xref: /openbmc/linux/net/sched/Kconfig (revision 051d4420)
1# SPDX-License-Identifier: GPL-2.0-only
2#
3# Traffic control configuration.
4#
5
6menuconfig NET_SCHED
7	bool "QoS and/or fair queueing"
8	select NET_SCH_FIFO
9	help
10	  When the kernel has several packets to send out over a network
11	  device, it has to decide which ones to send first, which ones to
12	  delay, and which ones to drop. This is the job of the queueing
13	  disciplines, several different algorithms for how to do this
14	  "fairly" have been proposed.
15
16	  If you say N here, you will get the standard packet scheduler, which
17	  is a FIFO (first come, first served). If you say Y here, you will be
18	  able to choose from among several alternative algorithms which can
19	  then be attached to different network devices. This is useful for
20	  example if some of your network devices are real time devices that
21	  need a certain minimum data flow rate, or if you need to limit the
22	  maximum data flow rate for traffic which matches specified criteria.
23	  This code is considered to be experimental.
24
25	  To administer these schedulers, you'll need the user-level utilities
26	  from the package iproute2+tc at
27	  <https://www.kernel.org/pub/linux/utils/net/iproute2/>.  That package
28	  also contains some documentation; for more, check out
29	  <http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2>.
30
31	  This Quality of Service (QoS) support will enable you to use
32	  Differentiated Services (diffserv) and Resource Reservation Protocol
33	  (RSVP) on your Linux router if you also say Y to the corresponding
34	  classifiers below.  Documentation and software is at
35	  <http://diffserv.sourceforge.net/>.
36
37	  If you say Y here and to "/proc file system" below, you will be able
38	  to read status information about packet schedulers from the file
39	  /proc/net/psched.
40
41	  The available schedulers are listed in the following questions; you
42	  can say Y to as many as you like. If unsure, say N now.
43
44if NET_SCHED
45
46comment "Queueing/Scheduling"
47
48config NET_SCH_HTB
49	tristate "Hierarchical Token Bucket (HTB)"
50	help
51	  Say Y here if you want to use the Hierarchical Token Buckets (HTB)
52	  packet scheduling algorithm. See
53	  <http://luxik.cdi.cz/~devik/qos/htb/> for complete manual and
54	  in-depth articles.
55
56	  HTB is very similar to CBQ regarding its goals however is has
57	  different properties and different algorithm.
58
59	  To compile this code as a module, choose M here: the
60	  module will be called sch_htb.
61
62config NET_SCH_HFSC
63	tristate "Hierarchical Fair Service Curve (HFSC)"
64	help
65	  Say Y here if you want to use the Hierarchical Fair Service Curve
66	  (HFSC) packet scheduling algorithm.
67
68	  To compile this code as a module, choose M here: the
69	  module will be called sch_hfsc.
70
71config NET_SCH_ATM
72	tristate "ATM Virtual Circuits (ATM)"
73	depends on ATM
74	help
75	  Say Y here if you want to use the ATM pseudo-scheduler.  This
76	  provides a framework for invoking classifiers, which in turn
77	  select classes of this queuing discipline.  Each class maps
78	  the flow(s) it is handling to a given virtual circuit.
79
80	  See the top of <file:net/sched/sch_atm.c> for more details.
81
82	  To compile this code as a module, choose M here: the
83	  module will be called sch_atm.
84
85config NET_SCH_PRIO
86	tristate "Multi Band Priority Queueing (PRIO)"
87	help
88	  Say Y here if you want to use an n-band priority queue packet
89	  scheduler.
90
91	  To compile this code as a module, choose M here: the
92	  module will be called sch_prio.
93
94config NET_SCH_MULTIQ
95	tristate "Hardware Multiqueue-aware Multi Band Queuing (MULTIQ)"
96	help
97	  Say Y here if you want to use an n-band queue packet scheduler
98	  to support devices that have multiple hardware transmit queues.
99
100	  To compile this code as a module, choose M here: the
101	  module will be called sch_multiq.
102
103config NET_SCH_RED
104	tristate "Random Early Detection (RED)"
105	help
106	  Say Y here if you want to use the Random Early Detection (RED)
107	  packet scheduling algorithm.
108
109	  See the top of <file:net/sched/sch_red.c> for more details.
110
111	  To compile this code as a module, choose M here: the
112	  module will be called sch_red.
