1# SPDX-License-Identifier: GPL-2.0-only 2# 3# Traffic control configuration. 4# 5 6menuconfig NET_SCHED 7 bool "QoS and/or fair queueing" 8 select NET_SCH_FIFO 9 help 10 When the kernel has several packets to send out over a network 11 device, it has to decide which ones to send first, which ones to 12 delay, and which ones to drop. This is the job of the queueing 13 disciplines, several different algorithms for how to do this 14 "fairly" have been proposed. 15 16 If you say N here, you will get the standard packet scheduler, which 17 is a FIFO (first come, first served). If you say Y here, you will be 18 able to choose from among several alternative algorithms which can 19 then be attached to different network devices. This is useful for 20 example if some of your network devices are real time devices that 21 need a certain minimum data flow rate, or if you need to limit the 22 maximum data flow rate for traffic which matches specified criteria. 23 This code is considered to be experimental. 24 25 To administer these schedulers, you'll need the user-level utilities 26 from the package iproute2+tc at 27 <https://www.kernel.org/pub/linux/utils/net/iproute2/>. That package 28 also contains some documentation; for more, check out 29 <http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2>. 30 31 This Quality of Service (QoS) support will enable you to use 32 Differentiated Services (diffserv) and Resource Reservation Protocol 33 (RSVP) on your Linux router if you also say Y to the corresponding 34 classifiers below. Documentation and software is at 35 <http://diffserv.sourceforge.net/>. 36 37 If you say Y here and to "/proc file system" below, you will be able 38 to read status information about packet schedulers from the file 39 /proc/net/psched. 40 41 The available schedulers are listed in the following questions; you 42 can say Y to as many as you like. If unsure, say N now. 43 44if NET_SCHED 45 46comment "Queueing/Scheduling" 47 48config NET_SCH_HTB 49 tristate "Hierarchical Token Bucket (HTB)" 50 help 51 Say Y here if you want to use the Hierarchical Token Buckets (HTB) 52 packet scheduling algorithm. See 53 <http://luxik.cdi.cz/~devik/qos/htb/> for complete manual and 54 in-depth articles. 55 56 HTB is very similar to CBQ regarding its goals however is has 57 different properties and different algorithm. 58 59 To compile this code as a module, choose M here: the 60 module will be called sch_htb. 61 62config NET_SCH_HFSC 63 tristate "Hierarchical Fair Service Curve (HFSC)" 64 help 65 Say Y here if you want to use the Hierarchical Fair Service Curve 66 (HFSC) packet scheduling algorithm. 67 68 To compile this code as a module, choose M here: the 69 module will be called sch_hfsc. 70 71config NET_SCH_ATM 72 tristate "ATM Virtual Circuits (ATM)" 73 depends on ATM 74 help 75 Say Y here if you want to use the ATM pseudo-scheduler. This 76 provides a framework for invoking classifiers, which in turn 77 select classes of this queuing discipline. Each class maps 78 the flow(s) it is handling to a given virtual circuit. 79 80 See the top of <file:net/sched/sch_atm.c> for more details. 81 82 To compile this code as a module, choose M here: the 83 module will be called sch_atm. 84 85config NET_SCH_PRIO 86 tristate "Multi Band Priority Queueing (PRIO)" 87 help 88 Say Y here if you want to use an n-band priority queue packet 89 scheduler. 90 91 To compile this code as a module, choose M here: the 92 module will be called sch_prio. 93 94config NET_SCH_MULTIQ 95 tristate "Hardware Multiqueue-aware Multi Band Queuing (MULTIQ)" 96 help 97 Say Y here if you want to use an n-band queue packet scheduler 98 to support devices that have multiple hardware transmit queues. 99 100 To compile this code as a module, choose M here: the 101 module will be called sch_multiq. 102 103config NET_SCH_RED 104 tristate "Random Early Detection (RED)" 105 help 106 Say Y here if you want to use the Random Early Detection (RED) 107 packet scheduling algorithm. 108 109 See the top of <file:net/sched/sch_red.c> for more details. 