xref: /linux/net/Kconfig (revision ec2e0fb07d789976c601bec19ecced7a501c3705)
1ec8f24b7SThomas Gleixner# SPDX-License-Identifier: GPL-2.0-only
21da177e4SLinus Torvalds#
31da177e4SLinus Torvalds# Network configuration
41da177e4SLinus Torvalds#
51da177e4SLinus Torvalds
6031cf19eSRobert P. J. Daymenuconfig NET
71da177e4SLinus Torvalds	bool "Networking support"
8e9cc8bddSGeert Uytterhoeven	select NLATTR
94cd5773aSAndy Shevchenko	select GENERIC_NET_UTILS
10f89b7755SAlexei Starovoitov	select BPF
11a7f7f624SMasahiro Yamada	help
121da177e4SLinus Torvalds	  Unless you really know what you are doing, you should say Y here.
131da177e4SLinus Torvalds	  The reason is that some programs need kernel networking support even
141da177e4SLinus Torvalds	  when running on a stand-alone machine that isn't connected to any
15d5950b43SSam Ravnborg	  other computer.
16d5950b43SSam Ravnborg
17d5950b43SSam Ravnborg	  If you are upgrading from an older kernel, you
181da177e4SLinus Torvalds	  should consider updating your networking tools too because changes
191da177e4SLinus Torvalds	  in the kernel and the tools often go hand in hand. The tools are
201da177e4SLinus Torvalds	  contained in the package net-tools, the location and version number
211da177e4SLinus Torvalds	  of which are given in <file:Documentation/Changes>.
221da177e4SLinus Torvalds
231da177e4SLinus Torvalds	  For a general introduction to Linux networking, it is highly
241da177e4SLinus Torvalds	  recommended to read the NET-HOWTO, available from
251da177e4SLinus Torvalds	  <http://www.tldp.org/docs.html#howto>.
261da177e4SLinus Torvalds
276a2e9b73SSam Ravnborgif NET
286a2e9b73SSam Ravnborg
291dacc76dSJohannes Bergconfig WANT_COMPAT_NETLINK_MESSAGES
301dacc76dSJohannes Berg	bool
311dacc76dSJohannes Berg	help
321dacc76dSJohannes Berg	  This option can be selected by other options that need compat
331dacc76dSJohannes Berg	  netlink messages.
341dacc76dSJohannes Berg
351dacc76dSJohannes Bergconfig COMPAT_NETLINK_MESSAGES
361dacc76dSJohannes Berg	def_bool y
371dacc76dSJohannes Berg	depends on COMPAT
3840b53d8aSDavid S. Miller	depends on WEXT_CORE || WANT_COMPAT_NETLINK_MESSAGES
391dacc76dSJohannes Berg	help
401dacc76dSJohannes Berg	  This option makes it possible to send different netlink messages
411dacc76dSJohannes Berg	  to tasks depending on whether the task is a compat task or not. To
421dacc76dSJohannes Berg	  achieve this, you need to set skb_shinfo(skb)->frag_list to the
431dacc76dSJohannes Berg	  compat skb before sending the skb, the netlink code will sort out
441dacc76dSJohannes Berg	  which message to actually pass to the task.
451dacc76dSJohannes Berg
461dacc76dSJohannes Berg	  Newly written code should NEVER need this option but do
471dacc76dSJohannes Berg	  compat-independent messages instead!
