Gitiles
Code Review Sign In
192.168.1.100 / T800 / 17faa44e9cc8d09a28add2a8a0371fcf84b51efd / . / src / kernel / linux / v4.19 / net / Kconfig
blob: 6376873c664e00865f861f8a9b424406ceb2b504 [file] [log] [blame]
xjb04a4022021-11-25 15:01:52 +0800[diff] [blame]1#
2# Network configuration
3#
4
5menuconfig NET
6 bool "Networking support"
7 select NLATTR
8 select GENERIC_NET_UTILS
9 select BPF
10 ---help---
11 Unless you really know what you are doing, you should say Y here.
12 The reason is that some programs need kernel networking support even
13 when running on a stand-alone machine that isn't connected to any
14 other computer.
15
16 If you are upgrading from an older kernel, you
17 should consider updating your networking tools too because changes
18 in the kernel and the tools often go hand in hand. The tools are
19 contained in the package net-tools, the location and version number
20 of which are given in <file:Documentation/Changes>.
21
22 For a general introduction to Linux networking, it is highly
23 recommended to read the NET-HOWTO, available from
24 <http://www.tldp.org/docs.html#howto>.
25
26if NET
27
28config ETHERNET_PACKET_MANGLE
29 bool
30 help
31 This option can be selected by phy drivers that need to mangle
32 packets going in or out of an ethernet device.
33
34config WANT_COMPAT_NETLINK_MESSAGES
35 bool
36 help
37 This option can be selected by other options that need compat
38 netlink messages.
39
40config COMPAT_NETLINK_MESSAGES
41 def_bool y
42 depends on COMPAT
43 depends on WEXT_CORE || WANT_COMPAT_NETLINK_MESSAGES
44 help
45 This option makes it possible to send different netlink messages
46 to tasks depending on whether the task is a compat task or not. To
47 achieve this, you need to set skb_shinfo(skb)->frag_list to the
48 compat skb before sending the skb, the netlink code will sort out
49 which message to actually pass to the task.
50
51 Newly written code should NEVER need this option but do
52 compat-independent messages instead!
53
54config NET_INGRESS
55 bool
56
57config NET_EGRESS
58 bool
59
60menu "Networking options"
61
62source "net/packet/Kconfig"
63source "net/unix/Kconfig"
64source "net/tls/Kconfig"
65source "net/xfrm/Kconfig"
66source "net/iucv/Kconfig"
67source "net/smc/Kconfig"
68source "net/xdp/Kconfig"
69
70config INET
71 bool "TCP/IP networking"
72 select CRYPTO
73 select CRYPTO_AES
74 ---help---
75 These are the protocols used on the Internet and on most local
76 Ethernets. It is highly recommended to say Y here (this will enlarge
77 your kernel by about 400 KB), since some programs (e.g. the X window
78 system) use TCP/IP even if your machine is not connected to any
79 other computer. You will get the so-called loopback device which
80 allows you to ping yourself (great fun, that!).
81
82 For an excellent introduction to Linux networking, please read the
83 Linux Networking HOWTO, available from
84 <http://www.tldp.org/docs.html#howto>.
85
86 If you say Y here and also to "/proc file system support" and
87 "Sysctl support" below, you can change various aspects of the
88 behavior of the TCP/IP code by writing to the (virtual) files in
89 /proc/sys/net/ipv4/*; the options are explained in the file
90 <file:Documentation/networking/ip-sysctl.txt>.
91
92 Short answer: say Y.
93
94if INET
95source "net/ipv4/Kconfig"
96source "net/ipv6/Kconfig"
97source "net/netlabel/Kconfig"
98
99endif # if INET
100
101config SOCK_DIAG
102 bool
103
104config NETWORK_SECMARK
105 bool "Security Marking"
106 help
107 This enables security marking of network packets, similar
108 to nfmark, but designated for security purposes.
109 If you are unsure how to answer this question, answer N.
110
111config NET_PTP_CLASSIFY
112 def_bool n
113
114config NETWORK_PHY_TIMESTAMPING
115 bool "Timestamping in PHY devices"
116 select NET_PTP_CLASSIFY
117 help
118 This allows timestamping of network packets by PHYs with
119 hardware timestamping capabilities. This option adds some
120 overhead in the transmit and receive paths.
