1# SPDX-License-Identifier: GPL-2.0-only 2# 3# Traffic control configuration. 4# 5 6menuconfig NET_SCHED 7 bool "QoS and/or fair queueing" 8 select NET_SCH_FIFO 9 help 10 When the kernel has several packets to send out over a network 11 device, it has to decide which ones to send first, which ones to 12 delay, and which ones to drop. This is the job of the queueing 13 disciplines, several different algorithms for how to do this 14 "fairly" have been proposed. 15 16 If you say N here, you will get the standard packet scheduler, which 17 is a FIFO (first come, first served). If you say Y here, you will be 18 able to choose from among several alternative algorithms which can 19 then be attached to different network devices. This is useful for 20 example if some of your network devices are real time devices that 21 need a certain minimum data flow rate, or if you need to limit the 22 maximum data flow rate for traffic which matches specified criteria. 23 This code is considered to be experimental. 24 25 To administer these schedulers, you'll need the user-level utilities 26 from the package iproute2+tc at 27 <https://www.kernel.org/pub/linux/utils/net/iproute2/>. That package 28 also contains some documentation; for more, check out 29 <http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2>. 30 31 This Quality of Service (QoS) support will enable you to use 32 Differentiated Services (diffserv) and Resource Reservation Protocol 33 (RSVP) on your Linux router if you also say Y to the corresponding 34 classifiers below. Documentation and software is at 35 <http://diffserv.sourceforge.net/>. 36 37 If you say Y here and to "/proc file system" below, you will be able 38 to read status information about packet schedulers from the file 39 /proc/net/psched. 40 41 The available schedulers are listed in the following questions; you 42 can say Y to as many as you like. If unsure, say N now. 43 44if NET_SCHED 45 46comment "Queueing/Scheduling" 47 48config NET_SCH_CBQ 49 tristate "Class Based Queueing (CBQ)" 50 help 51 Say Y here if you want to use the Class-Based Queueing (CBQ) packet 52 scheduling algorithm. This algorithm classifies the waiting packets 53 into a tree-like hierarchy of classes; the leaves of this tree are 54 in turn scheduled by separate algorithms. 55 56 See the top of <file:net/sched/sch_cbq.c> for more details. 57 58 CBQ is a commonly used scheduler, so if you're unsure, you should 59 say Y here. Then say Y to all the queueing algorithms below that you 60 want to use as leaf disciplines. 61 62 To compile this code as a module, choose M here: the 63 module will be called sch_cbq. 64 65config NET_SCH_HTB 66 tristate "Hierarchical Token Bucket (HTB)" 67 help 68 Say Y here if you want to use the Hierarchical Token Buckets (HTB) 69 packet scheduling algorithm. See 70 <http://luxik.cdi.cz/~devik/qos/htb/> for complete manual and 71 in-depth articles. 72 73 HTB is very similar to CBQ regarding its goals however is has 74 different properties and different algorithm. 75 76 To compile this code as a module, choose M here: the 77 module will be called sch_htb. 78 79config NET_SCH_HFSC 80 tristate "Hierarchical Fair Service Curve (HFSC)" 81 help 82 Say Y here if you want to use the Hierarchical Fair Service Curve 83 (HFSC) packet scheduling algorithm. 84 85 To compile this code as a module, choose M here: the 86 module will be called sch_hfsc. 87 88config NET_SCH_ATM 89 tristate "ATM Virtual Circuits (ATM)" 90 depends on ATM 91 help 92 Say Y here if you want to use the ATM pseudo-scheduler. This 93 provides a framework for invoking classifiers, which in turn 94 select classes of this queuing discipline. Each class maps 95 the flow(s) it is handling to a given virtual circuit. 96 97 See the top of <file:net/sched/sch_atm.c> for more details. 98 99 To compile this code as a module, choose M here: the 100 module will be called sch_atm. 101 102config NET_SCH_PRIO 103 tristate "Multi Band Priority Queueing (PRIO)" 104 help 105 Say Y here if you want to use an n-band priority queue packet 106 scheduler. 