0001 # SPDX-License-Identifier: GPL-2.0-only
0002 #
0003 # IP configuration
0004 #
0005 config IP_MULTICAST
0006 bool "IP: multicasting"
0007 help
0008 This is code for addressing several networked computers at once,
0009 enlarging your kernel by about 2 KB. You need multicasting if you
0010 intend to participate in the MBONE, a high bandwidth network on top
0011 of the Internet which carries audio and video broadcasts. More
0012 information about the MBONE is on the WWW at
0013 <https://www.savetz.com/mbone/>. For most people, it's safe to say N.
0014
0015 config IP_ADVANCED_ROUTER
0016 bool "IP: advanced router"
0017 help
0018 If you intend to run your Linux box mostly as a router, i.e. as a
0019 computer that forwards and redistributes network packets, say Y; you
0020 will then be presented with several options that allow more precise
0021 control about the routing process.
0022
0023 The answer to this question won't directly affect the kernel:
0024 answering N will just cause the configurator to skip all the
0025 questions about advanced routing.
0026
0027 Note that your box can only act as a router if you enable IP
0028 forwarding in your kernel; you can do that by saying Y to "/proc
0029 file system support" and "Sysctl support" below and executing the
0030 line
0031
0032 echo "1" > /proc/sys/net/ipv4/ip_forward
0033
0034 at boot time after the /proc file system has been mounted.
0035
0036 If you turn on IP forwarding, you should consider the rp_filter, which
0037 automatically rejects incoming packets if the routing table entry
0038 for their source address doesn't match the network interface they're
0039 arriving on. This has security advantages because it prevents the
0040 so-called IP spoofing, however it can pose problems if you use
0041 asymmetric routing (packets from you to a host take a different path
0042 than packets from that host to you) or if you operate a non-routing
0043 host which has several IP addresses on different interfaces. To turn
0044 rp_filter on use:
0045
0046 echo 1 > /proc/sys/net/ipv4/conf/<device>/rp_filter
0047 or
0048 echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
0049
0050 Note that some distributions enable it in startup scripts.
0051 For details about rp_filter strict and loose mode read
0052 <file:Documentation/networking/ip-sysctl.rst>.
0053
0054 If unsure, say N here.
0055
0056 config IP_FIB_TRIE_STATS
0057 bool "FIB TRIE statistics"
0058 depends on IP_ADVANCED_ROUTER
0059 help
0060 Keep track of statistics on structure of FIB TRIE table.
0061 Useful for testing and measuring TRIE performance.
0062
0063 config IP_MULTIPLE_TABLES
0064 bool "IP: policy routing"
0065 depends on IP_ADVANCED_ROUTER
0066 select FIB_RULES
0067 help
0068 Normally, a router decides what to do with a received packet based
0069 solely on the packet's final destination address. If you say Y here,
0070 the Linux router will also be able to take the packet's source
0071 address into account. Furthermore, the TOS (Type-Of-Service) field
0072 of the packet can be used for routing decisions as well.
0073
0074 If you need more information, see the Linux Advanced
0075 Routing and Traffic Control documentation at
0076 <https://lartc.org/howto/lartc.rpdb.html>
0077
0078 If unsure, say N.
0079
0080 config IP_ROUTE_MULTIPATH
0081 bool "IP: equal cost multipath"
0082 depends on IP_ADVANCED_ROUTER
0083 help
0084 Normally, the routing tables specify a single action to be taken in
0085 a deterministic manner for a given packet. If you say Y here
0086 however, it becomes possible to attach several actions to a packet
0087 pattern, in effect specifying several alternative paths to travel
0088 for those packets. The router considers all these paths to be of
0089 equal "cost" and chooses one of them in a non-deterministic fashion
0090 if a matching packet arrives.
0091
0092 config IP_ROUTE_VERBOSE
0093 bool "IP: verbose route monitoring"
0094 depends on IP_ADVANCED_ROUTER
0095 help
0096 If you say Y here, which is recommended, then the kernel will print
0097 verbose messages regarding the routing, for example warnings about
0098 received packets which look strange and could be evidence of an
0099 attack or a misconfigured system somewhere. The information is
0100 handled by the klogd daemon which is responsible for kernel messages
0101 ("man klogd").
