1# SPDX-License-Identifier: GPL-2.0-only 2# 3# Traffic control configuration. 4# 5 6menuconfig NET_SCHED 7 bool "QoS and/or fair queueing" 8 select NET_SCH_FIFO 9 help 10 When the kernel has several packets to send out over a network 11 device, it has to decide which ones to send first, which ones to 12 delay, and which ones to drop. This is the job of the queueing 13 disciplines, several different algorithms for how to do this 14 "fairly" have been proposed. 15 16 If you say N here, you will get the standard packet scheduler, which 17 is a FIFO (first come, first served). If you say Y here, you will be 18 able to choose from among several alternative algorithms which can 19 then be attached to different network devices. This is useful for 20 example if some of your network devices are real time devices that 21 need a certain minimum data flow rate, or if you need to limit the 22 maximum data flow rate for traffic which matches specified criteria. 23 This code is considered to be experimental. 24 25 To administer these schedulers, you'll need the user-level utilities 26 from the package iproute2+tc at 27 <https://www.kernel.org/pub/linux/utils/net/iproute2/>. That package 28 also contains some documentation; for more, check out 29 <http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2>. 30 31 This Quality of Service (QoS) support will enable you to use 32 Differentiated Services (diffserv) and Resource Reservation Protocol 33 (RSVP) on your Linux router if you also say Y to the corresponding 34 classifiers below. Documentation and software is at 35 <http://diffserv.sourceforge.net/>. 36 37 If you say Y here and to "/proc file system" below, you will be able 38 to read status information about packet schedulers from the file 39 /proc/net/psched. 40 41 The available schedulers are listed in the following questions; you 42 can say Y to as many as you like. If unsure, say N now. 43 44if NET_SCHED 45 46comment "Queueing/Scheduling" 47 48config NET_SCH_HTB 49 tristate "Hierarchical Token Bucket (HTB)" 50 help 51 Say Y here if you want to use the Hierarchical Token Buckets (HTB) 52 packet scheduling algorithm. See 53 <http://luxik.cdi.cz/~devik/qos/htb/> for complete manual and 54 in-depth articles. 55 56 HTB is very similar to CBQ regarding its goals however is has 57 different properties and different algorithm. 58 59 To compile this code as a module, choose M here: the 60 module will be called sch_htb. 61 62config NET_SCH_HFSC 63 tristate "Hierarchical Fair Service Curve (HFSC)" 64 help 65 Say Y here if you want to use the Hierarchical Fair Service Curve 66 (HFSC) packet scheduling algorithm. 67 68 To compile this code as a module, choose M here: the 69 module will be called sch_hfsc. 70 71config NET_SCH_PRIO 72 tristate "Multi Band Priority Queueing (PRIO)" 73 help 74 Say Y here if you want to use an n-band priority queue packet 75 scheduler. 76 77 To compile this code as a module, choose M here: the 78 module will be called sch_prio. 79 80config NET_SCH_MULTIQ 81 tristate "Hardware Multiqueue-aware Multi Band Queuing (MULTIQ)" 82 help 83 Say Y here if you want to use an n-band queue packet scheduler 84 to support devices that have multiple hardware transmit queues. 85 86 To compile this code as a module, choose M here: the 87 module will be called sch_multiq. 88 89config NET_SCH_RED 90 tristate "Random Early Detection (RED)" 91 help 92 Say Y here if you want to use the Random Early Detection (RED) 93 packet scheduling algorithm. 94 95 See the top of <file:net/sched/sch_red.c> for more details. 96 97 To compile this code as a module, choose M here: the 98 module will be called sch_red. 99 100config NET_SCH_SFB 101 tristate "Stochastic Fair Blue (SFB)" 102 help 103 Say Y here if you want to use the Stochastic Fair Blue (SFB) 104 packet scheduling algorithm. 