110 111 To compile this code as a module, choose M here: the 112 module will be called sch_red. 113 114config NET_SCH_SFB 115 tristate "Stochastic Fair Blue (SFB)" 116 help 117 Say Y here if you want to use the Stochastic Fair Blue (SFB) 118 packet scheduling algorithm. 119 120 See the top of <file:net/sched/sch_sfb.c> for more details. 121 122 To compile this code as a module, choose M here: the 123 module will be called sch_sfb. 124 125config NET_SCH_SFQ 126 tristate "Stochastic Fairness Queueing (SFQ)" 127 help 128 Say Y here if you want to use the Stochastic Fairness Queueing (SFQ) 129 packet scheduling algorithm. 130 131 See the top of <file:net/sched/sch_sfq.c> for more details. 132 133 To compile this code as a module, choose M here: the 134 module will be called sch_sfq. 135 136config NET_SCH_TEQL 137 tristate "True Link Equalizer (TEQL)" 138 help 139 Say Y here if you want to use the True Link Equalizer (TLE) packet 140 scheduling algorithm. This queueing discipline allows the combination 141 of several physical devices into one virtual device. 142 143 See the top of <file:net/sched/sch_teql.c> for more details. 144 145 To compile this code as a module, choose M here: the 146 module will be called sch_teql. 147 148config NET_SCH_TBF 149 tristate "Token Bucket Filter (TBF)" 150 help 151 Say Y here if you want to use the Token Bucket Filter (TBF) packet 152 scheduling algorithm. 153 154 See the top of <file:net/sched/sch_tbf.c> for more details. 155 156 To compile this code as a module, choose M here: the 157 module will be called sch_tbf. 158 159config NET_SCH_CBS 160 tristate "Credit Based Shaper (CBS)" 161 help 162 Say Y here if you want to use the Credit Based Shaper (CBS) packet 163 scheduling algorithm. 164 165 See the top of <file:net/sched/sch_cbs.c> for more details. 166 167 To compile this code as a module, choose M here: the 168 module will be called sch_cbs. 169 170config NET_SCH_ETF 171 tristate "Earliest TxTime First (ETF)" 172 help 173 Say Y here if you want to use the Earliest TxTime First (ETF) packet 174 scheduling algorithm. 175 176 See the top of <file:net/sched/sch_etf.c> for more details. 177 178 To compile this code as a module, choose M here: the 179 module will be called sch_etf. 180 181config NET_SCH_MQPRIO_LIB 182 tristate 183 help 184 Common library for manipulating mqprio queue configurations. 185 186config NET_SCH_TAPRIO 187 tristate "Time Aware Priority (taprio) Scheduler" 188 select NET_SCH_MQPRIO_LIB 189 help 190 Say Y here if you want to use the Time Aware Priority (taprio) packet 191 scheduling algorithm. 192 193 See the top of <file:net/sched/sch_taprio.c> for more details. 194 195 To compile this code as a module, choose M here: the 196 module will be called sch_taprio. 197 198config NET_SCH_GRED 199 tristate "Generic Random Early Detection (GRED)" 200 help 201 Say Y here if you want to use the Generic Random Early Detection 202 (GRED) packet scheduling algorithm for some of your network devices 203 (see the top of <file:net/sched/sch_red.c> for details and 204 references about the algorithm). 205 206 To compile this code as a module, choose M here: the 207 module will be called sch_gred. 208 209config NET_SCH_DSMARK 210 tristate "Differentiated Services marker (DSMARK)" 211 help 212 Say Y if you want to schedule packets according to the 213 Differentiated Services architecture proposed in RFC 2475. 214 Technical information on this method, with pointers to associated 215 RFCs, is available at <http://www.gta.ufrj.br/diffserv/>. 216 217 To compile this code as a module, choose M here: the 218 module will be called sch_dsmark. 219 220config NET_SCH_NETEM 221 tristate "Network emulator (NETEM)" 222 help 223 Say Y if you want to emulate network delay, loss, and packet 224 re-ordering. This is often useful to simulate networks when 225 testing applications or protocols. 226 227 To compile this driver as a module, choose M here: the module 228 will be called sch_netem. 229 230 If unsure, say N. 231 232config NET_SCH_DRR 233 tristate "Deficit Round Robin scheduler (DRR)" 234 help 235 Say Y here if you want to use the Deficit Round Robin (DRR) packet 236 scheduling algorithm. 