1# SPDX-License-Identifier: GPL-2.0-only 2# 3# Traffic control configuration. 4# 5 6menuconfig NET_SCHED 7 bool "QoS and/or fair queueing" 8 select NET_SCH_FIFO 9 help 10 When the kernel has several packets to send out over a network 11 device, it has to decide which ones to send first, which ones to 12 delay, and which ones to drop. This is the job of the queueing 13 disciplines, several different algorithms for how to do this 14 "fairly" have been proposed. 15 16 If you say N here, you will get the standard packet scheduler, which 17 is a FIFO (first come, first served). If you say Y here, you will be 18 able to choose from among several alternative algorithms which can 19 then be attached to different network devices. This is useful for 20 example if some of your network devices are real time devices that 21 need a certain minimum data flow rate, or if you need to limit the 22 maximum data flow rate for traffic which matches specified criteria. 23 This code is considered to be experimental. 24 25 To administer these schedulers, you'll need the user-level utilities 26 from the package iproute2+tc at 27 <https://www.kernel.org/pub/linux/utils/net/iproute2/>. That package 28 also contains some documentation; for more, check out 29 <http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2>. 30 31 This Quality of Service (QoS) support will enable you to use 32 Differentiated Services (diffserv) and Resource Reservation Protocol 33 (RSVP) on your Linux router if you also say Y to the corresponding 34 classifiers below. Documentation and software is at 35 <http://diffserv.sourceforge.net/>. 36 37 If you say Y here and to "/proc file system" below, you will be able 38 to read status information about packet schedulers from the file 39 /proc/net/psched. 40 41 The available schedulers are listed in the following questions; you 42 can say Y to as many as you like. If unsure, say N now. 43 44if NET_SCHED 45 46comment "Queueing/Scheduling" 47 48config NET_SCH_HTB 49 tristate "Hierarchical Token Bucket (HTB)" 50 help 51 Say Y here if you want to use the Hierarchical Token Buckets (HTB) 52 packet scheduling algorithm. See 53 <http://luxik.cdi.cz/~devik/qos/htb/> for complete manual and 54 in-depth articles. 55 56 HTB is very similar to CBQ regarding its goals however is has 57 different properties and different algorithm. 58 59 To compile this code as a module, choose M here: the 60 module will be called sch_htb. 61 62config NET_SCH_HFSC 63 tristate "Hierarchical Fair Service Curve (HFSC)" 64 help 65 Say Y here if you want to use the Hierarchical Fair Service Curve 66 (HFSC) packet scheduling algorithm. 67 68 To compile this code as a module, choose M here: the 69 module will be called sch_hfsc. 70 71config NET_SCH_PRIO 72 tristate "Multi Band Priority Queueing (PRIO)" 73 help 74 Say Y here if you want to use an n-band priority queue packet 75 scheduler. 76 77 To compile this code as a module, choose M here: the 78 module will be called sch_prio. 79 80config NET_SCH_MULTIQ 81 tristate "Hardware Multiqueue-aware Multi Band Queuing (MULTIQ)" 82 help 83 Say Y here if you want to use an n-band queue packet scheduler 84 to support devices that have multiple hardware transmit queues. 85 86 To compile this code as a module, choose M here: the 87 module will be called sch_multiq. 88 89config NET_SCH_RED 90 tristate "Random Early Detection (RED)" 91 help 92 Say Y here if you want to use the Random Early Detection (RED) 93 packet scheduling algorithm. 94 95 See the top of <file:net/sched/sch_red.c> for more details. 96 97 To compile this code as a module, choose M here: the 98 module will be called sch_red. 99 100config NET_SCH_SFB 101 tristate "Stochastic Fair Blue (SFB)" 102 help 103 Say Y here if you want to use the Stochastic Fair Blue (SFB) 104 packet scheduling algorithm. 