NAME
tcp - TCP protocol
SYNOPSIS
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
tcp_socket = socket(AF_INET, SOCK_STREAM, 0);
DESCRIPTION
This is an implementation of the TCP protocol defined in RFC 793, RFC 1122 and RFC 2001 with the NewReno and SACK extensions. It provides a reliable, stream-oriented, full-duplex connection between two sockets on top of ip(7), for both v4 and v6 versions. TCP guarantees that the data arrives in order and retransmits lost packets. It generates and checks a per-packet checksum to catch transmission errors. TCP does not preserve record boundaries.这是RFC 793、RFC 1122和RFC 2001中定义的TCP协议的实现,带有NewReno和SACK扩展。它在ip(7)之上的两个套接字之间提供可靠的、面向流的、全双工的连接,适用于v4和v6版本。TCP保证数据按顺序到达并重传丢失的数据包。它生成并检查每个包的校验和以捕获传输错误。TCP不保留记录边界。
A newly created TCP socket has no remote or local address and is not fully specified. To create an outgoing TCP connection use connect(2) to establish a connection to another TCP socket. To receive new incoming connections, first bind(2) the socket to a local address and port and then call listen(2) to put the socket into the listening state. After that a new socket for each incoming connection can be accepted using accept(2). A socket which has had accept(2) or connect(2) successfully called on it is fully specified and may transmit data. Data cannot be transmitted on listening or not yet connected sockets.新创建的TCP套接字没有远端或本地地址,并且没有完全指定。要创建一个传出的TCP连接,使用connect(2)来建立到另一个TCP套接字的连接。要接收新的传入连接,首先将套接字bind(2)到本地地址和端口,然后调用listen(2)将套接字置于侦听状态。之后,可以使用accept(2)接受每个传入连接的新套接字。已成功调用accept(2)或connect(2)的套接字被完全指定并可以传输数据。在侦听或尚未连接的套接字上无法传输数据。
Linux supports RFC 1323 TCP high performance extensions. These include Protection Against Wrapped Sequence Numbers (PAWS), Window Scaling and Timestamps. Window scaling allows the use of large (> 64 kB) TCP windows in order to support links with high latency or bandwidth. Linux支持RFC 1323 TCP高性能扩展。这些包括防止包装序列号保护(PAWS)、窗口缩放和时间戳。窗口缩放允许使用大的(> 64 kB) TCP窗口,以支持高延迟或带宽的链接。
To make use of them, the send and receive buffer sizes must be increased. They can be set globally with the /proc/sys/net/ipv4/tcp_wmem and /proc/sys/net/ipv4/tcp_rmem files, or on individual sockets by using the SO_SNDBUF and SO_RCVBUF socket options with the setsockopt(2) call. 要使用它们,必须增加发送和接收缓冲区的大小。它们可以通过/proc/sys/net/ipv4/tcp_wmem和/proc/sys/net/ipv4/tcp_rmem文件进行全局设置,也可以通过setsockopt(2)调用使用SO_SNDBUF和SO_RCVBUF套接字选项在单个套接字上进行设置。
The maximum sizes for socket buffers declared via the SO_SNDBUF and SO_RCVBUF mechanisms are limited by the values in the /proc/sys/net/core/rmem_max and /proc/sys/net/core/wmem_max files. 通过SO_SNDBUF和SO_RCVBUF机制声明的套接字缓冲区的最大大小受/proc/sys/net/core/rmem_max和/proc/sys/net/core/wmem_max文件中的值限制。
Note that TCP actually allocates twice the size of the buffer requested in the setsockopt(2) call, and so a succeeding getsockopt(2) call will not return the same size of buffer as requested in the setsockopt(2) call. TCP uses the extra space for administrative purposes and internal kernel structures, and the /proc file values reflect the larger sizes compared to the actual TCP windows. On individual connections, the socket buffer size must be set prior to the listen(2) or connect(2) calls in order to have it take effect. See socket(7) for more information.注意,TCP实际上分配了setsockopt(2)调用中请求缓冲区大小的两倍,因此后续的getsockopt(2)调用将不会返回与setsockopt(2)调用中请求的缓冲区大小相同的缓冲区大小。TCP将额外的空间用于管理目的和内部内核结构,与实际的TCP窗口相比,/proc文件值反映了更大的大小。在单个连接上,套接字缓冲区大小必须在listen(2)或connect(2)调用之前设置,以便使其生效。参见socket(7)了解更多信息。
TCP supports urgent data. Urgent data is used to signal the receiver that some important message is part of the data stream and that it should be processed as soon as possible. To send urgent data specify the MSG_OOB option to send(2). TCP支持紧急数据。紧急数据是用来通知接收方一些重要的消息是数据流的一部分,应该尽快处理。要发送紧急数据,指定MSG_OOB选项发送(2)。
When urgent data is received, the kernel sends a SIGURG signal to the process or process group that has been set as the socket "owner" using the SIOCSPGRP or FIOSETOWN ioctls (or the POSIX.1-specified fcntl(2) F_SETOWN operation). 当接收到紧急数据时,内核会向使用SIOCSPGRP或FIOSETOWN ioctls(或posix .1指定的fcntl(2) F_SETOWN操作)设置为套接字“所有者”的进程或进程组发送SIGURG信号。
When the SO_OOBINLINE socket option is enabled, urgent data is put into the normal data stream (a program can test for its location using the SIOCATMARK ioctl described below), otherwise it can be received only when the MSG_OOB flag is set for recv(2) or recvmsg(2).当SO_OOBINLINE套接字选项启用时,紧急数据被放入正常数据流中(程序可以使用下面描述的SIOCATMARK ioctl测试其位置),否则只有在MSG_OOB标志设置为recv(2)或recvmsg(2)时才能接收它。
When out-of-band data is present, select(2) indicates the file descriptor as having an exceptional condition and poll (2) indicates a POLLPRI event.当存在带外数据时,select(2)表示文件描述符具有异常条件,poll(2)表示POLLPRI事件。
Linux 2.4 introduced a number of changes for improved throughput and scaling, as well as enhanced functionality. Some of these features include support for zero-copy sendfile(2), Explicit Congestion Notification, new management of TIME_WAIT sockets, keep-alive socket options and support for Duplicate SACK extensions.Linux 2.4引入了许多改进吞吐量和可伸缩性的更改,以及增强的功能。其中一些特性包括支持零拷贝sendfile(2)、显式拥塞通知、TIME_WAIT套接字的新管理、保持活动套接字选项以及对Duplicate SACK扩展的支持。
Address formats
TCP is built on top of IP (see ip(7)). The address formats defined by ip(7) apply to TCP. TCP supports point-to-point communication only; broadcasting and multicasting are not supported.TCP建立在IP之上(参见IP(7))。ip(7)定义的地址格式适用于TCP。TCP只支持点对点通信;不支持广播和组播。