0102
0103 config IP_ROUTE_CLASSID
0104 bool
0105
0106 config IP_PNP
0107 bool "IP: kernel level autoconfiguration"
0108 help
0109 This enables automatic configuration of IP addresses of devices and
0110 of the routing table during kernel boot, based on either information
0111 supplied on the kernel command line or by BOOTP or RARP protocols.
0112 You need to say Y only for diskless machines requiring network
0113 access to boot (in which case you want to say Y to "Root file system
0114 on NFS" as well), because all other machines configure the network
0115 in their startup scripts.
0116
0117 config IP_PNP_DHCP
0118 bool "IP: DHCP support"
0119 depends on IP_PNP
0120 help
0121 If you want your Linux box to mount its whole root file system (the
0122 one containing the directory /) from some other computer over the
0123 net via NFS and you want the IP address of your computer to be
0124 discovered automatically at boot time using the DHCP protocol (a
0125 special protocol designed for doing this job), say Y here. In case
0126 the boot ROM of your network card was designed for booting Linux and
0127 does DHCP itself, providing all necessary information on the kernel
0128 command line, you can say N here.
0129
0130 If unsure, say Y. Note that if you want to use DHCP, a DHCP server
0131 must be operating on your network. Read
0132 <file:Documentation/admin-guide/nfs/nfsroot.rst> for details.
0133
0134 config IP_PNP_BOOTP
0135 bool "IP: BOOTP support"
0136 depends on IP_PNP
0137 help
0138 If you want your Linux box to mount its whole root file system (the
0139 one containing the directory /) from some other computer over the
0140 net via NFS and you want the IP address of your computer to be
0141 discovered automatically at boot time using the BOOTP protocol (a
0142 special protocol designed for doing this job), say Y here. In case
0143 the boot ROM of your network card was designed for booting Linux and
0144 does BOOTP itself, providing all necessary information on the kernel
0145 command line, you can say N here. If unsure, say Y. Note that if you
0146 want to use BOOTP, a BOOTP server must be operating on your network.
0147 Read <file:Documentation/admin-guide/nfs/nfsroot.rst> for details.
0148
0149 config IP_PNP_RARP
0150 bool "IP: RARP support"
0151 depends on IP_PNP
0152 help
0153 If you want your Linux box to mount its whole root file system (the
0154 one containing the directory /) from some other computer over the
0155 net via NFS and you want the IP address of your computer to be
0156 discovered automatically at boot time using the RARP protocol (an
0157 older protocol which is being obsoleted by BOOTP and DHCP), say Y
0158 here. Note that if you want to use RARP, a RARP server must be
0159 operating on your network. Read
0160 <file:Documentation/admin-guide/nfs/nfsroot.rst> for details.
0161
0162 config NET_IPIP
0163 tristate "IP: tunneling"
0164 select INET_TUNNEL
0165 select NET_IP_TUNNEL
0166 help
0167 Tunneling means encapsulating data of one protocol type within
0168 another protocol and sending it over a channel that understands the
0169 encapsulating protocol. This particular tunneling driver implements
0170 encapsulation of IP within IP, which sounds kind of pointless, but
0171 can be useful if you want to make your (or some other) machine
0172 appear on a different network than it physically is, or to use
0173 mobile-IP facilities (allowing laptops to seamlessly move between
0174 networks without changing their IP addresses).
0175
0176 Saying Y to this option will produce two modules ( = code which can
0177 be inserted in and removed from the running kernel whenever you
0178 want). Most people won't need this and can say N.
0179
0180 config NET_IPGRE_DEMUX
0181 tristate "IP: GRE demultiplexer"
0182 help
0183 This is helper module to demultiplex GRE packets on GRE version field criteria.
0184 Required by ip_gre and pptp modules.
0185
0186 config NET_IP_TUNNEL
0187 tristate
0188 select DST_CACHE
0189 select GRO_CELLS
0190 default n
0191
0192 config NET_IPGRE
0193 tristate "IP: GRE tunnels over IP"
0194 depends on (IPV6 || IPV6=n) && NET_IPGRE_DEMUX
0195 select NET_IP_TUNNEL
0196 help
0197 Tunneling means encapsulating data of one protocol type within
0198 another protocol and sending it over a channel that understands the
0199 encapsulating protocol. This particular tunneling driver implements
0200 GRE (Generic Routing Encapsulation) and at this time allows
0201 encapsulating of IPv4 or IPv6 over existing IPv4 infrastructure.
