• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#
2# Network configuration
3#
4
5menuconfig NET
6	bool "Networking support"
7	select NLATTR
8	select GENERIC_NET_UTILS
9	select BPF
10	---help---
11	  Unless you really know what you are doing, you should say Y here.
12	  The reason is that some programs need kernel networking support even
13	  when running on a stand-alone machine that isn't connected to any
14	  other computer.
15
16	  If you are upgrading from an older kernel, you
17	  should consider updating your networking tools too because changes
18	  in the kernel and the tools often go hand in hand. The tools are
19	  contained in the package net-tools, the location and version number
20	  of which are given in <file:Documentation/Changes>.
21
22	  For a general introduction to Linux networking, it is highly
23	  recommended to read the NET-HOWTO, available from
24	  <http://www.tldp.org/docs.html#howto>.
25
26if NET
27
28config WANT_COMPAT_NETLINK_MESSAGES
29	bool
30	help
31	  This option can be selected by other options that need compat
32	  netlink messages.
33
34config COMPAT_NETLINK_MESSAGES
35	def_bool y
36	depends on COMPAT
37	depends on WEXT_CORE || WANT_COMPAT_NETLINK_MESSAGES
38	help
39	  This option makes it possible to send different netlink messages
40	  to tasks depending on whether the task is a compat task or not. To
41	  achieve this, you need to set skb_shinfo(skb)->frag_list to the
42	  compat skb before sending the skb, the netlink code will sort out
43	  which message to actually pass to the task.
44
45	  Newly written code should NEVER need this option but do
46	  compat-independent messages instead!
47
48config NET_INGRESS
49	bool
50
51menu "Networking options"
52
53source "net/packet/Kconfig"
54source "net/unix/Kconfig"
55source "net/xfrm/Kconfig"
56source "net/iucv/Kconfig"
57
58config INET
59	bool "TCP/IP networking"
60	select CRYPTO
61	select CRYPTO_AES
62	---help---
63	  These are the protocols used on the Internet and on most local
64	  Ethernets. It is highly recommended to say Y here (this will enlarge
65	  your kernel by about 400 KB), since some programs (e.g. the X window
66	  system) use TCP/IP even if your machine is not connected to any
67	  other computer. You will get the so-called loopback device which
68	  allows you to ping yourself (great fun, that!).
69
70	  For an excellent introduction to Linux networking, please read the
71	  Linux Networking HOWTO, available from
72	  <http://www.tldp.org/docs.html#howto>.
73
74	  If you say Y here and also to "/proc file system support" and
75	  "Sysctl support" below, you can change various aspects of the
76	  behavior of the TCP/IP code by writing to the (virtual) files in
77	  /proc/sys/net/ipv4/*; the options are explained in the file
78	  <file:Documentation/networking/ip-sysctl.txt>.
79
80	  Short answer: say Y.
81
82if INET
83source "net/ipv4/Kconfig"
84source "net/ipv6/Kconfig"
85source "net/netlabel/Kconfig"
86
87endif # if INET
88
89config ANDROID_PARANOID_NETWORK
90	bool "Only allow certain groups to create sockets"
91	default y
92	help
93		none
94
95config NETWORK_SECMARK
96	bool "Security Marking"
97	help
98	  This enables security marking of network packets, similar
99	  to nfmark, but designated for security purposes.
100	  If you are unsure how to answer this question, answer N.
101
102config NET_PTP_CLASSIFY
103	def_bool n
104
105config NETWORK_PHY_TIMESTAMPING
106	bool "Timestamping in PHY devices"
107	select NET_PTP_CLASSIFY
108	help
109	  This allows timestamping of network packets by PHYs with
110	  hardware timestamping capabilities. This option adds some
111	  overhead in the transmit and receive paths.
112
113	  If you are unsure how to answer this question, answer N.
114
115menuconfig NETFILTER
116	bool "Network packet filtering framework (Netfilter)"
117	---help---
118	  Netfilter is a framework for filtering and mangling network packets
119	  that pass through your Linux box.
120
121	  The most common use of packet filtering is to run your Linux box as
122	  a firewall protecting a local network from the Internet. The type of
123	  firewall provided by this kernel support is called a "packet
124	  filter", which means that it can reject individual network packets
125	  based on type, source, destination etc. The other kind of firewall,
126	  a "proxy-based" one, is more secure but more intrusive and more
127	  bothersome to set up; it inspects the network traffic much more
128	  closely, modifies it and has knowledge about the higher level
129	  protocols, which a packet filter lacks. Moreover, proxy-based
130	  firewalls often require changes to the programs running on the local
131	  clients. Proxy-based firewalls don't need support by the kernel, but
132	  they are often combined with a packet filter, which only works if
133	  you say Y here.