481dacc76dSJohannes Berg
491cf51900SPablo Neiraconfig NET_INGRESS
501cf51900SPablo Neira	bool
511cf51900SPablo Neira
521f211a1bSDaniel Borkmannconfig NET_EGRESS
531f211a1bSDaniel Borkmann	bool
541f211a1bSDaniel Borkmann
55e420bed0SDaniel Borkmannconfig NET_XGRESS
56e420bed0SDaniel Borkmann	select NET_INGRESS
57e420bed0SDaniel Borkmann	select NET_EGRESS
58e420bed0SDaniel Borkmann	bool
59e420bed0SDaniel Borkmann
602c64605bSPablo Neira Ayusoconfig NET_REDIRECT
612c64605bSPablo Neira Ayuso	bool
622c64605bSPablo Neira Ayuso
639f06f87fSJakub Kicinskiconfig SKB_DECRYPTED
649f06f87fSJakub Kicinski	bool
659f06f87fSJakub Kicinski
66df5042f4SFlorian Westphalconfig SKB_EXTENSIONS
67df5042f4SFlorian Westphal	bool
68df5042f4SFlorian Westphal
69170aafe3SMina Almasryconfig NET_DEVMEM
70170aafe3SMina Almasry	def_bool y
71cb575e5eSSaeed Mahameed	select GENERIC_ALLOCATOR
72170aafe3SMina Almasry	depends on DMA_SHARED_BUFFER
7326d74602SMina Almasry	depends on PAGE_POOL
74170aafe3SMina Almasry
7504e65df9SPaolo Abeniconfig NET_SHAPER
7604e65df9SPaolo Abeni	bool
7704e65df9SPaolo Abeni
7855d22ee0SEric Biggersconfig NET_CRC32C
7955d22ee0SEric Biggers	bool
8055d22ee0SEric Biggers	select CRC32
8155d22ee0SEric Biggers
821da177e4SLinus Torvaldsmenu "Networking options"
831da177e4SLinus Torvalds
846a2e9b73SSam Ravnborgsource "net/packet/Kconfig"
8500c94ca2SJakub Kicinskisource "net/psp/Kconfig"
866a2e9b73SSam Ravnborgsource "net/unix/Kconfig"
873c4d7559SDave Watsonsource "net/tls/Kconfig"
886a2e9b73SSam Ravnborgsource "net/xfrm/Kconfig"
892356f4cbSMartin Schwidefskysource "net/iucv/Kconfig"
90ac713874SUrsula Braunsource "net/smc/Kconfig"
91*35758b00SAlexandra Wintersource "drivers/dibs/Kconfig"
9268e8b849SBjörn Töpelsource "net/xdp/Kconfig"
931da177e4SLinus Torvalds
943b3009eaSChuck Leverconfig NET_HANDSHAKE
953b3009eaSChuck Lever	bool
963b3009eaSChuck Lever	depends on SUNRPC || NVME_TARGET_TCP || NVME_TCP
973b3009eaSChuck Lever	default y
983b3009eaSChuck Lever
9988232ec1SChuck Leverconfig NET_HANDSHAKE_KUNIT_TEST
10088232ec1SChuck Lever	tristate "KUnit tests for the handshake upcall mechanism" if !KUNIT_ALL_TESTS
10188232ec1SChuck Lever	default KUNIT_ALL_TESTS
10288232ec1SChuck Lever	depends on KUNIT
10388232ec1SChuck Lever	help
10488232ec1SChuck Lever	  This builds the KUnit tests for the handshake upcall mechanism.
10588232ec1SChuck Lever
10688232ec1SChuck Lever	  KUnit tests run during boot and output the results to the debug
10788232ec1SChuck Lever	  log in TAP format (https://testanything.org/). Only useful for
10888232ec1SChuck Lever	  kernel devs running KUnit test harness and are not for inclusion
10988232ec1SChuck Lever	  into a production build.
11088232ec1SChuck Lever
11188232ec1SChuck Lever	  For more information on KUnit and unit tests in general, refer
11288232ec1SChuck Lever	  to the KUnit documentation in Documentation/dev-tools/kunit/.
11388232ec1SChuck Lever
1141da177e4SLinus Torvaldsconfig INET
1151da177e4SLinus Torvalds	bool "TCP/IP networking"
116a7f7f624SMasahiro Yamada	help
1171da177e4SLinus Torvalds	  These are the protocols used on the Internet and on most local
1181da177e4SLinus Torvalds	  Ethernets. It is highly recommended to say Y here (this will enlarge
119cf80efc2SYOSHIFUJI Hideaki	  your kernel by about 400 KB), since some programs (e.g. the X window
1201da177e4SLinus Torvalds	  system) use TCP/IP even if your machine is not connected to any
1211da177e4SLinus Torvalds	  other computer. You will get the so-called loopback device which
1221da177e4SLinus Torvalds	  allows you to ping yourself (great fun, that!).
1231da177e4SLinus Torvalds
1241da177e4SLinus Torvalds	  For an excellent introduction to Linux networking, please read the
1251da177e4SLinus Torvalds	  Linux Networking HOWTO, available from
1261da177e4SLinus Torvalds	  <http://www.tldp.org/docs.html#howto>.
1271da177e4SLinus Torvalds
1281da177e4SLinus Torvalds	  If you say Y here and also to "/proc file system support" and
1291da177e4SLinus Torvalds	  "Sysctl support" below, you can change various aspects of the
1301da177e4SLinus Torvalds	  behavior of the TCP/IP code by writing to the (virtual) files in
1311da177e4SLinus Torvalds	  /proc/sys/net/ipv4/*; the options are explained in the file
1321cec2cacSMauro Carvalho Chehab	  <file:Documentation/networking/ip-sysctl.rst>.
1331da177e4SLinus Torvalds
1341da177e4SLinus Torvalds	  Short answer: say Y.
