1ec8f24b7SThomas Gleixner# SPDX-License-Identifier: GPL-2.0-only 21da177e4SLinus Torvalds# 31da177e4SLinus Torvalds# Network configuration 41da177e4SLinus Torvalds# 51da177e4SLinus Torvalds 6031cf19eSRobert P. J. Daymenuconfig NET 71da177e4SLinus Torvalds bool "Networking support" 8e9cc8bddSGeert Uytterhoeven select NLATTR 94cd5773aSAndy Shevchenko select GENERIC_NET_UTILS 10f89b7755SAlexei Starovoitov select BPF 11a7f7f624SMasahiro Yamada help 121da177e4SLinus Torvalds Unless you really know what you are doing, you should say Y here. 131da177e4SLinus Torvalds The reason is that some programs need kernel networking support even 141da177e4SLinus Torvalds when running on a stand-alone machine that isn't connected to any 15d5950b43SSam Ravnborg other computer. 16d5950b43SSam Ravnborg 17d5950b43SSam Ravnborg If you are upgrading from an older kernel, you 181da177e4SLinus Torvalds should consider updating your networking tools too because changes 191da177e4SLinus Torvalds in the kernel and the tools often go hand in hand. The tools are 201da177e4SLinus Torvalds contained in the package net-tools, the location and version number 211da177e4SLinus Torvalds of which are given in <file:Documentation/Changes>. 221da177e4SLinus Torvalds 231da177e4SLinus Torvalds For a general introduction to Linux networking, it is highly 241da177e4SLinus Torvalds recommended to read the NET-HOWTO, available from 251da177e4SLinus Torvalds <http://www.tldp.org/docs.html#howto>. 261da177e4SLinus Torvalds 276a2e9b73SSam Ravnborgif NET 286a2e9b73SSam Ravnborg 291dacc76dSJohannes Bergconfig WANT_COMPAT_NETLINK_MESSAGES 301dacc76dSJohannes Berg bool 311dacc76dSJohannes Berg help 321dacc76dSJohannes Berg This option can be selected by other options that need compat 331dacc76dSJohannes Berg netlink messages. 341dacc76dSJohannes Berg 351dacc76dSJohannes Bergconfig COMPAT_NETLINK_MESSAGES 361dacc76dSJohannes Berg def_bool y 371dacc76dSJohannes Berg depends on COMPAT 3840b53d8aSDavid S. Miller depends on WEXT_CORE || WANT_COMPAT_NETLINK_MESSAGES 391dacc76dSJohannes Berg help 401dacc76dSJohannes Berg This option makes it possible to send different netlink messages 411dacc76dSJohannes Berg to tasks depending on whether the task is a compat task or not. To 421dacc76dSJohannes Berg achieve this, you need to set skb_shinfo(skb)->frag_list to the 431dacc76dSJohannes Berg compat skb before sending the skb, the netlink code will sort out 441dacc76dSJohannes Berg which message to actually pass to the task. 451dacc76dSJohannes Berg 461dacc76dSJohannes Berg Newly written code should NEVER need this option but do 471dacc76dSJohannes Berg compat-independent messages instead! 481dacc76dSJohannes Berg 491cf51900SPablo Neiraconfig NET_INGRESS 501cf51900SPablo Neira bool 511cf51900SPablo Neira 521f211a1bSDaniel Borkmannconfig NET_EGRESS 531f211a1bSDaniel Borkmann bool 541f211a1bSDaniel Borkmann 55e420bed0SDaniel Borkmannconfig NET_XGRESS 56e420bed0SDaniel Borkmann select NET_INGRESS 57e420bed0SDaniel Borkmann select NET_EGRESS 58e420bed0SDaniel Borkmann bool 59e420bed0SDaniel Borkmann 602c64605bSPablo Neira Ayusoconfig NET_REDIRECT 612c64605bSPablo Neira Ayuso bool 622c64605bSPablo Neira Ayuso 639f06f87fSJakub Kicinskiconfig SKB_DECRYPTED 649f06f87fSJakub Kicinski bool 659f06f87fSJakub Kicinski 66df5042f4SFlorian Westphalconfig SKB_EXTENSIONS 67df5042f4SFlorian Westphal bool 68df5042f4SFlorian Westphal 69170aafe3SMina Almasryconfig NET_DEVMEM 70170aafe3SMina Almasry def_bool y 71cb575e5eSSaeed Mahameed select GENERIC_ALLOCATOR 72170aafe3SMina Almasry depends on DMA_SHARED_BUFFER 7326d74602SMina Almasry depends on PAGE_POOL 74170aafe3SMina Almasry 7504e65df9SPaolo Abeniconfig NET_SHAPER 7604e65df9SPaolo