0001 # SPDX-License-Identifier: GPL-2.0-only
0002 #
0003 # Traffic control configuration.
0004 #
0005
0006 menuconfig NET_SCHED
0007 bool "QoS and/or fair queueing"
0008 select NET_SCH_FIFO
0009 help
0010 When the kernel has several packets to send out over a network
0011 device, it has to decide which ones to send first, which ones to
0012 delay, and which ones to drop. This is the job of the queueing
0013 disciplines, several different algorithms for how to do this
0014 "fairly" have been proposed.
0015
0016 If you say N here, you will get the standard packet scheduler, which
0017 is a FIFO (first come, first served). If you say Y here, you will be
0018 able to choose from among several alternative algorithms which can
0019 then be attached to different network devices. This is useful for
0020 example if some of your network devices are real time devices that
0021 need a certain minimum data flow rate, or if you need to limit the
0022 maximum data flow rate for traffic which matches specified criteria.
0023 This code is considered to be experimental.
0024
0025 To administer these schedulers, you'll need the user-level utilities
0026 from the package iproute2+tc at
0027 <https://www.kernel.org/pub/linux/utils/net/iproute2/>. That package
0028 also contains some documentation; for more, check out
0029 <http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2>.
0030
0031 This Quality of Service (QoS) support will enable you to use
0032 Differentiated Services (diffserv) and Resource Reservation Protocol
0033 (RSVP) on your Linux router if you also say Y to the corresponding
0034 classifiers below. Documentation and software is at
0035 <http://diffserv.sourceforge.net/>.
0036
0037 If you say Y here and to "/proc file system" below, you will be able
0038 to read status information about packet schedulers from the file
0039 /proc/net/psched.
0040
0041 The available schedulers are listed in the following questions; you
0042 can say Y to as many as you like. If unsure, say N now.
0043
0044 if NET_SCHED
0045
0046 comment "Queueing/Scheduling"
0047
0048 config NET_SCH_CBQ
0049 tristate "Class Based Queueing (CBQ)"
0050 help
0051 Say Y here if you want to use the Class-Based Queueing (CBQ) packet
0052 scheduling algorithm. This algorithm classifies the waiting packets
0053 into a tree-like hierarchy of classes; the leaves of this tree are
0054 in turn scheduled by separate algorithms.
0055
0056 See the top of <file:net/sched/sch_cbq.c> for more details.
0057
0058 CBQ is a commonly used scheduler, so if you're unsure, you should
0059 say Y here. Then say Y to all the queueing algorithms below that you
0060 want to use as leaf disciplines.
0061
0062 To compile this code as a module, choose M here: the
0063 module will be called sch_cbq.
0064
0065 config NET_SCH_HTB
0066 tristate "Hierarchical Token Bucket (HTB)"
0067 help
0068 Say Y here if you want to use the Hierarchical Token Buckets (HTB)
0069 packet scheduling algorithm. See
0070 <http://luxik.cdi.cz/~devik/qos/htb/> for complete manual and
0071 in-depth articles.
0072
0073 HTB is very similar to CBQ regarding its goals however is has
0074 different properties and different algorithm.
0075
0076 To compile this code as a module, choose M here: the
0077 module will be called sch_htb.
0078
0079 config NET_SCH_HFSC
0080 tristate "Hierarchical Fair Service Curve (HFSC)"
0081 help
0082 Say Y here if you want to use the Hierarchical Fair Service Curve
0083 (HFSC) packet scheduling algorithm.
0084
0085 To compile this code as a module, choose M here: the
0086 module will be called sch_hfsc.
0087
0088 config NET_SCH_ATM
0089 tristate "ATM Virtual Circuits (ATM)"
0090 depends on ATM
0091 help
0092 Say Y here if you want to use the ATM pseudo-scheduler. This
0093 provides a framework for invoking classifiers, which in turn
0094 select classes of this queuing discipline. Each class maps
0095 the flow(s) it is handling to a given virtual circuit.
0096
0097 See the top of <file:net/sched/sch_atm.c> for more details.
0098
0099 To compile this code as a module, choose M here: the
0100 module will be called sch_atm.
0101
0102 config NET_SCH_PRIO
0103 tristate "Multi Band Priority Queueing (PRIO)"
0104 help
0105 Say Y here if you want to use an n-band priority queue packet
0106 scheduler.
0107
0108 To compile this code as a module, choose M here: the
0109 module will be called sch_prio.
0110
0111 config NET_SCH_MULTIQ
0112 tristate "Hardware Multiqueue-aware Multi Band Queuing (MULTIQ)"
0113 help
0114 Say Y here if you want to use an n-band queue packet scheduler
0115 to support devices that have multiple hardware transmit queues.