0202 This driver is useful if the other endpoint is a Cisco router: Cisco
0203 likes GRE much better than the other Linux tunneling driver ("IP
0204 tunneling" above). In addition, GRE allows multicast redistribution
0205 through the tunnel.
0206
0207 config NET_IPGRE_BROADCAST
0208 bool "IP: broadcast GRE over IP"
0209 depends on IP_MULTICAST && NET_IPGRE
0210 help
0211 One application of GRE/IP is to construct a broadcast WAN (Wide Area
0212 Network), which looks like a normal Ethernet LAN (Local Area
0213 Network), but can be distributed all over the Internet. If you want
0214 to do that, say Y here and to "IP multicast routing" below.
0215
0216 config IP_MROUTE_COMMON
0217 bool
0218 depends on IP_MROUTE || IPV6_MROUTE
0219
0220 config IP_MROUTE
0221 bool "IP: multicast routing"
0222 depends on IP_MULTICAST
0223 select IP_MROUTE_COMMON
0224 help
0225 This is used if you want your machine to act as a router for IP
0226 packets that have several destination addresses. It is needed on the
0227 MBONE, a high bandwidth network on top of the Internet which carries
0228 audio and video broadcasts. In order to do that, you would most
0229 likely run the program mrouted. If you haven't heard about it, you
0230 don't need it.
0231
0232 config IP_MROUTE_MULTIPLE_TABLES
0233 bool "IP: multicast policy routing"
0234 depends on IP_MROUTE && IP_ADVANCED_ROUTER
0235 select FIB_RULES
0236 help
0237 Normally, a multicast router runs a userspace daemon and decides
0238 what to do with a multicast packet based on the source and
0239 destination addresses. If you say Y here, the multicast router
0240 will also be able to take interfaces and packet marks into
0241 account and run multiple instances of userspace daemons
0242 simultaneously, each one handling a single table.
0243
0244 If unsure, say N.
0245
0246 config IP_PIMSM_V1
0247 bool "IP: PIM-SM version 1 support"
0248 depends on IP_MROUTE
0249 help
0250 Kernel side support for Sparse Mode PIM (Protocol Independent
0251 Multicast) version 1. This multicast routing protocol is used widely
0252 because Cisco supports it. You need special software to use it
0253 (pimd-v1). Please see <http://netweb.usc.edu/pim/> for more
0254 information about PIM.
0255
0256 Say Y if you want to use PIM-SM v1. Note that you can say N here if
0257 you just want to use Dense Mode PIM.
0258
0259 config IP_PIMSM_V2
0260 bool "IP: PIM-SM version 2 support"
0261 depends on IP_MROUTE
0262 help
0263 Kernel side support for Sparse Mode PIM version 2. In order to use
0264 this, you need an experimental routing daemon supporting it (pimd or
0265 gated-5). This routing protocol is not used widely, so say N unless
0266 you want to play with it.
0267
0268 config SYN_COOKIES
0269 bool "IP: TCP syncookie support"
0270 help
0271 Normal TCP/IP networking is open to an attack known as "SYN
0272 flooding". This denial-of-service attack prevents legitimate remote
0273 users from being able to connect to your computer during an ongoing
0274 attack and requires very little work from the attacker, who can
0275 operate from anywhere on the Internet.
0276
0277 SYN cookies provide protection against this type of attack. If you
0278 say Y here, the TCP/IP stack will use a cryptographic challenge
0279 protocol known as "SYN cookies" to enable legitimate users to
0280 continue to connect, even when your machine is under attack. There
0281 is no need for the legitimate users to change their TCP/IP software;
0282 SYN cookies work transparently to them. For technical information
0283 about SYN cookies, check out <https://cr.yp.to/syncookies.html>.
0284
0285 If you are SYN flooded, the source address reported by the kernel is
0286 likely to have been forged by the attacker; it is only reported as
0287 an aid in tracing the packets to their actual source and should not
0288 be taken as absolute truth.
0289
0290 SYN cookies may prevent correct error reporting on clients when the
0291 server is really overloaded. If this happens frequently better turn
0292 them off.
0293
0294 If you say Y here, you can disable SYN cookies at run time by
0295 saying Y to "/proc file system support" and
0296 "Sysctl support" below and executing the command
0297
0298 echo 0 > /proc/sys/net/ipv4/tcp_syncookies
0299
0300 after the /proc file system has been mounted.
