107.Tn TCP
108port may still be specified
109at this time; if the port is not specified, the system will assign one.
110Once a connection has been established, the socket's address is
111fixed by the peer entity's location.
112The address assigned to the
113socket is the address associated with the network interface
114through which packets are being transmitted and received.
115Normally, this address corresponds to the peer entity's network.
116.Pp
117.Tn TCP
118supports a number of socket options which can be set with
119.Xr setsockopt 2
120and tested with
121.Xr getsockopt 2 :
122.Bl -tag -width ".Dv TCP_FUNCTION_BLK"
123.It Dv TCP_INFO
124Information about a socket's underlying TCP session may be retrieved
125by passing the read-only option
126.Dv TCP_INFO
127to
128.Xr getsockopt 2 .
129It accepts a single argument: a pointer to an instance of
130.Vt "struct tcp_info" .
131.Pp
132This API is subject to change; consult the source to determine
133which fields are currently filled out by this option.
134.Fx
135specific additions include
136send window size,
137receive window size,
138and
139bandwidth-controlled window space.
140.It Dv TCP_CCALGOOPT
141Set or query congestion control algorithm specific parameters.
142See
143.Xr mod_cc 4
144for details.
145.It Dv TCP_CONGESTION
146Select or query the congestion control algorithm that TCP will use for the
147connection.
148See
149.Xr mod_cc 4
150for details.
151.It Dv TCP_FUNCTION_BLK
152Select or query the set of functions that TCP will use for this connection.
153This allows a user to select an alternate TCP stack.
154The alternate TCP stack must already be loaded in the kernel.
155To list the available TCP stacks, see
156.Va functions_available
157in the
158.Sx MIB Variables
159section further down.
160To list the default TCP stack, see
161.Va functions_default
162in the
163.Sx MIB Variables
164section.
165.It Dv TCP_KEEPINIT
166This
167.Xr setsockopt 2
168option accepts a per-socket timeout argument of
169.Vt "u_int"
170in seconds, for new, non-established
171.Tn TCP
172connections.
173For the global default in milliseconds see
174.Va keepinit
175in the
176.Sx MIB Variables
177section further down.
178.It Dv TCP_KEEPIDLE
179This
180.Xr setsockopt 2
181option accepts an argument of
182.Vt "u_int"
183for the amount of time, in seconds, that the connection must be idle
184before keepalive probes (if enabled) are sent for the connection of this
185socket.
186If set on a listening socket, the value is inherited by the newly created
187socket upon
188.Xr accept 2 .
189For the global default in milliseconds see
190.Va keepidle
191in the
192.Sx MIB Variables
193section further down.
194.It Dv TCP_KEEPINTVL
195This
196.Xr setsockopt 2
197option accepts an argument of
198.Vt "u_int"
199to set the per-socket interval, in seconds, between keepalive probes sent
200to a peer.
201If set on a listening socket, the value is inherited by the newly created
202socket upon
203.Xr accept 2 .
204For the global default in milliseconds see
205.Va keepintvl
206in the
207.Sx MIB Variables
208section further down.
209.It Dv TCP_KEEPCNT
210This
211.Xr setsockopt 2
212option accepts an argument of
213.Vt "u_int"
214and allows a per-socket tuning of the number of probes sent, with no response,
215before the connection will be dropped.
216If set on a listening socket, the value is inherited by the newly created
217socket upon
218.Xr accept 2 .
219For the global default see the
220.Va keepcnt
221in the
222.Sx MIB Variables
223section further down.
224.It Dv TCP_NODELAY
225Under most circumstances,
226.Tn TCP
227sends data when it is presented;
228when outstanding data has not yet been acknowledged, it gathers
229small amounts of output to be sent in a single packet once
230an acknowledgement is received.
231For a small number of clients, such as window systems
232that send a stream of mouse events which receive no replies,
233this packetization may cause significant delays.
234The boolean option
235.Dv TCP_NODELAY
236defeats this algorithm.