0116
0117 To compile this code as a module, choose M here: the
0118 module will be called sch_multiq.
0119
0120 config NET_SCH_RED
0121 tristate "Random Early Detection (RED)"
0122 help
0123 Say Y here if you want to use the Random Early Detection (RED)
0124 packet scheduling algorithm.
0125
0126 See the top of <file:net/sched/sch_red.c> for more details.
0127
0128 To compile this code as a module, choose M here: the
0129 module will be called sch_red.
0130
0131 config NET_SCH_SFB
0132 tristate "Stochastic Fair Blue (SFB)"
0133 help
0134 Say Y here if you want to use the Stochastic Fair Blue (SFB)
0135 packet scheduling algorithm.
0136
0137 See the top of <file:net/sched/sch_sfb.c> for more details.
0138
0139 To compile this code as a module, choose M here: the
0140 module will be called sch_sfb.
0141
0142 config NET_SCH_SFQ
0143 tristate "Stochastic Fairness Queueing (SFQ)"
0144 help
0145 Say Y here if you want to use the Stochastic Fairness Queueing (SFQ)
0146 packet scheduling algorithm.
0147
0148 See the top of <file:net/sched/sch_sfq.c> for more details.
0149
0150 To compile this code as a module, choose M here: the
0151 module will be called sch_sfq.
0152
0153 config NET_SCH_TEQL
0154 tristate "True Link Equalizer (TEQL)"
0155 help
0156 Say Y here if you want to use the True Link Equalizer (TLE) packet
0157 scheduling algorithm. This queueing discipline allows the combination
0158 of several physical devices into one virtual device.
0159
0160 See the top of <file:net/sched/sch_teql.c> for more details.
0161
0162 To compile this code as a module, choose M here: the
0163 module will be called sch_teql.
0164
0165 config NET_SCH_TBF
0166 tristate "Token Bucket Filter (TBF)"
0167 help
0168 Say Y here if you want to use the Token Bucket Filter (TBF) packet
0169 scheduling algorithm.
0170
0171 See the top of <file:net/sched/sch_tbf.c> for more details.
0172
0173 To compile this code as a module, choose M here: the
0174 module will be called sch_tbf.
0175
0176 config NET_SCH_CBS
0177 tristate "Credit Based Shaper (CBS)"
0178 help
0179 Say Y here if you want to use the Credit Based Shaper (CBS) packet
0180 scheduling algorithm.
0181
0182 See the top of <file:net/sched/sch_cbs.c> for more details.
0183
0184 To compile this code as a module, choose M here: the
0185 module will be called sch_cbs.
0186
0187 config NET_SCH_ETF
0188 tristate "Earliest TxTime First (ETF)"
0189 help
0190 Say Y here if you want to use the Earliest TxTime First (ETF) packet
0191 scheduling algorithm.
0192
0193 See the top of <file:net/sched/sch_etf.c> for more details.
0194
0195 To compile this code as a module, choose M here: the
0196 module will be called sch_etf.
0197
0198 config NET_SCH_TAPRIO
0199 tristate "Time Aware Priority (taprio) Scheduler"
0200 help
0201 Say Y here if you want to use the Time Aware Priority (taprio) packet
0202 scheduling algorithm.
0203
0204 See the top of <file:net/sched/sch_taprio.c> for more details.
0205
0206 To compile this code as a module, choose M here: the
0207 module will be called sch_taprio.
0208
0209 config NET_SCH_GRED
0210 tristate "Generic Random Early Detection (GRED)"
0211 help
0212 Say Y here if you want to use the Generic Random Early Detection
0213 (GRED) packet scheduling algorithm for some of your network devices
0214 (see the top of <file:net/sched/sch_red.c> for details and
0215 references about the algorithm).
0216
0217 To compile this code as a module, choose M here: the
0218 module will be called sch_gred.
0219
0220 config NET_SCH_DSMARK
0221 tristate "Differentiated Services marker (DSMARK)"
0222 help
0223 Say Y if you want to schedule packets according to the
0224 Differentiated Services architecture proposed in RFC 2475.
0225 Technical information on this method, with pointers to associated
0226 RFCs, is available at <http://www.gta.ufrj.br/diffserv/>.
0227
0228 To compile this code as a module, choose M here: the
0229 module will be called sch_dsmark.
0230
0231 config NET_SCH_NETEM
0232 tristate "Network emulator (NETEM)"
0233 help
0234 Say Y if you want to emulate network delay, loss, and packet
0235 re-ordering. This is often useful to simulate networks when
0236 testing applications or protocols.
0237
0238 To compile this driver as a module, choose M here: the module
0239 will be called sch_netem.
