11da177e4SLinus Torvalds# 21da177e4SLinus Torvalds# IP configuration 31da177e4SLinus Torvalds# 41da177e4SLinus Torvaldsconfig IP_MULTICAST 51da177e4SLinus Torvalds bool "IP: multicasting" 61da177e4SLinus Torvalds help 71da177e4SLinus Torvalds This is code for addressing several networked computers at once, 81da177e4SLinus Torvalds enlarging your kernel by about 2 KB. You need multicasting if you 91da177e4SLinus Torvalds intend to participate in the MBONE, a high bandwidth network on top 101da177e4SLinus Torvalds of the Internet which carries audio and video broadcasts. More 111da177e4SLinus Torvalds information about the MBONE is on the WWW at 124960c2c6SJean Sacren <http://www.savetz.com/mbone/>. For most people, it's safe to say N. 131da177e4SLinus Torvalds 141da177e4SLinus Torvaldsconfig IP_ADVANCED_ROUTER 151da177e4SLinus Torvalds bool "IP: advanced router" 161da177e4SLinus Torvalds ---help--- 171da177e4SLinus Torvalds If you intend to run your Linux box mostly as a router, i.e. as a 181da177e4SLinus Torvalds computer that forwards and redistributes network packets, say Y; you 191da177e4SLinus Torvalds will then be presented with several options that allow more precise 201da177e4SLinus Torvalds control about the routing process. 211da177e4SLinus Torvalds 221da177e4SLinus Torvalds The answer to this question won't directly affect the kernel: 231da177e4SLinus Torvalds answering N will just cause the configurator to skip all the 241da177e4SLinus Torvalds questions about advanced routing. 251da177e4SLinus Torvalds 261da177e4SLinus Torvalds Note that your box can only act as a router if you enable IP 271da177e4SLinus Torvalds forwarding in your kernel; you can do that by saying Y to "/proc 281da177e4SLinus Torvalds file system support" and "Sysctl support" below and executing the 291da177e4SLinus Torvalds line 301da177e4SLinus Torvalds 311da177e4SLinus Torvalds echo "1" > /proc/sys/net/ipv4/ip_forward 321da177e4SLinus Torvalds 331da177e4SLinus Torvalds at boot time after the /proc file system has been mounted. 341da177e4SLinus Torvalds 35b2cc46a8SJesper Dangaard Brouer If you turn on IP forwarding, you should consider the rp_filter, which 361da177e4SLinus Torvalds automatically rejects incoming packets if the routing table entry 371da177e4SLinus Torvalds for their source address doesn't match the network interface they're 381da177e4SLinus Torvalds arriving on. This has security advantages because it prevents the 391da177e4SLinus Torvalds so-called IP spoofing, however it can pose problems if you use 401da177e4SLinus Torvalds asymmetric routing (packets from you to a host take a different path 411da177e4SLinus Torvalds than packets from that host to you) or if you operate a non-routing 421da177e4SLinus Torvalds host which has several IP addresses on different interfaces. To turn 43d7394372SDave Jones rp_filter on use: 441da177e4SLinus Torvalds 45d7394372SDave Jones echo 1 > /proc/sys/net/ipv4/conf/<device>/rp_filter 46750e9fadSNicolas Dichtel or 47d7394372SDave Jones echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter 481da177e4SLinus Torvalds 49b2cc46a8SJesper Dangaard Brouer Note that some distributions enable it in startup scripts. 50d18921a0SJesper Dangaard Brouer For details about rp_filter strict and loose mode read 51d18921a0SJesper Dangaard Brouer <file:Documentation/networking/ip-sysctl.txt>. 52b2cc46a8SJesper Dangaard Brouer 531da177e4SLinus Torvalds If unsure, say N here. 541da177e4SLinus Torvalds 5566a2f7fdSStephen Hemmingerconfig IP_FIB_TRIE_STATS 5666a2f7fdSStephen Hemminger bool "FIB TRIE statistics" 573630b7c0SDavid S. Miller depends on IP_ADVANCED_ROUTER 5866a2f7fdSStephen Hemminger ---help--- 5966a2f7fdSStephen Hemminger Keep track of statistics on structure of FIB TRIE table. 6066a2f7fdSStephen Hemminger Useful for testing and measuring TRIE performance. 