113
114config NET_SCH_SFB
115	tristate "Stochastic Fair Blue (SFB)"
116	help
117	  Say Y here if you want to use the Stochastic Fair Blue (SFB)
118	  packet scheduling algorithm.
119
120	  See the top of <file:net/sched/sch_sfb.c> for more details.
121
122	  To compile this code as a module, choose M here: the
123	  module will be called sch_sfb.
124
125config NET_SCH_SFQ
126	tristate "Stochastic Fairness Queueing (SFQ)"
127	help
128	  Say Y here if you want to use the Stochastic Fairness Queueing (SFQ)
129	  packet scheduling algorithm.
130
131	  See the top of <file:net/sched/sch_sfq.c> for more details.
132
133	  To compile this code as a module, choose M here: the
134	  module will be called sch_sfq.
135
136config NET_SCH_TEQL
137	tristate "True Link Equalizer (TEQL)"
138	help
139	  Say Y here if you want to use the True Link Equalizer (TLE) packet
140	  scheduling algorithm. This queueing discipline allows the combination
141	  of several physical devices into one virtual device.
142
143	  See the top of <file:net/sched/sch_teql.c> for more details.
144
145	  To compile this code as a module, choose M here: the
146	  module will be called sch_teql.
147
148config NET_SCH_TBF
149	tristate "Token Bucket Filter (TBF)"
150	help
151	  Say Y here if you want to use the Token Bucket Filter (TBF) packet
152	  scheduling algorithm.
153
154	  See the top of <file:net/sched/sch_tbf.c> for more details.
155
156	  To compile this code as a module, choose M here: the
157	  module will be called sch_tbf.
158
159config NET_SCH_CBS
160	tristate "Credit Based Shaper (CBS)"
161	help
162	  Say Y here if you want to use the Credit Based Shaper (CBS) packet
163	  scheduling algorithm.
164
165	  See the top of <file:net/sched/sch_cbs.c> for more details.
166
167	  To compile this code as a module, choose M here: the
168	  module will be called sch_cbs.
169
170config NET_SCH_ETF
171	tristate "Earliest TxTime First (ETF)"
172	help
173	  Say Y here if you want to use the Earliest TxTime First (ETF) packet
174	  scheduling algorithm.
175
176	  See the top of <file:net/sched/sch_etf.c> for more details.
177
178	  To compile this code as a module, choose M here: the
179	  module will be called sch_etf.
180
181config NET_SCH_MQPRIO_LIB
182	tristate
183	help
184	  Common library for manipulating mqprio queue configurations.
185
186config NET_SCH_TAPRIO
187	tristate "Time Aware Priority (taprio) Scheduler"
188	select NET_SCH_MQPRIO_LIB
189	help
190	  Say Y here if you want to use the Time Aware Priority (taprio) packet
191	  scheduling algorithm.
192
193	  See the top of <file:net/sched/sch_taprio.c> for more details.
194
195	  To compile this code as a module, choose M here: the
196	  module will be called sch_taprio.
197
198config NET_SCH_GRED
199	tristate "Generic Random Early Detection (GRED)"
200	help
201	  Say Y here if you want to use the Generic Random Early Detection
202	  (GRED) packet scheduling algorithm for some of your network devices
203	  (see the top of <file:net/sched/sch_red.c> for details and
204	  references about the algorithm).
205
206	  To compile this code as a module, choose M here: the
207	  module will be called sch_gred.
208
209config NET_SCH_DSMARK
210	tristate "Differentiated Services marker (DSMARK)"
211	help
212	  Say Y if you want to schedule packets according to the
213	  Differentiated Services architecture proposed in RFC 2475.
214	  Technical information on this method, with pointers to associated
215	  RFCs, is available at <http://www.gta.ufrj.br/diffserv/>.
216
217	  To compile this code as a module, choose M here: the
218	  module will be called sch_dsmark.
219
220config NET_SCH_NETEM
221	tristate "Network emulator (NETEM)"
222	help
223	  Say Y if you want to emulate network delay, loss, and packet
224	  re-ordering. This is often useful to simulate networks when
225	  testing applications or protocols.
226
227	  To compile this driver as a module, choose M here: the module
228	  will be called sch_netem.
229
230	  If unsure, say N.
231
232config NET_SCH_DRR
233	tristate "Deficit Round Robin scheduler (DRR)"
234	help
235	  Say Y here if you want to use the Deficit Round Robin (DRR) packet
236	  scheduling algorithm.
237
238	  To compile this driver as a module, choose M here: the module
239	  will be called sch_drr.
