1# SPDX-License-Identifier: GPL-2.0-only 2# 3# Traffic control configuration. 4# 5 6menuconfig NET_SCHED 7 bool "QoS and/or fair queueing" 8 select NET_SCH_FIFO 9 ---help--- 10 When the kernel has several packets to send out over a network 11 device, it has to decide which ones to send first, which ones to 12 delay, and which ones to drop. This is the job of the queueing 13 disciplines, several different algorithms for how to do this 14 "fairly" have been proposed. 15 16 If you say N here, you will get the standard packet scheduler, which 17 is a FIFO (first come, first served). If you say Y here, you will be 18 able to choose from among several alternative algorithms which can 19 then be attached to different network devices. This is useful for 20 example if some of your network devices are real time devices that 21 need a certain minimum data flow rate, or if you need to limit the 22 maximum data flow rate for traffic which matches specified criteria. 23 This code is considered to be experimental. 24 25 To administer these schedulers, you'll need the user-level utilities 26 from the package iproute2+tc at 27 <https://www.kernel.org/pub/linux/utils/net/iproute2/>. That package 28 also contains some documentation; for more, check out 29 <http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2>. 30 31 This Quality of Service (QoS) support will enable you to use 32 Differentiated Services (diffserv) and Resource Reservation Protocol 33 (RSVP) on your Linux router if you also say Y to the corresponding 34 classifiers below. Documentation and software is at 35 <http://diffserv.sourceforge.net/>. 36 37 If you say Y here and to "/proc file system" below, you will be able 38 to read status information about packet schedulers from the file 39 /proc/net/psched. 40 41 The available schedulers are listed in the following questions; you 42 can say Y to as many as you like. If unsure, say N now. 43 44if NET_SCHED 45 46comment "Queueing/Scheduling" 47 48config NET_SCH_CBQ 49 tristate "Class Based Queueing (CBQ)" 50 ---help--- 51 Say Y here if you want to use the Class-Based Queueing (CBQ) packet 52 scheduling algorithm. This algorithm classifies the waiting packets 53 into a tree-like hierarchy of classes; the leaves of this tree are 54 in turn scheduled by separate algorithms. 55 56 See the top of <file:net/sched/sch_cbq.c> for more details. 57 58 CBQ is a commonly used scheduler, so if you're unsure, you should 59 say Y here. Then say Y to all the queueing algorithms below that you 60 want to use as leaf disciplines. 61 62 To compile this code as a module, choose M here: the 63 module will be called sch_cbq. 64 65config NET_SCH_HTB 66 tristate "Hierarchical Token Bucket (HTB)" 67 ---help--- 68 Say Y here if you want to use the Hierarchical Token Buckets (HTB) 69 packet scheduling algorithm. See 70 <http://luxik.cdi.cz/~devik/qos/htb/> for complete manual and 71 in-depth articles. 72 73 HTB is very similar to CBQ regarding its goals however is has 74 different properties and different algorithm. 75 76 To compile this code as a module, choose M here: the 77 module will be called sch_htb. 78 79config NET_SCH_HFSC 80 tristate "Hierarchical Fair Service Curve (HFSC)" 81 ---help--- 82 Say Y here if you want to use the Hierarchical Fair Service Curve 83 (HFSC) packet scheduling algorithm. 84 85 To compile this code as a module, choose M here: the 86 module will be called sch_hfsc. 87 88config NET_SCH_ATM 89 tristate "ATM Virtual Circuits (ATM)" 90 depends on ATM 91 ---help--- 92 Say Y here if you want to use the ATM pseudo-scheduler. This 93 provides a framework for invoking classifiers, which in turn 94 select classes of this queuing discipline. Each class maps 95 the flow(s) it is handling to a given virtual circuit. 96 97 See the top of <file:net/sched/sch_atm.c> for more details. 98 99 To compile this code as a module, choose M here: the 100 module will be called sch_atm. 101 102config NET_SCH_PRIO 103 tristate "Multi Band Priority Queueing (PRIO)" 104 ---help--- 105 Say Y here if you want to use an n-band priority queue packet 106 scheduler. 