Abeni bool 7704e65df9SPaolo Abeni 7855d22ee0SEric Biggersconfig NET_CRC32C 7955d22ee0SEric Biggers bool 8055d22ee0SEric Biggers select CRC32 8155d22ee0SEric Biggers 821da177e4SLinus Torvaldsmenu "Networking options" 831da177e4SLinus Torvalds 846a2e9b73SSam Ravnborgsource "net/packet/Kconfig" 8500c94ca2SJakub Kicinskisource "net/psp/Kconfig" 866a2e9b73SSam Ravnborgsource "net/unix/Kconfig" 873c4d7559SDave Watsonsource "net/tls/Kconfig" 886a2e9b73SSam Ravnborgsource "net/xfrm/Kconfig" 892356f4cbSMartin Schwidefskysource "net/iucv/Kconfig" 90ac713874SUrsula Braunsource "net/smc/Kconfig" 91*35758b00SAlexandra Wintersource "drivers/dibs/Kconfig" 9268e8b849SBjörn Töpelsource "net/xdp/Kconfig" 931da177e4SLinus Torvalds 943b3009eaSChuck Leverconfig NET_HANDSHAKE 953b3009eaSChuck Lever bool 963b3009eaSChuck Lever depends on SUNRPC || NVME_TARGET_TCP || NVME_TCP 973b3009eaSChuck Lever default y 983b3009eaSChuck Lever 9988232ec1SChuck Leverconfig NET_HANDSHAKE_KUNIT_TEST 10088232ec1SChuck Lever tristate "KUnit tests for the handshake upcall mechanism" if !KUNIT_ALL_TESTS 10188232ec1SChuck Lever default KUNIT_ALL_TESTS 10288232ec1SChuck Lever depends on KUNIT 10388232ec1SChuck Lever help 10488232ec1SChuck Lever This builds the KUnit tests for the handshake upcall mechanism. 10588232ec1SChuck Lever 10688232ec1SChuck Lever KUnit tests run during boot and output the results to the debug 10788232ec1SChuck Lever log in TAP format (https://testanything.org/). Only useful for 10888232ec1SChuck Lever kernel devs running KUnit test harness and are not for inclusion 10988232ec1SChuck Lever into a production build. 11088232ec1SChuck Lever 11188232ec1SChuck Lever For more information on KUnit and unit tests in general, refer 11288232ec1SChuck Lever to the KUnit documentation in Documentation/dev-tools/kunit/. 11388232ec1SChuck Lever 1141da177e4SLinus Torvaldsconfig INET 1151da177e4SLinus Torvalds bool "TCP/IP networking" 116a7f7f624SMasahiro Yamada help 1171da177e4SLinus Torvalds These are the protocols used on the Internet and on most local 1181da177e4SLinus Torvalds Ethernets. It is highly recommended to say Y here (this will enlarge 119cf80efc2SYOSHIFUJI Hideaki your kernel by about 400 KB), since some programs (e.g. the X window 1201da177e4SLinus Torvalds system) use TCP/IP even if your machine is not connected to any 1211da177e4SLinus Torvalds other computer. You will get the so-called loopback device which 1221da177e4SLinus Torvalds allows you to ping yourself (great fun, that!). 1231da177e4SLinus Torvalds 1241da177e4SLinus Torvalds For an excellent introduction to Linux networking, please read the 1251da177e4SLinus Torvalds Linux Networking HOWTO, available from 1261da177e4SLinus Torvalds <http://www.tldp.org/docs.html#howto>. 1271da177e4SLinus Torvalds 1281da177e4SLinus Torvalds If you say Y here and also to "/proc file system support" and 1291da177e4SLinus Torvalds "Sysctl support" below, you can change various aspects of the 1301da177e4SLinus Torvalds behavior of the TCP/IP code by writing to the (virtual) files in 1311da177e4SLinus Torvalds /proc/sys/net/ipv4/*; the options are explained in the file 1321cec2cacSMauro Carvalho Chehab <file:Documentation/networking/ip-sysctl.rst>. 1331da177e4SLinus Torvalds 1341da177e4SLinus Torvalds Short answer: say Y. 1351da177e4SLinus Torvalds 1366a2e9b73SSam Ravnborgif INET 1371da177e4SLinus Torvaldssource "net/ipv4/Kconfig" 1381da177e4SLinus Torvaldssource "net/ipv6/Kconfig" 13938c94377SPaul Mooresource "net/netlabel/Kconfig" 140f870fa0bSMat Martineausource "net/mptcp/Kconfig" 1411da177e4SLinus Torvalds 1426a2e9b73SSam Ravnborgendif # if INET 1436a2e9b73SSam Ravnborg 144984bc16cSJames Morrisconfig NETWORK_SECMARK 145984bc16cSJames Morris bool "Security Marking" 146984bc16cSJames Morris help 147984bc16cSJames Morris This enables security marking of network packets, similar 148984bc16cSJames Morris to nfmark, but designated for security purposes. 