240
241	  If unsure, say N.
242
243config NET_SCH_MQPRIO
244	tristate "Multi-queue priority scheduler (MQPRIO)"
245	select NET_SCH_MQPRIO_LIB
246	help
247	  Say Y here if you want to use the Multi-queue Priority scheduler.
248	  This scheduler allows QOS to be offloaded on NICs that have support
249	  for offloading QOS schedulers.
250
251	  To compile this driver as a module, choose M here: the module will
252	  be called sch_mqprio.
253
254	  If unsure, say N.
255
256config NET_SCH_SKBPRIO
257	tristate "SKB priority queue scheduler (SKBPRIO)"
258	help
259	  Say Y here if you want to use the SKB priority queue
260	  scheduler. This schedules packets according to skb->priority,
261	  which is useful for request packets in DoS mitigation systems such
262	  as Gatekeeper.
263
264	  To compile this driver as a module, choose M here: the module will
265	  be called sch_skbprio.
266
267	  If unsure, say N.
268
269config NET_SCH_CHOKE
270	tristate "CHOose and Keep responsive flow scheduler (CHOKE)"
271	help
272	  Say Y here if you want to use the CHOKe packet scheduler (CHOose
273	  and Keep for responsive flows, CHOose and Kill for unresponsive
274	  flows). This is a variation of RED which tries to penalize flows
275	  that monopolize the queue.
276
277	  To compile this code as a module, choose M here: the
278	  module will be called sch_choke.
279
280config NET_SCH_QFQ
281	tristate "Quick Fair Queueing scheduler (QFQ)"
282	help
283	  Say Y here if you want to use the Quick Fair Queueing Scheduler (QFQ)
284	  packet scheduling algorithm.
285
286	  To compile this driver as a module, choose M here: the module
287	  will be called sch_qfq.
288
289	  If unsure, say N.
290
291config NET_SCH_CODEL
292	tristate "Controlled Delay AQM (CODEL)"
293	help
294	  Say Y here if you want to use the Controlled Delay (CODEL)
295	  packet scheduling algorithm.
296
297	  To compile this driver as a module, choose M here: the module
298	  will be called sch_codel.
299
300	  If unsure, say N.
301
302config NET_SCH_FQ_CODEL
303	tristate "Fair Queue Controlled Delay AQM (FQ_CODEL)"
304	help
305	  Say Y here if you want to use the FQ Controlled Delay (FQ_CODEL)
306	  packet scheduling algorithm.
307
308	  To compile this driver as a module, choose M here: the module
309	  will be called sch_fq_codel.
310
311	  If unsure, say N.
312
313config NET_SCH_CAKE
314	tristate "Common Applications Kept Enhanced (CAKE)"
315	help
316	  Say Y here if you want to use the Common Applications Kept Enhanced
317	  (CAKE) queue management algorithm.
318
319	  To compile this driver as a module, choose M here: the module
320	  will be called sch_cake.
321
322	  If unsure, say N.
323
324config NET_SCH_FQ
325	tristate "Fair Queue"
326	help
327	  Say Y here if you want to use the FQ packet scheduling algorithm.
328
329	  FQ does flow separation, and is able to respect pacing requirements
330	  set by TCP stack into sk->sk_pacing_rate (for locally generated
331	  traffic)
332
333	  To compile this driver as a module, choose M here: the module
334	  will be called sch_fq.
335
336	  If unsure, say N.
337
338config NET_SCH_HHF
339	tristate "Heavy-Hitter Filter (HHF)"
340	help
341	  Say Y here if you want to use the Heavy-Hitter Filter (HHF)
342	  packet scheduling algorithm.
343
344	  To compile this driver as a module, choose M here: the module
345	  will be called sch_hhf.
346
347config NET_SCH_PIE
348	tristate "Proportional Integral controller Enhanced (PIE) scheduler"
349	help
350	  Say Y here if you want to use the Proportional Integral controller
351	  Enhanced scheduler packet scheduling algorithm.
352	  For more information, please see https://tools.ietf.org/html/rfc8033
353
354	  To compile this driver as a module, choose M here: the module
355	  will be called sch_pie.
356
357	  If unsure, say N.
358
359config NET_SCH_FQ_PIE
360	depends on NET_SCH_PIE
361	tristate "Flow Queue Proportional Integral controller Enhanced (FQ-PIE)"
362	help
363	  Say Y here if you want to use the Flow Queue Proportional Integral
364	  controller Enhanced (FQ-PIE) packet scheduling algorithm.