107 108 To compile this code as a module, choose M here: the 109 module will be called sch_prio. 110 111config NET_SCH_MULTIQ 112 tristate "Hardware Multiqueue-aware Multi Band Queuing (MULTIQ)" 113 help 114 Say Y here if you want to use an n-band queue packet scheduler 115 to support devices that have multiple hardware transmit queues. 116 117 To compile this code as a module, choose M here: the 118 module will be called sch_multiq. 119 120config NET_SCH_RED 121 tristate "Random Early Detection (RED)" 122 help 123 Say Y here if you want to use the Random Early Detection (RED) 124 packet scheduling algorithm. 125 126 See the top of <file:net/sched/sch_red.c> for more details. 127 128 To compile this code as a module, choose M here: the 129 module will be called sch_red. 130 131config NET_SCH_SFB 132 tristate "Stochastic Fair Blue (SFB)" 133 help 134 Say Y here if you want to use the Stochastic Fair Blue (SFB) 135 packet scheduling algorithm. 136 137 See the top of <file:net/sched/sch_sfb.c> for more details. 138 139 To compile this code as a module, choose M here: the 140 module will be called sch_sfb. 141 142config NET_SCH_SFQ 143 tristate "Stochastic Fairness Queueing (SFQ)" 144 help 145 Say Y here if you want to use the Stochastic Fairness Queueing (SFQ) 146 packet scheduling algorithm. 147 148 See the top of <file:net/sched/sch_sfq.c> for more details. 149 150 To compile this code as a module, choose M here: the 151 module will be called sch_sfq. 152 153config NET_SCH_TEQL 154 tristate "True Link Equalizer (TEQL)" 155 help 156 Say Y here if you want to use the True Link Equalizer (TLE) packet 157 scheduling algorithm. This queueing discipline allows the combination 158 of several physical devices into one virtual device. 159 160 See the top of <file:net/sched/sch_teql.c> for more details. 161 162 To compile this code as a module, choose M here: the 163 module will be called sch_teql. 164 165config NET_SCH_TBF 166 tristate "Token Bucket Filter (TBF)" 167 help 168 Say Y here if you want to use the Token Bucket Filter (TBF) packet 169 scheduling algorithm. 170 171 See the top of <file:net/sched/sch_tbf.c> for more details. 172 173 To compile this code as a module, choose M here: the 174 module will be called sch_tbf. 175 176config NET_SCH_CBS 177 tristate "Credit Based Shaper (CBS)" 178 help 179 Say Y here if you want to use the Credit Based Shaper (CBS) packet 180 scheduling algorithm. 181 182 See the top of <file:net/sched/sch_cbs.c> for more details. 183 184 To compile this code as a module, choose M here: the 185 module will be called sch_cbs. 186 187config NET_SCH_ETF 188 tristate "Earliest TxTime First (ETF)" 189 help 190 Say Y here if you want to use the Earliest TxTime First (ETF) packet 191 scheduling algorithm. 192 193 See the top of <file:net/sched/sch_etf.c> for more details. 194 195 To compile this code as a module, choose M here: the 196 module will be called sch_etf. 197 198config NET_SCH_TAPRIO 199 tristate "Time Aware Priority (taprio) Scheduler" 200 help 201 Say Y here if you want to use the Time Aware Priority (taprio) packet 202 scheduling algorithm. 203 204 See the top of <file:net/sched/sch_taprio.c> for more details. 205 206 To compile this code as a module, choose M here: the 207 module will be called sch_taprio. 208 209config NET_SCH_GRED 210 tristate "Generic Random Early Detection (GRED)" 211 help 212 Say Y here if you want to use the Generic Random Early Detection 213 (GRED) packet scheduling algorithm for some of your network devices 214 (see the top of <file:net/sched/sch_red.c> for details and 215 references about the algorithm). 216 217 To compile this code as a module, choose M here: the 218 module will be called sch_gred. 219 220config NET_SCH_DSMARK 221 tristate "Differentiated Services marker (DSMARK)" 222 help 223 Say Y if you want to schedule packets according to the 224 Differentiated Services architecture proposed in RFC 2475. 225 Technical information on this method, with pointers to associated 226 RFCs, is available at <http://www.gta.ufrj.br/diffserv/>. 227 228 To compile this code as a module, choose M here: the 229 module will be called sch_dsmark. 