105 106 See the top of <file:net/sched/sch_sfb.c> for more details. 107 108 To compile this code as a module, choose M here: the 109 module will be called sch_sfb. 110 111config NET_SCH_SFQ 112 tristate "Stochastic Fairness Queueing (SFQ)" 113 help 114 Say Y here if you want to use the Stochastic Fairness Queueing (SFQ) 115 packet scheduling algorithm. 116 117 See the top of <file:net/sched/sch_sfq.c> for more details. 118 119 To compile this code as a module, choose M here: the 120 module will be called sch_sfq. 121 122config NET_SCH_TEQL 123 tristate "True Link Equalizer (TEQL)" 124 help 125 Say Y here if you want to use the True Link Equalizer (TLE) packet 126 scheduling algorithm. This queueing discipline allows the combination 127 of several physical devices into one virtual device. 128 129 See the top of <file:net/sched/sch_teql.c> for more details. 130 131 To compile this code as a module, choose M here: the 132 module will be called sch_teql. 133 134config NET_SCH_TBF 135 tristate "Token Bucket Filter (TBF)" 136 help 137 Say Y here if you want to use the Token Bucket Filter (TBF) packet 138 scheduling algorithm. 139 140 See the top of <file:net/sched/sch_tbf.c> for more details. 141 142 To compile this code as a module, choose M here: the 143 module will be called sch_tbf. 144 145config NET_SCH_CBS 146 tristate "Credit Based Shaper (CBS)" 147 help 148 Say Y here if you want to use the Credit Based Shaper (CBS) packet 149 scheduling algorithm. 150 151 See the top of <file:net/sched/sch_cbs.c> for more details. 152 153 To compile this code as a module, choose M here: the 154 module will be called sch_cbs. 155 156config NET_SCH_ETF 157 tristate "Earliest TxTime First (ETF)" 158 help 159 Say Y here if you want to use the Earliest TxTime First (ETF) packet 160 scheduling algorithm. 161 162 See the top of <file:net/sched/sch_etf.c> for more details. 163 164 To compile this code as a module, choose M here: the 165 module will be called sch_etf. 166 167config NET_SCH_MQPRIO_LIB 168 tristate 169 help 170 Common library for manipulating mqprio queue configurations. 171 172config NET_SCH_TAPRIO 173 tristate "Time Aware Priority (taprio) Scheduler" 174 select NET_SCH_MQPRIO_LIB 175 help 176 Say Y here if you want to use the Time Aware Priority (taprio) packet 177 scheduling algorithm. 178 179 See the top of <file:net/sched/sch_taprio.c> for more details. 180 181 To compile this code as a module, choose M here: the 182 module will be called sch_taprio. 183 184config NET_SCH_GRED 185 tristate "Generic Random Early Detection (GRED)" 186 help 187 Say Y here if you want to use the Generic Random Early Detection 188 (GRED) packet scheduling algorithm for some of your network devices 189 (see the top of <file:net/sched/sch_red.c> for details and 190 references about the algorithm). 191 192 To compile this code as a module, choose M here: the 193 module will be called sch_gred. 194 195config NET_SCH_NETEM 196 tristate "Network emulator (NETEM)" 197 help 198 Say Y if you want to emulate network delay, loss, and packet 199 re-ordering. This is often useful to simulate networks when 200 testing applications or protocols. 201 202 To compile this driver as a module, choose M here: the module 203 will be called sch_netem. 204 205 If unsure, say N. 206 207config NET_SCH_DRR 208 tristate "Deficit Round Robin scheduler (DRR)" 209 help 210 Say Y here if you want to use the Deficit Round Robin (DRR) packet 211 scheduling algorithm. 212 213 To compile this driver as a module, choose M here: the module 214 will be called sch_drr. 215 216 If unsure, say N. 217 218config NET_SCH_MQPRIO 219 tristate "Multi-queue priority scheduler (MQPRIO)" 220 select NET_SCH_MQPRIO_LIB 221 help 222 Say Y here if you want to use the Multi-queue Priority scheduler. 