/proc interfaces
System-wide TCP parameter settings can be accessed by files in the directory /proc/sys/net/ipv4/. In addition, most IP /proc interfaces also apply to TCP; see ip(7). Variables described as Boolean take an integer value, with a nonzero value ("true") meaning that the corresponding option is enabled, and a zero value ("false") meaning that the option is disabled.系统范围的TCP参数设置可以通过/proc/sys/net/ipv4目录下的文件进行访问。此外,大多数IP /进程接口也适用于TCP;看到ip(7)。描述为布尔型的变量采用整数值,其中非零值(“true”)表示相应的选项已启用,零值(“false”)表示该选项已禁用。
tcp_abc (Integer; default: 0; Linux 2.6.15 to Linux 3.8)
Control the Appropriate Byte Count (ABC), defined in RFC 3465. ABC is a way of increasing the congestion window (cwnd) more slowly in response to partial acknowledgements. Possible values are:控制适当字节计数(ABC),在RFC 3465中定义。ABC是一种以较慢的速度增加拥塞窗口(cwnd)以响应部分确认的方法。可能的值有:
0 increase cwnd once per acknowledgement (no ABC)每次确认增加一次cwnd(没有ABC)
1 increase cwnd once per acknowledgement of full sized segment每确认一个完整的分段,增加一次CWND
2 allow increase cwnd by two if acknowledgement is of two segments to compensate for delayed acknowledgements.如果确认是两个段,允许将CWND增加2,以补偿延迟的确认。
tcp_abort_on_overflow (Boolean; default: disabled; since Linux 2.4)
Enable resetting connections if the listening service is too slow and unable to keep up and accept them. It means that if overflow occurred due to a burst, the connection will recover.如果侦听服务太慢,无法跟上并接受它们,则启用重置连接。这意味着如果由于突发而发生溢出,连接将恢复。 Enable this option only if you are really sure that the listening daemon cannot be tuned to accept connections faster. Enabling this option can harm the clients of your server.只有当您确实确定侦听守护进程不能调优为更快地接受连接时,才启用此选项。启用此选项可能会损害服务器的客户端。
tcp_adv_win_scale (integer; default: 2; since Linux 2.4)
Count buffering overhead as bytes/2^tcp_adv_win_scale, if tcp_adv_win_scale is greater than 0; or bytes-bytes/2^(-tcp_adv_win_scale), if tcp_adv_win_scale is less than or equal to zero.如果tcp_adv_win_scale大于0,计数缓冲开销为bytes/2^tcp_adv_win_scale;
如果tcp_adv_win_scale小于或等于零,计数缓冲开销为bytes-bytes/2^(-tcp_adv_win_scale)。
The socket receive buffer space is shared between the application and kernel. TCP maintains part of the buffer as the TCP window, this is the size of the receive window advertised to the other end. 套接字接收缓冲区空间在应用程序和内核之间共享。TCP维护一部分缓冲区作为TCP窗口,这是通知到另一端的接收窗口的大小。
The rest of the space is used as the "application" buffer, used to isolate the network from scheduling and application latencies. The tcp_adv_win_scale default value of 2 implies that the space used for the application buffer is one fourth that of the total.其余空间用作“应用程序”缓冲区,用于将网络与调度和应用程序延迟隔离开来。tcp_adv_win_scale默认值2表示用于应用程序缓冲区的空间是总数的四分之一。
tcp_allowed_congestion_control (String; default: see text; since Linux 2.4.20)
Show/set the congestion control algorithm choices available to unprivileged processes (see the description of the TCP_CONGESTION socket option). The items in the list are separated by white space and terminated by a newline character. The list is a subset of those listed in tcp_available_congestion_control. The default value for this list is "reno" plus the default setting of tcp_congestion_control.显示/设置无特权进程可用的拥塞控制算法选项(参见tcp_拥塞套接字选项的描述)。列表中的项由空格分隔,并以换行符结束。该列表是tcp_available_congtion_control中列出的列表的子集。此列表的默认值是“reno”加上tcp_拥塞_control的默认设置。
tcp_autocorking (Boolean; default: enabled; since Linux 3.14)
If this option is enabled, the kernel tries to coalesce small writes (from consecutive write(2) and sendmsg(2) calls) as much as possible, in order to decrease the total number of sent packets. Coalescing is done if at
least one prior packet for the flow is waiting in Qdisc queues or device transmit queue. Applications can still use the TCP_CORK socket option to obtain optimal behavior when they know how/when to uncork their sockets.
tcp_available_congestion_control (String; read-only; since Linux 2.4.20)
Show a list of the congestion-control algorithms that are registered. The items in the list are separated by white space and terminated by a newline character. This list is a limiting set for the list in tcp_allowed_con‐
gestion_control. More congestion-control algorithms may be available as modules, but not loaded.
tcp_app_win (integer; default: 31; since Linux 2.4)
This variable defines how many bytes of the TCP window are reserved for buffering overhead.这个变量定义了TCP窗口为缓冲开销保留多少字节。
A maximum of (window/2^tcp_app_win, mss) bytes in the window are reserved for the application buffer. A value of 0 implies that no amount is reserved.窗口中保留max(window/2^tcp_app_win, mss)字节作为应用程序缓冲区。值为0表示不保留任何数量。
tcp_base_mss (Integer; default: 512; since Linux 2.6.17)
The initial value of search_low to be used by the packetization layer Path MTU discovery (MTU probing). If MTU probing is enabled, this is the initial MSS used by the connection.search_low的初始值,用于分组层发现路径MTU (MTU探测)。如果启用了MTU探测,则这是连接使用的初始MSS。
tcp_bic (Boolean; default: disabled; Linux 2.4.27/2.6.6 to Linux 2.6.13)
Enable BIC TCP congestion control algorithm. BIC-TCP is a sender-side-only change that ensures a linear RTT fairness under large windows while offering both scalability and bounded TCP-friendliness. The protocol combines
two schemes called additive increase and binary search increase. When the congestion window is large, additive increase with a large increment ensures linear RTT fairness as well as good scalability. Under small congestion
windows, binary search increase provides TCP friendliness.