105 106 See the top of <file:net/sched/sch_sfb.c> for more details. 107 108 To compile this code as a module, choose M here: the 109 module will be called sch_sfb. 110 111config NET_SCH_SFQ 112 tristate "Stochastic Fairness Queueing (SFQ)" 113 help 114 Say Y here if you want to use the Stochastic Fairness Queueing (SFQ) 115 packet scheduling algorithm. 116 117 See the top of <file:net/sched/sch_sfq.c> for more details. 118 119 To compile this code as a module, choose M here: the 120 module will be called sch_sfq. 121 122config NET_SCH_TEQL 123 tristate "True Link Equalizer (TEQL)" 124 help 125 Say Y here if you want to use the True Link Equalizer (TLE) packet 126 scheduling algorithm. This queueing discipline allows the combination 127 of several physical devices into one virtual device. 128 129 See the top of <file:net/sched/sch_teql.c> for more details. 130 131 To compile this code as a module, choose M here: the 132 module will be called sch_teql. 133 134config NET_SCH_TBF 135 tristate "Token Bucket Filter (TBF)" 136 help 137 Say Y here if you want to use the Token Bucket Filter (TBF) packet 138 scheduling algorithm. 139 140 See the top of <file:net/sched/sch_tbf.c> for more details. 141 142 To compile this code as a module, choose M here: the 143 module will be called sch_tbf. 144 145config NET_SCH_CBS 146 tristate "Credit Based Shaper (CBS)" 147 help 148 Say Y here if you want to use the Credit Based Shaper (CBS) packet 149 scheduling algorithm. 150 151 See the top of <file:net/sched/sch_cbs.c> for more details. 152 153 To compile this code as a module, choose M here: the 154 module will be called sch_cbs. 155 156config NET_SCH_ETF 157 tristate "Earliest TxTime First (ETF)" 158 help 159 Say Y here if you want to use the Earliest TxTime First (ETF) packet 160 scheduling algorithm. 161 162 See the top of <file:net/sched/sch_etf.c> for more details. 163 164 To compile this code as a module, choose M here: the 165 module will be called sch_etf. 166 167config NET_SCH_MQPRIO_LIB 168 tristate 169 help 170 Common library for manipulating mqprio queue configurations. 171 172config NET_SCH_TAPRIO 173 tristate "Time Aware Priority (taprio) Scheduler" 174 select NET_SCH_MQPRIO_LIB 175 help 176 Say Y here if you want to use the Time Aware Priority (taprio) packet 177 scheduling algorithm. 178 179 See the top of <file:net/sched/sch_taprio.c> for more details. 180 181 To compile this code as a module, choose M here: the 182 module will be called sch_taprio. 183 184config NET_SCH_GRED 185 tristate "Generic Random Early Detection (GRED)" 186 help 187 Say Y here if you want to use the Generic Random Early Detection 188 (GRED) packet scheduling algorithm for some of your network devices 189 (see the top of <file:net/sched/sch_red.c> for details and 190 references about the algorithm). 191 192 To compile this code as a module, choose M here: the 193 module will be called sch_gred. 194 195config NET_SCH_NETEM 196 tristate "Network emulator (NETEM)" 197 help 198 Say Y if you want to emulate network delay, loss, and packet 199 re-ordering. This is often useful to simulate networks when 200 testing applications or protocols. 201 202 To compile this driver as a module, choose M here: the module 203 will be called sch_netem. 204 205 If unsure, say N. 206 207config NET_SCH_DRR 208 tristate "Deficit Round Robin scheduler (DRR)" 209 help 210 Say Y here if you want to use the Deficit Round Robin (DRR) packet 211 scheduling algorithm. 212 213 To compile this driver as a module, choose M here: the module 214 will be called sch_drr. 215 216 If unsure, say N. 217 218config NET_SCH_MQPRIO 219 tristate "Multi-queue priority scheduler (MQPRIO)" 220 select NET_SCH_MQPRIO_LIB 221 help 222 Say Y here if you want to use the Multi-queue Priority scheduler. 