365	  For more information, please see https://tools.ietf.org/html/rfc8033
366
367	  To compile this driver as a module, choose M here: the module
368	  will be called sch_fq_pie.
369
370	  If unsure, say N.
371
372config NET_SCH_INGRESS
373	tristate "Ingress/classifier-action Qdisc"
374	depends on NET_CLS_ACT
375	select NET_INGRESS
376	select NET_EGRESS
377	help
378	  Say Y here if you want to use classifiers for incoming and/or outgoing
379	  packets. This qdisc doesn't do anything else besides running classifiers,
380	  which can also have actions attached to them. In case of outgoing packets,
381	  classifiers that this qdisc holds are executed in the transmit path
382	  before real enqueuing to an egress qdisc happens.
383
384	  If unsure, say Y.
385
386	  To compile this code as a module, choose M here: the module will be
387	  called sch_ingress with alias of sch_clsact.
388
389config NET_SCH_PLUG
390	tristate "Plug network traffic until release (PLUG)"
391	help
392
393	  This queuing discipline allows userspace to plug/unplug a network
394	  output queue, using the netlink interface.  When it receives an
395	  enqueue command it inserts a plug into the outbound queue that
396	  causes following packets to enqueue until a dequeue command arrives
397	  over netlink, causing the plug to be removed and resuming the normal
398	  packet flow.
399
400	  This module also provides a generic "network output buffering"
401	  functionality (aka output commit), wherein upon arrival of a dequeue
402	  command, only packets up to the first plug are released for delivery.
403	  The Remus HA project uses this module to enable speculative execution
404	  of virtual machines by allowing the generated network output to be rolled
405	  back if needed.
406
407	  For more information, please refer to <http://wiki.xenproject.org/wiki/Remus>
408
409	  Say Y here if you are using this kernel for Xen dom0 and
410	  want to protect Xen guests with Remus.
411
412	  To compile this code as a module, choose M here: the
413	  module will be called sch_plug.
414
415config NET_SCH_ETS
416	tristate "Enhanced transmission selection scheduler (ETS)"
417	help
418          The Enhanced Transmission Selection scheduler is a classful
419          queuing discipline that merges functionality of PRIO and DRR
420          qdiscs in one scheduler. ETS makes it easy to configure a set of
421          strict and bandwidth-sharing bands to implement the transmission
422          selection described in 802.1Qaz.
423
424	  Say Y here if you want to use the ETS packet scheduling
425	  algorithm.
426
427	  To compile this driver as a module, choose M here: the module
428	  will be called sch_ets.
429
430	  If unsure, say N.
431
432menuconfig NET_SCH_DEFAULT
433	bool "Allow override default queue discipline"
434	help
435	  Support for selection of default queuing discipline.
436
437	  Nearly all users can safely say no here, and the default
438	  of pfifo_fast will be used. Many distributions already set
439	  the default value via /proc/sys/net/core/default_qdisc.
440
441	  If unsure, say N.
442
443if NET_SCH_DEFAULT
444
445choice
446	prompt "Default queuing discipline"
447	default DEFAULT_PFIFO_FAST
448	help
449	  Select the queueing discipline that will be used by default
450	  for all network devices.
451
452	config DEFAULT_FQ
453		bool "Fair Queue" if NET_SCH_FQ
454
455	config DEFAULT_CODEL
456		bool "Controlled Delay" if NET_SCH_CODEL
457
458	config DEFAULT_FQ_CODEL
459		bool "Fair Queue Controlled Delay" if NET_SCH_FQ_CODEL
460
461	config DEFAULT_FQ_PIE
462		bool "Flow Queue Proportional Integral controller Enhanced" if NET_SCH_FQ_PIE
463
464	config DEFAULT_SFQ
465		bool "Stochastic Fair Queue" if NET_SCH_SFQ
466
467	config DEFAULT_PFIFO_FAST
468		bool "Priority FIFO Fast"
469endchoice
470
471config DEFAULT_NET_SCH
472	string
473	default "pfifo_fast" if DEFAULT_PFIFO_FAST
474	default "fq" if DEFAULT_FQ
475	default "fq_codel" if DEFAULT_FQ_CODEL
476	default "fq_pie" if DEFAULT_FQ_PIE
477	default "sfq" if DEFAULT_SFQ
478	default "pfifo_fast"
479endif
480
481comment "Classification"
482
483config NET_CLS
484	bool
485
486config NET_CLS_BASIC
487	tristate "Elementary classification (BASIC)"
488	select NET_CLS
489	help
490	  Say Y here if you want to be able to classify packets using
491	  only extended matches and actions.
