1# SPDX-License-Identifier: GPL-2.0-only 2# 3# Traffic control configuration. 4# 5 6menuconfig NET_SCHED 7 bool "QoS and/or fair queueing" 8 select NET_SCH_FIFO 9 help 10 When the kernel has several packets to send out over a network 11 device, it has to decide which ones to send first, which ones to 12 delay, and which ones to drop. This is the job of the queueing 13 disciplines, several different algorithms for how to do this 14 "fairly" have been proposed. 15 16 If you say N here, you will get the standard packet scheduler, which 17 is a FIFO (first come, first served). If you say Y here, you will be 18 able to choose from among several alternative algorithms which can 19 then be attached to different network devices. This is useful for 20 example if some of your network devices are real time devices that 21 need a certain minimum data flow rate, or if you need to limit the 22 maximum data flow rate for traffic which matches specified criteria. 23 This code is considered to be experimental. 24 25 To administer these schedulers, you'll need the user-level utilities 26 from the package iproute2+tc at 27 <https://www.kernel.org/pub/linux/utils/net/iproute2/>. That package 28 also contains some documentation; for more, check out 29 <http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2>. 30 31 This Quality of Service (QoS) support will enable you to use 32 Differentiated Services (diffserv) and Resource Reservation Protocol 33 (RSVP) on your Linux router if you also say Y to the corresponding 34 classifiers below. Documentation and software is at 35 <http://diffserv.sourceforge.net/>. 36 37 If you say Y here and to "/proc file system" below, you will be able 38 to read status information about packet schedulers from the file 39 /proc/net/psched. 40 41 The available schedulers are listed in the following questions; you 42 can say Y to as many as you like. If unsure, say N now. 43 44if NET_SCHED 45 46comment "Queueing/Scheduling" 47 48config NET_SCH_CBQ 49 tristate "Class Based Queueing (CBQ)" 50 help 51 Say Y here if you want to use the Class-Based Queueing (CBQ) packet 52 scheduling algorithm. This algorithm classifies the waiting packets 53 into a tree-like hierarchy of classes; the leaves of this tree are 54 in turn scheduled by separate algorithms. 55 56 See the top of <file:net/sched/sch_cbq.c> for more details. 57 58 CBQ is a commonly used scheduler, so if you're unsure, you should 59 say Y here. Then say Y to all the queueing algorithms below that you 60 want to use as leaf disciplines. 61 62 To compile this code as a module, choose M here: the 63 module will be called sch_cbq. 64 65config NET_SCH_HTB 66 tristate "Hierarchical Token Bucket (HTB)" 67 help 68 Say Y here if you want to use the Hierarchical Token Buckets (HTB) 69 packet scheduling algorithm. See 70 <http://luxik.cdi.cz/~devik/qos/htb/> for complete manual and 71 in-depth articles. 72 73 HTB is very similar to CBQ regarding its goals however is has 74 different properties and different algorithm. 75 76 To compile this code as a module, choose M here: the 77 module will be called sch_htb. 78 79config NET_SCH_HFSC 80 tristate "Hierarchical Fair Service Curve (HFSC)" 81 help 82 Say Y here if you want to use the Hierarchical Fair Service Curve 83 (HFSC) packet scheduling algorithm. 84 85 To compile this code as a module, choose M here: the 86 module will be called sch_hfsc. 87 88config NET_SCH_ATM 89 tristate "ATM Virtual Circuits (ATM)" 90 depends on ATM 91 help 92 Say Y here if you want to use the ATM pseudo-scheduler. This 93 provides a framework for invoking classifiers, which in turn 94 select classes of this queuing discipline. Each class maps 95 the flow(s) it is handling to a given virtual circuit. 96 97 See the top of <file:net/sched/sch_atm.c> for more details. 98 99 To compile this code as a module, choose M here: the 100 module will be called sch_atm. 101 102config NET_SCH_PRIO 103 tristate "Multi Band Priority Queueing (PRIO)" 104 help 105 Say Y here if you want to use an n-band priority queue packet 106 scheduler. 