1# 2# Network configuration 3# 4 5menu "Networking support" 6 7config NET 8 bool "Networking support" 9 ---help--- 10 Unless you really know what you are doing, you should say Y here. 11 The reason is that some programs need kernel networking support even 12 when running on a stand-alone machine that isn't connected to any 13 other computer. If you are upgrading from an older kernel, you 14 should consider updating your networking tools too because changes 15 in the kernel and the tools often go hand in hand. The tools are 16 contained in the package net-tools, the location and version number 17 of which are given in <file:Documentation/Changes>. 18 19 For a general introduction to Linux networking, it is highly 20 recommended to read the NET-HOWTO, available from 21 <http://www.tldp.org/docs.html#howto>. 22 23menu "Networking options" 24 depends on NET 25 26config PACKET 27 tristate "Packet socket" 28 ---help--- 29 The Packet protocol is used by applications which communicate 30 directly with network devices without an intermediate network 31 protocol implemented in the kernel, e.g. tcpdump. If you want them 32 to work, choose Y. 33 34 To compile this driver as a module, choose M here: the module will 35 be called af_packet. 36 37 If unsure, say Y. 38 39config PACKET_MMAP 40 bool "Packet socket: mmapped IO" 41 depends on PACKET 42 help 43 If you say Y here, the Packet protocol driver will use an IO 44 mechanism that results in faster communication. 45 46 If unsure, say N. 47 48config UNIX 49 tristate "Unix domain sockets" 50 ---help--- 51 If you say Y here, you will include support for Unix domain sockets; 52 sockets are the standard Unix mechanism for establishing and 53 accessing network connections. Many commonly used programs such as 54 the X Window system and syslog use these sockets even if your 55 machine is not connected to any network. Unless you are working on 56 an embedded system or something similar, you therefore definitely 57 want to say Y here. 58 59 To compile this driver as a module, choose M here: the module will be 60 called unix. Note that several important services won't work 61 correctly if you say M here and then neglect to load the module. 62 63 Say Y unless you know what you are doing. 64 65config NET_KEY 66 tristate "PF_KEY sockets" 67 select XFRM 68 ---help--- 69 PF_KEYv2 socket family, compatible to KAME ones. 70 They are required if you are going to use IPsec tools ported 71 from KAME. 72 73 Say Y unless you know what you are doing. 74 75config INET 76 bool "TCP/IP networking" 77 ---help--- 78 These are the protocols used on the Internet and on most local 79 Ethernets. It is highly recommended to say Y here (this will enlarge 80 your kernel by about 144 KB), since some programs (e.g. the X window 81 system) use TCP/IP even if your machine is not connected to any 82 other computer. You will get the so-called loopback device which 83 allows you to ping yourself (great fun, that!). 84 85 For an excellent introduction to Linux networking, please read the 86 Linux Networking HOWTO, available from 87 <http://www.tldp.org/docs.html#howto>. 88 89 If you say Y here and also to "/proc file system support" and 90 "Sysctl support" below, you can change various aspects of the 91 behavior of the TCP/IP code by writing to the (virtual) files in 92 /proc/sys/net/ipv4/*; the options are explained in the file 93 <file:Documentation/networking/ip-sysctl.txt>. 94 95 Short answer: say Y. 96 97source "net/ipv4/Kconfig" 98 99# IPv6 as module will cause a CRASH if you try to unload it 100config IPV6 101 tristate "The IPv6 protocol" 102 depends on INET 103 default m 104 select CRYPTO if IPV6_PRIVACY 105 select CRYPTO_MD5 if IPV6_PRIVACY 106 ---help--- 107 This is complemental support for the IP version 6. 108 You will still be able to do traditional IPv4 networking as well. 109 110 For general information about IPv6, see 111 <http://playground.sun.com/pub/ipng/html/ipng-main.html>. 112 For Linux IPv6 development information, see <http://www.linux-ipv6.org>. 113 For specific information about IPv6 under Linux, read the HOWTO at 114 <http://www.bieringer.de/linux/IPv6/>. 115 116 To compile this protocol support as a module, choose M here: the 117 module will be called ipv6. 