1# SPDX-License-Identifier: GPL-2.0-only 2# 3# Traffic control configuration. 4# 5 6menuconfig NET_SCHED 7 bool "QoS and/or fair queueing" 8 select NET_SCH_FIFO 9 ---help--- 10 When the kernel has several packets to send out over a network 11 device, it has to decide which ones to send first, which ones to 12 delay, and which ones to drop. This is the job of the queueing 13 disciplines, several different algorithms for how to do this 14 "fairly" have been proposed. 15 16 If you say N here, you will get the standard packet scheduler, which 17 is a FIFO (first come, first served). If you say Y here, you will be 18 able to choose from among several alternative algorithms which can 19 then be attached to different network devices. This is useful for 20 example if some of your network devices are real time devices that 21 need a certain minimum data flow rate, or if you need to limit the 22 maximum data flow rate for traffic which matches specified criteria. 23 This code is considered to be experimental. 24 25 To administer these schedulers, you'll need the user-level utilities 26 from the package iproute2+tc at 27 <https://www.kernel.org/pub/linux/utils/net/iproute2/>. That package 28 also contains some documentation; for more, check out 29 <http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2>. 30 31 This Quality of Service (QoS) support will enable you to use 32 Differentiated Services (diffserv) and Resource Reservation Protocol 33 (RSVP) on your Linux router if you also say Y to the corresponding 34 classifiers below. Documentation and software is at 35 <http://diffserv.sourceforge.net/>. 36 37 If you say Y here and to "/proc file system" below, you will be able 38 to read status information about packet schedulers from the file 39 /proc/net/psched. 40 41 The available schedulers are listed in the following questions; you 42 can say Y to as many as you like. If unsure, say N now. 43 44if NET_SCHED 45 46comment "Queueing/Scheduling" 47 48config NET_SCH_CBQ 49 tristate "Class Based Queueing (CBQ)" 50 ---help--- 51 Say Y here if you want to use the Class-Based Queueing (CBQ) packet 52 scheduling algorithm. This algorithm classifies the waiting packets 53 into a tree-like hierarchy of classes; the leaves of this tree are 54 in turn scheduled by separate algorithms. 55 56 See the top of <file:net/sched/sch_cbq.c> for more details. 57 58 CBQ is a commonly used scheduler, so if you're unsure, you should 59 say Y here. Then say Y to all the queueing algorithms below that you 60 want to use as leaf disciplines. 61 62 To compile this code as a module, choose M here: the 63 module will be called sch_cbq. 64 65config NET_SCH_HTB 66 tristate "Hierarchical Token Bucket (HTB)" 67 ---help--- 68 Say Y here if you want to use the Hierarchical Token Buckets (HTB) 69 packet scheduling algorithm. See 70 <http://luxik.cdi.cz/~devik/qos/htb/> for complete manual and 71 in-depth articles. 72 73 HTB is very similar to CBQ regarding its goals however is has 74 different properties and different algorithm. 75 76 To compile this code as a module, choose M here: the 77 module will be called sch_htb. 78 79config NET_SCH_HFSC 80 tristate "Hierarchical Fair Service Curve (HFSC)" 81 ---help--- 82 Say Y here if you want to use the Hierarchical Fair Service Curve 83 (HFSC) packet scheduling algorithm. 84 85 To compile this code as a module, choose M here: the 86 module will be called sch_hfsc. 87 88config NET_SCH_ATM 89 tristate "ATM Virtual Circuits (ATM)" 90 depends on ATM 91 ---help--- 92 Say Y here if you want to use the ATM pseudo-scheduler. This 93 provides a framework for invoking classifiers, which in turn 94 select classes of this queuing discipline. Each class maps 95 the flow(s) it is handling to a given virtual circuit. 96 97 See the top of <file:net/sched/sch_atm.c> for more details. 98 99 To compile this code as a module, choose M here: the 100 module will be called sch_atm. 101 102config NET_SCH_PRIO 103 tristate "Multi Band Priority Queueing (PRIO)" 104 ---help--- 105 Say Y here if you want to use an n-band priority queue packet 106 scheduler. 