tcp_bic_low_window (integer; default: 14; Linux 2.4.27/2.6.6 to Linux 2.6.13)
Set the threshold window (in packets) where BIC TCP starts to adjust the congestion window. Below this threshold BIC TCP behaves the same as the default TCP Reno.
tcp_bic_fast_convergence (Boolean; default: enabled; Linux 2.4.27/2.6.6 to Linux 2.6.13)
Force BIC TCP to more quickly respond to changes in congestion window. Allows two flows sharing the same connection to converge more rapidly.
tcp_congestion_control (String; default: see text; since Linux 2.4.13)
Set the default congestion-control algorithm to be used for new connections. The algorithm "reno" is always available, but additional choices may be available depending on kernel configuration. The default value for this
file is set as part of kernel configuration.
tcp_dma_copybreak (integer; default: 4096; since Linux 2.6.24)
Lower limit, in bytes, of the size of socket reads that will be offloaded to a DMA copy engine, if one is present in the system and the kernel was configured with the CONFIG_NET_DMA option.
tcp_dsack (Boolean; default: enabled; since Linux 2.4)
Enable RFC 2883 TCP Duplicate SACK support.
tcp_fastopen (Bitmask; default: 0x1; since Linux 3.7)
Enables RFC 7413 Fast Open support. The flag is used as a bitmap with the following values:
0x1 Enables client side Fast Open support
0x2 Enables server side Fast Open support
0x4 Allows client side to transmit data in SYN without Fast Open option
0x200 Allows server side to accept SYN data without Fast Open option
0x400 Enables Fast Open on all listeners without TCP_FASTOPEN socket option
tcp_fastopen_key (since Linux 3.7)
Set server side RFC 7413 Fast Open key to generate Fast Open cookie when server side Fast Open support is enabled.
tcp_ecn (Integer; default: see below; since Linux 2.4)
Enable RFC 3168 Explicit Congestion Notification.
This file can have one of the following values:
0 Disable ECN. Neither initiate nor accept ECN. This was the default up to and including Linux 2.6.30.
1 Enable ECN when requested by incoming connections and also request ECN on outgoing connection attempts.
2 Enable ECN when requested by incoming connections, but do not request ECN on outgoing connections. This value is supported, and is the default, since Linux 2.6.31.
When enabled, connectivity to some destinations could be affected due to older, misbehaving middle boxes along the path, causing connections to be dropped. However, to facilitate and encourage deployment with option 1, and
to work around such buggy equipment, the tcp_ecn_fallback option has been introduced.
tcp_ecn_fallback (Boolean; default: enabled; since Linux 4.1)
Enable RFC 3168, Section 6.1.1.1. fallback. When enabled, outgoing ECN-setup SYNs that time out within the normal SYN retransmission timeout will be resent with CWR and ECE cleared.
tcp_fack (Boolean; default: enabled; since Linux 2.2)
Enable TCP Forward Acknowledgement support.
tcp_fin_timeout (integer; default: 60; since Linux 2.2)
This specifies how many seconds to wait for a final FIN packet before the socket is forcibly closed. This is strictly a violation of the TCP specification, but required to prevent denial-of-service attacks. In Linux 2.2, the default value was 180.该参数指定在强制关闭套接字之前等待最终FIN数据包的秒数。这严格违反了TCP规范,但需要防止拒绝服务攻击。在Linux 2.2中,默认值是180。
tcp_frto (integer; default: see below; since Linux 2.4.21/2.6)
Enable F-RTO, an enhanced recovery algorithm for TCP retransmission timeouts (RTOs). It is particularly beneficial in wireless environments where packet loss is typically due to random radio interference rather than inter‐
mediate router congestion. See RFC 4138 for more details.
This file can have one of the following values:
0 Disabled. This was the default up to and including Linux 2.6.23.
1 The basic version F-RTO algorithm is enabled.
2 Enable SACK-enhanced F-RTO if flow uses SACK. The basic version can be used also when SACK is in use though in that case scenario(s) exists where F-RTO interacts badly with the packet counting of the SACK-enabled TCP
flow. This value is the default since Linux 2.6.24.
Before Linux 2.6.22, this parameter was a Boolean value, supporting just values 0 and 1 above.
tcp_frto_response (integer; default: 0; since Linux 2.6.22)
When F-RTO has detected that a TCP retransmission timeout was spurious (i.e., the timeout would have been avoided had TCP set a longer retransmission timeout), TCP has several options concerning what to do next. Possible
values are:
0 Rate halving based; a smooth and conservative response, results in halved congestion window (cwnd) and slow-start threshold (ssthresh) after one RTT.
1 Very conservative response; not recommended because even though being valid, it interacts poorly with the rest of Linux TCP; halves cwnd and ssthresh immediately.
2 Aggressive response; undoes congestion-control measures that are now known to be unnecessary (ignoring the possibility of a lost retransmission that would require TCP to be more cautious); cwnd and ssthresh are re‐
stored to the values prior to timeout.
tcp_keepalive_intvl (integer; default: 75; since Linux 2.4)
The number of seconds between TCP keep-alive probes.
tcp_keepalive_probes (integer; default: 9; since Linux 2.2)
The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end.
tcp_keepalive_time (integer; default: 7200; since Linux 2.2)
The number of seconds a connection needs to be idle before TCP begins sending out keep-alive probes. Keep-alives are sent only when the SO_KEEPALIVE socket option is enabled. The default value is 7200 seconds (2 hours).
An idle connection is terminated after approximately an additional 11 minutes (9 probes an interval of 75 seconds apart) when keep-alive is enabled.
Note that underlying connection tracking mechanisms and application timeouts may be much shorter.
tcp_low_latency (Boolean; default: disabled; since Linux 2.4.21/2.6; obsolete since Linux 4.14)
If enabled, the TCP stack makes decisions that prefer lower latency as opposed to higher throughput. It this option is disabled, then higher throughput is preferred. An example of an application where this default should
be changed would be a Beowulf compute cluster. Since Linux 4.14, this file still exists, but its value is ignored.
tcp_max_orphans (integer; default: see below; since Linux 2.4)
The maximum number of orphaned (not attached to any user file handle) TCP sockets allowed in the system. When this number is exceeded, the orphaned connection is reset and a warning is printed.