492
493	  To compile this code as a module, choose M here: the
494	  module will be called cls_basic.
495
496config NET_CLS_TCINDEX
497	tristate "Traffic-Control Index (TCINDEX)"
498	select NET_CLS
499	help
500	  Say Y here if you want to be able to classify packets based on
501	  traffic control indices. You will want this feature if you want
502	  to implement Differentiated Services together with DSMARK.
503
504	  To compile this code as a module, choose M here: the
505	  module will be called cls_tcindex.
506
507config NET_CLS_ROUTE4
508	tristate "Routing decision (ROUTE)"
509	depends on INET
510	select IP_ROUTE_CLASSID
511	select NET_CLS
512	help
513	  If you say Y here, you will be able to classify packets
514	  according to the route table entry they matched.
515
516	  To compile this code as a module, choose M here: the
517	  module will be called cls_route.
518
519config NET_CLS_FW
520	tristate "Netfilter mark (FW)"
521	select NET_CLS
522	help
523	  If you say Y here, you will be able to classify packets
524	  according to netfilter/firewall marks.
525
526	  To compile this code as a module, choose M here: the
527	  module will be called cls_fw.
528
529config NET_CLS_U32
530	tristate "Universal 32bit comparisons w/ hashing (U32)"
531	select NET_CLS
532	help
533	  Say Y here to be able to classify packets using a universal
534	  32bit pieces based comparison scheme.
535
536	  To compile this code as a module, choose M here: the
537	  module will be called cls_u32.
538
539config CLS_U32_PERF
540	bool "Performance counters support"
541	depends on NET_CLS_U32
542	help
543	  Say Y here to make u32 gather additional statistics useful for
544	  fine tuning u32 classifiers.
545
546config CLS_U32_MARK
547	bool "Netfilter marks support"
548	depends on NET_CLS_U32
549	help
550	  Say Y here to be able to use netfilter marks as u32 key.
551
552config NET_CLS_RSVP
553	tristate "IPv4 Resource Reservation Protocol (RSVP)"
554	select NET_CLS
555	help
556	  The Resource Reservation Protocol (RSVP) permits end systems to
557	  request a minimum and maximum data flow rate for a connection; this
558	  is important for real time data such as streaming sound or video.
559
560	  Say Y here if you want to be able to classify outgoing packets based
561	  on their RSVP requests.
562
563	  To compile this code as a module, choose M here: the
564	  module will be called cls_rsvp.
565
566config NET_CLS_RSVP6
567	tristate "IPv6 Resource Reservation Protocol (RSVP6)"
568	select NET_CLS
569	help
570	  The Resource Reservation Protocol (RSVP) permits end systems to
571	  request a minimum and maximum data flow rate for a connection; this
572	  is important for real time data such as streaming sound or video.
573
574	  Say Y here if you want to be able to classify outgoing packets based
575	  on their RSVP requests and you are using the IPv6 protocol.
576
577	  To compile this code as a module, choose M here: the
578	  module will be called cls_rsvp6.
579
580config NET_CLS_FLOW
581	tristate "Flow classifier"
582	select NET_CLS
583	help
584	  If you say Y here, you will be able to classify packets based on
585	  a configurable combination of packet keys. This is mostly useful
586	  in combination with SFQ.
587
588	  To compile this code as a module, choose M here: the
589	  module will be called cls_flow.
590
591config NET_CLS_CGROUP
592	tristate "Control Group Classifier"
593	select NET_CLS
594	select CGROUP_NET_CLASSID
595	depends on CGROUPS
596	help
597	  Say Y here if you want to classify packets based on the control
598	  cgroup of their process.
599
600	  To compile this code as a module, choose M here: the
601	  module will be called cls_cgroup.
602
603config NET_CLS_BPF
604	tristate "BPF-based classifier"
605	select NET_CLS
606	help
607	  If you say Y here, you will be able to classify packets based on
608	  programmable BPF (JIT'ed) filters as an alternative to ematches.
609
610	  To compile this code as a module, choose M here: the module will
611	  be called cls_bpf.