1351da177e4SLinus Torvalds
1366a2e9b73SSam Ravnborgif INET
1371da177e4SLinus Torvaldssource "net/ipv4/Kconfig"
1381da177e4SLinus Torvaldssource "net/ipv6/Kconfig"
13938c94377SPaul Mooresource "net/netlabel/Kconfig"
140f870fa0bSMat Martineausource "net/mptcp/Kconfig"
1411da177e4SLinus Torvalds
1426a2e9b73SSam Ravnborgendif # if INET
1436a2e9b73SSam Ravnborg
144984bc16cSJames Morrisconfig NETWORK_SECMARK
145984bc16cSJames Morris	bool "Security Marking"
146984bc16cSJames Morris	help
147984bc16cSJames Morris	  This enables security marking of network packets, similar
148984bc16cSJames Morris	  to nfmark, but designated for security purposes.
149984bc16cSJames Morris	  If you are unsure how to answer this question, answer N.
150984bc16cSJames Morris
151408eccceSDaniel Borkmannconfig NET_PTP_CLASSIFY
152408eccceSDaniel Borkmann	def_bool n
153408eccceSDaniel Borkmann
154c1f19b51SRichard Cochranconfig NETWORK_PHY_TIMESTAMPING
155c1f19b51SRichard Cochran	bool "Timestamping in PHY devices"
156408eccceSDaniel Borkmann	select NET_PTP_CLASSIFY
157c1f19b51SRichard Cochran	help
158767ff483SRichard Cochran	  This allows timestamping of network packets by PHYs (or
159767ff483SRichard Cochran	  other MII bus snooping devices) with hardware timestamping
160767ff483SRichard Cochran	  capabilities. This option adds some overhead in the transmit
161767ff483SRichard Cochran	  and receive paths.
162c1f19b51SRichard Cochran
163c1f19b51SRichard Cochran	  If you are unsure how to answer this question, answer N.
164c1f19b51SRichard Cochran
1651da177e4SLinus Torvaldsmenuconfig NETFILTER
166ef91fd52SPablo Neira Ayuso	bool "Network packet filtering framework (Netfilter)"
167a7f7f624SMasahiro Yamada	help
1681da177e4SLinus Torvalds	  Netfilter is a framework for filtering and mangling network packets
1691da177e4SLinus Torvalds	  that pass through your Linux box.
1701da177e4SLinus Torvalds
1711da177e4SLinus Torvalds	  The most common use of packet filtering is to run your Linux box as
1721da177e4SLinus Torvalds	  a firewall protecting a local network from the Internet. The type of
1731da177e4SLinus Torvalds	  firewall provided by this kernel support is called a "packet
1741da177e4SLinus Torvalds	  filter", which means that it can reject individual network packets
1751da177e4SLinus Torvalds	  based on type, source, destination etc. The other kind of firewall,
1761da177e4SLinus Torvalds	  a "proxy-based" one, is more secure but more intrusive and more
1771da177e4SLinus Torvalds	  bothersome to set up; it inspects the network traffic much more
1781da177e4SLinus Torvalds	  closely, modifies it and has knowledge about the higher level
1791da177e4SLinus Torvalds	  protocols, which a packet filter lacks. Moreover, proxy-based
1801da177e4SLinus Torvalds	  firewalls often require changes to the programs running on the local
1811da177e4SLinus Torvalds	  clients. Proxy-based firewalls don't need support by the kernel, but
1821da177e4SLinus Torvalds	  they are often combined with a packet filter, which only works if
1831da177e4SLinus Torvalds	  you say Y here.
1841da177e4SLinus Torvalds
1851da177e4SLinus Torvalds	  You should also say Y here if you intend to use your Linux box as
1861da177e4SLinus Torvalds	  the gateway to the Internet for a local network of machines without
1871da177e4SLinus Torvalds	  globally valid IP addresses. This is called "masquerading": if one
1881da177e4SLinus Torvalds	  of the computers on your local network wants to send something to
1891da177e4SLinus Torvalds	  the outside, your box can "masquerade" as that computer, i.e. it
1901da177e4SLinus Torvalds	  forwards the traffic to the intended outside destination, but
1911da177e4SLinus Torvalds	  modifies the packets to make it look like they came from the
1921da177e4SLinus Torvalds	  firewall box itself. It works both ways: if the outside host
1931da177e4SLinus Torvalds	  replies, the Linux box will silently forward the traffic to the
1941da177e4SLinus Torvalds	  correct local computer. This way, the computers on your local net
1951da177e4SLinus Torvalds	  are completely invisible to the outside world, even though they can
1961da177e4SLinus Torvalds	  reach the outside and can receive replies. It is even possible to
1971da177e4SLinus Torvalds	  run globally visible servers from within a masqueraded local network
1981da177e4SLinus Torvalds	  using a mechanism called portforwarding. Masquerading is also often
1991da177e4SLinus Torvalds	  called NAT (Network Address Translation).