107 108 To compile this code as a module, choose M here: the 109 module will be called sch_prio. 110 111config NET_SCH_MULTIQ 112 tristate "Hardware Multiqueue-aware Multi Band Queuing (MULTIQ)" 113 ---help--- 114 Say Y here if you want to use an n-band queue packet scheduler 115 to support devices that have multiple hardware transmit queues. 116 117 To compile this code as a module, choose M here: the 118 module will be called sch_multiq. 119 120config NET_SCH_RED 121 tristate "Random Early Detection (RED)" 122 ---help--- 123 Say Y here if you want to use the Random Early Detection (RED) 124 packet scheduling algorithm. 125 126 See the top of <file:net/sched/sch_red.c> for more details. 127 128 To compile this code as a module, choose M here: the 129 module will be called sch_red. 130 131config NET_SCH_SFB 132 tristate "Stochastic Fair Blue (SFB)" 133 ---help--- 134 Say Y here if you want to use the Stochastic Fair Blue (SFB) 135 packet scheduling algorithm. 136 137 See the top of <file:net/sched/sch_sfb.c> for more details. 138 139 To compile this code as a module, choose M here: the 140 module will be called sch_sfb. 141 142config NET_SCH_SFQ 143 tristate "Stochastic Fairness Queueing (SFQ)" 144 ---help--- 145 Say Y here if you want to use the Stochastic Fairness Queueing (SFQ) 146 packet scheduling algorithm. 147 148 See the top of <file:net/sched/sch_sfq.c> for more details. 149 150 To compile this code as a module, choose M here: the 151 module will be called sch_sfq. 152 153config NET_SCH_TEQL 154 tristate "True Link Equalizer (TEQL)" 155 ---help--- 156 Say Y here if you want to use the True Link Equalizer (TLE) packet 157 scheduling algorithm. This queueing discipline allows the combination 158 of several physical devices into one virtual device. 159 160 See the top of <file:net/sched/sch_teql.c> for more details. 161 162 To compile this code as a module, choose M here: the 163 module will be called sch_teql. 164 165config NET_SCH_TBF 166 tristate "Token Bucket Filter (TBF)" 167 ---help--- 168 Say Y here if you want to use the Token Bucket Filter (TBF) packet 169 scheduling algorithm. 170 171 See the top of <file:net/sched/sch_tbf.c> for more details. 172 173 To compile this code as a module, choose M here: the 174 module will be called sch_tbf. 175 176config NET_SCH_CBS 177 tristate "Credit Based Shaper (CBS)" 178 ---help--- 179 Say Y here if you want to use the Credit Based Shaper (CBS) packet 180 scheduling algorithm. 181 182 See the top of <file:net/sched/sch_cbs.c> for more details. 183 184 To compile this code as a module, choose M here: the 185 module will be called sch_cbs. 186 187config NET_SCH_ETF 188 tristate "Earliest TxTime First (ETF)" 189 help 190 Say Y here if you want to use the Earliest TxTime First (ETF) packet 191 scheduling algorithm. 192 193 See the top of <file:net/sched/sch_etf.c> for more details. 194 195 To compile this code as a module, choose M here: the 196 module will be called sch_etf. 197 198config NET_SCH_TAPRIO 199 tristate "Time Aware Priority (taprio) Scheduler" 200 help 201 Say Y here if you want to use the Time Aware Priority (taprio) packet 202 scheduling algorithm. 203 204 See the top of <file:net/sched/sch_taprio.c> for more details. 205 206 To compile this code as a module, choose M here: the 207 module will be called sch_taprio. 208 209config NET_SCH_GRED 210 tristate "Generic Random Early Detection (GRED)" 211 ---help--- 212 Say Y here if you want to use the Generic Random Early Detection 213 (GRED) packet scheduling algorithm for some of your network devices 214 (see the top of <file:net/sched/sch_red.c> for details and 215 references about the algorithm). 216 217 To compile this code as a module, choose M here: the 218 module will be called sch_gred. 219 220config NET_SCH_DSMARK 221 tristate "Differentiated Services marker (DSMARK)" 222 ---help--- 223 Say Y if you want to schedule packets according to the 224 Differentiated Services architecture proposed in RFC 2475. 225 Technical information on this method, with pointers to associated 226 RFCs, is available at <http://www.gta.ufrj.br/diffserv/>. 