0001 # SPDX-License-Identifier: GPL-2.0-only
0002 #
0003 # Network configuration
0004 #
0005
0006 menuconfig NET
0007 bool "Networking support"
0008 select NLATTR
0009 select GENERIC_NET_UTILS
0010 select BPF
0011 help
0012 Unless you really know what you are doing, you should say Y here.
0013 The reason is that some programs need kernel networking support even
0014 when running on a stand-alone machine that isn't connected to any
0015 other computer.
0016
0017 If you are upgrading from an older kernel, you
0018 should consider updating your networking tools too because changes
0019 in the kernel and the tools often go hand in hand. The tools are
0020 contained in the package net-tools, the location and version number
0021 of which are given in <file:Documentation/Changes>.
0022
0023 For a general introduction to Linux networking, it is highly
0024 recommended to read the NET-HOWTO, available from
0025 <http://www.tldp.org/docs.html#howto>.
0026
0027 if NET
0028
0029 config WANT_COMPAT_NETLINK_MESSAGES
0030 bool
0031 help
0032 This option can be selected by other options that need compat
0033 netlink messages.
0034
0035 config COMPAT_NETLINK_MESSAGES
0036 def_bool y
0037 depends on COMPAT
0038 depends on WEXT_CORE || WANT_COMPAT_NETLINK_MESSAGES
0039 help
0040 This option makes it possible to send different netlink messages
0041 to tasks depending on whether the task is a compat task or not. To
0042 achieve this, you need to set skb_shinfo(skb)->frag_list to the
0043 compat skb before sending the skb, the netlink code will sort out
0044 which message to actually pass to the task.
0045
0046 Newly written code should NEVER need this option but do
0047 compat-independent messages instead!
0048
0049 config NET_INGRESS
0050 bool
0051
0052 config NET_EGRESS
0053 bool
0054
0055 config NET_REDIRECT
0056 bool
0057
0058 config SKB_EXTENSIONS
0059 bool
0060
0061 menu "Networking options"
0062
0063 source "net/packet/Kconfig"
0064 source "net/unix/Kconfig"
0065 source "net/tls/Kconfig"
0066 source "net/xfrm/Kconfig"
0067 source "net/iucv/Kconfig"
0068 source "net/smc/Kconfig"
0069 source "net/xdp/Kconfig"
0070
0071 config INET
0072 bool "TCP/IP networking"
0073 help
0074 These are the protocols used on the Internet and on most local
0075 Ethernets. It is highly recommended to say Y here (this will enlarge
0076 your kernel by about 400 KB), since some programs (e.g. the X window
0077 system) use TCP/IP even if your machine is not connected to any
0078 other computer. You will get the so-called loopback device which
0079 allows you to ping yourself (great fun, that!).
0080
0081 For an excellent introduction to Linux networking, please read the
0082 Linux Networking HOWTO, available from
0083 <http://www.tldp.org/docs.html#howto>.
0084
0085 If you say Y here and also to "/proc file system support" and
0086 "Sysctl support" below, you can change various aspects of the
0087 behavior of the TCP/IP code by writing to the (virtual) files in
0088 /proc/sys/net/ipv4/*; the options are explained in the file
0089 <file:Documentation/networking/ip-sysctl.rst>.
0090
0091 Short answer: say Y.
0092
0093 if INET
0094 source "net/ipv4/Kconfig"
0095 source "net/ipv6/Kconfig"
0096 source "net/netlabel/Kconfig"
0097 source "net/mptcp/Kconfig"
0098
0099 endif # if INET
0100
0101 config NETWORK_SECMARK
0102 bool "Security Marking"
0103 help
0104 This enables security marking of network packets, similar
0105 to nfmark, but designated for security purposes.
0106 If you are unsure how to answer this question, answer N.
0107
0108 config NET_PTP_CLASSIFY
0109 def_bool n
0110
0111 config NETWORK_PHY_TIMESTAMPING
0112 bool "Timestamping in PHY devices"
0113 select NET_PTP_CLASSIFY
0114 help
0115 This allows timestamping of network packets by PHYs (or
0116 other MII bus snooping devices) with hardware timestamping
0117 capabilities. This option adds some overhead in the transmit
0118 and receive paths.
0119
0120 If you are unsure how to answer this question, answer N.
0121
0122 menuconfig NETFILTER
0123 bool "Network packet filtering framework (Netfilter)"
0124 help
0125 Netfilter is a framework for filtering and mangling network packets
0126 that pass through your Linux box.
