xref: /freebsd/share/man/man4/tcp.4 (revision f6393bcd780b79e87f79b02b5b1a03aef2f070b8)
1.\" Copyright (c) 1983, 1991, 1993
2.\"	The Regents of the University of California.
3.\" Copyright (c) 2010-2011 The FreeBSD Foundation
4.\" All rights reserved.
5.\"
6.\" Portions of this documentation were written at the Centre for Advanced
7.\" Internet Architectures, Swinburne University of Technology, Melbourne,
8.\" Australia by David Hayes under sponsorship from the FreeBSD Foundation.
9.\"
10.\" Redistribution and use in source and binary forms, with or without
11.\" modification, are permitted provided that the following conditions
12.\" are met:
13.\" 1. Redistributions of source code must retain the above copyright
14.\"    notice, this list of conditions and the following disclaimer.
15.\" 2. Redistributions in binary form must reproduce the above copyright
16.\"    notice, this list of conditions and the following disclaimer in the
17.\"    documentation and/or other materials provided with the distribution.
18.\" 3. Neither the name of the University nor the names of its contributors
19.\"    may be used to endorse or promote products derived from this software
20.\"    without specific prior written permission.
21.\"
22.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32.\" SUCH DAMAGE.
33.\"
34.\"     From: @(#)tcp.4	8.1 (Berkeley) 6/5/93
35.\" $FreeBSD$
36.\"
37.Dd July 23, 2020
38.Dt TCP 4
39.Os
40.Sh NAME
41.Nm tcp
42.Nd Internet Transmission Control Protocol
43.Sh SYNOPSIS
44.In sys/types.h
45.In sys/socket.h
46.In netinet/in.h
47.In netinet/tcp.h
48.Ft int
49.Fn socket AF_INET SOCK_STREAM 0
50.Sh DESCRIPTION
51The
52.Tn TCP
53protocol provides reliable, flow-controlled, two-way
54transmission of data.
55It is a byte-stream protocol used to
56support the
57.Dv SOCK_STREAM
58abstraction.
59.Tn TCP
60uses the standard
61Internet address format and, in addition, provides a per-host
62collection of
63.Dq "port addresses" .
64Thus, each address is composed
65of an Internet address specifying the host and network,
66with a specific
67.Tn TCP
68port on the host identifying the peer entity.
69.Pp
70Sockets utilizing the
71.Tn TCP
72protocol are either
73.Dq active
74or
75.Dq passive .
76Active sockets initiate connections to passive
77sockets.
78By default,
79.Tn TCP
80sockets are created active; to create a
81passive socket, the
82.Xr listen 2
83system call must be used
84after binding the socket with the
85.Xr bind 2
86system call.
87Only passive sockets may use the
88.Xr accept 2
89call to accept incoming connections.
90Only active sockets may use the
91.Xr connect 2
92call to initiate connections.
93.Pp
94Passive sockets may
95.Dq underspecify
96their location to match
97incoming connection requests from multiple networks.
98This technique, termed
99.Dq "wildcard addressing" ,
100allows a single
101server to provide service to clients on multiple networks.
102To create a socket which listens on all networks, the Internet
103address
104.Dv INADDR_ANY
105must be bound.
106The
107.Tn TCP
108port may still be specified
109at this time; if the port is not specified, the system will assign one.
110Once a connection has been established, the socket's address is
111fixed by the peer entity's location.
112The address assigned to the
113socket is the address associated with the network interface
114through which packets are being transmitted and received.
115Normally, this address corresponds to the peer entity's network.
116.Pp
117.Tn TCP
118supports a number of socket options which can be set with
119.Xr setsockopt 2
120and tested with
121.Xr getsockopt 2 :
122.Bl -tag -width ".Dv TCP_FUNCTION_BLK"
123.It Dv TCP_INFO
124Information about a socket's underlying TCP session may be retrieved
125by passing the read-only option
126.Dv TCP_INFO
127to
128.Xr getsockopt 2 .