223 This scheduler allows QOS to be offloaded on NICs that have support 224 for offloading QOS schedulers. 225 226 To compile this driver as a module, choose M here: the module will 227 be called sch_mqprio. 228 229 If unsure, say N. 230 231config NET_SCH_SKBPRIO 232 tristate "SKB priority queue scheduler (SKBPRIO)" 233 help 234 Say Y here if you want to use the SKB priority queue 235 scheduler. This schedules packets according to skb->priority, 236 which is useful for request packets in DoS mitigation systems such 237 as Gatekeeper. 238 239 To compile this driver as a module, choose M here: the module will 240 be called sch_skbprio. 241 242 If unsure, say N. 243 244config NET_SCH_CHOKE 245 tristate "CHOose and Keep responsive flow scheduler (CHOKE)" 246 help 247 Say Y here if you want to use the CHOKe packet scheduler (CHOose 248 and Keep for responsive flows, CHOose and Kill for unresponsive 249 flows). This is a variation of RED which tries to penalize flows 250 that monopolize the queue. 251 252 To compile this code as a module, choose M here: the 253 module will be called sch_choke. 254 255config NET_SCH_QFQ 256 tristate "Quick Fair Queueing scheduler (QFQ)" 257 help 258 Say Y here if you want to use the Quick Fair Queueing Scheduler (QFQ) 259 packet scheduling algorithm. 260 261 To compile this driver as a module, choose M here: the module 262 will be called sch_qfq. 263 264 If unsure, say N. 265 266config NET_SCH_CODEL 267 tristate "Controlled Delay AQM (CODEL)" 268 help 269 Say Y here if you want to use the Controlled Delay (CODEL) 270 packet scheduling algorithm. 271 272 To compile this driver as a module, choose M here: the module 273 will be called sch_codel. 274 275 If unsure, say N. 276 277config NET_SCH_FQ_CODEL 278 tristate "Fair Queue Controlled Delay AQM (FQ_CODEL)" 279 help 280 Say Y here if you want to use the FQ Controlled Delay (FQ_CODEL) 281 packet scheduling algorithm. 282 283 To compile this driver as a module, choose M here: the module 284 will be called sch_fq_codel. 285 286 If unsure, say N. 287 288config NET_SCH_CAKE 289 tristate "Common Applications Kept Enhanced (CAKE)" 290 help 291 Say Y here if you want to use the Common Applications Kept Enhanced 292 (CAKE) queue management algorithm. 293 294 To compile this driver as a module, choose M here: the module 295 will be called sch_cake. 296 297 If unsure, say N. 298 299config NET_SCH_FQ 300 tristate "Fair Queue" 301 help 302 Say Y here if you want to use the FQ packet scheduling algorithm. 303 304 FQ does flow separation, and is able to respect pacing requirements 305 set by TCP stack into sk->sk_pacing_rate (for locally generated 306 traffic) 307 308 To compile this driver as a module, choose M here: the module 309 will be called sch_fq. 310 311 If unsure, say N. 312 313config NET_SCH_HHF 314 tristate "Heavy-Hitter Filter (HHF)" 315 help 316 Say Y here if you want to use the Heavy-Hitter Filter (HHF) 317 packet scheduling algorithm. 318 319 To compile this driver as a module, choose M here: the module 320 will be called sch_hhf. 321 322config NET_SCH_PIE 323 tristate "Proportional Integral controller Enhanced (PIE) scheduler" 324 help 325 Say Y here if you want to use the Proportional Integral controller 326 Enhanced scheduler packet scheduling algorithm. 327 For more information, please see https://tools.ietf.org/html/rfc8033 328 329 To compile this driver as a module, choose M here: the module 330 will be called sch_pie. 331 332 If unsure, say N. 333 334config NET_SCH_FQ_PIE 335 depends on NET_SCH_PIE 336 tristate "Flow Queue Proportional Integral controller Enhanced (FQ-PIE)" 337 help 338 Say Y here if you want to use the Flow Queue Proportional Integral 339 controller Enhanced (FQ-PIE) packet scheduling algorithm. 