0240
0241 If unsure, say N.
0242
0243 config NET_SCH_DRR
0244 tristate "Deficit Round Robin scheduler (DRR)"
0245 help
0246 Say Y here if you want to use the Deficit Round Robin (DRR) packet
0247 scheduling algorithm.
0248
0249 To compile this driver as a module, choose M here: the module
0250 will be called sch_drr.
0251
0252 If unsure, say N.
0253
0254 config NET_SCH_MQPRIO
0255 tristate "Multi-queue priority scheduler (MQPRIO)"
0256 help
0257 Say Y here if you want to use the Multi-queue Priority scheduler.
0258 This scheduler allows QOS to be offloaded on NICs that have support
0259 for offloading QOS schedulers.
0260
0261 To compile this driver as a module, choose M here: the module will
0262 be called sch_mqprio.
0263
0264 If unsure, say N.
0265
0266 config NET_SCH_SKBPRIO
0267 tristate "SKB priority queue scheduler (SKBPRIO)"
0268 help
0269 Say Y here if you want to use the SKB priority queue
0270 scheduler. This schedules packets according to skb->priority,
0271 which is useful for request packets in DoS mitigation systems such
0272 as Gatekeeper.
0273
0274 To compile this driver as a module, choose M here: the module will
0275 be called sch_skbprio.
0276
0277 If unsure, say N.
0278
0279 config NET_SCH_CHOKE
0280 tristate "CHOose and Keep responsive flow scheduler (CHOKE)"
0281 help
0282 Say Y here if you want to use the CHOKe packet scheduler (CHOose
0283 and Keep for responsive flows, CHOose and Kill for unresponsive
0284 flows). This is a variation of RED which tries to penalize flows
0285 that monopolize the queue.
0286
0287 To compile this code as a module, choose M here: the
0288 module will be called sch_choke.
0289
0290 config NET_SCH_QFQ
0291 tristate "Quick Fair Queueing scheduler (QFQ)"
0292 help
0293 Say Y here if you want to use the Quick Fair Queueing Scheduler (QFQ)
0294 packet scheduling algorithm.
0295
0296 To compile this driver as a module, choose M here: the module
0297 will be called sch_qfq.
0298
0299 If unsure, say N.
0300
0301 config NET_SCH_CODEL
0302 tristate "Controlled Delay AQM (CODEL)"
0303 help
0304 Say Y here if you want to use the Controlled Delay (CODEL)
0305 packet scheduling algorithm.
0306
0307 To compile this driver as a module, choose M here: the module
0308 will be called sch_codel.
0309
0310 If unsure, say N.
0311
0312 config NET_SCH_FQ_CODEL
0313 tristate "Fair Queue Controlled Delay AQM (FQ_CODEL)"
0314 help
0315 Say Y here if you want to use the FQ Controlled Delay (FQ_CODEL)
0316 packet scheduling algorithm.
0317
0318 To compile this driver as a module, choose M here: the module
0319 will be called sch_fq_codel.
0320
0321 If unsure, say N.
0322
0323 config NET_SCH_CAKE
0324 tristate "Common Applications Kept Enhanced (CAKE)"
0325 help
0326 Say Y here if you want to use the Common Applications Kept Enhanced
0327 (CAKE) queue management algorithm.
0328
0329 To compile this driver as a module, choose M here: the module
0330 will be called sch_cake.
0331
0332 If unsure, say N.
0333
0334 config NET_SCH_FQ
0335 tristate "Fair Queue"
0336 help
0337 Say Y here if you want to use the FQ packet scheduling algorithm.
0338
0339 FQ does flow separation, and is able to respect pacing requirements
0340 set by TCP stack into sk->sk_pacing_rate (for localy generated
0341 traffic)
0342
0343 To compile this driver as a module, choose M here: the module
0344 will be called sch_fq.
0345
0346 If unsure, say N.
0347
0348 config NET_SCH_HHF
0349 tristate "Heavy-Hitter Filter (HHF)"
0350 help
0351 Say Y here if you want to use the Heavy-Hitter Filter (HHF)
0352 packet scheduling algorithm.
0353
0354 To compile this driver as a module, choose M here: the module
0355 will be called sch_hhf.
0356
0357 config NET_SCH_PIE
0358 tristate "Proportional Integral controller Enhanced (PIE) scheduler"
0359 help
0360 Say Y here if you want to use the Proportional Integral controller
0361 Enhanced scheduler packet scheduling algorithm.
0362 For more information, please see https://tools.ietf.org/html/rfc8033
0363
0364 To compile this driver as a module, choose M here: the module
0365 will be called sch_pie.