107 108 To compile this code as a module, choose M here: the 109 module will be called sch_prio. 110 111config NET_SCH_MULTIQ 112 tristate "Hardware Multiqueue-aware Multi Band Queuing (MULTIQ)" 113 help 114 Say Y here if you want to use an n-band queue packet scheduler 115 to support devices that have multiple hardware transmit queues. 116 117 To compile this code as a module, choose M here: the 118 module will be called sch_multiq. 119 120config NET_SCH_RED 121 tristate "Random Early Detection (RED)" 122 help 123 Say Y here if you want to use the Random Early Detection (RED) 124 packet scheduling algorithm. 125 126 See the top of <file:net/sched/sch_red.c> for more details. 127 128 To compile this code as a module, choose M here: the 129 module will be called sch_red. 130 131config NET_SCH_SFB 132 tristate "Stochastic Fair Blue (SFB)" 133 help 134 Say Y here if you want to use the Stochastic Fair Blue (SFB) 135 packet scheduling algorithm. 136 137 See the top of <file:net/sched/sch_sfb.c> for more details. 138 139 To compile this code as a module, choose M here: the 140 module will be called sch_sfb. 141 142config NET_SCH_SFQ 143 tristate "Stochastic Fairness Queueing (SFQ)" 144 help 145 Say Y here if you want to use the Stochastic Fairness Queueing (SFQ) 146 packet scheduling algorithm. 147 148 See the top of <file:net/sched/sch_sfq.c> for more details. 149 150 To compile this code as a module, choose M here: the 151 module will be called sch_sfq. 152 153config NET_SCH_TEQL 154 tristate "True Link Equalizer (TEQL)" 155 help 156 Say Y here if you want to use the True Link Equalizer (TLE) packet 157 scheduling algorithm. This queueing discipline allows the combination 158 of several physical devices into one virtual device. 159 160 See the top of <file:net/sched/sch_teql.c> for more details. 161 162 To compile this code as a module, choose M here: the 163 module will be called sch_teql. 164 165config NET_SCH_TBF 166 tristate "Token Bucket Filter (TBF)" 167 help 168 Say Y here if you want to use the Token Bucket Filter (TBF) packet 169 scheduling algorithm. 170 171 See the top of <file:net/sched/sch_tbf.c> for more details. 172 173 To compile this code as a module, choose M here: the 174 module will be called sch_tbf. 175 176config NET_SCH_CBS 177 tristate "Credit Based Shaper (CBS)" 178 help 179 Say Y here if you want to use the Credit Based Shaper (CBS) packet 180 scheduling algorithm. 181 182 See the top of <file:net/sched/sch_cbs.c> for more details. 183 184 To compile this code as a module, choose M here: the 185 module will be called sch_cbs. 186 187config NET_SCH_ETF 188 tristate "Earliest TxTime First (ETF)" 189 help 190 Say Y here if you want to use the Earliest TxTime First (ETF) packet 191 scheduling algorithm. 192 193 See the top of <file:net/sched/sch_etf.c> for more details. 194 195 To compile this code as a module, choose M here: the 196 module will be called sch_etf. 197 198config NET_SCH_MQPRIO_LIB 199 tristate 200 help 201 Common library for manipulating mqprio queue configurations. 202 203config NET_SCH_TAPRIO 204 tristate "Time Aware Priority (taprio) Scheduler" 205 select NET_SCH_MQPRIO_LIB 206 help 207 Say Y here if you want to use the Time Aware Priority (taprio) packet 208 scheduling algorithm. 209 210 See the top of <file:net/sched/sch_taprio.c> for more details. 211 212 To compile this code as a module, choose M here: the 213 module will be called sch_taprio. 214 215config NET_SCH_GRED 216 tristate "Generic Random Early Detection (GRED)" 217 help 218 Say Y here if you want to use the Generic Random Early Detection 219 (GRED) packet scheduling algorithm for some of your network devices 220 (see the top of <file:net/sched/sch_red.c> for details and 221 references about the algorithm). 222 223 To compile this code as a module, choose M here: the 224 module will be called sch_gred. 225 226config NET_SCH_DSMARK 227 tristate "Differentiated Services marker (DSMARK)" 228 help 229 Say Y if you want to schedule packets according to the 230 Differentiated Services architecture proposed in RFC 2475. 231 Technical information on this method, with pointers to associated 232 RFCs, is available at <http://www.gta.ufrj.br/diffserv/>. 233 234 To compile this code as a module, choose M here: the 235 module will be called sch_dsmark. 