129It accepts a single argument: a pointer to an instance of
130.Vt "struct tcp_info" .
131.Pp
132This API is subject to change; consult the source to determine
133which fields are currently filled out by this option.
134.Fx
135specific additions include
136send window size,
137receive window size,
138and
139bandwidth-controlled window space.
140.It Dv TCP_CCALGOOPT
141Set or query congestion control algorithm specific parameters.
142See
143.Xr mod_cc 4
144for details.
145.It Dv TCP_CONGESTION
146Select or query the congestion control algorithm that TCP will use for the
147connection.
148See
149.Xr mod_cc 4
150for details.
151.It Dv TCP_FUNCTION_BLK
152Select or query the set of functions that TCP will use for this connection.
153This allows a user to select an alternate TCP stack.
154The alternate TCP stack must already be loaded in the kernel.
155To list the available TCP stacks, see
156.Va functions_available
157in the
158.Sx MIB Variables
159section further down.
160To list the default TCP stack, see
161.Va functions_default
162in the
163.Sx MIB Variables
164section.
165.It Dv TCP_KEEPINIT
166This
167.Xr setsockopt 2
168option accepts a per-socket timeout argument of
169.Vt "u_int"
170in seconds, for new, non-established
171.Tn TCP
172connections.
173For the global default in milliseconds see
174.Va keepinit
175in the
176.Sx MIB Variables
177section further down.
178.It Dv TCP_KEEPIDLE
179This
180.Xr setsockopt 2
181option accepts an argument of
182.Vt "u_int"
183for the amount of time, in seconds, that the connection must be idle
184before keepalive probes (if enabled) are sent for the connection of this
185socket.
186If set on a listening socket, the value is inherited by the newly created
187socket upon
188.Xr accept 2 .
189For the global default in milliseconds see
190.Va keepidle
191in the
192.Sx MIB Variables
193section further down.
194.It Dv TCP_KEEPINTVL
195This
196.Xr setsockopt 2
197option accepts an argument of
198.Vt "u_int"
199to set the per-socket interval, in seconds, between keepalive probes sent
200to a peer.
201If set on a listening socket, the value is inherited by the newly created
202socket upon
203.Xr accept 2 .
204For the global default in milliseconds see
205.Va keepintvl
206in the
207.Sx MIB Variables
208section further down.
209.It Dv TCP_KEEPCNT
210This
211.Xr setsockopt 2
212option accepts an argument of
213.Vt "u_int"
214and allows a per-socket tuning of the number of probes sent, with no response,
215before the connection will be dropped.
216If set on a listening socket, the value is inherited by the newly created
217socket upon
218.Xr accept 2 .
219For the global default see the
220.Va keepcnt
221in the
222.Sx MIB Variables
223section further down.
224.It Dv TCP_NODELAY
225Under most circumstances,
226.Tn TCP
227sends data when it is presented;
228when outstanding data has not yet been acknowledged, it gathers
229small amounts of output to be sent in a single packet once
230an acknowledgement is received.
231For a small number of clients, such as window systems
232that send a stream of mouse events which receive no replies,
233this packetization may cause significant delays.
234The boolean option
235.Dv TCP_NODELAY
236defeats this algorithm.
237.It Dv TCP_MAXSEG
238By default, a sender- and
239.No receiver- Ns Tn TCP
240will negotiate among themselves to determine the maximum segment size
241to be used for each connection.
242The
243.Dv TCP_MAXSEG
244option allows the user to determine the result of this negotiation,
245and to reduce it if desired.
246.It Dv TCP_NOOPT
247.Tn TCP
248usually sends a number of options in each packet, corresponding to
249various
250.Tn TCP
251extensions which are provided in this implementation.
252The boolean option
253.Dv TCP_NOOPT
254is provided to disable
255.Tn TCP
256option use on a per-connection basis.
