xref: /openbmc/linux/net/ipv4/Kconfig (revision 7587eb18)
1#
2# IP configuration
3#
4config IP_MULTICAST
5	bool "IP: multicasting"
6	help
7	  This is code for addressing several networked computers at once,
8	  enlarging your kernel by about 2 KB. You need multicasting if you
9	  intend to participate in the MBONE, a high bandwidth network on top
10	  of the Internet which carries audio and video broadcasts. More
11	  information about the MBONE is on the WWW at
12	  <http://www.savetz.com/mbone/>. For most people, it's safe to say N.
13
14config IP_ADVANCED_ROUTER
15	bool "IP: advanced router"
16	---help---
17	  If you intend to run your Linux box mostly as a router, i.e. as a
18	  computer that forwards and redistributes network packets, say Y; you
19	  will then be presented with several options that allow more precise
20	  control about the routing process.
21
22	  The answer to this question won't directly affect the kernel:
23	  answering N will just cause the configurator to skip all the
24	  questions about advanced routing.
25
26	  Note that your box can only act as a router if you enable IP
27	  forwarding in your kernel; you can do that by saying Y to "/proc
28	  file system support" and "Sysctl support" below and executing the
29	  line
30
31	  echo "1" > /proc/sys/net/ipv4/ip_forward
32
33	  at boot time after the /proc file system has been mounted.
34
35	  If you turn on IP forwarding, you should consider the rp_filter, which
36	  automatically rejects incoming packets if the routing table entry
37	  for their source address doesn't match the network interface they're
38	  arriving on. This has security advantages because it prevents the
39	  so-called IP spoofing, however it can pose problems if you use
40	  asymmetric routing (packets from you to a host take a different path
41	  than packets from that host to you) or if you operate a non-routing
42	  host which has several IP addresses on different interfaces. To turn
43	  rp_filter on use:
44
45	  echo 1 > /proc/sys/net/ipv4/conf/<device>/rp_filter
46	   or
47	  echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
48
49	  Note that some distributions enable it in startup scripts.
50	  For details about rp_filter strict and loose mode read
51	  <file:Documentation/networking/ip-sysctl.txt>.
52
53	  If unsure, say N here.
54
55config IP_FIB_TRIE_STATS
56	bool "FIB TRIE statistics"
57	depends on IP_ADVANCED_ROUTER
58	---help---
59	  Keep track of statistics on structure of FIB TRIE table.
60	  Useful for testing and measuring TRIE performance.
61
62config IP_MULTIPLE_TABLES
63	bool "IP: policy routing"
64	depends on IP_ADVANCED_ROUTER
65	select FIB_RULES
66	---help---
67	  Normally, a router decides what to do with a received packet based
68	  solely on the packet's final destination address. If you say Y here,
69	  the Linux router will also be able to take the packet's source
70	  address into account. Furthermore, the TOS (Type-Of-Service) field
71	  of the packet can be used for routing decisions as well.
72
73	  If you are interested in this, please see the preliminary
74	  documentation at <http://www.compendium.com.ar/policy-routing.txt>
75	  and <ftp://post.tepkom.ru/pub/vol2/Linux/docs/advanced-routing.tex>.
76	  You will need supporting software from
77	  <ftp://ftp.tux.org/pub/net/ip-routing/>.
78
79	  If unsure, say N.
80
81config IP_ROUTE_MULTIPATH
82	bool "IP: equal cost multipath"
83	depends on IP_ADVANCED_ROUTER
84	help
85	  Normally, the routing tables specify a single action to be taken in
86	  a deterministic manner for a given packet. If you say Y here
87	  however, it becomes possible to attach several actions to a packet
88	  pattern, in effect specifying several alternative paths to travel
89	  for those packets. The router considers all these paths to be of
90	  equal "cost" and chooses one of them in a non-deterministic fashion
91	  if a matching packet arrives.