149984bc16cSJames Morris If you are unsure how to answer this question, answer N. 150984bc16cSJames Morris 151408eccceSDaniel Borkmannconfig NET_PTP_CLASSIFY 152408eccceSDaniel Borkmann def_bool n 153408eccceSDaniel Borkmann 154c1f19b51SRichard Cochranconfig NETWORK_PHY_TIMESTAMPING 155c1f19b51SRichard Cochran bool "Timestamping in PHY devices" 156408eccceSDaniel Borkmann select NET_PTP_CLASSIFY 157c1f19b51SRichard Cochran help 158767ff483SRichard Cochran This allows timestamping of network packets by PHYs (or 159767ff483SRichard Cochran other MII bus snooping devices) with hardware timestamping 160767ff483SRichard Cochran capabilities. This option adds some overhead in the transmit 161767ff483SRichard Cochran and receive paths. 162c1f19b51SRichard Cochran 163c1f19b51SRichard Cochran If you are unsure how to answer this question, answer N. 164c1f19b51SRichard Cochran 1651da177e4SLinus Torvaldsmenuconfig NETFILTER 166ef91fd52SPablo Neira Ayuso bool "Network packet filtering framework (Netfilter)" 167a7f7f624SMasahiro Yamada help 1681da177e4SLinus Torvalds Netfilter is a framework for filtering and mangling network packets 1691da177e4SLinus Torvalds that pass through your Linux box. 1701da177e4SLinus Torvalds 1711da177e4SLinus Torvalds The most common use of packet filtering is to run your Linux box as 1721da177e4SLinus Torvalds a firewall protecting a local network from the Internet. The type of 1731da177e4SLinus Torvalds firewall provided by this kernel support is called a "packet 1741da177e4SLinus Torvalds filter", which means that it can reject individual network packets 1751da177e4SLinus Torvalds based on type, source, destination etc. The other kind of firewall, 1761da177e4SLinus Torvalds a "proxy-based" one, is more secure but more intrusive and more 1771da177e4SLinus Torvalds bothersome to set up; it inspects the network traffic much more 1781da177e4SLinus Torvalds closely, modifies it and has knowledge about the higher level 1791da177e4SLinus Torvalds protocols, which a packet filter lacks. Moreover, proxy-based 1801da177e4SLinus Torvalds firewalls often require changes to the programs running on the local 1811da177e4SLinus Torvalds clients. Proxy-based firewalls don't need support by the kernel, but 1821da177e4SLinus Torvalds they are often combined with a packet filter, which only works if 1831da177e4SLinus Torvalds you say Y here. 1841da177e4SLinus Torvalds 1851da177e4SLinus Torvalds You should also say Y here if you intend to use your Linux box as 1861da177e4SLinus Torvalds the gateway to the Internet for a local network of machines without 1871da177e4SLinus Torvalds globally valid IP addresses. This is called "masquerading": if one 1881da177e4SLinus Torvalds of the computers on your local network wants to send something to 1891da177e4SLinus Torvalds the outside, your box can "masquerade" as that computer, i.e. it 1901da177e4SLinus Torvalds forwards the traffic to the intended outside destination, but 1911da177e4SLinus Torvalds modifies the packets to make it look like they came from the 1921da177e4SLinus Torvalds firewall box itself. It works both ways: if the outside host 1931da177e4SLinus Torvalds replies, the Linux box will silently forward the traffic to the 1941da177e4SLinus Torvalds correct local computer. This way, the computers on your local net 1951da177e4SLinus Torvalds are completely invisible to the outside world, even though they can 1961da177e4SLinus Torvalds reach the outside and can receive replies. It is even possible to 1971da177e4SLinus Torvalds run globally visible servers from within a masqueraded local network 1981da177e4SLinus Torvalds using a mechanism called portforwarding. Masquerading is also often 1991da177e4SLinus Torvalds called NAT (Network Address Translation). 