0301
0302 If unsure, say N.
0303
0304 config NET_IPVTI
0305 tristate "Virtual (secure) IP: tunneling"
0306 depends on IPV6 || IPV6=n
0307 select INET_TUNNEL
0308 select NET_IP_TUNNEL
0309 select XFRM
0310 help
0311 Tunneling means encapsulating data of one protocol type within
0312 another protocol and sending it over a channel that understands the
0313 encapsulating protocol. This can be used with xfrm mode tunnel to give
0314 the notion of a secure tunnel for IPSEC and then use routing protocol
0315 on top.
0316
0317 config NET_UDP_TUNNEL
0318 tristate
0319 select NET_IP_TUNNEL
0320 default n
0321
0322 config NET_FOU
0323 tristate "IP: Foo (IP protocols) over UDP"
0324 select NET_UDP_TUNNEL
0325 help
0326 Foo over UDP allows any IP protocol to be directly encapsulated
0327 over UDP include tunnels (IPIP, GRE, SIT). By encapsulating in UDP
0328 network mechanisms and optimizations for UDP (such as ECMP
0329 and RSS) can be leveraged to provide better service.
0330
0331 config NET_FOU_IP_TUNNELS
0332 bool "IP: FOU encapsulation of IP tunnels"
0333 depends on NET_IPIP || NET_IPGRE || IPV6_SIT
0334 select NET_FOU
0335 help
0336 Allow configuration of FOU or GUE encapsulation for IP tunnels.
0337 When this option is enabled IP tunnels can be configured to use
0338 FOU or GUE encapsulation.
0339
0340 config INET_AH
0341 tristate "IP: AH transformation"
0342 select XFRM_AH
0343 help
0344 Support for IPsec AH (Authentication Header).
0345
0346 AH can be used with various authentication algorithms. Besides
0347 enabling AH support itself, this option enables the generic
0348 implementations of the algorithms that RFC 8221 lists as MUST be
0349 implemented. If you need any other algorithms, you'll need to enable
0350 them in the crypto API. You should also enable accelerated
0351 implementations of any needed algorithms when available.
0352
0353 If unsure, say Y.
0354
0355 config INET_ESP
0356 tristate "IP: ESP transformation"
0357 select XFRM_ESP
0358 help
0359 Support for IPsec ESP (Encapsulating Security Payload).
0360
0361 ESP can be used with various encryption and authentication algorithms.
0362 Besides enabling ESP support itself, this option enables the generic
0363 implementations of the algorithms that RFC 8221 lists as MUST be
0364 implemented. If you need any other algorithms, you'll need to enable
0365 them in the crypto API. You should also enable accelerated
0366 implementations of any needed algorithms when available.
0367
0368 If unsure, say Y.
0369
0370 config INET_ESP_OFFLOAD
0371 tristate "IP: ESP transformation offload"
0372 depends on INET_ESP
0373 select XFRM_OFFLOAD
0374 default n
0375 help
0376 Support for ESP transformation offload. This makes sense
0377 only if this system really does IPsec and want to do it
0378 with high throughput. A typical desktop system does not
0379 need it, even if it does IPsec.
0380
0381 If unsure, say N.
0382
0383 config INET_ESPINTCP
0384 bool "IP: ESP in TCP encapsulation (RFC 8229)"
0385 depends on XFRM && INET_ESP
0386 select STREAM_PARSER
0387 select NET_SOCK_MSG
0388 select XFRM_ESPINTCP
0389 help
0390 Support for RFC 8229 encapsulation of ESP and IKE over
0391 TCP/IPv4 sockets.
0392
0393 If unsure, say N.
0394
0395 config INET_IPCOMP
0396 tristate "IP: IPComp transformation"
0397 select INET_XFRM_TUNNEL
0398 select XFRM_IPCOMP
0399 help
0400 Support for IP Payload Compression Protocol (IPComp) (RFC3173),
0401 typically needed for IPsec.