237.It Dv TCP_MAXSEG
238By default, a sender- and
239.No receiver- Ns Tn TCP
240will negotiate among themselves to determine the maximum segment size
241to be used for each connection.
242The
243.Dv TCP_MAXSEG
244option allows the user to determine the result of this negotiation,
245and to reduce it if desired.
246.It Dv TCP_NOOPT
247.Tn TCP
248usually sends a number of options in each packet, corresponding to
249various
250.Tn TCP
251extensions which are provided in this implementation.
252The boolean option
253.Dv TCP_NOOPT
254is provided to disable
255.Tn TCP
256option use on a per-connection basis.
257.It Dv TCP_NOPUSH
258By convention, the
259.No sender- Ns Tn TCP
260will set the
261.Dq push
262bit, and begin transmission immediately (if permitted) at the end of
263every user call to
264.Xr write 2
265or
266.Xr writev 2 .
267When this option is set to a non-zero value,
268.Tn TCP
269will delay sending any data at all until either the socket is closed,
270or the internal send buffer is filled.
271.It Dv TCP_MD5SIG
272This option enables the use of MD5 digests (also known as TCP-MD5)
273on writes to the specified socket.
274Outgoing traffic is digested;
275digests on incoming traffic are verified.
276When this option is enabled on a socket, all inbound and outgoing
277TCP segments must be signed with MD5 digests.
278.Pp
279One common use for this in a
280.Fx
281router deployment is to enable
282based routers to interwork with Cisco equipment at peering points.
283Support for this feature conforms to RFC 2385.
284.Pp
285In order for this option to function correctly, it is necessary for the
286administrator to add a tcp-md5 key entry to the system's security
287associations database (SADB) using the
288.Xr setkey 8
289utility.
290This entry can only be specified on a per-host basis at this time.
291.Pp
292If an SADB entry cannot be found for the destination,
293the system does not send any outgoing segments and drops any inbound segments.
294.It Dv TCP_STATS
295Manage collection of connection level statistics using the
296.Xr stats 3
297framework.
298.Pp
299Each dropped segment is taken into account in the TCP protocol statistics.
300.It Dv TCP_TXTLS_ENABLE
301Enable in-kernel Transport Layer Security (TLS) for data written to this
302socket.
303The
304.Vt struct tls_so_enable
305argument defines the encryption and authentication algorithms and keys
306used to encrypt the socket data as well as the maximum TLS record
307payload size.
308.Pp
309All data written to this socket will be encapsulated in TLS records
310and subsequently encrypted.
311By default all data written to this socket is treated as application data.
312Individual TLS records with a type other than application data
313(for example, handshake messages),
314may be transmitted by invoking
315.Xr sendmsg 2
316with a custom TLS record type set in a
317.Dv TLS_SET_RECORD_TYPE
318control message.
319The payload of this control message is a single byte holding the desired
320TLS record type.
321.Pp
322At present, only a single transmit key may be set on a socket.
323As such, users of this option must disable rekeying.
324.It Dv TCP_TXTLS_MODE
325The integer argument can be used to get or set the current TLS transmit mode
326of a socket.
327Setting the mode can only used to toggle between software and NIC TLS after
328TLS has been initially enabled via the
329.Dv TCP_TXTLS_ENABLE
330option.
331The available modes are:
332.Bl -tag -width "Dv TCP_TLS_MODE_IFNET"
333.It Dv TCP_TLS_MODE_NONE
334In-kernel TLS framing and encryption is not enabled for this socket.
335.It Dv TCP_TLS_MODE_SW
336TLS records are encrypted by the kernel prior to placing the data in the
337socket buffer.
338Typically this encryption is performed in software.
339.It Dv TCP_TLS_MODE_IFNET
340TLS records are encrypted by the network interface card (NIC).
341.It Dv TCP_TLS_MODE_TOE
342TLS records are encrypted by the NIC using a TCP offload engine (TOE).
343.El
344.It Dv TCP_RXTLS_ENABLE
345Enable in-kernel TLS for data read from this socket.
