xref: /openbmc/linux/net/Kconfig (revision 275876e2) 
1#
2# Network configuration
3#
4
5menuconfig NET
6	bool "Networking support"
7	select NLATTR
8	select GENERIC_NET_UTILS
9	---help---
10	  Unless you really know what you are doing, you should say Y here.
11	  The reason is that some programs need kernel networking support even
12	  when running on a stand-alone machine that isn't connected to any
13	  other computer.
14
15	  If you are upgrading from an older kernel, you
16	  should consider updating your networking tools too because changes
17	  in the kernel and the tools often go hand in hand. The tools are
18	  contained in the package net-tools, the location and version number
19	  of which are given in <file:Documentation/Changes>.
20
21	  For a general introduction to Linux networking, it is highly
22	  recommended to read the NET-HOWTO, available from
23	  <http://www.tldp.org/docs.html#howto>.
24
25if NET
26
27config WANT_COMPAT_NETLINK_MESSAGES
28	bool
29	help
30	  This option can be selected by other options that need compat
31	  netlink messages.
32
33config COMPAT_NETLINK_MESSAGES
34	def_bool y
35	depends on COMPAT
36	depends on WEXT_CORE || WANT_COMPAT_NETLINK_MESSAGES
37	help
38	  This option makes it possible to send different netlink messages
39	  to tasks depending on whether the task is a compat task or not. To
40	  achieve this, you need to set skb_shinfo(skb)->frag_list to the
41	  compat skb before sending the skb, the netlink code will sort out
42	  which message to actually pass to the task.
43
44	  Newly written code should NEVER need this option but do
45	  compat-independent messages instead!
46
47menu "Networking options"
48
49source "net/packet/Kconfig"
50source "net/unix/Kconfig"
51source "net/xfrm/Kconfig"
52source "net/iucv/Kconfig"
53
54config INET
55	bool "TCP/IP networking"
56	select CRYPTO
57	select CRYPTO_AES
58	---help---
59	  These are the protocols used on the Internet and on most local
60	  Ethernets. It is highly recommended to say Y here (this will enlarge
61	  your kernel by about 400 KB), since some programs (e.g. the X window
62	  system) use TCP/IP even if your machine is not connected to any
63	  other computer. You will get the so-called loopback device which
64	  allows you to ping yourself (great fun, that!).
65
66	  For an excellent introduction to Linux networking, please read the
67	  Linux Networking HOWTO, available from
68	  <http://www.tldp.org/docs.html#howto>.
69
70	  If you say Y here and also to "/proc file system support" and
71	  "Sysctl support" below, you can change various aspects of the
72	  behavior of the TCP/IP code by writing to the (virtual) files in
73	  /proc/sys/net/ipv4/*; the options are explained in the file
74	  <file:Documentation/networking/ip-sysctl.txt>.
75
76	  Short answer: say Y.
77
78if INET
79source "net/ipv4/Kconfig"
80source "net/ipv6/Kconfig"
81source "net/netlabel/Kconfig"
82
83endif # if INET
84
85config NETWORK_SECMARK
86	bool "Security Marking"
87	help
88	  This enables security marking of network packets, similar
89	  to nfmark, but designated for security purposes.
90	  If you are unsure how to answer this question, answer N.
91
92config NET_PTP_CLASSIFY
93	def_bool n
94
95config NETWORK_PHY_TIMESTAMPING
96	bool "Timestamping in PHY devices"
97	select NET_PTP_CLASSIFY
98	help
99	  This allows timestamping of network packets by PHYs with
100	  hardware timestamping capabilities. This option adds some
101	  overhead in the transmit and receive paths.
102
103	  If you are unsure how to answer this question, answer N.
104
105menuconfig NETFILTER
106	bool "Network packet filtering framework (Netfilter)"
107	---help---
108	  Netfilter is a framework for filtering and mangling network packets
109	  that pass through your Linux box.
110
111	  The most common use of packet filtering is to run your Linux box as
112	  a firewall protecting a local network from the Internet. The type of
113	  firewall provided by this kernel support is called a "packet
114	  filter", which means that it can reject individual network packets
115	  based on type, source, destination etc. The other kind of firewall,
116	  a "proxy-based" one, is more secure but more intrusive and more
117	  bothersome to set up; it inspects the network traffic much more
118	  closely, modifies it and has knowledge about the higher level
119	  protocols, which a packet filter lacks. Moreover, proxy-based
120	  firewalls often require changes to the programs running on the local
121	  clients. Proxy-based firewalls don't need support by the kernel, but
122	  they are often combined with a packet filter, which only works if
123	  you say Y here.