236 237config NET_SCH_NETEM 238 tristate "Network emulator (NETEM)" 239 help 240 Say Y if you want to emulate network delay, loss, and packet 241 re-ordering. This is often useful to simulate networks when 242 testing applications or protocols. 243 244 To compile this driver as a module, choose M here: the module 245 will be called sch_netem. 246 247 If unsure, say N. 248 249config NET_SCH_DRR 250 tristate "Deficit Round Robin scheduler (DRR)" 251 help 252 Say Y here if you want to use the Deficit Round Robin (DRR) packet 253 scheduling algorithm. 254 255 To compile this driver as a module, choose M here: the module 256 will be called sch_drr. 257 258 If unsure, say N. 259 260config NET_SCH_MQPRIO 261 tristate "Multi-queue priority scheduler (MQPRIO)" 262 select NET_SCH_MQPRIO_LIB 263 help 264 Say Y here if you want to use the Multi-queue Priority scheduler. 265 This scheduler allows QOS to be offloaded on NICs that have support 266 for offloading QOS schedulers. 267 268 To compile this driver as a module, choose M here: the module will 269 be called sch_mqprio. 270 271 If unsure, say N. 272 273config NET_SCH_SKBPRIO 274 tristate "SKB priority queue scheduler (SKBPRIO)" 275 help 276 Say Y here if you want to use the SKB priority queue 277 scheduler. This schedules packets according to skb->priority, 278 which is useful for request packets in DoS mitigation systems such 279 as Gatekeeper. 280 281 To compile this driver as a module, choose M here: the module will 282 be called sch_skbprio. 283 284 If unsure, say N. 285 286config NET_SCH_CHOKE 287 tristate "CHOose and Keep responsive flow scheduler (CHOKE)" 288 help 289 Say Y here if you want to use the CHOKe packet scheduler (CHOose 290 and Keep for responsive flows, CHOose and Kill for unresponsive 291 flows). This is a variation of RED which tries to penalize flows 292 that monopolize the queue. 293 294 To compile this code as a module, choose M here: the 295 module will be called sch_choke. 296 297config NET_SCH_QFQ 298 tristate "Quick Fair Queueing scheduler (QFQ)" 299 help 300 Say Y here if you want to use the Quick Fair Queueing Scheduler (QFQ) 301 packet scheduling algorithm. 302 303 To compile this driver as a module, choose M here: the module 304 will be called sch_qfq. 305 306 If unsure, say N. 307 308config NET_SCH_CODEL 309 tristate "Controlled Delay AQM (CODEL)" 310 help 311 Say Y here if you want to use the Controlled Delay (CODEL) 312 packet scheduling algorithm. 313 314 To compile this driver as a module, choose M here: the module 315 will be called sch_codel. 316 317 If unsure, say N. 318 319config NET_SCH_FQ_CODEL 320 tristate "Fair Queue Controlled Delay AQM (FQ_CODEL)" 321 help 322 Say Y here if you want to use the FQ Controlled Delay (FQ_CODEL) 323 packet scheduling algorithm. 324 325 To compile this driver as a module, choose M here: the module 326 will be called sch_fq_codel. 327 328 If unsure, say N. 329 330config NET_SCH_CAKE 331 tristate "Common Applications Kept Enhanced (CAKE)" 332 help 333 Say Y here if you want to use the Common Applications Kept Enhanced 334 (CAKE) queue management algorithm. 335 336 To compile this driver as a module, choose M here: the module 337 will be called sch_cake. 338 339 If unsure, say N. 340 341config NET_SCH_FQ 342 tristate "Fair Queue" 343 help 344 Say Y here if you want to use the FQ packet scheduling algorithm. 345 346 FQ does flow separation, and is able to respect pacing requirements 347 set by TCP stack into sk->sk_pacing_rate (for locally generated 348 traffic) 349 350 To compile this driver as a module, choose M here: the module 351 will be called sch_fq. 352 353 If unsure, say N. 354 355config NET_SCH_HHF 356 tristate "Heavy-Hitter Filter (HHF)" 357 help 358 Say Y here if you want to use the Heavy-Hitter Filter (HHF) 359 packet scheduling algorithm. 360 361 To compile this driver as a module, choose M here: the module 362 will be called sch_hhf. 363 364config NET_SCH_PIE 365 tristate "Proportional Integral controller Enhanced (PIE) scheduler" 366 help 367 Say Y here if you want to use the Proportional Integral controller 368 Enhanced scheduler packet scheduling algorithm. 