This limit exists only to prevent simple denial-of-service attacks. Lowering this limit is not recommended. Network conditions might require you to increase the number of orphans allowed, but note that each orphan can eat up to ~64 kB of unswap‐
pable memory. The default initial value is set equal to the kernel parameter NR_FILE. This initial default is adjusted depending on the memory in the system.
tcp_max_syn_backlog (integer; default: see below; since Linux 2.2)
The maximum number of queued connection requests which have still not received an acknowledgement from the connecting client. If this number is exceeded, the kernel will begin dropping requests. 尚未从连接客户端收到确认的排队连接请求的最大数目。如果超过这个数量,内核将开始丢弃请求。
The default value of 256 is increased to 1024 when the memory present in the system is adequate or greater (>= 128 MB), and reduced to 128 for those systems with very low memory (<= 32 MB).当系统中的内存足够或更多(>= 128 MB)时,默认值256增加到1024,对于内存非常少(<= 32 MB)的系统,默认值减少到128。
Before Linux 2.6.20, it was recommended that if this needed to be increased above 1024, the size of the SYNACK hash table (TCP_SYNQ_HSIZE) in include/net/tcp.h should be modified to keep 在Linux 2.6.20之前,建议如果需要将此值增加到1024以上,则应修改include/net/tcp.h中的SYNACK散列表(TCP_SYNQ_HSIZE)的大小以保持
TCP_SYNQ_HSIZE * 16 <= tcp_max_syn_backlog
and the kernel should be recompiled 且内核需要重新编译. In Linux 2.6.20, the fixed sized TCP_SYNQ_HSIZE was removed in favor of dynamic sizing.在Linux 2.6.20中,固定大小的TCP_SYNQ_HSIZE被删除,以支持动态大小。
tcp_max_tw_buckets (integer; default: see below; since Linux 2.4)
The maximum number of sockets in TIME_WAIT state allowed in the system. This limit exists only to prevent simple denial-of-service attacks. The default value of NR_FILE*2 is adjusted depending on the memory in the system.系统中允许的TIME_WAIT状态的套接字的最大数目。此限制仅用于防止简单的拒绝服务攻击。NR_FILE*2的默认值会根据系统内存进行调整。
If this number is exceeded, the socket is closed and a warning is printed.
tcp_moderate_rcvbuf (Boolean; default: enabled; since Linux 2.4.17/2.6.7)
If enabled, TCP performs receive buffer auto-tuning, attempting to automatically size the buffer (no greater than tcp_rmem[2]) to match the size required by the path for full throughput.如果启用,TCP执行接收缓冲区自动调优,尝试自动调整缓冲区的大小(不大于tcp_rmem[2]),以匹配路径所需的大小,以实现完全吞吐量。
tcp_mem (since Linux 2.4)
This is a vector of 3 integers: [low, pressure, high]. These bounds, measured in units of the system page size, are used by TCP to track its memory usage. The defaults are calculated at boot time from the amount of available memory. (TCP can only use low memory for this, which is limited to around 900 megabytes on 32-bit systems. 64-bit systems do not suffer this limitation.)这是一个由3个整数组成的向量:[低,压力,高]。这些边界(以系统页面大小为单位)被TCP用来跟踪其内存使用情况。默认值是在启动时根据可用内存量计算的。(TCP只能使用低内存,在32位系统上限制在900兆字节左右。64位系统不受此限制。)
low TCP doesn't regulate its memory allocation when the number of pages it has allocated globally is below this number.当TCP全局分配的页面数量低于此数量时,TCP不会调节其内存分配。
pressure When the amount of memory allocated by TCP exceeds this number of pages, TCP moderates its memory consumption. This memory pressure state is exited once the number of pages allocated falls below the low mark.当TCP分配的内存量超过这个页面数量时,TCP会调节其内存消耗。一旦分配的页面数量低于低标记,就退出这种内存压力状态。
high The maximum number of pages, globally, that TCP will allocate. This value overrides any other limits imposed by the kernel.TCP将全局分配的最大页面数。这个值将覆盖内核施加的任何其他限制。
tcp_mtu_probing (integer; default: 0; since Linux 2.6.17)
This parameter controls TCP Packetization-Layer Path MTU Discovery. The following values may be assigned to the file:
0 Disabled
1 Disabled by default, enabled when an ICMP black hole detected
2 Always enabled, use initial MSS of tcp_base_mss.
tcp_no_metrics_save (Boolean; default: disabled; since Linux 2.6.6)
By default, TCP saves various connection metrics in the route cache when the connection closes, so that connections established in the near future can use these to set initial conditions. Usually, this increases overall
performance, but it may sometimes cause performance degradation. If tcp_no_metrics_save is enabled, TCP will not cache metrics on closing connections.
tcp_orphan_retries (integer; default: 8; since Linux 2.4)
The maximum number of attempts made to probe the other end of a connection which has been closed by our end.
tcp_reordering (integer; default: 3; since Linux 2.4)
The maximum a packet can be reordered in a TCP packet stream without TCP assuming packet loss and going into slow start. It is not advisable to change this number. This is a packet reordering detection metric designed to minimize unnecessary back off and retransmits provoked by reordering of packets on a connection.在TCP假设丢包并进入慢启动的情况下,TCP包流中可以重新排序的最大数据包。不建议更改这个数字。这是一个数据包重排序检测指标,旨在最大限度地减少由连接上的数据包重排序引起的不必要的退回和重传。
tcp_retrans_collapse (Boolean; default: enabled; since Linux 2.2)
Try to send full-sized packets during retransmit.