257.It Dv TCP_NOPUSH
258By convention, the
259.No sender- Ns Tn TCP
260will set the
261.Dq push
262bit, and begin transmission immediately (if permitted) at the end of
263every user call to
264.Xr write 2
265or
266.Xr writev 2 .
267When this option is set to a non-zero value,
268.Tn TCP
269will delay sending any data at all until either the socket is closed,
270or the internal send buffer is filled.
271.It Dv TCP_MD5SIG
272This option enables the use of MD5 digests (also known as TCP-MD5)
273on writes to the specified socket.
274Outgoing traffic is digested;
275digests on incoming traffic are verified.
276When this option is enabled on a socket, all inbound and outgoing
277TCP segments must be signed with MD5 digests.
278.Pp
279One common use for this in a
280.Fx
281router deployment is to enable
282based routers to interwork with Cisco equipment at peering points.
283Support for this feature conforms to RFC 2385.
284.Pp
285In order for this option to function correctly, it is necessary for the
286administrator to add a tcp-md5 key entry to the system's security
287associations database (SADB) using the
288.Xr setkey 8
289utility.
290This entry can only be specified on a per-host basis at this time.
291.Pp
292If an SADB entry cannot be found for the destination,
293the system does not send any outgoing segments and drops any inbound segments.
294.It Dv TCP_STATS
295Manage collection of connection level statistics using the
296.Xr stats 3
297framework.
298.Pp
299Each dropped segment is taken into account in the TCP protocol statistics.
300.It Dv TCP_TXTLS_ENABLE
301Enable in-kernel Transport Layer Security (TLS) for data written to this
302socket.
303The
304.Vt struct tls_so_enable
305argument defines the encryption and authentication algorithms and keys
306used to encrypt the socket data as well as the maximum TLS record
307payload size.
308.Pp
309All data written to this socket will be encapsulated in TLS records
310and subsequently encrypted.
311By default all data written to this socket is treated as application data.
312Individual TLS records with a type other than application data
313(for example, handshake messages),
314may be transmitted by invoking
315.Xr sendmsg 2
316with a custom TLS record type set in a
317.Dv TLS_SET_RECORD_TYPE
318control message.
319The payload of this control message is a single byte holding the desired
320TLS record type.
321.Pp
322At present, only a single transmit key may be set on a socket.
323As such, users of this option must disable rekeying.
324.It Dv TCP_TXTLS_MODE
325The integer argument can be used to get or set the current TLS transmit mode
326of a socket.
327Setting the mode can only used to toggle between software and NIC TLS after
328TLS has been initially enabled via the
329.Dv TCP_TXTLS_ENABLE
330option.
331The available modes are:
332.Bl -tag -width "Dv TCP_TLS_MODE_IFNET"
333.It Dv TCP_TLS_MODE_NONE
334In-kernel TLS framing and encryption is not enabled for this socket.
335.It Dv TCP_TLS_MODE_SW
336TLS records are encrypted by the kernel prior to placing the data in the
337socket buffer.
338Typically this encryption is performed in software.
339.It Dv TCP_TLS_MODE_IFNET
340TLS records are encrypted by the network interface card (NIC).
341.It Dv TCP_TLS_MODE_TOE
342TLS records are encrypted by the NIC using a TCP offload engine (TOE).
343.El
344.It Dv TCP_RXTLS_ENABLE
345Enable in-kernel TLS for data read from this socket.
346The
347.Vt struct tls_so_enable
348argument defines the encryption and authentication algorithms and keys
349used to decrypt the socket data.
350.Pp
351Each received TLS record must be read from the socket using
352.Xr recvmsg 2 .
353Each received TLS record will contain a
354.Dv TLS_GET_RECORD
355control message along with the decrypted payload.
356The control message contains a
357.Vt struct tls_get_record
358which includes fields from the TLS record header.
359If an invalid or corrupted TLS record is received,
360recvmsg 2
361will fail with one of the following errors:
362.Bl -tag -width Er
363.It Bq Er EINVAL
364The version fields in a TLS record's header did not match the version required
365by the
366.Vt struct tls_so_enable
367structure used to enable in-kernel TLS.