6166a2f7fdSStephen Hemminger 621da177e4SLinus Torvaldsconfig IP_MULTIPLE_TABLES 631da177e4SLinus Torvalds bool "IP: policy routing" 641da177e4SLinus Torvalds depends on IP_ADVANCED_ROUTER 65e1ef4bf2SThomas Graf select FIB_RULES 661da177e4SLinus Torvalds ---help--- 671da177e4SLinus Torvalds Normally, a router decides what to do with a received packet based 681da177e4SLinus Torvalds solely on the packet's final destination address. If you say Y here, 691da177e4SLinus Torvalds the Linux router will also be able to take the packet's source 701da177e4SLinus Torvalds address into account. Furthermore, the TOS (Type-Of-Service) field 711da177e4SLinus Torvalds of the packet can be used for routing decisions as well. 721da177e4SLinus Torvalds 731da177e4SLinus Torvalds If you are interested in this, please see the preliminary 741da177e4SLinus Torvalds documentation at <http://www.compendium.com.ar/policy-routing.txt> 751da177e4SLinus Torvalds and <ftp://post.tepkom.ru/pub/vol2/Linux/docs/advanced-routing.tex>. 761da177e4SLinus Torvalds You will need supporting software from 771da177e4SLinus Torvalds <ftp://ftp.tux.org/pub/net/ip-routing/>. 781da177e4SLinus Torvalds 791da177e4SLinus Torvalds If unsure, say N. 801da177e4SLinus Torvalds 811da177e4SLinus Torvaldsconfig IP_ROUTE_MULTIPATH 821da177e4SLinus Torvalds bool "IP: equal cost multipath" 831da177e4SLinus Torvalds depends on IP_ADVANCED_ROUTER 841da177e4SLinus Torvalds help 851da177e4SLinus Torvalds Normally, the routing tables specify a single action to be taken in 861da177e4SLinus Torvalds a deterministic manner for a given packet. If you say Y here 871da177e4SLinus Torvalds however, it becomes possible to attach several actions to a packet 881da177e4SLinus Torvalds pattern, in effect specifying several alternative paths to travel 891da177e4SLinus Torvalds for those packets. The router considers all these paths to be of 901da177e4SLinus Torvalds equal "cost" and chooses one of them in a non-deterministic fashion 911da177e4SLinus Torvalds if a matching packet arrives. 921da177e4SLinus Torvalds 931da177e4SLinus Torvaldsconfig IP_ROUTE_VERBOSE 941da177e4SLinus Torvalds bool "IP: verbose route monitoring" 951da177e4SLinus Torvalds depends on IP_ADVANCED_ROUTER 961da177e4SLinus Torvalds help 971da177e4SLinus Torvalds If you say Y here, which is recommended, then the kernel will print 981da177e4SLinus Torvalds verbose messages regarding the routing, for example warnings about 991da177e4SLinus Torvalds received packets which look strange and could be evidence of an 1001da177e4SLinus Torvalds attack or a misconfigured system somewhere. The information is 1011da177e4SLinus Torvalds handled by the klogd daemon which is responsible for kernel messages 1021da177e4SLinus Torvalds ("man klogd"). 1031da177e4SLinus Torvalds 104c7066f70SPatrick McHardyconfig IP_ROUTE_CLASSID 105c7066f70SPatrick McHardy bool 106c7066f70SPatrick McHardy 1071da177e4SLinus Torvaldsconfig IP_PNP 1081da177e4SLinus Torvalds bool "IP: kernel level autoconfiguration" 1091da177e4SLinus Torvalds help 1101da177e4SLinus Torvalds This enables automatic configuration of IP addresses of devices and 1111da177e4SLinus Torvalds of the routing table during kernel boot, based on either information 1121da177e4SLinus Torvalds supplied on the kernel command line or by BOOTP or RARP protocols. 1131da177e4SLinus Torvalds You need to say Y only for diskless machines requiring network 1141da177e4SLinus Torvalds access to boot (in which case you want to say Y to "Root file system 1151da177e4SLinus Torvalds on NFS" as well), because all other machines configure the network 1161da177e4SLinus Torvalds in their startup scripts. 