92
93config IP_ROUTE_VERBOSE
94	bool "IP: verbose route monitoring"
95	depends on IP_ADVANCED_ROUTER
96	help
97	  If you say Y here, which is recommended, then the kernel will print
98	  verbose messages regarding the routing, for example warnings about
99	  received packets which look strange and could be evidence of an
100	  attack or a misconfigured system somewhere. The information is
101	  handled by the klogd daemon which is responsible for kernel messages
102	  ("man klogd").
103
104config IP_ROUTE_CLASSID
105	bool
106
107config IP_PNP
108	bool "IP: kernel level autoconfiguration"
109	help
110	  This enables automatic configuration of IP addresses of devices and
111	  of the routing table during kernel boot, based on either information
112	  supplied on the kernel command line or by BOOTP or RARP protocols.
113	  You need to say Y only for diskless machines requiring network
114	  access to boot (in which case you want to say Y to "Root file system
115	  on NFS" as well), because all other machines configure the network
116	  in their startup scripts.
117
118config IP_PNP_DHCP
119	bool "IP: DHCP support"
120	depends on IP_PNP
121	---help---
122	  If you want your Linux box to mount its whole root file system (the
123	  one containing the directory /) from some other computer over the
124	  net via NFS and you want the IP address of your computer to be
125	  discovered automatically at boot time using the DHCP protocol (a
126	  special protocol designed for doing this job), say Y here. In case
127	  the boot ROM of your network card was designed for booting Linux and
128	  does DHCP itself, providing all necessary information on the kernel
129	  command line, you can say N here.
130
131	  If unsure, say Y. Note that if you want to use DHCP, a DHCP server
132	  must be operating on your network.  Read
133	  <file:Documentation/filesystems/nfs/nfsroot.txt> for details.
134
135config IP_PNP_BOOTP
136	bool "IP: BOOTP support"
137	depends on IP_PNP
138	---help---
139	  If you want your Linux box to mount its whole root file system (the
140	  one containing the directory /) from some other computer over the
141	  net via NFS and you want the IP address of your computer to be
142	  discovered automatically at boot time using the BOOTP protocol (a
143	  special protocol designed for doing this job), say Y here. In case
144	  the boot ROM of your network card was designed for booting Linux and
145	  does BOOTP itself, providing all necessary information on the kernel
146	  command line, you can say N here. If unsure, say Y. Note that if you
147	  want to use BOOTP, a BOOTP server must be operating on your network.
148	  Read <file:Documentation/filesystems/nfs/nfsroot.txt> for details.
149
150config IP_PNP_RARP
151	bool "IP: RARP support"
152	depends on IP_PNP
153	help
154	  If you want your Linux box to mount its whole root file system (the
155	  one containing the directory /) from some other computer over the
156	  net via NFS and you want the IP address of your computer to be
157	  discovered automatically at boot time using the RARP protocol (an
158	  older protocol which is being obsoleted by BOOTP and DHCP), say Y
159	  here. Note that if you want to use RARP, a RARP server must be
160	  operating on your network. Read
161	  <file:Documentation/filesystems/nfs/nfsroot.txt> for details.
162
163config NET_IPIP
164	tristate "IP: tunneling"
165	select INET_TUNNEL
166	select NET_IP_TUNNEL
167	---help---
168	  Tunneling means encapsulating data of one protocol type within
169	  another protocol and sending it over a channel that understands the
170	  encapsulating protocol. This particular tunneling driver implements
171	  encapsulation of IP within IP, which sounds kind of pointless, but
172	  can be useful if you want to make your (or some other) machine
173	  appear on a different network than it physically is, or to use
174	  mobile-IP facilities (allowing laptops to seamlessly move between
175	  networks without changing their IP addresses).
176
177	  Saying Y to this option will produce two modules ( = code which can
178	  be inserted in and removed from the running kernel whenever you
179	  want). Most people won't need this and can say N.