369 For more information, please see https://tools.ietf.org/html/rfc8033 370 371 To compile this driver as a module, choose M here: the module 372 will be called sch_pie. 373 374 If unsure, say N. 375 376config NET_SCH_FQ_PIE 377 depends on NET_SCH_PIE 378 tristate "Flow Queue Proportional Integral controller Enhanced (FQ-PIE)" 379 help 380 Say Y here if you want to use the Flow Queue Proportional Integral 381 controller Enhanced (FQ-PIE) packet scheduling algorithm. 382 For more information, please see https://tools.ietf.org/html/rfc8033 383 384 To compile this driver as a module, choose M here: the module 385 will be called sch_fq_pie. 386 387 If unsure, say N. 388 389config NET_SCH_INGRESS 390 tristate "Ingress/classifier-action Qdisc" 391 depends on NET_CLS_ACT 392 select NET_INGRESS 393 select NET_EGRESS 394 help 395 Say Y here if you want to use classifiers for incoming and/or outgoing 396 packets. This qdisc doesn't do anything else besides running classifiers, 397 which can also have actions attached to them. In case of outgoing packets, 398 classifiers that this qdisc holds are executed in the transmit path 399 before real enqueuing to an egress qdisc happens. 400 401 If unsure, say Y. 402 403 To compile this code as a module, choose M here: the module will be 404 called sch_ingress with alias of sch_clsact. 405 406config NET_SCH_PLUG 407 tristate "Plug network traffic until release (PLUG)" 408 help 409 410 This queuing discipline allows userspace to plug/unplug a network 411 output queue, using the netlink interface. When it receives an 412 enqueue command it inserts a plug into the outbound queue that 413 causes following packets to enqueue until a dequeue command arrives 414 over netlink, causing the plug to be removed and resuming the normal 415 packet flow. 416 417 This module also provides a generic "network output buffering" 418 functionality (aka output commit), wherein upon arrival of a dequeue 419 command, only packets up to the first plug are released for delivery. 420 The Remus HA project uses this module to enable speculative execution 421 of virtual machines by allowing the generated network output to be rolled 422 back if needed. 423 424 For more information, please refer to <http://wiki.xenproject.org/wiki/Remus> 425 426 Say Y here if you are using this kernel for Xen dom0 and 427 want to protect Xen guests with Remus. 428 429 To compile this code as a module, choose M here: the 430 module will be called sch_plug. 431 432config NET_SCH_ETS 433 tristate "Enhanced transmission selection scheduler (ETS)" 434 help 435 The Enhanced Transmission Selection scheduler is a classful 436 queuing discipline that merges functionality of PRIO and DRR 437 qdiscs in one scheduler. ETS makes it easy to configure a set of 438 strict and bandwidth-sharing bands to implement the transmission 439 selection described in 802.1Qaz. 440 441 Say Y here if you want to use the ETS packet scheduling 442 algorithm. 443 444 To compile this driver as a module, choose M here: the module 445 will be called sch_ets. 446 447 If unsure, say N. 448 449menuconfig NET_SCH_DEFAULT 450 bool "Allow override default queue discipline" 451 help 452 Support for selection of default queuing discipline. 453 454 Nearly all users can safely say no here, and the default 455 of pfifo_fast will be used. Many distributions already set 456 the default value via /proc/sys/net/core/default_qdisc. 457 458 If unsure, say N. 459 460if NET_SCH_DEFAULT 461 462choice 463 prompt "Default queuing discipline" 464 default DEFAULT_PFIFO_FAST 465 help 466 Select the queueing discipline that will be used by default 467 for all network devices. 468 469 config DEFAULT_FQ 470 bool "Fair Queue" if NET_SCH_FQ 471 472 config DEFAULT_CODEL 473 bool "Controlled Delay" if NET_SCH_CODEL 474 475 config DEFAULT_FQ_CODEL 476 bool "Fair Queue Controlled Delay" if NET_SCH_FQ_CODEL 477 478 config DEFAULT_FQ_PIE 479 bool "Flow Queue Proportional Integral controller Enhanced" if NET_SCH_FQ_PIE 480 481 config DEFAULT_SFQ 482 bool "Stochastic Fair Queue" if NET_SCH_SFQ 483 484 config DEFAULT_PFIFO_FAST 485 bool "Priority FIFO Fast" 486endchoice 487 488config DEFAULT_NET_SCH 489 string 490 default "pfifo_fast" if DEFAULT_PFIFO_FAST 491 default "fq" if DEFAULT_FQ 492 default "fq_codel" if DEFAULT_FQ_CODEL 493 default "fq_pie" if DEFAULT_FQ_PIE 494 default "sfq" if DEFAULT_SFQ 495 default "pfifo_fast" 496endif 497 498comment "Classification" 499 500config NET_CLS 501 bool 502 503config NET_CLS_BASIC 504 tristate "Elementary classification (BASIC)" 505 select NET_CLS 506 help 507 Say Y here if you want to be able to classify packets using 508 only extended matches and actions. 