230 231config NET_SCH_NETEM 232 tristate "Network emulator (NETEM)" 233 help 234 Say Y if you want to emulate network delay, loss, and packet 235 re-ordering. This is often useful to simulate networks when 236 testing applications or protocols. 237 238 To compile this driver as a module, choose M here: the module 239 will be called sch_netem. 240 241 If unsure, say N. 242 243config NET_SCH_DRR 244 tristate "Deficit Round Robin scheduler (DRR)" 245 help 246 Say Y here if you want to use the Deficit Round Robin (DRR) packet 247 scheduling algorithm. 248 249 To compile this driver as a module, choose M here: the module 250 will be called sch_drr. 251 252 If unsure, say N. 253 254config NET_SCH_MQPRIO 255 tristate "Multi-queue priority scheduler (MQPRIO)" 256 help 257 Say Y here if you want to use the Multi-queue Priority scheduler. 258 This scheduler allows QOS to be offloaded on NICs that have support 259 for offloading QOS schedulers. 260 261 To compile this driver as a module, choose M here: the module will 262 be called sch_mqprio. 263 264 If unsure, say N. 265 266config NET_SCH_SKBPRIO 267 tristate "SKB priority queue scheduler (SKBPRIO)" 268 help 269 Say Y here if you want to use the SKB priority queue 270 scheduler. This schedules packets according to skb->priority, 271 which is useful for request packets in DoS mitigation systems such 272 as Gatekeeper. 273 274 To compile this driver as a module, choose M here: the module will 275 be called sch_skbprio. 276 277 If unsure, say N. 278 279config NET_SCH_CHOKE 280 tristate "CHOose and Keep responsive flow scheduler (CHOKE)" 281 help 282 Say Y here if you want to use the CHOKe packet scheduler (CHOose 283 and Keep for responsive flows, CHOose and Kill for unresponsive 284 flows). This is a variation of RED which trys to penalize flows 285 that monopolize the queue. 286 287 To compile this code as a module, choose M here: the 288 module will be called sch_choke. 289 290config NET_SCH_QFQ 291 tristate "Quick Fair Queueing scheduler (QFQ)" 292 help 293 Say Y here if you want to use the Quick Fair Queueing Scheduler (QFQ) 294 packet scheduling algorithm. 295 296 To compile this driver as a module, choose M here: the module 297 will be called sch_qfq. 298 299 If unsure, say N. 300 301config NET_SCH_CODEL 302 tristate "Controlled Delay AQM (CODEL)" 303 help 304 Say Y here if you want to use the Controlled Delay (CODEL) 305 packet scheduling algorithm. 306 307 To compile this driver as a module, choose M here: the module 308 will be called sch_codel. 309 310 If unsure, say N. 311 312config NET_SCH_FQ_CODEL 313 tristate "Fair Queue Controlled Delay AQM (FQ_CODEL)" 314 help 315 Say Y here if you want to use the FQ Controlled Delay (FQ_CODEL) 316 packet scheduling algorithm. 317 318 To compile this driver as a module, choose M here: the module 319 will be called sch_fq_codel. 320 321 If unsure, say N. 322 323config NET_SCH_CAKE 324 tristate "Common Applications Kept Enhanced (CAKE)" 325 help 326 Say Y here if you want to use the Common Applications Kept Enhanced 327 (CAKE) queue management algorithm. 328 329 To compile this driver as a module, choose M here: the module 330 will be called sch_cake. 331 332 If unsure, say N. 333 334config NET_SCH_FQ 335 tristate "Fair Queue" 336 help 337 Say Y here if you want to use the FQ packet scheduling algorithm. 338 339 FQ does flow separation, and is able to respect pacing requirements 340 set by TCP stack into sk->sk_pacing_rate (for localy generated 341 traffic) 342 343 To compile this driver as a module, choose M here: the module 344 will be called sch_fq. 345 346 If unsure, say N. 347 348config NET_SCH_HHF 349 tristate "Heavy-Hitter Filter (HHF)" 350 help 351 Say Y here if you want to use the Heavy-Hitter Filter (HHF) 352 packet scheduling algorithm. 353 354 To compile this driver as a module, choose M here: the module 355 will be called sch_hhf. 356 357config NET_SCH_PIE 358 tristate "Proportional Integral controller Enhanced (PIE) scheduler" 359 help 360 Say Y here if you want to use the Proportional Integral controller 361 Enhanced scheduler packet scheduling algorithm. 