223 This scheduler allows QOS to be offloaded on NICs that have support 224 for offloading QOS schedulers. 225 226 To compile this driver as a module, choose M here: the module will 227 be called sch_mqprio. 228 229 If unsure, say N. 230 231config NET_SCH_SKBPRIO 232 tristate "SKB priority queue scheduler (SKBPRIO)" 233 help 234 Say Y here if you want to use the SKB priority queue 235 scheduler. This schedules packets according to skb->priority, 236 which is useful for request packets in DoS mitigation systems such 237 as Gatekeeper. 238 239 To compile this driver as a module, choose M here: the module will 240 be called sch_skbprio. 241 242 If unsure, say N. 243 244config NET_SCH_CHOKE 245 tristate "CHOose and Keep responsive flow scheduler (CHOKE)" 246 help 247 Say Y here if you want to use the CHOKe packet scheduler (CHOose 248 and Keep for responsive flows, CHOose and Kill for unresponsive 249 flows). This is a variation of RED which tries to penalize flows 250 that monopolize the queue. 251 252 To compile this code as a module, choose M here: the 253 module will be called sch_choke. 254 255config NET_SCH_QFQ 256 tristate "Quick Fair Queueing scheduler (QFQ)" 257 help 258 Say Y here if you want to use the Quick Fair Queueing Scheduler (QFQ) 259 packet scheduling algorithm. 260 261 To compile this driver as a module, choose M here: the module 262 will be called sch_qfq. 263 264 If unsure, say N. 265 266config NET_SCH_CODEL 267 tristate "Controlled Delay AQM (CODEL)" 268 help 269 Say Y here if you want to use the Controlled Delay (CODEL) 270 packet scheduling algorithm. 271 272 To compile this driver as a module, choose M here: the module 273 will be called sch_codel. 274 275 If unsure, say N. 276 277config NET_SCH_FQ_CODEL 278 tristate "Fair Queue Controlled Delay AQM (FQ_CODEL)" 279 help 280 Say Y here if you want to use the FQ Controlled Delay (FQ_CODEL) 281 packet scheduling algorithm. 282 283 To compile this driver as a module, choose M here: the module 284 will be called sch_fq_codel. 285 286 If unsure, say N. 287 288config NET_SCH_CAKE 289 tristate "Common Applications Kept Enhanced (CAKE)" 290 help 291 Say Y here if you want to use the Common Applications Kept Enhanced 292 (CAKE) queue management algorithm. 293 294 To compile this driver as a module, choose M here: the module 295 will be called sch_cake. 296 297 If unsure, say N. 298 299config NET_SCH_FQ 300 tristate "Fair Queue" 301 help 302 Say Y here if you want to use the FQ packet scheduling algorithm. 303 304 FQ does flow separation, and is able to respect pacing requirements 305 set by TCP stack into sk->sk_pacing_rate (for locally generated 306 traffic) 307 308 To compile this driver as a module, choose M here: the module 309 will be called sch_fq. 310 311 If unsure, say N. 312 313config NET_SCH_HHF 314 tristate "Heavy-Hitter Filter (HHF)" 315 help 316 Say Y here if you want to use the Heavy-Hitter Filter (HHF) 317 packet scheduling algorithm. 318 319 To compile this driver as a module, choose M here: the module 320 will be called sch_hhf. 321 322config NET_SCH_PIE 323 tristate "Proportional Integral controller Enhanced (PIE) scheduler" 324 help 325 Say Y here if you want to use the Proportional Integral controller 326 Enhanced scheduler packet scheduling algorithm. 327 For more information, please see https://tools.ietf.org/html/rfc8033 328 329 To compile this driver as a module, choose M here: the module 330 will be called sch_pie. 331 332 If unsure, say N. 333 334config NET_SCH_FQ_PIE 335 depends on NET_SCH_PIE 336 tristate "Flow Queue Proportional Integral controller Enhanced (FQ-PIE)" 337 help 338 Say Y here if you want to use the Flow Queue Proportional Integral 339 controller Enhanced (FQ-PIE) packet scheduling algorithm. 