121
122 If you are unsure how to answer this question, answer N.
123
124menuconfig NETFILTER
125 bool "Network packet filtering framework (Netfilter)"
126 ---help---
127 Netfilter is a framework for filtering and mangling network packets
128 that pass through your Linux box.
129
130 The most common use of packet filtering is to run your Linux box as
131 a firewall protecting a local network from the Internet. The type of
132 firewall provided by this kernel support is called a "packet
133 filter", which means that it can reject individual network packets
134 based on type, source, destination etc. The other kind of firewall,
135 a "proxy-based" one, is more secure but more intrusive and more
136 bothersome to set up; it inspects the network traffic much more
137 closely, modifies it and has knowledge about the higher level
138 protocols, which a packet filter lacks. Moreover, proxy-based
139 firewalls often require changes to the programs running on the local
140 clients. Proxy-based firewalls don't need support by the kernel, but
141 they are often combined with a packet filter, which only works if
142 you say Y here.
143
144 You should also say Y here if you intend to use your Linux box as
145 the gateway to the Internet for a local network of machines without
146 globally valid IP addresses. This is called "masquerading": if one
147 of the computers on your local network wants to send something to
148 the outside, your box can "masquerade" as that computer, i.e. it
149 forwards the traffic to the intended outside destination, but
150 modifies the packets to make it look like they came from the
151 firewall box itself. It works both ways: if the outside host
152 replies, the Linux box will silently forward the traffic to the
153 correct local computer. This way, the computers on your local net
154 are completely invisible to the outside world, even though they can
155 reach the outside and can receive replies. It is even possible to
156 run globally visible servers from within a masqueraded local network
157 using a mechanism called portforwarding. Masquerading is also often
158 called NAT (Network Address Translation).
159
160 Another use of Netfilter is in transparent proxying: if a machine on
161 the local network tries to connect to an outside host, your Linux
162 box can transparently forward the traffic to a local server,
163 typically a caching proxy server.
164
165 Yet another use of Netfilter is building a bridging firewall. Using
166 a bridge with Network packet filtering enabled makes iptables "see"
167 the bridged traffic. For filtering on the lower network and Ethernet
168 protocols over the bridge, use ebtables (under bridge netfilter
169 configuration).
170
171 Various modules exist for netfilter which replace the previous
172 masquerading (ipmasqadm), packet filtering (ipchains), transparent
173 proxying, and portforwarding mechanisms. Please see
174 <file:Documentation/Changes> under "iptables" for the location of
175 these packages.
176
177if NETFILTER
178
179config NETFILTER_ADVANCED
180 bool "Advanced netfilter configuration"
181 depends on NETFILTER
182 default y
183 help
184 If you say Y here you can select between all the netfilter modules.
185 If you say N the more unusual ones will not be shown and the
186 basic ones needed by most people will default to 'M'.
187
188 If unsure, say Y.
189
190config BRIDGE_NETFILTER
191 tristate "Bridged IP/ARP packets filtering"
192 depends on BRIDGE
193 depends on NETFILTER && INET
194 depends on NETFILTER_ADVANCED
195 select NETFILTER_FAMILY_BRIDGE
196 default m
197 ---help---
198 Enabling this option will let arptables resp. iptables see bridged
199 ARP resp. IP traffic. If you want a bridging firewall, you probably
200 want this option enabled.
201 Enabling or disabling this option doesn't enable or disable
202 ebtables.
