xref: /openbmc/linux/net/Kconfig (revision 08720988) 
1# SPDX-License-Identifier: GPL-2.0-only
2#
3# Network configuration
4#
5
6menuconfig NET
7	bool "Networking support"
8	select NLATTR
9	select GENERIC_NET_UTILS
10	select BPF
11	---help---
12	  Unless you really know what you are doing, you should say Y here.
13	  The reason is that some programs need kernel networking support even
14	  when running on a stand-alone machine that isn't connected to any
15	  other computer.
16
17	  If you are upgrading from an older kernel, you
18	  should consider updating your networking tools too because changes
19	  in the kernel and the tools often go hand in hand. The tools are
20	  contained in the package net-tools, the location and version number
21	  of which are given in <file:Documentation/Changes>.
22
23	  For a general introduction to Linux networking, it is highly
24	  recommended to read the NET-HOWTO, available from
25	  <http://www.tldp.org/docs.html#howto>.
26
27if NET
28
29config WANT_COMPAT_NETLINK_MESSAGES
30	bool
31	help
32	  This option can be selected by other options that need compat
33	  netlink messages.
34
35config COMPAT_NETLINK_MESSAGES
36	def_bool y
37	depends on COMPAT
38	depends on WEXT_CORE || WANT_COMPAT_NETLINK_MESSAGES
39	help
40	  This option makes it possible to send different netlink messages
41	  to tasks depending on whether the task is a compat task or not. To
42	  achieve this, you need to set skb_shinfo(skb)->frag_list to the
43	  compat skb before sending the skb, the netlink code will sort out
44	  which message to actually pass to the task.
45
46	  Newly written code should NEVER need this option but do
47	  compat-independent messages instead!
48
49config NET_INGRESS
50	bool
51
52config NET_EGRESS
53	bool
54
55config SKB_EXTENSIONS
56	bool
57
58menu "Networking options"
59
60source "net/packet/Kconfig"
61source "net/unix/Kconfig"
62source "net/tls/Kconfig"
63source "net/xfrm/Kconfig"
64source "net/iucv/Kconfig"
65source "net/smc/Kconfig"
66source "net/xdp/Kconfig"
67
68config INET
69	bool "TCP/IP networking"
70	---help---
71	  These are the protocols used on the Internet and on most local
72	  Ethernets. It is highly recommended to say Y here (this will enlarge
73	  your kernel by about 400 KB), since some programs (e.g. the X window
74	  system) use TCP/IP even if your machine is not connected to any
75	  other computer. You will get the so-called loopback device which
76	  allows you to ping yourself (great fun, that!).
77
78	  For an excellent introduction to Linux networking, please read the
79	  Linux Networking HOWTO, available from
80	  <http://www.tldp.org/docs.html#howto>.
81
82	  If you say Y here and also to "/proc file system support" and
83	  "Sysctl support" below, you can change various aspects of the
84	  behavior of the TCP/IP code by writing to the (virtual) files in
85	  /proc/sys/net/ipv4/*; the options are explained in the file
86	  <file:Documentation/networking/ip-sysctl.txt>.
87
88	  Short answer: say Y.
89
90if INET
91source "net/ipv4/Kconfig"
92source "net/ipv6/Kconfig"
93source "net/netlabel/Kconfig"
94source "net/mptcp/Kconfig"
95
96endif # if INET
97
98config NETWORK_SECMARK
99	bool "Security Marking"
100	help
101	  This enables security marking of network packets, similar
102	  to nfmark, but designated for security purposes.
103	  If you are unsure how to answer this question, answer N.
104
105config NET_PTP_CLASSIFY
106	def_bool n
107
108config NETWORK_PHY_TIMESTAMPING
109	bool "Timestamping in PHY devices"
110	select NET_PTP_CLASSIFY
111	help
112	  This allows timestamping of network packets by PHYs (or
113	  other MII bus snooping devices) with hardware timestamping
114	  capabilities. This option adds some overhead in the transmit
115	  and receive paths.
116
117	  If you are unsure how to answer this question, answer N.
118
119menuconfig NETFILTER
120	bool "Network packet filtering framework (Netfilter)"
121	---help---
122	  Netfilter is a framework for filtering and mangling network packets
123	  that pass through your Linux box.