340 For more information, please see https://tools.ietf.org/html/rfc8033 341 342 To compile this driver as a module, choose M here: the module 343 will be called sch_fq_pie. 344 345 If unsure, say N. 346 347config NET_SCH_INGRESS 348 tristate "Ingress/classifier-action Qdisc" 349 depends on NET_CLS_ACT 350 select NET_INGRESS 351 select NET_EGRESS 352 help 353 Say Y here if you want to use classifiers for incoming and/or outgoing 354 packets. This qdisc doesn't do anything else besides running classifiers, 355 which can also have actions attached to them. In case of outgoing packets, 356 classifiers that this qdisc holds are executed in the transmit path 357 before real enqueuing to an egress qdisc happens. 358 359 If unsure, say Y. 360 361 To compile this code as a module, choose M here: the module will be 362 called sch_ingress with alias of sch_clsact. 363 364config NET_SCH_PLUG 365 tristate "Plug network traffic until release (PLUG)" 366 help 367 368 This queuing discipline allows userspace to plug/unplug a network 369 output queue, using the netlink interface. When it receives an 370 enqueue command it inserts a plug into the outbound queue that 371 causes following packets to enqueue until a dequeue command arrives 372 over netlink, causing the plug to be removed and resuming the normal 373 packet flow. 374 375 This module also provides a generic "network output buffering" 376 functionality (aka output commit), wherein upon arrival of a dequeue 377 command, only packets up to the first plug are released for delivery. 378 The Remus HA project uses this module to enable speculative execution 379 of virtual machines by allowing the generated network output to be rolled 380 back if needed. 381 382 For more information, please refer to <http://wiki.xenproject.org/wiki/Remus> 383 384 Say Y here if you are using this kernel for Xen dom0 and 385 want to protect Xen guests with Remus. 386 387 To compile this code as a module, choose M here: the 388 module will be called sch_plug. 389 390config NET_SCH_ETS 391 tristate "Enhanced transmission selection scheduler (ETS)" 392 help 393 The Enhanced Transmission Selection scheduler is a classful 394 queuing discipline that merges functionality of PRIO and DRR 395 qdiscs in one scheduler. ETS makes it easy to configure a set of 396 strict and bandwidth-sharing bands to implement the transmission 397 selection described in 802.1Qaz. 398 399 Say Y here if you want to use the ETS packet scheduling 400 algorithm. 401 402 To compile this driver as a module, choose M here: the module 403 will be called sch_ets. 404 405 If unsure, say N. 406 407menuconfig NET_SCH_DEFAULT 408 bool "Allow override default queue discipline" 409 help 410 Support for selection of default queuing discipline. 411 412 Nearly all users can safely say no here, and the default 413 of pfifo_fast will be used. Many distributions already set 414 the default value via /proc/sys/net/core/default_qdisc. 415 416 If unsure, say N. 417 418if NET_SCH_DEFAULT 419 420choice 421 prompt "Default queuing discipline" 422 default DEFAULT_PFIFO_FAST 423 help 424 Select the queueing discipline that will be used by default 425 for all network devices. 426 427 config DEFAULT_FQ 428 bool "Fair Queue" if NET_SCH_FQ 429 430 config DEFAULT_CODEL 431 bool "Controlled Delay" if NET_SCH_CODEL 432 433 config DEFAULT_FQ_CODEL 434 bool "Fair Queue Controlled Delay" if NET_SCH_FQ_CODEL 435 436 config DEFAULT_FQ_PIE 437 bool "Flow Queue Proportional Integral controller Enhanced" if NET_SCH_FQ_PIE 438 439 config DEFAULT_SFQ 440 bool "Stochastic Fair Queue" if NET_SCH_SFQ 441 442 config DEFAULT_PFIFO_FAST 443 bool "Priority FIFO Fast" 444endchoice 445 446config DEFAULT_NET_SCH 447 string 448 default "pfifo_fast" if DEFAULT_PFIFO_FAST 449 default "fq" if DEFAULT_FQ 450 default "fq_codel" if DEFAULT_FQ_CODEL 451 default "fq_pie" if DEFAULT_FQ_PIE 452 default "sfq" if DEFAULT_SFQ 453 default "pfifo_fast" 454endif 455 456comment "Classification" 457 458config NET_CLS 459 bool 460 461config NET_CLS_BASIC 462 tristate "Elementary classification (BASIC)" 463 select NET_CLS 464 help 465 Say Y here if you want to be able to classify packets using 466 only extended matches and actions. 