340 For more information, please see https://tools.ietf.org/html/rfc8033 341 342 To compile this driver as a module, choose M here: the module 343 will be called sch_fq_pie. 344 345 If unsure, say N. 346 347config NET_SCH_INGRESS 348 tristate "Ingress/classifier-action Qdisc" 349 depends on NET_CLS_ACT 350 select NET_XGRESS 351 help 352 Say Y here if you want to use classifiers for incoming and/or outgoing 353 packets. This qdisc doesn't do anything else besides running classifiers, 354 which can also have actions attached to them. In case of outgoing packets, 355 classifiers that this qdisc holds are executed in the transmit path 356 before real enqueuing to an egress qdisc happens. 357 358 If unsure, say Y. 359 360 To compile this code as a module, choose M here: the module will be 361 called sch_ingress with alias of sch_clsact. 362 363config NET_SCH_PLUG 364 tristate "Plug network traffic until release (PLUG)" 365 help 366 367 This queuing discipline allows userspace to plug/unplug a network 368 output queue, using the netlink interface. When it receives an 369 enqueue command it inserts a plug into the outbound queue that 370 causes following packets to enqueue until a dequeue command arrives 371 over netlink, causing the plug to be removed and resuming the normal 372 packet flow. 373 374 This module also provides a generic "network output buffering" 375 functionality (aka output commit), wherein upon arrival of a dequeue 376 command, only packets up to the first plug are released for delivery. 377 The Remus HA project uses this module to enable speculative execution 378 of virtual machines by allowing the generated network output to be rolled 379 back if needed. 380 381 For more information, please refer to <http://wiki.xenproject.org/wiki/Remus> 382 383 Say Y here if you are using this kernel for Xen dom0 and 384 want to protect Xen guests with Remus. 385 386 To compile this code as a module, choose M here: the 387 module will be called sch_plug. 388 389config NET_SCH_ETS 390 tristate "Enhanced transmission selection scheduler (ETS)" 391 help 392 The Enhanced Transmission Selection scheduler is a classful 393 queuing discipline that merges functionality of PRIO and DRR 394 qdiscs in one scheduler. ETS makes it easy to configure a set of 395 strict and bandwidth-sharing bands to implement the transmission 396 selection described in 802.1Qaz. 397 398 Say Y here if you want to use the ETS packet scheduling 399 algorithm. 400 401 To compile this driver as a module, choose M here: the module 402 will be called sch_ets. 403 404 If unsure, say N. 405 406config NET_SCH_BPF 407 bool "BPF-based Qdisc" 408 depends on BPF_SYSCALL && BPF_JIT && DEBUG_INFO_BTF 409 help 410 This option allows BPF-based queueing disiplines. With BPF struct_ops, 411 users can implement supported operators in Qdisc_ops using BPF programs. 412 The queue holding skb can be built with BPF maps or graphs. 413 414 Say Y here if you want to use BPF-based Qdisc. 415 416 If unsure, say N. 417 418menuconfig NET_SCH_DEFAULT 419 bool "Allow override default queue discipline" 420 help 421 Support for selection of default queuing discipline. 422 423 Nearly all users can safely say no here, and the default 424 of pfifo_fast will be used. Many distributions already set 425 the default value via /proc/sys/net/core/default_qdisc. 426 427 If unsure, say N. 428 429if NET_SCH_DEFAULT 430 431choice 432 prompt "Default queuing discipline" 433 default DEFAULT_PFIFO_FAST 434 help 435 Select the queueing discipline that will be used by default 436 for all network devices. 