118 119source "net/ipv6/Kconfig" 120 121menuconfig NETFILTER 122 bool "Network packet filtering (replaces ipchains)" 123 ---help--- 124 Netfilter is a framework for filtering and mangling network packets 125 that pass through your Linux box. 126 127 The most common use of packet filtering is to run your Linux box as 128 a firewall protecting a local network from the Internet. The type of 129 firewall provided by this kernel support is called a "packet 130 filter", which means that it can reject individual network packets 131 based on type, source, destination etc. The other kind of firewall, 132 a "proxy-based" one, is more secure but more intrusive and more 133 bothersome to set up; it inspects the network traffic much more 134 closely, modifies it and has knowledge about the higher level 135 protocols, which a packet filter lacks. Moreover, proxy-based 136 firewalls often require changes to the programs running on the local 137 clients. Proxy-based firewalls don't need support by the kernel, but 138 they are often combined with a packet filter, which only works if 139 you say Y here. 140 141 You should also say Y here if you intend to use your Linux box as 142 the gateway to the Internet for a local network of machines without 143 globally valid IP addresses. This is called "masquerading": if one 144 of the computers on your local network wants to send something to 145 the outside, your box can "masquerade" as that computer, i.e. it 146 forwards the traffic to the intended outside destination, but 147 modifies the packets to make it look like they came from the 148 firewall box itself. It works both ways: if the outside host 149 replies, the Linux box will silently forward the traffic to the 150 correct local computer. This way, the computers on your local net 151 are completely invisible to the outside world, even though they can 152 reach the outside and can receive replies. It is even possible to 153 run globally visible servers from within a masqueraded local network 154 using a mechanism called portforwarding. Masquerading is also often 155 called NAT (Network Address Translation). 156 157 Another use of Netfilter is in transparent proxying: if a machine on 158 the local network tries to connect to an outside host, your Linux 159 box can transparently forward the traffic to a local server, 160 typically a caching proxy server. 161 162 Yet another use of Netfilter is building a bridging firewall. Using 163 a bridge with Network packet filtering enabled makes iptables "see" 164 the bridged traffic. For filtering on the lower network and Ethernet 165 protocols over the bridge, use ebtables (under bridge netfilter 166 configuration). 167 168 Various modules exist for netfilter which replace the previous 169 masquerading (ipmasqadm), packet filtering (ipchains), transparent 170 proxying, and portforwarding mechanisms. Please see 171 <file:Documentation/Changes> under "iptables" for the location of 172 these packages. 173 174 Make sure to say N to "Fast switching" below if you intend to say Y 175 here, as Fast switching currently bypasses netfilter. 176 177 Chances are that you should say Y here if you compile a kernel which 178 will run as a router and N for regular hosts. If unsure, say N. 179 180if NETFILTER 181 182config NETFILTER_DEBUG 183 bool "Network packet filtering debugging" 184 depends on NETFILTER 185 help 186 You can say Y here if you want to get additional messages useful in 187 debugging the netfilter code. 188 189config BRIDGE_NETFILTER 190 bool "Bridged IP/ARP packets filtering" 191 depends on BRIDGE && NETFILTER && INET 192 default y 193 ---help--- 194 Enabling this option will let arptables resp. iptables see bridged 195 ARP resp. IP traffic. If you want a bridging firewall, you probably 196 want this option enabled. 197 Enabling or disabling this option doesn't enable or disable 198 ebtables. 199 200 If unsure, say N. 201 202source "net/ipv4/netfilter/Kconfig" 203source "net/ipv6/netfilter/Kconfig" 204source "net/decnet/netfilter/Kconfig" 205source "net/bridge/netfilter/Kconfig" 206 207endif 208 209config XFRM 210 bool 211 depends on NET 212 213source "net/xfrm/Kconfig" 214 215source "net/sctp/Kconfig" 216 217config ATM 218 tristate "Asynchronous Transfer Mode (ATM) (EXPERIMENTAL)" 219 depends on EXPERIMENTAL 220 ---help--- 221 ATM is a high-speed networking technology for Local Area Networks 222 and Wide Area Networks. It uses a fixed packet size and is 223 connection oriented, allowing for the negotiation of minimum 224 bandwidth requirements. 