237 238 To compile this driver as a module, choose M here: the module 239 will be called sch_drr. 240 241 If unsure, say N. 242 243config NET_SCH_MQPRIO 244 tristate "Multi-queue priority scheduler (MQPRIO)" 245 select NET_SCH_MQPRIO_LIB 246 help 247 Say Y here if you want to use the Multi-queue Priority scheduler. 248 This scheduler allows QOS to be offloaded on NICs that have support 249 for offloading QOS schedulers. 250 251 To compile this driver as a module, choose M here: the module will 252 be called sch_mqprio. 253 254 If unsure, say N. 255 256config NET_SCH_SKBPRIO 257 tristate "SKB priority queue scheduler (SKBPRIO)" 258 help 259 Say Y here if you want to use the SKB priority queue 260 scheduler. This schedules packets according to skb->priority, 261 which is useful for request packets in DoS mitigation systems such 262 as Gatekeeper. 263 264 To compile this driver as a module, choose M here: the module will 265 be called sch_skbprio. 266 267 If unsure, say N. 268 269config NET_SCH_CHOKE 270 tristate "CHOose and Keep responsive flow scheduler (CHOKE)" 271 help 272 Say Y here if you want to use the CHOKe packet scheduler (CHOose 273 and Keep for responsive flows, CHOose and Kill for unresponsive 274 flows). This is a variation of RED which tries to penalize flows 275 that monopolize the queue. 276 277 To compile this code as a module, choose M here: the 278 module will be called sch_choke. 279 280config NET_SCH_QFQ 281 tristate "Quick Fair Queueing scheduler (QFQ)" 282 help 283 Say Y here if you want to use the Quick Fair Queueing Scheduler (QFQ) 284 packet scheduling algorithm. 285 286 To compile this driver as a module, choose M here: the module 287 will be called sch_qfq. 288 289 If unsure, say N. 290 291config NET_SCH_CODEL 292 tristate "Controlled Delay AQM (CODEL)" 293 help 294 Say Y here if you want to use the Controlled Delay (CODEL) 295 packet scheduling algorithm. 296 297 To compile this driver as a module, choose M here: the module 298 will be called sch_codel. 299 300 If unsure, say N. 301 302config NET_SCH_FQ_CODEL 303 tristate "Fair Queue Controlled Delay AQM (FQ_CODEL)" 304 help 305 Say Y here if you want to use the FQ Controlled Delay (FQ_CODEL) 306 packet scheduling algorithm. 307 308 To compile this driver as a module, choose M here: the module 309 will be called sch_fq_codel. 310 311 If unsure, say N. 312 313config NET_SCH_CAKE 314 tristate "Common Applications Kept Enhanced (CAKE)" 315 help 316 Say Y here if you want to use the Common Applications Kept Enhanced 317 (CAKE) queue management algorithm. 318 319 To compile this driver as a module, choose M here: the module 320 will be called sch_cake. 321 322 If unsure, say N. 323 324config NET_SCH_FQ 325 tristate "Fair Queue" 326 help 327 Say Y here if you want to use the FQ packet scheduling algorithm. 328 329 FQ does flow separation, and is able to respect pacing requirements 330 set by TCP stack into sk->sk_pacing_rate (for locally generated 331 traffic) 332 333 To compile this driver as a module, choose M here: the module 334 will be called sch_fq. 335 336 If unsure, say N. 337 338config NET_SCH_HHF 339 tristate "Heavy-Hitter Filter (HHF)" 340 help 341 Say Y here if you want to use the Heavy-Hitter Filter (HHF) 342 packet scheduling algorithm. 343 344 To compile this driver as a module, choose M here: the module 345 will be called sch_hhf. 346 347config NET_SCH_PIE 348 tristate "Proportional Integral controller Enhanced (PIE) scheduler" 349 help 350 Say Y here if you want to use the Proportional Integral controller 351 Enhanced scheduler packet scheduling algorithm. 352 For more information, please see https://tools.ietf.org/html/rfc8033 353 354 To compile this driver as a module, choose M here: the module 355 will be called sch_pie. 356 357 If unsure, say N. 358 359config NET_SCH_FQ_PIE 360 depends on NET_SCH_PIE 361 tristate "Flow Queue Proportional Integral controller Enhanced (FQ-PIE)" 362 help 363 Say Y here if you want to use the Flow Queue Proportional Integral 364 controller Enhanced (FQ-PIE) packet scheduling algorithm. 