1.\" $NetBSD: tcp.4,v 1.19 2004/04/29 12:47:59 wiz Exp $ 2.\" $FreeBSD: tcp.4,v 1.11.2.16 2004/02/16 22:21:47 bms Exp $ 3.\" 4.\" Copyright (c) 1983, 1991, 1993 5.\" The Regents of the University of California. All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. Neither the name of the University nor the names of its contributors 16.\" may be used to endorse or promote products derived from this software 17.\" without specific prior written permission. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" 31.\" @(#)tcp.4 8.1 (Berkeley) 6/5/93 32.\" 33.Dd April 25, 2004 34.Dt TCP 4 35.Os 36.Sh NAME 37.Nm tcp 38.Nd Internet Transmission Control Protocol 39.Sh SYNOPSIS 40.In sys/socket.h 41.In netinet/in.h 42.Ft int 43.Fn socket AF_INET SOCK_STREAM 0 44.Ft int 45.Fn socket AF_INET6 SOCK_STREAM 0 46.Sh DESCRIPTION 47The 48.Tn TCP 49provides reliable, flow-controlled, two-way transmission of data. 50It is a byte-stream protocol used to support the 51.Dv SOCK_STREAM 52abstraction. 53.Tn TCP 54uses the standard Internet address format and, in addition, provides 55a per-host collection of 56.Dq port addresses . 57Thus, each address is composed of an Internet address specifying 58the host and network, with a specific 59.Tn TCP 60port on the host identifying the peer entity. 61.Pp 62Sockets using 63.Tn TCP 64are either 65.Dq active 66or 67.Dq passive . 68Active sockets initiate connections to passive 69sockets. 70By default 71.Tn TCP 72sockets are created active; to create a passive socket the 73.Xr listen 2 74system call must be used 75after binding the socket with the 76.Xr bind 2 77system call. 78Only passive sockets may use the 79.Xr accept 2 80call to accept incoming connections. 81Only active sockets may use the 82.Xr connect 2 83call to initiate connections. 84.Pp 85Passive sockets may 86.Dq underspecify 87their location to match incoming connection requests from multiple networks. 88This technique, termed 89.Dq wildcard addressing , 90allows a single 91server to provide service to clients on multiple networks. 92To create a socket which listens on all networks, the Internet 93address 94.Dv INADDR_ANY 95must be bound. 96The 97.Tn TCP 98port may still be specified at this time; if the port is not 99specified the system will assign one. 100Once a connection has been established the socket's address is 101fixed by the peer entity's location. 102The address assigned the socket is the address associated with the 103network interface through which packets are being transmitted and received. 104Normally this address corresponds to the peer entity's network. 105.Pp 106.Tn TCP 107supports a number of socket options which can be set with 108.Xr setsockopt 2 109and tested with 110.Xr getsockopt 2 : 111.Bl -tag -width TCP_MD5SIGx 112.It Dv TCP_NODELAY 113Under most circumstances, 114.Tn TCP 115sends data when it is presented; 116when outstanding data has not yet been acknowledged, it gathers 117small amounts of output to be sent in a single packet once 118an acknowledgement is received. 119For a small number of clients, such as window systems 120that send a stream of mouse events which receive no replies, 121this packetization may cause significant delays. 122Therefore, 123.Tn TCP 124provides a boolean option, 125.Dv TCP_NODELAY 126(from 127.Aq Pa netinet/tcp.h , 128to defeat this algorithm. 129.It Dv TCP_MAXSEG 130By default, a sender- and receiver-TCP 131will negotiate among themselves to determine the maximum segment size 132to be used for each connection. 133The 134.Dv TCP_MAXSEG 135option allows the user to determine the result of this negotiation, 136and to reduce it if desired. 137.It Dv TCP_MD5SIG 138This option enables the use of MD5 digests (also known as TCP-MD5) 139on writes to the specified socket. 