linux/net/Kconfig
<<
>>
Prefs
   1#
   2# Network configuration
   3#
   4
   5menuconfig NET
   6        bool "Networking support"
   7        select NLATTR
   8        select GENERIC_NET_UTILS
   9        select BPF
  10        ---help---
  11          Unless you really know what you are doing, you should say Y here.
  12          The reason is that some programs need kernel networking support even
  13          when running on a stand-alone machine that isn't connected to any
  14          other computer.
  15          
  16          If you are upgrading from an older kernel, you
  17          should consider updating your networking tools too because changes
  18          in the kernel and the tools often go hand in hand. The tools are
  19          contained in the package net-tools, the location and version number
  20          of which are given in <file:Documentation/Changes>.
  21
  22          For a general introduction to Linux networking, it is highly
  23          recommended to read the NET-HOWTO, available from
  24          <http://www.tldp.org/docs.html#howto>.
  25
  26if NET
  27
  28config WANT_COMPAT_NETLINK_MESSAGES
  29        bool
  30        help
  31          This option can be selected by other options that need compat
  32          netlink messages.
  33
  34config COMPAT_NETLINK_MESSAGES
  35        def_bool y
  36        depends on COMPAT
  37        depends on WEXT_CORE || WANT_COMPAT_NETLINK_MESSAGES
  38        help
  39          This option makes it possible to send different netlink messages
  40          to tasks depending on whether the task is a compat task or not. To
  41          achieve this, you need to set skb_shinfo(skb)->frag_list to the
  42          compat skb before sending the skb, the netlink code will sort out
  43          which message to actually pass to the task.
  44
  45          Newly written code should NEVER need this option but do
  46          compat-independent messages instead!
  47
  48config NET_INGRESS
  49        bool
  50
  51config NET_EGRESS
  52        bool
  53
  54menu "Networking options"
  55
  56source "net/packet/Kconfig"
  57source "net/unix/Kconfig"
  58source "net/tls/Kconfig"
  59source "net/xfrm/Kconfig"
  60source "net/iucv/Kconfig"
  61source "net/smc/Kconfig"
  62
  63config INET
  64        bool "TCP/IP networking"
  65        select CRYPTO
  66        select CRYPTO_AES
  67        ---help---
  68          These are the protocols used on the Internet and on most local
  69          Ethernets. It is highly recommended to say Y here (this will enlarge
  70          your kernel by about 400 KB), since some programs (e.g. the X window
  71          system) use TCP/IP even if your machine is not connected to any
  72          other computer. You will get the so-called loopback device which
  73          allows you to ping yourself (great fun, that!).
  74
  75          For an excellent introduction to Linux networking, please read the
  76          Linux Networking HOWTO, available from
  77          <http://www.tldp.org/docs.html#howto>.
  78
  79          If you say Y here and also to "/proc file system support" and
  80          "Sysctl support" below, you can change various aspects of the
  81          behavior of the TCP/IP code by writing to the (virtual) files in
  82          /proc/sys/net/ipv4/*; the options are explained in the file
  83          <file:Documentation/networking/ip-sysctl.txt>.
  84
  85          Short answer: say Y.
  86
  87if INET
  88source "net/ipv4/Kconfig"
  89source "net/ipv6/Kconfig"
  90source "net/netlabel/Kconfig"
  91
  92endif # if INET
  93
  94config NETWORK_SECMARK
  95        bool "Security Marking"
  96        help
  97          This enables security marking of network packets, similar
  98          to nfmark, but designated for security purposes.
  99          If you are unsure how to answer this question, answer N.
 100
 101config NET_PTP_CLASSIFY
 102        def_bool n
 103
 104config NETWORK_PHY_TIMESTAMPING
 105        bool "Timestamping in PHY devices"
 106        select NET_PTP_CLASSIFY
 107        help
 108          This allows timestamping of network packets by PHYs with
 109          hardware timestamping capabilities. This option adds some
 110          overhead in the transmit and receive paths.