1171da177e4SLinus Torvalds 1181da177e4SLinus Torvaldsconfig IP_PNP_DHCP 1191da177e4SLinus Torvalds bool "IP: DHCP support" 1201da177e4SLinus Torvalds depends on IP_PNP 1211da177e4SLinus Torvalds ---help--- 1221da177e4SLinus Torvalds If you want your Linux box to mount its whole root file system (the 1231da177e4SLinus Torvalds one containing the directory /) from some other computer over the 1241da177e4SLinus Torvalds net via NFS and you want the IP address of your computer to be 1251da177e4SLinus Torvalds discovered automatically at boot time using the DHCP protocol (a 1261da177e4SLinus Torvalds special protocol designed for doing this job), say Y here. In case 1271da177e4SLinus Torvalds the boot ROM of your network card was designed for booting Linux and 1281da177e4SLinus Torvalds does DHCP itself, providing all necessary information on the kernel 1291da177e4SLinus Torvalds command line, you can say N here. 1301da177e4SLinus Torvalds 1311da177e4SLinus Torvalds If unsure, say Y. Note that if you want to use DHCP, a DHCP server 1321da177e4SLinus Torvalds must be operating on your network. Read 133dc7a0816SJ. Bruce Fields <file:Documentation/filesystems/nfs/nfsroot.txt> for details. 1341da177e4SLinus Torvalds 1351da177e4SLinus Torvaldsconfig IP_PNP_BOOTP 1361da177e4SLinus Torvalds bool "IP: BOOTP support" 1371da177e4SLinus Torvalds depends on IP_PNP 1381da177e4SLinus Torvalds ---help--- 1391da177e4SLinus Torvalds If you want your Linux box to mount its whole root file system (the 1401da177e4SLinus Torvalds one containing the directory /) from some other computer over the 1411da177e4SLinus Torvalds net via NFS and you want the IP address of your computer to be 1421da177e4SLinus Torvalds discovered automatically at boot time using the BOOTP protocol (a 1431da177e4SLinus Torvalds special protocol designed for doing this job), say Y here. In case 1441da177e4SLinus Torvalds the boot ROM of your network card was designed for booting Linux and 1451da177e4SLinus Torvalds does BOOTP itself, providing all necessary information on the kernel 1461da177e4SLinus Torvalds command line, you can say N here. If unsure, say Y. Note that if you 1471da177e4SLinus Torvalds want to use BOOTP, a BOOTP server must be operating on your network. 148dc7a0816SJ. Bruce Fields Read <file:Documentation/filesystems/nfs/nfsroot.txt> for details. 1491da177e4SLinus Torvalds 1501da177e4SLinus Torvaldsconfig IP_PNP_RARP 1511da177e4SLinus Torvalds bool "IP: RARP support" 1521da177e4SLinus Torvalds depends on IP_PNP 1531da177e4SLinus Torvalds help 1541da177e4SLinus Torvalds If you want your Linux box to mount its whole root file system (the 1551da177e4SLinus Torvalds one containing the directory /) from some other computer over the 1561da177e4SLinus Torvalds net via NFS and you want the IP address of your computer to be 1571da177e4SLinus Torvalds discovered automatically at boot time using the RARP protocol (an 1581da177e4SLinus Torvalds older protocol which is being obsoleted by BOOTP and DHCP), say Y 1591da177e4SLinus Torvalds here. Note that if you want to use RARP, a RARP server must be 1606ded55daSJ. Bruce Fields operating on your network. Read 161dc7a0816SJ. Bruce Fields <file:Documentation/filesystems/nfs/nfsroot.txt> for details. 1621da177e4SLinus Torvalds 1631da177e4SLinus Torvaldsconfig NET_IPIP 1641da177e4SLinus Torvalds tristate "IP: tunneling" 165d2acc347SHerbert Xu select INET_TUNNEL 166fd58156eSPravin B Shelar select NET_IP_TUNNEL 1671da177e4SLinus Torvalds ---help--- 1681da177e4SLinus Torvalds Tunneling means encapsulating data of one protocol type within 1691da177e4SLinus Torvalds another protocol and sending it over a channel that understands the 1701da177e4SLinus Torvalds encapsulating protocol. This particular tunneling driver implements 1711da177e4SLinus Torvalds encapsulation of IP within IP, which sounds kind of pointless, but 1721da177e4SLinus Torvalds can be useful if you want to make your (or some other) machine 1731da177e4SLinus Torvalds appear on a different network than it physically is, or to use 1741da177e4SLinus Torvalds mobile-IP facilities (allowing laptops to seamlessly move between 1751da177e4SLinus Torvalds networks without changing their IP addresses). 