0127
0128 The most common use of packet filtering is to run your Linux box as
0129 a firewall protecting a local network from the Internet. The type of
0130 firewall provided by this kernel support is called a "packet
0131 filter", which means that it can reject individual network packets
0132 based on type, source, destination etc. The other kind of firewall,
0133 a "proxy-based" one, is more secure but more intrusive and more
0134 bothersome to set up; it inspects the network traffic much more
0135 closely, modifies it and has knowledge about the higher level
0136 protocols, which a packet filter lacks. Moreover, proxy-based
0137 firewalls often require changes to the programs running on the local
0138 clients. Proxy-based firewalls don't need support by the kernel, but
0139 they are often combined with a packet filter, which only works if
0140 you say Y here.
0141
0142 You should also say Y here if you intend to use your Linux box as
0143 the gateway to the Internet for a local network of machines without
0144 globally valid IP addresses. This is called "masquerading": if one
0145 of the computers on your local network wants to send something to
0146 the outside, your box can "masquerade" as that computer, i.e. it
0147 forwards the traffic to the intended outside destination, but
0148 modifies the packets to make it look like they came from the
0149 firewall box itself. It works both ways: if the outside host
0150 replies, the Linux box will silently forward the traffic to the
0151 correct local computer. This way, the computers on your local net
0152 are completely invisible to the outside world, even though they can
0153 reach the outside and can receive replies. It is even possible to
0154 run globally visible servers from within a masqueraded local network
0155 using a mechanism called portforwarding. Masquerading is also often
0156 called NAT (Network Address Translation).
0157
0158 Another use of Netfilter is in transparent proxying: if a machine on
0159 the local network tries to connect to an outside host, your Linux
0160 box can transparently forward the traffic to a local server,
0161 typically a caching proxy server.
0162
0163 Yet another use of Netfilter is building a bridging firewall. Using
0164 a bridge with Network packet filtering enabled makes iptables "see"
0165 the bridged traffic. For filtering on the lower network and Ethernet
0166 protocols over the bridge, use ebtables (under bridge netfilter
0167 configuration).
0168
0169 Various modules exist for netfilter which replace the previous
0170 masquerading (ipmasqadm), packet filtering (ipchains), transparent
0171 proxying, and portforwarding mechanisms. Please see
0172 <file:Documentation/Changes> under "iptables" for the location of
0173 these packages.
0174
0175 if NETFILTER
0176
0177 config NETFILTER_ADVANCED
0178 bool "Advanced netfilter configuration"
0179 depends on NETFILTER
0180 default y
0181 help
0182 If you say Y here you can select between all the netfilter modules.
0183 If you say N the more unusual ones will not be shown and the
0184 basic ones needed by most people will default to 'M'.
0185
0186 If unsure, say Y.
0187
0188 config BRIDGE_NETFILTER
0189 tristate "Bridged IP/ARP packets filtering"
0190 depends on BRIDGE
0191 depends on NETFILTER && INET
0192 depends on NETFILTER_ADVANCED
0193 select NETFILTER_FAMILY_BRIDGE
0194 select SKB_EXTENSIONS
0195 help
0196 Enabling this option will let arptables resp. iptables see bridged
0197 ARP resp. IP traffic. If you want a bridging firewall, you probably
0198 want this option enabled.
0199 Enabling or disabling this option doesn't enable or disable
0200 ebtables.