437 438 config DEFAULT_FQ 439 bool "Fair Queue" if NET_SCH_FQ 440 441 config DEFAULT_CODEL 442 bool "Controlled Delay" if NET_SCH_CODEL 443 444 config DEFAULT_FQ_CODEL 445 bool "Fair Queue Controlled Delay" if NET_SCH_FQ_CODEL 446 447 config DEFAULT_FQ_PIE 448 bool "Flow Queue Proportional Integral controller Enhanced" if NET_SCH_FQ_PIE 449 450 config DEFAULT_SFQ 451 bool "Stochastic Fair Queue" if NET_SCH_SFQ 452 453 config DEFAULT_PFIFO_FAST 454 bool "Priority FIFO Fast" 455endchoice 456 457config DEFAULT_NET_SCH 458 string 459 default "pfifo_fast" if DEFAULT_PFIFO_FAST 460 default "fq" if DEFAULT_FQ 461 default "fq_codel" if DEFAULT_FQ_CODEL 462 default "fq_pie" if DEFAULT_FQ_PIE 463 default "sfq" if DEFAULT_SFQ 464 default "pfifo_fast" 465endif 466 467comment "Classification" 468 469config NET_CLS 470 bool 471 472config NET_CLS_BASIC 473 tristate "Elementary classification (BASIC)" 474 select NET_CLS 475 help 476 Say Y here if you want to be able to classify packets using 477 only extended matches and actions. 478 479 To compile this code as a module, choose M here: the 480 module will be called cls_basic. 481 482config NET_CLS_ROUTE4 483 tristate "Routing decision (ROUTE)" 484 depends on INET 485 select IP_ROUTE_CLASSID 486 select NET_CLS 487 help 488 If you say Y here, you will be able to classify packets 489 according to the route table entry they matched. 490 491 To compile this code as a module, choose M here: the 492 module will be called cls_route. 493 494config NET_CLS_FW 495 tristate "Netfilter mark (FW)" 496 select NET_CLS 497 help 498 If you say Y here, you will be able to classify packets 499 according to netfilter/firewall marks. 500 501 To compile this code as a module, choose M here: the 502 module will be called cls_fw. 503 504config NET_CLS_U32 505 tristate "Universal 32bit comparisons w/ hashing (U32)" 506 select NET_CLS 507 help 508 Say Y here to be able to classify packets using a universal 509 32bit pieces based comparison scheme. 510 511 To compile this code as a module, choose M here: the 512 module will be called cls_u32. 513 514config CLS_U32_PERF 515 bool "Performance counters support" 516 depends on NET_CLS_U32 517 help 518 Say Y here to make u32 gather additional statistics useful for 519 fine tuning u32 classifiers. 520 521config CLS_U32_MARK 522 bool "Netfilter marks support" 523 depends on NET_CLS_U32 524 help 525 Say Y here to be able to use netfilter marks as u32 key. 526 527config NET_CLS_FLOW 528 tristate "Flow classifier" 529 select NET_CLS 530 help 531 If you say Y here, you will be able to classify packets based on 532 a configurable combination of packet keys. This is mostly useful 533 in combination with SFQ. 534 535 To compile this code as a module, choose M here: the 536 module will be called cls_flow. 537 538config NET_CLS_CGROUP 539 tristate "Control Group Classifier" 540 select NET_CLS 541 select CGROUP_NET_CLASSID 542 depends on CGROUPS 543 help 544 Say Y here if you want to classify packets based on the control 545 cgroup of their process. 546 547 To compile this code as a module, choose M here: the 548 module will be called cls_cgroup. 549 550config NET_CLS_BPF 551 tristate "BPF-based classifier" 552 select NET_CLS 553 help 554 If you say Y here, you will be able to classify packets based on 555 programmable BPF (JIT'ed) filters as an alternative to ematches. 556 557 To compile this code as a module, choose M here: the module will 558 be called cls_bpf. 559 560config NET_CLS_FLOWER 561 tristate "Flower classifier" 562 select NET_CLS 563 help 564 If you say Y here, you will be able to classify packets based on 565 a configurable combination of packet keys and masks. 566 567 To compile this code as a module, choose M here: the module will 568 be called cls_flower. 569 570config NET_CLS_MATCHALL 571 tristate "Match-all classifier" 572 select NET_CLS 573 help 574 If you say Y here, you will be able to classify packets based on 575 nothing. Every packet will match. 576 577 To compile this code as a module, choose M here: the module will 578 be called cls_matchall. 