1761da177e4SLinus Torvalds 1771da177e4SLinus Torvalds Saying Y to this option will produce two modules ( = code which can 1781da177e4SLinus Torvalds be inserted in and removed from the running kernel whenever you 1791da177e4SLinus Torvalds want). Most people won't need this and can say N. 1801da177e4SLinus Torvalds 18100959adeSDmitry Kozlovconfig NET_IPGRE_DEMUX 18200959adeSDmitry Kozlov tristate "IP: GRE demultiplexer" 18300959adeSDmitry Kozlov help 18400959adeSDmitry Kozlov This is helper module to demultiplex GRE packets on GRE version field criteria. 18500959adeSDmitry Kozlov Required by ip_gre and pptp modules. 18600959adeSDmitry Kozlov 187c5441932SPravin B Shelarconfig NET_IP_TUNNEL 188c5441932SPravin B Shelar tristate 189e09acddfSPaolo Abeni select DST_CACHE 190c5441932SPravin B Shelar default n 191c5441932SPravin B Shelar 1921da177e4SLinus Torvaldsconfig NET_IPGRE 1931da177e4SLinus Torvalds tristate "IP: GRE tunnels over IP" 19421a180cdSDavid S. Miller depends on (IPV6 || IPV6=n) && NET_IPGRE_DEMUX 195c5441932SPravin B Shelar select NET_IP_TUNNEL 1961da177e4SLinus Torvalds help 1971da177e4SLinus Torvalds Tunneling means encapsulating data of one protocol type within 1981da177e4SLinus Torvalds another protocol and sending it over a channel that understands the 1991da177e4SLinus Torvalds encapsulating protocol. This particular tunneling driver implements 2001da177e4SLinus Torvalds GRE (Generic Routing Encapsulation) and at this time allows 2011da177e4SLinus Torvalds encapsulating of IPv4 or IPv6 over existing IPv4 infrastructure. 2021da177e4SLinus Torvalds This driver is useful if the other endpoint is a Cisco router: Cisco 2031da177e4SLinus Torvalds likes GRE much better than the other Linux tunneling driver ("IP 2041da177e4SLinus Torvalds tunneling" above). In addition, GRE allows multicast redistribution 2051da177e4SLinus Torvalds through the tunnel. 2061da177e4SLinus Torvalds 2071da177e4SLinus Torvaldsconfig NET_IPGRE_BROADCAST 2081da177e4SLinus Torvalds bool "IP: broadcast GRE over IP" 2091da177e4SLinus Torvalds depends on IP_MULTICAST && NET_IPGRE 2101da177e4SLinus Torvalds help 2111da177e4SLinus Torvalds One application of GRE/IP is to construct a broadcast WAN (Wide Area 2121da177e4SLinus Torvalds Network), which looks like a normal Ethernet LAN (Local Area 2131da177e4SLinus Torvalds Network), but can be distributed all over the Internet. If you want 2141da177e4SLinus Torvalds to do that, say Y here and to "IP multicast routing" below. 2151da177e4SLinus Torvalds 2161da177e4SLinus Torvaldsconfig IP_MROUTE 2171da177e4SLinus Torvalds bool "IP: multicast routing" 2181da177e4SLinus Torvalds depends on IP_MULTICAST 2191da177e4SLinus Torvalds help 2201da177e4SLinus Torvalds This is used if you want your machine to act as a router for IP 2211da177e4SLinus Torvalds packets that have several destination addresses. It is needed on the 2221da177e4SLinus Torvalds MBONE, a high bandwidth network on top of the Internet which carries 2231da177e4SLinus Torvalds audio and video broadcasts. In order to do that, you would most 2244960c2c6SJean Sacren likely run the program mrouted. If you haven't heard about it, you 2254960c2c6SJean Sacren don't need it. 2261da177e4SLinus Torvalds 227f0ad0860SPatrick McHardyconfig IP_MROUTE_MULTIPLE_TABLES 228f0ad0860SPatrick McHardy bool "IP: multicast policy routing" 22966496d49SPatrick McHardy depends on IP_MROUTE && IP_ADVANCED_ROUTER 230f0ad0860SPatrick McHardy select FIB_RULES 231f0ad0860SPatrick McHardy help 232f0ad0860SPatrick McHardy Normally, a multicast router runs a userspace daemon and decides 233f0ad0860SPatrick McHardy what to do with a multicast packet based on the source and 234f0ad0860SPatrick McHardy destination addresses. If you say Y here, the multicast router 235f0ad0860SPatrick McHardy will also be able to take interfaces and packet marks into 236f0ad0860SPatrick McHardy account and run multiple instances of userspace daemons 237f0ad0860SPatrick McHardy simultaneously, each one handling a single table. 