tcp_retries1 (integer; default: 3; since Linux 2.2)
The number of times TCP will attempt to retransmit a packet on an established connection normally, without the extra effort of getting the network layers involved. Once we exceed this number of retransmits, we first have the network layer update the route if possible before each new retransmit. The default is the RFC specified minimum of 3.TCP在正常情况下尝试在已建立的连接上重新传输数据包的次数,而不需要涉及网络层的额外工作。一旦我们超过了这个重传数量,我们首先让网络层在每次新的重传之前更新路由,如果可能的话。默认值是RFC指定的最小值3。
tcp_retries2 (integer; default: 15; since Linux 2.2)
The maximum number of times a TCP packet is retransmitted in established state before giving up. The default value is 15, which corresponds to a duration of approximately between 13 to 30 minutes, depending on the retransmission timeout. The RFC 1122 specified minimum limit of 100 seconds is typically deemed too short.一个TCP报文在established状态下重传到放弃的最大次数。缺省值为15,根据重传超时时间的不同,大约在13 ~ 30分钟之间。RFC 1122规定的100秒的最小限制通常被认为太短。
tcp_rfc1337 (Boolean; default: disabled; since Linux 2.2)
Enable TCP behavior conformant with RFC 1337. When disabled, if a RST is received in TIME_WAIT state, we close the socket immediately without waiting for the end of the TIME_WAIT period.
tcp_rmem (since Linux 2.4)
This is a vector of 3 integers: [min, default, max]. These parameters are used by TCP to regulate receive buffer sizes. TCP dynamically adjusts the size of the receive buffer from the defaults listed below, in the range of these values, depending on memory available in the system.这是一个由3个整数组成的向量:[min, default, max]。TCP使用这些参数来调节接收缓冲区的大小。TCP根据系统中可用的内存,根据下面列出的默认值在这些值的范围内动态调整接收缓冲区的大小。
min minimum size of the receive buffer used by each TCP socket. The default value is the system page size. (On Linux 2.4, the default value is 4 kB, lowered to PAGE_SIZE bytes in low-memory systems.) This value is used to ensure that in memory pressure mode, allocations below this size will still succeed. This is not used to bound the size of the receive buffer declared using SO_RCVBUF on a socket.每个TCP套接字使用的接收缓冲区的最小大小。默认值为系统页面大小。(在Linux 2.4上,默认值是4 kB,在低内存系统中降低到PAGE_SIZE字节。)此值用于确保在内存压力模式下,低于此大小的分配仍然会成功。这并不用于绑定在套接字上使用SO_RCVBUF声明的接收缓冲区的大小。
default the default size of the receive buffer for a TCP socket. This value overwrites the initial default buffer size from the generic global net.core.rmem_default defined for all protocols. The default value is 87380 bytes. (On Linux 2.4, this will be lowered to 43689 in low-memory systems.) If larger receive buffer sizes are desired, this value should be increased (to affect all sockets). To employ large TCP windows, the net.ipv4.tcp_window_scaling must be enabled (default).TCP套接字接收缓冲区的默认大小。此值覆盖通用全局net.core的初始默认缓冲区大小(为所有协议定义的rmem_default)。缺省值是87380字节。(在Linux 2.4上,在低内存系统中,该值将降低到43689。)如果需要更大的接收缓冲区大小,则应该增加该值(以影响所有套接字)。要使用大型TCP窗口,net.ipv4.tcp_window_scaling必须启用(默认)。
max the maximum size of the receive buffer used by each TCP socket. This value does not override the global net.core.rmem_max. This is not used to limit the size of the receive buffer declared using SO_RCVBUF on a socket. The default value is calculated using the formula max(87380, min(4 MB, tcp_mem[1]*PAGE_SIZE/128)) (On Linux 2.4, the default is 87380*2 bytes, lowered to 87380 in low-memory systems).每个TCP套接字使用的接收缓冲区的最大大小。这个值不会覆盖全局的net.core.rmem_max。这不是用来限制在套接字上使用SO_RCVBUF声明的接收缓冲区的大小。默认值使用公式max(87380, min(4mb, tcp_mem[1]*PAGE_SIZE/128))计算(在Linux 2.4上,默认值是87380*2字节,在低内存系统中降低到87380)。
tcp_sack (Boolean; default: enabled; since Linux 2.2)
Enable RFC 2018 TCP Selective Acknowledgements.
tcp_slow_start_after_idle (Boolean; default: enabled; since Linux 2.6.18)
If enabled, provide RFC 2861 behavior and time out the congestion window after an idle period. An idle period is defined as the current RTO (retransmission timeout). If disabled, the congestion window will not be timed out
after an idle period.
tcp_stdurg (Boolean; default: disabled; since Linux 2.2)
If this option is enabled, then use the RFC 1122 interpretation of the TCP urgent-pointer field. According to this interpretation, the urgent pointer points to the last byte of urgent data. If this option is disabled, then
use the BSD-compatible interpretation of the urgent pointer: the urgent pointer points to the first byte after the urgent data. Enabling this option may lead to interoperability problems.
tcp_syn_retries (integer; default: 6; since Linux 2.2)
The maximum number of times initial SYNs for an active TCP connection attempt will be retransmitted. This value should not be higher than 255. The default value is 6, which corresponds to retrying for up to approximately
127 seconds. Before Linux 3.7, the default value was 5, which (in conjunction with calculation based on other kernel parameters) corresponded to approximately 180 seconds.
tcp_synack_retries (integer; default: 5; since Linux 2.2)
The maximum number of times a SYN/ACK segment for a passive TCP connection will be retransmitted. This number should not be higher than 255.
tcp_syncookies (integer; default: 1; since Linux 2.2)
Enable TCP syncookies. The kernel must be compiled with CONFIG_SYN_COOKIES. The syncookies feature attempts to protect a socket from a SYN flood attack. This should be used as a last resort, if at all. This is a violation of the TCP protocol, and conflicts with other areas of TCP such as TCP extensions. It can cause problems for clients and relays. It is not recommended as a tuning mechanism for heavily loaded servers to help with
overloaded or misconfigured conditions. For recommended alternatives see tcp_max_syn_backlog, tcp_synack_retries, and tcp_abort_on_overflow. Set to one of the following values:
0 Disable TCP syncookies.
1 Send out syncookies when the syn backlog queue of a socket overflows.当套接字的syn积压队列溢出时,发送同步cookie。
2 (since Linux 3.12) Send out syncookies unconditionally. This can be useful for network testing.
tcp_timestamps (integer; default: 1; since Linux 2.2)
Set to one of the following values to enable or disable RFC 1323 TCP timestamps:
0 Disable timestamps.
1 Enable timestamps as defined in RFC1323 and use random offset for each connection rather than only using the current time.