107 108 To compile this code as a module, choose M here: the 109 module will be called sch_prio. 110 111config NET_SCH_MULTIQ 112 tristate "Hardware Multiqueue-aware Multi Band Queuing (MULTIQ)" 113 ---help--- 114 Say Y here if you want to use an n-band queue packet scheduler 115 to support devices that have multiple hardware transmit queues. 116 117 To compile this code as a module, choose M here: the 118 module will be called sch_multiq. 119 120config NET_SCH_RED 121 tristate "Random Early Detection (RED)" 122 ---help--- 123 Say Y here if you want to use the Random Early Detection (RED) 124 packet scheduling algorithm. 125 126 See the top of <file:net/sched/sch_red.c> for more details. 127 128 To compile this code as a module, choose M here: the 129 module will be called sch_red. 130 131config NET_SCH_SFB 132 tristate "Stochastic Fair Blue (SFB)" 133 ---help--- 134 Say Y here if you want to use the Stochastic Fair Blue (SFB) 135 packet scheduling algorithm. 136 137 See the top of <file:net/sched/sch_sfb.c> for more details. 138 139 To compile this code as a module, choose M here: the 140 module will be called sch_sfb. 141 142config NET_SCH_SFQ 143 tristate "Stochastic Fairness Queueing (SFQ)" 144 ---help--- 145 Say Y here if you want to use the Stochastic Fairness Queueing (SFQ) 146 packet scheduling algorithm. 147 148 See the top of <file:net/sched/sch_sfq.c> for more details. 149 150 To compile this code as a module, choose M here: the 151 module will be called sch_sfq. 152 153config NET_SCH_TEQL 154 tristate "True Link Equalizer (TEQL)" 155 ---help--- 156 Say Y here if you want to use the True Link Equalizer (TLE) packet 157 scheduling algorithm. This queueing discipline allows the combination 158 of several physical devices into one virtual device. 159 160 See the top of <file:net/sched/sch_teql.c> for more details. 161 162 To compile this code as a module, choose M here: the 163 module will be called sch_teql. 164 165config NET_SCH_TBF 166 tristate "Token Bucket Filter (TBF)" 167 ---help--- 168 Say Y here if you want to use the Token Bucket Filter (TBF) packet 169 scheduling algorithm. 170 171 See the top of <file:net/sched/sch_tbf.c> for more details. 172 173 To compile this code as a module, choose M here: the 174 module will be called sch_tbf. 175 176config NET_SCH_CBS 177 tristate "Credit Based Shaper (CBS)" 178 ---help--- 179 Say Y here if you want to use the Credit Based Shaper (CBS) packet 180 scheduling algorithm. 181 182 See the top of <file:net/sched/sch_cbs.c> for more details. 183 184 To compile this code as a module, choose M here: the 185 module will be called sch_cbs. 186 187config NET_SCH_ETF 188 tristate "Earliest TxTime First (ETF)" 189 help 190 Say Y here if you want to use the Earliest TxTime First (ETF) packet 191 scheduling algorithm. 192 193 See the top of <file:net/sched/sch_etf.c> for more details. 194 195 To compile this code as a module, choose M here: the 196 module will be called sch_etf. 197 198config NET_SCH_TAPRIO 199 tristate "Time Aware Priority (taprio) Scheduler" 200 help 201 Say Y here if you want to use the Time Aware Priority (taprio) packet 202 scheduling algorithm. 203 204 See the top of <file:net/sched/sch_taprio.c> for more details. 205 206 To compile this code as a module, choose M here: the 207 module will be called sch_taprio. 208 209config NET_SCH_GRED 210 tristate "Generic Random Early Detection (GRED)" 211 ---help--- 212 Say Y here if you want to use the Generic Random Early Detection 213 (GRED) packet scheduling algorithm for some of your network devices 214 (see the top of <file:net/sched/sch_red.c> for details and 215 references about the algorithm). 216 217 To compile this code as a module, choose M here: the 218 module will be called sch_gred. 219 220config NET_SCH_DSMARK 221 tristate "Differentiated Services marker (DSMARK)" 222 ---help--- 223 Say Y if you want to schedule packets according to the 224 Differentiated Services architecture proposed in RFC 2475. 225 Technical information on this method, with pointers to associated 226 RFCs, is available at <http://www.gta.ufrj.br/diffserv/>. 227 228 To compile this code as a module, choose M here: the 229 module will be called sch_dsmark. 