180
181config NET_IPGRE_DEMUX
182	tristate "IP: GRE demultiplexer"
183	help
184	 This is helper module to demultiplex GRE packets on GRE version field criteria.
185	 Required by ip_gre and pptp modules.
186
187config NET_IP_TUNNEL
188	tristate
189	select DST_CACHE
190	default n
191
192config NET_IPGRE
193	tristate "IP: GRE tunnels over IP"
194	depends on (IPV6 || IPV6=n) && NET_IPGRE_DEMUX
195	select NET_IP_TUNNEL
196	help
197	  Tunneling means encapsulating data of one protocol type within
198	  another protocol and sending it over a channel that understands the
199	  encapsulating protocol. This particular tunneling driver implements
200	  GRE (Generic Routing Encapsulation) and at this time allows
201	  encapsulating of IPv4 or IPv6 over existing IPv4 infrastructure.
202	  This driver is useful if the other endpoint is a Cisco router: Cisco
203	  likes GRE much better than the other Linux tunneling driver ("IP
204	  tunneling" above). In addition, GRE allows multicast redistribution
205	  through the tunnel.
206
207config NET_IPGRE_BROADCAST
208	bool "IP: broadcast GRE over IP"
209	depends on IP_MULTICAST && NET_IPGRE
210	help
211	  One application of GRE/IP is to construct a broadcast WAN (Wide Area
212	  Network), which looks like a normal Ethernet LAN (Local Area
213	  Network), but can be distributed all over the Internet. If you want
214	  to do that, say Y here and to "IP multicast routing" below.
215
216config IP_MROUTE
217	bool "IP: multicast routing"
218	depends on IP_MULTICAST
219	help
220	  This is used if you want your machine to act as a router for IP
221	  packets that have several destination addresses. It is needed on the
222	  MBONE, a high bandwidth network on top of the Internet which carries
223	  audio and video broadcasts. In order to do that, you would most
224	  likely run the program mrouted. If you haven't heard about it, you
225	  don't need it.
226
227config IP_MROUTE_MULTIPLE_TABLES
228	bool "IP: multicast policy routing"
229	depends on IP_MROUTE && IP_ADVANCED_ROUTER
230	select FIB_RULES
231	help
232	  Normally, a multicast router runs a userspace daemon and decides
233	  what to do with a multicast packet based on the source and
234	  destination addresses. If you say Y here, the multicast router
235	  will also be able to take interfaces and packet marks into
236	  account and run multiple instances of userspace daemons
237	  simultaneously, each one handling a single table.
238
239	  If unsure, say N.
240
241config IP_PIMSM_V1
242	bool "IP: PIM-SM version 1 support"
243	depends on IP_MROUTE
244	help
245	  Kernel side support for Sparse Mode PIM (Protocol Independent
246	  Multicast) version 1. This multicast routing protocol is used widely
247	  because Cisco supports it. You need special software to use it
248	  (pimd-v1). Please see <http://netweb.usc.edu/pim/> for more
249	  information about PIM.
250
251	  Say Y if you want to use PIM-SM v1. Note that you can say N here if
252	  you just want to use Dense Mode PIM.
253
254config IP_PIMSM_V2
255	bool "IP: PIM-SM version 2 support"
256	depends on IP_MROUTE
257	help
258	  Kernel side support for Sparse Mode PIM version 2. In order to use
259	  this, you need an experimental routing daemon supporting it (pimd or
260	  gated-5). This routing protocol is not used widely, so say N unless
261	  you want to play with it.
262
263config SYN_COOKIES
264	bool "IP: TCP syncookie support"
265	---help---
266	  Normal TCP/IP networking is open to an attack known as "SYN
267	  flooding". This denial-of-service attack prevents legitimate remote
268	  users from being able to connect to your computer during an ongoing
269	  attack and requires very little work from the attacker, who can
270	  operate from anywhere on the Internet.