225 226 In order to participate in an ATM network, your Linux box needs an 227 ATM networking card. If you have that, say Y here and to the driver 228 of your ATM card below. 229 230 Note that you need a set of user-space programs to actually make use 231 of ATM. See the file <file:Documentation/networking/atm.txt> for 232 further details. 233 234config ATM_CLIP 235 tristate "Classical IP over ATM (EXPERIMENTAL)" 236 depends on ATM && INET 237 help 238 Classical IP over ATM for PVCs and SVCs, supporting InARP and 239 ATMARP. If you want to communication with other IP hosts on your ATM 240 network, you will typically either say Y here or to "LAN Emulation 241 (LANE)" below. 242 243config ATM_CLIP_NO_ICMP 244 bool "Do NOT send ICMP if no neighbour (EXPERIMENTAL)" 245 depends on ATM_CLIP 246 help 247 Normally, an "ICMP host unreachable" message is sent if a neighbour 248 cannot be reached because there is no VC to it in the kernel's 249 ATMARP table. This may cause problems when ATMARP table entries are 250 briefly removed during revalidation. If you say Y here, packets to 251 such neighbours are silently discarded instead. 252 253config ATM_LANE 254 tristate "LAN Emulation (LANE) support (EXPERIMENTAL)" 255 depends on ATM 256 help 257 LAN Emulation emulates services of existing LANs across an ATM 258 network. Besides operating as a normal ATM end station client, Linux 259 LANE client can also act as an proxy client bridging packets between 260 ELAN and Ethernet segments. You need LANE if you want to try MPOA. 261 262config ATM_MPOA 263 tristate "Multi-Protocol Over ATM (MPOA) support (EXPERIMENTAL)" 264 depends on ATM && INET && ATM_LANE!=n 265 help 266 Multi-Protocol Over ATM allows ATM edge devices such as routers, 267 bridges and ATM attached hosts establish direct ATM VCs across 268 subnetwork boundaries. These shortcut connections bypass routers 269 enhancing overall network performance. 270 271config ATM_BR2684 272 tristate "RFC1483/2684 Bridged protocols" 273 depends on ATM && INET 274 help 275 ATM PVCs can carry ethernet PDUs according to rfc2684 (formerly 1483) 276 This device will act like an ethernet from the kernels point of view, 277 with the traffic being carried by ATM PVCs (currently 1 PVC/device). 278 This is sometimes used over DSL lines. If in doubt, say N. 279 280config ATM_BR2684_IPFILTER 281 bool "Per-VC IP filter kludge" 282 depends on ATM_BR2684 283 help 284 This is an experimental mechanism for users who need to terminating a 285 large number of IP-only vcc's. Do not enable this unless you are sure 286 you know what you are doing. 287 288config BRIDGE 289 tristate "802.1d Ethernet Bridging" 290 ---help--- 291 If you say Y here, then your Linux box will be able to act as an 292 Ethernet bridge, which means that the different Ethernet segments it 293 is connected to will appear as one Ethernet to the participants. 294 Several such bridges can work together to create even larger 295 networks of Ethernets using the IEEE 802.1 spanning tree algorithm. 296 As this is a standard, Linux bridges will cooperate properly with 297 other third party bridge products. 298 299 In order to use the Ethernet bridge, you'll need the bridge 300 configuration tools; see <file:Documentation/networking/bridge.txt> 301 for location. Please read the Bridge mini-HOWTO for more 302 information. 303 304 If you enable iptables support along with the bridge support then you 305 turn your bridge into a bridging IP firewall. 306 iptables will then see the IP packets being bridged, so you need to 307 take this into account when setting up your firewall rules. 308 Enabling arptables support when bridging will let arptables see 309 bridged ARP traffic in the arptables FORWARD chain. 310 311 To compile this code as a module, choose M here: the module 312 will be called bridge. 313 314 If unsure, say N. 315 316config VLAN_8021Q 317 tristate "802.1Q VLAN Support" 318 ---help--- 319 Select this and you will be able to create 802.1Q VLAN interfaces 320 on your ethernet interfaces. 