2001da177e4SLinus Torvalds
2011da177e4SLinus Torvalds	  Another use of Netfilter is in transparent proxying: if a machine on
2021da177e4SLinus Torvalds	  the local network tries to connect to an outside host, your Linux
2031da177e4SLinus Torvalds	  box can transparently forward the traffic to a local server,
2041da177e4SLinus Torvalds	  typically a caching proxy server.
2051da177e4SLinus Torvalds
2061da177e4SLinus Torvalds	  Yet another use of Netfilter is building a bridging firewall. Using
2071da177e4SLinus Torvalds	  a bridge with Network packet filtering enabled makes iptables "see"
2081da177e4SLinus Torvalds	  the bridged traffic. For filtering on the lower network and Ethernet
2091da177e4SLinus Torvalds	  protocols over the bridge, use ebtables (under bridge netfilter
2101da177e4SLinus Torvalds	  configuration).
2111da177e4SLinus Torvalds
2121da177e4SLinus Torvalds	  Various modules exist for netfilter which replace the previous
2131da177e4SLinus Torvalds	  masquerading (ipmasqadm), packet filtering (ipchains), transparent
2141da177e4SLinus Torvalds	  proxying, and portforwarding mechanisms. Please see
2151da177e4SLinus Torvalds	  <file:Documentation/Changes> under "iptables" for the location of
2161da177e4SLinus Torvalds	  these packages.
2171da177e4SLinus Torvalds
2181da177e4SLinus Torvaldsif NETFILTER
2191da177e4SLinus Torvalds
22033b8e776SPatrick McHardyconfig NETFILTER_ADVANCED
22133b8e776SPatrick McHardy	bool "Advanced netfilter configuration"
22233b8e776SPatrick McHardy	depends on NETFILTER
22333b8e776SPatrick McHardy	default y
22433b8e776SPatrick McHardy	help
22533b8e776SPatrick McHardy	  If you say Y here you can select between all the netfilter modules.
226692105b8SMatt LaPlante	  If you say N the more unusual ones will not be shown and the
22733b8e776SPatrick McHardy	  basic ones needed by most people will default to 'M'.
22833b8e776SPatrick McHardy
22933b8e776SPatrick McHardy	  If unsure, say Y.
23033b8e776SPatrick McHardy
2311da177e4SLinus Torvaldsconfig BRIDGE_NETFILTER
23234666d46SPablo Neira Ayuso	tristate "Bridged IP/ARP packets filtering"
23357f5877cSFlorian Westphal	depends on BRIDGE
23434666d46SPablo Neira Ayuso	depends on NETFILTER && INET
23533b8e776SPatrick McHardy	depends on NETFILTER_ADVANCED
2362a95183aSFlorian Westphal	select NETFILTER_FAMILY_BRIDGE
237de8bda1dSFlorian Westphal	select SKB_EXTENSIONS
238a7f7f624SMasahiro Yamada	help
2391da177e4SLinus Torvalds	  Enabling this option will let arptables resp. iptables see bridged
2401da177e4SLinus Torvalds	  ARP resp. IP traffic. If you want a bridging firewall, you probably
2411da177e4SLinus Torvalds	  want this option enabled.
2421da177e4SLinus Torvalds	  Enabling or disabling this option doesn't enable or disable
2431da177e4SLinus Torvalds	  ebtables.
2441da177e4SLinus Torvalds
2451da177e4SLinus Torvalds	  If unsure, say N.
2461da177e4SLinus Torvalds
2479eb0eec7SHarald Weltesource "net/netfilter/Kconfig"
2481da177e4SLinus Torvaldssource "net/ipv4/netfilter/Kconfig"
2491da177e4SLinus Torvaldssource "net/ipv6/netfilter/Kconfig"
2501da177e4SLinus Torvaldssource "net/bridge/netfilter/Kconfig"
2511da177e4SLinus Torvalds
252b2dd6eb0SRandy Dunlapendif # if NETFILTER
2531da177e4SLinus Torvalds
2541da177e4SLinus Torvaldssource "net/sctp/Kconfig"
255fe17f84fSAndy Groversource "net/rds/Kconfig"
2561e63e681SPer Lidensource "net/tipc/Kconfig"
2576a2e9b73SSam Ravnborgsource "net/atm/Kconfig"
258fd558d18SJames Chapmansource "net/l2tp/Kconfig"
259a19800d7SPatrick McHardysource "net/802/Kconfig"
2606a2e9b73SSam Ravnborgsource "net/bridge/Kconfig"
26191da11f8SLennert Buytenheksource "net/dsa/Kconfig"
2626a2e9b73SSam Ravnborgsource "net/8021q/Kconfig"
2631da177e4SLinus Torvaldssource "net/llc/Kconfig"
2641dab4713SArnd Bergmannsource "net/appletalk/Kconfig"
2656a2e9b73SSam Ravnborgsource "net/x25/Kconfig"