612
613config NET_CLS_FLOWER
614	tristate "Flower classifier"
615	select NET_CLS
616	help
617	  If you say Y here, you will be able to classify packets based on
618	  a configurable combination of packet keys and masks.
619
620	  To compile this code as a module, choose M here: the module will
621	  be called cls_flower.
622
623config NET_CLS_MATCHALL
624	tristate "Match-all classifier"
625	select NET_CLS
626	help
627	  If you say Y here, you will be able to classify packets based on
628	  nothing. Every packet will match.
629
630	  To compile this code as a module, choose M here: the module will
631	  be called cls_matchall.
632
633config NET_EMATCH
634	bool "Extended Matches"
635	select NET_CLS
636	help
637	  Say Y here if you want to use extended matches on top of classifiers
638	  and select the extended matches below.
639
640	  Extended matches are small classification helpers not worth writing
641	  a separate classifier for.
642
643	  A recent version of the iproute2 package is required to use
644	  extended matches.
645
646config NET_EMATCH_STACK
647	int "Stack size"
648	depends on NET_EMATCH
649	default "32"
650	help
651	  Size of the local stack variable used while evaluating the tree of
652	  ematches. Limits the depth of the tree, i.e. the number of
653	  encapsulated precedences. Every level requires 4 bytes of additional
654	  stack space.
655
656config NET_EMATCH_CMP
657	tristate "Simple packet data comparison"
658	depends on NET_EMATCH
659	help
660	  Say Y here if you want to be able to classify packets based on
661	  simple packet data comparisons for 8, 16, and 32bit values.
662
663	  To compile this code as a module, choose M here: the
664	  module will be called em_cmp.
665
666config NET_EMATCH_NBYTE
667	tristate "Multi byte comparison"
668	depends on NET_EMATCH
669	help
670	  Say Y here if you want to be able to classify packets based on
671	  multiple byte comparisons mainly useful for IPv6 address comparisons.
672
673	  To compile this code as a module, choose M here: the
674	  module will be called em_nbyte.
675
676config NET_EMATCH_U32
677	tristate "U32 key"
678	depends on NET_EMATCH
679	help
680	  Say Y here if you want to be able to classify packets using
681	  the famous u32 key in combination with logic relations.
682
683	  To compile this code as a module, choose M here: the
684	  module will be called em_u32.
685
686config NET_EMATCH_META
687	tristate "Metadata"
688	depends on NET_EMATCH
689	help
690	  Say Y here if you want to be able to classify packets based on
691	  metadata such as load average, netfilter attributes, socket
692	  attributes and routing decisions.
693
694	  To compile this code as a module, choose M here: the
695	  module will be called em_meta.
696
697config NET_EMATCH_TEXT
698	tristate "Textsearch"
699	depends on NET_EMATCH
700	select TEXTSEARCH
701	select TEXTSEARCH_KMP
702	select TEXTSEARCH_BM
703	select TEXTSEARCH_FSM
704	help
705	  Say Y here if you want to be able to classify packets based on
706	  textsearch comparisons.
707
708	  To compile this code as a module, choose M here: the
709	  module will be called em_text.
710
711config NET_EMATCH_CANID
712	tristate "CAN Identifier"
713	depends on NET_EMATCH && (CAN=y || CAN=m)
714	help
715	  Say Y here if you want to be able to classify CAN frames based
716	  on CAN Identifier.
717
718	  To compile this code as a module, choose M here: the
719	  module will be called em_canid.
720
721config NET_EMATCH_IPSET
722	tristate "IPset"
723	depends on NET_EMATCH && IP_SET
724	help
725	  Say Y here if you want to be able to classify packets based on
726	  ipset membership.
727
728	  To compile this code as a module, choose M here: the
729	  module will be called em_ipset.
730
731config NET_EMATCH_IPT
732	tristate "IPtables Matches"
733	depends on NET_EMATCH && NETFILTER && NETFILTER_XTABLES
734	help
735	  Say Y here to be able to classify packets based on iptables
736	  matches.
737	  Current supported match is "policy" which allows packet classification
738	  based on IPsec policy that was used during decapsulation
739
740	  To compile this code as a module, choose M here: the
741	  module will be called em_ipt.
742
743config NET_CLS_ACT
744	bool "Actions"
745	select NET_CLS
746	help
747	  Say Y here if you want to use traffic control actions. Actions
748	  get attached to classifiers and are invoked after a successful
749	  classification. They are used to overwrite the classification
750	  result, instantly drop or redirect packets, etc.