0201
0202 If unsure, say N.
0203
0204 source "net/netfilter/Kconfig"
0205 source "net/ipv4/netfilter/Kconfig"
0206 source "net/ipv6/netfilter/Kconfig"
0207 source "net/decnet/netfilter/Kconfig"
0208 source "net/bridge/netfilter/Kconfig"
0209
0210 endif
0211
0212 source "net/bpfilter/Kconfig"
0213
0214 source "net/dccp/Kconfig"
0215 source "net/sctp/Kconfig"
0216 source "net/rds/Kconfig"
0217 source "net/tipc/Kconfig"
0218 source "net/atm/Kconfig"
0219 source "net/l2tp/Kconfig"
0220 source "net/802/Kconfig"
0221 source "net/bridge/Kconfig"
0222 source "net/dsa/Kconfig"
0223 source "net/8021q/Kconfig"
0224 source "net/decnet/Kconfig"
0225 source "net/llc/Kconfig"
0226 source "drivers/net/appletalk/Kconfig"
0227 source "net/x25/Kconfig"
0228 source "net/lapb/Kconfig"
0229 source "net/phonet/Kconfig"
0230 source "net/6lowpan/Kconfig"
0231 source "net/ieee802154/Kconfig"
0232 source "net/mac802154/Kconfig"
0233 source "net/sched/Kconfig"
0234 source "net/dcb/Kconfig"
0235 source "net/dns_resolver/Kconfig"
0236 source "net/batman-adv/Kconfig"
0237 source "net/openvswitch/Kconfig"
0238 source "net/vmw_vsock/Kconfig"
0239 source "net/netlink/Kconfig"
0240 source "net/mpls/Kconfig"
0241 source "net/nsh/Kconfig"
0242 source "net/hsr/Kconfig"
0243 source "net/switchdev/Kconfig"
0244 source "net/l3mdev/Kconfig"
0245 source "net/qrtr/Kconfig"
0246 source "net/ncsi/Kconfig"
0247
0248 config PCPU_DEV_REFCNT
0249 bool "Use percpu variables to maintain network device refcount"
0250 depends on SMP
0251 default y
0252 help
0253 network device refcount are using per cpu variables if this option is set.
0254 This can be forced to N to detect underflows (with a performance drop).
0255
0256 config RPS
0257 bool
0258 depends on SMP && SYSFS
0259 default y
0260
0261 config RFS_ACCEL
0262 bool
0263 depends on RPS
0264 select CPU_RMAP
0265 default y
0266
0267 config SOCK_RX_QUEUE_MAPPING
0268 bool
0269
0270 config XPS
0271 bool
0272 depends on SMP
0273 select SOCK_RX_QUEUE_MAPPING
0274 default y
0275
0276 config HWBM
0277 bool
0278
0279 config CGROUP_NET_PRIO
0280 bool "Network priority cgroup"
0281 depends on CGROUPS
0282 select SOCK_CGROUP_DATA
0283 help
0284 Cgroup subsystem for use in assigning processes to network priorities on
0285 a per-interface basis.
0286
0287 config CGROUP_NET_CLASSID
0288 bool "Network classid cgroup"
0289 depends on CGROUPS
0290 select SOCK_CGROUP_DATA
0291 help
0292 Cgroup subsystem for use as general purpose socket classid marker that is
0293 being used in cls_cgroup and for netfilter matching.
0294
0295 config NET_RX_BUSY_POLL
0296 bool
0297 default y if !PREEMPT_RT
0298
0299 config BQL
0300 bool
0301 depends on SYSFS
0302 select DQL
0303 default y
0304
0305 config BPF_STREAM_PARSER
0306 bool "enable BPF STREAM_PARSER"
0307 depends on INET
0308 depends on BPF_SYSCALL
0309 depends on CGROUP_BPF
0310 select STREAM_PARSER
0311 select NET_SOCK_MSG
0312 help
0313 Enabling this allows a TCP stream parser to be used with
0314 BPF_MAP_TYPE_SOCKMAP.
0315
0316 config NET_FLOW_LIMIT
0317 bool
0318 depends on RPS
0319 default y
0320 help
0321 The network stack has to drop packets when a receive processing CPU's
0322 backlog reaches netdev_max_backlog. If a few out of many active flows
0323 generate the vast majority of load, drop their traffic earlier to
0324 maintain capacity for the other flows. This feature provides servers
0325 with many clients some protection against DoS by a single (spoofed)
0326 flow that greatly exceeds average workload.
0327
0328 menu "Network testing"
0329
0330 config NET_PKTGEN
0331 tristate "Packet Generator (USE WITH CAUTION)"
0332 depends on INET && PROC_FS
0333 help
0334 This module will inject preconfigured packets, at a configurable
0335 rate, out of a given interface. It is used for network interface
0336 stress testing and performance analysis. If you don't understand
0337 what was just said, you don't need it: say N.
0338
0339 Documentation on how to use the packet generator can be found
0340 at <file:Documentation/networking/pktgen.rst>.
0341
0342 To compile this code as a module, choose M here: the
0343 module will be called pktgen.