579 580config NET_EMATCH 581 bool "Extended Matches" 582 select NET_CLS 583 help 584 Say Y here if you want to use extended matches on top of classifiers 585 and select the extended matches below. 586 587 Extended matches are small classification helpers not worth writing 588 a separate classifier for. 589 590 A recent version of the iproute2 package is required to use 591 extended matches. 592 593config NET_EMATCH_STACK 594 int "Stack size" 595 depends on NET_EMATCH 596 default "32" 597 help 598 Size of the local stack variable used while evaluating the tree of 599 ematches. Limits the depth of the tree, i.e. the number of 600 encapsulated precedences. Every level requires 4 bytes of additional 601 stack space. 602 603config NET_EMATCH_CMP 604 tristate "Simple packet data comparison" 605 depends on NET_EMATCH 606 help 607 Say Y here if you want to be able to classify packets based on 608 simple packet data comparisons for 8, 16, and 32bit values. 609 610 To compile this code as a module, choose M here: the 611 module will be called em_cmp. 612 613config NET_EMATCH_NBYTE 614 tristate "Multi byte comparison" 615 depends on NET_EMATCH 616 help 617 Say Y here if you want to be able to classify packets based on 618 multiple byte comparisons mainly useful for IPv6 address comparisons. 619 620 To compile this code as a module, choose M here: the 621 module will be called em_nbyte. 622 623config NET_EMATCH_U32 624 tristate "U32 key" 625 depends on NET_EMATCH 626 help 627 Say Y here if you want to be able to classify packets using 628 the famous u32 key in combination with logic relations. 629 630 To compile this code as a module, choose M here: the 631 module will be called em_u32. 632 633config NET_EMATCH_META 634 tristate "Metadata" 635 depends on NET_EMATCH 636 help 637 Say Y here if you want to be able to classify packets based on 638 metadata such as load average, netfilter attributes, socket 639 attributes and routing decisions. 640 641 To compile this code as a module, choose M here: the 642 module will be called em_meta. 643 644config NET_EMATCH_TEXT 645 tristate "Textsearch" 646 depends on NET_EMATCH 647 select TEXTSEARCH 648 select TEXTSEARCH_KMP 649 select TEXTSEARCH_BM 650 select TEXTSEARCH_FSM 651 help 652 Say Y here if you want to be able to classify packets based on 653 textsearch comparisons. 654 655 To compile this code as a module, choose M here: the 656 module will be called em_text. 657 658config NET_EMATCH_CANID 659 tristate "CAN Identifier" 660 depends on NET_EMATCH && (CAN=y || CAN=m) 661 help 662 Say Y here if you want to be able to classify CAN frames based 663 on CAN Identifier. 664 665 To compile this code as a module, choose M here: the 666 module will be called em_canid. 667 668config NET_EMATCH_IPSET 669 tristate "IPset" 670 depends on NET_EMATCH && IP_SET 671 help 672 Say Y here if you want to be able to classify packets based on 673 ipset membership. 674 675 To compile this code as a module, choose M here: the 676 module will be called em_ipset. 677 678config NET_EMATCH_IPT 679 tristate "IPtables Matches" 680 depends on NET_EMATCH && NETFILTER && NETFILTER_XTABLES 681 help 682 Say Y here to be able to classify packets based on iptables 683 matches. 684 Current supported match is "policy" which allows packet classification 685 based on IPsec policy that was used during decapsulation 686 687 To compile this code as a module, choose M here: the 688 module will be called em_ipt. 689 690config NET_CLS_ACT 691 bool "Actions" 692 select NET_CLS 693 select NET_XGRESS 694 help 695 Say Y here if you want to use traffic control actions. Actions 696 get attached to classifiers and are invoked after a successful 697 classification. They are used to overwrite the classification 698 result, instantly drop or redirect packets, etc. 699 700 A recent version of the iproute2 package is required to use 701 extended matches. 