xref: /openbmc/linux/net/ipv4/Kconfig (revision 6dfcd296)
1#
2# IP configuration
3#
4config IP_MULTICAST
5	bool "IP: multicasting"
6	help
7	  This is code for addressing several networked computers at once,
8	  enlarging your kernel by about 2 KB. You need multicasting if you
9	  intend to participate in the MBONE, a high bandwidth network on top
10	  of the Internet which carries audio and video broadcasts. More
11	  information about the MBONE is on the WWW at
12	  <http://www.savetz.com/mbone/>. For most people, it's safe to say N.
13
14config IP_ADVANCED_ROUTER
15	bool "IP: advanced router"
16	---help---
17	  If you intend to run your Linux box mostly as a router, i.e. as a
18	  computer that forwards and redistributes network packets, say Y; you
19	  will then be presented with several options that allow more precise
20	  control about the routing process.
21
22	  The answer to this question won't directly affect the kernel:
23	  answering N will just cause the configurator to skip all the
24	  questions about advanced routing.
25
26	  Note that your box can only act as a router if you enable IP
27	  forwarding in your kernel; you can do that by saying Y to "/proc
28	  file system support" and "Sysctl support" below and executing the
29	  line
30
31	  echo "1" > /proc/sys/net/ipv4/ip_forward
32
33	  at boot time after the /proc file system has been mounted.
34
35	  If you turn on IP forwarding, you should consider the rp_filter, which
36	  automatically rejects incoming packets if the routing table entry
37	  for their source address doesn't match the network interface they're
38	  arriving on. This has security advantages because it prevents the
39	  so-called IP spoofing, however it can pose problems if you use
40	  asymmetric routing (packets from you to a host take a different path
41	  than packets from that host to you) or if you operate a non-routing
42	  host which has several IP addresses on different interfaces. To turn
43	  rp_filter on use:
44
45	  echo 1 > /proc/sys/net/ipv4/conf/<device>/rp_filter
46	   or
47	  echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
48
49	  Note that some distributions enable it in startup scripts.
50	  For details about rp_filter strict and loose mode read
51	  <file:Documentation/networking/ip-sysctl.txt>.
52
53	  If unsure, say N here.
54
55config IP_FIB_TRIE_STATS
56	bool "FIB TRIE statistics"
57	depends on IP_ADVANCED_ROUTER
58	---help---
59	  Keep track of statistics on structure of FIB TRIE table.
60	  Useful for testing and measuring TRIE performance.
61
62config IP_MULTIPLE_TABLES
63	bool "IP: policy routing"
64	depends on IP_ADVANCED_ROUTER
65	select FIB_RULES
66	---help---
67	  Normally, a router decides what to do with a received packet based
68	  solely on the packet's final destination address. If you say Y here,
69	  the Linux router will also be able to take the packet's source
70	  address into account. Furthermore, the TOS (Type-Of-Service) field
71	  of the packet can be used for routing decisions as well.
72
73	  If you are interested in this, please see the preliminary
74	  documentation at <http://www.compendium.com.ar/policy-routing.txt>
75	  and <ftp://post.tepkom.ru/pub/vol2/Linux/docs/advanced-routing.tex>.
76	  You will need supporting software from
77	  <ftp://ftp.tux.org/pub/net/ip-routing/>.
78
79	  If unsure, say N.
80
81config IP_ROUTE_MULTIPATH
82	bool "IP: equal cost multipath"
83	depends on IP_ADVANCED_ROUTER
84	help
85	  Normally, the routing tables specify a single action to be taken in
86	  a deterministic manner for a given packet. If you say Y here
87	  however, it becomes possible to attach several actions to a packet
88	  pattern, in effect specifying several alternative paths to travel
89	  for those packets. The router considers all these paths to be of
90	  equal "cost" and chooses one of them in a non-deterministic fashion
91	  if a matching packet arrives.
92
93config IP_ROUTE_VERBOSE
94	bool "IP: verbose route monitoring"
95	depends on IP_ADVANCED_ROUTER
96	help
97	  If you say Y here, which is recommended, then the kernel will print
98	  verbose messages regarding the routing, for example warnings about
99	  received packets which look strange and could be evidence of an
100	  attack or a misconfigured system somewhere. The information is
101	  handled by the klogd daemon which is responsible for kernel messages
102	  ("man klogd").