2001da177e4SLinus Torvalds 2011da177e4SLinus Torvalds Another use of Netfilter is in transparent proxying: if a machine on 2021da177e4SLinus Torvalds the local network tries to connect to an outside host, your Linux 2031da177e4SLinus Torvalds box can transparently forward the traffic to a local server, 2041da177e4SLinus Torvalds typically a caching proxy server. 2051da177e4SLinus Torvalds 2061da177e4SLinus Torvalds Yet another use of Netfilter is building a bridging firewall. Using 2071da177e4SLinus Torvalds a bridge with Network packet filtering enabled makes iptables "see" 2081da177e4SLinus Torvalds the bridged traffic. For filtering on the lower network and Ethernet 2091da177e4SLinus Torvalds protocols over the bridge, use ebtables (under bridge netfilter 2101da177e4SLinus Torvalds configuration). 2111da177e4SLinus Torvalds 2121da177e4SLinus Torvalds Various modules exist for netfilter which replace the previous 2131da177e4SLinus Torvalds masquerading (ipmasqadm), packet filtering (ipchains), transparent 2141da177e4SLinus Torvalds proxying, and portforwarding mechanisms. Please see 2151da177e4SLinus Torvalds <file:Documentation/Changes> under "iptables" for the location of 2161da177e4SLinus Torvalds these packages. 2171da177e4SLinus Torvalds 2181da177e4SLinus Torvaldsif NETFILTER 2191da177e4SLinus Torvalds 22033b8e776SPatrick McHardyconfig NETFILTER_ADVANCED 22133b8e776SPatrick McHardy bool "Advanced netfilter configuration" 22233b8e776SPatrick McHardy depends on NETFILTER 22333b8e776SPatrick McHardy default y 22433b8e776SPatrick McHardy help 22533b8e776SPatrick McHardy If you say Y here you can select between all the netfilter modules. 226692105b8SMatt LaPlante If you say N the more unusual ones will not be shown and the 22733b8e776SPatrick McHardy basic ones needed by most people will default to 'M'. 22833b8e776SPatrick McHardy 22933b8e776SPatrick McHardy If unsure, say Y. 23033b8e776SPatrick McHardy 2311da177e4SLinus Torvaldsconfig BRIDGE_NETFILTER 23234666d46SPablo Neira Ayuso tristate "Bridged IP/ARP packets filtering" 23357f5877cSFlorian Westphal depends on BRIDGE 23434666d46SPablo Neira Ayuso depends on NETFILTER && INET 23533b8e776SPatrick McHardy depends on NETFILTER_ADVANCED 2362a95183aSFlorian Westphal select NETFILTER_FAMILY_BRIDGE 237de8bda1dSFlorian Westphal select SKB_EXTENSIONS 238a7f7f624SMasahiro Yamada help 2391da177e4SLinus Torvalds Enabling this option will let arptables resp. iptables see bridged 2401da177e4SLinus Torvalds ARP resp. IP traffic. If you want a bridging firewall, you probably 2411da177e4SLinus Torvalds want this option enabled. 2421da177e4SLinus Torvalds Enabling or disabling this option doesn't enable or disable 2431da177e4SLinus Torvalds ebtables. 2441da177e4SLinus Torvalds 2451da177e4SLinus Torvalds If unsure, say N. 2461da177e4SLinus Torvalds 2479eb0eec7SHarald Weltesource "net/netfilter/Kconfig" 2481da177e4SLinus Torvaldssource "net/ipv4/netfilter/Kconfig" 2491da177e4SLinus Torvaldssource "net/ipv6/netfilter/Kconfig" 2501da177e4SLinus Torvaldssource "net/bridge/netfilter/Kconfig" 2511da177e4SLinus Torvalds 252b2dd6eb0SRandy Dunlapendif # if NETFILTER 2531da177e4SLinus Torvalds 2541da177e4SLinus Torvaldssource "net/sctp/Kconfig" 255fe17f84fSAndy Groversource "net/rds/Kconfig" 2561e63e681SPer Lidensource "net/tipc/Kconfig" 2576a2e9b73SSam Ravnborgsource "net/atm/Kconfig" 258fd558d18SJames Chapmansource "net/l2tp/Kconfig" 259a19800d7SPatrick