702 703config NET_ACT_POLICE 704 tristate "Traffic Policing" 705 depends on NET_CLS_ACT 706 help 707 Say Y here if you want to do traffic policing, i.e. strict 708 bandwidth limiting. This action replaces the existing policing 709 module. 710 711 To compile this code as a module, choose M here: the 712 module will be called act_police. 713 714config NET_ACT_GACT 715 tristate "Generic actions" 716 depends on NET_CLS_ACT 717 help 718 Say Y here to take generic actions such as dropping and 719 accepting packets. 720 721 To compile this code as a module, choose M here: the 722 module will be called act_gact. 723 724config GACT_PROB 725 bool "Probability support" 726 depends on NET_ACT_GACT 727 help 728 Say Y here to use the generic action randomly or deterministically. 729 730config NET_ACT_MIRRED 731 tristate "Redirecting and Mirroring" 732 depends on NET_CLS_ACT 733 help 734 Say Y here to allow packets to be mirrored or redirected to 735 other devices. 736 737 To compile this code as a module, choose M here: the 738 module will be called act_mirred. 739 740config NET_ACT_SAMPLE 741 tristate "Traffic Sampling" 742 depends on NET_CLS_ACT 743 select PSAMPLE 744 help 745 Say Y here to allow packet sampling tc action. The packet sample 746 action consists of statistically choosing packets and sampling 747 them using the psample module. 748 749 To compile this code as a module, choose M here: the 750 module will be called act_sample. 751 752config NET_ACT_NAT 753 tristate "Stateless NAT" 754 depends on NET_CLS_ACT 755 help 756 Say Y here to do stateless NAT on IPv4 packets. You should use 757 netfilter for NAT unless you know what you are doing. 758 759 To compile this code as a module, choose M here: the 760 module will be called act_nat. 761 762config NET_ACT_PEDIT 763 tristate "Packet Editing" 764 depends on NET_CLS_ACT 765 help 766 Say Y here if you want to mangle the content of packets. 767 768 To compile this code as a module, choose M here: the 769 module will be called act_pedit. 770 771config NET_ACT_SIMP 772 tristate "Simple Example (Debug)" 773 depends on NET_CLS_ACT 774 help 775 Say Y here to add a simple action for demonstration purposes. 776 It is meant as an example and for debugging purposes. It will 777 print a configured policy string followed by the packet count 778 to the console for every packet that passes by. 779 780 If unsure, say N. 781 782 To compile this code as a module, choose M here: the 783 module will be called act_simple. 784 785config NET_ACT_SKBEDIT 786 tristate "SKB Editing" 787 depends on NET_CLS_ACT 788 help 789 Say Y here to change skb priority or queue_mapping settings. 790 791 If unsure, say N. 792 793 To compile this code as a module, choose M here: the 794 module will be called act_skbedit. 795 796config NET_ACT_CSUM 797 tristate "Checksum Updating" 798 depends on NET_CLS_ACT && INET 799 select NET_CRC32C 800 help 801 Say Y here to update some common checksum after some direct 802 packet alterations. 803 804 To compile this code as a module, choose M here: the 805 module will be called act_csum. 806 807config NET_ACT_MPLS 808 tristate "MPLS manipulation" 809 depends on NET_CLS_ACT 810 help 811 Say Y here to push or pop MPLS headers. 812 813 If unsure, say N. 814 815 To compile this code as a module, choose M here: the 816 module will be called act_mpls. 817 818config NET_ACT_VLAN 819 tristate "Vlan manipulation" 820 depends on NET_CLS_ACT 821 help 822 Say Y here to push or pop vlan headers. 