271
272	  SYN cookies provide protection against this type of attack. If you
273	  say Y here, the TCP/IP stack will use a cryptographic challenge
274	  protocol known as "SYN cookies" to enable legitimate users to
275	  continue to connect, even when your machine is under attack. There
276	  is no need for the legitimate users to change their TCP/IP software;
277	  SYN cookies work transparently to them. For technical information
278	  about SYN cookies, check out <http://cr.yp.to/syncookies.html>.
279
280	  If you are SYN flooded, the source address reported by the kernel is
281	  likely to have been forged by the attacker; it is only reported as
282	  an aid in tracing the packets to their actual source and should not
283	  be taken as absolute truth.
284
285	  SYN cookies may prevent correct error reporting on clients when the
286	  server is really overloaded. If this happens frequently better turn
287	  them off.
288
289	  If you say Y here, you can disable SYN cookies at run time by
290	  saying Y to "/proc file system support" and
291	  "Sysctl support" below and executing the command
292
293	  echo 0 > /proc/sys/net/ipv4/tcp_syncookies
294
295	  after the /proc file system has been mounted.
296
297	  If unsure, say N.
298
299config NET_IPVTI
300	tristate "Virtual (secure) IP: tunneling"
301	select INET_TUNNEL
302	select NET_IP_TUNNEL
303	depends on INET_XFRM_MODE_TUNNEL
304	---help---
305	  Tunneling means encapsulating data of one protocol type within
306	  another protocol and sending it over a channel that understands the
307	  encapsulating protocol. This can be used with xfrm mode tunnel to give
308	  the notion of a secure tunnel for IPSEC and then use routing protocol
309	  on top.
310
311config NET_UDP_TUNNEL
312	tristate
313	select NET_IP_TUNNEL
314	default n
315
316config NET_FOU
317	tristate "IP: Foo (IP protocols) over UDP"
318	select XFRM
319	select NET_UDP_TUNNEL
320	---help---
321	  Foo over UDP allows any IP protocol to be directly encapsulated
322	  over UDP include tunnels (IPIP, GRE, SIT). By encapsulating in UDP
323	  network mechanisms and optimizations for UDP (such as ECMP
324	  and RSS) can be leveraged to provide better service.
325
326config NET_FOU_IP_TUNNELS
327	bool "IP: FOU encapsulation of IP tunnels"
328	depends on NET_IPIP || NET_IPGRE || IPV6_SIT
329	select NET_FOU
330	---help---
331	  Allow configuration of FOU or GUE encapsulation for IP tunnels.
332	  When this option is enabled IP tunnels can be configured to use
333	  FOU or GUE encapsulation.
334
335config INET_AH
336	tristate "IP: AH transformation"
337	select XFRM_ALGO
338	select CRYPTO
339	select CRYPTO_HMAC
340	select CRYPTO_MD5
341	select CRYPTO_SHA1
342	---help---
343	  Support for IPsec AH.
344
345	  If unsure, say Y.
346
347config INET_ESP
348	tristate "IP: ESP transformation"
349	select XFRM_ALGO
350	select CRYPTO
351	select CRYPTO_AUTHENC
352	select CRYPTO_HMAC
353	select CRYPTO_MD5
354	select CRYPTO_CBC
355	select CRYPTO_SHA1
356	select CRYPTO_DES
357	select CRYPTO_ECHAINIV
358	---help---
359	  Support for IPsec ESP.
360
361	  If unsure, say Y.
362
363config INET_IPCOMP
364	tristate "IP: IPComp transformation"
365	select INET_XFRM_TUNNEL
366	select XFRM_IPCOMP
367	---help---
368	  Support for IP Payload Compression Protocol (IPComp) (RFC3173),
369	  typically needed for IPsec.