134
135	  You should also say Y here if you intend to use your Linux box as
136	  the gateway to the Internet for a local network of machines without
137	  globally valid IP addresses. This is called "masquerading": if one
138	  of the computers on your local network wants to send something to
139	  the outside, your box can "masquerade" as that computer, i.e. it
140	  forwards the traffic to the intended outside destination, but
141	  modifies the packets to make it look like they came from the
142	  firewall box itself. It works both ways: if the outside host
143	  replies, the Linux box will silently forward the traffic to the
144	  correct local computer. This way, the computers on your local net
145	  are completely invisible to the outside world, even though they can
146	  reach the outside and can receive replies. It is even possible to
147	  run globally visible servers from within a masqueraded local network
148	  using a mechanism called portforwarding. Masquerading is also often
149	  called NAT (Network Address Translation).
150
151	  Another use of Netfilter is in transparent proxying: if a machine on
152	  the local network tries to connect to an outside host, your Linux
153	  box can transparently forward the traffic to a local server,
154	  typically a caching proxy server.
155
156	  Yet another use of Netfilter is building a bridging firewall. Using
157	  a bridge with Network packet filtering enabled makes iptables "see"
158	  the bridged traffic. For filtering on the lower network and Ethernet
159	  protocols over the bridge, use ebtables (under bridge netfilter
160	  configuration).
161
162	  Various modules exist for netfilter which replace the previous
163	  masquerading (ipmasqadm), packet filtering (ipchains), transparent
164	  proxying, and portforwarding mechanisms. Please see
165	  <file:Documentation/Changes> under "iptables" for the location of
166	  these packages.
167
168if NETFILTER
169
170config NETFILTER_DEBUG
171	bool "Network packet filtering debugging"
172	depends on NETFILTER
173	help
174	  You can say Y here if you want to get additional messages useful in
175	  debugging the netfilter code.
176
177config NETFILTER_ADVANCED
178	bool "Advanced netfilter configuration"
179	depends on NETFILTER
180	default y
181	help
182	  If you say Y here you can select between all the netfilter modules.
183	  If you say N the more unusual ones will not be shown and the
184	  basic ones needed by most people will default to 'M'.
185
186	  If unsure, say Y.
187
188config BRIDGE_NETFILTER
189	tristate "Bridged IP/ARP packets filtering"
190	depends on BRIDGE
191	depends on NETFILTER && INET
192	depends on NETFILTER_ADVANCED
193	default m
194	---help---
195	  Enabling this option will let arptables resp. iptables see bridged
196	  ARP resp. IP traffic. If you want a bridging firewall, you probably
197	  want this option enabled.
198	  Enabling or disabling this option doesn't enable or disable
199	  ebtables.
200
201	  If unsure, say N.
202
203source "net/netfilter/Kconfig"
204source "net/ipv4/netfilter/Kconfig"
205source "net/ipv6/netfilter/Kconfig"
206source "net/decnet/netfilter/Kconfig"
207source "net/bridge/netfilter/Kconfig"
208
209endif
210
211source "net/dccp/Kconfig"
212source "net/sctp/Kconfig"
213source "net/rds/Kconfig"
214source "net/tipc/Kconfig"
215source "net/atm/Kconfig"
216source "net/l2tp/Kconfig"
217source "net/802/Kconfig"
218source "net/bridge/Kconfig"
219source "net/dsa/Kconfig"
220source "net/8021q/Kconfig"
221source "net/decnet/Kconfig"
222source "net/llc/Kconfig"
223source "net/ipx/Kconfig"
224source "drivers/net/appletalk/Kconfig"
225source "net/x25/Kconfig"
226source "net/lapb/Kconfig"
227source "net/phonet/Kconfig"
228source "net/6lowpan/Kconfig"
229source "net/ieee802154/Kconfig"
230source "net/mac802154/Kconfig"
231source "net/sched/Kconfig"
232source "net/dcb/Kconfig"
233source "net/dns_resolver/Kconfig"
234source "net/batman-adv/Kconfig"
235source "net/openvswitch/Kconfig"
236source "net/vmw_vsock/Kconfig"
237source "net/netlink/Kconfig"
238source "net/mpls/Kconfig"
239source "net/hsr/Kconfig"
240source "net/switchdev/Kconfig"
241source "net/l3mdev/Kconfig"
242
243config RPS
244	bool
245	depends on SMP && SYSFS
246	default y
247
248config RFS_ACCEL
249	bool
250	depends on RPS
251	select CPU_RMAP
252	default y
253
254config XPS
255	bool
256	depends on SMP
257	default y
258
259config CGROUP_NET_PRIO
260	bool "Network priority cgroup"
261	depends on CGROUPS
262	---help---
263	  Cgroup subsystem for use in assigning processes to network priorities on
264	  a per-interface basis.