823 824 If unsure, say N. 825 826 To compile this code as a module, choose M here: the 827 module will be called act_vlan. 828 829config NET_ACT_BPF 830 tristate "BPF based action" 831 depends on NET_CLS_ACT 832 help 833 Say Y here to execute BPF code on packets. The BPF code will decide 834 if the packet should be dropped or not. 835 836 If unsure, say N. 837 838 To compile this code as a module, choose M here: the 839 module will be called act_bpf. 840 841config NET_ACT_CONNMARK 842 tristate "Netfilter Connection Mark Retriever" 843 depends on NET_CLS_ACT && NETFILTER 844 depends on NF_CONNTRACK && NF_CONNTRACK_MARK 845 help 846 Say Y here to allow retrieving of conn mark 847 848 If unsure, say N. 849 850 To compile this code as a module, choose M here: the 851 module will be called act_connmark. 852 853config NET_ACT_CTINFO 854 tristate "Netfilter Connection Mark Actions" 855 depends on NET_CLS_ACT && NETFILTER 856 depends on NF_CONNTRACK && NF_CONNTRACK_MARK 857 help 858 Say Y here to allow transfer of a connmark stored information. 859 Current actions transfer connmark stored DSCP into 860 ipv4/v6 diffserv and/or to transfer connmark to packet 861 mark. Both are useful for restoring egress based marks 862 back onto ingress connections for qdisc priority mapping 863 purposes. 864 865 If unsure, say N. 866 867 To compile this code as a module, choose M here: the 868 module will be called act_ctinfo. 869 870config NET_ACT_SKBMOD 871 tristate "skb data modification action" 872 depends on NET_CLS_ACT 873 help 874 Say Y here to allow modification of skb data 875 876 If unsure, say N. 877 878 To compile this code as a module, choose M here: the 879 module will be called act_skbmod. 880 881config NET_ACT_IFE 882 tristate "Inter-FE action based on IETF ForCES InterFE LFB" 883 depends on NET_CLS_ACT 884 select NET_IFE 885 help 886 Say Y here to allow for sourcing and terminating metadata 887 For details refer to netdev01 paper: 888 "Distributing Linux Traffic Control Classifier-Action Subsystem" 889 Authors: Jamal Hadi Salim and Damascene M. Joachimpillai 890 891 To compile this code as a module, choose M here: the 892 module will be called act_ife. 893 894config NET_ACT_TUNNEL_KEY 895 tristate "IP tunnel metadata manipulation" 896 depends on NET_CLS_ACT 897 help 898 Say Y here to set/release ip tunnel metadata. 899 900 If unsure, say N. 901 902 To compile this code as a module, choose M here: the 903 module will be called act_tunnel_key. 904 905config NET_ACT_CT 906 tristate "connection tracking tc action" 907 depends on NET_CLS_ACT && NF_CONNTRACK && (!NF_NAT || NF_NAT) && NF_FLOW_TABLE 908 select NF_CONNTRACK_OVS 909 select NF_NAT_OVS if NF_NAT 910 help 911 Say Y here to allow sending the packets to conntrack module. 912 913 If unsure, say N. 914 915 To compile this code as a module, choose M here: the 916 module will be called act_ct. 917 918config NET_ACT_GATE 919 tristate "Frame gate entry list control tc action" 920 depends on NET_CLS_ACT 921 help 922 Say Y here to allow to control the ingress flow to be passed at 923 specific time slot and be dropped at other specific time slot by 924 the gate entry list. 925 926 If unsure, say N. 927 To compile this code as a module, choose M here: the 928 module will be called act_gate. 929 930config NET_IFE_SKBMARK 931 tristate "Support to encoding decoding skb mark on IFE action" 932 depends on NET_ACT_IFE 933 934config NET_IFE_SKBPRIO 935 tristate "Support to encoding decoding skb prio on IFE action" 936 depends on NET_ACT_IFE 937 938config NET_IFE_SKBTCINDEX 939 tristate "Support to encoding decoding skb tcindex on IFE action" 940 depends on NET_ACT_IFE 941 942config NET_TC_SKB_EXT 943 bool "TC recirculation support" 944 depends on NET_CLS_ACT 945 select SKB_EXTENSIONS 946 947 help 948 Say Y here to allow tc chain misses to continue in OvS datapath in 949 the correct recirc_id, and hardware chain misses to continue in 950 the correct chain in tc software datapath. 951 952 Say N here if you won't be using tc<->ovs offload or tc chains offload. 953 954endif # NET_SCHED 955 956config NET_SCH_FIFO 957 bool 958