McHardysource "net/802/Kconfig" 2606a2e9b73SSam Ravnborgsource "net/bridge/Kconfig" 26191da11f8SLennert Buytenheksource "net/dsa/Kconfig" 2626a2e9b73SSam Ravnborgsource "net/8021q/Kconfig" 2631da177e4SLinus Torvaldssource "net/llc/Kconfig" 2641dab4713SArnd Bergmannsource "net/appletalk/Kconfig" 2656a2e9b73SSam Ravnborgsource "net/x25/Kconfig" 2666a2e9b73SSam Ravnborgsource "net/lapb/Kconfig" 2675075138dSremi.denis-courmont@nokiasource "net/phonet/Kconfig" 2682c6bed7cSAlexander Aringsource "net/6lowpan/Kconfig" 2699ec76716SSergey Lapinsource "net/ieee802154/Kconfig" 2701010f540Salex.bluesman.smirnov@gmail.comsource "net/mac802154/Kconfig" 2711da177e4SLinus Torvaldssource "net/sched/Kconfig" 2722f90b865SAlexander Duycksource "net/dcb/Kconfig" 2731a4240f4SWang Leisource "net/dns_resolver/Kconfig" 274c6c8fea2SSven Eckelmannsource "net/batman-adv/Kconfig" 275ccb1352eSJesse Grosssource "net/openvswitch/Kconfig" 276d021c344SAndy Kingsource "net/vmw_vsock/Kconfig" 277eaaa3139SAndrey Vaginsource "net/netlink/Kconfig" 2780d89d203SSimon Hormansource "net/mpls/Kconfig" 279c411ed85SJiri Bencsource "net/nsh/Kconfig" 280f421436aSArvid Brodinsource "net/hsr/Kconfig" 281007f790cSJiri Pirkosource "net/switchdev/Kconfig" 2821b69c6d0SDavid Ahernsource "net/l3mdev/Kconfig" 283bdabad3eSCourtney Cavinsource "net/qrtr/Kconfig" 2842d283bddSGavin Shansource "net/ncsi/Kconfig" 2851da177e4SLinus Torvalds 286919067ccSEric Dumazetconfig PCPU_DEV_REFCNT 287919067ccSEric Dumazet bool "Use percpu variables to maintain network device refcount" 288919067ccSEric Dumazet depends on SMP 289919067ccSEric Dumazet default y 290919067ccSEric Dumazet help 291919067ccSEric Dumazet network device refcount are using per cpu variables if this option is set. 292919067ccSEric Dumazet This can be forced to N to detect underflows (with a performance drop). 293919067ccSEric Dumazet 2943948b059SEric Dumazetconfig MAX_SKB_FRAGS 2953948b059SEric Dumazet int "Maximum number of fragments per skb_shared_info" 2963948b059SEric Dumazet range 17 45 2973948b059SEric Dumazet default 17 2983948b059SEric Dumazet help 2993948b059SEric Dumazet Having more fragments per skb_shared_info can help GRO efficiency. 3003948b059SEric Dumazet This helps BIG TCP workloads, but might expose bugs in some 3013948b059SEric Dumazet legacy drivers. 3023948b059SEric Dumazet This also increases memory overhead of small packets, 3033948b059SEric Dumazet and in drivers using build_skb(). 3043948b059SEric Dumazet If unsure, say 17. 3053948b059SEric Dumazet 306df334545SEric Dumazetconfig RPS 3079b6a30feSJason Xing bool "Receive packet steering" 308044c8d4bSYuanhan Liu depends on SMP && SYSFS 309df334545SEric Dumazet default y 3109b6a30feSJason Xing help 3119b6a30feSJason Xing Software receive side packet steering (RPS) distributes the 3129b6a30feSJason Xing load of received packet processing across multiple CPUs. 313df334545SEric Dumazet 314c445477dSBen Hutchingsconfig RFS_ACCEL 3159b6a30feSJason Xing bool "Hardware acceleration of RFS" 3160244ad00SMartin Schwidefsky depends on RPS 317c445477dSBen Hutchings select CPU_RMAP 318c445477dSBen Hutchings default y 3199b6a30feSJason Xing help 3209b6a30feSJason Xing Allowing drivers for multiqueue hardware with flow filter tables to 3219b6a30feSJason Xing accelerate RFS. 322c445477dSBen Hutchings 3234e1beeccSTariq Toukanconfig SOCK_RX_QUEUE_MAPPING 3244e1beeccSTariq Toukan bool 3254e1beeccSTariq Toukan 326bf264145STom Herbertconfig XPS 3276341e62bSChristoph Jaeger bool 328044c8d4bSYuanhan Liu depends on SMP 3294e1beeccSTariq Toukan select SOCK_RX_QUEUE_MAPPING 330bf264145STom Herbert default y 331bf264145STom Herbert 3328cb2d8bfSGregory CLEMENTconfig HWBM 3338cb2d8bfSGregory CLEMENT bool 3348cb2d8bfSGregory CLEMENT 33586f8515fSDaniel Borkmannconfig CGROUP_NET_PRIO 336af636337STejun Heo bool "Network priority cgroup" 3375bc1421eSNeil Horman depends on CGROUPS 3382a56a1feSTejun Heo select SOCK_CGROUP_DATA 339a7f7f624SMasahiro Yamada help 3405bc1421eSNeil Horman Cgroup subsystem for use in assigning processes to network priorities on 34186f8515fSDaniel Borkmann a per-interface basis. 