124
125	  You should also say Y here if you intend to use your Linux box as
126	  the gateway to the Internet for a local network of machines without
127	  globally valid IP addresses. This is called "masquerading": if one
128	  of the computers on your local network wants to send something to
129	  the outside, your box can "masquerade" as that computer, i.e. it
130	  forwards the traffic to the intended outside destination, but
131	  modifies the packets to make it look like they came from the
132	  firewall box itself. It works both ways: if the outside host
133	  replies, the Linux box will silently forward the traffic to the
134	  correct local computer. This way, the computers on your local net
135	  are completely invisible to the outside world, even though they can
136	  reach the outside and can receive replies. It is even possible to
137	  run globally visible servers from within a masqueraded local network
138	  using a mechanism called portforwarding. Masquerading is also often
139	  called NAT (Network Address Translation).
140
141	  Another use of Netfilter is in transparent proxying: if a machine on
142	  the local network tries to connect to an outside host, your Linux
143	  box can transparently forward the traffic to a local server,
144	  typically a caching proxy server.
145
146	  Yet another use of Netfilter is building a bridging firewall. Using
147	  a bridge with Network packet filtering enabled makes iptables "see"
148	  the bridged traffic. For filtering on the lower network and Ethernet
149	  protocols over the bridge, use ebtables (under bridge netfilter
150	  configuration).
151
152	  Various modules exist for netfilter which replace the previous
153	  masquerading (ipmasqadm), packet filtering (ipchains), transparent
154	  proxying, and portforwarding mechanisms. Please see
155	  <file:Documentation/Changes> under "iptables" for the location of
156	  these packages.
157
158if NETFILTER
159
160config NETFILTER_DEBUG
161	bool "Network packet filtering debugging"
162	depends on NETFILTER
163	help
164	  You can say Y here if you want to get additional messages useful in
165	  debugging the netfilter code.
166
167config NETFILTER_ADVANCED
168	bool "Advanced netfilter configuration"
169	depends on NETFILTER
170	default y
171	help
172	  If you say Y here you can select between all the netfilter modules.
173	  If you say N the more unusual ones will not be shown and the
174	  basic ones needed by most people will default to 'M'.
175
176	  If unsure, say Y.
177
178config BRIDGE_NETFILTER
179	bool "Bridged IP/ARP packets filtering"
180	depends on BRIDGE && NETFILTER && INET
181	depends on NETFILTER_ADVANCED
182	default y
183	---help---
184	  Enabling this option will let arptables resp. iptables see bridged
185	  ARP resp. IP traffic. If you want a bridging firewall, you probably
186	  want this option enabled.
187	  Enabling or disabling this option doesn't enable or disable
188	  ebtables.
189
190	  If unsure, say N.
191
192source "net/netfilter/Kconfig"
193source "net/ipv4/netfilter/Kconfig"
194source "net/ipv6/netfilter/Kconfig"
195source "net/decnet/netfilter/Kconfig"
196source "net/bridge/netfilter/Kconfig"
197
198endif
199
200source "net/dccp/Kconfig"
201source "net/sctp/Kconfig"
202source "net/rds/Kconfig"
203source "net/tipc/Kconfig"
204source "net/atm/Kconfig"
205source "net/l2tp/Kconfig"
206source "net/802/Kconfig"
207source "net/bridge/Kconfig"
208source "net/dsa/Kconfig"
209source "net/8021q/Kconfig"
210source "net/decnet/Kconfig"
211source "net/llc/Kconfig"
212source "net/ipx/Kconfig"
213source "drivers/net/appletalk/Kconfig"
214source "net/x25/Kconfig"
215source "net/lapb/Kconfig"
216source "net/phonet/Kconfig"
217source "net/6lowpan/Kconfig"
218source "net/ieee802154/Kconfig"
219source "net/mac802154/Kconfig"
220source "net/sched/Kconfig"
221source "net/dcb/Kconfig"
222source "net/dns_resolver/Kconfig"
223source "net/batman-adv/Kconfig"
224source "net/openvswitch/Kconfig"
225source "net/vmw_vsock/Kconfig"
226source "net/netlink/Kconfig"
227source "net/mpls/Kconfig"
228source "net/hsr/Kconfig"
229
230config RPS
231	boolean
232	depends on SMP && SYSFS
233	default y
234
235config RFS_ACCEL
236	boolean
237	depends on RPS
238	select CPU_RMAP
239	default y
240
241config XPS
242	boolean
243	depends on SMP
244	default y
245
246config CGROUP_NET_PRIO
247	bool "Network priority cgroup"
248	depends on CGROUPS
249	---help---
250	  Cgroup subsystem for use in assigning processes to network priorities on
251	  a per-interface basis.