2666a2e9b73SSam Ravnborgsource "net/lapb/Kconfig"
2675075138dSremi.denis-courmont@nokiasource "net/phonet/Kconfig"
2682c6bed7cSAlexander Aringsource "net/6lowpan/Kconfig"
2699ec76716SSergey Lapinsource "net/ieee802154/Kconfig"
2701010f540Salex.bluesman.smirnov@gmail.comsource "net/mac802154/Kconfig"
2711da177e4SLinus Torvaldssource "net/sched/Kconfig"
2722f90b865SAlexander Duycksource "net/dcb/Kconfig"
2731a4240f4SWang Leisource "net/dns_resolver/Kconfig"
274c6c8fea2SSven Eckelmannsource "net/batman-adv/Kconfig"
275ccb1352eSJesse Grosssource "net/openvswitch/Kconfig"
276d021c344SAndy Kingsource "net/vmw_vsock/Kconfig"
277eaaa3139SAndrey Vaginsource "net/netlink/Kconfig"
2780d89d203SSimon Hormansource "net/mpls/Kconfig"
279c411ed85SJiri Bencsource "net/nsh/Kconfig"
280f421436aSArvid Brodinsource "net/hsr/Kconfig"
281007f790cSJiri Pirkosource "net/switchdev/Kconfig"
2821b69c6d0SDavid Ahernsource "net/l3mdev/Kconfig"
283bdabad3eSCourtney Cavinsource "net/qrtr/Kconfig"
2842d283bddSGavin Shansource "net/ncsi/Kconfig"
2851da177e4SLinus Torvalds
286919067ccSEric Dumazetconfig PCPU_DEV_REFCNT
287919067ccSEric Dumazet	bool "Use percpu variables to maintain network device refcount"
288919067ccSEric Dumazet	depends on SMP
289919067ccSEric Dumazet	default y
290919067ccSEric Dumazet	help
291919067ccSEric Dumazet	  network device refcount are using per cpu variables if this option is set.
292919067ccSEric Dumazet	  This can be forced to N to detect underflows (with a performance drop).
293919067ccSEric Dumazet
2943948b059SEric Dumazetconfig MAX_SKB_FRAGS
2953948b059SEric Dumazet	int "Maximum number of fragments per skb_shared_info"
2963948b059SEric Dumazet	range 17 45
2973948b059SEric Dumazet	default 17
2983948b059SEric Dumazet	help
2993948b059SEric Dumazet	  Having more fragments per skb_shared_info can help GRO efficiency.
3003948b059SEric Dumazet	  This helps BIG TCP workloads, but might expose bugs in some
3013948b059SEric Dumazet	  legacy drivers.
3023948b059SEric Dumazet	  This also increases memory overhead of small packets,
3033948b059SEric Dumazet	  and in drivers using build_skb().
3043948b059SEric Dumazet	  If unsure, say 17.
3053948b059SEric Dumazet
306df334545SEric Dumazetconfig RPS
3079b6a30feSJason Xing	bool "Receive packet steering"
308044c8d4bSYuanhan Liu	depends on SMP && SYSFS
309df334545SEric Dumazet	default y
3109b6a30feSJason Xing	help
3119b6a30feSJason Xing	  Software receive side packet steering (RPS) distributes the
3129b6a30feSJason Xing	  load of received packet processing across multiple CPUs.
313df334545SEric Dumazet
314c445477dSBen Hutchingsconfig RFS_ACCEL
3159b6a30feSJason Xing	bool "Hardware acceleration of RFS"
3160244ad00SMartin Schwidefsky	depends on RPS
317c445477dSBen Hutchings	select CPU_RMAP
318c445477dSBen Hutchings	default y
3199b6a30feSJason Xing	help
3209b6a30feSJason Xing	  Allowing drivers for multiqueue hardware with flow filter tables to
3219b6a30feSJason Xing	  accelerate RFS.
322c445477dSBen Hutchings
3234e1beeccSTariq Toukanconfig SOCK_RX_QUEUE_MAPPING
3244e1beeccSTariq Toukan	bool
3254e1beeccSTariq Toukan
326bf264145STom Herbertconfig XPS
3276341e62bSChristoph Jaeger	bool
328044c8d4bSYuanhan Liu	depends on SMP
3294e1beeccSTariq Toukan	select SOCK_RX_QUEUE_MAPPING
330bf264145STom Herbert	default y
331bf264145STom Herbert
3328cb2d8bfSGregory CLEMENTconfig HWBM
3338cb2d8bfSGregory CLEMENT	bool
3348cb2d8bfSGregory CLEMENT
33586f8515fSDaniel Borkmannconfig CGROUP_NET_PRIO
336af636337STejun Heo	bool "Network priority cgroup"
3375bc1421eSNeil Horman	depends on CGROUPS
3382a56a1feSTejun Heo	select SOCK_CGROUP_DATA
339a7f7f624SMasahiro Yamada	help
3405bc1421eSNeil Horman	  Cgroup subsystem for use in assigning processes to network priorities on
34186f8515fSDaniel Borkmann	  a per-interface basis.