0344
0345 config NET_DROP_MONITOR
0346 tristate "Network packet drop alerting service"
0347 depends on INET && TRACEPOINTS
0348 help
0349 This feature provides an alerting service to userspace in the
0350 event that packets are discarded in the network stack. Alerts
0351 are broadcast via netlink socket to any listening user space
0352 process. If you don't need network drop alerts, or if you are ok
0353 just checking the various proc files and other utilities for
0354 drop statistics, say N here.
0355
0356 endmenu
0357
0358 endmenu
0359
0360 source "net/ax25/Kconfig"
0361 source "net/can/Kconfig"
0362 source "net/bluetooth/Kconfig"
0363 source "net/rxrpc/Kconfig"
0364 source "net/kcm/Kconfig"
0365 source "net/strparser/Kconfig"
0366 source "net/mctp/Kconfig"
0367
0368 config FIB_RULES
0369 bool
0370
0371 menuconfig WIRELESS
0372 bool "Wireless"
0373 depends on !S390
0374 default y
0375
0376 if WIRELESS
0377
0378 source "net/wireless/Kconfig"
0379 source "net/mac80211/Kconfig"
0380
0381 endif # WIRELESS
0382
0383 source "net/rfkill/Kconfig"
0384 source "net/9p/Kconfig"
0385 source "net/caif/Kconfig"
0386 source "net/ceph/Kconfig"
0387 source "net/nfc/Kconfig"
0388 source "net/psample/Kconfig"
0389 source "net/ife/Kconfig"
0390
0391 config LWTUNNEL
0392 bool "Network light weight tunnels"
0393 help
0394 This feature provides an infrastructure to support light weight
0395 tunnels like mpls. There is no netdevice associated with a light
0396 weight tunnel endpoint. Tunnel encapsulation parameters are stored
0397 with light weight tunnel state associated with fib routes.
0398
0399 config LWTUNNEL_BPF
0400 bool "Execute BPF program as route nexthop action"
0401 depends on LWTUNNEL && INET
0402 default y if LWTUNNEL=y
0403 help
0404 Allows to run BPF programs as a nexthop action following a route
0405 lookup for incoming and outgoing packets.
0406
0407 config DST_CACHE
0408 bool
0409 default n
0410
0411 config GRO_CELLS
0412 bool
0413 default n
0414
0415 config SOCK_VALIDATE_XMIT
0416 bool
0417
0418 config NET_SELFTESTS
0419 def_tristate PHYLIB
0420 depends on PHYLIB && INET
0421
0422 config NET_SOCK_MSG
0423 bool
0424 default n
0425 help
0426 The NET_SOCK_MSG provides a framework for plain sockets (e.g. TCP) or
0427 ULPs (upper layer modules, e.g. TLS) to process L7 application data
0428 with the help of BPF programs.
0429
0430 config NET_DEVLINK
0431 bool
0432 default n
0433
0434 config PAGE_POOL
0435 bool
0436
0437 config PAGE_POOL_STATS
0438 default n
0439 bool "Page pool stats"
0440 depends on PAGE_POOL
0441 help
0442 Enable page pool statistics to track page allocation and recycling
0443 in page pools. This option incurs additional CPU cost in allocation
0444 and recycle paths and additional memory cost to store the statistics.
0445 These statistics are only available if this option is enabled and if
0446 the driver using the page pool supports exporting this data.
0447
0448 If unsure, say N.
0449
0450 config FAILOVER
0451 tristate "Generic failover module"
0452 help
0453 The failover module provides a generic interface for paravirtual
0454 drivers to register a netdev and a set of ops with a failover
0455 instance. The ops are used as event handlers that get called to
0456 handle netdev register/unregister/link change/name change events
0457 on slave pci ethernet devices with the same mac address as the
0458 failover netdev. This enables paravirtual drivers to use a
0459 VF as an accelerated low latency datapath. It also allows live
0460 migration of VMs with direct attached VFs by failing over to the
0461 paravirtual datapath when the VF is unplugged.
0462
0463 config ETHTOOL_NETLINK
0464 bool "Netlink interface for ethtool"
0465 default y
0466 help
0467 An alternative userspace interface for ethtool based on generic
0468 netlink. It provides better extensibility and some new features,
0469 e.g. notification messages.
0470
0471 config NETDEV_ADDR_LIST_TEST
0472 tristate "Unit tests for device address list"
0473 default KUNIT_ALL_TESTS
0474 depends on KUNIT
0475
0476 endif # if NET