230 231config NET_SCH_NETEM 232 tristate "Network emulator (NETEM)" 233 ---help--- 234 Say Y if you want to emulate network delay, loss, and packet 235 re-ordering. This is often useful to simulate networks when 236 testing applications or protocols. 237 238 To compile this driver as a module, choose M here: the module 239 will be called sch_netem. 240 241 If unsure, say N. 242 243config NET_SCH_DRR 244 tristate "Deficit Round Robin scheduler (DRR)" 245 help 246 Say Y here if you want to use the Deficit Round Robin (DRR) packet 247 scheduling algorithm. 248 249 To compile this driver as a module, choose M here: the module 250 will be called sch_drr. 251 252 If unsure, say N. 253 254config NET_SCH_MQPRIO 255 tristate "Multi-queue priority scheduler (MQPRIO)" 256 help 257 Say Y here if you want to use the Multi-queue Priority scheduler. 258 This scheduler allows QOS to be offloaded on NICs that have support 259 for offloading QOS schedulers. 260 261 To compile this driver as a module, choose M here: the module will 262 be called sch_mqprio. 263 264 If unsure, say N. 265 266config NET_SCH_SKBPRIO 267 tristate "SKB priority queue scheduler (SKBPRIO)" 268 help 269 Say Y here if you want to use the SKB priority queue 270 scheduler. This schedules packets according to skb->priority, 271 which is useful for request packets in DoS mitigation systems such 272 as Gatekeeper. 273 274 To compile this driver as a module, choose M here: the module will 275 be called sch_skbprio. 276 277 If unsure, say N. 278 279config NET_SCH_CHOKE 280 tristate "CHOose and Keep responsive flow scheduler (CHOKE)" 281 help 282 Say Y here if you want to use the CHOKe packet scheduler (CHOose 283 and Keep for responsive flows, CHOose and Kill for unresponsive 284 flows). This is a variation of RED which trys to penalize flows 285 that monopolize the queue. 286 287 To compile this code as a module, choose M here: the 288 module will be called sch_choke. 289 290config NET_SCH_QFQ 291 tristate "Quick Fair Queueing scheduler (QFQ)" 292 help 293 Say Y here if you want to use the Quick Fair Queueing Scheduler (QFQ) 294 packet scheduling algorithm. 295 296 To compile this driver as a module, choose M here: the module 297 will be called sch_qfq. 298 299 If unsure, say N. 300 301config NET_SCH_CODEL 302 tristate "Controlled Delay AQM (CODEL)" 303 help 304 Say Y here if you want to use the Controlled Delay (CODEL) 305 packet scheduling algorithm. 306 307 To compile this driver as a module, choose M here: the module 308 will be called sch_codel. 309 310 If unsure, say N. 311 312config NET_SCH_FQ_CODEL 313 tristate "Fair Queue Controlled Delay AQM (FQ_CODEL)" 314 help 315 Say Y here if you want to use the FQ Controlled Delay (FQ_CODEL) 316 packet scheduling algorithm. 317 318 To compile this driver as a module, choose M here: the module 319 will be called sch_fq_codel. 320 321 If unsure, say N. 322 323config NET_SCH_CAKE 324 tristate "Common Applications Kept Enhanced (CAKE)" 325 help 326 Say Y here if you want to use the Common Applications Kept Enhanced 327 (CAKE) queue management algorithm. 328 329 To compile this driver as a module, choose M here: the module 330 will be called sch_cake. 331 332 If unsure, say N. 333 334config NET_SCH_FQ 335 tristate "Fair Queue" 336 help 337 Say Y here if you want to use the FQ packet scheduling algorithm. 338 339 FQ does flow separation, and is able to respect pacing requirements 340 set by TCP stack into sk->sk_pacing_rate (for localy generated 341 traffic) 342 343 To compile this driver as a module, choose M here: the module 344 will be called sch_fq. 345 346 If unsure, say N. 347 348config NET_SCH_HHF 349 tristate "Heavy-Hitter Filter (HHF)" 350 help 351 Say Y here if you want to use the Heavy-Hitter Filter (HHF) 352 packet scheduling algorithm. 353 354 To compile this driver as a module, choose M here: the module 355 will be called sch_hhf. 356 357config NET_SCH_PIE 358 tristate "Proportional Integral controller Enhanced (PIE) scheduler" 359 help 360 Say Y here if you want to use the Proportional Integral controller 361 Enhanced scheduler packet scheduling algorithm. 