509 510 To compile this code as a module, choose M here: the 511 module will be called cls_basic. 512 513config NET_CLS_TCINDEX 514 tristate "Traffic-Control Index (TCINDEX)" 515 select NET_CLS 516 help 517 Say Y here if you want to be able to classify packets based on 518 traffic control indices. You will want this feature if you want 519 to implement Differentiated Services together with DSMARK. 520 521 To compile this code as a module, choose M here: the 522 module will be called cls_tcindex. 523 524config NET_CLS_ROUTE4 525 tristate "Routing decision (ROUTE)" 526 depends on INET 527 select IP_ROUTE_CLASSID 528 select NET_CLS 529 help 530 If you say Y here, you will be able to classify packets 531 according to the route table entry they matched. 532 533 To compile this code as a module, choose M here: the 534 module will be called cls_route. 535 536config NET_CLS_FW 537 tristate "Netfilter mark (FW)" 538 select NET_CLS 539 help 540 If you say Y here, you will be able to classify packets 541 according to netfilter/firewall marks. 542 543 To compile this code as a module, choose M here: the 544 module will be called cls_fw. 545 546config NET_CLS_U32 547 tristate "Universal 32bit comparisons w/ hashing (U32)" 548 select NET_CLS 549 help 550 Say Y here to be able to classify packets using a universal 551 32bit pieces based comparison scheme. 552 553 To compile this code as a module, choose M here: the 554 module will be called cls_u32. 555 556config CLS_U32_PERF 557 bool "Performance counters support" 558 depends on NET_CLS_U32 559 help 560 Say Y here to make u32 gather additional statistics useful for 561 fine tuning u32 classifiers. 562 563config CLS_U32_MARK 564 bool "Netfilter marks support" 565 depends on NET_CLS_U32 566 help 567 Say Y here to be able to use netfilter marks as u32 key. 568 569config NET_CLS_RSVP 570 tristate "IPv4 Resource Reservation Protocol (RSVP)" 571 select NET_CLS 572 help 573 The Resource Reservation Protocol (RSVP) permits end systems to 574 request a minimum and maximum data flow rate for a connection; this 575 is important for real time data such as streaming sound or video. 576 577 Say Y here if you want to be able to classify outgoing packets based 578 on their RSVP requests. 579 580 To compile this code as a module, choose M here: the 581 module will be called cls_rsvp. 582 583config NET_CLS_RSVP6 584 tristate "IPv6 Resource Reservation Protocol (RSVP6)" 585 select NET_CLS 586 help 587 The Resource Reservation Protocol (RSVP) permits end systems to 588 request a minimum and maximum data flow rate for a connection; this 589 is important for real time data such as streaming sound or video. 590 591 Say Y here if you want to be able to classify outgoing packets based 592 on their RSVP requests and you are using the IPv6 protocol. 593 594 To compile this code as a module, choose M here: the 595 module will be called cls_rsvp6. 596 597config NET_CLS_FLOW 598 tristate "Flow classifier" 599 select NET_CLS 600 help 601 If you say Y here, you will be able to classify packets based on 602 a configurable combination of packet keys. This is mostly useful 603 in combination with SFQ. 604 605 To compile this code as a module, choose M here: the 606 module will be called cls_flow. 607 608config NET_CLS_CGROUP 609 tristate "Control Group Classifier" 610 select NET_CLS 611 select CGROUP_NET_CLASSID 612 depends on CGROUPS 613 help 614 Say Y here if you want to classify packets based on the control 615 cgroup of their process. 616 617 To compile this code as a module, choose M here: the 618 module will be called cls_cgroup. 619 620config NET_CLS_BPF 621 tristate "BPF-based classifier" 622 select NET_CLS 623 help 624 If you say Y here, you will be able to classify packets based on 625 programmable BPF (JIT'ed) filters as an alternative to ematches. 