xref: /linux/net/Kconfig (revision 273ae44b9cb9443e0b5265cdc99f127ddb95c8db)

#
# Network configuration
#

menuconfig NET
	bool "Networking support"
	---help---
	  Unless you really know what you are doing, you should say Y here.
	  The reason is that some programs need kernel networking support even
	  when running on a stand-alone machine that isn't connected to any
	  other computer.

	  If you are upgrading from an older kernel, you
	  should consider updating your networking tools too because changes
	  in the kernel and the tools often go hand in hand. The tools are
	  contained in the package net-tools, the location and version number
	  of which are given in <file:Documentation/Changes>.

	  For a general introduction to Linux networking, it is highly
	  recommended to read the NET-HOWTO, available from
	  <http://www.tldp.org/docs.html#howto>.

if NET

menu "Networking options"

config COMPAT_NET_DEV_OPS
       def_bool y

source "net/packet/Kconfig"
source "net/unix/Kconfig"
source "net/xfrm/Kconfig"
source "net/iucv/Kconfig"

config INET
	bool "TCP/IP networking"
	---help---
	  These are the protocols used on the Internet and on most local
	  Ethernets. It is highly recommended to say Y here (this will enlarge
	  your kernel by about 400 KB), since some programs (e.g. the X window
	  system) use TCP/IP even if your machine is not connected to any
	  other computer. You will get the so-called loopback device which
	  allows you to ping yourself (great fun, that!).

	  For an excellent introduction to Linux networking, please read the
	  Linux Networking HOWTO, available from
	  <http://www.tldp.org/docs.html#howto>.

	  If you say Y here and also to "/proc file system support" and
	  "Sysctl support" below, you can change various aspects of the
	  behavior of the TCP/IP code by writing to the (virtual) files in
	  /proc/sys/net/ipv4/*; the options are explained in the file
	  <file:Documentation/networking/ip-sysctl.txt>.

	  Short answer: say Y.

if INET
source "net/ipv4/Kconfig"
source "net/ipv6/Kconfig"
source "net/netlabel/Kconfig"

endif # if INET

config NETWORK_SECMARK
	bool "Security Marking"
	help
	  This enables security marking of network packets, similar
	  to nfmark, but designated for security purposes.
	  If you are unsure how to answer this question, answer N.

menuconfig NETFILTER
	bool "Network packet filtering framework (Netfilter)"
	---help---
	  Netfilter is a framework for filtering and mangling network packets
	  that pass through your Linux box.

	  The most common use of packet filtering is to run your Linux box as
	  a firewall protecting a local network from the Internet. The type of
	  firewall provided by this kernel support is called a "packet
	  filter", which means that it can reject individual network packets
	  based on type, source, destination etc. The other kind of firewall,
	  a "proxy-based" one, is more secure but more intrusive and more
	  bothersome to set up; it inspects the network traffic much more
	  closely, modifies it and has knowledge about the higher level
	  protocols, which a packet filter lacks. Moreover, proxy-based
	  firewalls often require changes to the programs running on the local
	  clients. Proxy-based firewalls don't need support by the kernel, but
	  they are often combined with a packet filter, which only works if
	  you say Y here.

	  You should also say Y here if you intend to use your Linux box as
	  the gateway to the Internet for a local network of machines without
	  globally valid IP addresses. This is called "masquerading": if one
	  of the computers on your local network wants to send something to
	  the outside, your box can "masquerade" as that computer, i.e. it
	  forwards the traffic to the intended outside destination, but
	  modifies the packets to make it look like they came from the
	  firewall box itself. It works both ways: if the outside host
	  replies, the Linux box will silently forward the traffic to the
	  correct local computer. This way, the computers on your local net
	  are completely invisible to the outside world, even though they can
	  reach the outside and can receive replies. It is even possible to
	  run globally visible servers from within a masqueraded local network
	  using a mechanism called portforwarding. Masquerading is also often
	  called NAT (Network Address Translation).

	  Another use of Netfilter is in transparent proxying: if a machine on
	  the local network tries to connect to an outside host, your Linux
	  box can transparently forward the traffic to a local server,
	  typically a caching proxy server.

	  Yet another use of Netfilter is building a bridging firewall. Using
	  a bridge with Network packet filtering enabled makes iptables "see"
	  the bridged traffic. For filtering on the lower network and Ethernet
	  protocols over the bridge, use ebtables (under bridge netfilter
	  configuration).