346The
347.Vt struct tls_so_enable
348argument defines the encryption and authentication algorithms and keys
349used to decrypt the socket data.
350.Pp
351Each received TLS record must be read from the socket using
352.Xr recvmsg 2 .
353Each received TLS record will contain a
354.Dv TLS_GET_RECORD
355control message along with the decrypted payload.
356The control message contains a
357.Vt struct tls_get_record
358which includes fields from the TLS record header.
359If a corrupted TLS record is received,
360recvmsg 2
361will fail with
362.Dv EBADMSG .
363.Pp
364At present, only a single receive key may be set on a socket.
365As such, users of this option must disable rekeying.
366.It Dv TCP_RXTLS_MODE
367The integer argument can be used to get the current TLS receive mode
368of a socket.
369The available modes are the same as for
370.Dv TCP_TXTLS_MODE .
371.El
372.Pp
373The option level for the
374.Xr setsockopt 2
375call is the protocol number for
376.Tn TCP ,
377available from
378.Xr getprotobyname 3 ,
379or
380.Dv IPPROTO_TCP .
381All options are declared in
382.In netinet/tcp.h .
383.Pp
384Options at the
385.Tn IP
386transport level may be used with
387.Tn TCP ;
388see
389.Xr ip 4 .
390Incoming connection requests that are source-routed are noted,
391and the reverse source route is used in responding.
392.Pp
393The default congestion control algorithm for
394.Tn TCP
395is
396.Xr cc_newreno 4 .
397Other congestion control algorithms can be made available using the
398.Xr mod_cc 4
399framework.
400.Ss MIB Variables
401The
402.Tn TCP
403protocol implements a number of variables in the
404.Va net.inet.tcp
405branch of the
406.Xr sysctl 3
407MIB.
408.Bl -tag -width ".Va TCPCTL_DO_RFC1323"
409.It Dv TCPCTL_DO_RFC1323
410.Pq Va rfc1323
411Implement the window scaling and timestamp options of RFC 1323
412(default is true).
413.It Dv TCPCTL_MSSDFLT
414.Pq Va mssdflt
415The default value used for the maximum segment size
416.Pq Dq MSS
417when no advice to the contrary is received from MSS negotiation.
418.It Dv TCPCTL_SENDSPACE
419.Pq Va sendspace
420Maximum
421.Tn TCP
422send window.
423.It Dv TCPCTL_RECVSPACE
424.Pq Va recvspace
425Maximum
426.Tn TCP
427receive window.
428.It Va log_in_vain
429Log any connection attempts to ports where there is not a socket
430accepting connections.
431The value of 1 limits the logging to
432.Tn SYN
433(connection establishment) packets only.
434That of 2 results in any
435.Tn TCP
436packets to closed ports being logged.
437Any value unlisted above disables the logging
438(default is 0, i.e., the logging is disabled).
439.It Va msl
440The Maximum Segment Lifetime, in milliseconds, for a packet.
441.It Va keepinit
442Timeout, in milliseconds, for new, non-established
443.Tn TCP
444connections.
445The default is 75000 msec.
446.It Va keepidle
447Amount of time, in milliseconds, that the connection must be idle
448before keepalive probes (if enabled) are sent.
449The default is 7200000 msec (2 hours).
450.It Va keepintvl
451The interval, in milliseconds, between keepalive probes sent to remote
452machines, when no response is received on a
453.Va keepidle
454probe.
455The default is 75000 msec.
456.It Va keepcnt
457Number of probes sent, with no response, before a connection
458is dropped.
459The default is 8 packets.
460.It Va always_keepalive
461Assume that
462.Dv SO_KEEPALIVE
463is set on all
464.Tn TCP
465connections, the kernel will
466periodically send a packet to the remote host to verify the connection
467is still up.
468.It Va icmp_may_rst
469Certain
470.Tn ICMP
471unreachable messages may abort connections in
472.Tn SYN-SENT
473state.