0402
0403 If unsure, say Y.
0404
0405 config INET_XFRM_TUNNEL
0406 tristate
0407 select INET_TUNNEL
0408 default n
0409
0410 config INET_TUNNEL
0411 tristate
0412 default n
0413
0414 config INET_DIAG
0415 tristate "INET: socket monitoring interface"
0416 default y
0417 help
0418 Support for INET (TCP, DCCP, etc) socket monitoring interface used by
0419 native Linux tools such as ss. ss is included in iproute2, currently
0420 downloadable at:
0421
0422 http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2
0423
0424 If unsure, say Y.
0425
0426 config INET_TCP_DIAG
0427 depends on INET_DIAG
0428 def_tristate INET_DIAG
0429
0430 config INET_UDP_DIAG
0431 tristate "UDP: socket monitoring interface"
0432 depends on INET_DIAG && (IPV6 || IPV6=n)
0433 default n
0434 help
0435 Support for UDP socket monitoring interface used by the ss tool.
0436 If unsure, say Y.
0437
0438 config INET_RAW_DIAG
0439 tristate "RAW: socket monitoring interface"
0440 depends on INET_DIAG && (IPV6 || IPV6=n)
0441 default n
0442 help
0443 Support for RAW socket monitoring interface used by the ss tool.
0444 If unsure, say Y.
0445
0446 config INET_DIAG_DESTROY
0447 bool "INET: allow privileged process to administratively close sockets"
0448 depends on INET_DIAG
0449 default n
0450 help
0451 Provides a SOCK_DESTROY operation that allows privileged processes
0452 (e.g., a connection manager or a network administration tool such as
0453 ss) to close sockets opened by other processes. Closing a socket in
0454 this way interrupts any blocking read/write/connect operations on
0455 the socket and causes future socket calls to behave as if the socket
0456 had been disconnected.
0457 If unsure, say N.
0458
0459 menuconfig TCP_CONG_ADVANCED
0460 bool "TCP: advanced congestion control"
0461 help
0462 Support for selection of various TCP congestion control
0463 modules.
0464
0465 Nearly all users can safely say no here, and a safe default
0466 selection will be made (CUBIC with new Reno as a fallback).
0467
0468 If unsure, say N.
0469
0470 if TCP_CONG_ADVANCED
0471
0472 config TCP_CONG_BIC
0473 tristate "Binary Increase Congestion (BIC) control"
0474 default m
0475 help
0476 BIC-TCP is a sender-side only change that ensures a linear RTT
0477 fairness under large windows while offering both scalability and
0478 bounded TCP-friendliness. The protocol combines two schemes
0479 called additive increase and binary search increase. When the
0480 congestion window is large, additive increase with a large
0481 increment ensures linear RTT fairness as well as good
0482 scalability. Under small congestion windows, binary search
0483 increase provides TCP friendliness.
0484 See http://www.csc.ncsu.edu/faculty/rhee/export/bitcp/
0485
0486 config TCP_CONG_CUBIC
0487 tristate "CUBIC TCP"
0488 default y
0489 help
0490 This is version 2.0 of BIC-TCP which uses a cubic growth function
0491 among other techniques.
0492 See http://www.csc.ncsu.edu/faculty/rhee/export/bitcp/cubic-paper.pdf
0493
0494 config TCP_CONG_WESTWOOD
0495 tristate "TCP Westwood+"
0496 default m
0497 help
0498 TCP Westwood+ is a sender-side only modification of the TCP Reno
0499 protocol stack that optimizes the performance of TCP congestion
0500 control. It is based on end-to-end bandwidth estimation to set
0501 congestion window and slow start threshold after a congestion
0502 episode. Using this estimation, TCP Westwood+ adaptively sets a
0503 slow start threshold and a congestion window which takes into
0504 account the bandwidth used at the time congestion is experienced.
0505 TCP Westwood+ significantly increases fairness wrt TCP Reno in
0506 wired networks and throughput over wireless links.
0507
0508 config TCP_CONG_HTCP
0509 tristate "H-TCP"
0510 default m
0511 help
0512 H-TCP is a send-side only modifications of the TCP Reno
0513 protocol stack that optimizes the performance of TCP
0514 congestion control for high speed network links. It uses a
0515 modeswitch to change the alpha and beta parameters of TCP Reno
0516 based on network conditions and in a way so as to be fair with
0517 other Reno and H-TCP flows.
0518
0519 config TCP_CONG_HSTCP
0520 tristate "High Speed TCP"
0521 default n
0522 help
0523 Sally Floyd's High Speed TCP (RFC 3649) congestion control.
0524 A modification to TCP's congestion control mechanism for use
0525 with large congestion windows. A table indicates how much to
0526 increase the congestion window by when an ACK is received.
0527 For more detail see https://www.icir.org/floyd/hstcp.html
0528
0529 config TCP_CONG_HYBLA
0530 tristate "TCP-Hybla congestion control algorithm"
0531 default n
0532 help
0533 TCP-Hybla is a sender-side only change that eliminates penalization of
0534 long-RTT, large-bandwidth connections, like when satellite legs are
0535 involved, especially when sharing a common bottleneck with normal
0536 terrestrial connections.