3425bc1421eSNeil Horman 343fe1217c4SDaniel Borkmannconfig CGROUP_NET_CLASSID 3446341e62bSChristoph Jaeger bool "Network classid cgroup" 345fe1217c4SDaniel Borkmann depends on CGROUPS 3462a56a1feSTejun Heo select SOCK_CGROUP_DATA 347a7f7f624SMasahiro Yamada help 348fe1217c4SDaniel Borkmann Cgroup subsystem for use as general purpose socket classid marker that is 349fe1217c4SDaniel Borkmann being used in cls_cgroup and for netfilter matching. 350fe1217c4SDaniel Borkmann 351e0d1095aSCong Wangconfig NET_RX_BUSY_POLL 3526341e62bSChristoph Jaeger bool 353c857946aSKurt Kanzenbach default y if !PREEMPT_RT || (PREEMPT_RT && !NETCONSOLE) 35406021292SEliezer Tamir 355114cf580STom Herbertconfig BQL 3566341e62bSChristoph Jaeger bool 357ea7f3cfaSBreno Leitao prompt "Enable Byte Queue Limits" 358114cf580STom Herbert depends on SYSFS 359114cf580STom Herbert select DQL 360114cf580STom Herbert default y 361114cf580STom Herbert 36208848246SJohn Fastabendconfig BPF_STREAM_PARSER 36308848246SJohn Fastabend bool "enable BPF STREAM_PARSER" 364604326b4SDaniel Borkmann depends on INET 36508848246SJohn Fastabend depends on BPF_SYSCALL 366604326b4SDaniel Borkmann depends on CGROUP_BPF 36708848246SJohn Fastabend select STREAM_PARSER 368604326b4SDaniel Borkmann select NET_SOCK_MSG 369a7f7f624SMasahiro Yamada help 37088759609SCong Wang Enabling this allows a TCP stream parser to be used with 37108848246SJohn Fastabend BPF_MAP_TYPE_SOCKMAP. 37208848246SJohn Fastabend 37399bbc707SWillem de Bruijnconfig NET_FLOW_LIMIT 3749b6a30feSJason Xing bool "Net flow limit" 37599bbc707SWillem de Bruijn depends on RPS 37699bbc707SWillem de Bruijn default y 377a7f7f624SMasahiro Yamada help 37899bbc707SWillem de Bruijn The network stack has to drop packets when a receive processing CPU's 37999bbc707SWillem de Bruijn backlog reaches netdev_max_backlog. If a few out of many active flows 38099bbc707SWillem de Bruijn generate the vast majority of load, drop their traffic earlier to 38199bbc707SWillem de Bruijn maintain capacity for the other flows. This feature provides servers 38299bbc707SWillem de Bruijn with many clients some protection against DoS by a single (spoofed) 38399bbc707SWillem de Bruijn flow that greatly exceeds average workload. 38499bbc707SWillem de Bruijn 3851da177e4SLinus Torvaldsmenu "Network testing" 3861da177e4SLinus Torvalds 3871da177e4SLinus Torvaldsconfig NET_PKTGEN 3881da177e4SLinus Torvalds tristate "Packet Generator (USE WITH CAUTION)" 389ffd756b3SThomas Graf depends on INET && PROC_FS 390a7f7f624SMasahiro Yamada help 3911da177e4SLinus Torvalds This module will inject preconfigured packets, at a configurable 3921da177e4SLinus Torvalds rate, out of a given interface. It is used for network interface 3931da177e4SLinus Torvalds stress testing and performance analysis. If you don't understand 3941da177e4SLinus Torvalds what was just said, you don't need it: say N. 3951da177e4SLinus Torvalds 3961da177e4SLinus Torvalds Documentation on how to use the packet generator can be found 397c1e4535fSMauro Carvalho Chehab at <file:Documentation/networking/pktgen.rst>. 3981da177e4SLinus Torvalds 3991da177e4SLinus Torvalds To compile this code as a module, choose M here: the 4001da177e4SLinus Torvalds module will be called pktgen. 