227 228 To compile this code as a module, choose M here: the 229 module will be called sch_dsmark. 230 231config NET_SCH_NETEM 232 tristate "Network emulator (NETEM)" 233 ---help--- 234 Say Y if you want to emulate network delay, loss, and packet 235 re-ordering. This is often useful to simulate networks when 236 testing applications or protocols. 237 238 To compile this driver as a module, choose M here: the module 239 will be called sch_netem. 240 241 If unsure, say N. 242 243config NET_SCH_DRR 244 tristate "Deficit Round Robin scheduler (DRR)" 245 help 246 Say Y here if you want to use the Deficit Round Robin (DRR) packet 247 scheduling algorithm. 248 249 To compile this driver as a module, choose M here: the module 250 will be called sch_drr. 251 252 If unsure, say N. 253 254config NET_SCH_MQPRIO 255 tristate "Multi-queue priority scheduler (MQPRIO)" 256 help 257 Say Y here if you want to use the Multi-queue Priority scheduler. 258 This scheduler allows QOS to be offloaded on NICs that have support 259 for offloading QOS schedulers. 260 261 To compile this driver as a module, choose M here: the module will 262 be called sch_mqprio. 263 264 If unsure, say N. 265 266config NET_SCH_SKBPRIO 267 tristate "SKB priority queue scheduler (SKBPRIO)" 268 help 269 Say Y here if you want to use the SKB priority queue 270 scheduler. This schedules packets according to skb->priority, 271 which is useful for request packets in DoS mitigation systems such 272 as Gatekeeper. 273 274 To compile this driver as a module, choose M here: the module will 275 be called sch_skbprio. 276 277 If unsure, say N. 278 279config NET_SCH_CHOKE 280 tristate "CHOose and Keep responsive flow scheduler (CHOKE)" 281 help 282 Say Y here if you want to use the CHOKe packet scheduler (CHOose 283 and Keep for responsive flows, CHOose and Kill for unresponsive 284 flows). This is a variation of RED which trys to penalize flows 285 that monopolize the queue. 286 287 To compile this code as a module, choose M here: the 288 module will be called sch_choke. 289 290config NET_SCH_QFQ 291 tristate "Quick Fair Queueing scheduler (QFQ)" 292 help 293 Say Y here if you want to use the Quick Fair Queueing Scheduler (QFQ) 294 packet scheduling algorithm. 295 296 To compile this driver as a module, choose M here: the module 297 will be called sch_qfq. 298 299 If unsure, say N. 300 301config NET_SCH_CODEL 302 tristate "Controlled Delay AQM (CODEL)" 303 help 304 Say Y here if you want to use the Controlled Delay (CODEL) 305 packet scheduling algorithm. 306 307 To compile this driver as a module, choose M here: the module 308 will be called sch_codel. 309 310 If unsure, say N. 311 312config NET_SCH_FQ_CODEL 313 tristate "Fair Queue Controlled Delay AQM (FQ_CODEL)" 314 help 315 Say Y here if you want to use the FQ Controlled Delay (FQ_CODEL) 316 packet scheduling algorithm. 317 318 To compile this driver as a module, choose M here: the module 319 will be called sch_fq_codel. 320 321 If unsure, say N. 322 323config NET_SCH_CAKE 324 tristate "Common Applications Kept Enhanced (CAKE)" 325 help 326 Say Y here if you want to use the Common Applications Kept Enhanced 327 (CAKE) queue management algorithm. 328 329 To compile this driver as a module, choose M here: the module 330 will be called sch_cake. 331 332 If unsure, say N. 333 334config NET_SCH_FQ 335 tristate "Fair Queue" 336 help 337 Say Y here if you want to use the FQ packet scheduling algorithm. 338 339 FQ does flow separation, and is able to respect pacing requirements 340 set by TCP stack into sk->sk_pacing_rate (for localy generated 341 traffic) 342 343 To compile this driver as a module, choose M here: the module 344 will be called sch_fq. 345 346 If unsure, say N. 347 348config NET_SCH_HHF 349 tristate "Heavy-Hitter Filter (HHF)" 350 help 351 Say Y here if you want to use the Heavy-Hitter Filter (HHF) 352 packet scheduling algorithm. 