2 As for the value 1, but without random offsets. Setting tcp_timestamps to this value is meaningful since Linux 4.10.
tcp_tso_win_divisor (integer; default: 3; since Linux 2.6.9)
This parameter controls what percentage of the congestion window can be consumed by a single TCP Segmentation Offload (TSO) frame. The setting of this parameter is a tradeoff between burstiness and building larger TSO frames.
tcp_tw_recycle (Boolean; default: disabled; Linux 2.4 to Linux 4.11)
Enable fast recycling of TIME_WAIT sockets. Enabling this option is not recommended as the remote IP may not use monotonically increasing timestamps (devices behind NAT, devices with per-connection timestamp offsets). See RFC 1323 (PAWS) and RFC 6191.启用TIME_WAIT套接字的快速回收。不建议启用此选项,因为远程IP可能不会使用单调递增的时间戳(NAT后的设备,具有每个连接时间戳偏移的设备)。参见RFC 1323 (PAWS)和RFC 6191。
tcp_tw_reuse (Boolean; default: disabled; since Linux 2.4.19/2.6)
Allow to reuse TIME_WAIT sockets for new connections when it is safe from protocol viewpoint. It should not be changed without advice/request of technical experts.允许重用TIME_WAIT套接字的新连接,当它是安全的从协议的观点。未经技术专家的建议/要求,不得更改。
tcp_vegas_cong_avoid (Boolean; default: disabled; Linux 2.2 to Linux 2.6.13)
Enable TCP Vegas congestion avoidance algorithm. TCP Vegas is a sender-side-only change to TCP that anticipates the onset of congestion by estimating the bandwidth. TCP Vegas adjusts the sending rate by modifying the con‐
gestion window. TCP Vegas should provide less packet loss, but it is not as aggressive as TCP Reno.
tcp_westwood (Boolean; default: disabled; Linux 2.4.26/2.6.3 to Linux 2.6.13)
Enable TCP Westwood+ congestion control algorithm. TCP Westwood+ is a sender-side-only modification of the TCP Reno protocol stack that optimizes the performance of TCP congestion control. It is based on end-to-end band‐
width estimation to set congestion window and slow start threshold after a congestion episode. Using this estimation, TCP Westwood+ adaptively sets a slow start threshold and a congestion window which takes into account the
bandwidth used at the time congestion is experienced. TCP Westwood+ significantly increases fairness with respect to TCP Reno in wired networks and throughput over wireless links.
tcp_window_scaling (Boolean; default: enabled; since Linux 2.2)
Enable RFC 1323 TCP window scaling. This feature allows the use of a large window (> 64 kB) on a TCP connection, should the other end support it. Normally, the 16 bit window length field in the TCP header limits the window size to less than 64 kB. 启用RFC 1323 TCP窗口缩放功能。这个特性允许在TCP连接上使用大窗口(> 64 kB),如果另一端支持的话。通常,TCP报头中的16位窗口长度字段将窗口大小限制在64 kB以内。
If larger windows are desired, applications can increase the size of their socket buffers and the window scaling option will be employed. If tcp_window_scaling is disabled, TCP will not negotiate the use of window scaling with the other end during connection setup.如果需要更大的窗口,应用程序可以增加其套接字缓冲区的大小,并使用窗口缩放选项。如果tcp_window_scaling被禁用,TCP将不会在连接建立期间与另一端协商窗口缩放的使用。
tcp_wmem (since Linux 2.4)
This is a vector of 3 integers: [min, default, max]. These parameters are used by TCP to regulate send buffer sizes. TCP dynamically adjusts the size of the send buffer from the default values listed below, in the range of these values, depending on memory available.这是一个由3个整数组成的向量:[min, default, max]。TCP使用这些参数来调节发送缓冲区的大小。TCP根据可用内存,从下面列出的默认值(在这些值的范围内)动态调整发送缓冲区的大小。
min Minimum size of the send buffer used by each TCP socket. The default value is the system page size. (On Linux 2.4, the default value is 4 kB.) This value is used to ensure that in memory pressure mode, allocations below this size will still succeed. This is not used to bound the size of the send buffer declared using SO_SNDBUF on a socket.每个TCP套接字使用的发送缓冲区的最小大小。默认值为系统页面大小。(在Linux 2.4中,默认值是4kb。)此值用于确保在内存压力模式下,低于此大小的分配仍然会成功。这并不用于绑定在套接字上使用SO_SNDBUF声明的发送缓冲区的大小。
default The default size of the send buffer for a TCP socket. This value overwrites the initial default buffer size from the generic global /proc/sys/net/core/wmem_default defined for all protocols. The default value is 16 kB. If larger send buffer sizes are desired, this value should be increased (to affect all sockets). To employ large TCP windows, the /proc/sys/net/ipv4/tcp_window_scaling must be set to a nonzero value (default).TCP套接字发送缓冲区的默认大小。该值覆盖所有协议定义的通用全局/proc/sys/net/core/wmem_default的初始默认缓冲区大小。默认值为16kb。如果需要更大的发送缓冲区大小,则应该增加该值(以影响所有套接字)。要使用大型TCP窗口,/proc/sys/net/ipv4/tcp_window_scaling必须设置为非零值(默认值)。
max The maximum size of the send buffer used by each TCP socket. This value does not override the value in /proc/sys/net/core/wmem_max. This is not used to limit the size of the send buffer declared using SO_SNDBUF on a socket. The default value is calculated using the formula max(65536, min(4 MB, tcp_mem[1]*PAGE_SIZE/128)) (On Linux 2.4, the default value is 128 kB, lowered 64 kB depending on low-memory systems.)每个TCP套接字使用的发送缓冲区的最大大小。该值不覆盖/proc/sys/net/core/wmem_max中的值。这并不用于限制在套接字上使用SO_SNDBUF声明的发送缓冲区的大小。默认值使用公式max(65536, min(4mb, tcp_mem[1]*PAGE_SIZE/128))计算(在Linux 2.4上,默认值为128 kB,根据低内存系统降低64 kB)。
tcp_workaround_signed_windows (Boolean; default: disabled; since Linux 2.6.26)
If enabled, assume that no receipt of a window-scaling option means that the remote TCP is broken and treats the window as a signed quantity. If disabled, assume that the remote TCP is not broken even if we do not receive a
window scaling option from it.