362 For more information, please see https://tools.ietf.org/html/rfc8033 363 364 To compile this driver as a module, choose M here: the module 365 will be called sch_pie. 366 367 If unsure, say N. 368 369config NET_SCH_FQ_PIE 370 depends on NET_SCH_PIE 371 tristate "Flow Queue Proportional Integral controller Enhanced (FQ-PIE)" 372 help 373 Say Y here if you want to use the Flow Queue Proportional Integral 374 controller Enhanced (FQ-PIE) packet scheduling algorithm. 375 For more information, please see https://tools.ietf.org/html/rfc8033 376 377 To compile this driver as a module, choose M here: the module 378 will be called sch_fq_pie. 379 380 If unsure, say N. 381 382config NET_SCH_INGRESS 383 tristate "Ingress/classifier-action Qdisc" 384 depends on NET_CLS_ACT 385 select NET_INGRESS 386 select NET_EGRESS 387 help 388 Say Y here if you want to use classifiers for incoming and/or outgoing 389 packets. This qdisc doesn't do anything else besides running classifiers, 390 which can also have actions attached to them. In case of outgoing packets, 391 classifiers that this qdisc holds are executed in the transmit path 392 before real enqueuing to an egress qdisc happens. 393 394 If unsure, say Y. 395 396 To compile this code as a module, choose M here: the module will be 397 called sch_ingress with alias of sch_clsact. 398 399config NET_SCH_PLUG 400 tristate "Plug network traffic until release (PLUG)" 401 help 402 403 This queuing discipline allows userspace to plug/unplug a network 404 output queue, using the netlink interface. When it receives an 405 enqueue command it inserts a plug into the outbound queue that 406 causes following packets to enqueue until a dequeue command arrives 407 over netlink, causing the plug to be removed and resuming the normal 408 packet flow. 409 410 This module also provides a generic "network output buffering" 411 functionality (aka output commit), wherein upon arrival of a dequeue 412 command, only packets up to the first plug are released for delivery. 413 The Remus HA project uses this module to enable speculative execution 414 of virtual machines by allowing the generated network output to be rolled 415 back if needed. 416 417 For more information, please refer to <http://wiki.xenproject.org/wiki/Remus> 418 419 Say Y here if you are using this kernel for Xen dom0 and 420 want to protect Xen guests with Remus. 421 422 To compile this code as a module, choose M here: the 423 module will be called sch_plug. 424 425config NET_SCH_ETS 426 tristate "Enhanced transmission selection scheduler (ETS)" 427 help 428 The Enhanced Transmission Selection scheduler is a classful 429 queuing discipline that merges functionality of PRIO and DRR 430 qdiscs in one scheduler. ETS makes it easy to configure a set of 431 strict and bandwidth-sharing bands to implement the transmission 432 selection described in 802.1Qaz. 433 434 Say Y here if you want to use the ETS packet scheduling 435 algorithm. 436 437 To compile this driver as a module, choose M here: the module 438 will be called sch_ets. 439 440 If unsure, say N. 441 442menuconfig NET_SCH_DEFAULT 443 bool "Allow override default queue discipline" 444 help 445 Support for selection of default queuing discipline. 446 447 Nearly all users can safely say no here, and the default 448 of pfifo_fast will be used. Many distributions already set 449 the default value via /proc/sys/net/core/default_qdisc. 450 451 If unsure, say N. 452 453if NET_SCH_DEFAULT 454 455choice 456 prompt "Default queuing discipline" 457 default DEFAULT_PFIFO_FAST 458 help 459 Select the queueing discipline that will be used by default 460 for all network devices. 