626 627 To compile this code as a module, choose M here: the module will 628 be called cls_bpf. 629 630config NET_CLS_FLOWER 631 tristate "Flower classifier" 632 select NET_CLS 633 help 634 If you say Y here, you will be able to classify packets based on 635 a configurable combination of packet keys and masks. 636 637 To compile this code as a module, choose M here: the module will 638 be called cls_flower. 639 640config NET_CLS_MATCHALL 641 tristate "Match-all classifier" 642 select NET_CLS 643 help 644 If you say Y here, you will be able to classify packets based on 645 nothing. Every packet will match. 646 647 To compile this code as a module, choose M here: the module will 648 be called cls_matchall. 649 650config NET_EMATCH 651 bool "Extended Matches" 652 select NET_CLS 653 help 654 Say Y here if you want to use extended matches on top of classifiers 655 and select the extended matches below. 656 657 Extended matches are small classification helpers not worth writing 658 a separate classifier for. 659 660 A recent version of the iproute2 package is required to use 661 extended matches. 662 663config NET_EMATCH_STACK 664 int "Stack size" 665 depends on NET_EMATCH 666 default "32" 667 help 668 Size of the local stack variable used while evaluating the tree of 669 ematches. Limits the depth of the tree, i.e. the number of 670 encapsulated precedences. Every level requires 4 bytes of additional 671 stack space. 672 673config NET_EMATCH_CMP 674 tristate "Simple packet data comparison" 675 depends on NET_EMATCH 676 help 677 Say Y here if you want to be able to classify packets based on 678 simple packet data comparisons for 8, 16, and 32bit values. 679 680 To compile this code as a module, choose M here: the 681 module will be called em_cmp. 682 683config NET_EMATCH_NBYTE 684 tristate "Multi byte comparison" 685 depends on NET_EMATCH 686 help 687 Say Y here if you want to be able to classify packets based on 688 multiple byte comparisons mainly useful for IPv6 address comparisons. 689 690 To compile this code as a module, choose M here: the 691 module will be called em_nbyte. 692 693config NET_EMATCH_U32 694 tristate "U32 key" 695 depends on NET_EMATCH 696 help 697 Say Y here if you want to be able to classify packets using 698 the famous u32 key in combination with logic relations. 699 700 To compile this code as a module, choose M here: the 701 module will be called em_u32. 702 703config NET_EMATCH_META 704 tristate "Metadata" 705 depends on NET_EMATCH 706 help 707 Say Y here if you want to be able to classify packets based on 708 metadata such as load average, netfilter attributes, socket 709 attributes and routing decisions. 710 711 To compile this code as a module, choose M here: the 712 module will be called em_meta. 713 714config NET_EMATCH_TEXT 715 tristate "Textsearch" 716 depends on NET_EMATCH 717 select TEXTSEARCH 718 select TEXTSEARCH_KMP 719 select TEXTSEARCH_BM 720 select TEXTSEARCH_FSM 721 help 722 Say Y here if you want to be able to classify packets based on 723 textsearch comparisons. 724 725 To compile this code as a module, choose M here: the 726 module will be called em_text. 727 728config NET_EMATCH_CANID 729 tristate "CAN Identifier" 730 depends on NET_EMATCH && (CAN=y || CAN=m) 731 help 732 Say Y here if you want to be able to classify CAN frames based 733 on CAN Identifier. 734 735 To compile this code as a module, choose M here: the 736 module will be called em_canid. 737 738config NET_EMATCH_IPSET 739 tristate "IPset" 740 depends on NET_EMATCH && IP_SET 741 help 742 Say Y here if you want to be able to classify packets based on 743 ipset membership. 744 745 To compile this code as a module, choose M here: the 746 module will be called em_ipset. 747 748config NET_EMATCH_IPT 749 tristate "IPtables Matches" 750 depends on NET_EMATCH && NETFILTER && NETFILTER_XTABLES 751 help 752 Say Y here to be able to classify packets based on iptables 753 matches. 