751
752	  A recent version of the iproute2 package is required to use
753	  extended matches.
754
755config NET_ACT_POLICE
756	tristate "Traffic Policing"
757	depends on NET_CLS_ACT
758	help
759	  Say Y here if you want to do traffic policing, i.e. strict
760	  bandwidth limiting. This action replaces the existing policing
761	  module.
762
763	  To compile this code as a module, choose M here: the
764	  module will be called act_police.
765
766config NET_ACT_GACT
767	tristate "Generic actions"
768	depends on NET_CLS_ACT
769	help
770	  Say Y here to take generic actions such as dropping and
771	  accepting packets.
772
773	  To compile this code as a module, choose M here: the
774	  module will be called act_gact.
775
776config GACT_PROB
777	bool "Probability support"
778	depends on NET_ACT_GACT
779	help
780	  Say Y here to use the generic action randomly or deterministically.
781
782config NET_ACT_MIRRED
783	tristate "Redirecting and Mirroring"
784	depends on NET_CLS_ACT
785	help
786	  Say Y here to allow packets to be mirrored or redirected to
787	  other devices.
788
789	  To compile this code as a module, choose M here: the
790	  module will be called act_mirred.
791
792config NET_ACT_SAMPLE
793	tristate "Traffic Sampling"
794	depends on NET_CLS_ACT
795	select PSAMPLE
796	help
797	  Say Y here to allow packet sampling tc action. The packet sample
798	  action consists of statistically choosing packets and sampling
799	  them using the psample module.
800
801	  To compile this code as a module, choose M here: the
802	  module will be called act_sample.
803
804config NET_ACT_IPT
805	tristate "IPtables targets"
806	depends on NET_CLS_ACT && NETFILTER && NETFILTER_XTABLES
807	help
808	  Say Y here to be able to invoke iptables targets after successful
809	  classification.
810
811	  To compile this code as a module, choose M here: the
812	  module will be called act_ipt.
813
814config NET_ACT_NAT
815	tristate "Stateless NAT"
816	depends on NET_CLS_ACT
817	help
818	  Say Y here to do stateless NAT on IPv4 packets.  You should use
819	  netfilter for NAT unless you know what you are doing.
820
821	  To compile this code as a module, choose M here: the
822	  module will be called act_nat.
823
824config NET_ACT_PEDIT
825	tristate "Packet Editing"
826	depends on NET_CLS_ACT
827	help
828	  Say Y here if you want to mangle the content of packets.
829
830	  To compile this code as a module, choose M here: the
831	  module will be called act_pedit.
832
833config NET_ACT_SIMP
834	tristate "Simple Example (Debug)"
835	depends on NET_CLS_ACT
836	help
837	  Say Y here to add a simple action for demonstration purposes.
838	  It is meant as an example and for debugging purposes. It will
839	  print a configured policy string followed by the packet count
840	  to the console for every packet that passes by.
841
842	  If unsure, say N.
843
844	  To compile this code as a module, choose M here: the
845	  module will be called act_simple.
846
847config NET_ACT_SKBEDIT
848	tristate "SKB Editing"
849	depends on NET_CLS_ACT
850	help
851	  Say Y here to change skb priority or queue_mapping settings.
852
853	  If unsure, say N.
854
855	  To compile this code as a module, choose M here: the
856	  module will be called act_skbedit.
857
858config NET_ACT_CSUM
859	tristate "Checksum Updating"
860	depends on NET_CLS_ACT && INET
861	select LIBCRC32C
862	help
863	  Say Y here to update some common checksum after some direct
864	  packet alterations.
865
866	  To compile this code as a module, choose M here: the
867	  module will be called act_csum.
868
869config NET_ACT_MPLS
870	tristate "MPLS manipulation"
871	depends on NET_CLS_ACT
872	help
873	  Say Y here to push or pop MPLS headers.
874
875	  If unsure, say N.
876
877	  To compile this code as a module, choose M here: the
878	  module will be called act_mpls.
879
880config NET_ACT_VLAN
881	tristate "Vlan manipulation"
882	depends on NET_CLS_ACT
883	help
884	  Say Y here to push or pop vlan headers.
885
886	  If unsure, say N.
887
888	  To compile this code as a module, choose M here: the
889	  module will be called act_vlan.
890
891config NET_ACT_BPF
892	tristate "BPF based action"
893	depends on NET_CLS_ACT
894	help
895	  Say Y here to execute BPF code on packets. The BPF code will decide
896	  if the packet should be dropped or not.