 111
 112          If you are unsure how to answer this question, answer N.
 113
 114menuconfig NETFILTER
 115        bool "Network packet filtering framework (Netfilter)"
 116        ---help---
 117          Netfilter is a framework for filtering and mangling network packets
 118          that pass through your Linux box.
 119
 120          The most common use of packet filtering is to run your Linux box as
 121          a firewall protecting a local network from the Internet. The type of
 122          firewall provided by this kernel support is called a "packet
 123          filter", which means that it can reject individual network packets
 124          based on type, source, destination etc. The other kind of firewall,
 125          a "proxy-based" one, is more secure but more intrusive and more
 126          bothersome to set up; it inspects the network traffic much more
 127          closely, modifies it and has knowledge about the higher level
 128          protocols, which a packet filter lacks. Moreover, proxy-based
 129          firewalls often require changes to the programs running on the local
 130          clients. Proxy-based firewalls don't need support by the kernel, but
 131          they are often combined with a packet filter, which only works if
 132          you say Y here.
 133
 134          You should also say Y here if you intend to use your Linux box as
 135          the gateway to the Internet for a local network of machines without
 136          globally valid IP addresses. This is called "masquerading": if one
 137          of the computers on your local network wants to send something to
 138          the outside, your box can "masquerade" as that computer, i.e. it
 139          forwards the traffic to the intended outside destination, but
 140          modifies the packets to make it look like they came from the
 141          firewall box itself. It works both ways: if the outside host
 142          replies, the Linux box will silently forward the traffic to the
 143          correct local computer. This way, the computers on your local net
 144          are completely invisible to the outside world, even though they can
 145          reach the outside and can receive replies. It is even possible to
 146          run globally visible servers from within a masqueraded local network
 147          using a mechanism called portforwarding. Masquerading is also often
 148          called NAT (Network Address Translation).
 149
 150          Another use of Netfilter is in transparent proxying: if a machine on
 151          the local network tries to connect to an outside host, your Linux
 152          box can transparently forward the traffic to a local server,
 153          typically a caching proxy server.
 154
 155          Yet another use of Netfilter is building a bridging firewall. Using
 156          a bridge with Network packet filtering enabled makes iptables "see"
 157          the bridged traffic. For filtering on the lower network and Ethernet
 158          protocols over the bridge, use ebtables (under bridge netfilter
 159          configuration).
 160
 161          Various modules exist for netfilter which replace the previous
 162          masquerading (ipmasqadm), packet filtering (ipchains), transparent
 163          proxying, and portforwarding mechanisms. Please see
 164          <file:Documentation/Changes> under "iptables" for the location of
 165          these packages.
 166
 167if NETFILTER
 168
 169config NETFILTER_ADVANCED
 170        bool "Advanced netfilter configuration"
 171        depends on NETFILTER
 172        default y
 173        help
 174          If you say Y here you can select between all the netfilter modules.
 175          If you say N the more unusual ones will not be shown and the
 176          basic ones needed by most people will default to 'M'.
 177
 178          If unsure, say Y.
 179
 180config BRIDGE_NETFILTER
 181        tristate "Bridged IP/ARP packets filtering"
 182        depends on BRIDGE
 183        depends on NETFILTER && INET
 184        depends on NETFILTER_ADVANCED
 185        select NETFILTER_FAMILY_BRIDGE
 186        default m
 187        ---help---
 188          Enabling this option will let arptables resp. iptables see bridged
 189          ARP resp. IP traffic. If you want a bridging firewall, you probably
 190          want this option enabled.
 191          Enabling or disabling this option doesn't enable or disable
 192          ebtables.