362 For more information, please see https://tools.ietf.org/html/rfc8033 363 364 To compile this driver as a module, choose M here: the module 365 will be called sch_pie. 366 367 If unsure, say N. 368 369config NET_SCH_FQ_PIE 370 depends on NET_SCH_PIE 371 tristate "Flow Queue Proportional Integral controller Enhanced (FQ-PIE)" 372 help 373 Say Y here if you want to use the Flow Queue Proportional Integral 374 controller Enhanced (FQ-PIE) packet scheduling algorithm. 375 For more information, please see https://tools.ietf.org/html/rfc8033 376 377 To compile this driver as a module, choose M here: the module 378 will be called sch_fq_pie. 379 380 If unsure, say N. 381 382config NET_SCH_INGRESS 383 tristate "Ingress/classifier-action Qdisc" 384 depends on NET_CLS_ACT 385 select NET_INGRESS 386 select NET_EGRESS 387 ---help--- 388 Say Y here if you want to use classifiers for incoming and/or outgoing 389 packets. This qdisc doesn't do anything else besides running classifiers, 390 which can also have actions attached to them. In case of outgoing packets, 391 classifiers that this qdisc holds are executed in the transmit path 392 before real enqueuing to an egress qdisc happens. 393 394 If unsure, say Y. 395 396 To compile this code as a module, choose M here: the module will be 397 called sch_ingress with alias of sch_clsact. 398 399config NET_SCH_PLUG 400 tristate "Plug network traffic until release (PLUG)" 401 ---help--- 402 403 This queuing discipline allows userspace to plug/unplug a network 404 output queue, using the netlink interface. When it receives an 405 enqueue command it inserts a plug into the outbound queue that 406 causes following packets to enqueue until a dequeue command arrives 407 over netlink, causing the plug to be removed and resuming the normal 408 packet flow. 409 410 This module also provides a generic "network output buffering" 411 functionality (aka output commit), wherein upon arrival of a dequeue 412 command, only packets up to the first plug are released for delivery. 413 The Remus HA project uses this module to enable speculative execution 414 of virtual machines by allowing the generated network output to be rolled 415 back if needed. 416 417 For more information, please refer to <http://wiki.xenproject.org/wiki/Remus> 418 419 Say Y here if you are using this kernel for Xen dom0 and 420 want to protect Xen guests with Remus. 421 422 To compile this code as a module, choose M here: the 423 module will be called sch_plug. 424 425config NET_SCH_ETS 426 tristate "Enhanced transmission selection scheduler (ETS)" 427 help 428 The Enhanced Transmission Selection scheduler is a classful 429 queuing discipline that merges functionality of PRIO and DRR 430 qdiscs in one scheduler. ETS makes it easy to configure a set of 431 strict and bandwidth-sharing bands to implement the transmission 432 selection described in 802.1Qaz. 433 434 Say Y here if you want to use the ETS packet scheduling 435 algorithm. 436 437 To compile this driver as a module, choose M here: the module 438 will be called sch_ets. 439 440 If unsure, say N. 441 442menuconfig NET_SCH_DEFAULT 443 bool "Allow override default queue discipline" 444 ---help--- 445 Support for selection of default queuing discipline. 446 447 Nearly all users can safely say no here, and the default 448 of pfifo_fast will be used. Many distributions already set 449 the default value via /proc/sys/net/core/default_qdisc. 450 451 If unsure, say N. 452 453if NET_SCH_DEFAULT 454 455choice 456 prompt "Default queuing discipline" 457 default DEFAULT_PFIFO_FAST 458 help 459 Select the queueing discipline that will be used by default 460 for all network devices. 461 462 config DEFAULT_FQ 463 bool "Fair Queue" if NET_SCH_FQ 464 465 config DEFAULT_CODEL 466 bool "Controlled Delay" if NET_SCH_CODEL 467 468 config DEFAULT_FQ_CODEL 469 bool "Fair Queue Controlled Delay" if NET_SCH_FQ_CODEL 470 471 config DEFAULT_SFQ 472 bool "Stochastic Fair Queue" if NET_SCH_SFQ 473 474 config DEFAULT_PFIFO_FAST 475 bool "Priority FIFO Fast" 476endchoice 477 478config DEFAULT_NET_SCH 479 string 480 default "pfifo_fast" if DEFAULT_PFIFO_FAST 481 default "fq" if DEFAULT_FQ 482 default "fq_codel" if DEFAULT_FQ_CODEL 483 default "sfq" if DEFAULT_SFQ 484 default "pfifo_fast" 485endif 486 487comment "Classification" 488 489config NET_CLS 490 bool 491 492config NET_CLS_BASIC 493 tristate "Elementary classification (BASIC)" 494 select NET_CLS 495 ---help--- 496 Say Y here if you want to be able to classify packets using 497 only extended matches and actions. 