103
104config IP_ROUTE_CLASSID
105	bool
106
107config IP_PNP
108	bool "IP: kernel level autoconfiguration"
109	help
110	  This enables automatic configuration of IP addresses of devices and
111	  of the routing table during kernel boot, based on either information
112	  supplied on the kernel command line or by BOOTP or RARP protocols.
113	  You need to say Y only for diskless machines requiring network
114	  access to boot (in which case you want to say Y to "Root file system
115	  on NFS" as well), because all other machines configure the network
116	  in their startup scripts.
117
118config IP_PNP_DHCP
119	bool "IP: DHCP support"
120	depends on IP_PNP
121	---help---
122	  If you want your Linux box to mount its whole root file system (the
123	  one containing the directory /) from some other computer over the
124	  net via NFS and you want the IP address of your computer to be
125	  discovered automatically at boot time using the DHCP protocol (a
126	  special protocol designed for doing this job), say Y here. In case
127	  the boot ROM of your network card was designed for booting Linux and
128	  does DHCP itself, providing all necessary information on the kernel
129	  command line, you can say N here.
130
131	  If unsure, say Y. Note that if you want to use DHCP, a DHCP server
132	  must be operating on your network.  Read
133	  <file:Documentation/filesystems/nfs/nfsroot.txt> for details.
134
135config IP_PNP_BOOTP
136	bool "IP: BOOTP support"
137	depends on IP_PNP
138	---help---
139	  If you want your Linux box to mount its whole root file system (the
140	  one containing the directory /) from some other computer over the
141	  net via NFS and you want the IP address of your computer to be
142	  discovered automatically at boot time using the BOOTP protocol (a
143	  special protocol designed for doing this job), say Y here. In case
144	  the boot ROM of your network card was designed for booting Linux and
145	  does BOOTP itself, providing all necessary information on the kernel
146	  command line, you can say N here. If unsure, say Y. Note that if you
147	  want to use BOOTP, a BOOTP server must be operating on your network.
148	  Read <file:Documentation/filesystems/nfs/nfsroot.txt> for details.
149
150config IP_PNP_RARP
151	bool "IP: RARP support"
152	depends on IP_PNP
153	help
154	  If you want your Linux box to mount its whole root file system (the
155	  one containing the directory /) from some other computer over the
156	  net via NFS and you want the IP address of your computer to be
157	  discovered automatically at boot time using the RARP protocol (an
158	  older protocol which is being obsoleted by BOOTP and DHCP), say Y
159	  here. Note that if you want to use RARP, a RARP server must be
160	  operating on your network. Read
161	  <file:Documentation/filesystems/nfs/nfsroot.txt> for details.
162
163config NET_IPIP
164	tristate "IP: tunneling"
165	select INET_TUNNEL
166	select NET_IP_TUNNEL
167	---help---
168	  Tunneling means encapsulating data of one protocol type within
169	  another protocol and sending it over a channel that understands the
170	  encapsulating protocol. This particular tunneling driver implements
171	  encapsulation of IP within IP, which sounds kind of pointless, but
172	  can be useful if you want to make your (or some other) machine
173	  appear on a different network than it physically is, or to use
174	  mobile-IP facilities (allowing laptops to seamlessly move between
175	  networks without changing their IP addresses).
176
177	  Saying Y to this option will produce two modules ( = code which can
178	  be inserted in and removed from the running kernel whenever you
179	  want). Most people won't need this and can say N.
180
181config NET_IPGRE_DEMUX
182	tristate "IP: GRE demultiplexer"
183	help
184	 This is helper module to demultiplex GRE packets on GRE version field criteria.
185	 Required by ip_gre and pptp modules.
186
187config NET_IP_TUNNEL
188	tristate
189	select DST_CACHE
190	default n
191
192config NET_IPGRE
193	tristate "IP: GRE tunnels over IP"
194	depends on (IPV6 || IPV6=n) && NET_IPGRE_DEMUX
195	select NET_IP_TUNNEL
196	help
197	  Tunneling means encapsulating data of one protocol type within
198	  another protocol and sending it over a channel that understands the
199	  encapsulating protocol. This particular tunneling driver implements
200	  GRE (Generic Routing Encapsulation) and at this time allows
201	  encapsulating of IPv4 or IPv6 over existing IPv4 infrastructure.