0366
0367 If unsure, say N.
0368
0369 config NET_SCH_FQ_PIE
0370 depends on NET_SCH_PIE
0371 tristate "Flow Queue Proportional Integral controller Enhanced (FQ-PIE)"
0372 help
0373 Say Y here if you want to use the Flow Queue Proportional Integral
0374 controller Enhanced (FQ-PIE) packet scheduling algorithm.
0375 For more information, please see https://tools.ietf.org/html/rfc8033
0376
0377 To compile this driver as a module, choose M here: the module
0378 will be called sch_fq_pie.
0379
0380 If unsure, say N.
0381
0382 config NET_SCH_INGRESS
0383 tristate "Ingress/classifier-action Qdisc"
0384 depends on NET_CLS_ACT
0385 select NET_INGRESS
0386 select NET_EGRESS
0387 help
0388 Say Y here if you want to use classifiers for incoming and/or outgoing
0389 packets. This qdisc doesn't do anything else besides running classifiers,
0390 which can also have actions attached to them. In case of outgoing packets,
0391 classifiers that this qdisc holds are executed in the transmit path
0392 before real enqueuing to an egress qdisc happens.
0393
0394 If unsure, say Y.
0395
0396 To compile this code as a module, choose M here: the module will be
0397 called sch_ingress with alias of sch_clsact.
0398
0399 config NET_SCH_PLUG
0400 tristate "Plug network traffic until release (PLUG)"
0401 help
0402
0403 This queuing discipline allows userspace to plug/unplug a network
0404 output queue, using the netlink interface. When it receives an
0405 enqueue command it inserts a plug into the outbound queue that
0406 causes following packets to enqueue until a dequeue command arrives
0407 over netlink, causing the plug to be removed and resuming the normal
0408 packet flow.
0409
0410 This module also provides a generic "network output buffering"
0411 functionality (aka output commit), wherein upon arrival of a dequeue
0412 command, only packets up to the first plug are released for delivery.
0413 The Remus HA project uses this module to enable speculative execution
0414 of virtual machines by allowing the generated network output to be rolled
0415 back if needed.
0416
0417 For more information, please refer to <http://wiki.xenproject.org/wiki/Remus>
0418
0419 Say Y here if you are using this kernel for Xen dom0 and
0420 want to protect Xen guests with Remus.
0421
0422 To compile this code as a module, choose M here: the
0423 module will be called sch_plug.
0424
0425 config NET_SCH_ETS
0426 tristate "Enhanced transmission selection scheduler (ETS)"
0427 help
0428 The Enhanced Transmission Selection scheduler is a classful
0429 queuing discipline that merges functionality of PRIO and DRR
0430 qdiscs in one scheduler. ETS makes it easy to configure a set of
0431 strict and bandwidth-sharing bands to implement the transmission
0432 selection described in 802.1Qaz.
0433
0434 Say Y here if you want to use the ETS packet scheduling
0435 algorithm.
0436
0437 To compile this driver as a module, choose M here: the module
0438 will be called sch_ets.
0439
0440 If unsure, say N.
0441
0442 menuconfig NET_SCH_DEFAULT
0443 bool "Allow override default queue discipline"
0444 help
0445 Support for selection of default queuing discipline.
0446
0447 Nearly all users can safely say no here, and the default
0448 of pfifo_fast will be used. Many distributions already set
0449 the default value via /proc/sys/net/core/default_qdisc.
0450
0451 If unsure, say N.
0452
0453 if NET_SCH_DEFAULT
0454
0455 choice
0456 prompt "Default queuing discipline"
0457 default DEFAULT_PFIFO_FAST
0458 help
0459 Select the queueing discipline that will be used by default
0460 for all network devices.
0461
0462 config DEFAULT_FQ
0463 bool "Fair Queue" if NET_SCH_FQ
0464
0465 config DEFAULT_CODEL
0466 bool "Controlled Delay" if NET_SCH_CODEL
0467
0468 config DEFAULT_FQ_CODEL
0469 bool "Fair Queue Controlled Delay" if NET_SCH_FQ_CODEL
0470
0471 config DEFAULT_FQ_PIE
0472 bool "Flow Queue Proportional Integral controller Enhanced" if NET_SCH_FQ_PIE
0473
0474 config DEFAULT_SFQ
0475 bool "Stochastic Fair Queue" if NET_SCH_SFQ
0476
0477 config DEFAULT_PFIFO_FAST
0478 bool "Priority FIFO Fast"
0479 endchoice
0480
0481 config DEFAULT_NET_SCH
0482 string
0483 default "pfifo_fast" if DEFAULT_PFIFO_FAST
0484 default "fq" if DEFAULT_FQ
0485 default "fq_codel" if DEFAULT_FQ_CODEL
0486 default "fq_pie" if DEFAULT_FQ_PIE
0487 default "sfq" if DEFAULT_SFQ
0488 default "pfifo_fast"
0489 endif
0490
0491 comment "Classification"
0492
0493 config NET_CLS
0494 bool
0495
0496 config NET_CLS_BASIC
0497 tristate "Elementary classification (BASIC)"
0498 select NET_CLS
0499 help
0500 Say Y here if you want to be able to classify packets using
0501 only extended matches and actions.