498 499 To compile this code as a module, choose M here: the 500 module will be called cls_basic. 501 502config NET_CLS_TCINDEX 503 tristate "Traffic-Control Index (TCINDEX)" 504 select NET_CLS 505 ---help--- 506 Say Y here if you want to be able to classify packets based on 507 traffic control indices. You will want this feature if you want 508 to implement Differentiated Services together with DSMARK. 509 510 To compile this code as a module, choose M here: the 511 module will be called cls_tcindex. 512 513config NET_CLS_ROUTE4 514 tristate "Routing decision (ROUTE)" 515 depends on INET 516 select IP_ROUTE_CLASSID 517 select NET_CLS 518 ---help--- 519 If you say Y here, you will be able to classify packets 520 according to the route table entry they matched. 521 522 To compile this code as a module, choose M here: the 523 module will be called cls_route. 524 525config NET_CLS_FW 526 tristate "Netfilter mark (FW)" 527 select NET_CLS 528 ---help--- 529 If you say Y here, you will be able to classify packets 530 according to netfilter/firewall marks. 531 532 To compile this code as a module, choose M here: the 533 module will be called cls_fw. 534 535config NET_CLS_U32 536 tristate "Universal 32bit comparisons w/ hashing (U32)" 537 select NET_CLS 538 ---help--- 539 Say Y here to be able to classify packets using a universal 540 32bit pieces based comparison scheme. 541 542 To compile this code as a module, choose M here: the 543 module will be called cls_u32. 544 545config CLS_U32_PERF 546 bool "Performance counters support" 547 depends on NET_CLS_U32 548 ---help--- 549 Say Y here to make u32 gather additional statistics useful for 550 fine tuning u32 classifiers. 551 552config CLS_U32_MARK 553 bool "Netfilter marks support" 554 depends on NET_CLS_U32 555 ---help--- 556 Say Y here to be able to use netfilter marks as u32 key. 557 558config NET_CLS_RSVP 559 tristate "IPv4 Resource Reservation Protocol (RSVP)" 560 select NET_CLS 561 ---help--- 562 The Resource Reservation Protocol (RSVP) permits end systems to 563 request a minimum and maximum data flow rate for a connection; this 564 is important for real time data such as streaming sound or video. 565 566 Say Y here if you want to be able to classify outgoing packets based 567 on their RSVP requests. 568 569 To compile this code as a module, choose M here: the 570 module will be called cls_rsvp. 571 572config NET_CLS_RSVP6 573 tristate "IPv6 Resource Reservation Protocol (RSVP6)" 574 select NET_CLS 575 ---help--- 576 The Resource Reservation Protocol (RSVP) permits end systems to 577 request a minimum and maximum data flow rate for a connection; this 578 is important for real time data such as streaming sound or video. 579 580 Say Y here if you want to be able to classify outgoing packets based 581 on their RSVP requests and you are using the IPv6 protocol. 582 583 To compile this code as a module, choose M here: the 584 module will be called cls_rsvp6. 585 586config NET_CLS_FLOW 587 tristate "Flow classifier" 588 select NET_CLS 589 ---help--- 590 If you say Y here, you will be able to classify packets based on 591 a configurable combination of packet keys. This is mostly useful 592 in combination with SFQ. 593 594 To compile this code as a module, choose M here: the 595 module will be called cls_flow. 596 597config NET_CLS_CGROUP 598 tristate "Control Group Classifier" 599 select NET_CLS 600 select CGROUP_NET_CLASSID 601 depends on CGROUPS 602 ---help--- 603 Say Y here if you want to classify packets based on the control 604 cgroup of their process. 605 606 To compile this code as a module, choose M here: the 607 module will be called cls_cgroup. 