252
253config CGROUP_NET_CLASSID
254	boolean "Network classid cgroup"
255	depends on CGROUPS
256	---help---
257	  Cgroup subsystem for use as general purpose socket classid marker that is
258	  being used in cls_cgroup and for netfilter matching.
259
260config NET_RX_BUSY_POLL
261	boolean
262	default y
263
264config BQL
265	boolean
266	depends on SYSFS
267	select DQL
268	default y
269
270config BPF_JIT
271	bool "enable BPF Just In Time compiler"
272	depends on HAVE_BPF_JIT
273	depends on MODULES
274	---help---
275	  Berkeley Packet Filter filtering capabilities are normally handled
276	  by an interpreter. This option allows kernel to generate a native
277	  code when filter is loaded in memory. This should speedup
278	  packet sniffing (libpcap/tcpdump). Note : Admin should enable
279	  this feature changing /proc/sys/net/core/bpf_jit_enable
280
281config NET_FLOW_LIMIT
282	boolean
283	depends on RPS
284	default y
285	---help---
286	  The network stack has to drop packets when a receive processing CPU's
287	  backlog reaches netdev_max_backlog. If a few out of many active flows
288	  generate the vast majority of load, drop their traffic earlier to
289	  maintain capacity for the other flows. This feature provides servers
290	  with many clients some protection against DoS by a single (spoofed)
291	  flow that greatly exceeds average workload.
292
293menu "Network testing"
294
295config NET_PKTGEN
296	tristate "Packet Generator (USE WITH CAUTION)"
297	depends on INET && PROC_FS
298	---help---
299	  This module will inject preconfigured packets, at a configurable
300	  rate, out of a given interface.  It is used for network interface
301	  stress testing and performance analysis.  If you don't understand
302	  what was just said, you don't need it: say N.
303
304	  Documentation on how to use the packet generator can be found
305	  at <file:Documentation/networking/pktgen.txt>.
306
307	  To compile this code as a module, choose M here: the
308	  module will be called pktgen.
309
310config NET_TCPPROBE
311	tristate "TCP connection probing"
312	depends on INET && PROC_FS && KPROBES
313	---help---
314	This module allows for capturing the changes to TCP connection
315	state in response to incoming packets. It is used for debugging
316	TCP congestion avoidance modules. If you don't understand
317	what was just said, you don't need it: say N.
318
319	Documentation on how to use TCP connection probing can be found
320	at:
321
322	  http://www.linuxfoundation.org/collaborate/workgroups/networking/tcpprobe
323
324	To compile this code as a module, choose M here: the
325	module will be called tcp_probe.
326
327config NET_DROP_MONITOR
328	tristate "Network packet drop alerting service"
329	depends on INET && TRACEPOINTS
330	---help---
331	This feature provides an alerting service to userspace in the
332	event that packets are discarded in the network stack.  Alerts
333	are broadcast via netlink socket to any listening user space
334	process.  If you don't need network drop alerts, or if you are ok
335	just checking the various proc files and other utilities for
336	drop statistics, say N here.
337
338endmenu
339
340endmenu
341
342source "net/ax25/Kconfig"
343source "net/can/Kconfig"
344source "net/irda/Kconfig"
345source "net/bluetooth/Kconfig"
346source "net/rxrpc/Kconfig"
347
348config FIB_RULES
349	bool
350
351menuconfig WIRELESS
352	bool "Wireless"
353	depends on !S390
354	default y
355
356if WIRELESS
357
358source "net/wireless/Kconfig"
359source "net/mac80211/Kconfig"
360
361endif # WIRELESS
362
363source "net/wimax/Kconfig"
364
365source "net/rfkill/Kconfig"
366source "net/9p/Kconfig"
367source "net/caif/Kconfig"
368source "net/ceph/Kconfig"
369source "net/nfc/Kconfig"
370
371
372endif   # if NET
373
374# Used by archs to tell that they support BPF_JIT
375config HAVE_BPF_JIT
376	bool
377