474.It Va do_tcpdrain
475Flush packets in the
476.Tn TCP
477reassembly queue if the system is low on mbufs.
478.It Va blackhole
479If enabled, disable sending of RST when a connection is attempted
480to a port where there is not a socket accepting connections.
481See
482.Xr blackhole 4 .
483.It Va delayed_ack
484Delay ACK to try and piggyback it onto a data packet.
485.It Va delacktime
486Maximum amount of time, in milliseconds, before a delayed ACK is sent.
487.It Va path_mtu_discovery
488Enable Path MTU Discovery.
489.It Va tcbhashsize
490Size of the
491.Tn TCP
492control-block hash table
493(read-only).
494This may be tuned using the kernel option
495.Dv TCBHASHSIZE
496or by setting
497.Va net.inet.tcp.tcbhashsize
498in the
499.Xr loader 8 .
500.It Va pcbcount
501Number of active process control blocks
502(read-only).
503.It Va syncookies
504Determines whether or not
505.Tn SYN
506cookies should be generated for outbound
507.Tn SYN-ACK
508packets.
509.Tn SYN
510cookies are a great help during
511.Tn SYN
512flood attacks, and are enabled by default.
513(See
514.Xr syncookies 4 . )
515.It Va isn_reseed_interval
516The interval (in seconds) specifying how often the secret data used in
517RFC 1948 initial sequence number calculations should be reseeded.
518By default, this variable is set to zero, indicating that
519no reseeding will occur.
520Reseeding should not be necessary, and will break
521.Dv TIME_WAIT
522recycling for a few minutes.
523.It Va reass.cursegments
524The current total number of segments present in all reassembly queues.
525.It Va reass.maxsegments
526The maximum limit on the total number of segments across all reassembly
527queues.
528The limit can be adjusted as a tunable.
529.It Va reass.maxqueuelen
530The maximum number of segments allowed in each reassembly queue.
531By default, the system chooses a limit based on each TCP connection's
532receive buffer size and maximum segment size (MSS).
533The actual limit applied to a session's reassembly queue will be the lower of
534the system-calculated automatic limit and the user-specified
535.Va reass.maxqueuelen
536limit.
537.It Va rexmit_initial , rexmit_min , rexmit_slop
538Adjust the retransmit timer calculation for
539.Tn TCP .
540The slop is
541typically added to the raw calculation to take into account
542occasional variances that the
543.Tn SRTT
544(smoothed round-trip time)
545is unable to accommodate, while the minimum specifies an
546absolute minimum.
547While a number of
548.Tn TCP
549RFCs suggest a 1
550second minimum, these RFCs tend to focus on streaming behavior,
551and fail to deal with the fact that a 1 second minimum has severe
552detrimental effects over lossy interactive connections, such
553as a 802.11b wireless link, and over very fast but lossy
554connections for those cases not covered by the fast retransmit
555code.
556For this reason, we use 200ms of slop and a near-0
557minimum, which gives us an effective minimum of 200ms (similar to
558.Tn Linux ) .
559The initial value is used before an RTT measurement has been performed.
560.It Va initcwnd_segments
561Enable the ability to specify initial congestion window in number of segments.
562The default value is 10 as suggested by RFC 6928.
563Changing the value on fly would not affect connections using congestion window
564from the hostcache.
565Caution:
566This regulates the burst of packets allowed to be sent in the first RTT.
567The value should be relative to the link capacity.
568Start with small values for lower-capacity links.
569Large bursts can cause buffer overruns and packet drops if routers have small
570buffers or the link is experiencing congestion.
571.It Va newcwd
572Enable the New Congestion Window Validation mechanism as described in RFC 7661.
573This gently reduces the congestion window during periods, where TCP is
574application limited and the network bandwidth is not utilized completely.
575That prevents self-inflicted packet losses once the application starts to
576transmit data at a higher speed.
577.It Va rfc6675_pipe
578Calculate the bytes in flight using the algorithm described in RFC 6675, and
579is also a prerequisite to enable Proportional Rate Reduction.