365 For more information, please see https://tools.ietf.org/html/rfc8033 366 367 To compile this driver as a module, choose M here: the module 368 will be called sch_fq_pie. 369 370 If unsure, say N. 371 372config NET_SCH_INGRESS 373 tristate "Ingress/classifier-action Qdisc" 374 depends on NET_CLS_ACT 375 select NET_INGRESS 376 select NET_EGRESS 377 help 378 Say Y here if you want to use classifiers for incoming and/or outgoing 379 packets. This qdisc doesn't do anything else besides running classifiers, 380 which can also have actions attached to them. In case of outgoing packets, 381 classifiers that this qdisc holds are executed in the transmit path 382 before real enqueuing to an egress qdisc happens. 383 384 If unsure, say Y. 385 386 To compile this code as a module, choose M here: the module will be 387 called sch_ingress with alias of sch_clsact. 388 389config NET_SCH_PLUG 390 tristate "Plug network traffic until release (PLUG)" 391 help 392 393 This queuing discipline allows userspace to plug/unplug a network 394 output queue, using the netlink interface. When it receives an 395 enqueue command it inserts a plug into the outbound queue that 396 causes following packets to enqueue until a dequeue command arrives 397 over netlink, causing the plug to be removed and resuming the normal 398 packet flow. 399 400 This module also provides a generic "network output buffering" 401 functionality (aka output commit), wherein upon arrival of a dequeue 402 command, only packets up to the first plug are released for delivery. 403 The Remus HA project uses this module to enable speculative execution 404 of virtual machines by allowing the generated network output to be rolled 405 back if needed. 406 407 For more information, please refer to <http://wiki.xenproject.org/wiki/Remus> 408 409 Say Y here if you are using this kernel for Xen dom0 and 410 want to protect Xen guests with Remus. 411 412 To compile this code as a module, choose M here: the 413 module will be called sch_plug. 414 415config NET_SCH_ETS 416 tristate "Enhanced transmission selection scheduler (ETS)" 417 help 418 The Enhanced Transmission Selection scheduler is a classful 419 queuing discipline that merges functionality of PRIO and DRR 420 qdiscs in one scheduler. ETS makes it easy to configure a set of 421 strict and bandwidth-sharing bands to implement the transmission 422 selection described in 802.1Qaz. 423 424 Say Y here if you want to use the ETS packet scheduling 425 algorithm. 426 427 To compile this driver as a module, choose M here: the module 428 will be called sch_ets. 429 430 If unsure, say N. 431 432menuconfig NET_SCH_DEFAULT 433 bool "Allow override default queue discipline" 434 help 435 Support for selection of default queuing discipline. 436 437 Nearly all users can safely say no here, and the default 438 of pfifo_fast will be used. Many distributions already set 439 the default value via /proc/sys/net/core/default_qdisc. 440 441 If unsure, say N. 442 443if NET_SCH_DEFAULT 444 445choice 446 prompt "Default queuing discipline" 447 default DEFAULT_PFIFO_FAST 448 help 449 Select the queueing discipline that will be used by default 450 for all network devices. 451 452 config DEFAULT_FQ 453 bool "Fair Queue" if NET_SCH_FQ 454 455 config DEFAULT_CODEL 456 bool "Controlled Delay" if NET_SCH_CODEL 457 458 config DEFAULT_FQ_CODEL 459 bool "Fair Queue Controlled Delay" if NET_SCH_FQ_CODEL 460 461 config DEFAULT_FQ_PIE 462 bool "Flow Queue Proportional Integral controller Enhanced" if NET_SCH_FQ_PIE 463 464 config DEFAULT_SFQ 465 bool "Stochastic Fair Queue" if NET_SCH_SFQ 466 467 config DEFAULT_PFIFO_FAST 468 bool "Priority FIFO Fast" 469endchoice 470 471config DEFAULT_NET_SCH 472 string 473 default "pfifo_fast" if DEFAULT_PFIFO_FAST 474 default "fq" if DEFAULT_FQ 475 default "fq_codel" if DEFAULT_FQ_CODEL 476 default "fq_pie" if DEFAULT_FQ_PIE 477 default "sfq" if DEFAULT_SFQ 478 default "pfifo_fast" 479endif 480 481comment "Classification" 482 483config NET_CLS 484 bool 485 486config NET_CLS_BASIC 487 tristate "Elementary classification (BASIC)" 488 select NET_CLS 489 help 490 Say Y here if you want to be able to classify packets using 491 only extended matches and actions. 