203
204 If unsure, say N.
205
206source "net/netfilter/Kconfig"
207source "net/ipv4/netfilter/Kconfig"
208source "net/ipv6/netfilter/Kconfig"
209source "net/decnet/netfilter/Kconfig"
210source "net/bridge/netfilter/Kconfig"
211
212endif
213
214source "net/bpfilter/Kconfig"
215
216source "net/dccp/Kconfig"
217source "net/sctp/Kconfig"
218source "net/rds/Kconfig"
219source "net/tipc/Kconfig"
220source "net/atm/Kconfig"
221source "net/l2tp/Kconfig"
222source "net/802/Kconfig"
223source "net/bridge/Kconfig"
224source "net/dsa/Kconfig"
225source "net/8021q/Kconfig"
226source "net/decnet/Kconfig"
227source "net/llc/Kconfig"
228source "drivers/net/appletalk/Kconfig"
229source "net/x25/Kconfig"
230source "net/lapb/Kconfig"
231source "net/phonet/Kconfig"
232source "net/6lowpan/Kconfig"
233source "net/ieee802154/Kconfig"
234source "net/mac802154/Kconfig"
235source "net/sched/Kconfig"
236source "net/dcb/Kconfig"
237source "net/dns_resolver/Kconfig"
238source "net/batman-adv/Kconfig"
239source "net/openvswitch/Kconfig"
240source "net/vmw_vsock/Kconfig"
241source "net/netlink/Kconfig"
242source "net/mpls/Kconfig"
243source "net/nsh/Kconfig"
244source "net/hsr/Kconfig"
245source "net/switchdev/Kconfig"
246source "net/l3mdev/Kconfig"
247source "net/qrtr/Kconfig"
248source "net/ncsi/Kconfig"
249
250config RPS
251 bool
252 depends on SMP && SYSFS
253 default y
254
255config RFS_ACCEL
256 bool
257 depends on RPS
258 select CPU_RMAP
259 default y
260
261config XPS
262 bool
263 depends on SMP
264 default y
265
266config HWBM
267 bool
268
269config CGROUP_NET_PRIO
270 bool "Network priority cgroup"
271 depends on CGROUPS
272 select SOCK_CGROUP_DATA
273 ---help---
274 Cgroup subsystem for use in assigning processes to network priorities on
275 a per-interface basis.
276
277config CGROUP_NET_CLASSID
278 bool "Network classid cgroup"
279 depends on CGROUPS
280 select SOCK_CGROUP_DATA
281 ---help---
282 Cgroup subsystem for use as general purpose socket classid marker that is
283 being used in cls_cgroup and for netfilter matching.
284
285config NET_RX_BUSY_POLL
286 bool
287 default y
288
289config BQL
290 bool
291 depends on SYSFS
292 select DQL
293 default y
294
295config BPF_JIT
296 bool "enable BPF Just In Time compiler"
297 depends on HAVE_CBPF_JIT || HAVE_EBPF_JIT
298 depends on MODULES
299 ---help---
300 Berkeley Packet Filter filtering capabilities are normally handled
301 by an interpreter. This option allows kernel to generate a native
302 code when filter is loaded in memory. This should speedup
303 packet sniffing (libpcap/tcpdump).
304
305 Note, admin should enable this feature changing:
306 /proc/sys/net/core/bpf_jit_enable
307 /proc/sys/net/core/bpf_jit_harden (optional)
308 /proc/sys/net/core/bpf_jit_kallsyms (optional)
309
310config BPF_STREAM_PARSER
311 bool "enable BPF STREAM_PARSER"
312 depends on BPF_SYSCALL
313 select STREAM_PARSER
314 ---help---
315 Enabling this allows a stream parser to be used with
316 BPF_MAP_TYPE_SOCKMAP.
317
318 BPF_MAP_TYPE_SOCKMAP provides a map type to use with network sockets.
319 It can be used to enforce socket policy, implement socket redirects,
320 etc.
321
322config NET_FLOW_LIMIT
323 bool
324 depends on RPS
325 default y
326 ---help---
327 The network stack has to drop packets when a receive processing CPU's
328 backlog reaches netdev_max_backlog. If a few out of many active flows
329 generate the vast majority of load, drop their traffic earlier to
330 maintain capacity for the other flows. This feature provides servers
331 with many clients some protection against DoS by a single (spoofed)
332 flow that greatly exceeds average workload.
333
334menu "Network testing"
335
336config NET_PKTGEN
337 tristate "Packet Generator (USE WITH CAUTION)"
338 depends on INET && PROC_FS
339 ---help---
340 This module will inject preconfigured packets, at a configurable
341 rate, out of a given interface. It is used for network interface
342 stress testing and performance analysis. If you don't understand
343 what was just said, you don't need it: say N.
344
345 Documentation on how to use the packet generator can be found
346 at <file:Documentation/networking/pktgen.txt>.
347
348 To compile this code as a module, choose M here: the
349 module will be called pktgen.