461 462 config DEFAULT_FQ 463 bool "Fair Queue" if NET_SCH_FQ 464 465 config DEFAULT_CODEL 466 bool "Controlled Delay" if NET_SCH_CODEL 467 468 config DEFAULT_FQ_CODEL 469 bool "Fair Queue Controlled Delay" if NET_SCH_FQ_CODEL 470 471 config DEFAULT_FQ_PIE 472 bool "Flow Queue Proportional Integral controller Enhanced" if NET_SCH_FQ_PIE 473 474 config DEFAULT_SFQ 475 bool "Stochastic Fair Queue" if NET_SCH_SFQ 476 477 config DEFAULT_PFIFO_FAST 478 bool "Priority FIFO Fast" 479endchoice 480 481config DEFAULT_NET_SCH 482 string 483 default "pfifo_fast" if DEFAULT_PFIFO_FAST 484 default "fq" if DEFAULT_FQ 485 default "fq_codel" if DEFAULT_FQ_CODEL 486 default "fq_pie" if DEFAULT_FQ_PIE 487 default "sfq" if DEFAULT_SFQ 488 default "pfifo_fast" 489endif 490 491comment "Classification" 492 493config NET_CLS 494 bool 495 496config NET_CLS_BASIC 497 tristate "Elementary classification (BASIC)" 498 select NET_CLS 499 help 500 Say Y here if you want to be able to classify packets using 501 only extended matches and actions. 502 503 To compile this code as a module, choose M here: the 504 module will be called cls_basic. 505 506config NET_CLS_ROUTE4 507 tristate "Routing decision (ROUTE)" 508 depends on INET 509 select IP_ROUTE_CLASSID 510 select NET_CLS 511 help 512 If you say Y here, you will be able to classify packets 513 according to the route table entry they matched. 514 515 To compile this code as a module, choose M here: the 516 module will be called cls_route. 517 518config NET_CLS_FW 519 tristate "Netfilter mark (FW)" 520 select NET_CLS 521 help 522 If you say Y here, you will be able to classify packets 523 according to netfilter/firewall marks. 524 525 To compile this code as a module, choose M here: the 526 module will be called cls_fw. 527 528config NET_CLS_U32 529 tristate "Universal 32bit comparisons w/ hashing (U32)" 530 select NET_CLS 531 help 532 Say Y here to be able to classify packets using a universal 533 32bit pieces based comparison scheme. 534 535 To compile this code as a module, choose M here: the 536 module will be called cls_u32. 537 538config CLS_U32_PERF 539 bool "Performance counters support" 540 depends on NET_CLS_U32 541 help 542 Say Y here to make u32 gather additional statistics useful for 543 fine tuning u32 classifiers. 544 545config CLS_U32_MARK 546 bool "Netfilter marks support" 547 depends on NET_CLS_U32 548 help 549 Say Y here to be able to use netfilter marks as u32 key. 550 551config NET_CLS_RSVP 552 tristate "IPv4 Resource Reservation Protocol (RSVP)" 553 select NET_CLS 554 help 555 The Resource Reservation Protocol (RSVP) permits end systems to 556 request a minimum and maximum data flow rate for a connection; this 557 is important for real time data such as streaming sound or video. 558 559 Say Y here if you want to be able to classify outgoing packets based 560 on their RSVP requests. 561 562 To compile this code as a module, choose M here: the 563 module will be called cls_rsvp. 564 565config NET_CLS_RSVP6 566 tristate "IPv6 Resource Reservation Protocol (RSVP6)" 567 select NET_CLS 568 help 569 The Resource Reservation Protocol (RSVP) permits end systems to 570 request a minimum and maximum data flow rate for a connection; this 571 is important for real time data such as streaming sound or video. 572 573 Say Y here if you want to be able to classify outgoing packets based 574 on their RSVP requests and you are using the IPv6 protocol. 575 576 To compile this code as a module, choose M here: the 577 module will be called cls_rsvp6. 578 579config NET_CLS_FLOW 580 tristate "Flow classifier" 581 select NET_CLS 582 help 583 If you say Y here, you will be able to classify packets based on 584 a configurable combination of packet keys. This is mostly useful 585 in combination with SFQ. 586 587 To compile this code as a module, choose M here: the 588 module will be called cls_flow. 589 590config NET_CLS_CGROUP 591 tristate "Control Group Classifier" 592 select NET_CLS 593 select CGROUP_NET_CLASSID 594 depends on CGROUPS 595 help 596 Say Y here if you want to classify packets based on the control 597 cgroup of their process. 598 599 To compile this code as a module, choose M here: the 600 module will be called cls_cgroup. 601 602config NET_CLS_BPF 603 tristate "BPF-based classifier" 604 select NET_CLS 605 help 606 If you say Y here, you will be able to classify packets based on 607 programmable BPF (JIT'ed) filters as an alternative to ematches. 