492 493 To compile this code as a module, choose M here: the 494 module will be called cls_basic. 495 496config NET_CLS_TCINDEX 497 tristate "Traffic-Control Index (TCINDEX)" 498 select NET_CLS 499 help 500 Say Y here if you want to be able to classify packets based on 501 traffic control indices. You will want this feature if you want 502 to implement Differentiated Services together with DSMARK. 503 504 To compile this code as a module, choose M here: the 505 module will be called cls_tcindex. 506 507config NET_CLS_ROUTE4 508 tristate "Routing decision (ROUTE)" 509 depends on INET 510 select IP_ROUTE_CLASSID 511 select NET_CLS 512 help 513 If you say Y here, you will be able to classify packets 514 according to the route table entry they matched. 515 516 To compile this code as a module, choose M here: the 517 module will be called cls_route. 518 519config NET_CLS_FW 520 tristate "Netfilter mark (FW)" 521 select NET_CLS 522 help 523 If you say Y here, you will be able to classify packets 524 according to netfilter/firewall marks. 525 526 To compile this code as a module, choose M here: the 527 module will be called cls_fw. 528 529config NET_CLS_U32 530 tristate "Universal 32bit comparisons w/ hashing (U32)" 531 select NET_CLS 532 help 533 Say Y here to be able to classify packets using a universal 534 32bit pieces based comparison scheme. 535 536 To compile this code as a module, choose M here: the 537 module will be called cls_u32. 538 539config CLS_U32_PERF 540 bool "Performance counters support" 541 depends on NET_CLS_U32 542 help 543 Say Y here to make u32 gather additional statistics useful for 544 fine tuning u32 classifiers. 545 546config CLS_U32_MARK 547 bool "Netfilter marks support" 548 depends on NET_CLS_U32 549 help 550 Say Y here to be able to use netfilter marks as u32 key. 551 552config NET_CLS_RSVP 553 tristate "IPv4 Resource Reservation Protocol (RSVP)" 554 select NET_CLS 555 help 556 The Resource Reservation Protocol (RSVP) permits end systems to 557 request a minimum and maximum data flow rate for a connection; this 558 is important for real time data such as streaming sound or video. 559 560 Say Y here if you want to be able to classify outgoing packets based 561 on their RSVP requests. 562 563 To compile this code as a module, choose M here: the 564 module will be called cls_rsvp. 565 566config NET_CLS_RSVP6 567 tristate "IPv6 Resource Reservation Protocol (RSVP6)" 568 select NET_CLS 569 help 570 The Resource Reservation Protocol (RSVP) permits end systems to 571 request a minimum and maximum data flow rate for a connection; this 572 is important for real time data such as streaming sound or video. 573 574 Say Y here if you want to be able to classify outgoing packets based 575 on their RSVP requests and you are using the IPv6 protocol. 576 577 To compile this code as a module, choose M here: the 578 module will be called cls_rsvp6. 579 580config NET_CLS_FLOW 581 tristate "Flow classifier" 582 select NET_CLS 583 help 584 If you say Y here, you will be able to classify packets based on 585 a configurable combination of packet keys. This is mostly useful 586 in combination with SFQ. 587 588 To compile this code as a module, choose M here: the 589 module will be called cls_flow. 590 591config NET_CLS_CGROUP 592 tristate "Control Group Classifier" 593 select NET_CLS 594 select CGROUP_NET_CLASSID 595 depends on CGROUPS 596 help 597 Say Y here if you want to classify packets based on the control 598 cgroup of their process. 599 600 To compile this code as a module, choose M here: the 601 module will be called cls_cgroup. 602 603config NET_CLS_BPF 604 tristate "BPF-based classifier" 605 select NET_CLS 606 help 607 If you say Y here, you will be able to classify packets based on 608 programmable BPF (JIT'ed) filters as an alternative to ematches. 609 610 To compile this code as a module, choose M here: the module will 611 be called cls_bpf. 612 613config NET_CLS_FLOWER 614 tristate "Flower classifier" 615 select NET_CLS 616 help 617 If you say Y here, you will be able to classify packets based on 618 a configurable combination of packet keys and masks. 