xref: /linux/net/Kconfig (revision c537b994505099b7197e7d3125b942ecbcc51eb6) 
1#
2# Network configuration
3#
4
5menu "Networking"
6
7config NET
8	bool "Networking support"
9	---help---
10	  Unless you really know what you are doing, you should say Y here.
11	  The reason is that some programs need kernel networking support even
12	  when running on a stand-alone machine that isn't connected to any
13	  other computer.
14
15	  If you are upgrading from an older kernel, you
16	  should consider updating your networking tools too because changes
17	  in the kernel and the tools often go hand in hand. The tools are
18	  contained in the package net-tools, the location and version number
19	  of which are given in <file:Documentation/Changes>.
20
21	  For a general introduction to Linux networking, it is highly
22	  recommended to read the NET-HOWTO, available from
23	  <http://www.tldp.org/docs.html#howto>.
24
25# Make sure that all config symbols are dependent on NET
26if NET
27
28menu "Networking options"
29
30config NETDEBUG
31	bool "Network packet debugging"
32	help
33	  You can say Y here if you want to get additional messages useful in
34	  debugging bad packets, but can overwhelm logs under denial of service
35	  attacks.
36
37source "net/packet/Kconfig"
38source "net/unix/Kconfig"
39source "net/xfrm/Kconfig"
40source "net/iucv/Kconfig"
41
42config INET
43	bool "TCP/IP networking"
44	---help---
45	  These are the protocols used on the Internet and on most local
46	  Ethernets. It is highly recommended to say Y here (this will enlarge
47	  your kernel by about 144 KB), since some programs (e.g. the X window
48	  system) use TCP/IP even if your machine is not connected to any
49	  other computer. You will get the so-called loopback device which
50	  allows you to ping yourself (great fun, that!).
51
52	  For an excellent introduction to Linux networking, please read the
53	  Linux Networking HOWTO, available from
54	  <http://www.tldp.org/docs.html#howto>.
55
56	  If you say Y here and also to "/proc file system support" and
57	  "Sysctl support" below, you can change various aspects of the
58	  behavior of the TCP/IP code by writing to the (virtual) files in
59	  /proc/sys/net/ipv4/*; the options are explained in the file
60	  <file:Documentation/networking/ip-sysctl.txt>.
61
62	  Short answer: say Y.
63
64if INET
65source "net/ipv4/Kconfig"
66source "net/ipv6/Kconfig"
67source "net/netlabel/Kconfig"
68
69endif # if INET
70
71config NETWORK_SECMARK
72	bool "Security Marking"
73	help
74	  This enables security marking of network packets, similar
75	  to nfmark, but designated for security purposes.
76	  If you are unsure how to answer this question, answer N.
77
78menuconfig NETFILTER
79	bool "Network packet filtering framework (Netfilter)"
80	---help---
81	  Netfilter is a framework for filtering and mangling network packets
82	  that pass through your Linux box.
83
84	  The most common use of packet filtering is to run your Linux box as
85	  a firewall protecting a local network from the Internet. The type of
86	  firewall provided by this kernel support is called a "packet
87	  filter", which means that it can reject individual network packets
88	  based on type, source, destination etc. The other kind of firewall,
89	  a "proxy-based" one, is more secure but more intrusive and more
90	  bothersome to set up; it inspects the network traffic much more
91	  closely, modifies it and has knowledge about the higher level
92	  protocols, which a packet filter lacks. Moreover, proxy-based
93	  firewalls often require changes to the programs running on the local
94	  clients. Proxy-based firewalls don't need support by the kernel, but
95	  they are often combined with a packet filter, which only works if
96	  you say Y here.
97
98	  You should also say Y here if you intend to use your Linux box as
99	  the gateway to the Internet for a local network of machines without
100	  globally valid IP addresses. This is called "masquerading": if one
101	  of the computers on your local network wants to send something to
102	  the outside, your box can "masquerade" as that computer, i.e. it
103	  forwards the traffic to the intended outside destination, but
104	  modifies the packets to make it look like they came from the
105	  firewall box itself. It works both ways: if the outside host
106	  replies, the Linux box will silently forward the traffic to the
107	  correct local computer. This way, the computers on your local net
108	  are completely invisible to the outside world, even though they can
109	  reach the outside and can receive replies. It is even possible to
110	  run globally visible servers from within a masqueraded local network
111	  using a mechanism called portforwarding. Masquerading is also often
112	  called NAT (Network Address Translation).