467 468 To compile this code as a module, choose M here: the 469 module will be called cls_basic. 470 471config NET_CLS_ROUTE4 472 tristate "Routing decision (ROUTE)" 473 depends on INET 474 select IP_ROUTE_CLASSID 475 select NET_CLS 476 help 477 If you say Y here, you will be able to classify packets 478 according to the route table entry they matched. 479 480 To compile this code as a module, choose M here: the 481 module will be called cls_route. 482 483config NET_CLS_FW 484 tristate "Netfilter mark (FW)" 485 select NET_CLS 486 help 487 If you say Y here, you will be able to classify packets 488 according to netfilter/firewall marks. 489 490 To compile this code as a module, choose M here: the 491 module will be called cls_fw. 492 493config NET_CLS_U32 494 tristate "Universal 32bit comparisons w/ hashing (U32)" 495 select NET_CLS 496 help 497 Say Y here to be able to classify packets using a universal 498 32bit pieces based comparison scheme. 499 500 To compile this code as a module, choose M here: the 501 module will be called cls_u32. 502 503config CLS_U32_PERF 504 bool "Performance counters support" 505 depends on NET_CLS_U32 506 help 507 Say Y here to make u32 gather additional statistics useful for 508 fine tuning u32 classifiers. 509 510config CLS_U32_MARK 511 bool "Netfilter marks support" 512 depends on NET_CLS_U32 513 help 514 Say Y here to be able to use netfilter marks as u32 key. 515 516config NET_CLS_FLOW 517 tristate "Flow classifier" 518 select NET_CLS 519 help 520 If you say Y here, you will be able to classify packets based on 521 a configurable combination of packet keys. This is mostly useful 522 in combination with SFQ. 523 524 To compile this code as a module, choose M here: the 525 module will be called cls_flow. 526 527config NET_CLS_CGROUP 528 tristate "Control Group Classifier" 529 select NET_CLS 530 select CGROUP_NET_CLASSID 531 depends on CGROUPS 532 help 533 Say Y here if you want to classify packets based on the control 534 cgroup of their process. 535 536 To compile this code as a module, choose M here: the 537 module will be called cls_cgroup. 538 539config NET_CLS_BPF 540 tristate "BPF-based classifier" 541 select NET_CLS 542 help 543 If you say Y here, you will be able to classify packets based on 544 programmable BPF (JIT'ed) filters as an alternative to ematches. 545 546 To compile this code as a module, choose M here: the module will 547 be called cls_bpf. 548 549config NET_CLS_FLOWER 550 tristate "Flower classifier" 551 select NET_CLS 552 help 553 If you say Y here, you will be able to classify packets based on 554 a configurable combination of packet keys and masks. 555 556 To compile this code as a module, choose M here: the module will 557 be called cls_flower. 558 559config NET_CLS_MATCHALL 560 tristate "Match-all classifier" 561 select NET_CLS 562 help 563 If you say Y here, you will be able to classify packets based on 564 nothing. Every packet will match. 565 566 To compile this code as a module, choose M here: the module will 567 be called cls_matchall. 568 569config NET_EMATCH 570 bool "Extended Matches" 571 select NET_CLS 572 help 573 Say Y here if you want to use extended matches on top of classifiers 574 and select the extended matches below. 575 576 Extended matches are small classification helpers not worth writing 577 a separate classifier for. 578 579 A recent version of the iproute2 package is required to use 580 extended matches. 