619 620 To compile this code as a module, choose M here: the module will 621 be called cls_flower. 622 623config NET_CLS_MATCHALL 624 tristate "Match-all classifier" 625 select NET_CLS 626 help 627 If you say Y here, you will be able to classify packets based on 628 nothing. Every packet will match. 629 630 To compile this code as a module, choose M here: the module will 631 be called cls_matchall. 632 633config NET_EMATCH 634 bool "Extended Matches" 635 select NET_CLS 636 help 637 Say Y here if you want to use extended matches on top of classifiers 638 and select the extended matches below. 639 640 Extended matches are small classification helpers not worth writing 641 a separate classifier for. 642 643 A recent version of the iproute2 package is required to use 644 extended matches. 645 646config NET_EMATCH_STACK 647 int "Stack size" 648 depends on NET_EMATCH 649 default "32" 650 help 651 Size of the local stack variable used while evaluating the tree of 652 ematches. Limits the depth of the tree, i.e. the number of 653 encapsulated precedences. Every level requires 4 bytes of additional 654 stack space. 655 656config NET_EMATCH_CMP 657 tristate "Simple packet data comparison" 658 depends on NET_EMATCH 659 help 660 Say Y here if you want to be able to classify packets based on 661 simple packet data comparisons for 8, 16, and 32bit values. 662 663 To compile this code as a module, choose M here: the 664 module will be called em_cmp. 665 666config NET_EMATCH_NBYTE 667 tristate "Multi byte comparison" 668 depends on NET_EMATCH 669 help 670 Say Y here if you want to be able to classify packets based on 671 multiple byte comparisons mainly useful for IPv6 address comparisons. 672 673 To compile this code as a module, choose M here: the 674 module will be called em_nbyte. 675 676config NET_EMATCH_U32 677 tristate "U32 key" 678 depends on NET_EMATCH 679 help 680 Say Y here if you want to be able to classify packets using 681 the famous u32 key in combination with logic relations. 682 683 To compile this code as a module, choose M here: the 684 module will be called em_u32. 685 686config NET_EMATCH_META 687 tristate "Metadata" 688 depends on NET_EMATCH 689 help 690 Say Y here if you want to be able to classify packets based on 691 metadata such as load average, netfilter attributes, socket 692 attributes and routing decisions. 693 694 To compile this code as a module, choose M here: the 695 module will be called em_meta. 696 697config NET_EMATCH_TEXT 698 tristate "Textsearch" 699 depends on NET_EMATCH 700 select TEXTSEARCH 701 select TEXTSEARCH_KMP 702 select TEXTSEARCH_BM 703 select TEXTSEARCH_FSM 704 help 705 Say Y here if you want to be able to classify packets based on 706 textsearch comparisons. 707 708 To compile this code as a module, choose M here: the 709 module will be called em_text. 710 711config NET_EMATCH_CANID 712 tristate "CAN Identifier" 713 depends on NET_EMATCH && (CAN=y || CAN=m) 714 help 715 Say Y here if you want to be able to classify CAN frames based 716 on CAN Identifier. 717 718 To compile this code as a module, choose M here: the 719 module will be called em_canid. 720 721config NET_EMATCH_IPSET 722 tristate "IPset" 723 depends on NET_EMATCH && IP_SET 724 help 725 Say Y here if you want to be able to classify packets based on 726 ipset membership. 727 728 To compile this code as a module, choose M here: the 729 module will be called em_ipset. 730 731config NET_EMATCH_IPT 732 tristate "IPtables Matches" 733 depends on NET_EMATCH && NETFILTER && NETFILTER_XTABLES 734 help 735 Say Y here to be able to classify packets based on iptables 736 matches. 737 Current supported match is "policy" which allows packet classification 738 based on IPsec policy that was used during decapsulation 739 740 To compile this code as a module, choose M here: the 741 module will be called em_ipt. 742 743config NET_CLS_ACT 744 bool "Actions" 745 select NET_CLS 746 help 747 Say Y here if you want to use traffic control actions. Actions 748 get attached to classifiers and are invoked after a successful 749 classification. They are used to overwrite the classification 750 result, instantly drop or redirect packets, etc. 751 752 A recent version of the iproute2 package is required to use 753 extended matches. 