124
125	  The most common use of packet filtering is to run your Linux box as
126	  a firewall protecting a local network from the Internet. The type of
127	  firewall provided by this kernel support is called a "packet
128	  filter", which means that it can reject individual network packets
129	  based on type, source, destination etc. The other kind of firewall,
130	  a "proxy-based" one, is more secure but more intrusive and more
131	  bothersome to set up; it inspects the network traffic much more
132	  closely, modifies it and has knowledge about the higher level
133	  protocols, which a packet filter lacks. Moreover, proxy-based
134	  firewalls often require changes to the programs running on the local
135	  clients. Proxy-based firewalls don't need support by the kernel, but
136	  they are often combined with a packet filter, which only works if
137	  you say Y here.
138
139	  You should also say Y here if you intend to use your Linux box as
140	  the gateway to the Internet for a local network of machines without
141	  globally valid IP addresses. This is called "masquerading": if one
142	  of the computers on your local network wants to send something to
143	  the outside, your box can "masquerade" as that computer, i.e. it
144	  forwards the traffic to the intended outside destination, but
145	  modifies the packets to make it look like they came from the
146	  firewall box itself. It works both ways: if the outside host
147	  replies, the Linux box will silently forward the traffic to the
148	  correct local computer. This way, the computers on your local net
149	  are completely invisible to the outside world, even though they can
150	  reach the outside and can receive replies. It is even possible to
151	  run globally visible servers from within a masqueraded local network
152	  using a mechanism called portforwarding. Masquerading is also often
153	  called NAT (Network Address Translation).
154
155	  Another use of Netfilter is in transparent proxying: if a machine on
156	  the local network tries to connect to an outside host, your Linux
157	  box can transparently forward the traffic to a local server,
158	  typically a caching proxy server.
159
160	  Yet another use of Netfilter is building a bridging firewall. Using
161	  a bridge with Network packet filtering enabled makes iptables "see"
162	  the bridged traffic. For filtering on the lower network and Ethernet
163	  protocols over the bridge, use ebtables (under bridge netfilter
164	  configuration).
165
166	  Various modules exist for netfilter which replace the previous
167	  masquerading (ipmasqadm), packet filtering (ipchains), transparent
168	  proxying, and portforwarding mechanisms. Please see
169	  <file:Documentation/Changes> under "iptables" for the location of
170	  these packages.
171
172if NETFILTER
173
174config NETFILTER_ADVANCED
175	bool "Advanced netfilter configuration"
176	depends on NETFILTER
177	default y
178	help
179	  If you say Y here you can select between all the netfilter modules.
180	  If you say N the more unusual ones will not be shown and the
181	  basic ones needed by most people will default to 'M'.
182
183	  If unsure, say Y.
184
185config BRIDGE_NETFILTER
186	tristate "Bridged IP/ARP packets filtering"
187	depends on BRIDGE
188	depends on NETFILTER && INET
189	depends on NETFILTER_ADVANCED
190	select NETFILTER_FAMILY_BRIDGE
191	select SKB_EXTENSIONS
192	---help---
193	  Enabling this option will let arptables resp. iptables see bridged
194	  ARP resp. IP traffic. If you want a bridging firewall, you probably
195	  want this option enabled.
196	  Enabling or disabling this option doesn't enable or disable
197	  ebtables.