802.1Q VLAN supports almost 321 everything a regular ethernet interface does, including 322 firewalling, bridging, and of course IP traffic. You will need 323 the 'vconfig' tool from the VLAN project in order to effectively 324 use VLANs. See the VLAN web page for more information: 325 <http://www.candelatech.com/~greear/vlan.html> 326 327 To compile this code as a module, choose M here: the module 328 will be called 8021q. 329 330 If unsure, say N. 331 332config DECNET 333 tristate "DECnet Support" 334 ---help--- 335 The DECnet networking protocol was used in many products made by 336 Digital (now Compaq). It provides reliable stream and sequenced 337 packet communications over which run a variety of services similar 338 to those which run over TCP/IP. 339 340 To find some tools to use with the kernel layer support, please 341 look at Patrick Caulfield's web site: 342 <http://linux-decnet.sourceforge.net/>. 343 344 More detailed documentation is available in 345 <file:Documentation/networking/decnet.txt>. 346 347 Be sure to say Y to "/proc file system support" and "Sysctl support" 348 below when using DECnet, since you will need sysctl support to aid 349 in configuration at run time. 350 351 The DECnet code is also available as a module ( = code which can be 352 inserted in and removed from the running kernel whenever you want). 353 The module is called decnet. 354 355source "net/decnet/Kconfig" 356 357source "net/llc/Kconfig" 358 359config IPX 360 tristate "The IPX protocol" 361 select LLC 362 ---help--- 363 This is support for the Novell networking protocol, IPX, commonly 364 used for local networks of Windows machines. You need it if you 365 want to access Novell NetWare file or print servers using the Linux 366 Novell client ncpfs (available from 367 <ftp://platan.vc.cvut.cz/pub/linux/ncpfs/>) or from 368 within the Linux DOS emulator DOSEMU (read the DOSEMU-HOWTO, 369 available from <http://www.tldp.org/docs.html#howto>). In order 370 to do the former, you'll also have to say Y to "NCP file system 371 support", below. 372 373 IPX is similar in scope to IP, while SPX, which runs on top of IPX, 374 is similar to TCP. There is also experimental support for SPX in 375 Linux (see "SPX networking", below). 376 377 To turn your Linux box into a fully featured NetWare file server and 378 IPX router, say Y here and fetch either lwared from 379 <ftp://ibiblio.org/pub/Linux/system/network/daemons/> or 380 mars_nwe from <ftp://www.compu-art.de/mars_nwe/>. For more 381 information, read the IPX-HOWTO available from 382 <http://www.tldp.org/docs.html#howto>. 383 384 General information about how to connect Linux, Windows machines and 385 Macs is on the WWW at <http://www.eats.com/linux_mac_win.html>. 386 387 The IPX driver would enlarge your kernel by about 16 KB. To compile 388 this driver as a module, choose M here: the module will be called ipx. 389 Unless you want to integrate your Linux box with a local Novell 390 network, say N. 391 392source "net/ipx/Kconfig" 393 394config ATALK 395 tristate "Appletalk protocol support" 396 select LLC 397 ---help--- 398 AppleTalk is the protocol that Apple computers can use to communicate 399 on a network. If your Linux box is connected to such a network and you 400 wish to connect to it, say Y. You will need to use the netatalk package 401 so that your Linux box can act as a print and file server for Macs as 402 well as access AppleTalk printers. Check out 403 <http://www.zettabyte.net/netatalk/> on the WWW for details. 404 EtherTalk is the name used for AppleTalk over Ethernet and the 405 cheaper and slower LocalTalk is AppleTalk over a proprietary Apple 406 network using serial links. EtherTalk and LocalTalk are fully 407 supported by Linux. 408 409 General information about how to connect Linux, Windows machines and 410 Macs is on the WWW at <http://www.eats.com/linux_mac_win.html>. The 411 NET-3-HOWTO, available from 412 <http://www.tldp.org/docs.html#howto>, contains valuable 413 information as well. 414 415 To compile this driver as a module, choose M here: the module will be 416 called appletalk. You almost certainly want to compile it as a 417 module so you can restart your AppleTalk stack without rebooting 418 your machine. I hear that the GNU boycott of Apple is over, so 419 even politically correct people are allowed to say Y here. 420 421source "drivers/net/appletalk/Kconfig" 422 423config X25 424 tristate "CCITT X.25 Packet Layer (EXPERIMENTAL)" 425 depends on EXPERIMENTAL 426 ---help--- 427 X.25 is a set of standardized network protocols, similar in scope to 428 frame relay; the one physical line from your box to the X.25 network 429 entry point can carry several logical point-to-point connections 430 (called "virtual circuits") to other computers connected to the X.25 431 network. Governments, banks, and other organizations tend to use it 432 to connect to each other or to form Wide Area Networks (WANs). Many 433 countries have public X.25 networks. X.25 consists of two 434 protocols: the higher level Packet Layer Protocol (PLP) (say Y here 435 if you want that) and the lower level data link layer protocol LAPB 436 (say Y to "LAPB Data Link Driver" below if you want that). 