608 609config NET_CLS_BPF 610 tristate "BPF-based classifier" 611 select NET_CLS 612 ---help--- 613 If you say Y here, you will be able to classify packets based on 614 programmable BPF (JIT'ed) filters as an alternative to ematches. 615 616 To compile this code as a module, choose M here: the module will 617 be called cls_bpf. 618 619config NET_CLS_FLOWER 620 tristate "Flower classifier" 621 select NET_CLS 622 ---help--- 623 If you say Y here, you will be able to classify packets based on 624 a configurable combination of packet keys and masks. 625 626 To compile this code as a module, choose M here: the module will 627 be called cls_flower. 628 629config NET_CLS_MATCHALL 630 tristate "Match-all classifier" 631 select NET_CLS 632 ---help--- 633 If you say Y here, you will be able to classify packets based on 634 nothing. Every packet will match. 635 636 To compile this code as a module, choose M here: the module will 637 be called cls_matchall. 638 639config NET_EMATCH 640 bool "Extended Matches" 641 select NET_CLS 642 ---help--- 643 Say Y here if you want to use extended matches on top of classifiers 644 and select the extended matches below. 645 646 Extended matches are small classification helpers not worth writing 647 a separate classifier for. 648 649 A recent version of the iproute2 package is required to use 650 extended matches. 651 652config NET_EMATCH_STACK 653 int "Stack size" 654 depends on NET_EMATCH 655 default "32" 656 ---help--- 657 Size of the local stack variable used while evaluating the tree of 658 ematches. Limits the depth of the tree, i.e. the number of 659 encapsulated precedences. Every level requires 4 bytes of additional 660 stack space. 661 662config NET_EMATCH_CMP 663 tristate "Simple packet data comparison" 664 depends on NET_EMATCH 665 ---help--- 666 Say Y here if you want to be able to classify packets based on 667 simple packet data comparisons for 8, 16, and 32bit values. 668 669 To compile this code as a module, choose M here: the 670 module will be called em_cmp. 671 672config NET_EMATCH_NBYTE 673 tristate "Multi byte comparison" 674 depends on NET_EMATCH 675 ---help--- 676 Say Y here if you want to be able to classify packets based on 677 multiple byte comparisons mainly useful for IPv6 address comparisons. 678 679 To compile this code as a module, choose M here: the 680 module will be called em_nbyte. 681 682config NET_EMATCH_U32 683 tristate "U32 key" 684 depends on NET_EMATCH 685 ---help--- 686 Say Y here if you want to be able to classify packets using 687 the famous u32 key in combination with logic relations. 688 689 To compile this code as a module, choose M here: the 690 module will be called em_u32. 691 692config NET_EMATCH_META 693 tristate "Metadata" 694 depends on NET_EMATCH 695 ---help--- 696 Say Y here if you want to be able to classify packets based on 697 metadata such as load average, netfilter attributes, socket 698 attributes and routing decisions. 699 700 To compile this code as a module, choose M here: the 701 module will be called em_meta. 702 703config NET_EMATCH_TEXT 704 tristate "Textsearch" 705 depends on NET_EMATCH 706 select TEXTSEARCH 707 select TEXTSEARCH_KMP 708 select TEXTSEARCH_BM 709 select TEXTSEARCH_FSM 710 ---help--- 711 Say Y here if you want to be able to classify packets based on 712 textsearch comparisons. 713 714 To compile this code as a module, choose M here: the 715 module will be called em_text. 716 717config NET_EMATCH_CANID 718 tristate "CAN Identifier" 719 depends on NET_EMATCH && (CAN=y || CAN=m) 720 ---help--- 721 Say Y here if you want to be able to classify CAN frames based 722 on CAN Identifier. 723 724 To compile this code as a module, choose M here: the 725 module will be called em_canid. 726 727config NET_EMATCH_IPSET 728 tristate "IPset" 729 depends on NET_EMATCH && IP_SET 730 ---help--- 731 Say Y here if you want to be able to classify packets based on 732 ipset membership. 733 734 To compile this code as a module, choose M here: the 735 module will be called em_ipset. 736 737config NET_EMATCH_IPT 738 tristate "IPtables Matches" 739 depends on NET_EMATCH && NETFILTER && NETFILTER_XTABLES 740 ---help--- 741 Say Y here to be able to classify packets based on iptables 742 matches. 