265
266config CGROUP_NET_CLASSID
267	bool "Network classid cgroup"
268	depends on CGROUPS
269	---help---
270	  Cgroup subsystem for use as general purpose socket classid marker that is
271	  being used in cls_cgroup and for netfilter matching.
272
273config NET_RX_BUSY_POLL
274	bool
275	default y
276
277config BQL
278	bool
279	depends on SYSFS
280	select DQL
281	default y
282
283config BPF_JIT
284	bool "enable BPF Just In Time compiler"
285	depends on HAVE_BPF_JIT
286	depends on MODULES
287	---help---
288	  Berkeley Packet Filter filtering capabilities are normally handled
289	  by an interpreter. This option allows kernel to generate a native
290	  code when filter is loaded in memory. This should speedup
291	  packet sniffing (libpcap/tcpdump). Note : Admin should enable
292	  this feature changing /proc/sys/net/core/bpf_jit_enable
293
294config NET_FLOW_LIMIT
295	bool
296	depends on RPS
297	default y
298	---help---
299	  The network stack has to drop packets when a receive processing CPU's
300	  backlog reaches netdev_max_backlog. If a few out of many active flows
301	  generate the vast majority of load, drop their traffic earlier to
302	  maintain capacity for the other flows. This feature provides servers
303	  with many clients some protection against DoS by a single (spoofed)
304	  flow that greatly exceeds average workload.
305
306menu "Network testing"
307
308config NET_PKTGEN
309	tristate "Packet Generator (USE WITH CAUTION)"
310	depends on INET && PROC_FS
311	---help---
312	  This module will inject preconfigured packets, at a configurable
313	  rate, out of a given interface.  It is used for network interface
314	  stress testing and performance analysis.  If you don't understand
315	  what was just said, you don't need it: say N.
316
317	  Documentation on how to use the packet generator can be found
318	  at <file:Documentation/networking/pktgen.txt>.
319
320	  To compile this code as a module, choose M here: the
321	  module will be called pktgen.
322
323config NET_TCPPROBE
324	tristate "TCP connection probing"
325	depends on INET && PROC_FS && KPROBES
326	---help---
327	This module allows for capturing the changes to TCP connection
328	state in response to incoming packets. It is used for debugging
329	TCP congestion avoidance modules. If you don't understand
330	what was just said, you don't need it: say N.
331
332	Documentation on how to use TCP connection probing can be found
333	at:
334
335	  http://www.linuxfoundation.org/collaborate/workgroups/networking/tcpprobe
336
337	To compile this code as a module, choose M here: the
338	module will be called tcp_probe.
339
340config NET_DROP_MONITOR
341	tristate "Network packet drop alerting service"
342	depends on INET && TRACEPOINTS
343	---help---
344	This feature provides an alerting service to userspace in the
345	event that packets are discarded in the network stack.  Alerts
346	are broadcast via netlink socket to any listening user space
347	process.  If you don't need network drop alerts, or if you are ok
348	just checking the various proc files and other utilities for
349	drop statistics, say N here.
350
351endmenu
352
353endmenu
354
355source "net/ax25/Kconfig"
356source "net/can/Kconfig"
357source "net/irda/Kconfig"
358source "net/bluetooth/Kconfig"
359source "net/rxrpc/Kconfig"
360
361config FIB_RULES
362	bool
363
364menuconfig WIRELESS
365	bool "Wireless"
366	depends on !S390
367	default y
368
369if WIRELESS
370
371source "net/wireless/Kconfig"
372source "net/mac80211/Kconfig"
373
374endif # WIRELESS
375
376source "net/wimax/Kconfig"
377
378source "net/rfkill/Kconfig"
379source "net/9p/Kconfig"
380source "net/caif/Kconfig"
381source "net/ceph/Kconfig"
382source "net/nfc/Kconfig"
383
384config LWTUNNEL
385	bool "Network light weight tunnels"
386	---help---
387	  This feature provides an infrastructure to support light weight
388	  tunnels like mpls. There is no netdevice associated with a light
389	  weight tunnel endpoint. Tunnel encapsulation parameters are stored
390	  with light weight tunnel state associated with fib routes.
391
392config DST_CACHE
393	bool
394	default n
395
396endif   # if NET
397
398# Used by archs to tell that they support BPF_JIT
399config HAVE_BPF_JIT
400	bool
401
402config HAVE_EBPF_JIT
403	bool
404