754 Current supported match is "policy" which allows packet classification 755 based on IPsec policy that was used during decapsulation 756 757 To compile this code as a module, choose M here: the 758 module will be called em_ipt. 759 760config NET_CLS_ACT 761 bool "Actions" 762 select NET_CLS 763 help 764 Say Y here if you want to use traffic control actions. Actions 765 get attached to classifiers and are invoked after a successful 766 classification. They are used to overwrite the classification 767 result, instantly drop or redirect packets, etc. 768 769 A recent version of the iproute2 package is required to use 770 extended matches. 771 772config NET_ACT_POLICE 773 tristate "Traffic Policing" 774 depends on NET_CLS_ACT 775 help 776 Say Y here if you want to do traffic policing, i.e. strict 777 bandwidth limiting. This action replaces the existing policing 778 module. 779 780 To compile this code as a module, choose M here: the 781 module will be called act_police. 782 783config NET_ACT_GACT 784 tristate "Generic actions" 785 depends on NET_CLS_ACT 786 help 787 Say Y here to take generic actions such as dropping and 788 accepting packets. 789 790 To compile this code as a module, choose M here: the 791 module will be called act_gact. 792 793config GACT_PROB 794 bool "Probability support" 795 depends on NET_ACT_GACT 796 help 797 Say Y here to use the generic action randomly or deterministically. 798 799config NET_ACT_MIRRED 800 tristate "Redirecting and Mirroring" 801 depends on NET_CLS_ACT 802 help 803 Say Y here to allow packets to be mirrored or redirected to 804 other devices. 805 806 To compile this code as a module, choose M here: the 807 module will be called act_mirred. 808 809config NET_ACT_SAMPLE 810 tristate "Traffic Sampling" 811 depends on NET_CLS_ACT 812 select PSAMPLE 813 help 814 Say Y here to allow packet sampling tc action. The packet sample 815 action consists of statistically choosing packets and sampling 816 them using the psample module. 817 818 To compile this code as a module, choose M here: the 819 module will be called act_sample. 820 821config NET_ACT_IPT 822 tristate "IPtables targets" 823 depends on NET_CLS_ACT && NETFILTER && NETFILTER_XTABLES 824 help 825 Say Y here to be able to invoke iptables targets after successful 826 classification. 827 828 To compile this code as a module, choose M here: the 829 module will be called act_ipt. 830 831config NET_ACT_NAT 832 tristate "Stateless NAT" 833 depends on NET_CLS_ACT 834 help 835 Say Y here to do stateless NAT on IPv4 packets. You should use 836 netfilter for NAT unless you know what you are doing. 837 838 To compile this code as a module, choose M here: the 839 module will be called act_nat. 840 841config NET_ACT_PEDIT 842 tristate "Packet Editing" 843 depends on NET_CLS_ACT 844 help 845 Say Y here if you want to mangle the content of packets. 846 847 To compile this code as a module, choose M here: the 848 module will be called act_pedit. 849 850config NET_ACT_SIMP 851 tristate "Simple Example (Debug)" 852 depends on NET_CLS_ACT 853 help 854 Say Y here to add a simple action for demonstration purposes. 855 It is meant as an example and for debugging purposes. It will 856 print a configured policy string followed by the packet count 857 to the console for every packet that passes by. 858 859 If unsure, say N. 860 861 To compile this code as a module, choose M here: the 862 module will be called act_simple. 863 864config NET_ACT_SKBEDIT 865 tristate "SKB Editing" 866 depends on NET_CLS_ACT 867 help 868 Say Y here to change skb priority or queue_mapping settings. 869 870 If unsure, say N. 871 872 To compile this code as a module, choose M here: the 873 module will be called act_skbedit. 874 875config NET_ACT_CSUM 876 tristate "Checksum Updating" 877 depends on NET_CLS_ACT && INET 878 select LIBCRC32C 879 help 880 Say Y here to update some common checksum after some direct 881 packet alterations. 882 883 To compile this code as a module, choose M here: the 884 module will be called act_csum. 885 886config NET_ACT_MPLS 887 tristate "MPLS manipulation" 888 depends on NET_CLS_ACT 889 help 890 Say Y here to push or pop MPLS headers. 891 892 If unsure, say N. 893 894 To compile this code as a module, choose M here: the 895 module will be called act_mpls. 896 897config NET_ACT_VLAN 898 tristate "Vlan manipulation" 899 depends on NET_CLS_ACT 900 help 901 Say Y here to push or pop vlan headers. 