368.It Bq Er EMSGSIZE
369A TLS record's length was either too small or too large.
370.It Bq Er EMSGSIZE
371The connection was closed after sending a truncated TLS record.
372.It Bq Er EBADMSG
373The TLS record failed to match the included authentication tag.
374.El
375.Pp
376At present, only a single receive key may be set on a socket.
377As such, users of this option must disable rekeying.
378.It Dv TCP_RXTLS_MODE
379The integer argument can be used to get the current TLS receive mode
380of a socket.
381The available modes are the same as for
382.Dv TCP_TXTLS_MODE .
383.El
384.Pp
385The option level for the
386.Xr setsockopt 2
387call is the protocol number for
388.Tn TCP ,
389available from
390.Xr getprotobyname 3 ,
391or
392.Dv IPPROTO_TCP .
393All options are declared in
394.In netinet/tcp.h .
395.Pp
396Options at the
397.Tn IP
398transport level may be used with
399.Tn TCP ;
400see
401.Xr ip 4 .
402Incoming connection requests that are source-routed are noted,
403and the reverse source route is used in responding.
404.Pp
405The default congestion control algorithm for
406.Tn TCP
407is
408.Xr cc_newreno 4 .
409Other congestion control algorithms can be made available using the
410.Xr mod_cc 4
411framework.
412.Ss MIB Variables
413The
414.Tn TCP
415protocol implements a number of variables in the
416.Va net.inet.tcp
417branch of the
418.Xr sysctl 3
419MIB.
420.Bl -tag -width ".Va TCPCTL_DO_RFC1323"
421.It Dv TCPCTL_DO_RFC1323
422.Pq Va rfc1323
423Implement the window scaling and timestamp options of RFC 1323
424(default is true).
425.It Dv TCPCTL_MSSDFLT
426.Pq Va mssdflt
427The default value used for the maximum segment size
428.Pq Dq MSS
429when no advice to the contrary is received from MSS negotiation.
430.It Dv TCPCTL_SENDSPACE
431.Pq Va sendspace
432Maximum
433.Tn TCP
434send window.
435.It Dv TCPCTL_RECVSPACE
436.Pq Va recvspace
437Maximum
438.Tn TCP
439receive window.
440.It Va log_in_vain
441Log any connection attempts to ports where there is not a socket
442accepting connections.
443The value of 1 limits the logging to
444.Tn SYN
445(connection establishment) packets only.
446That of 2 results in any
447.Tn TCP
448packets to closed ports being logged.
449Any value unlisted above disables the logging
450(default is 0, i.e., the logging is disabled).
451.It Va msl
452The Maximum Segment Lifetime, in milliseconds, for a packet.
453.It Va keepinit
454Timeout, in milliseconds, for new, non-established
455.Tn TCP
456connections.
457The default is 75000 msec.
458.It Va keepidle
459Amount of time, in milliseconds, that the connection must be idle
460before keepalive probes (if enabled) are sent.
461The default is 7200000 msec (2 hours).
462.It Va keepintvl
463The interval, in milliseconds, between keepalive probes sent to remote
464machines, when no response is received on a
465.Va keepidle
466probe.
467The default is 75000 msec.
468.It Va keepcnt
469Number of probes sent, with no response, before a connection
470is dropped.
471The default is 8 packets.
472.It Va always_keepalive
473Assume that
474.Dv SO_KEEPALIVE
475is set on all
476.Tn TCP
477connections, the kernel will
478periodically send a packet to the remote host to verify the connection
479is still up.
480.It Va icmp_may_rst
481Certain
482.Tn ICMP
483unreachable messages may abort connections in
484.Tn SYN-SENT
485state.
486.It Va do_tcpdrain
487Flush packets in the
488.Tn TCP
489reassembly queue if the system is low on mbufs.