0502
0503 To compile this code as a module, choose M here: the
0504 module will be called cls_basic.
0505
0506 config NET_CLS_TCINDEX
0507 tristate "Traffic-Control Index (TCINDEX)"
0508 select NET_CLS
0509 help
0510 Say Y here if you want to be able to classify packets based on
0511 traffic control indices. You will want this feature if you want
0512 to implement Differentiated Services together with DSMARK.
0513
0514 To compile this code as a module, choose M here: the
0515 module will be called cls_tcindex.
0516
0517 config NET_CLS_ROUTE4
0518 tristate "Routing decision (ROUTE)"
0519 depends on INET
0520 select IP_ROUTE_CLASSID
0521 select NET_CLS
0522 help
0523 If you say Y here, you will be able to classify packets
0524 according to the route table entry they matched.
0525
0526 To compile this code as a module, choose M here: the
0527 module will be called cls_route.
0528
0529 config NET_CLS_FW
0530 tristate "Netfilter mark (FW)"
0531 select NET_CLS
0532 help
0533 If you say Y here, you will be able to classify packets
0534 according to netfilter/firewall marks.
0535
0536 To compile this code as a module, choose M here: the
0537 module will be called cls_fw.
0538
0539 config NET_CLS_U32
0540 tristate "Universal 32bit comparisons w/ hashing (U32)"
0541 select NET_CLS
0542 help
0543 Say Y here to be able to classify packets using a universal
0544 32bit pieces based comparison scheme.
0545
0546 To compile this code as a module, choose M here: the
0547 module will be called cls_u32.
0548
0549 config CLS_U32_PERF
0550 bool "Performance counters support"
0551 depends on NET_CLS_U32
0552 help
0553 Say Y here to make u32 gather additional statistics useful for
0554 fine tuning u32 classifiers.
0555
0556 config CLS_U32_MARK
0557 bool "Netfilter marks support"
0558 depends on NET_CLS_U32
0559 help
0560 Say Y here to be able to use netfilter marks as u32 key.
0561
0562 config NET_CLS_RSVP
0563 tristate "IPv4 Resource Reservation Protocol (RSVP)"
0564 select NET_CLS
0565 help
0566 The Resource Reservation Protocol (RSVP) permits end systems to
0567 request a minimum and maximum data flow rate for a connection; this
0568 is important for real time data such as streaming sound or video.
0569
0570 Say Y here if you want to be able to classify outgoing packets based
0571 on their RSVP requests.
0572
0573 To compile this code as a module, choose M here: the
0574 module will be called cls_rsvp.
0575
0576 config NET_CLS_RSVP6
0577 tristate "IPv6 Resource Reservation Protocol (RSVP6)"
0578 select NET_CLS
0579 help
0580 The Resource Reservation Protocol (RSVP) permits end systems to
0581 request a minimum and maximum data flow rate for a connection; this
0582 is important for real time data such as streaming sound or video.
0583
0584 Say Y here if you want to be able to classify outgoing packets based
0585 on their RSVP requests and you are using the IPv6 protocol.
0586
0587 To compile this code as a module, choose M here: the
0588 module will be called cls_rsvp6.
0589
0590 config NET_CLS_FLOW
0591 tristate "Flow classifier"
0592 select NET_CLS
0593 help
0594 If you say Y here, you will be able to classify packets based on
0595 a configurable combination of packet keys. This is mostly useful
0596 in combination with SFQ.
0597
0598 To compile this code as a module, choose M here: the
0599 module will be called cls_flow.
0600
0601 config NET_CLS_CGROUP
0602 tristate "Control Group Classifier"
0603 select NET_CLS
0604 select CGROUP_NET_CLASSID
0605 depends on CGROUPS
0606 help
0607 Say Y here if you want to classify packets based on the control
0608 cgroup of their process.
0609
0610 To compile this code as a module, choose M here: the
0611 module will be called cls_cgroup.
0612
0613 config NET_CLS_BPF
0614 tristate "BPF-based classifier"
0615 select NET_CLS
0616 help
0617 If you say Y here, you will be able to classify packets based on
0618 programmable BPF (JIT'ed) filters as an alternative to ematches.