 193
 194          If unsure, say N.
 195
 196source "net/netfilter/Kconfig"
 197source "net/ipv4/netfilter/Kconfig"
 198source "net/ipv6/netfilter/Kconfig"
 199source "net/decnet/netfilter/Kconfig"
 200source "net/bridge/netfilter/Kconfig"
 201
 202endif
 203
 204source "net/dccp/Kconfig"
 205source "net/sctp/Kconfig"
 206source "net/rds/Kconfig"
 207source "net/tipc/Kconfig"
 208source "net/atm/Kconfig"
 209source "net/l2tp/Kconfig"
 210source "net/802/Kconfig"
 211source "net/bridge/Kconfig"
 212source "net/dsa/Kconfig"
 213source "net/8021q/Kconfig"
 214source "net/decnet/Kconfig"
 215source "net/llc/Kconfig"
 216source "drivers/net/appletalk/Kconfig"
 217source "net/x25/Kconfig"
 218source "net/lapb/Kconfig"
 219source "net/phonet/Kconfig"
 220source "net/6lowpan/Kconfig"
 221source "net/ieee802154/Kconfig"
 222source "net/mac802154/Kconfig"
 223source "net/sched/Kconfig"
 224source "net/dcb/Kconfig"
 225source "net/dns_resolver/Kconfig"
 226source "net/batman-adv/Kconfig"
 227source "net/openvswitch/Kconfig"
 228source "net/vmw_vsock/Kconfig"
 229source "net/netlink/Kconfig"
 230source "net/mpls/Kconfig"
 231source "net/nsh/Kconfig"
 232source "net/hsr/Kconfig"
 233source "net/switchdev/Kconfig"
 234source "net/l3mdev/Kconfig"
 235source "net/qrtr/Kconfig"
 236source "net/ncsi/Kconfig"
 237
 238config RPS
 239        bool
 240        depends on SMP && SYSFS
 241        default y
 242
 243config RFS_ACCEL
 244        bool
 245        depends on RPS
 246        select CPU_RMAP
 247        default y
 248
 249config XPS
 250        bool
 251        depends on SMP
 252        default y
 253
 254config HWBM
 255       bool
 256
 257config CGROUP_NET_PRIO
 258        bool "Network priority cgroup"
 259        depends on CGROUPS
 260        select SOCK_CGROUP_DATA
 261        ---help---
 262          Cgroup subsystem for use in assigning processes to network priorities on
 263          a per-interface basis.
 264
 265config CGROUP_NET_CLASSID
 266        bool "Network classid cgroup"
 267        depends on CGROUPS
 268        select SOCK_CGROUP_DATA
 269        ---help---
 270          Cgroup subsystem for use as general purpose socket classid marker that is
 271          being used in cls_cgroup and for netfilter matching.
 272
 273config NET_RX_BUSY_POLL
 274        bool
 275        default y
 276
 277config BQL
 278        bool
 279        depends on SYSFS
 280        select DQL
 281        default y
 282
 283config BPF_JIT
 284        bool "enable BPF Just In Time compiler"
 285        depends on HAVE_CBPF_JIT || HAVE_EBPF_JIT
 286        depends on MODULES
 287        ---help---
 288          Berkeley Packet Filter filtering capabilities are normally handled
 289          by an interpreter. This option allows kernel to generate a native
 290          code when filter is loaded in memory. This should speedup
 291          packet sniffing (libpcap/tcpdump).
 292
 293          Note, admin should enable this feature changing:
 294          /proc/sys/net/core/bpf_jit_enable
 295          /proc/sys/net/core/bpf_jit_harden   (optional)
 296          /proc/sys/net/core/bpf_jit_kallsyms (optional)
 297
 298config BPF_STREAM_PARSER
 299        bool "enable BPF STREAM_PARSER"
 300        depends on BPF_SYSCALL
 301        select STREAM_PARSER
 302        ---help---
 303         Enabling this allows a stream parser to be used with
 304         BPF_MAP_TYPE_SOCKMAP.
 305
 306         BPF_MAP_TYPE_SOCKMAP provides a map type to use with network sockets.
 307         It can be used to enforce socket policy, implement socket redirects,
 308         etc.
 309
 310config NET_FLOW_LIMIT
 311        bool
 312        depends on RPS
 313        default y
 314        ---help---
 315          The network stack has to drop packets when a receive processing CPU's
 316          backlog reaches netdev_max_backlog. If a few out of many active flows
 317          generate the vast majority of load, drop their traffic earlier to
 318          maintain capacity for the other flows. This feature provides servers
 319          with many clients some protection against DoS by a single (spoofed)
 320          flow that greatly exceeds average workload.