198
199	  If unsure, say N.
200
201source "net/netfilter/Kconfig"
202source "net/ipv4/netfilter/Kconfig"
203source "net/ipv6/netfilter/Kconfig"
204source "net/decnet/netfilter/Kconfig"
205source "net/bridge/netfilter/Kconfig"
206
207endif
208
209source "net/bpfilter/Kconfig"
210
211source "net/dccp/Kconfig"
212source "net/sctp/Kconfig"
213source "net/rds/Kconfig"
214source "net/tipc/Kconfig"
215source "net/atm/Kconfig"
216source "net/l2tp/Kconfig"
217source "net/802/Kconfig"
218source "net/bridge/Kconfig"
219source "net/dsa/Kconfig"
220source "net/8021q/Kconfig"
221source "net/decnet/Kconfig"
222source "net/llc/Kconfig"
223source "drivers/net/appletalk/Kconfig"
224source "net/x25/Kconfig"
225source "net/lapb/Kconfig"
226source "net/phonet/Kconfig"
227source "net/6lowpan/Kconfig"
228source "net/ieee802154/Kconfig"
229source "net/mac802154/Kconfig"
230source "net/sched/Kconfig"
231source "net/dcb/Kconfig"
232source "net/dns_resolver/Kconfig"
233source "net/batman-adv/Kconfig"
234source "net/openvswitch/Kconfig"
235source "net/vmw_vsock/Kconfig"
236source "net/netlink/Kconfig"
237source "net/mpls/Kconfig"
238source "net/nsh/Kconfig"
239source "net/hsr/Kconfig"
240source "net/switchdev/Kconfig"
241source "net/l3mdev/Kconfig"
242source "net/qrtr/Kconfig"
243source "net/ncsi/Kconfig"
244
245config RPS
246	bool
247	depends on SMP && SYSFS
248	default y
249
250config RFS_ACCEL
251	bool
252	depends on RPS
253	select CPU_RMAP
254	default y
255
256config XPS
257	bool
258	depends on SMP
259	default y
260
261config HWBM
262	bool
263
264config CGROUP_NET_PRIO
265	bool "Network priority cgroup"
266	depends on CGROUPS
267	select SOCK_CGROUP_DATA
268	---help---
269	  Cgroup subsystem for use in assigning processes to network priorities on
270	  a per-interface basis.
271
272config CGROUP_NET_CLASSID
273	bool "Network classid cgroup"
274	depends on CGROUPS
275	select SOCK_CGROUP_DATA
276	---help---
277	  Cgroup subsystem for use as general purpose socket classid marker that is
278	  being used in cls_cgroup and for netfilter matching.
279
280config NET_RX_BUSY_POLL
281	bool
282	default y
283
284config BQL
285	bool
286	depends on SYSFS
287	select DQL
288	default y
289
290config BPF_JIT
291	bool "enable BPF Just In Time compiler"
292	depends on HAVE_CBPF_JIT || HAVE_EBPF_JIT
293	depends on MODULES
294	---help---
295	  Berkeley Packet Filter filtering capabilities are normally handled
296	  by an interpreter. This option allows kernel to generate a native
297	  code when filter is loaded in memory. This should speedup
298	  packet sniffing (libpcap/tcpdump).
299
300	  Note, admin should enable this feature changing:
301	  /proc/sys/net/core/bpf_jit_enable
302	  /proc/sys/net/core/bpf_jit_harden   (optional)
303	  /proc/sys/net/core/bpf_jit_kallsyms (optional)
304
305config BPF_STREAM_PARSER
306	bool "enable BPF STREAM_PARSER"
307	depends on INET
308	depends on BPF_SYSCALL
309	depends on CGROUP_BPF
310	select STREAM_PARSER
311	select NET_SOCK_MSG
312	---help---
313	  Enabling this allows a stream parser to be used with
314	  BPF_MAP_TYPE_SOCKMAP.
315
316	  BPF_MAP_TYPE_SOCKMAP provides a map type to use with network sockets.
317	  It can be used to enforce socket policy, implement socket redirects,
318	  etc.
319
320config NET_FLOW_LIMIT
321	bool
322	depends on RPS
323	default y
324	---help---
325	  The network stack has to drop packets when a receive processing CPU's
326	  backlog reaches netdev_max_backlog. If a few out of many active flows
327	  generate the vast majority of load, drop their traffic earlier to
328	  maintain capacity for the other flows. This feature provides servers
329	  with many clients some protection against DoS by a single (spoofed)
330	  flow that greatly exceeds average workload.
331
332menu "Network testing"
333
334config NET_PKTGEN
335	tristate "Packet Generator (USE WITH CAUTION)"
336	depends on INET && PROC_FS
337	---help---
338	  This module will inject preconfigured packets, at a configurable
339	  rate, out of a given interface.  It is used for network interface
340	  stress testing and performance analysis.  If you don't understand
341	  what was just said, you don't need it: say N.