0537
0538 config TCP_CONG_VEGAS
0539 tristate "TCP Vegas"
0540 default n
0541 help
0542 TCP Vegas is a sender-side only change to TCP that anticipates
0543 the onset of congestion by estimating the bandwidth. TCP Vegas
0544 adjusts the sending rate by modifying the congestion
0545 window. TCP Vegas should provide less packet loss, but it is
0546 not as aggressive as TCP Reno.
0547
0548 config TCP_CONG_NV
0549 tristate "TCP NV"
0550 default n
0551 help
0552 TCP NV is a follow up to TCP Vegas. It has been modified to deal with
0553 10G networks, measurement noise introduced by LRO, GRO and interrupt
0554 coalescence. In addition, it will decrease its cwnd multiplicatively
0555 instead of linearly.
0556
0557 Note that in general congestion avoidance (cwnd decreased when # packets
0558 queued grows) cannot coexist with congestion control (cwnd decreased only
0559 when there is packet loss) due to fairness issues. One scenario when they
0560 can coexist safely is when the CA flows have RTTs << CC flows RTTs.
0561
0562 For further details see http://www.brakmo.org/networking/tcp-nv/
0563
0564 config TCP_CONG_SCALABLE
0565 tristate "Scalable TCP"
0566 default n
0567 help
0568 Scalable TCP is a sender-side only change to TCP which uses a
0569 MIMD congestion control algorithm which has some nice scaling
0570 properties, though is known to have fairness issues.
0571 See http://www.deneholme.net/tom/scalable/
0572
0573 config TCP_CONG_LP
0574 tristate "TCP Low Priority"
0575 default n
0576 help
0577 TCP Low Priority (TCP-LP), a distributed algorithm whose goal is
0578 to utilize only the excess network bandwidth as compared to the
0579 ``fair share`` of bandwidth as targeted by TCP.
0580 See http://www-ece.rice.edu/networks/TCP-LP/
0581
0582 config TCP_CONG_VENO
0583 tristate "TCP Veno"
0584 default n
0585 help
0586 TCP Veno is a sender-side only enhancement of TCP to obtain better
0587 throughput over wireless networks. TCP Veno makes use of state
0588 distinguishing to circumvent the difficult judgment of the packet loss
0589 type. TCP Veno cuts down less congestion window in response to random
0590 loss packets.
0591 See <http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=1177186>
0592
0593 config TCP_CONG_YEAH
0594 tristate "YeAH TCP"
0595 select TCP_CONG_VEGAS
0596 default n
0597 help
0598 YeAH-TCP is a sender-side high-speed enabled TCP congestion control
0599 algorithm, which uses a mixed loss/delay approach to compute the
0600 congestion window. It's design goals target high efficiency,
0601 internal, RTT and Reno fairness, resilience to link loss while
0602 keeping network elements load as low as possible.
0603
0604 For further details look here:
0605 http://wil.cs.caltech.edu/pfldnet2007/paper/YeAH_TCP.pdf
0606
0607 config TCP_CONG_ILLINOIS
0608 tristate "TCP Illinois"
0609 default n
0610 help
0611 TCP-Illinois is a sender-side modification of TCP Reno for
0612 high speed long delay links. It uses round-trip-time to
0613 adjust the alpha and beta parameters to achieve a higher average
0614 throughput and maintain fairness.
0615
0616 For further details see:
0617 http://www.ews.uiuc.edu/~shaoliu/tcpillinois/index.html
0618
0619 config TCP_CONG_DCTCP
0620 tristate "DataCenter TCP (DCTCP)"
0621 default n
0622 help
0623 DCTCP leverages Explicit Congestion Notification (ECN) in the network to
0624 provide multi-bit feedback to the end hosts. It is designed to provide:
0625
0626 - High burst tolerance (incast due to partition/aggregate),
0627 - Low latency (short flows, queries),
0628 - High throughput (continuous data updates, large file transfers) with
0629 commodity, shallow-buffered switches.
0630
0631 All switches in the data center network running DCTCP must support
0632 ECN marking and be configured for marking when reaching defined switch
0633 buffer thresholds. The default ECN marking threshold heuristic for
0634 DCTCP on switches is 20 packets (30KB) at 1Gbps, and 65 packets
0635 (~100KB) at 10Gbps, but might need further careful tweaking.