370
371	  If unsure, say Y.
372
373config INET_XFRM_TUNNEL
374	tristate
375	select INET_TUNNEL
376	default n
377
378config INET_TUNNEL
379	tristate
380	default n
381
382config INET_XFRM_MODE_TRANSPORT
383	tristate "IP: IPsec transport mode"
384	default y
385	select XFRM
386	---help---
387	  Support for IPsec transport mode.
388
389	  If unsure, say Y.
390
391config INET_XFRM_MODE_TUNNEL
392	tristate "IP: IPsec tunnel mode"
393	default y
394	select XFRM
395	---help---
396	  Support for IPsec tunnel mode.
397
398	  If unsure, say Y.
399
400config INET_XFRM_MODE_BEET
401	tristate "IP: IPsec BEET mode"
402	default y
403	select XFRM
404	---help---
405	  Support for IPsec BEET mode.
406
407	  If unsure, say Y.
408
409config INET_DIAG
410	tristate "INET: socket monitoring interface"
411	default y
412	---help---
413	  Support for INET (TCP, DCCP, etc) socket monitoring interface used by
414	  native Linux tools such as ss. ss is included in iproute2, currently
415	  downloadable at:
416
417	    http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2
418
419	  If unsure, say Y.
420
421config INET_TCP_DIAG
422	depends on INET_DIAG
423	def_tristate INET_DIAG
424
425config INET_UDP_DIAG
426	tristate "UDP: socket monitoring interface"
427	depends on INET_DIAG && (IPV6 || IPV6=n)
428	default n
429	---help---
430	  Support for UDP socket monitoring interface used by the ss tool.
431	  If unsure, say Y.
432
433config INET_DIAG_DESTROY
434	bool "INET: allow privileged process to administratively close sockets"
435	depends on INET_DIAG
436	default n
437	---help---
438	  Provides a SOCK_DESTROY operation that allows privileged processes
439	  (e.g., a connection manager or a network administration tool such as
440	  ss) to close sockets opened by other processes. Closing a socket in
441	  this way interrupts any blocking read/write/connect operations on
442	  the socket and causes future socket calls to behave as if the socket
443	  had been disconnected.
444	  If unsure, say N.
445
446menuconfig TCP_CONG_ADVANCED
447	bool "TCP: advanced congestion control"
448	---help---
449	  Support for selection of various TCP congestion control
450	  modules.
451
452	  Nearly all users can safely say no here, and a safe default
453	  selection will be made (CUBIC with new Reno as a fallback).
454
455	  If unsure, say N.
456
457if TCP_CONG_ADVANCED
458
459config TCP_CONG_BIC
460	tristate "Binary Increase Congestion (BIC) control"
461	default m
462	---help---
463	BIC-TCP is a sender-side only change that ensures a linear RTT
464	fairness under large windows while offering both scalability and
465	bounded TCP-friendliness. The protocol combines two schemes
466	called additive increase and binary search increase. When the
467	congestion window is large, additive increase with a large
468	increment ensures linear RTT fairness as well as good
469	scalability. Under small congestion windows, binary search
470	increase provides TCP friendliness.
471	See http://www.csc.ncsu.edu/faculty/rhee/export/bitcp/
472
473config TCP_CONG_CUBIC
474	tristate "CUBIC TCP"
475	default y
476	---help---
477	This is version 2.0 of BIC-TCP which uses a cubic growth function
478	among other techniques.
479	See http://www.csc.ncsu.edu/faculty/rhee/export/bitcp/cubic-paper.pdf
480
481config TCP_CONG_WESTWOOD
482	tristate "TCP Westwood+"
483	default m
484	---help---
485	TCP Westwood+ is a sender-side only modification of the TCP Reno
486	protocol stack that optimizes the performance of TCP congestion
487	control. It is based on end-to-end bandwidth estimation to set
488	congestion window and slow start threshold after a congestion
489	episode. Using this estimation, TCP Westwood+ adaptively sets a
490	slow start threshold and a congestion window which takes into
491	account the bandwidth used  at the time congestion is experienced.
492	TCP Westwood+ significantly increases fairness wrt TCP Reno in
493	wired networks and throughput over wireless links.
