Back to home page

LXR

 
 

    


0001 #
0002 # Network configuration
0003 #
0004 
0005 menuconfig NET
0006         bool "Networking support"
0007         select NLATTR
0008         select GENERIC_NET_UTILS
0009         select BPF
0010         ---help---
0011           Unless you really know what you are doing, you should say Y here.
0012           The reason is that some programs need kernel networking support even
0013           when running on a stand-alone machine that isn't connected to any
0014           other computer.
0015           
0016           If you are upgrading from an older kernel, you
0017           should consider updating your networking tools too because changes
0018           in the kernel and the tools often go hand in hand. The tools are
0019           contained in the package net-tools, the location and version number
0020           of which are given in <file:Documentation/Changes>.
0021 
0022           For a general introduction to Linux networking, it is highly
0023           recommended to read the NET-HOWTO, available from
0024           <http://www.tldp.org/docs.html#howto>.
0025 
0026 if NET
0027 
0028 config WANT_COMPAT_NETLINK_MESSAGES
0029         bool
0030         help
0031           This option can be selected by other options that need compat
0032           netlink messages.
0033 
0034 config COMPAT_NETLINK_MESSAGES
0035         def_bool y
0036         depends on COMPAT
0037         depends on WEXT_CORE || WANT_COMPAT_NETLINK_MESSAGES
0038         help
0039           This option makes it possible to send different netlink messages
0040           to tasks depending on whether the task is a compat task or not. To
0041           achieve this, you need to set skb_shinfo(skb)->frag_list to the
0042           compat skb before sending the skb, the netlink code will sort out
0043           which message to actually pass to the task.
0044 
0045           Newly written code should NEVER need this option but do
0046           compat-independent messages instead!
0047 
0048 config NET_INGRESS
0049         bool
0050 
0051 config NET_EGRESS
0052         bool
0053 
0054 menu "Networking options"
0055 
0056 source "net/packet/Kconfig"
0057 source "net/unix/Kconfig"
0058 source "net/xfrm/Kconfig"
0059 source "net/iucv/Kconfig"
0060 
0061 config INET
0062         bool "TCP/IP networking"
0063         select CRYPTO
0064         select CRYPTO_AES
0065         ---help---
0066           These are the protocols used on the Internet and on most local
0067           Ethernets. It is highly recommended to say Y here (this will enlarge
0068           your kernel by about 400 KB), since some programs (e.g. the X window
0069           system) use TCP/IP even if your machine is not connected to any
0070           other computer. You will get the so-called loopback device which
0071           allows you to ping yourself (great fun, that!).
0072 
0073           For an excellent introduction to Linux networking, please read the
0074           Linux Networking HOWTO, available from
0075           <http://www.tldp.org/docs.html#howto>.
0076 
0077           If you say Y here and also to "/proc file system support" and
0078           "Sysctl support" below, you can change various aspects of the
0079           behavior of the TCP/IP code by writing to the (virtual) files in
0080           /proc/sys/net/ipv4/*; the options are explained in the file
0081           <file:Documentation/networking/ip-sysctl.txt>.
0082 
0083           Short answer: say Y.
0084 
0085 if INET
0086 source "net/ipv4/Kconfig"
0087 source "net/ipv6/Kconfig"
0088 source "net/netlabel/Kconfig"
0089 
0090 endif # if INET
0091 
0092 config NETWORK_SECMARK
0093         bool "Security Marking"
0094         help
0095           This enables security marking of network packets, similar
0096           to nfmark, but designated for security purposes.
0097           If you are unsure how to answer this question, answer N.
0098 
0099 config NET_PTP_CLASSIFY
0100         def_bool n
0101 
0102 config NETWORK_PHY_TIMESTAMPING
0103         bool "Timestamping in PHY devices"
0104         select NET_PTP_CLASSIFY
0105         help
0106           This allows timestamping of network packets by PHYs with
0107           hardware timestamping capabilities. This option adds some
0108           overhead in the transmit and receive paths.
0109 
0110           If you are unsure how to answer this question, answer N.
0111 
0112 menuconfig NETFILTER
0113         bool "Network packet filtering framework (Netfilter)"
0114         ---help---
0115           Netfilter is a framework for filtering and mangling network packets
0116           that pass through your Linux box.