608 609 To compile this code as a module, choose M here: the module will 610 be called cls_bpf. 611 612config NET_CLS_FLOWER 613 tristate "Flower classifier" 614 select NET_CLS 615 help 616 If you say Y here, you will be able to classify packets based on 617 a configurable combination of packet keys and masks. 618 619 To compile this code as a module, choose M here: the module will 620 be called cls_flower. 621 622config NET_CLS_MATCHALL 623 tristate "Match-all classifier" 624 select NET_CLS 625 help 626 If you say Y here, you will be able to classify packets based on 627 nothing. Every packet will match. 628 629 To compile this code as a module, choose M here: the module will 630 be called cls_matchall. 631 632config NET_EMATCH 633 bool "Extended Matches" 634 select NET_CLS 635 help 636 Say Y here if you want to use extended matches on top of classifiers 637 and select the extended matches below. 638 639 Extended matches are small classification helpers not worth writing 640 a separate classifier for. 641 642 A recent version of the iproute2 package is required to use 643 extended matches. 644 645config NET_EMATCH_STACK 646 int "Stack size" 647 depends on NET_EMATCH 648 default "32" 649 help 650 Size of the local stack variable used while evaluating the tree of 651 ematches. Limits the depth of the tree, i.e. the number of 652 encapsulated precedences. Every level requires 4 bytes of additional 653 stack space. 654 655config NET_EMATCH_CMP 656 tristate "Simple packet data comparison" 657 depends on NET_EMATCH 658 help 659 Say Y here if you want to be able to classify packets based on 660 simple packet data comparisons for 8, 16, and 32bit values. 661 662 To compile this code as a module, choose M here: the 663 module will be called em_cmp. 664 665config NET_EMATCH_NBYTE 666 tristate "Multi byte comparison" 667 depends on NET_EMATCH 668 help 669 Say Y here if you want to be able to classify packets based on 670 multiple byte comparisons mainly useful for IPv6 address comparisons. 671 672 To compile this code as a module, choose M here: the 673 module will be called em_nbyte. 674 675config NET_EMATCH_U32 676 tristate "U32 key" 677 depends on NET_EMATCH 678 help 679 Say Y here if you want to be able to classify packets using 680 the famous u32 key in combination with logic relations. 681 682 To compile this code as a module, choose M here: the 683 module will be called em_u32. 684 685config NET_EMATCH_META 686 tristate "Metadata" 687 depends on NET_EMATCH 688 help 689 Say Y here if you want to be able to classify packets based on 690 metadata such as load average, netfilter attributes, socket 691 attributes and routing decisions. 692 693 To compile this code as a module, choose M here: the 694 module will be called em_meta. 695 696config NET_EMATCH_TEXT 697 tristate "Textsearch" 698 depends on NET_EMATCH 699 select TEXTSEARCH 700 select TEXTSEARCH_KMP 701 select TEXTSEARCH_BM 702 select TEXTSEARCH_FSM 703 help 704 Say Y here if you want to be able to classify packets based on 705 textsearch comparisons. 706 707 To compile this code as a module, choose M here: the 708 module will be called em_text. 709 710config NET_EMATCH_CANID 711 tristate "CAN Identifier" 712 depends on NET_EMATCH && (CAN=y || CAN=m) 713 help 714 Say Y here if you want to be able to classify CAN frames based 715 on CAN Identifier. 716 717 To compile this code as a module, choose M here: the 718 module will be called em_canid. 719 720config NET_EMATCH_IPSET 721 tristate "IPset" 722 depends on NET_EMATCH && IP_SET 723 help 724 Say Y here if you want to be able to classify packets based on 725 ipset membership. 726 727 To compile this code as a module, choose M here: the 728 module will be called em_ipset. 729 730config NET_EMATCH_IPT 731 tristate "IPtables Matches" 732 depends on NET_EMATCH && NETFILTER && NETFILTER_XTABLES 733 help 734 Say Y here to be able to classify packets based on iptables 735 matches. 