494
495config TCP_CONG_HTCP
496        tristate "H-TCP"
497        default m
498	---help---
499	H-TCP is a send-side only modifications of the TCP Reno
500	protocol stack that optimizes the performance of TCP
501	congestion control for high speed network links. It uses a
502	modeswitch to change the alpha and beta parameters of TCP Reno
503	based on network conditions and in a way so as to be fair with
504	other Reno and H-TCP flows.
505
506config TCP_CONG_HSTCP
507	tristate "High Speed TCP"
508	default n
509	---help---
510	Sally Floyd's High Speed TCP (RFC 3649) congestion control.
511	A modification to TCP's congestion control mechanism for use
512	with large congestion windows. A table indicates how much to
513	increase the congestion window by when an ACK is received.
514 	For more detail	see http://www.icir.org/floyd/hstcp.html
515
516config TCP_CONG_HYBLA
517	tristate "TCP-Hybla congestion control algorithm"
518	default n
519	---help---
520	TCP-Hybla is a sender-side only change that eliminates penalization of
521	long-RTT, large-bandwidth connections, like when satellite legs are
522	involved, especially when sharing a common bottleneck with normal
523	terrestrial connections.
524
525config TCP_CONG_VEGAS
526	tristate "TCP Vegas"
527	default n
528	---help---
529	TCP Vegas is a sender-side only change to TCP that anticipates
530	the onset of congestion by estimating the bandwidth. TCP Vegas
531	adjusts the sending rate by modifying the congestion
532	window. TCP Vegas should provide less packet loss, but it is
533	not as aggressive as TCP Reno.
534
535config TCP_CONG_SCALABLE
536	tristate "Scalable TCP"
537	default n
538	---help---
539	Scalable TCP is a sender-side only change to TCP which uses a
540	MIMD congestion control algorithm which has some nice scaling
541	properties, though is known to have fairness issues.
542	See http://www.deneholme.net/tom/scalable/
543
544config TCP_CONG_LP
545	tristate "TCP Low Priority"
546	default n
547	---help---
548	TCP Low Priority (TCP-LP), a distributed algorithm whose goal is
549	to utilize only the excess network bandwidth as compared to the
550	``fair share`` of bandwidth as targeted by TCP.
551	See http://www-ece.rice.edu/networks/TCP-LP/
552
553config TCP_CONG_VENO
554	tristate "TCP Veno"
555	default n
556	---help---
557	TCP Veno is a sender-side only enhancement of TCP to obtain better
558	throughput over wireless networks. TCP Veno makes use of state
559	distinguishing to circumvent the difficult judgment of the packet loss
560	type. TCP Veno cuts down less congestion window in response to random
561	loss packets.
562	See <http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=1177186>
563
564config TCP_CONG_YEAH
565	tristate "YeAH TCP"
566	select TCP_CONG_VEGAS
567	default n
568	---help---
569	YeAH-TCP is a sender-side high-speed enabled TCP congestion control
570	algorithm, which uses a mixed loss/delay approach to compute the
571	congestion window. It's design goals target high efficiency,
572	internal, RTT and Reno fairness, resilience to link loss while
573	keeping network elements load as low as possible.
574
575	For further details look here:
576	  http://wil.cs.caltech.edu/pfldnet2007/paper/YeAH_TCP.pdf
577
578config TCP_CONG_ILLINOIS
579	tristate "TCP Illinois"
580	default n
581	---help---
582	TCP-Illinois is a sender-side modification of TCP Reno for
583	high speed long delay links. It uses round-trip-time to
584	adjust the alpha and beta parameters to achieve a higher average
585	throughput and maintain fairness.