0619
0620 To compile this code as a module, choose M here: the module will
0621 be called cls_bpf.
0622
0623 config NET_CLS_FLOWER
0624 tristate "Flower classifier"
0625 select NET_CLS
0626 help
0627 If you say Y here, you will be able to classify packets based on
0628 a configurable combination of packet keys and masks.
0629
0630 To compile this code as a module, choose M here: the module will
0631 be called cls_flower.
0632
0633 config NET_CLS_MATCHALL
0634 tristate "Match-all classifier"
0635 select NET_CLS
0636 help
0637 If you say Y here, you will be able to classify packets based on
0638 nothing. Every packet will match.
0639
0640 To compile this code as a module, choose M here: the module will
0641 be called cls_matchall.
0642
0643 config NET_EMATCH
0644 bool "Extended Matches"
0645 select NET_CLS
0646 help
0647 Say Y here if you want to use extended matches on top of classifiers
0648 and select the extended matches below.
0649
0650 Extended matches are small classification helpers not worth writing
0651 a separate classifier for.
0652
0653 A recent version of the iproute2 package is required to use
0654 extended matches.
0655
0656 config NET_EMATCH_STACK
0657 int "Stack size"
0658 depends on NET_EMATCH
0659 default "32"
0660 help
0661 Size of the local stack variable used while evaluating the tree of
0662 ematches. Limits the depth of the tree, i.e. the number of
0663 encapsulated precedences. Every level requires 4 bytes of additional
0664 stack space.
0665
0666 config NET_EMATCH_CMP
0667 tristate "Simple packet data comparison"
0668 depends on NET_EMATCH
0669 help
0670 Say Y here if you want to be able to classify packets based on
0671 simple packet data comparisons for 8, 16, and 32bit values.
0672
0673 To compile this code as a module, choose M here: the
0674 module will be called em_cmp.
0675
0676 config NET_EMATCH_NBYTE
0677 tristate "Multi byte comparison"
0678 depends on NET_EMATCH
0679 help
0680 Say Y here if you want to be able to classify packets based on
0681 multiple byte comparisons mainly useful for IPv6 address comparisons.
0682
0683 To compile this code as a module, choose M here: the
0684 module will be called em_nbyte.
0685
0686 config NET_EMATCH_U32
0687 tristate "U32 key"
0688 depends on NET_EMATCH
0689 help
0690 Say Y here if you want to be able to classify packets using
0691 the famous u32 key in combination with logic relations.
0692
0693 To compile this code as a module, choose M here: the
0694 module will be called em_u32.
0695
0696 config NET_EMATCH_META
0697 tristate "Metadata"
0698 depends on NET_EMATCH
0699 help
0700 Say Y here if you want to be able to classify packets based on
0701 metadata such as load average, netfilter attributes, socket
0702 attributes and routing decisions.
0703
0704 To compile this code as a module, choose M here: the
0705 module will be called em_meta.
0706
0707 config NET_EMATCH_TEXT
0708 tristate "Textsearch"
0709 depends on NET_EMATCH
0710 select TEXTSEARCH
0711 select TEXTSEARCH_KMP
0712 select TEXTSEARCH_BM
0713 select TEXTSEARCH_FSM
0714 help
0715 Say Y here if you want to be able to classify packets based on
0716 textsearch comparisons.
0717
0718 To compile this code as a module, choose M here: the
0719 module will be called em_text.
0720
0721 config NET_EMATCH_CANID
0722 tristate "CAN Identifier"
0723 depends on NET_EMATCH && (CAN=y || CAN=m)
0724 help
0725 Say Y here if you want to be able to classify CAN frames based
0726 on CAN Identifier.
0727
0728 To compile this code as a module, choose M here: the
0729 module will be called em_canid.
0730
0731 config NET_EMATCH_IPSET
0732 tristate "IPset"
0733 depends on NET_EMATCH && IP_SET
0734 help
0735 Say Y here if you want to be able to classify packets based on
0736 ipset membership.
0737
0738 To compile this code as a module, choose M here: the
0739 module will be called em_ipset.
0740
0741 config NET_EMATCH_IPT
0742 tristate "IPtables Matches"
0743 depends on NET_EMATCH && NETFILTER && NETFILTER_XTABLES
0744 help
0745 Say Y here to be able to classify packets based on iptables
0746 matches.
0747 Current supported match is "policy" which allows packet classification
0748 based on IPsec policy that was used during decapsulation
0749
0750 To compile this code as a module, choose M here: the
0751 module will be called em_ipt.
0752
0753 config NET_CLS_ACT
0754 bool "Actions"
0755 select NET_CLS
0756 help
0757 Say Y here if you want to use traffic control actions. Actions
0758 get attached to classifiers and are invoked after a successful
0759 classification. They are used to overwrite the classification
0760 result, instantly drop or redirect packets, etc.