736 Current supported match is "policy" which allows packet classification 737 based on IPsec policy that was used during decapsulation 738 739 To compile this code as a module, choose M here: the 740 module will be called em_ipt. 741 742config NET_CLS_ACT 743 bool "Actions" 744 select NET_CLS 745 help 746 Say Y here if you want to use traffic control actions. Actions 747 get attached to classifiers and are invoked after a successful 748 classification. They are used to overwrite the classification 749 result, instantly drop or redirect packets, etc. 750 751 A recent version of the iproute2 package is required to use 752 extended matches. 753 754config NET_ACT_POLICE 755 tristate "Traffic Policing" 756 depends on NET_CLS_ACT 757 help 758 Say Y here if you want to do traffic policing, i.e. strict 759 bandwidth limiting. This action replaces the existing policing 760 module. 761 762 To compile this code as a module, choose M here: the 763 module will be called act_police. 764 765config NET_ACT_GACT 766 tristate "Generic actions" 767 depends on NET_CLS_ACT 768 help 769 Say Y here to take generic actions such as dropping and 770 accepting packets. 771 772 To compile this code as a module, choose M here: the 773 module will be called act_gact. 774 775config GACT_PROB 776 bool "Probability support" 777 depends on NET_ACT_GACT 778 help 779 Say Y here to use the generic action randomly or deterministically. 780 781config NET_ACT_MIRRED 782 tristate "Redirecting and Mirroring" 783 depends on NET_CLS_ACT 784 help 785 Say Y here to allow packets to be mirrored or redirected to 786 other devices. 787 788 To compile this code as a module, choose M here: the 789 module will be called act_mirred. 790 791config NET_ACT_SAMPLE 792 tristate "Traffic Sampling" 793 depends on NET_CLS_ACT 794 select PSAMPLE 795 help 796 Say Y here to allow packet sampling tc action. The packet sample 797 action consists of statistically choosing packets and sampling 798 them using the psample module. 799 800 To compile this code as a module, choose M here: the 801 module will be called act_sample. 802 803config NET_ACT_IPT 804 tristate "IPtables targets" 805 depends on NET_CLS_ACT && NETFILTER && NETFILTER_XTABLES 806 help 807 Say Y here to be able to invoke iptables targets after successful 808 classification. 809 810 To compile this code as a module, choose M here: the 811 module will be called act_ipt. 812 813config NET_ACT_NAT 814 tristate "Stateless NAT" 815 depends on NET_CLS_ACT 816 help 817 Say Y here to do stateless NAT on IPv4 packets. You should use 818 netfilter for NAT unless you know what you are doing. 819 820 To compile this code as a module, choose M here: the 821 module will be called act_nat. 822 823config NET_ACT_PEDIT 824 tristate "Packet Editing" 825 depends on NET_CLS_ACT 826 help 827 Say Y here if you want to mangle the content of packets. 828 829 To compile this code as a module, choose M here: the 830 module will be called act_pedit. 831 832config NET_ACT_SIMP 833 tristate "Simple Example (Debug)" 834 depends on NET_CLS_ACT 835 help 836 Say Y here to add a simple action for demonstration purposes. 837 It is meant as an example and for debugging purposes. It will 838 print a configured policy string followed by the packet count 839 to the console for every packet that passes by. 840 841 If unsure, say N. 842 843 To compile this code as a module, choose M here: the 844 module will be called act_simple. 845 846config NET_ACT_SKBEDIT 847 tristate "SKB Editing" 848 depends on NET_CLS_ACT 849 help 850 Say Y here to change skb priority or queue_mapping settings. 851 852 If unsure, say N. 853 854 To compile this code as a module, choose M here: the 855 module will be called act_skbedit. 856 857config NET_ACT_CSUM 858 tristate "Checksum Updating" 859 depends on NET_CLS_ACT && INET 860 select LIBCRC32C 861 help 862 Say Y here to update some common checksum after some direct 863 packet alterations. 864 865 To compile this code as a module, choose M here: the 866 module will be called act_csum. 867 868config NET_ACT_MPLS 869 tristate "MPLS manipulation" 870 depends on NET_CLS_ACT 871 help 872 Say Y here to push or pop MPLS headers. 873 874 If unsure, say N. 875 876 To compile this code as a module, choose M here: the 877 module will be called act_mpls. 878 879config NET_ACT_VLAN 880 tristate "Vlan manipulation" 881 depends on NET_CLS_ACT 882 help 883 Say Y here to push or pop vlan headers. 