350
351config NET_DROP_MONITOR
352 tristate "Network packet drop alerting service"
353 depends on INET && TRACEPOINTS
354 ---help---
355 This feature provides an alerting service to userspace in the
356 event that packets are discarded in the network stack. Alerts
357 are broadcast via netlink socket to any listening user space
358 process. If you don't need network drop alerts, or if you are ok
359 just checking the various proc files and other utilities for
360 drop statistics, say N here.
361
362endmenu
363
364endmenu
365
366source "net/ax25/Kconfig"
367source "net/can/Kconfig"
368source "net/bluetooth/Kconfig"
369source "net/rxrpc/Kconfig"
370source "net/kcm/Kconfig"
371source "net/strparser/Kconfig"
372
373config FIB_RULES
374 bool
375
376menuconfig WIRELESS
377 bool "Wireless"
378 depends on !S390
379 default y
380
381if WIRELESS
382
383source "net/wireless/Kconfig"
384source "net/mac80211/Kconfig"
385
386endif # WIRELESS
387
388source "net/wimax/Kconfig"
389
390source "net/rfkill/Kconfig"
391source "net/9p/Kconfig"
392source "net/caif/Kconfig"
393source "net/ceph/Kconfig"
394source "net/nfc/Kconfig"
395source "net/psample/Kconfig"
396source "net/ife/Kconfig"
397
398config LWTUNNEL
399 bool "Network light weight tunnels"
400 ---help---
401 This feature provides an infrastructure to support light weight
402 tunnels like mpls. There is no netdevice associated with a light
403 weight tunnel endpoint. Tunnel encapsulation parameters are stored
404 with light weight tunnel state associated with fib routes.
405
406config LWTUNNEL_BPF
407 bool "Execute BPF program as route nexthop action"
408 depends on LWTUNNEL
409 default y if LWTUNNEL=y
410 ---help---
411 Allows to run BPF programs as a nexthop action following a route
412 lookup for incoming and outgoing packets.
413
414config DST_CACHE
415 bool
416 default n
417
418config GRO_CELLS
419 bool
420 default n
421
422config SOCK_VALIDATE_XMIT
423 bool
424
425config NET_DEVLINK
426 tristate "Network physical/parent device Netlink interface"
427 help
428 Network physical/parent device Netlink interface provides
429 infrastructure to support access to physical chip-wide config and
430 monitoring.
431
432config MAY_USE_DEVLINK
433 tristate
434 default m if NET_DEVLINK=m
435 default y if NET_DEVLINK=y || NET_DEVLINK=n
436 help
437 Drivers using the devlink infrastructure should have a dependency
438 on MAY_USE_DEVLINK to ensure they do not cause link errors when
439 devlink is a loadable module and the driver using it is built-in.
440
441config PAGE_POOL
442 bool
443
444config FAILOVER
445 tristate "Generic failover module"
446 help
447 The failover module provides a generic interface for paravirtual
448 drivers to register a netdev and a set of ops with a failover
449 instance. The ops are used as event handlers that get called to
450 handle netdev register/unregister/link change/name change events
451 on slave pci ethernet devices with the same mac address as the
452 failover netdev. This enables paravirtual drivers to use a
453 VF as an accelerated low latency datapath. It also allows live
454 migration of VMs with direct attached VFs by failing over to the
455 paravirtual datapath when the VF is unplugged.
456
457config HW_NAT
458 bool "HW NAT support"
459 default n
460 ---help---
461 This feature provides a fast path to support network lan/wan nat.
462 If you need hw_nat engine to reduce cpu loading, please say Y.
463
464 Note that the answer to this question doesn't directly affect the
465 kernel: saying N will just cause the configurator to skip all
466 the questions about Mediatek Ethernet devices. If you say Y,
467 you will be asked for your specific card in the following questions.
468
469endif # if NET
470
471# Used by archs to tell that they support BPF JIT compiler plus which flavour.
472# Only one of the two can be selected for a specific arch since eBPF JIT supersedes
473# the cBPF JIT.
474
475# Classic BPF JIT (cBPF)
476config HAVE_CBPF_JIT
477 bool
478
479# Extended BPF JIT (eBPF)
480config HAVE_EBPF_JIT
481 bool