3425bc1421eSNeil Horman
343fe1217c4SDaniel Borkmannconfig CGROUP_NET_CLASSID
3446341e62bSChristoph Jaeger	bool "Network classid cgroup"
345fe1217c4SDaniel Borkmann	depends on CGROUPS
3462a56a1feSTejun Heo	select SOCK_CGROUP_DATA
347a7f7f624SMasahiro Yamada	help
348fe1217c4SDaniel Borkmann	  Cgroup subsystem for use as general purpose socket classid marker that is
349fe1217c4SDaniel Borkmann	  being used in cls_cgroup and for netfilter matching.
350fe1217c4SDaniel Borkmann
351e0d1095aSCong Wangconfig NET_RX_BUSY_POLL
3526341e62bSChristoph Jaeger	bool
353c857946aSKurt Kanzenbach	default y if !PREEMPT_RT || (PREEMPT_RT && !NETCONSOLE)
35406021292SEliezer Tamir
355114cf580STom Herbertconfig BQL
3566341e62bSChristoph Jaeger	bool
357ea7f3cfaSBreno Leitao	prompt "Enable Byte Queue Limits"
358114cf580STom Herbert	depends on SYSFS
359114cf580STom Herbert	select DQL
360114cf580STom Herbert	default y
361114cf580STom Herbert
36208848246SJohn Fastabendconfig BPF_STREAM_PARSER
36308848246SJohn Fastabend	bool "enable BPF STREAM_PARSER"
364604326b4SDaniel Borkmann	depends on INET
36508848246SJohn Fastabend	depends on BPF_SYSCALL
366604326b4SDaniel Borkmann	depends on CGROUP_BPF
36708848246SJohn Fastabend	select STREAM_PARSER
368604326b4SDaniel Borkmann	select NET_SOCK_MSG
369a7f7f624SMasahiro Yamada	help
37088759609SCong Wang	  Enabling this allows a TCP stream parser to be used with
37108848246SJohn Fastabend	  BPF_MAP_TYPE_SOCKMAP.
37208848246SJohn Fastabend
37399bbc707SWillem de Bruijnconfig NET_FLOW_LIMIT
3749b6a30feSJason Xing	bool "Net flow limit"
37599bbc707SWillem de Bruijn	depends on RPS
37699bbc707SWillem de Bruijn	default y
377a7f7f624SMasahiro Yamada	help
37899bbc707SWillem de Bruijn	  The network stack has to drop packets when a receive processing CPU's
37999bbc707SWillem de Bruijn	  backlog reaches netdev_max_backlog. If a few out of many active flows
38099bbc707SWillem de Bruijn	  generate the vast majority of load, drop their traffic earlier to
38199bbc707SWillem de Bruijn	  maintain capacity for the other flows. This feature provides servers
38299bbc707SWillem de Bruijn	  with many clients some protection against DoS by a single (spoofed)
38399bbc707SWillem de Bruijn	  flow that greatly exceeds average workload.
38499bbc707SWillem de Bruijn
3851da177e4SLinus Torvaldsmenu "Network testing"
3861da177e4SLinus Torvalds
3871da177e4SLinus Torvaldsconfig NET_PKTGEN
3881da177e4SLinus Torvalds	tristate "Packet Generator (USE WITH CAUTION)"
389ffd756b3SThomas Graf	depends on INET && PROC_FS
390a7f7f624SMasahiro Yamada	help
3911da177e4SLinus Torvalds	  This module will inject preconfigured packets, at a configurable
3921da177e4SLinus Torvalds	  rate, out of a given interface.  It is used for network interface
3931da177e4SLinus Torvalds	  stress testing and performance analysis.  If you don't understand
3941da177e4SLinus Torvalds	  what was just said, you don't need it: say N.
3951da177e4SLinus Torvalds
3961da177e4SLinus Torvalds	  Documentation on how to use the packet generator can be found
397c1e4535fSMauro Carvalho Chehab	  at <file:Documentation/networking/pktgen.rst>.
3981da177e4SLinus Torvalds
3991da177e4SLinus Torvalds	  To compile this code as a module, choose M here: the
4001da177e4SLinus Torvalds	  module will be called pktgen.