342
343	  Documentation on how to use the packet generator can be found
344	  at <file:Documentation/networking/pktgen.txt>.
345
346	  To compile this code as a module, choose M here: the
347	  module will be called pktgen.
348
349config NET_DROP_MONITOR
350	tristate "Network packet drop alerting service"
351	depends on INET && TRACEPOINTS
352	---help---
353	  This feature provides an alerting service to userspace in the
354	  event that packets are discarded in the network stack.  Alerts
355	  are broadcast via netlink socket to any listening user space
356	  process.  If you don't need network drop alerts, or if you are ok
357	  just checking the various proc files and other utilities for
358	  drop statistics, say N here.
359
360endmenu
361
362endmenu
363
364source "net/ax25/Kconfig"
365source "net/can/Kconfig"
366source "net/bluetooth/Kconfig"
367source "net/rxrpc/Kconfig"
368source "net/kcm/Kconfig"
369source "net/strparser/Kconfig"
370
371config FIB_RULES
372	bool
373
374menuconfig WIRELESS
375	bool "Wireless"
376	depends on !S390
377	default y
378
379if WIRELESS
380
381source "net/wireless/Kconfig"
382source "net/mac80211/Kconfig"
383
384endif # WIRELESS
385
386source "net/wimax/Kconfig"
387
388source "net/rfkill/Kconfig"
389source "net/9p/Kconfig"
390source "net/caif/Kconfig"
391source "net/ceph/Kconfig"
392source "net/nfc/Kconfig"
393source "net/psample/Kconfig"
394source "net/ife/Kconfig"
395
396config LWTUNNEL
397	bool "Network light weight tunnels"
398	---help---
399	  This feature provides an infrastructure to support light weight
400	  tunnels like mpls. There is no netdevice associated with a light
401	  weight tunnel endpoint. Tunnel encapsulation parameters are stored
402	  with light weight tunnel state associated with fib routes.
403
404config LWTUNNEL_BPF
405	bool "Execute BPF program as route nexthop action"
406	depends on LWTUNNEL && INET
407	default y if LWTUNNEL=y
408	---help---
409	  Allows to run BPF programs as a nexthop action following a route
410	  lookup for incoming and outgoing packets.
411
412config DST_CACHE
413	bool
414	default n
415
416config GRO_CELLS
417	bool
418	default n
419
420config SOCK_VALIDATE_XMIT
421	bool
422
423config NET_SOCK_MSG
424	bool
425	default n
426	help
427	  The NET_SOCK_MSG provides a framework for plain sockets (e.g. TCP) or
428	  ULPs (upper layer modules, e.g. TLS) to process L7 application data
429	  with the help of BPF programs.
430
431config NET_DEVLINK
432	bool
433	default n
434	imply NET_DROP_MONITOR
435
436config PAGE_POOL
437	bool
438
439config FAILOVER
440	tristate "Generic failover module"
441	help
442	  The failover module provides a generic interface for paravirtual
443	  drivers to register a netdev and a set of ops with a failover
444	  instance. The ops are used as event handlers that get called to
445	  handle netdev register/unregister/link change/name change events
446	  on slave pci ethernet devices with the same mac address as the
447	  failover netdev. This enables paravirtual drivers to use a
448	  VF as an accelerated low latency datapath. It also allows live
449	  migration of VMs with direct attached VFs by failing over to the
450	  paravirtual datapath when the VF is unplugged.
451
452config ETHTOOL_NETLINK
453	bool "Netlink interface for ethtool"
454	default y
455	help
456	  An alternative userspace interface for ethtool based on generic
457	  netlink. It provides better extensibility and some new features,
458	  e.g. notification messages.
459
460endif   # if NET
461
462# Used by archs to tell that they support BPF JIT compiler plus which flavour.
463# Only one of the two can be selected for a specific arch since eBPF JIT supersedes
464# the cBPF JIT.
465
466# Classic BPF JIT (cBPF)
467config HAVE_CBPF_JIT
468	bool
469
470# Extended BPF JIT (eBPF)
471config HAVE_EBPF_JIT
472	bool
473