202	  This driver is useful if the other endpoint is a Cisco router: Cisco
203	  likes GRE much better than the other Linux tunneling driver ("IP
204	  tunneling" above). In addition, GRE allows multicast redistribution
205	  through the tunnel.
206
207config NET_IPGRE_BROADCAST
208	bool "IP: broadcast GRE over IP"
209	depends on IP_MULTICAST && NET_IPGRE
210	help
211	  One application of GRE/IP is to construct a broadcast WAN (Wide Area
212	  Network), which looks like a normal Ethernet LAN (Local Area
213	  Network), but can be distributed all over the Internet. If you want
214	  to do that, say Y here and to "IP multicast routing" below.
215
216config IP_MROUTE
217	bool "IP: multicast routing"
218	depends on IP_MULTICAST
219	help
220	  This is used if you want your machine to act as a router for IP
221	  packets that have several destination addresses. It is needed on the
222	  MBONE, a high bandwidth network on top of the Internet which carries
223	  audio and video broadcasts. In order to do that, you would most
224	  likely run the program mrouted. If you haven't heard about it, you
225	  don't need it.
226
227config IP_MROUTE_MULTIPLE_TABLES
228	bool "IP: multicast policy routing"
229	depends on IP_MROUTE && IP_ADVANCED_ROUTER
230	select FIB_RULES
231	help
232	  Normally, a multicast router runs a userspace daemon and decides
233	  what to do with a multicast packet based on the source and
234	  destination addresses. If you say Y here, the multicast router
235	  will also be able to take interfaces and packet marks into
236	  account and run multiple instances of userspace daemons
237	  simultaneously, each one handling a single table.
238
239	  If unsure, say N.
240
241config IP_PIMSM_V1
242	bool "IP: PIM-SM version 1 support"
243	depends on IP_MROUTE
244	help
245	  Kernel side support for Sparse Mode PIM (Protocol Independent
246	  Multicast) version 1. This multicast routing protocol is used widely
247	  because Cisco supports it. You need special software to use it
248	  (pimd-v1). Please see <http://netweb.usc.edu/pim/> for more
249	  information about PIM.
250
251	  Say Y if you want to use PIM-SM v1. Note that you can say N here if
252	  you just want to use Dense Mode PIM.
253
254config IP_PIMSM_V2
255	bool "IP: PIM-SM version 2 support"
256	depends on IP_MROUTE
257	help
258	  Kernel side support for Sparse Mode PIM version 2. In order to use
259	  this, you need an experimental routing daemon supporting it (pimd or
260	  gated-5). This routing protocol is not used widely, so say N unless
261	  you want to play with it.
262
263config SYN_COOKIES
264	bool "IP: TCP syncookie support"
265	---help---
266	  Normal TCP/IP networking is open to an attack known as "SYN
267	  flooding". This denial-of-service attack prevents legitimate remote
268	  users from being able to connect to your computer during an ongoing
269	  attack and requires very little work from the attacker, who can
270	  operate from anywhere on the Internet.
271
272	  SYN cookies provide protection against this type of attack. If you
273	  say Y here, the TCP/IP stack will use a cryptographic challenge
274	  protocol known as "SYN cookies" to enable legitimate users to
275	  continue to connect, even when your machine is under attack. There
276	  is no need for the legitimate users to change their TCP/IP software;
277	  SYN cookies work transparently to them. For technical information
278	  about SYN cookies, check out <http://cr.yp.to/syncookies.html>.
279
280	  If you are SYN flooded, the source address reported by the kernel is
281	  likely to have been forged by the attacker; it is only reported as
282	  an aid in tracing the packets to their actual source and should not
283	  be taken as absolute truth.