4011da177e4SLinus Torvalds
402273ae44bSNeil Hormanconfig NET_DROP_MONITOR
403cad456d5SNeil Horman	tristate "Network packet drop alerting service"
404911f8635SKees Cook	depends on INET && TRACEPOINTS
405a7f7f624SMasahiro Yamada	help
406273ae44bSNeil Horman	  This feature provides an alerting service to userspace in the
407273ae44bSNeil Horman	  event that packets are discarded in the network stack.  Alerts
408273ae44bSNeil Horman	  are broadcast via netlink socket to any listening user space
409273ae44bSNeil Horman	  process.  If you don't need network drop alerts, or if you are ok
410273ae44bSNeil Horman	  just checking the various proc files and other utilities for
411273ae44bSNeil Horman	  drop statistics, say N here.
412273ae44bSNeil Horman
413b2dd6eb0SRandy Dunlapendmenu # Network testing
4141da177e4SLinus Torvalds
415b2dd6eb0SRandy Dunlapendmenu # Networking options
4161da177e4SLinus Torvalds
4171da177e4SLinus Torvaldssource "net/ax25/Kconfig"
4180d66548aSOliver Hartkoppsource "net/can/Kconfig"
4191da177e4SLinus Torvaldssource "net/bluetooth/Kconfig"
42017926a79SDavid Howellssource "net/rxrpc/Kconfig"
421ab7ac4ebSTom Herbertsource "net/kcm/Kconfig"
42243a0c675STom Herbertsource "net/strparser/Kconfig"
423bc49d816SJeremy Kerrsource "net/mctp/Kconfig"
424d86b5e0eSAdrian Bunk
42514c0b97dSThomas Grafconfig FIB_RULES
42614c0b97dSThomas Graf	bool
42714c0b97dSThomas Graf
4285442060cSRobert P. J. Daymenuconfig WIRELESS
4295442060cSRobert P. J. Day	bool "Wireless"
430f54bfc0eSMartin Schwidefsky	depends on !S390
4315442060cSRobert P. J. Day	default y
4325442060cSRobert P. J. Day
4335442060cSRobert P. J. Dayif WIRELESS
4342a5e1c0eSJohannes Berg
4352a5e1c0eSJohannes Bergsource "net/wireless/Kconfig"
436f0706e82SJiri Bencsource "net/mac80211/Kconfig"
4372a5e1c0eSJohannes Berg
4385442060cSRobert P. J. Dayendif # WIRELESS
4392a5e1c0eSJohannes Berg
440cf4328cdSIvo van Doornsource "net/rfkill/Kconfig"
441bd238fb4SLatchesar Ionkovsource "net/9p/Kconfig"
4423908c690SSjur Braendelandsource "net/caif/Kconfig"
4433d14c5d2SYehuda Sadehsource "net/ceph/Kconfig"
4443e256b8fSLauro Ramos Venanciosource "net/nfc/Kconfig"
4456ae0a628SYotam Gigisource "net/psample/Kconfig"
4461ce84604SYotam Gigisource "net/ife/Kconfig"
4473908c690SSjur Braendeland
448499a2425SRoopa Prabhuconfig LWTUNNEL
449499a2425SRoopa Prabhu	bool "Network light weight tunnels"
450a7f7f624SMasahiro Yamada	help
451499a2425SRoopa Prabhu	  This feature provides an infrastructure to support light weight
452499a2425SRoopa Prabhu	  tunnels like mpls. There is no netdevice associated with a light
453499a2425SRoopa Prabhu	  weight tunnel endpoint. Tunnel encapsulation parameters are stored
454499a2425SRoopa Prabhu	  with light weight tunnel state associated with fib routes.
455cf4328cdSIvo van Doorn
4563a0af8fdSThomas Grafconfig LWTUNNEL_BPF
4573a0af8fdSThomas Graf	bool "Execute BPF program as route nexthop action"
458b251f9f6SPeter Oskolkov	depends on LWTUNNEL && INET
4593a0af8fdSThomas Graf	default y if LWTUNNEL=y
460a7f7f624SMasahiro Yamada	help
4613a0af8fdSThomas Graf	  Allows to run BPF programs as a nexthop action following a route
4623a0af8fdSThomas Graf	  lookup for incoming and outgoing packets.
4633a0af8fdSThomas Graf
464911362c7SPaolo Abeniconfig DST_CACHE
4659b246841SDave Jones	bool
466911362c7SPaolo Abeni	default n
467911362c7SPaolo Abeni
46897e219b7SEric Dumazetconfig GRO_CELLS
46997e219b7SEric Dumazet	bool
47097e219b7SEric Dumazet	default n
47197e219b7SEric Dumazet
472ebf4e808SIlya Lesokhinconfig SOCK_VALIDATE_XMIT
473ebf4e808SIlya Lesokhin	bool
474ebf4e808SIlya Lesokhin
475768cf841SOleksij Rempelconfig NET_IEEE8021Q_HELPERS
476768cf841SOleksij Rempel	bool
477768cf841SOleksij Rempel
4783e1e58d6SOleksij Rempelconfig NET_SELFTESTS
4793e1e58d6SOleksij Rempel	def_tristate PHYLIB
4804a52dd8fSOleksij Rempel	depends on PHYLIB && INET
4813e1e58d6SOleksij Rempel
482604326b4SDaniel Borkmannconfig NET_SOCK_MSG
483604326b4SDaniel Borkmann	bool
484604326b4SDaniel Borkmann	default n
485604326b4SDaniel Borkmann	help
486604326b4SDaniel Borkmann	  The NET_SOCK_MSG provides a framework for plain sockets (e.g. TCP) or
487604326b4SDaniel Borkmann	  ULPs (upper layer modules, e.g. TLS) to process L7 application data
488604326b4SDaniel Borkmann	  with the help of BPF programs.