580.It Va rfc3042
581Enable the Limited Transmit algorithm as described in RFC 3042.
582It helps avoid timeouts on lossy links and also when the congestion window
583is small, as happens on short transfers.
584.It Va rfc3390
585Enable support for RFC 3390, which allows for a variable-sized
586starting congestion window on new connections, depending on the
587maximum segment size.
588This helps throughput in general, but
589particularly affects short transfers and high-bandwidth large
590propagation-delay connections.
591.It Va sack.enable
592Enable support for RFC 2018, TCP Selective Acknowledgment option,
593which allows the receiver to inform the sender about all successfully
594arrived segments, allowing the sender to retransmit the missing segments
595only.
596.It Va sack.maxholes
597Maximum number of SACK holes per connection.
598Defaults to 128.
599.It Va sack.globalmaxholes
600Maximum number of SACK holes per system, across all connections.
601Defaults to 65536.
602.It Va maxtcptw
603When a TCP connection enters the
604.Dv TIME_WAIT
605state, its associated socket structure is freed, since it is of
606negligible size and use, and a new structure is allocated to contain a
607minimal amount of information necessary for sustaining a connection in
608this state, called the compressed TCP TIME_WAIT state.
609Since this structure is smaller than a socket structure, it can save
610a significant amount of system memory.
611The
612.Va net.inet.tcp.maxtcptw
613MIB variable controls the maximum number of these structures allocated.
614By default, it is initialized to
615.Va kern.ipc.maxsockets
616/ 5.
617.It Va nolocaltimewait
618Suppress creating of compressed TCP TIME_WAIT states for connections in
619which both endpoints are local.
620.It Va fast_finwait2_recycle
621Recycle
622.Tn TCP
623.Dv FIN_WAIT_2
624connections faster when the socket is marked as
625.Dv SBS_CANTRCVMORE
626(no user process has the socket open, data received on
627the socket cannot be read).
628The timeout used here is
629.Va finwait2_timeout .
630.It Va finwait2_timeout
631Timeout to use for fast recycling of
632.Tn TCP
633.Dv FIN_WAIT_2
634connections.
635Defaults to 60 seconds.
636.It Va ecn.enable
637Enable support for TCP Explicit Congestion Notification (ECN).
638ECN allows a TCP sender to reduce the transmission rate in order to
639avoid packet drops.
640Settings:
641.Bl -tag -compact
642.It 0
643Disable ECN.
644.It 1
645Allow incoming connections to request ECN.
646Outgoing connections will request ECN.
647.It 2
648Allow incoming connections to request ECN.
649Outgoing connections will not request ECN.
650.El
651.It Va ecn.maxretries
652Number of retries (SYN or SYN/ACK retransmits) before disabling ECN on a
653specific connection.
654This is needed to help with connection establishment
655when a broken firewall is in the network path.
656.It Va pmtud_blackhole_detection
657Enable automatic path MTU blackhole detection.
658In case of retransmits of MSS sized segments,
659the OS will lower the MSS to check if it's an MTU problem.
660If the current MSS is greater than the configured value to try
661.Po Va net.inet.tcp.pmtud_blackhole_mss
662and
663.Va net.inet.tcp.v6pmtud_blackhole_mss
664.Pc ,
665it will be set to this value, otherwise,
666the MSS will be set to the default values
667.Po Va net.inet.tcp.mssdflt
668and
669.Va net.inet.tcp.v6mssdflt
670.Pc .
671Settings:
672.Bl -tag -compact
673.It 0
674Disable path MTU blackhole detection.
675.It 1
676Enable path MTU blackhole detection for IPv4 and IPv6.
677.It 2
678Enable path MTU blackhole detection only for IPv4.
679.It 3
680Enable path MTU blackhole detection only for IPv6.
681.El
682.It Va pmtud_blackhole_mss
683MSS to try for IPv4 if PMTU blackhole detection is turned on.