581 582config NET_EMATCH_STACK 583 int "Stack size" 584 depends on NET_EMATCH 585 default "32" 586 help 587 Size of the local stack variable used while evaluating the tree of 588 ematches. Limits the depth of the tree, i.e. the number of 589 encapsulated precedences. Every level requires 4 bytes of additional 590 stack space. 591 592config NET_EMATCH_CMP 593 tristate "Simple packet data comparison" 594 depends on NET_EMATCH 595 help 596 Say Y here if you want to be able to classify packets based on 597 simple packet data comparisons for 8, 16, and 32bit values. 598 599 To compile this code as a module, choose M here: the 600 module will be called em_cmp. 601 602config NET_EMATCH_NBYTE 603 tristate "Multi byte comparison" 604 depends on NET_EMATCH 605 help 606 Say Y here if you want to be able to classify packets based on 607 multiple byte comparisons mainly useful for IPv6 address comparisons. 608 609 To compile this code as a module, choose M here: the 610 module will be called em_nbyte. 611 612config NET_EMATCH_U32 613 tristate "U32 key" 614 depends on NET_EMATCH 615 help 616 Say Y here if you want to be able to classify packets using 617 the famous u32 key in combination with logic relations. 618 619 To compile this code as a module, choose M here: the 620 module will be called em_u32. 621 622config NET_EMATCH_META 623 tristate "Metadata" 624 depends on NET_EMATCH 625 help 626 Say Y here if you want to be able to classify packets based on 627 metadata such as load average, netfilter attributes, socket 628 attributes and routing decisions. 629 630 To compile this code as a module, choose M here: the 631 module will be called em_meta. 632 633config NET_EMATCH_TEXT 634 tristate "Textsearch" 635 depends on NET_EMATCH 636 select TEXTSEARCH 637 select TEXTSEARCH_KMP 638 select TEXTSEARCH_BM 639 select TEXTSEARCH_FSM 640 help 641 Say Y here if you want to be able to classify packets based on 642 textsearch comparisons. 643 644 To compile this code as a module, choose M here: the 645 module will be called em_text. 646 647config NET_EMATCH_CANID 648 tristate "CAN Identifier" 649 depends on NET_EMATCH && (CAN=y || CAN=m) 650 help 651 Say Y here if you want to be able to classify CAN frames based 652 on CAN Identifier. 653 654 To compile this code as a module, choose M here: the 655 module will be called em_canid. 656 657config NET_EMATCH_IPSET 658 tristate "IPset" 659 depends on NET_EMATCH && IP_SET 660 help 661 Say Y here if you want to be able to classify packets based on 662 ipset membership. 663 664 To compile this code as a module, choose M here: the 665 module will be called em_ipset. 666 667config NET_EMATCH_IPT 668 tristate "IPtables Matches" 669 depends on NET_EMATCH && NETFILTER && NETFILTER_XTABLES 670 help 671 Say Y here to be able to classify packets based on iptables 672 matches. 673 Current supported match is "policy" which allows packet classification 674 based on IPsec policy that was used during decapsulation 675 676 To compile this code as a module, choose M here: the 677 module will be called em_ipt. 678 679config NET_CLS_ACT 680 bool "Actions" 681 select NET_CLS 682 help 683 Say Y here if you want to use traffic control actions. Actions 684 get attached to classifiers and are invoked after a successful 685 classification. They are used to overwrite the classification 686 result, instantly drop or redirect packets, etc. 687 688 A recent version of the iproute2 package is required to use 689 extended matches. 690 691config NET_ACT_POLICE 692 tristate "Traffic Policing" 693 depends on NET_CLS_ACT 694 help 695 Say Y here if you want to do traffic policing, i.e. strict 696 bandwidth limiting. This action replaces the existing policing 697 module. 698 699 To compile this code as a module, choose M here: the 700 module will be called act_police. 