437 438 You can read more about X.25 at <http://www.sangoma.com/x25.htm> and 439 <http://www.cisco.com/univercd/cc/td/doc/product/software/ios11/cbook/cx25.htm>. 440 Information about X.25 for Linux is contained in the files 441 <file:Documentation/networking/x25.txt> and 442 <file:Documentation/networking/x25-iface.txt>. 443 444 One connects to an X.25 network either with a dedicated network card 445 using the X.21 protocol (not yet supported by Linux) or one can do 446 X.25 over a standard telephone line using an ordinary modem (say Y 447 to "X.25 async driver" below) or over Ethernet using an ordinary 448 Ethernet card and the LAPB over Ethernet (say Y to "LAPB Data Link 449 Driver" and "LAPB over Ethernet driver" below). 450 451 To compile this driver as a module, choose M here: the module 452 will be called x25. If unsure, say N. 453 454config LAPB 455 tristate "LAPB Data Link Driver (EXPERIMENTAL)" 456 depends on EXPERIMENTAL 457 ---help--- 458 Link Access Procedure, Balanced (LAPB) is the data link layer (i.e. 459 the lower) part of the X.25 protocol. It offers a reliable 460 connection service to exchange data frames with one other host, and 461 it is used to transport higher level protocols (mostly X.25 Packet 462 Layer, the higher part of X.25, but others are possible as well). 463 Usually, LAPB is used with specialized X.21 network cards, but Linux 464 currently supports LAPB only over Ethernet connections. If you want 465 to use LAPB connections over Ethernet, say Y here and to "LAPB over 466 Ethernet driver" below. Read 467 <file:Documentation/networking/lapb-module.txt> for technical 468 details. 469 470 To compile this driver as a module, choose M here: the 471 module will be called lapb. If unsure, say N. 472 473config NET_DIVERT 474 bool "Frame Diverter (EXPERIMENTAL)" 475 depends on EXPERIMENTAL 476 ---help--- 477 The Frame Diverter allows you to divert packets from the 478 network, that are not aimed at the interface receiving it (in 479 promisc. mode). Typically, a Linux box setup as an Ethernet bridge 480 with the Frames Diverter on, can do some *really* transparent www 481 caching using a Squid proxy for example. 482 483 This is very useful when you don't want to change your router's 484 config (or if you simply don't have access to it). 485 486 The other possible usages of diverting Ethernet Frames are 487 numberous: 488 - reroute smtp traffic to another interface 489 - traffic-shape certain network streams 490 - transparently proxy smtp connections 491 - etc... 492 493 For more informations, please refer to: 494 <http://diverter.sourceforge.net/> 495 <http://perso.wanadoo.fr/magpie/EtherDivert.html> 496 497 If unsure, say N. 498 499config ECONET 500 tristate "Acorn Econet/AUN protocols (EXPERIMENTAL)" 501 depends on EXPERIMENTAL && INET 502 ---help--- 503 Econet is a fairly old and slow networking protocol mainly used by 504 Acorn computers to access file and print servers. It uses native 505 Econet network cards. AUN is an implementation of the higher level 506 parts of Econet that runs over ordinary Ethernet connections, on 507 top of the UDP packet protocol, which in turn runs on top of the 508 Internet protocol IP. 509 510 If you say Y here, you can choose with the next two options whether 511 to send Econet/AUN traffic over a UDP Ethernet connection or over 512 a native Econet network card. 513 514 To compile this driver as a module, choose M here: the module 515 will be called econet. 516 517config ECONET_AUNUDP 518 bool "AUN over UDP" 519 depends on ECONET 520 help 521 Say Y here if you want to send Econet/AUN traffic over a UDP 522 connection (UDP is a packet based protocol that runs on top of the 523 Internet protocol IP) using an ordinary Ethernet network card. 524 525config ECONET_NATIVE 526 bool "Native Econet" 527 depends on ECONET 528 help 529 Say Y here if you have a native Econet network card installed in 530 your computer. 