0761
0762 A recent version of the iproute2 package is required to use
0763 extended matches.
0764
0765 config NET_ACT_POLICE
0766 tristate "Traffic Policing"
0767 depends on NET_CLS_ACT
0768 help
0769 Say Y here if you want to do traffic policing, i.e. strict
0770 bandwidth limiting. This action replaces the existing policing
0771 module.
0772
0773 To compile this code as a module, choose M here: the
0774 module will be called act_police.
0775
0776 config NET_ACT_GACT
0777 tristate "Generic actions"
0778 depends on NET_CLS_ACT
0779 help
0780 Say Y here to take generic actions such as dropping and
0781 accepting packets.
0782
0783 To compile this code as a module, choose M here: the
0784 module will be called act_gact.
0785
0786 config GACT_PROB
0787 bool "Probability support"
0788 depends on NET_ACT_GACT
0789 help
0790 Say Y here to use the generic action randomly or deterministically.
0791
0792 config NET_ACT_MIRRED
0793 tristate "Redirecting and Mirroring"
0794 depends on NET_CLS_ACT
0795 help
0796 Say Y here to allow packets to be mirrored or redirected to
0797 other devices.
0798
0799 To compile this code as a module, choose M here: the
0800 module will be called act_mirred.
0801
0802 config NET_ACT_SAMPLE
0803 tristate "Traffic Sampling"
0804 depends on NET_CLS_ACT
0805 select PSAMPLE
0806 help
0807 Say Y here to allow packet sampling tc action. The packet sample
0808 action consists of statistically choosing packets and sampling
0809 them using the psample module.
0810
0811 To compile this code as a module, choose M here: the
0812 module will be called act_sample.
0813
0814 config NET_ACT_IPT
0815 tristate "IPtables targets"
0816 depends on NET_CLS_ACT && NETFILTER && NETFILTER_XTABLES
0817 help
0818 Say Y here to be able to invoke iptables targets after successful
0819 classification.
0820
0821 To compile this code as a module, choose M here: the
0822 module will be called act_ipt.
0823
0824 config NET_ACT_NAT
0825 tristate "Stateless NAT"
0826 depends on NET_CLS_ACT
0827 help
0828 Say Y here to do stateless NAT on IPv4 packets. You should use
0829 netfilter for NAT unless you know what you are doing.
0830
0831 To compile this code as a module, choose M here: the
0832 module will be called act_nat.
0833
0834 config NET_ACT_PEDIT
0835 tristate "Packet Editing"
0836 depends on NET_CLS_ACT
0837 help
0838 Say Y here if you want to mangle the content of packets.
0839
0840 To compile this code as a module, choose M here: the
0841 module will be called act_pedit.
0842
0843 config NET_ACT_SIMP
0844 tristate "Simple Example (Debug)"
0845 depends on NET_CLS_ACT
0846 help
0847 Say Y here to add a simple action for demonstration purposes.
0848 It is meant as an example and for debugging purposes. It will
0849 print a configured policy string followed by the packet count
0850 to the console for every packet that passes by.
0851
0852 If unsure, say N.
0853
0854 To compile this code as a module, choose M here: the
0855 module will be called act_simple.
0856
0857 config NET_ACT_SKBEDIT
0858 tristate "SKB Editing"
0859 depends on NET_CLS_ACT
0860 help
0861 Say Y here to change skb priority or queue_mapping settings.
0862
0863 If unsure, say N.
0864
0865 To compile this code as a module, choose M here: the
0866 module will be called act_skbedit.
0867
0868 config NET_ACT_CSUM
0869 tristate "Checksum Updating"
0870 depends on NET_CLS_ACT && INET
0871 select LIBCRC32C
0872 help
0873 Say Y here to update some common checksum after some direct
0874 packet alterations.
0875
0876 To compile this code as a module, choose M here: the
0877 module will be called act_csum.
0878
0879 config NET_ACT_MPLS
0880 tristate "MPLS manipulation"
0881 depends on NET_CLS_ACT
0882 help
0883 Say Y here to push or pop MPLS headers.
0884
0885 If unsure, say N.
0886
0887 To compile this code as a module, choose M here: the
0888 module will be called act_mpls.
0889
0890 config NET_ACT_VLAN
0891 tristate "Vlan manipulation"
0892 depends on NET_CLS_ACT
0893 help
0894 Say Y here to push or pop vlan headers.
0895
0896 If unsure, say N.
0897
0898 To compile this code as a module, choose M here: the
0899 module will be called act_vlan.