0636
0637 For further details see:
0638 http://simula.stanford.edu/~alizade/Site/DCTCP_files/dctcp-final.pdf
0639
0640 config TCP_CONG_CDG
0641 tristate "CAIA Delay-Gradient (CDG)"
0642 default n
0643 help
0644 CAIA Delay-Gradient (CDG) is a TCP congestion control that modifies
0645 the TCP sender in order to:
0646
0647 o Use the delay gradient as a congestion signal.
0648 o Back off with an average probability that is independent of the RTT.
0649 o Coexist with flows that use loss-based congestion control.
0650 o Tolerate packet loss unrelated to congestion.
0651
0652 For further details see:
0653 D.A. Hayes and G. Armitage. "Revisiting TCP congestion control using
0654 delay gradients." In Networking 2011. Preprint: http://goo.gl/No3vdg
0655
0656 config TCP_CONG_BBR
0657 tristate "BBR TCP"
0658 default n
0659 help
0660
0661 BBR (Bottleneck Bandwidth and RTT) TCP congestion control aims to
0662 maximize network utilization and minimize queues. It builds an explicit
0663 model of the bottleneck delivery rate and path round-trip propagation
0664 delay. It tolerates packet loss and delay unrelated to congestion. It
0665 can operate over LAN, WAN, cellular, wifi, or cable modem links. It can
0666 coexist with flows that use loss-based congestion control, and can
0667 operate with shallow buffers, deep buffers, bufferbloat, policers, or
0668 AQM schemes that do not provide a delay signal. It requires the fq
0669 ("Fair Queue") pacing packet scheduler.
0670
0671 choice
0672 prompt "Default TCP congestion control"
0673 default DEFAULT_CUBIC
0674 help
0675 Select the TCP congestion control that will be used by default
0676 for all connections.
0677
0678 config DEFAULT_BIC
0679 bool "Bic" if TCP_CONG_BIC=y
0680
0681 config DEFAULT_CUBIC
0682 bool "Cubic" if TCP_CONG_CUBIC=y
0683
0684 config DEFAULT_HTCP
0685 bool "Htcp" if TCP_CONG_HTCP=y
0686
0687 config DEFAULT_HYBLA
0688 bool "Hybla" if TCP_CONG_HYBLA=y
0689
0690 config DEFAULT_VEGAS
0691 bool "Vegas" if TCP_CONG_VEGAS=y
0692
0693 config DEFAULT_VENO
0694 bool "Veno" if TCP_CONG_VENO=y
0695
0696 config DEFAULT_WESTWOOD
0697 bool "Westwood" if TCP_CONG_WESTWOOD=y
0698
0699 config DEFAULT_DCTCP
0700 bool "DCTCP" if TCP_CONG_DCTCP=y
0701
0702 config DEFAULT_CDG
0703 bool "CDG" if TCP_CONG_CDG=y
0704
0705 config DEFAULT_BBR
0706 bool "BBR" if TCP_CONG_BBR=y
0707
0708 config DEFAULT_RENO
0709 bool "Reno"
0710 endchoice
0711
0712 endif
0713
0714 config TCP_CONG_CUBIC
0715 tristate
0716 depends on !TCP_CONG_ADVANCED
0717 default y
0718
0719 config DEFAULT_TCP_CONG
0720 string
0721 default "bic" if DEFAULT_BIC
0722 default "cubic" if DEFAULT_CUBIC
0723 default "htcp" if DEFAULT_HTCP
0724 default "hybla" if DEFAULT_HYBLA
0725 default "vegas" if DEFAULT_VEGAS
0726 default "westwood" if DEFAULT_WESTWOOD
0727 default "veno" if DEFAULT_VENO
0728 default "reno" if DEFAULT_RENO
0729 default "dctcp" if DEFAULT_DCTCP
0730 default "cdg" if DEFAULT_CDG
0731 default "bbr" if DEFAULT_BBR
0732 default "cubic"
0733
0734 config TCP_MD5SIG
0735 bool "TCP: MD5 Signature Option support (RFC2385)"
0736 select CRYPTO
0737 select CRYPTO_MD5
0738 help
0739 RFC2385 specifies a method of giving MD5 protection to TCP sessions.
0740 Its main (only?) use is to protect BGP sessions between core routers
0741 on the Internet.
0742
0743 If unsure, say N.