284
285	  SYN cookies may prevent correct error reporting on clients when the
286	  server is really overloaded. If this happens frequently better turn
287	  them off.
288
289	  If you say Y here, you can disable SYN cookies at run time by
290	  saying Y to "/proc file system support" and
291	  "Sysctl support" below and executing the command
292
293	  echo 0 > /proc/sys/net/ipv4/tcp_syncookies
294
295	  after the /proc file system has been mounted.
296
297	  If unsure, say N.
298
299config NET_IPVTI
300	tristate "Virtual (secure) IP: tunneling"
301	select INET_TUNNEL
302	select NET_IP_TUNNEL
303	depends on INET_XFRM_MODE_TUNNEL
304	---help---
305	  Tunneling means encapsulating data of one protocol type within
306	  another protocol and sending it over a channel that understands the
307	  encapsulating protocol. This can be used with xfrm mode tunnel to give
308	  the notion of a secure tunnel for IPSEC and then use routing protocol
309	  on top.
310
311config NET_UDP_TUNNEL
312	tristate
313	select NET_IP_TUNNEL
314	default n
315
316config NET_FOU
317	tristate "IP: Foo (IP protocols) over UDP"
318	select XFRM
319	select NET_UDP_TUNNEL
320	---help---
321	  Foo over UDP allows any IP protocol to be directly encapsulated
322	  over UDP include tunnels (IPIP, GRE, SIT). By encapsulating in UDP
323	  network mechanisms and optimizations for UDP (such as ECMP
324	  and RSS) can be leveraged to provide better service.
325
326config NET_FOU_IP_TUNNELS
327	bool "IP: FOU encapsulation of IP tunnels"
328	depends on NET_IPIP || NET_IPGRE || IPV6_SIT
329	select NET_FOU
330	---help---
331	  Allow configuration of FOU or GUE encapsulation for IP tunnels.
332	  When this option is enabled IP tunnels can be configured to use
333	  FOU or GUE encapsulation.
334
335config INET_AH
336	tristate "IP: AH transformation"
337	select XFRM_ALGO
338	select CRYPTO
339	select CRYPTO_HMAC
340	select CRYPTO_MD5
341	select CRYPTO_SHA1
342	---help---
343	  Support for IPsec AH.
344
345	  If unsure, say Y.
346
347config INET_ESP
348	tristate "IP: ESP transformation"
349	select XFRM_ALGO
350	select CRYPTO
351	select CRYPTO_AUTHENC
352	select CRYPTO_HMAC
353	select CRYPTO_MD5
354	select CRYPTO_CBC
355	select CRYPTO_SHA1
356	select CRYPTO_DES
357	select CRYPTO_ECHAINIV
358	---help---
359	  Support for IPsec ESP.
360
361	  If unsure, say Y.
362
363config INET_IPCOMP
364	tristate "IP: IPComp transformation"
365	select INET_XFRM_TUNNEL
366	select XFRM_IPCOMP
367	---help---
368	  Support for IP Payload Compression Protocol (IPComp) (RFC3173),
369	  typically needed for IPsec.
370
371	  If unsure, say Y.
372
373config INET_XFRM_TUNNEL
374	tristate
375	select INET_TUNNEL
376	default n
377
378config INET_TUNNEL
379	tristate
380	default n
381
382config INET_XFRM_MODE_TRANSPORT
383	tristate "IP: IPsec transport mode"
384	default y
385	select XFRM
386	---help---
387	  Support for IPsec transport mode.
388
389	  If unsure, say Y.
390
391config INET_XFRM_MODE_TUNNEL
392	tristate "IP: IPsec tunnel mode"
393	default y
394	select XFRM
395	---help---
396	  Support for IPsec tunnel mode.
397
398	  If unsure, say Y.
399
400config INET_XFRM_MODE_BEET
401	tristate "IP: IPsec BEET mode"
402	default y
403	select XFRM
404	---help---
405	  Support for IPsec BEET mode.
406
407	  If unsure, say Y.
408
409config INET_DIAG
410	tristate "INET: socket monitoring interface"
411	default y
412	---help---
413	  Support for INET (TCP, DCCP, etc) socket monitoring interface used by
414	  native Linux tools such as ss. ss is included in iproute2, currently
415	  downloadable at:
416
417	    http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2
418
419	  If unsure, say Y.
420
421config INET_TCP_DIAG
422	depends on INET_DIAG
423	def_tristate INET_DIAG
424
425config INET_UDP_DIAG
426	tristate "UDP: socket monitoring interface"
427	depends on INET_DIAG && (IPV6 || IPV6=n)
428	default n
429	---help---
430	  Support for UDP socket monitoring interface used by the ss tool.
431	  If unsure, say Y.
432
433config INET_DIAG_DESTROY
434	bool "INET: allow privileged process to administratively close sockets"
435	depends on INET_DIAG
436	default n
437	---help---
438	  Provides a SOCK_DESTROY operation that allows privileged processes
439	  (e.g., a connection manager or a network administration tool such as
440	  ss) to close sockets opened by other processes. Closing a socket in
441	  this way interrupts any blocking read/write/connect operations on
442	  the socket and causes future socket calls to behave as if the socket
443	  had been disconnected.
444	  If unsure, say N.
445
446menuconfig TCP_CONG_ADVANCED
447	bool "TCP: advanced congestion control"
448	---help---
449	  Support for selection of various TCP congestion control
450	  modules.
451
452	  Nearly all users can safely say no here, and a safe default
453	  selection will be made (CUBIC with new Reno as a fallback).
454
455	  If unsure, say N.
456
457if TCP_CONG_ADVANCED
458
459config TCP_CONG_BIC
460	tristate "Binary Increase Congestion (BIC) control"
461	default m
462	---help---
463	BIC-TCP is a sender-side only change that ensures a linear RTT
464	fairness under large windows while offering both scalability and
465	bounded TCP-friendliness. The protocol combines two schemes
466	called additive increase and binary search increase. When the
467	congestion window is large, additive increase with a large
468	increment ensures linear RTT fairness as well as good
469	scalability. Under small congestion windows, binary search
470	increase provides TCP friendliness.
471	See http://www.csc.ncsu.edu/faculty/rhee/export/bitcp/
472
473config TCP_CONG_CUBIC
474	tristate "CUBIC TCP"
475	default y
476	---help---
477	This is version 2.0 of BIC-TCP which uses a cubic growth function
478	among other techniques.
479	See http://www.csc.ncsu.edu/faculty/rhee/export/bitcp/cubic-paper.pdf
480
481config TCP_CONG_WESTWOOD
482	tristate "TCP Westwood+"
483	default m
484	---help---
485	TCP Westwood+ is a sender-side only modification of the TCP Reno
486	protocol stack that optimizes the performance of TCP congestion
487	control. It is based on end-to-end bandwidth estimation to set
488	congestion window and slow start threshold after a congestion
489	episode. Using this estimation, TCP Westwood+ adaptively sets a
490	slow start threshold and a congestion window which takes into
491	account the bandwidth used  at the time congestion is experienced.
492	TCP Westwood+ significantly increases fairness wrt TCP Reno in
493	wired networks and throughput over wireless links.
494
495config TCP_CONG_HTCP
496        tristate "H-TCP"
497        default m
498	---help---
499	H-TCP is a send-side only modifications of the TCP Reno
500	protocol stack that optimizes the performance of TCP
501	congestion control for high speed network links. It uses a
502	modeswitch to change the alpha and beta parameters of TCP Reno
503	based on network conditions and in a way so as to be fair with
504	other Reno and H-TCP flows.
505
506config TCP_CONG_HSTCP
507	tristate "High Speed TCP"
508	default n
509	---help---
510	Sally Floyd's High Speed TCP (RFC 3649) congestion control.
511	A modification to TCP's congestion control mechanism for use
512	with large congestion windows. A table indicates how much to
513	increase the congestion window by when an ACK is received.
514 	For more detail	see http://www.icir.org/floyd/hstcp.html
515
516config TCP_CONG_HYBLA
517	tristate "TCP-Hybla congestion control algorithm"
518	default n
519	---help---
520	TCP-Hybla is a sender-side only change that eliminates penalization of
521	long-RTT, large-bandwidth connections, like when satellite legs are
522	involved, especially when sharing a common bottleneck with normal
523	terrestrial connections.