743 Current supported match is "policy" which allows packet classification 744 based on IPsec policy that was used during decapsulation 745 746 To compile this code as a module, choose M here: the 747 module will be called em_ipt. 748 749config NET_CLS_ACT 750 bool "Actions" 751 select NET_CLS 752 ---help--- 753 Say Y here if you want to use traffic control actions. Actions 754 get attached to classifiers and are invoked after a successful 755 classification. They are used to overwrite the classification 756 result, instantly drop or redirect packets, etc. 757 758 A recent version of the iproute2 package is required to use 759 extended matches. 760 761config NET_ACT_POLICE 762 tristate "Traffic Policing" 763 depends on NET_CLS_ACT 764 ---help--- 765 Say Y here if you want to do traffic policing, i.e. strict 766 bandwidth limiting. This action replaces the existing policing 767 module. 768 769 To compile this code as a module, choose M here: the 770 module will be called act_police. 771 772config NET_ACT_GACT 773 tristate "Generic actions" 774 depends on NET_CLS_ACT 775 ---help--- 776 Say Y here to take generic actions such as dropping and 777 accepting packets. 778 779 To compile this code as a module, choose M here: the 780 module will be called act_gact. 781 782config GACT_PROB 783 bool "Probability support" 784 depends on NET_ACT_GACT 785 ---help--- 786 Say Y here to use the generic action randomly or deterministically. 787 788config NET_ACT_MIRRED 789 tristate "Redirecting and Mirroring" 790 depends on NET_CLS_ACT 791 ---help--- 792 Say Y here to allow packets to be mirrored or redirected to 793 other devices. 794 795 To compile this code as a module, choose M here: the 796 module will be called act_mirred. 797 798config NET_ACT_SAMPLE 799 tristate "Traffic Sampling" 800 depends on NET_CLS_ACT 801 select PSAMPLE 802 ---help--- 803 Say Y here to allow packet sampling tc action. The packet sample 804 action consists of statistically choosing packets and sampling 805 them using the psample module. 806 807 To compile this code as a module, choose M here: the 808 module will be called act_sample. 809 810config NET_ACT_IPT 811 tristate "IPtables targets" 812 depends on NET_CLS_ACT && NETFILTER && IP_NF_IPTABLES 813 ---help--- 814 Say Y here to be able to invoke iptables targets after successful 815 classification. 816 817 To compile this code as a module, choose M here: the 818 module will be called act_ipt. 819 820config NET_ACT_NAT 821 tristate "Stateless NAT" 822 depends on NET_CLS_ACT 823 ---help--- 824 Say Y here to do stateless NAT on IPv4 packets. You should use 825 netfilter for NAT unless you know what you are doing. 826 827 To compile this code as a module, choose M here: the 828 module will be called act_nat. 829 830config NET_ACT_PEDIT 831 tristate "Packet Editing" 832 depends on NET_CLS_ACT 833 ---help--- 834 Say Y here if you want to mangle the content of packets. 835 836 To compile this code as a module, choose M here: the 837 module will be called act_pedit. 838 839config NET_ACT_SIMP 840 tristate "Simple Example (Debug)" 841 depends on NET_CLS_ACT 842 ---help--- 843 Say Y here to add a simple action for demonstration purposes. 844 It is meant as an example and for debugging purposes. It will 845 print a configured policy string followed by the packet count 846 to the console for every packet that passes by. 847 848 If unsure, say N. 849 850 To compile this code as a module, choose M here: the 851 module will be called act_simple. 852 853config NET_ACT_SKBEDIT 854 tristate "SKB Editing" 855 depends on NET_CLS_ACT 856 ---help--- 857 Say Y here to change skb priority or queue_mapping settings. 858 859 If unsure, say N. 860 861 To compile this code as a module, choose M here: the 862 module will be called act_skbedit. 863 864config NET_ACT_CSUM 865 tristate "Checksum Updating" 866 depends on NET_CLS_ACT && INET 867 select LIBCRC32C 868 ---help--- 869 Say Y here to update some common checksum after some direct 870 packet alterations. 