 321
 322menu "Network testing"
 323
 324config NET_PKTGEN
 325        tristate "Packet Generator (USE WITH CAUTION)"
 326        depends on INET && PROC_FS
 327        ---help---
 328          This module will inject preconfigured packets, at a configurable
 329          rate, out of a given interface.  It is used for network interface
 330          stress testing and performance analysis.  If you don't understand
 331          what was just said, you don't need it: say N.
 332
 333          Documentation on how to use the packet generator can be found
 334          at <file:Documentation/networking/pktgen.txt>.
 335
 336          To compile this code as a module, choose M here: the
 337          module will be called pktgen.
 338
 339config NET_DROP_MONITOR
 340        tristate "Network packet drop alerting service"
 341        depends on INET && TRACEPOINTS
 342        ---help---
 343        This feature provides an alerting service to userspace in the
 344        event that packets are discarded in the network stack.  Alerts
 345        are broadcast via netlink socket to any listening user space
 346        process.  If you don't need network drop alerts, or if you are ok
 347        just checking the various proc files and other utilities for
 348        drop statistics, say N here.
 349
 350endmenu
 351
 352endmenu
 353
 354source "net/ax25/Kconfig"
 355source "net/can/Kconfig"
 356source "net/bluetooth/Kconfig"
 357source "net/rxrpc/Kconfig"
 358source "net/kcm/Kconfig"
 359source "net/strparser/Kconfig"
 360
 361config FIB_RULES
 362        bool
 363
 364menuconfig WIRELESS
 365        bool "Wireless"
 366        depends on !S390
 367        default y
 368
 369if WIRELESS
 370
 371source "net/wireless/Kconfig"
 372source "net/mac80211/Kconfig"
 373
 374endif # WIRELESS
 375
 376source "net/wimax/Kconfig"
 377
 378source "net/rfkill/Kconfig"
 379source "net/9p/Kconfig"
 380source "net/caif/Kconfig"
 381source "net/ceph/Kconfig"
 382source "net/nfc/Kconfig"
 383source "net/psample/Kconfig"
 384source "net/ife/Kconfig"
 385
 386config LWTUNNEL
 387        bool "Network light weight tunnels"
 388        ---help---
 389          This feature provides an infrastructure to support light weight
 390          tunnels like mpls. There is no netdevice associated with a light
 391          weight tunnel endpoint. Tunnel encapsulation parameters are stored
 392          with light weight tunnel state associated with fib routes.
 393
 394config LWTUNNEL_BPF
 395        bool "Execute BPF program as route nexthop action"
 396        depends on LWTUNNEL
 397        default y if LWTUNNEL=y
 398        ---help---
 399          Allows to run BPF programs as a nexthop action following a route
 400          lookup for incoming and outgoing packets.
 401
 402config DST_CACHE
 403        bool
 404        default n
 405
 406config GRO_CELLS
 407        bool
 408        default n
 409
 410config NET_DEVLINK
 411        tristate "Network physical/parent device Netlink interface"
 412        help
 413          Network physical/parent device Netlink interface provides
 414          infrastructure to support access to physical chip-wide config and
 415          monitoring.
 416
 417config MAY_USE_DEVLINK
 418        tristate
 419        default m if NET_DEVLINK=m
 420        default y if NET_DEVLINK=y || NET_DEVLINK=n
 421        help
 422          Drivers using the devlink infrastructure should have a dependency
 423          on MAY_USE_DEVLINK to ensure they do not cause link errors when
 424          devlink is a loadable module and the driver using it is built-in.
 425
 426endif   # if NET
 427
 428# Used by archs to tell that they support BPF JIT compiler plus which flavour.
 429# Only one of the two can be selected for a specific arch since eBPF JIT supersedes
 430# the cBPF JIT.
 431
 432# Classic BPF JIT (cBPF)
 433config HAVE_CBPF_JIT
 434        bool
 435
 436# Extended BPF JIT (eBPF)
 437config HAVE_EBPF_JIT
 438        bool
 439