902 903 If unsure, say N. 904 905 To compile this code as a module, choose M here: the 906 module will be called act_vlan. 907 908config NET_ACT_BPF 909 tristate "BPF based action" 910 depends on NET_CLS_ACT 911 help 912 Say Y here to execute BPF code on packets. The BPF code will decide 913 if the packet should be dropped or not. 914 915 If unsure, say N. 916 917 To compile this code as a module, choose M here: the 918 module will be called act_bpf. 919 920config NET_ACT_CONNMARK 921 tristate "Netfilter Connection Mark Retriever" 922 depends on NET_CLS_ACT && NETFILTER 923 depends on NF_CONNTRACK && NF_CONNTRACK_MARK 924 help 925 Say Y here to allow retrieving of conn mark 926 927 If unsure, say N. 928 929 To compile this code as a module, choose M here: the 930 module will be called act_connmark. 931 932config NET_ACT_CTINFO 933 tristate "Netfilter Connection Mark Actions" 934 depends on NET_CLS_ACT && NETFILTER 935 depends on NF_CONNTRACK && NF_CONNTRACK_MARK 936 help 937 Say Y here to allow transfer of a connmark stored information. 938 Current actions transfer connmark stored DSCP into 939 ipv4/v6 diffserv and/or to transfer connmark to packet 940 mark. Both are useful for restoring egress based marks 941 back onto ingress connections for qdisc priority mapping 942 purposes. 943 944 If unsure, say N. 945 946 To compile this code as a module, choose M here: the 947 module will be called act_ctinfo. 948 949config NET_ACT_SKBMOD 950 tristate "skb data modification action" 951 depends on NET_CLS_ACT 952 help 953 Say Y here to allow modification of skb data 954 955 If unsure, say N. 956 957 To compile this code as a module, choose M here: the 958 module will be called act_skbmod. 959 960config NET_ACT_IFE 961 tristate "Inter-FE action based on IETF ForCES InterFE LFB" 962 depends on NET_CLS_ACT 963 select NET_IFE 964 help 965 Say Y here to allow for sourcing and terminating metadata 966 For details refer to netdev01 paper: 967 "Distributing Linux Traffic Control Classifier-Action Subsystem" 968 Authors: Jamal Hadi Salim and Damascene M. Joachimpillai 969 970 To compile this code as a module, choose M here: the 971 module will be called act_ife. 972 973config NET_ACT_TUNNEL_KEY 974 tristate "IP tunnel metadata manipulation" 975 depends on NET_CLS_ACT 976 help 977 Say Y here to set/release ip tunnel metadata. 978 979 If unsure, say N. 980 981 To compile this code as a module, choose M here: the 982 module will be called act_tunnel_key. 983 984config NET_ACT_CT 985 tristate "connection tracking tc action" 986 depends on NET_CLS_ACT && NF_CONNTRACK && (!NF_NAT || NF_NAT) && NF_FLOW_TABLE 987 select NF_CONNTRACK_OVS 988 select NF_NAT_OVS if NF_NAT 989 help 990 Say Y here to allow sending the packets to conntrack module. 991 992 If unsure, say N. 993 994 To compile this code as a module, choose M here: the 995 module will be called act_ct. 996 997config NET_ACT_GATE 998 tristate "Frame gate entry list control tc action" 999 depends on NET_CLS_ACT 1000 help 1001 Say Y here to allow to control the ingress flow to be passed at 1002 specific time slot and be dropped at other specific time slot by 1003 the gate entry list. 1004 1005 If unsure, say N. 1006 To compile this code as a module, choose M here: the 1007 module will be called act_gate. 1008 1009config NET_IFE_SKBMARK 1010 tristate "Support to encoding decoding skb mark on IFE action" 1011 depends on NET_ACT_IFE 1012 1013config NET_IFE_SKBPRIO 1014 tristate "Support to encoding decoding skb prio on IFE action" 1015 depends on NET_ACT_IFE 1016 1017config NET_IFE_SKBTCINDEX 1018 tristate "Support to encoding decoding skb tcindex on IFE action" 1019 depends on NET_ACT_IFE 1020 1021config NET_TC_SKB_EXT 1022 bool "TC recirculation support" 1023 depends on NET_CLS_ACT 1024 select SKB_EXTENSIONS 1025 1026 help 1027 Say Y here to allow tc chain misses to continue in OvS datapath in 1028 the correct recirc_id, and hardware chain misses to continue in 1029 the correct chain in tc software datapath. 1030 1031 Say N here if you won't be using tc<->ovs offload or tc chains offload. 1032 1033endif # NET_SCHED 1034 1035config NET_SCH_FIFO 1036 bool 1037