353 354 To compile this driver as a module, choose M here: the module 355 will be called sch_hhf. 356 357config NET_SCH_PIE 358 tristate "Proportional Integral controller Enhanced (PIE) scheduler" 359 help 360 Say Y here if you want to use the Proportional Integral controller 361 Enhanced scheduler packet scheduling algorithm. 362 For more information, please see https://tools.ietf.org/html/rfc8033 363 364 To compile this driver as a module, choose M here: the module 365 will be called sch_pie. 366 367 If unsure, say N. 368 369config NET_SCH_INGRESS 370 tristate "Ingress/classifier-action Qdisc" 371 depends on NET_CLS_ACT 372 select NET_INGRESS 373 select NET_EGRESS 374 ---help--- 375 Say Y here if you want to use classifiers for incoming and/or outgoing 376 packets. This qdisc doesn't do anything else besides running classifiers, 377 which can also have actions attached to them. In case of outgoing packets, 378 classifiers that this qdisc holds are executed in the transmit path 379 before real enqueuing to an egress qdisc happens. 380 381 If unsure, say Y. 382 383 To compile this code as a module, choose M here: the module will be 384 called sch_ingress with alias of sch_clsact. 385 386config NET_SCH_PLUG 387 tristate "Plug network traffic until release (PLUG)" 388 ---help--- 389 390 This queuing discipline allows userspace to plug/unplug a network 391 output queue, using the netlink interface. When it receives an 392 enqueue command it inserts a plug into the outbound queue that 393 causes following packets to enqueue until a dequeue command arrives 394 over netlink, causing the plug to be removed and resuming the normal 395 packet flow. 396 397 This module also provides a generic "network output buffering" 398 functionality (aka output commit), wherein upon arrival of a dequeue 399 command, only packets up to the first plug are released for delivery. 400 The Remus HA project uses this module to enable speculative execution 401 of virtual machines by allowing the generated network output to be rolled 402 back if needed. 403 404 For more information, please refer to <http://wiki.xenproject.org/wiki/Remus> 405 406 Say Y here if you are using this kernel for Xen dom0 and 407 want to protect Xen guests with Remus. 408 409 To compile this code as a module, choose M here: the 410 module will be called sch_plug. 411 412config NET_SCH_ETS 413 tristate "Enhanced transmission selection scheduler (ETS)" 414 help 415 The Enhanced Transmission Selection scheduler is a classful 416 queuing discipline that merges functionality of PRIO and DRR 417 qdiscs in one scheduler. ETS makes it easy to configure a set of 418 strict and bandwidth-sharing bands to implement the transmission 419 selection described in 802.1Qaz. 420 421 Say Y here if you want to use the ETS packet scheduling 422 algorithm. 423 424 To compile this driver as a module, choose M here: the module 425 will be called sch_ets. 426 427 If unsure, say N. 428 429menuconfig NET_SCH_DEFAULT 430 bool "Allow override default queue discipline" 431 ---help--- 432 Support for selection of default queuing discipline. 433 434 Nearly all users can safely say no here, and the default 435 of pfifo_fast will be used. Many distributions already set 436 the default value via /proc/sys/net/core/default_qdisc. 437 438 If unsure, say N. 439 440if NET_SCH_DEFAULT 441 442choice 443 prompt "Default queuing discipline" 444 default DEFAULT_PFIFO_FAST 445 help 446 Select the queueing discipline that will be used by default 447 for all network devices. 448 449 config DEFAULT_FQ 450 bool "Fair Queue" if NET_SCH_FQ 451 452 config DEFAULT_CODEL 453 bool "Controlled Delay" if NET_SCH_CODEL 454 455 config DEFAULT_FQ_CODEL 456 bool "Fair Queue Controlled Delay" if NET_SCH_FQ_CODEL 457 458 config DEFAULT_SFQ 459 bool "Stochastic Fair Queue" if NET_SCH_SFQ 460 461 config DEFAULT_PFIFO_FAST 462 bool "Priority FIFO Fast" 463endchoice 464 465config DEFAULT_NET_SCH 466 string 467 default "pfifo_fast" if DEFAULT_PFIFO_FAST 468 default "fq" if DEFAULT_FQ 469 default "fq_codel" if DEFAULT_FQ_CODEL 470 default "sfq" if DEFAULT_SFQ 471 default "pfifo_fast" 472endif 473 474comment "Classification" 475 476config NET_CLS 477 bool 478 479config NET_CLS_BASIC 480 tristate "Elementary classification (BASIC)" 481 select NET_CLS 482 ---help--- 483 Say Y here if you want to be able to classify packets using 484 only extended matches and actions. 