490.It Va blackhole
491If enabled, disable sending of RST when a connection is attempted
492to a port where there is not a socket accepting connections.
493See
494.Xr blackhole 4 .
495.It Va delayed_ack
496Delay ACK to try and piggyback it onto a data packet.
497.It Va delacktime
498Maximum amount of time, in milliseconds, before a delayed ACK is sent.
499.It Va path_mtu_discovery
500Enable Path MTU Discovery.
501.It Va tcbhashsize
502Size of the
503.Tn TCP
504control-block hash table
505(read-only).
506This may be tuned using the kernel option
507.Dv TCBHASHSIZE
508or by setting
509.Va net.inet.tcp.tcbhashsize
510in the
511.Xr loader 8 .
512.It Va pcbcount
513Number of active process control blocks
514(read-only).
515.It Va syncookies
516Determines whether or not
517.Tn SYN
518cookies should be generated for outbound
519.Tn SYN-ACK
520packets.
521.Tn SYN
522cookies are a great help during
523.Tn SYN
524flood attacks, and are enabled by default.
525(See
526.Xr syncookies 4 . )
527.It Va isn_reseed_interval
528The interval (in seconds) specifying how often the secret data used in
529RFC 1948 initial sequence number calculations should be reseeded.
530By default, this variable is set to zero, indicating that
531no reseeding will occur.
532Reseeding should not be necessary, and will break
533.Dv TIME_WAIT
534recycling for a few minutes.
535.It Va reass.cursegments
536The current total number of segments present in all reassembly queues.
537.It Va reass.maxsegments
538The maximum limit on the total number of segments across all reassembly
539queues.
540The limit can be adjusted as a tunable.
541.It Va reass.maxqueuelen
542The maximum number of segments allowed in each reassembly queue.
543By default, the system chooses a limit based on each TCP connection's
544receive buffer size and maximum segment size (MSS).
545The actual limit applied to a session's reassembly queue will be the lower of
546the system-calculated automatic limit and the user-specified
547.Va reass.maxqueuelen
548limit.
549.It Va rexmit_initial , rexmit_min , rexmit_slop
550Adjust the retransmit timer calculation for
551.Tn TCP .
552The slop is
553typically added to the raw calculation to take into account
554occasional variances that the
555.Tn SRTT
556(smoothed round-trip time)
557is unable to accommodate, while the minimum specifies an
558absolute minimum.
559While a number of
560.Tn TCP
561RFCs suggest a 1
562second minimum, these RFCs tend to focus on streaming behavior,
563and fail to deal with the fact that a 1 second minimum has severe
564detrimental effects over lossy interactive connections, such
565as a 802.11b wireless link, and over very fast but lossy
566connections for those cases not covered by the fast retransmit
567code.
568For this reason, we use 200ms of slop and a near-0
569minimum, which gives us an effective minimum of 200ms (similar to
570.Tn Linux ) .
571The initial value is used before an RTT measurement has been performed.
572.It Va initcwnd_segments
573Enable the ability to specify initial congestion window in number of segments.
574The default value is 10 as suggested by RFC 6928.
575Changing the value on fly would not affect connections using congestion window
576from the hostcache.
577Caution:
578This regulates the burst of packets allowed to be sent in the first RTT.
579The value should be relative to the link capacity.
580Start with small values for lower-capacity links.
581Large bursts can cause buffer overruns and packet drops if routers have small
582buffers or the link is experiencing congestion.
583.It Va newcwd
584Enable the New Congestion Window Validation mechanism as described in RFC 7661.
585This gently reduces the congestion window during periods, where TCP is
586application limited and the network bandwidth is not utilized completely.
587That prevents self-inflicted packet losses once the application starts to
588transmit data at a higher speed.
589.It Va rfc6675_pipe
590Calculate the bytes in flight using the algorithm described in RFC 6675, and
591is also a prerequisite to enable Proportional Rate Reduction.
592.It Va rfc3042
593Enable the Limited Transmit algorithm as described in RFC 3042.