684.It Va v6pmtud_blackhole_mss
685MSS to try for IPv6 if PMTU blackhole detection is turned on.
686.It Va functions_available
687List of available TCP function blocks (TCP stacks).
688.It Va functions_default
689The default TCP function block (TCP stack).
690.It Va functions_inherit_listen_socket_stack
691Determines whether to inherit listen socket's tcp stack or use the current
692system default tcp stack, as defined by
693.Va functions_default .
694Default is true.
695.It Va insecure_rst
696Use criteria defined in RFC793 instead of RFC5961 for accepting RST segments.
697Default is false.
698.It Va insecure_syn
699Use criteria defined in RFC793 instead of RFC5961 for accepting SYN segments.
700Default is false.
701.It Va ts_offset_per_conn
702When initializing the TCP timestamps, use a per connection offset instead of a
703per host pair offset.
704Default is to use per connection offsets as recommended in RFC 7323.
705.It Va perconn_stats_enable
706Controls the default collection of statistics for all connections using the
707.Xr stats 3
708framework.
7090 disables, 1 enables, 2 enables random sampling across log id connection
710groups with all connections in a group receiving the same setting.
711.It Va perconn_stats_sample_rates
712A CSV list of template_spec=percent key-value pairs which controls the per
713template sampling rates when
714.Xr stats 3
715sampling is enabled.
716.El
717.Sh ERRORS
718A socket operation may fail with one of the following errors returned:
719.Bl -tag -width Er
720.It Bq Er EISCONN
721when trying to establish a connection on a socket which
722already has one;
723.It Bo Er ENOBUFS Bc or Bo Er ENOMEM Bc
724when the system runs out of memory for
725an internal data structure;
726.It Bq Er ETIMEDOUT
727when a connection was dropped
728due to excessive retransmissions;
729.It Bq Er ECONNRESET
730when the remote peer
731forces the connection to be closed;
732.It Bq Er ECONNREFUSED
733when the remote
734peer actively refuses connection establishment (usually because
735no process is listening to the port);
736.It Bq Er EADDRINUSE
737when an attempt
738is made to create a socket with a port which has already been
739allocated;
740.It Bq Er EADDRNOTAVAIL
741when an attempt is made to create a
742socket with a network address for which no network interface
743exists;
744.It Bq Er EAFNOSUPPORT
745when an attempt is made to bind or connect a socket to a multicast
746address.
747.It Bq Er EINVAL
748when trying to change TCP function blocks at an invalid point in the session;
749.It Bq Er ENOENT
750when trying to use a TCP function block that is not available;
751.El
752.Sh SEE ALSO
753.Xr getsockopt 2 ,
754.Xr socket 2 ,
755.Xr stats 3 ,
756.Xr sysctl 3 ,
757.Xr blackhole 4 ,
758.Xr inet 4 ,
759.Xr intro 4 ,
760.Xr ip 4 ,
761.Xr mod_cc 4 ,
762.Xr siftr 4 ,
763.Xr syncache 4 ,
764.Xr setkey 8 ,
765.Xr tcp_functions 9
766.Rs
767.%A "V. Jacobson"
768.%A "R. Braden"
769.%A "D. Borman"
770.%T "TCP Extensions for High Performance"
771.%O "RFC 1323"
772.Re
773.Rs
774.%A "A. Heffernan"
775.%T "Protection of BGP Sessions via the TCP MD5 Signature Option"
776.%O "RFC 2385"
777.Re
778.Rs
779.%A "K. Ramakrishnan"
780.%A "S. Floyd"
781.%A "D. Black"
782.%T "The Addition of Explicit Congestion Notification (ECN) to IP"
783.%O "RFC 3168"
784.Re
785.Sh HISTORY
786The
787.Tn TCP
788protocol appeared in
789.Bx 4.2 .
790The RFC 1323 extensions for window scaling and timestamps were added
791in
792.Bx 4.4 .
793The
794.Dv TCP_INFO
795option was introduced in
796.Tn Linux 2.6
797and is
798.Em subject to change .
799