524
525config TCP_CONG_VEGAS
526	tristate "TCP Vegas"
527	default n
528	---help---
529	TCP Vegas is a sender-side only change to TCP that anticipates
530	the onset of congestion by estimating the bandwidth. TCP Vegas
531	adjusts the sending rate by modifying the congestion
532	window. TCP Vegas should provide less packet loss, but it is
533	not as aggressive as TCP Reno.
534
535config TCP_CONG_NV
536       tristate "TCP NV"
537       default n
538       ---help---
539       TCP NV is a follow up to TCP Vegas. It has been modified to deal with
540       10G networks, measurement noise introduced by LRO, GRO and interrupt
541       coalescence. In addition, it will decrease its cwnd multiplicatively
542       instead of linearly.
543
544       Note that in general congestion avoidance (cwnd decreased when # packets
545       queued grows) cannot coexist with congestion control (cwnd decreased only
546       when there is packet loss) due to fairness issues. One scenario when they
547       can coexist safely is when the CA flows have RTTs << CC flows RTTs.
548
549       For further details see http://www.brakmo.org/networking/tcp-nv/
550
551config TCP_CONG_SCALABLE
552	tristate "Scalable TCP"
553	default n
554	---help---
555	Scalable TCP is a sender-side only change to TCP which uses a
556	MIMD congestion control algorithm which has some nice scaling
557	properties, though is known to have fairness issues.
558	See http://www.deneholme.net/tom/scalable/
559
560config TCP_CONG_LP
561	tristate "TCP Low Priority"
562	default n
563	---help---
564	TCP Low Priority (TCP-LP), a distributed algorithm whose goal is
565	to utilize only the excess network bandwidth as compared to the
566	``fair share`` of bandwidth as targeted by TCP.
567	See http://www-ece.rice.edu/networks/TCP-LP/
568
569config TCP_CONG_VENO
570	tristate "TCP Veno"
571	default n
572	---help---
573	TCP Veno is a sender-side only enhancement of TCP to obtain better
574	throughput over wireless networks. TCP Veno makes use of state
575	distinguishing to circumvent the difficult judgment of the packet loss
576	type. TCP Veno cuts down less congestion window in response to random
577	loss packets.
578	See <http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=1177186>
579
580config TCP_CONG_YEAH
581	tristate "YeAH TCP"
582	select TCP_CONG_VEGAS
583	default n
584	---help---
585	YeAH-TCP is a sender-side high-speed enabled TCP congestion control
586	algorithm, which uses a mixed loss/delay approach to compute the
587	congestion window. It's design goals target high efficiency,
588	internal, RTT and Reno fairness, resilience to link loss while
589	keeping network elements load as low as possible.
590
591	For further details look here:
592	  http://wil.cs.caltech.edu/pfldnet2007/paper/YeAH_TCP.pdf
593
594config TCP_CONG_ILLINOIS
595	tristate "TCP Illinois"
596	default n
597	---help---
598	TCP-Illinois is a sender-side modification of TCP Reno for
599	high speed long delay links. It uses round-trip-time to
600	adjust the alpha and beta parameters to achieve a higher average
601	throughput and maintain fairness.
602
603	For further details see:
604	  http://www.ews.uiuc.edu/~shaoliu/tcpillinois/index.html
605
606config TCP_CONG_DCTCP
607	tristate "DataCenter TCP (DCTCP)"
608	default n
609	---help---
610	DCTCP leverages Explicit Congestion Notification (ECN) in the network to
611	provide multi-bit feedback to the end hosts. It is designed to provide:
612
613	- High burst tolerance (incast due to partition/aggregate),
614	- Low latency (short flows, queries),
615	- High throughput (continuous data updates, large file transfers) with
616	  commodity, shallow-buffered switches.
617
618	All switches in the data center network running DCTCP must support
619	ECN marking and be configured for marking when reaching defined switch
620	buffer thresholds. The default ECN marking threshold heuristic for
621	DCTCP on switches is 20 packets (30KB) at 1Gbps, and 65 packets
622	(~100KB) at 10Gbps, but might need further careful tweaking.