586
587	For further details see:
588	  http://www.ews.uiuc.edu/~shaoliu/tcpillinois/index.html
589
590config TCP_CONG_DCTCP
591	tristate "DataCenter TCP (DCTCP)"
592	default n
593	---help---
594	DCTCP leverages Explicit Congestion Notification (ECN) in the network to
595	provide multi-bit feedback to the end hosts. It is designed to provide:
596
597	- High burst tolerance (incast due to partition/aggregate),
598	- Low latency (short flows, queries),
599	- High throughput (continuous data updates, large file transfers) with
600	  commodity, shallow-buffered switches.
601
602	All switches in the data center network running DCTCP must support
603	ECN marking and be configured for marking when reaching defined switch
604	buffer thresholds. The default ECN marking threshold heuristic for
605	DCTCP on switches is 20 packets (30KB) at 1Gbps, and 65 packets
606	(~100KB) at 10Gbps, but might need further careful tweaking.
607
608	For further details see:
609	  http://simula.stanford.edu/~alizade/Site/DCTCP_files/dctcp-final.pdf
610
611config TCP_CONG_CDG
612	tristate "CAIA Delay-Gradient (CDG)"
613	default n
614	---help---
615	CAIA Delay-Gradient (CDG) is a TCP congestion control that modifies
616	the TCP sender in order to:
617
618	  o Use the delay gradient as a congestion signal.
619	  o Back off with an average probability that is independent of the RTT.
620	  o Coexist with flows that use loss-based congestion control.
621	  o Tolerate packet loss unrelated to congestion.
622
623	For further details see:
624	  D.A. Hayes and G. Armitage. "Revisiting TCP congestion control using
625	  delay gradients." In Networking 2011. Preprint: http://goo.gl/No3vdg
626
627choice
628	prompt "Default TCP congestion control"
629	default DEFAULT_CUBIC
630	help
631	  Select the TCP congestion control that will be used by default
632	  for all connections.
633
634	config DEFAULT_BIC
635		bool "Bic" if TCP_CONG_BIC=y
636
637	config DEFAULT_CUBIC
638		bool "Cubic" if TCP_CONG_CUBIC=y
639
640	config DEFAULT_HTCP
641		bool "Htcp" if TCP_CONG_HTCP=y
642
643	config DEFAULT_HYBLA
644		bool "Hybla" if TCP_CONG_HYBLA=y
645
646	config DEFAULT_VEGAS
647		bool "Vegas" if TCP_CONG_VEGAS=y
648
649	config DEFAULT_VENO
650		bool "Veno" if TCP_CONG_VENO=y
651
652	config DEFAULT_WESTWOOD
653		bool "Westwood" if TCP_CONG_WESTWOOD=y
654
655	config DEFAULT_DCTCP
656		bool "DCTCP" if TCP_CONG_DCTCP=y
657
658	config DEFAULT_CDG
659		bool "CDG" if TCP_CONG_CDG=y
660
661	config DEFAULT_RENO
662		bool "Reno"
663endchoice
664
665endif
666
667config TCP_CONG_CUBIC
668	tristate
669	depends on !TCP_CONG_ADVANCED
670	default y
671
672config DEFAULT_TCP_CONG
673	string
674	default "bic" if DEFAULT_BIC
675	default "cubic" if DEFAULT_CUBIC
676	default "htcp" if DEFAULT_HTCP
677	default "hybla" if DEFAULT_HYBLA
678	default "vegas" if DEFAULT_VEGAS
679	default "westwood" if DEFAULT_WESTWOOD
680	default "veno" if DEFAULT_VENO
681	default "reno" if DEFAULT_RENO
682	default "dctcp" if DEFAULT_DCTCP
683	default "cdg" if DEFAULT_CDG
684	default "cubic"
685
686config TCP_MD5SIG
687	bool "TCP: MD5 Signature Option support (RFC2385)"
688	select CRYPTO
689	select CRYPTO_MD5
690	---help---
691	  RFC2385 specifies a method of giving MD5 protection to TCP sessions.
692	  Its main (only?) use is to protect BGP sessions between core routers
693	  on the Internet.
694
695	  If unsure, say N.
696