701 702config NET_ACT_GACT 703 tristate "Generic actions" 704 depends on NET_CLS_ACT 705 help 706 Say Y here to take generic actions such as dropping and 707 accepting packets. 708 709 To compile this code as a module, choose M here: the 710 module will be called act_gact. 711 712config GACT_PROB 713 bool "Probability support" 714 depends on NET_ACT_GACT 715 help 716 Say Y here to use the generic action randomly or deterministically. 717 718config NET_ACT_MIRRED 719 tristate "Redirecting and Mirroring" 720 depends on NET_CLS_ACT 721 help 722 Say Y here to allow packets to be mirrored or redirected to 723 other devices. 724 725 To compile this code as a module, choose M here: the 726 module will be called act_mirred. 727 728config NET_ACT_SAMPLE 729 tristate "Traffic Sampling" 730 depends on NET_CLS_ACT 731 select PSAMPLE 732 help 733 Say Y here to allow packet sampling tc action. The packet sample 734 action consists of statistically choosing packets and sampling 735 them using the psample module. 736 737 To compile this code as a module, choose M here: the 738 module will be called act_sample. 739 740config NET_ACT_IPT 741 tristate "IPtables targets" 742 depends on NET_CLS_ACT && NETFILTER && NETFILTER_XTABLES 743 help 744 Say Y here to be able to invoke iptables targets after successful 745 classification. 746 747 To compile this code as a module, choose M here: the 748 module will be called act_ipt. 749 750config NET_ACT_NAT 751 tristate "Stateless NAT" 752 depends on NET_CLS_ACT 753 help 754 Say Y here to do stateless NAT on IPv4 packets. You should use 755 netfilter for NAT unless you know what you are doing. 756 757 To compile this code as a module, choose M here: the 758 module will be called act_nat. 759 760config NET_ACT_PEDIT 761 tristate "Packet Editing" 762 depends on NET_CLS_ACT 763 help 764 Say Y here if you want to mangle the content of packets. 765 766 To compile this code as a module, choose M here: the 767 module will be called act_pedit. 768 769config NET_ACT_SIMP 770 tristate "Simple Example (Debug)" 771 depends on NET_CLS_ACT 772 help 773 Say Y here to add a simple action for demonstration purposes. 774 It is meant as an example and for debugging purposes. It will 775 print a configured policy string followed by the packet count 776 to the console for every packet that passes by. 777 778 If unsure, say N. 779 780 To compile this code as a module, choose M here: the 781 module will be called act_simple. 782 783config NET_ACT_SKBEDIT 784 tristate "SKB Editing" 785 depends on NET_CLS_ACT 786 help 787 Say Y here to change skb priority or queue_mapping settings. 788 789 If unsure, say N. 790 791 To compile this code as a module, choose M here: the 792 module will be called act_skbedit. 793 794config NET_ACT_CSUM 795 tristate "Checksum Updating" 796 depends on NET_CLS_ACT && INET 797 select LIBCRC32C 798 help 799 Say Y here to update some common checksum after some direct 800 packet alterations. 801 802 To compile this code as a module, choose M here: the 803 module will be called act_csum. 804 805config NET_ACT_MPLS 806 tristate "MPLS manipulation" 807 depends on NET_CLS_ACT 808 help 809 Say Y here to push or pop MPLS headers. 810 811 If unsure, say N. 812 813 To compile this code as a module, choose M here: the 814 module will be called act_mpls. 815 816config NET_ACT_VLAN 817 tristate "Vlan manipulation" 818 depends on NET_CLS_ACT 819 help 820 Say Y here to push or pop vlan headers. 