Socket options
To set or get a TCP socket option, call getsockopt(2) to read or setsockopt(2) to write the option with the option level argument set to IPPROTO_TCP. Unless otherwise noted, optval is a pointer to an int. In addition, most IPPROTO_IP socket options are valid on TCP sockets. For more information see ip(7).要设置或获取TCP套接字选项,调用getsockopt(2)来读取或调用setsockopt(2)来写入选项,并将option level参数设置为IPPROTO_TCP。除非另有说明,optval是一个指向int类型的指针。此外,大多数IPPROTO_IP套接字选项在TCP套接字上是有效的。更多信息参见ip(7)。
Following is a list of TCP-specific socket options. For details of some other socket options that are also applicable for TCP sockets, see socket(7).以下是特定于tcp的套接字选项列表。有关其他一些也适用于TCP套接字的套接字选项的详细信息,请参见socket(7)。
TCP_CONGESTION (since Linux 2.6.13)
The argument for this option is a string. This option allows the caller to set the TCP congestion control algorithm to be used, on a per-socket basis. Unprivileged processes are restricted to choosing one of the algorithms in tcp_allowed_congestion_control (described above). Privileged processes (CAP_NET_ADMIN) can choose from any of the available congestion-control algorithms (see the description of tcp_available_congestion_control above).这个选项的参数是一个字符串。此选项允许调用方设置要使用的TCP拥塞控制算法,以每个套接字为基础。非特权进程仅限于选择tcp_allowed_拥塞_control(如上所述)中的一种算法。特权进程(CAP_NET_ADMIN)可以从任何可用的拥塞控制算法中进行选择(请参阅上面tcp_available_拥塞控制的描述)。
TCP_CORK (since Linux 2.2)
If set, don't send out partial frames. All queued partial frames are sent when the option is cleared again. This is useful for prepending headers before calling sendfile(2), or for throughput optimization. As currently
implemented, there is a 200 millisecond ceiling on the time for which output is corked by TCP_CORK. If this ceiling is reached, then queued data is automatically transmitted. This option can be combined with TCP_NODELAY
only since Linux 2.5.71. This option should not be used in code intended to be portable.
TCP_DEFER_ACCEPT (since Linux 2.4)
Allow a listener to be awakened only when data arrives on the socket. Takes an integer value (seconds), this can bound the maximum number of attempts TCP will make to complete the connection. This option should not be used
in code intended to be portable.
TCP_INFO (since Linux 2.4)
Used to collect information about this socket. The kernel returns a struct tcp_info as defined in the file /usr/include/linux/tcp.h. This option should not be used in code intended to be portable.
TCP_KEEPCNT (since Linux 2.4)
The maximum number of keepalive probes TCP should send before dropping the connection. This option should not be used in code intended to be portable.
TCP_KEEPIDLE (since Linux 2.4)
The time (in seconds) the connection needs to remain idle before TCP starts sending keepalive probes, if the socket option SO_KEEPALIVE has been set on this socket. This option should not be used in code intended to be portable.
TCP_KEEPINTVL (since Linux 2.4)
The time (in seconds) between individual keepalive probes. This option should not be used in code intended to be portable.
TCP_LINGER2 (since Linux 2.4)
The lifetime of orphaned FIN_WAIT2 state sockets. This option can be used to override the system-wide setting in the file /proc/sys/net/ipv4/tcp_fin_timeout for this socket. This is not to be confused with the socket(7)
level option SO_LINGER. This option should not be used in code intended to be portable.
TCP_MAXSEG
The maximum segment size for outgoing TCP packets. In Linux 2.2 and earlier, and in Linux 2.6.28 and later, if this option is set before connection establishment, it also changes the MSS value announced to the other end in
the initial packet. Values greater than the (eventual) interface MTU have no effect. TCP will also impose its minimum and maximum bounds over the value provided.
TCP_NODELAY
If set, disable the Nagle algorithm. This means that segments are always sent as soon as possible, even if there is only a small amount of data. When not set, data is buffered until there is a sufficient amount to send out, thereby avoiding the frequent sending of small packets, which results in poor utilization of the network. This option is overridden by TCP_CORK; however, setting this option forces an explicit flush of pending output, even if TCP_CORK is currently set.
TCP_QUICKACK (since Linux 2.4.4)
Enable quickack mode if set or disable quickack mode if cleared. In quickack mode, acks are sent immediately, rather than delayed if needed in accordance to normal TCP operation. This flag is not permanent, it only enables a switch to or from quickack mode. Subsequent operation of the TCP protocol will once again enter/leave quickack mode depending on internal protocol processing and factors such as delayed ack timeouts occurring and data transfer. This option should not be used in code intended to be portable.
TCP_SYNCNT (since Linux 2.4)
Set the number of SYN retransmits that TCP should send before aborting the attempt to connect. It cannot exceed 255. This option should not be used in code intended to be portable.
TCP_USER_TIMEOUT (since Linux 2.6.37)
This option takes an unsigned int as an argument. When the value is greater than 0, it specifies the maximum amount of time in milliseconds that transmitted data may remain unacknowledged, or buffered data may remain untransmitted (due to zero window size) before TCP will forcibly close the corresponding connection and return ETIMEDOUT to the application. If the option value is specified as 0, TCP will use the system default.
Increasing user timeouts allows a TCP connection to survive extended periods without end-to-end connectivity. Decreasing user timeouts allows applications to "fail fast", if so desired. Otherwise, failure may take up to 20 minutes with the current system defaults in a normal WAN environment.
This option can be set during any state of a TCP connection, but is effective only during the synchronized states of a connection (ESTABLISHED, FIN-WAIT-1, FIN-WAIT-2, CLOSE-WAIT, CLOSING, and LAST-ACK). Moreover, when used with the TCP keepalive (SO_KEEPALIVE) option, TCP_USER_TIMEOUT will override keepalive to determine when to close a connection due to keepalive failure.
The option has no effect on when TCP retransmits a packet, nor when a keepalive probe is sent.
This option, like many others, will be inherited by the socket returned by accept(2), if it was set on the listening socket.
Further details on the user timeout feature can be found in RFC 793 and RFC 5482 ("TCP User Timeout Option").
TCP_WINDOW_CLAMP (since Linux 2.4)
Bound the size of the advertised window to this value. The kernel imposes a minimum size of SOCK_MIN_RCVBUF/2. This option should not be used in code intended to be portable.