238f0ad0860SPatrick McHardy 239f0ad0860SPatrick McHardy If unsure, say N. 240f0ad0860SPatrick McHardy 2411da177e4SLinus Torvaldsconfig IP_PIMSM_V1 2421da177e4SLinus Torvalds bool "IP: PIM-SM version 1 support" 2431da177e4SLinus Torvalds depends on IP_MROUTE 2441da177e4SLinus Torvalds help 2451da177e4SLinus Torvalds Kernel side support for Sparse Mode PIM (Protocol Independent 2461da177e4SLinus Torvalds Multicast) version 1. This multicast routing protocol is used widely 2471da177e4SLinus Torvalds because Cisco supports it. You need special software to use it 2481da177e4SLinus Torvalds (pimd-v1). Please see <http://netweb.usc.edu/pim/> for more 2491da177e4SLinus Torvalds information about PIM. 2501da177e4SLinus Torvalds 2511da177e4SLinus Torvalds Say Y if you want to use PIM-SM v1. Note that you can say N here if 2521da177e4SLinus Torvalds you just want to use Dense Mode PIM. 2531da177e4SLinus Torvalds 2541da177e4SLinus Torvaldsconfig IP_PIMSM_V2 2551da177e4SLinus Torvalds bool "IP: PIM-SM version 2 support" 2561da177e4SLinus Torvalds depends on IP_MROUTE 2571da177e4SLinus Torvalds help 2581da177e4SLinus Torvalds Kernel side support for Sparse Mode PIM version 2. In order to use 2591da177e4SLinus Torvalds this, you need an experimental routing daemon supporting it (pimd or 2601da177e4SLinus Torvalds gated-5). This routing protocol is not used widely, so say N unless 2611da177e4SLinus Torvalds you want to play with it. 2621da177e4SLinus Torvalds 2631da177e4SLinus Torvaldsconfig SYN_COOKIES 26457f1553eSFlorian Westphal bool "IP: TCP syncookie support" 2651da177e4SLinus Torvalds ---help--- 2661da177e4SLinus Torvalds Normal TCP/IP networking is open to an attack known as "SYN 2671da177e4SLinus Torvalds flooding". This denial-of-service attack prevents legitimate remote 2681da177e4SLinus Torvalds users from being able to connect to your computer during an ongoing 2691da177e4SLinus Torvalds attack and requires very little work from the attacker, who can 2701da177e4SLinus Torvalds operate from anywhere on the Internet. 2711da177e4SLinus Torvalds 2721da177e4SLinus Torvalds SYN cookies provide protection against this type of attack. If you 2731da177e4SLinus Torvalds say Y here, the TCP/IP stack will use a cryptographic challenge 2741da177e4SLinus Torvalds protocol known as "SYN cookies" to enable legitimate users to 2751da177e4SLinus Torvalds continue to connect, even when your machine is under attack. There 2761da177e4SLinus Torvalds is no need for the legitimate users to change their TCP/IP software; 2771da177e4SLinus Torvalds SYN cookies work transparently to them. For technical information 2781da177e4SLinus Torvalds about SYN cookies, check out <http://cr.yp.to/syncookies.html>. 2791da177e4SLinus Torvalds 2801da177e4SLinus Torvalds If you are SYN flooded, the source address reported by the kernel is 2811da177e4SLinus Torvalds likely to have been forged by the attacker; it is only reported as 2821da177e4SLinus Torvalds an aid in tracing the packets to their actual source and should not 2831da177e4SLinus Torvalds be taken as absolute truth. 2841da177e4SLinus Torvalds 2851da177e4SLinus Torvalds SYN cookies may prevent correct error reporting on clients when the 2861da177e4SLinus Torvalds server is really overloaded. If this happens frequently better turn 2871da177e4SLinus Torvalds them off. 2881da177e4SLinus Torvalds 28957f1553eSFlorian Westphal If you say Y here, you can disable SYN cookies at run time by 29057f1553eSFlorian Westphal saying Y to "/proc file system support" and 2911da177e4SLinus Torvalds "Sysctl support" below and executing the command 2921da177e4SLinus Torvalds 29357f1553eSFlorian Westphal echo 0 > /proc/sys/net/ipv4/tcp_syncookies 2941da177e4SLinus Torvalds 29557f1553eSFlorian Westphal after the /proc file system has been mounted. 