489604326b4SDaniel Borkmann
490bfcd3a46SJiri Pirkoconfig NET_DEVLINK
491f6b19b35SJiri Pirko	bool
492f6b19b35SJiri Pirko	default n
493bfcd3a46SJiri Pirko
494ff7d6b27SJesper Dangaard Brouerconfig PAGE_POOL
495ff7d6b27SJesper Dangaard Brouer	bool
496ff7d6b27SJesper Dangaard Brouer
4978610037eSJoe Damatoconfig PAGE_POOL_STATS
4988610037eSJoe Damato	default n
4998610037eSJoe Damato	bool "Page pool stats"
5008610037eSJoe Damato	depends on PAGE_POOL
5018610037eSJoe Damato	help
5028610037eSJoe Damato	  Enable page pool statistics to track page allocation and recycling
5038610037eSJoe Damato	  in page pools. This option incurs additional CPU cost in allocation
5048610037eSJoe Damato	  and recycle paths and additional memory cost to store the statistics.
5058610037eSJoe Damato	  These statistics are only available if this option is enabled and if
5068610037eSJoe Damato	  the driver using the page pool supports exporting this data.
5078610037eSJoe Damato
5088610037eSJoe Damato	  If unsure, say N.
5098610037eSJoe Damato
51030c8bd5aSSridhar Samudralaconfig FAILOVER
51130c8bd5aSSridhar Samudrala	tristate "Generic failover module"
51230c8bd5aSSridhar Samudrala	help
51330c8bd5aSSridhar Samudrala	  The failover module provides a generic interface for paravirtual
51430c8bd5aSSridhar Samudrala	  drivers to register a netdev and a set of ops with a failover
51530c8bd5aSSridhar Samudrala	  instance. The ops are used as event handlers that get called to
51630c8bd5aSSridhar Samudrala	  handle netdev register/unregister/link change/name change events
51730c8bd5aSSridhar Samudrala	  on slave pci ethernet devices with the same mac address as the
51830c8bd5aSSridhar Samudrala	  failover netdev. This enables paravirtual drivers to use a
51930c8bd5aSSridhar Samudrala	  VF as an accelerated low latency datapath. It also allows live
52030c8bd5aSSridhar Samudrala	  migration of VMs with direct attached VFs by failing over to the
52130c8bd5aSSridhar Samudrala	  paravirtual datapath when the VF is unplugged.
52230c8bd5aSSridhar Samudrala
5232b4a8990SMichal Kubecekconfig ETHTOOL_NETLINK
5242b4a8990SMichal Kubecek	bool "Netlink interface for ethtool"
525f750dfe8SHeng Qi	select DIMLIB
5262b4a8990SMichal Kubecek	default y
5272b4a8990SMichal Kubecek	help
5282b4a8990SMichal Kubecek	  An alternative userspace interface for ethtool based on generic
5292b4a8990SMichal Kubecek	  netlink. It provides better extensibility and some new features,
5302b4a8990SMichal Kubecek	  e.g. notification messages.
5312b4a8990SMichal Kubecek
5322c193f2cSJakub Kicinskiconfig NETDEV_ADDR_LIST_TEST
5332c193f2cSJakub Kicinski	tristate "Unit tests for device address list"
5342c193f2cSJakub Kicinski	default KUNIT_ALL_TESTS
5352c193f2cSJakub Kicinski	depends on KUNIT
5362c193f2cSJakub Kicinski
537b3098d32SWillem de Bruijnconfig NET_TEST
538b3098d32SWillem de Bruijn	tristate "KUnit tests for networking" if !KUNIT_ALL_TESTS
539b3098d32SWillem de Bruijn	depends on KUNIT
540b3098d32SWillem de Bruijn	default KUNIT_ALL_TESTS
541b3098d32SWillem de Bruijn	help
542b3098d32SWillem de Bruijn	  KUnit tests covering core networking infra, such as sk_buff.
543b3098d32SWillem de Bruijn
544b3098d32SWillem de Bruijn	  If unsure, say N.
545b3098d32SWillem de Bruijn
5466a2e9b73SSam Ravnborgendif   # if NET
547