871 872 To compile this code as a module, choose M here: the 873 module will be called act_csum. 874 875config NET_ACT_MPLS 876 tristate "MPLS manipulation" 877 depends on NET_CLS_ACT 878 help 879 Say Y here to push or pop MPLS headers. 880 881 If unsure, say N. 882 883 To compile this code as a module, choose M here: the 884 module will be called act_mpls. 885 886config NET_ACT_VLAN 887 tristate "Vlan manipulation" 888 depends on NET_CLS_ACT 889 ---help--- 890 Say Y here to push or pop vlan headers. 891 892 If unsure, say N. 893 894 To compile this code as a module, choose M here: the 895 module will be called act_vlan. 896 897config NET_ACT_BPF 898 tristate "BPF based action" 899 depends on NET_CLS_ACT 900 ---help--- 901 Say Y here to execute BPF code on packets. The BPF code will decide 902 if the packet should be dropped or not. 903 904 If unsure, say N. 905 906 To compile this code as a module, choose M here: the 907 module will be called act_bpf. 908 909config NET_ACT_CONNMARK 910 tristate "Netfilter Connection Mark Retriever" 911 depends on NET_CLS_ACT && NETFILTER && IP_NF_IPTABLES 912 depends on NF_CONNTRACK && NF_CONNTRACK_MARK 913 ---help--- 914 Say Y here to allow retrieving of conn mark 915 916 If unsure, say N. 917 918 To compile this code as a module, choose M here: the 919 module will be called act_connmark. 920 921config NET_ACT_CTINFO 922 tristate "Netfilter Connection Mark Actions" 923 depends on NET_CLS_ACT && NETFILTER && IP_NF_IPTABLES 924 depends on NF_CONNTRACK && NF_CONNTRACK_MARK 925 help 926 Say Y here to allow transfer of a connmark stored information. 927 Current actions transfer connmark stored DSCP into 928 ipv4/v6 diffserv and/or to transfer connmark to packet 929 mark. Both are useful for restoring egress based marks 930 back onto ingress connections for qdisc priority mapping 931 purposes. 932 933 If unsure, say N. 934 935 To compile this code as a module, choose M here: the 936 module will be called act_ctinfo. 937 938config NET_ACT_SKBMOD 939 tristate "skb data modification action" 940 depends on NET_CLS_ACT 941 ---help--- 942 Say Y here to allow modification of skb data 943 944 If unsure, say N. 945 946 To compile this code as a module, choose M here: the 947 module will be called act_skbmod. 948 949config NET_ACT_IFE 950 tristate "Inter-FE action based on IETF ForCES InterFE LFB" 951 depends on NET_CLS_ACT 952 select NET_IFE 953 ---help--- 954 Say Y here to allow for sourcing and terminating metadata 955 For details refer to netdev01 paper: 956 "Distributing Linux Traffic Control Classifier-Action Subsystem" 957 Authors: Jamal Hadi Salim and Damascene M. Joachimpillai 958 959 To compile this code as a module, choose M here: the 960 module will be called act_ife. 961 962config NET_ACT_TUNNEL_KEY 963 tristate "IP tunnel metadata manipulation" 964 depends on NET_CLS_ACT 965 ---help--- 966 Say Y here to set/release ip tunnel metadata. 967 968 If unsure, say N. 969 970 To compile this code as a module, choose M here: the 971 module will be called act_tunnel_key. 972 973config NET_ACT_CT 974 tristate "connection tracking tc action" 975 depends on NET_CLS_ACT && NF_CONNTRACK && NF_NAT && NF_FLOW_TABLE 976 help 977 Say Y here to allow sending the packets to conntrack module. 978 979 If unsure, say N. 980 981 To compile this code as a module, choose M here: the 982 module will be called act_ct. 983 984config NET_IFE_SKBMARK 985 tristate "Support to encoding decoding skb mark on IFE action" 986 depends on NET_ACT_IFE 987 988config NET_IFE_SKBPRIO 989 tristate "Support to encoding decoding skb prio on IFE action" 990 depends on NET_ACT_IFE 991 992config NET_IFE_SKBTCINDEX 993 tristate "Support to encoding decoding skb tcindex on IFE action" 994 depends on NET_ACT_IFE 995 996config NET_TC_SKB_EXT 997 bool "TC recirculation support" 998 depends on NET_CLS_ACT 999 select SKB_EXTENSIONS 1000 1001 help 1002 Say Y here to allow tc chain misses to continue in OvS datapath in 1003 the correct recirc_id, and hardware chain misses to continue in 1004 the correct chain in tc software datapath. 1005 1006 Say N here if you won't be using tc<->ovs offload or tc chains offload. 1007 1008endif # NET_SCHED 1009 1010config NET_SCH_FIFO 1011 bool 1012