754 755config NET_ACT_POLICE 756 tristate "Traffic Policing" 757 depends on NET_CLS_ACT 758 help 759 Say Y here if you want to do traffic policing, i.e. strict 760 bandwidth limiting. This action replaces the existing policing 761 module. 762 763 To compile this code as a module, choose M here: the 764 module will be called act_police. 765 766config NET_ACT_GACT 767 tristate "Generic actions" 768 depends on NET_CLS_ACT 769 help 770 Say Y here to take generic actions such as dropping and 771 accepting packets. 772 773 To compile this code as a module, choose M here: the 774 module will be called act_gact. 775 776config GACT_PROB 777 bool "Probability support" 778 depends on NET_ACT_GACT 779 help 780 Say Y here to use the generic action randomly or deterministically. 781 782config NET_ACT_MIRRED 783 tristate "Redirecting and Mirroring" 784 depends on NET_CLS_ACT 785 help 786 Say Y here to allow packets to be mirrored or redirected to 787 other devices. 788 789 To compile this code as a module, choose M here: the 790 module will be called act_mirred. 791 792config NET_ACT_SAMPLE 793 tristate "Traffic Sampling" 794 depends on NET_CLS_ACT 795 select PSAMPLE 796 help 797 Say Y here to allow packet sampling tc action. The packet sample 798 action consists of statistically choosing packets and sampling 799 them using the psample module. 800 801 To compile this code as a module, choose M here: the 802 module will be called act_sample. 803 804config NET_ACT_IPT 805 tristate "IPtables targets" 806 depends on NET_CLS_ACT && NETFILTER && NETFILTER_XTABLES 807 help 808 Say Y here to be able to invoke iptables targets after successful 809 classification. 810 811 To compile this code as a module, choose M here: the 812 module will be called act_ipt. 813 814config NET_ACT_NAT 815 tristate "Stateless NAT" 816 depends on NET_CLS_ACT 817 help 818 Say Y here to do stateless NAT on IPv4 packets. You should use 819 netfilter for NAT unless you know what you are doing. 820 821 To compile this code as a module, choose M here: the 822 module will be called act_nat. 823 824config NET_ACT_PEDIT 825 tristate "Packet Editing" 826 depends on NET_CLS_ACT 827 help 828 Say Y here if you want to mangle the content of packets. 829 830 To compile this code as a module, choose M here: the 831 module will be called act_pedit. 832 833config NET_ACT_SIMP 834 tristate "Simple Example (Debug)" 835 depends on NET_CLS_ACT 836 help 837 Say Y here to add a simple action for demonstration purposes. 838 It is meant as an example and for debugging purposes. It will 839 print a configured policy string followed by the packet count 840 to the console for every packet that passes by. 841 842 If unsure, say N. 843 844 To compile this code as a module, choose M here: the 845 module will be called act_simple. 846 847config NET_ACT_SKBEDIT 848 tristate "SKB Editing" 849 depends on NET_CLS_ACT 850 help 851 Say Y here to change skb priority or queue_mapping settings. 852 853 If unsure, say N. 854 855 To compile this code as a module, choose M here: the 856 module will be called act_skbedit. 857 858config NET_ACT_CSUM 859 tristate "Checksum Updating" 860 depends on NET_CLS_ACT && INET 861 select LIBCRC32C 862 help 863 Say Y here to update some common checksum after some direct 864 packet alterations. 865 866 To compile this code as a module, choose M here: the 867 module will be called act_csum. 868 869config NET_ACT_MPLS 870 tristate "MPLS manipulation" 871 depends on NET_CLS_ACT 872 help 873 Say Y here to push or pop MPLS headers. 874 875 If unsure, say N. 876 877 To compile this code as a module, choose M here: the 878 module will be called act_mpls. 879 880config NET_ACT_VLAN 881 tristate "Vlan manipulation" 882 depends on NET_CLS_ACT 883 help 884 Say Y here to push or pop vlan headers. 