485 486 To compile this code as a module, choose M here: the 487 module will be called cls_basic. 488 489config NET_CLS_TCINDEX 490 tristate "Traffic-Control Index (TCINDEX)" 491 select NET_CLS 492 ---help--- 493 Say Y here if you want to be able to classify packets based on 494 traffic control indices. You will want this feature if you want 495 to implement Differentiated Services together with DSMARK. 496 497 To compile this code as a module, choose M here: the 498 module will be called cls_tcindex. 499 500config NET_CLS_ROUTE4 501 tristate "Routing decision (ROUTE)" 502 depends on INET 503 select IP_ROUTE_CLASSID 504 select NET_CLS 505 ---help--- 506 If you say Y here, you will be able to classify packets 507 according to the route table entry they matched. 508 509 To compile this code as a module, choose M here: the 510 module will be called cls_route. 511 512config NET_CLS_FW 513 tristate "Netfilter mark (FW)" 514 select NET_CLS 515 ---help--- 516 If you say Y here, you will be able to classify packets 517 according to netfilter/firewall marks. 518 519 To compile this code as a module, choose M here: the 520 module will be called cls_fw. 521 522config NET_CLS_U32 523 tristate "Universal 32bit comparisons w/ hashing (U32)" 524 select NET_CLS 525 ---help--- 526 Say Y here to be able to classify packets using a universal 527 32bit pieces based comparison scheme. 528 529 To compile this code as a module, choose M here: the 530 module will be called cls_u32. 531 532config CLS_U32_PERF 533 bool "Performance counters support" 534 depends on NET_CLS_U32 535 ---help--- 536 Say Y here to make u32 gather additional statistics useful for 537 fine tuning u32 classifiers. 538 539config CLS_U32_MARK 540 bool "Netfilter marks support" 541 depends on NET_CLS_U32 542 ---help--- 543 Say Y here to be able to use netfilter marks as u32 key. 544 545config NET_CLS_RSVP 546 tristate "IPv4 Resource Reservation Protocol (RSVP)" 547 select NET_CLS 548 ---help--- 549 The Resource Reservation Protocol (RSVP) permits end systems to 550 request a minimum and maximum data flow rate for a connection; this 551 is important for real time data such as streaming sound or video. 552 553 Say Y here if you want to be able to classify outgoing packets based 554 on their RSVP requests. 555 556 To compile this code as a module, choose M here: the 557 module will be called cls_rsvp. 558 559config NET_CLS_RSVP6 560 tristate "IPv6 Resource Reservation Protocol (RSVP6)" 561 select NET_CLS 562 ---help--- 563 The Resource Reservation Protocol (RSVP) permits end systems to 564 request a minimum and maximum data flow rate for a connection; this 565 is important for real time data such as streaming sound or video. 566 567 Say Y here if you want to be able to classify outgoing packets based 568 on their RSVP requests and you are using the IPv6 protocol. 569 570 To compile this code as a module, choose M here: the 571 module will be called cls_rsvp6. 572 573config NET_CLS_FLOW 574 tristate "Flow classifier" 575 select NET_CLS 576 ---help--- 577 If you say Y here, you will be able to classify packets based on 578 a configurable combination of packet keys. This is mostly useful 579 in combination with SFQ. 580 581 To compile this code as a module, choose M here: the 582 module will be called cls_flow. 583 584config NET_CLS_CGROUP 585 tristate "Control Group Classifier" 586 select NET_CLS 587 select CGROUP_NET_CLASSID 588 depends on CGROUPS 589 ---help--- 590 Say Y here if you want to classify packets based on the control 591 cgroup of their process. 592 593 To compile this code as a module, choose M here: the 594 module will be called cls_cgroup. 595 596config NET_CLS_BPF 597 tristate "BPF-based classifier" 598 select NET_CLS 599 ---help--- 600 If you say Y here, you will be able to classify packets based on 601 programmable BPF (JIT'ed) filters as an alternative to ematches. 