	  Various modules exist for netfilter which replace the previous
	  masquerading (ipmasqadm), packet filtering (ipchains), transparent
	  proxying, and portforwarding mechanisms. Please see
	  <file:Documentation/Changes> under "iptables" for the location of
	  these packages.

	  Make sure to say N to "Fast switching" below if you intend to say Y
	  here, as Fast switching currently bypasses netfilter.

	  Chances are that you should say Y here if you compile a kernel which
	  will run as a router and N for regular hosts. If unsure, say N.

if NETFILTER

config NETFILTER_DEBUG
	bool "Network packet filtering debugging"
	depends on NETFILTER
	help
	  You can say Y here if you want to get additional messages useful in
	  debugging the netfilter code.

config NETFILTER_ADVANCED
	bool "Advanced netfilter configuration"
	depends on NETFILTER
	default y
	help
	  If you say Y here you can select between all the netfilter modules.
	  If you say N the more ununsual ones will not be shown and the
	  basic ones needed by most people will default to 'M'.

	  If unsure, say Y.

config BRIDGE_NETFILTER
	bool "Bridged IP/ARP packets filtering"
	depends on BRIDGE && NETFILTER && INET
	depends on NETFILTER_ADVANCED
	default y
	---help---
	  Enabling this option will let arptables resp. iptables see bridged
	  ARP resp. IP traffic. If you want a bridging firewall, you probably
	  want this option enabled.
	  Enabling or disabling this option doesn't enable or disable
	  ebtables.

	  If unsure, say N.

source "net/netfilter/Kconfig"
source "net/ipv4/netfilter/Kconfig"
source "net/ipv6/netfilter/Kconfig"
source "net/decnet/netfilter/Kconfig"
source "net/bridge/netfilter/Kconfig"

endif

source "net/dccp/Kconfig"
source "net/sctp/Kconfig"
source "net/rds/Kconfig"
source "net/tipc/Kconfig"
source "net/atm/Kconfig"
source "net/802/Kconfig"
source "net/bridge/Kconfig"
source "net/dsa/Kconfig"
source "net/8021q/Kconfig"
source "net/decnet/Kconfig"
source "net/llc/Kconfig"
source "net/ipx/Kconfig"
source "drivers/net/appletalk/Kconfig"
source "net/x25/Kconfig"
source "net/lapb/Kconfig"
source "net/econet/Kconfig"
source "net/wanrouter/Kconfig"
source "net/phonet/Kconfig"
source "net/sched/Kconfig"
source "net/dcb/Kconfig"

menu "Network testing"

config NET_PKTGEN
	tristate "Packet Generator (USE WITH CAUTION)"
	depends on PROC_FS
	---help---
	  This module will inject preconfigured packets, at a configurable
	  rate, out of a given interface.  It is used for network interface
	  stress testing and performance analysis.  If you don't understand
	  what was just said, you don't need it: say N.

	  Documentation on how to use the packet generator can be found
	  at <file:Documentation/networking/pktgen.txt>.

	  To compile this code as a module, choose M here: the
	  module will be called pktgen.

config NET_TCPPROBE
	tristate "TCP connection probing"
	depends on INET && EXPERIMENTAL && PROC_FS && KPROBES
	---help---
	This module allows for capturing the changes to TCP connection
	state in response to incoming packets. It is used for debugging
	TCP congestion avoidance modules. If you don't understand
	what was just said, you don't need it: say N.

	Documentation on how to use TCP connection probing can be found
	at http://linux-net.osdl.org/index.php/TcpProbe

	To compile this code as a module, choose M here: the
	module will be called tcp_probe.

config NET_DROP_MONITOR
	boolean "Network packet drop alerting service"
	depends on INET && EXPERIMENTAL && TRACEPOINTS
	---help---
	This feature provides an alerting service to userspace in the
	event that packets are discarded in the network stack.  Alerts
	are broadcast via netlink socket to any listening user space
	process.  If you don't need network drop alerts, or if you are ok
	just checking the various proc files and other utilities for
	drop statistics, say N here.

endmenu

endmenu

source "net/ax25/Kconfig"
source "net/can/Kconfig"
source "net/irda/Kconfig"
source "net/bluetooth/Kconfig"
source "net/rxrpc/Kconfig"

config FIB_RULES
	bool

menuconfig WIRELESS
	bool "Wireless"
	depends on !S390
	default y

if WIRELESS

source "net/wireless/Kconfig"
source "net/mac80211/Kconfig"

endif # WIRELESS

source "net/wimax/Kconfig"

source "net/rfkill/Kconfig"
source "net/9p/Kconfig"

endif   # if NET