531 532config WAN_ROUTER 533 tristate "WAN router" 534 depends on EXPERIMENTAL 535 ---help--- 536 Wide Area Networks (WANs), such as X.25, frame relay and leased 537 lines, are used to interconnect Local Area Networks (LANs) over vast 538 distances with data transfer rates significantly higher than those 539 achievable with commonly used asynchronous modem connections. 540 Usually, a quite expensive external device called a `WAN router' is 541 needed to connect to a WAN. 542 543 As an alternative, WAN routing can be built into the Linux kernel. 544 With relatively inexpensive WAN interface cards available on the 545 market, a perfectly usable router can be built for less than half 546 the price of an external router. If you have one of those cards and 547 wish to use your Linux box as a WAN router, say Y here and also to 548 the WAN driver for your card, below. You will then need the 549 wan-tools package which is available from <ftp://ftp.sangoma.com/>. 550 Read <file:Documentation/networking/wan-router.txt> for more 551 information. 552 553 To compile WAN routing support as a module, choose M here: the 554 module will be called wanrouter. 555 556 If unsure, say N. 557 558menu "QoS and/or fair queueing" 559 560config NET_SCHED 561 bool "QoS and/or fair queueing" 562 ---help--- 563 When the kernel has several packets to send out over a network 564 device, it has to decide which ones to send first, which ones to 565 delay, and which ones to drop. This is the job of the packet 566 scheduler, and several different algorithms for how to do this 567 "fairly" have been proposed. 568 569 If you say N here, you will get the standard packet scheduler, which 570 is a FIFO (first come, first served). If you say Y here, you will be 571 able to choose from among several alternative algorithms which can 572 then be attached to different network devices. This is useful for 573 example if some of your network devices are real time devices that 574 need a certain minimum data flow rate, or if you need to limit the 575 maximum data flow rate for traffic which matches specified criteria. 576 This code is considered to be experimental. 577 578 To administer these schedulers, you'll need the user-level utilities 579 from the package iproute2+tc at <ftp://ftp.tux.org/pub/net/ip-routing/>. 580 That package also contains some documentation; for more, check out 581 <http://snafu.freedom.org/linux2.2/iproute-notes.html>. 582 583 This Quality of Service (QoS) support will enable you to use 584 Differentiated Services (diffserv) and Resource Reservation Protocol 585 (RSVP) on your Linux router if you also say Y to "QoS support", 586 "Packet classifier API" and to some classifiers below. Documentation 587 and software is at <http://diffserv.sourceforge.net/>. 588 589 If you say Y here and to "/proc file system" below, you will be able 590 to read status information about packet schedulers from the file 591 /proc/net/psched. 592 593 The available schedulers are listed in the following questions; you 594 can say Y to as many as you like. If unsure, say N now. 595 596source "net/sched/Kconfig" 597 598endmenu 599 600menu "Network testing" 601 602config NET_PKTGEN 603 tristate "Packet Generator (USE WITH CAUTION)" 604 depends on PROC_FS 605 ---help--- 606 This module will inject preconfigured packets, at a configurable 607 rate, out of a given interface. It is used for network interface 608 stress testing and performance analysis. If you don't understand 609 what was just said, you don't need it: say N. 610 611 Documentation on how to use the packet generator can be found 612 at <file:Documentation/networking/pktgen.txt>. 613 614 To compile this code as a module, choose M here: the 615 module will be called pktgen. 616 617endmenu 618 619endmenu 620 621config NETPOLL 622 def_bool NETCONSOLE 623 624config NETPOLL_RX 625 bool "Netpoll support for trapping incoming packets" 626 default n 627 depends on NETPOLL 628 629config NETPOLL_TRAP 630 bool "Netpoll traffic trapping" 631 default n 632 depends on NETPOLL 633 634config NET_POLL_CONTROLLER 635 def_bool NETPOLL 636 637source "net/ax25/Kconfig" 638 639source "net/irda/Kconfig" 640 641source "net/bluetooth/Kconfig" 642 643source "drivers/net/Kconfig" 644 645endmenu 646 647