Date: Tue, 12 Jul 2011 07:03:10 GMT From: Catalin Nicutar <cnicutar@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 196047 for review Message-ID: <201107120703.p6C73Avb091239@skunkworks.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@196047?ac=10 Change 196047 by cnicutar@cnicutar_cronos on 2011/07/12 07:02:07 Add TCP UTO options and sysctls to tcp.4. Affected files ... .. //depot/projects/soc2011/cnicutar_tcputo_8/src/share/man/man4/tcp.4#2 edit Differences ... ==== //depot/projects/soc2011/cnicutar_tcputo_8/src/share/man/man4/tcp.4#2 (text+ko) ==== @@ -116,7 +116,7 @@ .Xr setsockopt 2 and tested with .Xr getsockopt 2 : -.Bl -tag -width ".Dv TCP_NODELAY" +.Bl -tag -width ".Dv TCP_SNDUTO_TIMEOUT" .It Dv TCP_INFO Information about a socket's underlying TCP session may be retrieved by passing the read-only option @@ -210,6 +210,46 @@ will have an invalid digest option prepended, and the following error message will be visible on the system console: .Em "tcp_signature_compute: SADB lookup failed for %d.%d.%d.%d" . +.It Dv TCP_SNDUTO_TIMEOUT +By setting this option the user controls the exact time (in seconds) TCP will +wait for an ACK before tearing the connection. +.Pp +Traditionally, a fixed number of retransmits +.Dv TCP_MAXRXTSHIFT +are performed before giving up. +Using UTO completely overrides this and allows connections with stringent or +relaxed timeouts. +.Pp +After setting the option the first subsequent segment will carry the specified +value. +This option is silently left out if (due to other options) not enough space +is available. +.It Dv TCP_RCVUTO_TIMEOUT +By setting this option to a value larger than 1 the user allows a TCP to +accept the timeout suggestion sent by the peer. +The default value is 0. +By getting this option the user can determine the actual timeout (in seconds) +as advertised by the peer. +.Pp +When using both +.Dv TCP_RCVUTO_TIMEOUT +and +.Dv TCP_SNDUTO_TIMEOUT, +the larger value is chosen as User Timeout for the connection. +.Pp +The peer is allowed to send this option any number of times. +Each time the user calls +.Xr getsockopt 2 +the most recent value received is returned. +.Pp +A possible use of this option is allowing a user to request a large timeout +(several hours) for a connection. +Even if the user is offline for long periods of time the connection will be +maintained. +.Pp +This option has security implications. +An application must *not* enable this option before the user has +authenticated in order to prevent DoS attacks. .El .Pp The option level for the @@ -482,6 +522,13 @@ .It Va sack.globalmaxholes Maximum number of SACK holes per system, across all connections. Defaults to 65536. +.It Va uto.enable +Globally permit or deny using UTO. +.It Va uto.max_timeout +Maximum value for TCP_SNDUTO_TIMEOUT for any connection. Setting this to a +large value has security implications. +.It Va uto.min_timeout +Minimum value for TCP_RCVUTO_TIMEOUT for any connection. .It Va maxtcptw When a TCP connection enters the .Dv TIME_WAIT
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201107120703.p6C73Avb091239>