CONFIG_NET_TCP_TIME_WAIT_DELAY

How long to wait in TIME_WAIT state (in milliseconds)

Type: int

Help

To avoid a (low-probability) issue when delayed packets from previous connection get delivered to next connection reusing the same local/remote ports, RFC 793 (TCP) suggests to keep an old, closed connection in a special “TIME_WAIT” state for the duration of 2*MSL (Maximum Segment Lifetime). The RFC suggests to use MSL of 2 minutes, but notes “This is an engineering choice, and may be changed if experience indicates it is desirable to do so.” For low-resource systems, having large MSL may lead to quick resource exhaustion (and related DoS attacks). At the same time, the issue of packet misdelivery is largely alleviated in the modern TCP stacks by using random, non-repeating port numbers and initial sequence numbers. Due to this, Zephyr uses much lower value of 250ms by default. Value of 0 disables TIME_WAIT state completely.

Direct dependencies

NET_TCP && !NET_RAW_MODE && NETWORKING

(Includes any dependencies from ifs and menus.)

Default

  • 250

Kconfig definition

At subsys/net/ip/Kconfig:304

Included via Kconfig:8Kconfig.zephyr:44subsys/Kconfig:22subsys/net/Kconfig:80

Menu path: (Top) → Networking → Link layer and IP networking support → IP stack → Enable TCP

config NET_TCP_TIME_WAIT_DELAY
    int "How long to wait in TIME_WAIT state (in milliseconds)"
    default 250
    depends on NET_TCP && !NET_RAW_MODE && NETWORKING
    help
      To avoid a (low-probability) issue when delayed packets from
      previous connection get delivered to next connection reusing
      the same local/remote ports, RFC 793 (TCP) suggests to keep
      an old, closed connection in a special "TIME_WAIT" state for
      the duration of 2*MSL (Maximum Segment Lifetime). The RFC
      suggests to use MSL of 2 minutes, but notes "This is an
      engineering choice, and may be changed if experience indicates
      it is desirable to do so." For low-resource systems, having
      large MSL may lead to quick resource exhaustion (and related
      DoS attacks). At the same time, the issue of packet misdelivery
      is largely alleviated in the modern TCP stacks by using random,
      non-repeating port numbers and initial sequence numbers. Due
      to this, Zephyr uses much lower value of 250ms by default.
      Value of 0 disables TIME_WAIT state completely.

(The ‘depends on’ condition includes propagated dependencies from ifs and menus.)