821 822 If unsure, say N. 823 824 To compile this code as a module, choose M here: the 825 module will be called act_vlan. 826 827config NET_ACT_BPF 828 tristate "BPF based action" 829 depends on NET_CLS_ACT 830 help 831 Say Y here to execute BPF code on packets. The BPF code will decide 832 if the packet should be dropped or not. 833 834 If unsure, say N. 835 836 To compile this code as a module, choose M here: the 837 module will be called act_bpf. 838 839config NET_ACT_CONNMARK 840 tristate "Netfilter Connection Mark Retriever" 841 depends on NET_CLS_ACT && NETFILTER 842 depends on NF_CONNTRACK && NF_CONNTRACK_MARK 843 help 844 Say Y here to allow retrieving of conn mark 845 846 If unsure, say N. 847 848 To compile this code as a module, choose M here: the 849 module will be called act_connmark. 850 851config NET_ACT_CTINFO 852 tristate "Netfilter Connection Mark Actions" 853 depends on NET_CLS_ACT && NETFILTER 854 depends on NF_CONNTRACK && NF_CONNTRACK_MARK 855 help 856 Say Y here to allow transfer of a connmark stored information. 857 Current actions transfer connmark stored DSCP into 858 ipv4/v6 diffserv and/or to transfer connmark to packet 859 mark. Both are useful for restoring egress based marks 860 back onto ingress connections for qdisc priority mapping 861 purposes. 862 863 If unsure, say N. 864 865 To compile this code as a module, choose M here: the 866 module will be called act_ctinfo. 867 868config NET_ACT_SKBMOD 869 tristate "skb data modification action" 870 depends on NET_CLS_ACT 871 help 872 Say Y here to allow modification of skb data 873 874 If unsure, say N. 875 876 To compile this code as a module, choose M here: the 877 module will be called act_skbmod. 878 879config NET_ACT_IFE 880 tristate "Inter-FE action based on IETF ForCES InterFE LFB" 881 depends on NET_CLS_ACT 882 select NET_IFE 883 help 884 Say Y here to allow for sourcing and terminating metadata 885 For details refer to netdev01 paper: 886 "Distributing Linux Traffic Control Classifier-Action Subsystem" 887 Authors: Jamal Hadi Salim and Damascene M. Joachimpillai 888 889 To compile this code as a module, choose M here: the 890 module will be called act_ife. 891 892config NET_ACT_TUNNEL_KEY 893 tristate "IP tunnel metadata manipulation" 894 depends on NET_CLS_ACT 895 help 896 Say Y here to set/release ip tunnel metadata. 897 898 If unsure, say N. 899 900 To compile this code as a module, choose M here: the 901 module will be called act_tunnel_key. 902 903config NET_ACT_CT 904 tristate "connection tracking tc action" 905 depends on NET_CLS_ACT && NF_CONNTRACK && (!NF_NAT || NF_NAT) && NF_FLOW_TABLE 906 select NF_CONNTRACK_OVS 907 select NF_NAT_OVS if NF_NAT 908 help 909 Say Y here to allow sending the packets to conntrack module. 910 911 If unsure, say N. 912 913 To compile this code as a module, choose M here: the 914 module will be called act_ct. 915 916config NET_ACT_GATE 917 tristate "Frame gate entry list control tc action" 918 depends on NET_CLS_ACT 919 help 920 Say Y here to allow to control the ingress flow to be passed at 921 specific time slot and be dropped at other specific time slot by 922 the gate entry list. 923 924 If unsure, say N. 925 To compile this code as a module, choose M here: the 926 module will be called act_gate. 927 928config NET_IFE_SKBMARK 929 tristate "Support to encoding decoding skb mark on IFE action" 930 depends on NET_ACT_IFE 931 932config NET_IFE_SKBPRIO 933 tristate "Support to encoding decoding skb prio on IFE action" 934 depends on NET_ACT_IFE 935 936config NET_IFE_SKBTCINDEX 937 tristate "Support to encoding decoding skb tcindex on IFE action" 938 depends on NET_ACT_IFE 939 940config NET_TC_SKB_EXT 941 bool "TC recirculation support" 942 depends on NET_CLS_ACT 943 select SKB_EXTENSIONS 944 945 help 946 Say Y here to allow tc chain misses to continue in OvS datapath in 947 the correct recirc_id, and hardware chain misses to continue in 948 the correct chain in tc software datapath. 949 950 Say N here if you won't be using tc<->ovs offload or tc chains offload. 951 952endif # NET_SCHED 953 954config NET_SCH_FIFO 955 bool 956