885 886 If unsure, say N. 887 888 To compile this code as a module, choose M here: the 889 module will be called act_vlan. 890 891config NET_ACT_BPF 892 tristate "BPF based action" 893 depends on NET_CLS_ACT 894 help 895 Say Y here to execute BPF code on packets. The BPF code will decide 896 if the packet should be dropped or not. 897 898 If unsure, say N. 899 900 To compile this code as a module, choose M here: the 901 module will be called act_bpf. 902 903config NET_ACT_CONNMARK 904 tristate "Netfilter Connection Mark Retriever" 905 depends on NET_CLS_ACT && NETFILTER 906 depends on NF_CONNTRACK && NF_CONNTRACK_MARK 907 help 908 Say Y here to allow retrieving of conn mark 909 910 If unsure, say N. 911 912 To compile this code as a module, choose M here: the 913 module will be called act_connmark. 914 915config NET_ACT_CTINFO 916 tristate "Netfilter Connection Mark Actions" 917 depends on NET_CLS_ACT && NETFILTER 918 depends on NF_CONNTRACK && NF_CONNTRACK_MARK 919 help 920 Say Y here to allow transfer of a connmark stored information. 921 Current actions transfer connmark stored DSCP into 922 ipv4/v6 diffserv and/or to transfer connmark to packet 923 mark. Both are useful for restoring egress based marks 924 back onto ingress connections for qdisc priority mapping 925 purposes. 926 927 If unsure, say N. 928 929 To compile this code as a module, choose M here: the 930 module will be called act_ctinfo. 931 932config NET_ACT_SKBMOD 933 tristate "skb data modification action" 934 depends on NET_CLS_ACT 935 help 936 Say Y here to allow modification of skb data 937 938 If unsure, say N. 939 940 To compile this code as a module, choose M here: the 941 module will be called act_skbmod. 942 943config NET_ACT_IFE 944 tristate "Inter-FE action based on IETF ForCES InterFE LFB" 945 depends on NET_CLS_ACT 946 select NET_IFE 947 help 948 Say Y here to allow for sourcing and terminating metadata 949 For details refer to netdev01 paper: 950 "Distributing Linux Traffic Control Classifier-Action Subsystem" 951 Authors: Jamal Hadi Salim and Damascene M. Joachimpillai 952 953 To compile this code as a module, choose M here: the 954 module will be called act_ife. 955 956config NET_ACT_TUNNEL_KEY 957 tristate "IP tunnel metadata manipulation" 958 depends on NET_CLS_ACT 959 help 960 Say Y here to set/release ip tunnel metadata. 961 962 If unsure, say N. 963 964 To compile this code as a module, choose M here: the 965 module will be called act_tunnel_key. 966 967config NET_ACT_CT 968 tristate "connection tracking tc action" 969 depends on NET_CLS_ACT && NF_CONNTRACK && (!NF_NAT || NF_NAT) && NF_FLOW_TABLE 970 select NF_CONNTRACK_OVS 971 select NF_NAT_OVS if NF_NAT 972 help 973 Say Y here to allow sending the packets to conntrack module. 974 975 If unsure, say N. 976 977 To compile this code as a module, choose M here: the 978 module will be called act_ct. 979 980config NET_ACT_GATE 981 tristate "Frame gate entry list control tc action" 982 depends on NET_CLS_ACT 983 help 984 Say Y here to allow to control the ingress flow to be passed at 985 specific time slot and be dropped at other specific time slot by 986 the gate entry list. 987 988 If unsure, say N. 989 To compile this code as a module, choose M here: the 990 module will be called act_gate. 991 992config NET_IFE_SKBMARK 993 tristate "Support to encoding decoding skb mark on IFE action" 994 depends on NET_ACT_IFE 995 996config NET_IFE_SKBPRIO 997 tristate "Support to encoding decoding skb prio on IFE action" 998 depends on NET_ACT_IFE 999 1000config NET_IFE_SKBTCINDEX 1001 tristate "Support to encoding decoding skb tcindex on IFE action" 1002 depends on NET_ACT_IFE 1003 1004config NET_TC_SKB_EXT 1005 bool "TC recirculation support" 1006 depends on NET_CLS_ACT 1007 select SKB_EXTENSIONS 1008 1009 help 1010 Say Y here to allow tc chain misses to continue in OvS datapath in 1011 the correct recirc_id, and hardware chain misses to continue in 1012 the correct chain in tc software datapath. 1013 1014 Say N here if you won't be using tc<->ovs offload or tc chains offload. 1015 1016endif # NET_SCHED 1017 1018config NET_SCH_FIFO 1019 bool 1020