594It helps avoid timeouts on lossy links and also when the congestion window
595is small, as happens on short transfers.
596.It Va rfc3390
597Enable support for RFC 3390, which allows for a variable-sized
598starting congestion window on new connections, depending on the
599maximum segment size.
600This helps throughput in general, but
601particularly affects short transfers and high-bandwidth large
602propagation-delay connections.
603.It Va sack.enable
604Enable support for RFC 2018, TCP Selective Acknowledgment option,
605which allows the receiver to inform the sender about all successfully
606arrived segments, allowing the sender to retransmit the missing segments
607only.
608.It Va sack.maxholes
609Maximum number of SACK holes per connection.
610Defaults to 128.
611.It Va sack.globalmaxholes
612Maximum number of SACK holes per system, across all connections.
613Defaults to 65536.
614.It Va maxtcptw
615When a TCP connection enters the
616.Dv TIME_WAIT
617state, its associated socket structure is freed, since it is of
618negligible size and use, and a new structure is allocated to contain a
619minimal amount of information necessary for sustaining a connection in
620this state, called the compressed TCP TIME_WAIT state.
621Since this structure is smaller than a socket structure, it can save
622a significant amount of system memory.
623The
624.Va net.inet.tcp.maxtcptw
625MIB variable controls the maximum number of these structures allocated.
626By default, it is initialized to
627.Va kern.ipc.maxsockets
628/ 5.
629.It Va nolocaltimewait
630Suppress creating of compressed TCP TIME_WAIT states for connections in
631which both endpoints are local.
632.It Va fast_finwait2_recycle
633Recycle
634.Tn TCP
635.Dv FIN_WAIT_2
636connections faster when the socket is marked as
637.Dv SBS_CANTRCVMORE
638(no user process has the socket open, data received on
639the socket cannot be read).
640The timeout used here is
641.Va finwait2_timeout .
642.It Va finwait2_timeout
643Timeout to use for fast recycling of
644.Tn TCP
645.Dv FIN_WAIT_2
646connections.
647Defaults to 60 seconds.
648.It Va ecn.enable
649Enable support for TCP Explicit Congestion Notification (ECN).
650ECN allows a TCP sender to reduce the transmission rate in order to
651avoid packet drops.
652Settings:
653.Bl -tag -compact
654.It 0
655Disable ECN.
656.It 1
657Allow incoming connections to request ECN.
658Outgoing connections will request ECN.
659.It 2
660Allow incoming connections to request ECN.
661Outgoing connections will not request ECN.
662.El
663.It Va ecn.maxretries
664Number of retries (SYN or SYN/ACK retransmits) before disabling ECN on a
665specific connection.
666This is needed to help with connection establishment
667when a broken firewall is in the network path.
668.It Va pmtud_blackhole_detection
669Enable automatic path MTU blackhole detection.
670In case of retransmits of MSS sized segments,
671the OS will lower the MSS to check if it's an MTU problem.
672If the current MSS is greater than the configured value to try
673.Po Va net.inet.tcp.pmtud_blackhole_mss
674and
675.Va net.inet.tcp.v6pmtud_blackhole_mss
676.Pc ,
677it will be set to this value, otherwise,
678the MSS will be set to the default values
679.Po Va net.inet.tcp.mssdflt
680and
681.Va net.inet.tcp.v6mssdflt
682.Pc .
683Settings:
684.Bl -tag -compact
685.It 0
686Disable path MTU blackhole detection.
687.It 1
688Enable path MTU blackhole detection for IPv4 and IPv6.
689.It 2
690Enable path MTU blackhole detection only for IPv4.
691.It 3
692Enable path MTU blackhole detection only for IPv6.
693.El
694.It Va pmtud_blackhole_mss
695MSS to try for IPv4 if PMTU blackhole detection is turned on.
696.It Va v6pmtud_blackhole_mss
697MSS to try for IPv6 if PMTU blackhole detection is turned on.