884 885 If unsure, say N. 886 887 To compile this code as a module, choose M here: the 888 module will be called act_vlan. 889 890config NET_ACT_BPF 891 tristate "BPF based action" 892 depends on NET_CLS_ACT 893 help 894 Say Y here to execute BPF code on packets. The BPF code will decide 895 if the packet should be dropped or not. 896 897 If unsure, say N. 898 899 To compile this code as a module, choose M here: the 900 module will be called act_bpf. 901 902config NET_ACT_CONNMARK 903 tristate "Netfilter Connection Mark Retriever" 904 depends on NET_CLS_ACT && NETFILTER 905 depends on NF_CONNTRACK && NF_CONNTRACK_MARK 906 help 907 Say Y here to allow retrieving of conn mark 908 909 If unsure, say N. 910 911 To compile this code as a module, choose M here: the 912 module will be called act_connmark. 913 914config NET_ACT_CTINFO 915 tristate "Netfilter Connection Mark Actions" 916 depends on NET_CLS_ACT && NETFILTER 917 depends on NF_CONNTRACK && NF_CONNTRACK_MARK 918 help 919 Say Y here to allow transfer of a connmark stored information. 920 Current actions transfer connmark stored DSCP into 921 ipv4/v6 diffserv and/or to transfer connmark to packet 922 mark. Both are useful for restoring egress based marks 923 back onto ingress connections for qdisc priority mapping 924 purposes. 925 926 If unsure, say N. 927 928 To compile this code as a module, choose M here: the 929 module will be called act_ctinfo. 930 931config NET_ACT_SKBMOD 932 tristate "skb data modification action" 933 depends on NET_CLS_ACT 934 help 935 Say Y here to allow modification of skb data 936 937 If unsure, say N. 938 939 To compile this code as a module, choose M here: the 940 module will be called act_skbmod. 941 942config NET_ACT_IFE 943 tristate "Inter-FE action based on IETF ForCES InterFE LFB" 944 depends on NET_CLS_ACT 945 select NET_IFE 946 help 947 Say Y here to allow for sourcing and terminating metadata 948 For details refer to netdev01 paper: 949 "Distributing Linux Traffic Control Classifier-Action Subsystem" 950 Authors: Jamal Hadi Salim and Damascene M. Joachimpillai 951 952 To compile this code as a module, choose M here: the 953 module will be called act_ife. 954 955config NET_ACT_TUNNEL_KEY 956 tristate "IP tunnel metadata manipulation" 957 depends on NET_CLS_ACT 958 help 959 Say Y here to set/release ip tunnel metadata. 960 961 If unsure, say N. 962 963 To compile this code as a module, choose M here: the 964 module will be called act_tunnel_key. 965 966config NET_ACT_CT 967 tristate "connection tracking tc action" 968 depends on NET_CLS_ACT && NF_CONNTRACK && (!NF_NAT || NF_NAT) && NF_FLOW_TABLE 969 help 970 Say Y here to allow sending the packets to conntrack module. 971 972 If unsure, say N. 973 974 To compile this code as a module, choose M here: the 975 module will be called act_ct. 976 977config NET_ACT_GATE 978 tristate "Frame gate entry list control tc action" 979 depends on NET_CLS_ACT 980 help 981 Say Y here to allow to control the ingress flow to be passed at 982 specific time slot and be dropped at other specific time slot by 983 the gate entry list. 984 985 If unsure, say N. 986 To compile this code as a module, choose M here: the 987 module will be called act_gate. 988 989config NET_IFE_SKBMARK 990 tristate "Support to encoding decoding skb mark on IFE action" 991 depends on NET_ACT_IFE 992 993config NET_IFE_SKBPRIO 994 tristate "Support to encoding decoding skb prio on IFE action" 995 depends on NET_ACT_IFE 996 997config NET_IFE_SKBTCINDEX 998 tristate "Support to encoding decoding skb tcindex on IFE action" 999 depends on NET_ACT_IFE 1000 1001config NET_TC_SKB_EXT 1002 bool "TC recirculation support" 1003 depends on NET_CLS_ACT 1004 select SKB_EXTENSIONS 1005 1006 help 1007 Say Y here to allow tc chain misses to continue in OvS datapath in 1008 the correct recirc_id, and hardware chain misses to continue in 1009 the correct chain in tc software datapath. 1010 1011 Say N here if you won't be using tc<->ovs offload or tc chains offload. 1012 1013endif # NET_SCHED 1014 1015config NET_SCH_FIFO 1016 bool 1017