4011da177e4SLinus Torvalds 402273ae44bSNeil Hormanconfig NET_DROP_MONITOR 403cad456d5SNeil Horman tristate "Network packet drop alerting service" 404911f8635SKees Cook depends on INET && TRACEPOINTS 405a7f7f624SMasahiro Yamada help 406273ae44bSNeil Horman This feature provides an alerting service to userspace in the 407273ae44bSNeil Horman event that packets are discarded in the network stack. Alerts 408273ae44bSNeil Horman are broadcast via netlink socket to any listening user space 409273ae44bSNeil Horman process. If you don't need network drop alerts, or if you are ok 410273ae44bSNeil Horman just checking the various proc files and other utilities for 411273ae44bSNeil Horman drop statistics, say N here. 412273ae44bSNeil Horman 413b2dd6eb0SRandy Dunlapendmenu # Network testing 4141da177e4SLinus Torvalds 415b2dd6eb0SRandy Dunlapendmenu # Networking options 4161da177e4SLinus Torvalds 4171da177e4SLinus Torvaldssource "net/ax25/Kconfig" 4180d66548aSOliver Hartkoppsource "net/can/Kconfig" 4191da177e4SLinus Torvaldssource "net/bluetooth/Kconfig" 42017926a79SDavid Howellssource "net/rxrpc/Kconfig" 421ab7ac4ebSTom Herbertsource "net/kcm/Kconfig" 42243a0c675STom Herbertsource "net/strparser/Kconfig" 423bc49d816SJeremy Kerrsource "net/mctp/Kconfig" 424d86b5e0eSAdrian Bunk 42514c0b97dSThomas Grafconfig FIB_RULES 42614c0b97dSThomas Graf bool 42714c0b97dSThomas Graf 4285442060cSRobert P. J. Daymenuconfig WIRELESS 4295442060cSRobert P. J. Day bool "Wireless" 430f54bfc0eSMartin Schwidefsky depends on !S390 4315442060cSRobert P. J. Day default y 4325442060cSRobert P. J. Day 4335442060cSRobert P. J. Dayif WIRELESS 4342a5e1c0eSJohannes Berg 4352a5e1c0eSJohannes Bergsource "net/wireless/Kconfig" 436f0706e82SJiri Bencsource "net/mac80211/Kconfig" 4372a5e1c0eSJohannes Berg 4385442060cSRobert P. J. Dayendif # WIRELESS 4392a5e1c0eSJohannes Berg 440cf4328cdSIvo van Doornsource "net/rfkill/Kconfig" 441bd238fb4SLatchesar Ionkovsource "net/9p/Kconfig" 4423908c690SSjur Braendelandsource "net/caif/Kconfig" 4433d14c5d2SYehuda Sadehsource "net/ceph/Kconfig" 4443e256b8fSLauro Ramos Venanciosource "net/nfc/Kconfig" 4456ae0a628SYotam Gigisource "net/psample/Kconfig" 4461ce84604SYotam Gigisource "net/ife/Kconfig" 4473908c690SSjur Braendeland 448499a2425SRoopa Prabhuconfig LWTUNNEL 449499a2425SRoopa Prabhu bool "Network light weight tunnels" 450a7f7f624SMasahiro Yamada help 451499a2425SRoopa Prabhu This feature provides an infrastructure to support light weight 452499a2425SRoopa Prabhu tunnels like mpls. There is no netdevice associated with a light 453499a2425SRoopa Prabhu weight tunnel endpoint. Tunnel encapsulation parameters are stored 454499a2425SRoopa Prabhu with light weight tunnel state associated with fib routes. 455cf4328cdSIvo van Doorn 4563a0af8fdSThomas Grafconfig LWTUNNEL_BPF 4573a0af8fdSThomas Graf bool "Execute BPF program as route nexthop action" 458b251f9f6SPeter Oskolkov depends on LWTUNNEL && INET 4593a0af8fdSThomas Graf default y if LWTUNNEL=y 460a7f7f624SMasahiro Yamada help 4613a0af8fdSThomas Graf Allows to run BPF programs as a nexthop action following a route 4623a0af8fdSThomas Graf lookup for incoming and outgoing packets. 4633a0af8fdSThomas Graf 464911362c7SPaolo Abeniconfig DST_CACHE 4659b246841SDave Jones bool 466911362c7SPaolo Abeni default n 467911362c7SPaolo Abeni 46897e219b7SEric Dumazetconfig GRO_CELLS 46997e219b7SEric Dumazet bool 47097e219b7SEric Dumazet default n 47197e219b7SEric Dumazet 472ebf4e808SIlya Lesokhinconfig SOCK_VALIDATE_XMIT 473ebf4e808SIlya Lesokhin bool 474ebf4e808SIlya Lesokhin 475768cf841SOleksij Rempelconfig NET_IEEE8021Q_HELPERS 476768cf841SOleksij Rempel bool 477768cf841SOleksij Rempel 4783e1e58d6SOleksij Rempelconfig NET_SELFTESTS 4793e1e58d6SOleksij Rempel def_tristate PHYLIB 4804a52dd8fSOleksij Rempel depends on PHYLIB && INET 4813e1e58d6SOleksij Rempel 482604326b4SDaniel Borkmannconfig NET_SOCK_MSG 483604326b4SDaniel Borkmann bool 484604326b4SDaniel Borkmann default n 485604326b4SDaniel Borkmann help 486604326b4SDaniel Borkmann The NET_SOCK_MSG provides a framework for plain sockets (e.g. TCP) or 487604326b4SDaniel Borkmann ULPs (upper layer modules, e.g. TLS) to process L7 application data 488604326b4SDaniel Borkmann with the help of BPF programs. 