698.It Va functions_available
699List of available TCP function blocks (TCP stacks).
700.It Va functions_default
701The default TCP function block (TCP stack).
702.It Va functions_inherit_listen_socket_stack
703Determines whether to inherit listen socket's tcp stack or use the current
704system default tcp stack, as defined by
705.Va functions_default .
706Default is true.
707.It Va insecure_rst
708Use criteria defined in RFC793 instead of RFC5961 for accepting RST segments.
709Default is false.
710.It Va insecure_syn
711Use criteria defined in RFC793 instead of RFC5961 for accepting SYN segments.
712Default is false.
713.It Va ts_offset_per_conn
714When initializing the TCP timestamps, use a per connection offset instead of a
715per host pair offset.
716Default is to use per connection offsets as recommended in RFC 7323.
717.It Va perconn_stats_enable
718Controls the default collection of statistics for all connections using the
719.Xr stats 3
720framework.
7210 disables, 1 enables, 2 enables random sampling across log id connection
722groups with all connections in a group receiving the same setting.
723.It Va perconn_stats_sample_rates
724A CSV list of template_spec=percent key-value pairs which controls the per
725template sampling rates when
726.Xr stats 3
727sampling is enabled.
728.El
729.Sh ERRORS
730A socket operation may fail with one of the following errors returned:
731.Bl -tag -width Er
732.It Bq Er EISCONN
733when trying to establish a connection on a socket which
734already has one;
735.It Bo Er ENOBUFS Bc or Bo Er ENOMEM Bc
736when the system runs out of memory for
737an internal data structure;
738.It Bq Er ETIMEDOUT
739when a connection was dropped
740due to excessive retransmissions;
741.It Bq Er ECONNRESET
742when the remote peer
743forces the connection to be closed;
744.It Bq Er ECONNREFUSED
745when the remote
746peer actively refuses connection establishment (usually because
747no process is listening to the port);
748.It Bq Er EADDRINUSE
749when an attempt
750is made to create a socket with a port which has already been
751allocated;
752.It Bq Er EADDRNOTAVAIL
753when an attempt is made to create a
754socket with a network address for which no network interface
755exists;
756.It Bq Er EAFNOSUPPORT
757when an attempt is made to bind or connect a socket to a multicast
758address.
759.It Bq Er EINVAL
760when trying to change TCP function blocks at an invalid point in the session;
761.It Bq Er ENOENT
762when trying to use a TCP function block that is not available;
763.El
764.Sh SEE ALSO
765.Xr getsockopt 2 ,
766.Xr socket 2 ,
767.Xr stats 3 ,
768.Xr sysctl 3 ,
769.Xr blackhole 4 ,
770.Xr inet 4 ,
771.Xr intro 4 ,
772.Xr ip 4 ,
773.Xr mod_cc 4 ,
774.Xr siftr 4 ,
775.Xr syncache 4 ,
776.Xr tcp_bbr 4 ,
777.Xr setkey 8 ,
778.Xr tcp_functions 9
779.Rs
780.%A "V. Jacobson"
781.%A "R. Braden"
782.%A "D. Borman"
783.%T "TCP Extensions for High Performance"
784.%O "RFC 1323"
785.Re
786.Rs
787.%A "A. Heffernan"
788.%T "Protection of BGP Sessions via the TCP MD5 Signature Option"
789.%O "RFC 2385"
790.Re
791.Rs
792.%A "K. Ramakrishnan"
793.%A "S. Floyd"
794.%A "D. Black"
795.%T "The Addition of Explicit Congestion Notification (ECN) to IP"
796.%O "RFC 3168"
797.Re
798.Sh HISTORY
799The
800.Tn TCP
801protocol appeared in
802.Bx 4.2 .
803The RFC 1323 extensions for window scaling and timestamps were added
804in
805.Bx 4.4 .
806The
807.Dv TCP_INFO
808option was introduced in
809.Tn Linux 2.6
810and is
811.Em subject to change .
812