623
624	For further details see:
625	  http://simula.stanford.edu/~alizade/Site/DCTCP_files/dctcp-final.pdf
626
627config TCP_CONG_CDG
628	tristate "CAIA Delay-Gradient (CDG)"
629	default n
630	---help---
631	CAIA Delay-Gradient (CDG) is a TCP congestion control that modifies
632	the TCP sender in order to:
633
634	  o Use the delay gradient as a congestion signal.
635	  o Back off with an average probability that is independent of the RTT.
636	  o Coexist with flows that use loss-based congestion control.
637	  o Tolerate packet loss unrelated to congestion.
638
639	For further details see:
640	  D.A. Hayes and G. Armitage. "Revisiting TCP congestion control using
641	  delay gradients." In Networking 2011. Preprint: http://goo.gl/No3vdg
642
643config TCP_CONG_BBR
644	tristate "BBR TCP"
645	default n
646	---help---
647
648	BBR (Bottleneck Bandwidth and RTT) TCP congestion control aims to
649	maximize network utilization and minimize queues. It builds an explicit
650	model of the the bottleneck delivery rate and path round-trip
651	propagation delay. It tolerates packet loss and delay unrelated to
652	congestion. It can operate over LAN, WAN, cellular, wifi, or cable
653	modem links. It can coexist with flows that use loss-based congestion
654	control, and can operate with shallow buffers, deep buffers,
655	bufferbloat, policers, or AQM schemes that do not provide a delay
656	signal. It requires the fq ("Fair Queue") pacing packet scheduler.
657
658choice
659	prompt "Default TCP congestion control"
660	default DEFAULT_CUBIC
661	help
662	  Select the TCP congestion control that will be used by default
663	  for all connections.
664
665	config DEFAULT_BIC
666		bool "Bic" if TCP_CONG_BIC=y
667
668	config DEFAULT_CUBIC
669		bool "Cubic" if TCP_CONG_CUBIC=y
670
671	config DEFAULT_HTCP
672		bool "Htcp" if TCP_CONG_HTCP=y
673
674	config DEFAULT_HYBLA
675		bool "Hybla" if TCP_CONG_HYBLA=y
676
677	config DEFAULT_VEGAS
678		bool "Vegas" if TCP_CONG_VEGAS=y
679
680	config DEFAULT_VENO
681		bool "Veno" if TCP_CONG_VENO=y
682
683	config DEFAULT_WESTWOOD
684		bool "Westwood" if TCP_CONG_WESTWOOD=y
685
686	config DEFAULT_DCTCP
687		bool "DCTCP" if TCP_CONG_DCTCP=y
688
689	config DEFAULT_CDG
690		bool "CDG" if TCP_CONG_CDG=y
691
692	config DEFAULT_BBR
693		bool "BBR" if TCP_CONG_BBR=y
694
695	config DEFAULT_RENO
696		bool "Reno"
697endchoice
698
699endif
700
701config TCP_CONG_CUBIC
702	tristate
703	depends on !TCP_CONG_ADVANCED
704	default y
705
706config DEFAULT_TCP_CONG
707	string
708	default "bic" if DEFAULT_BIC
709	default "cubic" if DEFAULT_CUBIC
710	default "htcp" if DEFAULT_HTCP
711	default "hybla" if DEFAULT_HYBLA
712	default "vegas" if DEFAULT_VEGAS
713	default "westwood" if DEFAULT_WESTWOOD
714	default "veno" if DEFAULT_VENO
715	default "reno" if DEFAULT_RENO
716	default "dctcp" if DEFAULT_DCTCP
717	default "cdg" if DEFAULT_CDG
718	default "cubic"
719
720config TCP_MD5SIG
721	bool "TCP: MD5 Signature Option support (RFC2385)"
722	select CRYPTO
723	select CRYPTO_MD5
724	---help---
725	  RFC2385 specifies a method of giving MD5 protection to TCP sessions.
726	  Its main (only?) use is to protect BGP sessions between core routers
727	  on the Internet.
728
729	  If unsure, say N.
730