602 603 To compile this code as a module, choose M here: the module will 604 be called cls_bpf. 605 606config NET_CLS_FLOWER 607 tristate "Flower classifier" 608 select NET_CLS 609 ---help--- 610 If you say Y here, you will be able to classify packets based on 611 a configurable combination of packet keys and masks. 612 613 To compile this code as a module, choose M here: the module will 614 be called cls_flower. 615 616config NET_CLS_MATCHALL 617 tristate "Match-all classifier" 618 select NET_CLS 619 ---help--- 620 If you say Y here, you will be able to classify packets based on 621 nothing. Every packet will match. 622 623 To compile this code as a module, choose M here: the module will 624 be called cls_matchall. 625 626config NET_EMATCH 627 bool "Extended Matches" 628 select NET_CLS 629 ---help--- 630 Say Y here if you want to use extended matches on top of classifiers 631 and select the extended matches below. 632 633 Extended matches are small classification helpers not worth writing 634 a separate classifier for. 635 636 A recent version of the iproute2 package is required to use 637 extended matches. 638 639config NET_EMATCH_STACK 640 int "Stack size" 641 depends on NET_EMATCH 642 default "32" 643 ---help--- 644 Size of the local stack variable used while evaluating the tree of 645 ematches. Limits the depth of the tree, i.e. the number of 646 encapsulated precedences. Every level requires 4 bytes of additional 647 stack space. 648 649config NET_EMATCH_CMP 650 tristate "Simple packet data comparison" 651 depends on NET_EMATCH 652 ---help--- 653 Say Y here if you want to be able to classify packets based on 654 simple packet data comparisons for 8, 16, and 32bit values. 655 656 To compile this code as a module, choose M here: the 657 module will be called em_cmp. 658 659config NET_EMATCH_NBYTE 660 tristate "Multi byte comparison" 661 depends on NET_EMATCH 662 ---help--- 663 Say Y here if you want to be able to classify packets based on 664 multiple byte comparisons mainly useful for IPv6 address comparisons. 665 666 To compile this code as a module, choose M here: the 667 module will be called em_nbyte. 668 669config NET_EMATCH_U32 670 tristate "U32 key" 671 depends on NET_EMATCH 672 ---help--- 673 Say Y here if you want to be able to classify packets using 674 the famous u32 key in combination with logic relations. 675 676 To compile this code as a module, choose M here: the 677 module will be called em_u32. 678 679config NET_EMATCH_META 680 tristate "Metadata" 681 depends on NET_EMATCH 682 ---help--- 683 Say Y here if you want to be able to classify packets based on 684 metadata such as load average, netfilter attributes, socket 685 attributes and routing decisions. 686 687 To compile this code as a module, choose M here: the 688 module will be called em_meta. 689 690config NET_EMATCH_TEXT 691 tristate "Textsearch" 692 depends on NET_EMATCH 693 select TEXTSEARCH 694 select TEXTSEARCH_KMP 695 select TEXTSEARCH_BM 696 select TEXTSEARCH_FSM 697 ---help--- 698 Say Y here if you want to be able to classify packets based on 699 textsearch comparisons. 700 701 To compile this code as a module, choose M here: the 702 module will be called em_text. 703 704config NET_EMATCH_CANID 705 tristate "CAN Identifier" 706 depends on NET_EMATCH && (CAN=y || CAN=m) 707 ---help--- 708 Say Y here if you want to be able to classify CAN frames based 709 on CAN Identifier. 710 711 To compile this code as a module, choose M here: the 712 module will be called em_canid. 713 714config NET_EMATCH_IPSET 715 tristate "IPset" 716 depends on NET_EMATCH && IP_SET 717 ---help--- 718 Say Y here if you want to be able to classify packets based on 719 ipset membership. 720 721 To compile this code as a module, choose M here: the 722 module will be called em_ipset. 723 724config NET_EMATCH_IPT 725 tristate "IPtables Matches" 726 depends on NET_EMATCH && NETFILTER && NETFILTER_XTABLES 727 ---help--- 728 Say Y here to be able to classify packets based on iptables 729 matches. 