0900
0901 config NET_ACT_BPF
0902 tristate "BPF based action"
0903 depends on NET_CLS_ACT
0904 help
0905 Say Y here to execute BPF code on packets. The BPF code will decide
0906 if the packet should be dropped or not.
0907
0908 If unsure, say N.
0909
0910 To compile this code as a module, choose M here: the
0911 module will be called act_bpf.
0912
0913 config NET_ACT_CONNMARK
0914 tristate "Netfilter Connection Mark Retriever"
0915 depends on NET_CLS_ACT && NETFILTER
0916 depends on NF_CONNTRACK && NF_CONNTRACK_MARK
0917 help
0918 Say Y here to allow retrieving of conn mark
0919
0920 If unsure, say N.
0921
0922 To compile this code as a module, choose M here: the
0923 module will be called act_connmark.
0924
0925 config NET_ACT_CTINFO
0926 tristate "Netfilter Connection Mark Actions"
0927 depends on NET_CLS_ACT && NETFILTER
0928 depends on NF_CONNTRACK && NF_CONNTRACK_MARK
0929 help
0930 Say Y here to allow transfer of a connmark stored information.
0931 Current actions transfer connmark stored DSCP into
0932 ipv4/v6 diffserv and/or to transfer connmark to packet
0933 mark. Both are useful for restoring egress based marks
0934 back onto ingress connections for qdisc priority mapping
0935 purposes.
0936
0937 If unsure, say N.
0938
0939 To compile this code as a module, choose M here: the
0940 module will be called act_ctinfo.
0941
0942 config NET_ACT_SKBMOD
0943 tristate "skb data modification action"
0944 depends on NET_CLS_ACT
0945 help
0946 Say Y here to allow modification of skb data
0947
0948 If unsure, say N.
0949
0950 To compile this code as a module, choose M here: the
0951 module will be called act_skbmod.
0952
0953 config NET_ACT_IFE
0954 tristate "Inter-FE action based on IETF ForCES InterFE LFB"
0955 depends on NET_CLS_ACT
0956 select NET_IFE
0957 help
0958 Say Y here to allow for sourcing and terminating metadata
0959 For details refer to netdev01 paper:
0960 "Distributing Linux Traffic Control Classifier-Action Subsystem"
0961 Authors: Jamal Hadi Salim and Damascene M. Joachimpillai
0962
0963 To compile this code as a module, choose M here: the
0964 module will be called act_ife.
0965
0966 config NET_ACT_TUNNEL_KEY
0967 tristate "IP tunnel metadata manipulation"
0968 depends on NET_CLS_ACT
0969 help
0970 Say Y here to set/release ip tunnel metadata.
0971
0972 If unsure, say N.
0973
0974 To compile this code as a module, choose M here: the
0975 module will be called act_tunnel_key.
0976
0977 config NET_ACT_CT
0978 tristate "connection tracking tc action"
0979 depends on NET_CLS_ACT && NF_CONNTRACK && NF_NAT && NF_FLOW_TABLE
0980 help
0981 Say Y here to allow sending the packets to conntrack module.
0982
0983 If unsure, say N.
0984
0985 To compile this code as a module, choose M here: the
0986 module will be called act_ct.
0987
0988 config NET_ACT_GATE
0989 tristate "Frame gate entry list control tc action"
0990 depends on NET_CLS_ACT
0991 help
0992 Say Y here to allow to control the ingress flow to be passed at
0993 specific time slot and be dropped at other specific time slot by
0994 the gate entry list.
0995
0996 If unsure, say N.
0997 To compile this code as a module, choose M here: the
0998 module will be called act_gate.
0999
1000 config NET_IFE_SKBMARK
1001 tristate "Support to encoding decoding skb mark on IFE action"
1002 depends on NET_ACT_IFE
1003
1004 config NET_IFE_SKBPRIO
1005 tristate "Support to encoding decoding skb prio on IFE action"
1006 depends on NET_ACT_IFE
1007
1008 config NET_IFE_SKBTCINDEX
1009 tristate "Support to encoding decoding skb tcindex on IFE action"
1010 depends on NET_ACT_IFE
1011
1012 config NET_TC_SKB_EXT
1013 bool "TC recirculation support"
1014 depends on NET_CLS_ACT
1015 select SKB_EXTENSIONS
1016
1017 help
1018 Say Y here to allow tc chain misses to continue in OvS datapath in
1019 the correct recirc_id, and hardware chain misses to continue in
1020 the correct chain in tc software datapath.
1021
1022 Say N here if you won't be using tc<->ovs offload or tc chains offload.
1023
1024 endif # NET_SCHED
1025
1026 config NET_SCH_FIFO
1027 bool