TCP_FASTOPEN (since Linux 3.6)
This option enables Fast Open (RFC 7413) on the listener socket. The value specifies the maximum length of pending SYNs (similar to the backlog argument in listen(2)). Once enabled, the listener socket grants the TCP Fast Open cookie on incoming SYN with TCP Fast Open option.
More importantly it accepts the data in SYN with a valid Fast Open cookie and responds SYN-ACK acknowledging both the data and the SYN sequence. accept(2) returns a socket that is available for read and write when the handshake has not completed yet. Thus the data exchange can commence before the handshake completes. This option requires enabling the server-side support on sysctl net.ipv4.tcp_fastopen (see above). For TCP Fast Open client- side support, see send(2) MSG_FASTOPEN or TCP_FASTOPEN_CONNECT below.
TCP_FASTOPEN_CONNECT (since Linux 4.11)
This option enables an alternative way to perform Fast Open on the active side (client). When this option is enabled, connect(2) would behave differently depending on if a Fast Open cookie is available for the destination.
If a cookie is not available (i.e. first contact to the destination), connect(2) behaves as usual by sending a SYN immediately, except the SYN would include an empty Fast Open cookie option to solicit a cookie.
If a cookie is available, connect(2) would return 0 immediately but the SYN transmission is deferred. A subsequent write(2) or sendmsg(2) would trigger a SYN with data plus cookie in the Fast Open option. In other words, the actual connect operation is deferred until data is supplied.
Note: While this option is designed for convenience, enabling it does change the behaviors and certain system calls might set different errno values. With cookie present, write(2) or sendmsg(2) must be called right after connect(2) in order to send out SYN+data to complete 3WHS and establish connection. Calling read(2) right after connect(2) without write(2) will cause the blocking socket to be blocked forever.
The application should either set TCP_FASTOPEN_CONNECT socket option before write(2) or sendmsg(2), or call write(2) or sendmsg(2) with MSG_FASTOPEN flag directly, instead of both on the same connection.
Here is the typical call flow with this new option:
s = socket();
setsockopt(s, IPPROTO_TCP, TCP_FASTOPEN_CONNECT, 1, ...);
connect(s);
write(s); /* write() should always follow connect()
* in order to trigger SYN to go out. */
read(s)/write(s);
/* ... */
close(s);Sockets API
TCP provides limited support for out-of-band data, in the form of (a single byte of) urgent data. In Linux this means if the other end sends newer out-of-band data the older urgent data is inserted as normal data into the stream (even when SO_OOBINLINE is not set). This differs from BSD-based stacks.
Linux uses the BSD compatible interpretation of the urgent pointer field by default. This violates RFC 1122, but is required for interoperability with other stacks. It can be changed via /proc/sys/net/ipv4/tcp_stdurg.
It is possible to peek at out-of-band data using the recv(2) MSG_PEEK flag.
Since Linux 2.4, Linux supports the use of MSG_TRUNC in the flags argument of recv(2) (and recvmsg(2)). This flag causes the received bytes of data to be discarded, rather than passed back in a caller-supplied buffer. Since Linux 2.4.4, MSG_TRUNC also has this effect when used in conjunction with MSG_OOB to receive out-of-band data.
Ioctls
The following ioctl(2) calls return information in value. The correct syntax is:
int value;
error = ioctl(tcp_socket, ioctl_type, &value);
ioctl_type is one of the following:
SIOCINQ
Returns the amount of queued unread data in the receive buffer. The socket must not be in LISTEN state, otherwise an error (EINVAL) is returned. SIOCINQ is defined in <linux/sockios.h>. Alternatively, you can use the synonymous FIONREAD, defined in <sys/ioctl.h>.
SIOCATMARK
Returns true (i.e., value is nonzero) if the inbound data stream is at the urgent mark.
If the SO_OOBINLINE socket option is set, and SIOCATMARK returns true, then the next read from the socket will return the urgent data. If the SO_OOBINLINE socket option is not set, and SIOCATMARK returns true, then the next read from the socket will return the bytes following the urgent data (to actually read the urgent data requires the recv(MSG_OOB) flag).
Note that a read never reads across the urgent mark. If an application is informed of the presence of urgent data via select(2) (using the exceptfds argument) or through delivery of a SIGURG signal, then it can advance up to the mark using a loop which repeatedly tests SIOCATMARK and performs a read (requesting any number of bytes) as long as SIOCATMARK returns false.
SIOCOUTQ
Returns the amount of unsent data in the socket send queue. The socket must not be in LISTEN state, otherwise an error (EINVAL) is returned. SIOCOUTQ is defined in <linux/sockios.h>. Alternatively, you can use the synonymous TIOCOUTQ, defined in <sys/ioctl.h>.
Error handling
When a network error occurs, TCP tries to resend the packet. If it doesn't succeed after some time, either ETIMEDOUT or the last received error on this connection is reported.
Some applications require a quicker error notification. This can be enabled with the IPPROTO_IP level IP_RECVERR socket option. When this option is enabled, all incoming errors are immediately passed to the user program. Use this option with care — it makes TCP less tolerant to routing changes and other normal network conditions.
ERRORS
EAFNOTSUPPORT
Passed socket address type in sin_family was not AF_INET.
EPIPE The other end closed the socket unexpectedly or a read is executed on a shut down socket.
ETIMEDOUT
The other end didn't acknowledge retransmitted data after some time.
Any errors defined for ip(7) or the generic socket layer may also be returned for TCP.
VERSIONS
Support for Explicit Congestion Notification, zero-copy sendfile(2), reordering support and some SACK extensions (DSACK) were introduced in Linux 2.4. Support for forward acknowledgement (FACK), TIME_WAIT recycling, and per-con‐
nection keepalive socket options were introduced in Linux 2.3.
BUGS
Not all errors are documented.
IPv6 is not described.
SEE ALSO
accept(2), bind(2), connect(2), getsockopt(2), listen(2), recvmsg(2), sendfile(2), sendmsg(2), socket(2), ip(7), socket(7)
The kernel source file Documentation/networking/ip-sysctl.txt.
RFC 793 for the TCP specification.
RFC 1122 for the TCP requirements and a description of the Nagle algorithm.
RFC 1323 for TCP timestamp and window scaling options.
RFC 1337 for a description of TIME_WAIT assassination hazards.
RFC 3168 for a description of Explicit Congestion Notification.
RFC 2581 for TCP congestion control algorithms.
RFC 2018 and RFC 2883 for SACK and extensions to SACK.