730 Current supported match is "policy" which allows packet classification 731 based on IPsec policy that was used during decapsulation 732 733 To compile this code as a module, choose M here: the 734 module will be called em_ipt. 735 736config NET_CLS_ACT 737 bool "Actions" 738 select NET_CLS 739 ---help--- 740 Say Y here if you want to use traffic control actions. Actions 741 get attached to classifiers and are invoked after a successful 742 classification. They are used to overwrite the classification 743 result, instantly drop or redirect packets, etc. 744 745 A recent version of the iproute2 package is required to use 746 extended matches. 747 748config NET_ACT_POLICE 749 tristate "Traffic Policing" 750 depends on NET_CLS_ACT 751 ---help--- 752 Say Y here if you want to do traffic policing, i.e. strict 753 bandwidth limiting. This action replaces the existing policing 754 module. 755 756 To compile this code as a module, choose M here: the 757 module will be called act_police. 758 759config NET_ACT_GACT 760 tristate "Generic actions" 761 depends on NET_CLS_ACT 762 ---help--- 763 Say Y here to take generic actions such as dropping and 764 accepting packets. 765 766 To compile this code as a module, choose M here: the 767 module will be called act_gact. 768 769config GACT_PROB 770 bool "Probability support" 771 depends on NET_ACT_GACT 772 ---help--- 773 Say Y here to use the generic action randomly or deterministically. 774 775config NET_ACT_MIRRED 776 tristate "Redirecting and Mirroring" 777 depends on NET_CLS_ACT 778 ---help--- 779 Say Y here to allow packets to be mirrored or redirected to 780 other devices. 781 782 To compile this code as a module, choose M here: the 783 module will be called act_mirred. 784 785config NET_ACT_SAMPLE 786 tristate "Traffic Sampling" 787 depends on NET_CLS_ACT 788 select PSAMPLE 789 ---help--- 790 Say Y here to allow packet sampling tc action. The packet sample 791 action consists of statistically choosing packets and sampling 792 them using the psample module. 793 794 To compile this code as a module, choose M here: the 795 module will be called act_sample. 796 797config NET_ACT_IPT 798 tristate "IPtables targets" 799 depends on NET_CLS_ACT && NETFILTER && IP_NF_IPTABLES 800 ---help--- 801 Say Y here to be able to invoke iptables targets after successful 802 classification. 803 804 To compile this code as a module, choose M here: the 805 module will be called act_ipt. 806 807config NET_ACT_NAT 808 tristate "Stateless NAT" 809 depends on NET_CLS_ACT 810 ---help--- 811 Say Y here to do stateless NAT on IPv4 packets. You should use 812 netfilter for NAT unless you know what you are doing. 813 814 To compile this code as a module, choose M here: the 815 module will be called act_nat. 816 817config NET_ACT_PEDIT 818 tristate "Packet Editing" 819 depends on NET_CLS_ACT 820 ---help--- 821 Say Y here if you want to mangle the content of packets. 822 823 To compile this code as a module, choose M here: the 824 module will be called act_pedit. 825 826config NET_ACT_SIMP 827 tristate "Simple Example (Debug)" 828 depends on NET_CLS_ACT 829 ---help--- 830 Say Y here to add a simple action for demonstration purposes. 831 It is meant as an example and for debugging purposes. It will 832 print a configured policy string followed by the packet count 833 to the console for every packet that passes by. 834 835 If unsure, say N. 836 837 To compile this code as a module, choose M here: the 838 module will be called act_simple. 839 840config NET_ACT_SKBEDIT 841 tristate "SKB Editing" 842 depends on NET_CLS_ACT 843 ---help--- 844 Say Y here to change skb priority or queue_mapping settings. 845 846 If unsure, say N. 847 848 To compile this code as a module, choose M here: the 849 module will be called act_skbedit. 850 851config NET_ACT_CSUM 852 tristate "Checksum Updating" 853 depends on NET_CLS_ACT && INET 854 select LIBCRC32C 855 ---help--- 856 Say Y here to update some common checksum after some direct 857 packet alterations. 858 859 To compile this code as a module, choose M here: the 860 module will be called act_csum. 861 862config NET_ACT_MPLS 863 tristate "MPLS manipulation" 864 depends on NET_CLS_ACT 865 help 866 Say Y here to push or pop MPLS headers. 