897
898	  If unsure, say N.
899
900	  To compile this code as a module, choose M here: the
901	  module will be called act_bpf.
902
903config NET_ACT_CONNMARK
904	tristate "Netfilter Connection Mark Retriever"
905	depends on NET_CLS_ACT && NETFILTER
906	depends on NF_CONNTRACK && NF_CONNTRACK_MARK
907	help
908	  Say Y here to allow retrieving of conn mark
909
910	  If unsure, say N.
911
912	  To compile this code as a module, choose M here: the
913	  module will be called act_connmark.
914
915config NET_ACT_CTINFO
916	tristate "Netfilter Connection Mark Actions"
917	depends on NET_CLS_ACT && NETFILTER
918	depends on NF_CONNTRACK && NF_CONNTRACK_MARK
919	help
920	  Say Y here to allow transfer of a connmark stored information.
921	  Current actions transfer connmark stored DSCP into
922	  ipv4/v6 diffserv and/or to transfer connmark to packet
923	  mark.  Both are useful for restoring egress based marks
924	  back onto ingress connections for qdisc priority mapping
925	  purposes.
926
927	  If unsure, say N.
928
929	  To compile this code as a module, choose M here: the
930	  module will be called act_ctinfo.
931
932config NET_ACT_SKBMOD
933	tristate "skb data modification action"
934	depends on NET_CLS_ACT
935	help
936	 Say Y here to allow modification of skb data
937
938	 If unsure, say N.
939
940	 To compile this code as a module, choose M here: the
941	 module will be called act_skbmod.
942
943config NET_ACT_IFE
944	tristate "Inter-FE action based on IETF ForCES InterFE LFB"
945	depends on NET_CLS_ACT
946	select NET_IFE
947	help
948	  Say Y here to allow for sourcing and terminating metadata
949	  For details refer to netdev01 paper:
950	  "Distributing Linux Traffic Control Classifier-Action Subsystem"
951	   Authors: Jamal Hadi Salim and Damascene M. Joachimpillai
952
953	  To compile this code as a module, choose M here: the
954	  module will be called act_ife.
955
956config NET_ACT_TUNNEL_KEY
957	tristate "IP tunnel metadata manipulation"
958	depends on NET_CLS_ACT
959	help
960	  Say Y here to set/release ip tunnel metadata.
961
962	  If unsure, say N.
963
964	  To compile this code as a module, choose M here: the
965	  module will be called act_tunnel_key.
966
967config NET_ACT_CT
968	tristate "connection tracking tc action"
969	depends on NET_CLS_ACT && NF_CONNTRACK && (!NF_NAT || NF_NAT) && NF_FLOW_TABLE
970	select NF_CONNTRACK_OVS
971	select NF_NAT_OVS if NF_NAT
972	help
973	  Say Y here to allow sending the packets to conntrack module.
974
975	  If unsure, say N.
976
977	  To compile this code as a module, choose M here: the
978	  module will be called act_ct.
979
980config NET_ACT_GATE
981	tristate "Frame gate entry list control tc action"
982	depends on NET_CLS_ACT
983	help
984	  Say Y here to allow to control the ingress flow to be passed at
985	  specific time slot and be dropped at other specific time slot by
986	  the gate entry list.
987
988	  If unsure, say N.
989	  To compile this code as a module, choose M here: the
990	  module will be called act_gate.
991
992config NET_IFE_SKBMARK
993	tristate "Support to encoding decoding skb mark on IFE action"
994	depends on NET_ACT_IFE
995
996config NET_IFE_SKBPRIO
997	tristate "Support to encoding decoding skb prio on IFE action"
998	depends on NET_ACT_IFE
999
1000config NET_IFE_SKBTCINDEX
1001	tristate "Support to encoding decoding skb tcindex on IFE action"
1002	depends on NET_ACT_IFE
1003
1004config NET_TC_SKB_EXT
1005	bool "TC recirculation support"
1006	depends on NET_CLS_ACT
1007	select SKB_EXTENSIONS
1008
1009	help
1010	  Say Y here to allow tc chain misses to continue in OvS datapath in
1011	  the correct recirc_id, and hardware chain misses to continue in
1012	  the correct chain in tc software datapath.
1013
1014	  Say N here if you won't be using tc<->ovs offload or tc chains offload.
1015
1016endif # NET_SCHED
1017
1018config NET_SCH_FIFO
1019	bool
1020