489604326b4SDaniel Borkmann 490bfcd3a46SJiri Pirkoconfig NET_DEVLINK 491f6b19b35SJiri Pirko bool 492f6b19b35SJiri Pirko default n 493bfcd3a46SJiri Pirko 494ff7d6b27SJesper Dangaard Brouerconfig PAGE_POOL 495ff7d6b27SJesper Dangaard Brouer bool 496ff7d6b27SJesper Dangaard Brouer 4978610037eSJoe Damatoconfig PAGE_POOL_STATS 4988610037eSJoe Damato default n 4998610037eSJoe Damato bool "Page pool stats" 5008610037eSJoe Damato depends on PAGE_POOL 5018610037eSJoe Damato help 5028610037eSJoe Damato Enable page pool statistics to track page allocation and recycling 5038610037eSJoe Damato in page pools. This option incurs additional CPU cost in allocation 5048610037eSJoe Damato and recycle paths and additional memory cost to store the statistics. 5058610037eSJoe Damato These statistics are only available if this option is enabled and if 5068610037eSJoe Damato the driver using the page pool supports exporting this data. 5078610037eSJoe Damato 5088610037eSJoe Damato If unsure, say N. 5098610037eSJoe Damato 51030c8bd5aSSridhar Samudralaconfig FAILOVER 51130c8bd5aSSridhar Samudrala tristate "Generic failover module" 51230c8bd5aSSridhar Samudrala help 51330c8bd5aSSridhar Samudrala The failover module provides a generic interface for paravirtual 51430c8bd5aSSridhar Samudrala drivers to register a netdev and a set of ops with a failover 51530c8bd5aSSridhar Samudrala instance. The ops are used as event handlers that get called to 51630c8bd5aSSridhar Samudrala handle netdev register/unregister/link change/name change events 51730c8bd5aSSridhar Samudrala on slave pci ethernet devices with the same mac address as the 51830c8bd5aSSridhar Samudrala failover netdev. This enables paravirtual drivers to use a 51930c8bd5aSSridhar Samudrala VF as an accelerated low latency datapath. It also allows live 52030c8bd5aSSridhar Samudrala migration of VMs with direct attached VFs by failing over to the 52130c8bd5aSSridhar Samudrala paravirtual datapath when the VF is unplugged. 52230c8bd5aSSridhar Samudrala 5232b4a8990SMichal Kubecekconfig ETHTOOL_NETLINK 5242b4a8990SMichal Kubecek bool "Netlink interface for ethtool" 525f750dfe8SHeng Qi select DIMLIB 5262b4a8990SMichal Kubecek default y 5272b4a8990SMichal Kubecek help 5282b4a8990SMichal Kubecek An alternative userspace interface for ethtool based on generic 5292b4a8990SMichal Kubecek netlink. It provides better extensibility and some new features, 5302b4a8990SMichal Kubecek e.g. notification messages. 5312b4a8990SMichal Kubecek 5322c193f2cSJakub Kicinskiconfig NETDEV_ADDR_LIST_TEST 5332c193f2cSJakub Kicinski tristate "Unit tests for device address list" 5342c193f2cSJakub Kicinski default KUNIT_ALL_TESTS 5352c193f2cSJakub Kicinski depends on KUNIT 5362c193f2cSJakub Kicinski 537b3098d32SWillem de Bruijnconfig NET_TEST 538b3098d32SWillem de Bruijn tristate "KUnit tests for networking" if !KUNIT_ALL_TESTS 539b3098d32SWillem de Bruijn depends on KUNIT 540b3098d32SWillem de Bruijn default KUNIT_ALL_TESTS 541b3098d32SWillem de Bruijn help 542b3098d32SWillem de Bruijn KUnit tests covering core networking infra, such as sk_buff. 543b3098d32SWillem de Bruijn 544b3098d32SWillem de Bruijn If unsure, say N. 545b3098d32SWillem de Bruijn 5466a2e9b73SSam Ravnborgendif # if NET 547