0117 
0118           The most common use of packet filtering is to run your Linux box as
0119           a firewall protecting a local network from the Internet. The type of
0120           firewall provided by this kernel support is called a "packet
0121           filter", which means that it can reject individual network packets
0122           based on type, source, destination etc. The other kind of firewall,
0123           a "proxy-based" one, is more secure but more intrusive and more
0124           bothersome to set up; it inspects the network traffic much more
0125           closely, modifies it and has knowledge about the higher level
0126           protocols, which a packet filter lacks. Moreover, proxy-based
0127           firewalls often require changes to the programs running on the local
0128           clients. Proxy-based firewalls don't need support by the kernel, but
0129           they are often combined with a packet filter, which only works if
0130           you say Y here.
0131 
0132           You should also say Y here if you intend to use your Linux box as
0133           the gateway to the Internet for a local network of machines without
0134           globally valid IP addresses. This is called "masquerading": if one
0135           of the computers on your local network wants to send something to
0136           the outside, your box can "masquerade" as that computer, i.e. it
0137           forwards the traffic to the intended outside destination, but
0138           modifies the packets to make it look like they came from the
0139           firewall box itself. It works both ways: if the outside host
0140           replies, the Linux box will silently forward the traffic to the
0141           correct local computer. This way, the computers on your local net
0142           are completely invisible to the outside world, even though they can
0143           reach the outside and can receive replies. It is even possible to
0144           run globally visible servers from within a masqueraded local network
0145           using a mechanism called portforwarding. Masquerading is also often
0146           called NAT (Network Address Translation).
0147 
0148           Another use of Netfilter is in transparent proxying: if a machine on
0149           the local network tries to connect to an outside host, your Linux
0150           box can transparently forward the traffic to a local server,
0151           typically a caching proxy server.
0152 
0153           Yet another use of Netfilter is building a bridging firewall. Using
0154           a bridge with Network packet filtering enabled makes iptables "see"
0155           the bridged traffic. For filtering on the lower network and Ethernet
0156           protocols over the bridge, use ebtables (under bridge netfilter
0157           configuration).
0158 
0159           Various modules exist for netfilter which replace the previous
0160           masquerading (ipmasqadm), packet filtering (ipchains), transparent
0161           proxying, and portforwarding mechanisms. Please see
0162           <file:Documentation/Changes> under "iptables" for the location of
0163           these packages.
0164 
0165 if NETFILTER
0166 
0167 config NETFILTER_DEBUG
0168         bool "Network packet filtering debugging"
0169         depends on NETFILTER
0170         help
0171           You can say Y here if you want to get additional messages useful in
0172           debugging the netfilter code.
0173 
0174 config NETFILTER_ADVANCED
0175         bool "Advanced netfilter configuration"
0176         depends on NETFILTER
0177         default y
0178         help
0179           If you say Y here you can select between all the netfilter modules.
0180           If you say N the more unusual ones will not be shown and the
0181           basic ones needed by most people will default to 'M'.
0182 
0183           If unsure, say Y.
0184 
0185 config BRIDGE_NETFILTER
0186         tristate "Bridged IP/ARP packets filtering"
0187         depends on BRIDGE
0188         depends on NETFILTER && INET
0189         depends on NETFILTER_ADVANCED
0190         default m
0191         ---help---
0192           Enabling this option will let arptables resp. iptables see bridged
0193           ARP resp. IP traffic. If you want a bridging firewall, you probably
0194           want this option enabled.
0195           Enabling or disabling this option doesn't enable or disable
0196           ebtables.