113
114	  Another use of Netfilter is in transparent proxying: if a machine on
115	  the local network tries to connect to an outside host, your Linux
116	  box can transparently forward the traffic to a local server,
117	  typically a caching proxy server.
118
119	  Yet another use of Netfilter is building a bridging firewall. Using
120	  a bridge with Network packet filtering enabled makes iptables "see"
121	  the bridged traffic. For filtering on the lower network and Ethernet
122	  protocols over the bridge, use ebtables (under bridge netfilter
123	  configuration).
124
125	  Various modules exist for netfilter which replace the previous
126	  masquerading (ipmasqadm), packet filtering (ipchains), transparent
127	  proxying, and portforwarding mechanisms. Please see
128	  <file:Documentation/Changes> under "iptables" for the location of
129	  these packages.
130
131	  Make sure to say N to "Fast switching" below if you intend to say Y
132	  here, as Fast switching currently bypasses netfilter.
133
134	  Chances are that you should say Y here if you compile a kernel which
135	  will run as a router and N for regular hosts. If unsure, say N.
136
137if NETFILTER
138
139config NETFILTER_DEBUG
140	bool "Network packet filtering debugging"
141	depends on NETFILTER
142	help
143	  You can say Y here if you want to get additional messages useful in
144	  debugging the netfilter code.
145
146config BRIDGE_NETFILTER
147	bool "Bridged IP/ARP packets filtering"
148	depends on BRIDGE && NETFILTER && INET
149	default y
150	---help---
151	  Enabling this option will let arptables resp. iptables see bridged
152	  ARP resp. IP traffic. If you want a bridging firewall, you probably
153	  want this option enabled.
154	  Enabling or disabling this option doesn't enable or disable
155	  ebtables.
156
157	  If unsure, say N.
158
159source "net/netfilter/Kconfig"
160source "net/ipv4/netfilter/Kconfig"
161source "net/ipv6/netfilter/Kconfig"
162source "net/decnet/netfilter/Kconfig"
163source "net/bridge/netfilter/Kconfig"
164
165endif
166
167source "net/dccp/Kconfig"
168source "net/sctp/Kconfig"
169source "net/tipc/Kconfig"
170source "net/atm/Kconfig"
171source "net/bridge/Kconfig"
172source "net/8021q/Kconfig"
173source "net/decnet/Kconfig"
174source "net/llc/Kconfig"
175source "net/ipx/Kconfig"
176source "drivers/net/appletalk/Kconfig"
177source "net/x25/Kconfig"
178source "net/lapb/Kconfig"
179source "net/econet/Kconfig"
180source "net/wanrouter/Kconfig"
181source "net/sched/Kconfig"
182
183menu "Network testing"
184
185config NET_PKTGEN
186	tristate "Packet Generator (USE WITH CAUTION)"
187	depends on PROC_FS
188	---help---
189	  This module will inject preconfigured packets, at a configurable
190	  rate, out of a given interface.  It is used for network interface
191	  stress testing and performance analysis.  If you don't understand
192	  what was just said, you don't need it: say N.
193
194	  Documentation on how to use the packet generator can be found
195	  at <file:Documentation/networking/pktgen.txt>.
196
197	  To compile this code as a module, choose M here: the
198	  module will be called pktgen.
199
200config NET_TCPPROBE
201	tristate "TCP connection probing"
202	depends on INET && EXPERIMENTAL && PROC_FS && KPROBES
203	---help---
204	This module allows for capturing the changes to TCP connection
205	state in response to incoming packets. It is used for debugging
206	TCP congestion avoidance modules. If you don't understand
207	what was just said, you don't need it: say N.
208
209	Documentation on how to use TCP connection probing can be found
210	at http://linux-net.osdl.org/index.php/TcpProbe
211
212	To compile this code as a module, choose M here: the
213	module will be called tcp_probe.
214
215endmenu
216
217endmenu
218
219source "net/ax25/Kconfig"
220source "net/irda/Kconfig"
221source "net/bluetooth/Kconfig"
222source "net/ieee80211/Kconfig"
223
224config WIRELESS_EXT
225	bool
226
227config FIB_RULES
228	bool
229
230endif   # if NET
231endmenu # Networking
232
233