2961da177e4SLinus Torvalds 2971da177e4SLinus Torvalds If unsure, say N. 2981da177e4SLinus Torvalds 2991181412cSSaurabhconfig NET_IPVTI 3001181412cSSaurabh tristate "Virtual (secure) IP: tunneling" 3011181412cSSaurabh select INET_TUNNEL 302f61dd388SPravin B Shelar select NET_IP_TUNNEL 3031181412cSSaurabh depends on INET_XFRM_MODE_TUNNEL 3041181412cSSaurabh ---help--- 3051181412cSSaurabh Tunneling means encapsulating data of one protocol type within 3061181412cSSaurabh another protocol and sending it over a channel that understands the 3071181412cSSaurabh encapsulating protocol. This can be used with xfrm mode tunnel to give 3081181412cSSaurabh the notion of a secure tunnel for IPSEC and then use routing protocol 3091181412cSSaurabh on top. 3101181412cSSaurabh 3118024e028STom Herbertconfig NET_UDP_TUNNEL 3128024e028STom Herbert tristate 3137c5df8faSAndy Zhou select NET_IP_TUNNEL 3148024e028STom Herbert default n 3158024e028STom Herbert 31623461551STom Herbertconfig NET_FOU 31723461551STom Herbert tristate "IP: Foo (IP protocols) over UDP" 31823461551STom Herbert select XFRM 31923461551STom Herbert select NET_UDP_TUNNEL 32023461551STom Herbert ---help--- 32123461551STom Herbert Foo over UDP allows any IP protocol to be directly encapsulated 32223461551STom Herbert over UDP include tunnels (IPIP, GRE, SIT). By encapsulating in UDP 32323461551STom Herbert network mechanisms and optimizations for UDP (such as ECMP 32423461551STom Herbert and RSS) can be leveraged to provide better service. 32523461551STom Herbert 32663487babSTom Herbertconfig NET_FOU_IP_TUNNELS 32763487babSTom Herbert bool "IP: FOU encapsulation of IP tunnels" 32863487babSTom Herbert depends on NET_IPIP || NET_IPGRE || IPV6_SIT 32963487babSTom Herbert select NET_FOU 33063487babSTom Herbert ---help--- 33163487babSTom Herbert Allow configuration of FOU or GUE encapsulation for IP tunnels. 33263487babSTom Herbert When this option is enabled IP tunnels can be configured to use 33363487babSTom Herbert FOU or GUE encapsulation. 33463487babSTom Herbert 3351da177e4SLinus Torvaldsconfig INET_AH 3361da177e4SLinus Torvalds tristate "IP: AH transformation" 3377e152524SJan Beulich select XFRM_ALGO 3381da177e4SLinus Torvalds select CRYPTO 3391da177e4SLinus Torvalds select CRYPTO_HMAC 3401da177e4SLinus Torvalds select CRYPTO_MD5 3411da177e4SLinus Torvalds select CRYPTO_SHA1 3421da177e4SLinus Torvalds ---help--- 3431da177e4SLinus Torvalds Support for IPsec AH. 3441da177e4SLinus Torvalds 3451da177e4SLinus Torvalds If unsure, say Y. 3461da177e4SLinus Torvalds 3471da177e4SLinus Torvaldsconfig INET_ESP 3481da177e4SLinus Torvalds tristate "IP: ESP transformation" 3497e152524SJan Beulich select XFRM_ALGO 3501da177e4SLinus Torvalds select CRYPTO 351ed58dd41SHerbert Xu select CRYPTO_AUTHENC 3521da177e4SLinus Torvalds select CRYPTO_HMAC 3531da177e4SLinus Torvalds select CRYPTO_MD5 3546b7326c8SHerbert Xu select CRYPTO_CBC 3551da177e4SLinus Torvalds select CRYPTO_SHA1 3561da177e4SLinus Torvalds select CRYPTO_DES 35732b6170cSThomas Egerer select CRYPTO_ECHAINIV 3581da177e4SLinus Torvalds ---help--- 3591da177e4SLinus Torvalds Support for IPsec ESP. 3601da177e4SLinus Torvalds 3611da177e4SLinus Torvalds If unsure, say Y. 3621da177e4SLinus Torvalds 363*7785bba2SSteffen Klassertconfig INET_ESP_OFFLOAD 364*7785bba2SSteffen Klassert tristate "IP: ESP transformation offload" 365*7785bba2SSteffen Klassert depends on INET_ESP 366*7785bba2SSteffen Klassert select XFRM_OFFLOAD 367*7785bba2SSteffen Klassert default n 368*7785bba2SSteffen Klassert ---help--- 369*7785bba2SSteffen Klassert Support for ESP transformation offload. This makes sense 370*7785bba2SSteffen Klassert only if this system really does IPsec and want to do it 371*7785bba2SSteffen Klassert with high throughput. A typical desktop system does not 372*7785bba2SSteffen Klassert need it, even if it does IPsec. 373*7785bba2SSteffen Klassert 374*7785bba2SSteffen Klassert If unsure, say N. 375*7785bba2SSteffen Klassert 3761da177e4SLinus Torvaldsconfig INET_IPCOMP 3771da177e4SLinus Torvalds tristate "IP: IPComp transformation" 378d2acc347SHerbert Xu select INET_XFRM_TUNNEL 3796fccab67SHerbert Xu select XFRM_IPCOMP 3801da177e4SLinus Torvalds ---help--- 3811da177e4SLinus Torvalds Support for IP Payload Compression Protocol (IPComp) (RFC3173), 3821da177e4SLinus Torvalds typically needed for IPsec. 