0197 
0198           If unsure, say N.
0199 
0200 source "net/netfilter/Kconfig"
0201 source "net/ipv4/netfilter/Kconfig"
0202 source "net/ipv6/netfilter/Kconfig"
0203 source "net/decnet/netfilter/Kconfig"
0204 source "net/bridge/netfilter/Kconfig"
0205 
0206 endif
0207 
0208 source "net/dccp/Kconfig"
0209 source "net/sctp/Kconfig"
0210 source "net/rds/Kconfig"
0211 source "net/tipc/Kconfig"
0212 source "net/atm/Kconfig"
0213 source "net/l2tp/Kconfig"
0214 source "net/802/Kconfig"
0215 source "net/bridge/Kconfig"
0216 source "net/dsa/Kconfig"
0217 source "net/8021q/Kconfig"
0218 source "net/decnet/Kconfig"
0219 source "net/llc/Kconfig"
0220 source "net/ipx/Kconfig"
0221 source "drivers/net/appletalk/Kconfig"
0222 source "net/x25/Kconfig"
0223 source "net/lapb/Kconfig"
0224 source "net/phonet/Kconfig"
0225 source "net/6lowpan/Kconfig"
0226 source "net/ieee802154/Kconfig"
0227 source "net/mac802154/Kconfig"
0228 source "net/sched/Kconfig"
0229 source "net/dcb/Kconfig"
0230 source "net/dns_resolver/Kconfig"
0231 source "net/batman-adv/Kconfig"
0232 source "net/openvswitch/Kconfig"
0233 source "net/vmw_vsock/Kconfig"
0234 source "net/netlink/Kconfig"
0235 source "net/mpls/Kconfig"
0236 source "net/hsr/Kconfig"
0237 source "net/switchdev/Kconfig"
0238 source "net/l3mdev/Kconfig"
0239 source "net/qrtr/Kconfig"
0240 source "net/ncsi/Kconfig"
0241 
0242 config RPS
0243         bool
0244         depends on SMP && SYSFS
0245         default y
0246 
0247 config RFS_ACCEL
0248         bool
0249         depends on RPS
0250         select CPU_RMAP
0251         default y
0252 
0253 config XPS
0254         bool
0255         depends on SMP
0256         default y
0257 
0258 config HWBM
0259        bool
0260 
0261 config CGROUP_NET_PRIO
0262         bool "Network priority cgroup"
0263         depends on CGROUPS
0264         select SOCK_CGROUP_DATA
0265         ---help---
0266           Cgroup subsystem for use in assigning processes to network priorities on
0267           a per-interface basis.
0268 
0269 config CGROUP_NET_CLASSID
0270         bool "Network classid cgroup"
0271         depends on CGROUPS
0272         select SOCK_CGROUP_DATA
0273         ---help---
0274           Cgroup subsystem for use as general purpose socket classid marker that is
0275           being used in cls_cgroup and for netfilter matching.
0276 
0277 config NET_RX_BUSY_POLL
0278         bool
0279         default y
0280 
0281 config BQL
0282         bool
0283         depends on SYSFS
0284         select DQL
0285         default y
0286 
0287 config BPF_JIT
0288         bool "enable BPF Just In Time compiler"
0289         depends on HAVE_CBPF_JIT || HAVE_EBPF_JIT
0290         depends on MODULES
0291         ---help---
0292           Berkeley Packet Filter filtering capabilities are normally handled
0293           by an interpreter. This option allows kernel to generate a native
0294           code when filter is loaded in memory. This should speedup
0295           packet sniffing (libpcap/tcpdump).
0296 
0297           Note, admin should enable this feature changing:
0298           /proc/sys/net/core/bpf_jit_enable
0299           /proc/sys/net/core/bpf_jit_harden (optional)
0300 
0301 config NET_FLOW_LIMIT
0302         bool
0303         depends on RPS
0304         default y
0305         ---help---
0306           The network stack has to drop packets when a receive processing CPU's
0307           backlog reaches netdev_max_backlog. If a few out of many active flows
0308           generate the vast majority of load, drop their traffic earlier to
0309           maintain capacity for the other flows. This feature provides servers
0310           with many clients some protection against DoS by a single (spoofed)
0311           flow that greatly exceeds average workload.
0312 
0313 menu "Network testing"
0314 
0315 config NET_PKTGEN
0316         tristate "Packet Generator (USE WITH CAUTION)"
0317         depends on INET && PROC_FS
0318         ---help---
0319           This module will inject preconfigured packets, at a configurable
0320           rate, out of a given interface.  It is used for network interface
0321           stress testing and performance analysis.  If you don't understand
0322           what was just said, you don't need it: say N.
0323 
0324           Documentation on how to use the packet generator can be found
0325           at <file:Documentation/networking/pktgen.txt>.