867 868 If unsure, say N. 869 870 To compile this code as a module, choose M here: the 871 module will be called act_mpls. 872 873config NET_ACT_VLAN 874 tristate "Vlan manipulation" 875 depends on NET_CLS_ACT 876 ---help--- 877 Say Y here to push or pop vlan headers. 878 879 If unsure, say N. 880 881 To compile this code as a module, choose M here: the 882 module will be called act_vlan. 883 884config NET_ACT_BPF 885 tristate "BPF based action" 886 depends on NET_CLS_ACT 887 ---help--- 888 Say Y here to execute BPF code on packets. The BPF code will decide 889 if the packet should be dropped or not. 890 891 If unsure, say N. 892 893 To compile this code as a module, choose M here: the 894 module will be called act_bpf. 895 896config NET_ACT_CONNMARK 897 tristate "Netfilter Connection Mark Retriever" 898 depends on NET_CLS_ACT && NETFILTER && IP_NF_IPTABLES 899 depends on NF_CONNTRACK && NF_CONNTRACK_MARK 900 ---help--- 901 Say Y here to allow retrieving of conn mark 902 903 If unsure, say N. 904 905 To compile this code as a module, choose M here: the 906 module will be called act_connmark. 907 908config NET_ACT_CTINFO 909 tristate "Netfilter Connection Mark Actions" 910 depends on NET_CLS_ACT && NETFILTER && IP_NF_IPTABLES 911 depends on NF_CONNTRACK && NF_CONNTRACK_MARK 912 help 913 Say Y here to allow transfer of a connmark stored information. 914 Current actions transfer connmark stored DSCP into 915 ipv4/v6 diffserv and/or to transfer connmark to packet 916 mark. Both are useful for restoring egress based marks 917 back onto ingress connections for qdisc priority mapping 918 purposes. 919 920 If unsure, say N. 921 922 To compile this code as a module, choose M here: the 923 module will be called act_ctinfo. 924 925config NET_ACT_SKBMOD 926 tristate "skb data modification action" 927 depends on NET_CLS_ACT 928 ---help--- 929 Say Y here to allow modification of skb data 930 931 If unsure, say N. 932 933 To compile this code as a module, choose M here: the 934 module will be called act_skbmod. 935 936config NET_ACT_IFE 937 tristate "Inter-FE action based on IETF ForCES InterFE LFB" 938 depends on NET_CLS_ACT 939 select NET_IFE 940 ---help--- 941 Say Y here to allow for sourcing and terminating metadata 942 For details refer to netdev01 paper: 943 "Distributing Linux Traffic Control Classifier-Action Subsystem" 944 Authors: Jamal Hadi Salim and Damascene M. Joachimpillai 945 946 To compile this code as a module, choose M here: the 947 module will be called act_ife. 948 949config NET_ACT_TUNNEL_KEY 950 tristate "IP tunnel metadata manipulation" 951 depends on NET_CLS_ACT 952 ---help--- 953 Say Y here to set/release ip tunnel metadata. 954 955 If unsure, say N. 956 957 To compile this code as a module, choose M here: the 958 module will be called act_tunnel_key. 959 960config NET_ACT_CT 961 tristate "connection tracking tc action" 962 depends on NET_CLS_ACT && NF_CONNTRACK && NF_NAT 963 help 964 Say Y here to allow sending the packets to conntrack module. 965 966 If unsure, say N. 967 968 To compile this code as a module, choose M here: the 969 module will be called act_ct. 970 971config NET_IFE_SKBMARK 972 tristate "Support to encoding decoding skb mark on IFE action" 973 depends on NET_ACT_IFE 974 975config NET_IFE_SKBPRIO 976 tristate "Support to encoding decoding skb prio on IFE action" 977 depends on NET_ACT_IFE 978 979config NET_IFE_SKBTCINDEX 980 tristate "Support to encoding decoding skb tcindex on IFE action" 981 depends on NET_ACT_IFE 982 983config NET_TC_SKB_EXT 984 bool "TC recirculation support" 985 depends on NET_CLS_ACT 986 select SKB_EXTENSIONS 987 988 help 989 Say Y here to allow tc chain misses to continue in OvS datapath in 990 the correct recirc_id, and hardware chain misses to continue in 991 the correct chain in tc software datapath. 992 993 Say N here if you won't be using tc<->ovs offload or tc chains offload. 994 995endif # NET_SCHED 996 997config NET_SCH_FIFO 998 bool 999