3831da177e4SLinus Torvalds 3841da177e4SLinus Torvalds If unsure, say Y. 3851da177e4SLinus Torvalds 386d2acc347SHerbert Xuconfig INET_XFRM_TUNNEL 387d2acc347SHerbert Xu tristate 388d2acc347SHerbert Xu select INET_TUNNEL 389d2acc347SHerbert Xu default n 3901da177e4SLinus Torvalds 391d2acc347SHerbert Xuconfig INET_TUNNEL 392d2acc347SHerbert Xu tristate 393d2acc347SHerbert Xu default n 3941da177e4SLinus Torvalds 395b59f45d0SHerbert Xuconfig INET_XFRM_MODE_TRANSPORT 396b59f45d0SHerbert Xu tristate "IP: IPsec transport mode" 397b59f45d0SHerbert Xu default y 398b59f45d0SHerbert Xu select XFRM 399b59f45d0SHerbert Xu ---help--- 400b59f45d0SHerbert Xu Support for IPsec transport mode. 401b59f45d0SHerbert Xu 402b59f45d0SHerbert Xu If unsure, say Y. 403b59f45d0SHerbert Xu 404b59f45d0SHerbert Xuconfig INET_XFRM_MODE_TUNNEL 405b59f45d0SHerbert Xu tristate "IP: IPsec tunnel mode" 406b59f45d0SHerbert Xu default y 407b59f45d0SHerbert Xu select XFRM 408b59f45d0SHerbert Xu ---help--- 409b59f45d0SHerbert Xu Support for IPsec tunnel mode. 410b59f45d0SHerbert Xu 411b59f45d0SHerbert Xu If unsure, say Y. 412b59f45d0SHerbert Xu 4130a69452cSDiego Beltramiconfig INET_XFRM_MODE_BEET 4140a69452cSDiego Beltrami tristate "IP: IPsec BEET mode" 4150a69452cSDiego Beltrami default y 4160a69452cSDiego Beltrami select XFRM 4170a69452cSDiego Beltrami ---help--- 4180a69452cSDiego Beltrami Support for IPsec BEET mode. 4190a69452cSDiego Beltrami 4200a69452cSDiego Beltrami If unsure, say Y. 4210a69452cSDiego Beltrami 42217b085eaSArnaldo Carvalho de Meloconfig INET_DIAG 42317b085eaSArnaldo Carvalho de Melo tristate "INET: socket monitoring interface" 4241da177e4SLinus Torvalds default y 4251da177e4SLinus Torvalds ---help--- 42673c1f4a0SArnaldo Carvalho de Melo Support for INET (TCP, DCCP, etc) socket monitoring interface used by 42773c1f4a0SArnaldo Carvalho de Melo native Linux tools such as ss. ss is included in iproute2, currently 428c996d8b9SMichael Witten downloadable at: 429c996d8b9SMichael Witten 430c996d8b9SMichael Witten http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2 4311da177e4SLinus Torvalds 4321da177e4SLinus Torvalds If unsure, say Y. 4331da177e4SLinus Torvalds 43417b085eaSArnaldo Carvalho de Meloconfig INET_TCP_DIAG 43517b085eaSArnaldo Carvalho de Melo depends on INET_DIAG 43617b085eaSArnaldo Carvalho de Melo def_tristate INET_DIAG 43717b085eaSArnaldo Carvalho de Melo 438507dd796SPavel Emelyanovconfig INET_UDP_DIAG 4396d62a66eSDavid S. Miller tristate "UDP: socket monitoring interface" 4406d25886eSAnisse Astier depends on INET_DIAG && (IPV6 || IPV6=n) 4416d62a66eSDavid S. Miller default n 4426d62a66eSDavid S. Miller ---help--- 4436d62a66eSDavid S. Miller Support for UDP socket monitoring interface used by the ss tool. 4446d62a66eSDavid S. Miller If unsure, say Y. 445507dd796SPavel Emelyanov 446432490f9SCyrill Gorcunovconfig INET_RAW_DIAG 447432490f9SCyrill Gorcunov tristate "RAW: socket monitoring interface" 448432490f9SCyrill Gorcunov depends on INET_DIAG && (IPV6 || IPV6=n) 449432490f9SCyrill Gorcunov default n 450432490f9SCyrill Gorcunov ---help--- 451432490f9SCyrill Gorcunov Support for RAW socket monitoring interface used by the ss tool. 452432490f9SCyrill Gorcunov If unsure, say Y. 453432490f9SCyrill Gorcunov 454c1e64e29SLorenzo Colitticonfig INET_DIAG_DESTROY 455c1e64e29SLorenzo Colitti bool "INET: allow privileged process to administratively close sockets" 456c1e64e29SLorenzo Colitti depends on INET_DIAG 457c1e64e29SLorenzo Colitti default n 458c1e64e29SLorenzo Colitti ---help--- 459c1e64e29SLorenzo Colitti Provides a SOCK_DESTROY operation that allows privileged processes 460c1e64e29SLorenzo Colitti (e.g., a connection manager or a network administration tool such as 461c1e64e29SLorenzo Colitti ss) to close sockets opened by other processes. Closing a socket in 462c1e64e29SLorenzo Colitti this way interrupts any blocking read/write/connect operations on 463c1e64e29SLorenzo Colitti the socket and causes future socket calls to behave as if the socket 464c1e64e29SLorenzo Colitti had been disconnected. 