0326 
0327           To compile this code as a module, choose M here: the
0328           module will be called pktgen.
0329 
0330 config NET_TCPPROBE
0331         tristate "TCP connection probing"
0332         depends on INET && PROC_FS && KPROBES
0333         ---help---
0334         This module allows for capturing the changes to TCP connection
0335         state in response to incoming packets. It is used for debugging
0336         TCP congestion avoidance modules. If you don't understand
0337         what was just said, you don't need it: say N.
0338 
0339         Documentation on how to use TCP connection probing can be found
0340         at:
0341         
0342           http://www.linuxfoundation.org/collaborate/workgroups/networking/tcpprobe
0343 
0344         To compile this code as a module, choose M here: the
0345         module will be called tcp_probe.
0346 
0347 config NET_DROP_MONITOR
0348         tristate "Network packet drop alerting service"
0349         depends on INET && TRACEPOINTS
0350         ---help---
0351         This feature provides an alerting service to userspace in the
0352         event that packets are discarded in the network stack.  Alerts
0353         are broadcast via netlink socket to any listening user space
0354         process.  If you don't need network drop alerts, or if you are ok
0355         just checking the various proc files and other utilities for
0356         drop statistics, say N here.
0357 
0358 endmenu
0359 
0360 endmenu
0361 
0362 source "net/ax25/Kconfig"
0363 source "net/can/Kconfig"
0364 source "net/irda/Kconfig"
0365 source "net/bluetooth/Kconfig"
0366 source "net/rxrpc/Kconfig"
0367 source "net/kcm/Kconfig"
0368 source "net/strparser/Kconfig"
0369 
0370 config FIB_RULES
0371         bool
0372 
0373 menuconfig WIRELESS
0374         bool "Wireless"
0375         depends on !S390
0376         default y
0377 
0378 if WIRELESS
0379 
0380 source "net/wireless/Kconfig"
0381 source "net/mac80211/Kconfig"
0382 
0383 endif # WIRELESS
0384 
0385 source "net/wimax/Kconfig"
0386 
0387 source "net/rfkill/Kconfig"
0388 source "net/9p/Kconfig"
0389 source "net/caif/Kconfig"
0390 source "net/ceph/Kconfig"
0391 source "net/nfc/Kconfig"
0392 
0393 config LWTUNNEL
0394         bool "Network light weight tunnels"
0395         ---help---
0396           This feature provides an infrastructure to support light weight
0397           tunnels like mpls. There is no netdevice associated with a light
0398           weight tunnel endpoint. Tunnel encapsulation parameters are stored
0399           with light weight tunnel state associated with fib routes.
0400 
0401 config LWTUNNEL_BPF
0402         bool "Execute BPF program as route nexthop action"
0403         depends on LWTUNNEL
0404         default y if LWTUNNEL=y
0405         ---help---
0406           Allows to run BPF programs as a nexthop action following a route
0407           lookup for incoming and outgoing packets.
0408 
0409 config DST_CACHE
0410         bool
0411         default n
0412 
0413 config NET_DEVLINK
0414         tristate "Network physical/parent device Netlink interface"
0415         help
0416           Network physical/parent device Netlink interface provides
0417           infrastructure to support access to physical chip-wide config and
0418           monitoring.
0419 
0420 config MAY_USE_DEVLINK
0421         tristate
0422         default m if NET_DEVLINK=m
0423         default y if NET_DEVLINK=y || NET_DEVLINK=n
0424         help
0425           Drivers using the devlink infrastructure should have a dependency
0426           on MAY_USE_DEVLINK to ensure they do not cause link errors when
0427           devlink is a loadable module and the driver using it is built-in.
0428 
0429 endif   # if NET
0430 
0431 # Used by archs to tell that they support BPF JIT compiler plus which flavour.
0432 # Only one of the two can be selected for a specific arch since eBPF JIT supersedes
0433 # the cBPF JIT.
0434 
0435 # Classic BPF JIT (cBPF)
0436 config HAVE_CBPF_JIT
0437         bool
0438 
0439 # Extended BPF JIT (eBPF)
0440 config HAVE_EBPF_JIT
0441         bool