140In the current release, only outgoing traffic is digested; 141digests on incoming traffic are not verified. 142The current default behavior for the system is to respond to a system 143advertising this option with TCP-MD5; this may change. 144.Pp 145One common use for this in a 146.Nx 147router deployment is to enable 148based routers to interwork with Cisco equipment at peering points. 149Support for this feature conforms to RFC 2385. 150Only IPv4 (AF_INET) sessions are supported. 151.Pp 152In order for this option to function correctly, it is necessary for the 153administrator to add a tcp-md5 key entry to the system's security 154associations database (SADB) using the 155.Xr setkey 8 156utility. 157This entry must have an SPI of 0x1000 and can therefore only be specified 158on a per-host basis at this time. 159.Pp 160If an SADB entry cannot be found for the destination, the outgoing traffic 161will have an invalid digest option prepended, and the following error message 162will be visible on the system console: 163.Em "tcp_signature_compute: SADB lookup failed for %d.%d.%d.%d" . 164.El 165.Pp 166The option level for the 167.Xr setsockopt 2 168call is the protocol number for 169.Tn TCP , 170available from 171.Xr getprotobyname 3 . 172.Pp 173In the historical 174.Bx 175.Tn TCP 176implementation, if the 177.Dv TCP_NODELAY 178option was set on a passive socket, the sockets returned by 179.Xr accept 2 180erroneously did not have the 181.Dv TCP_NODELAY 182option set; the behavior was corrected to inherit 183.Dv TCP_NODELAY 184in 185.Nx 1.6 . 186.Pp 187Options at the 188.Tn IP 189network level may be used with 190.Tn TCP ; 191see 192.Xr ip 4 193or 194.Xr ip6 4 . 195Incoming connection requests that are source-routed are noted, 196and the reverse source route is used in responding. 197.Pp 198There are many adjustable parameters that control various aspects 199of the 200.Nx 201TCP behavior; these parameters are documented in 202.Xr sysctl 3 , 203and they include: 204.Bl -bullet -compact 205.It 206RFC 1323 extensions for high performance 207.It 208Send/receive buffer sizes 209.It 210Default maximum segment size (MSS) 211.It 212SYN cache parameters 213.It 214Initial window size 215.It 216Hughes/Touch/Heidemann Congestion Window Monitoring algorithm 217.It 218Keepalive parameters 219.It 220newReno algorithm for congestion control 221.It 222Logging of connection refusals 223.It 224RST packet rate limits 225.El 226.Sh DIAGNOSTICS 227A socket operation may fail with one of the following errors returned: 228.Bl -tag -width [EADDRNOTAVAIL] 229.It Bq Er EISCONN 230when trying to establish a connection on a socket which 231already has one; 232.It Bq Er ENOBUFS 233when the system runs out of memory for 234an internal data structure; 235.It Bq Er ETIMEDOUT 236when a connection was dropped 237due to excessive retransmissions; 238.It Bq Er ECONNRESET 239when the remote peer 240forces the connection to be closed; 241.It Bq Er ECONNREFUSED 242when the remote 243peer actively refuses connection establishment (usually because 244no process is listening to the port); 245.It Bq Er EADDRINUSE 246when an attempt 247is made to create a socket with a port which has already been 248allocated; 249.It Bq Er EADDRNOTAVAIL 250when an attempt is made to create a 251socket with a network address for which no network interface 252exists. 253.El 254.Sh SEE ALSO 255.Xr getsockopt 2 , 256.Xr socket 2 , 257.Xr sysctl 3 , 258.Xr inet 4 , 259.Xr inet6 4 , 260.Xr intro 4 , 261.Xr ip 4 , 262.Xr ip6 4 263.Rs 264.%R RFC 265.%N 793 266.%D September 1981 267.%T "Transmission Control Protocol" 268.Re 269.Rs 270.%R RFC 271.%N 1122 272.%D October 1989 273.%T "Requirements for Internet Hosts -- Communication Layers" 274.Re 275.Sh HISTORY 276The 277.Nm 278protocol stack appeared in 279.Bx 4.2 . 280