465c1e64e29SLorenzo Colitti If unsure, say N. 466c1e64e29SLorenzo Colitti 4673d2573f7SStephen Hemmingermenuconfig TCP_CONG_ADVANCED 468a6484045SDavid S. Miller bool "TCP: advanced congestion control" 469a6484045SDavid S. Miller ---help--- 470a6484045SDavid S. Miller Support for selection of various TCP congestion control 471a6484045SDavid S. Miller modules. 472a6484045SDavid S. Miller 473a6484045SDavid S. Miller Nearly all users can safely say no here, and a safe default 474597811ecSStephen Hemminger selection will be made (CUBIC with new Reno as a fallback). 475a6484045SDavid S. Miller 476a6484045SDavid S. Miller If unsure, say N. 477a6484045SDavid S. Miller 4783d2573f7SStephen Hemmingerif TCP_CONG_ADVANCED 47983803034SStephen Hemminger 48083803034SStephen Hemmingerconfig TCP_CONG_BIC 48183803034SStephen Hemminger tristate "Binary Increase Congestion (BIC) control" 482597811ecSStephen Hemminger default m 48383803034SStephen Hemminger ---help--- 48483803034SStephen Hemminger BIC-TCP is a sender-side only change that ensures a linear RTT 48583803034SStephen Hemminger fairness under large windows while offering both scalability and 48683803034SStephen Hemminger bounded TCP-friendliness. The protocol combines two schemes 48783803034SStephen Hemminger called additive increase and binary search increase. When the 48883803034SStephen Hemminger congestion window is large, additive increase with a large 48983803034SStephen Hemminger increment ensures linear RTT fairness as well as good 49083803034SStephen Hemminger scalability. Under small congestion windows, binary search 49183803034SStephen Hemminger increase provides TCP friendliness. 49283803034SStephen Hemminger See http://www.csc.ncsu.edu/faculty/rhee/export/bitcp/ 49383803034SStephen Hemminger 494df3271f3SStephen Hemmingerconfig TCP_CONG_CUBIC 495df3271f3SStephen Hemminger tristate "CUBIC TCP" 496597811ecSStephen Hemminger default y 497df3271f3SStephen Hemminger ---help--- 498df3271f3SStephen Hemminger This is version 2.0 of BIC-TCP which uses a cubic growth function 499df3271f3SStephen Hemminger among other techniques. 500df3271f3SStephen Hemminger See http://www.csc.ncsu.edu/faculty/rhee/export/bitcp/cubic-paper.pdf 501df3271f3SStephen Hemminger 50287270762SStephen Hemmingerconfig TCP_CONG_WESTWOOD 50387270762SStephen Hemminger tristate "TCP Westwood+" 50487270762SStephen Hemminger default m 50587270762SStephen Hemminger ---help--- 50687270762SStephen Hemminger TCP Westwood+ is a sender-side only modification of the TCP Reno 50787270762SStephen Hemminger protocol stack that optimizes the performance of TCP congestion 50887270762SStephen Hemminger control. It is based on end-to-end bandwidth estimation to set 50987270762SStephen Hemminger congestion window and slow start threshold after a congestion 51087270762SStephen Hemminger episode. Using this estimation, TCP Westwood+ adaptively sets a 51187270762SStephen Hemminger slow start threshold and a congestion window which takes into 51287270762SStephen Hemminger account the bandwidth used at the time congestion is experienced. 51387270762SStephen Hemminger TCP Westwood+ significantly increases fairness wrt TCP Reno in 51487270762SStephen Hemminger wired networks and throughput over wireless links. 51587270762SStephen Hemminger 516a7868ea6SBaruch Evenconfig TCP_CONG_HTCP 517a7868ea6SBaruch Even tristate "H-TCP" 518a7868ea6SBaruch Even default m 519a7868ea6SBaruch Even ---help--- 520a7868ea6SBaruch Even H-TCP is a send-side only modifications of the TCP Reno 521a7868ea6SBaruch Even protocol stack that optimizes the performance of TCP 522a7868ea6SBaruch Even congestion control for high speed network links. It uses a 523a7868ea6SBaruch Even modeswitch to change the alpha and beta parameters of TCP Reno 524a7868ea6SBaruch Even based on network conditions and in a way so as to be fair with 525a7868ea6SBaruch Even other Reno and H-TCP flows. 526a7868ea6SBaruch Even 527a628d29bSJohn Heffnerconfig TCP_CONG_HSTCP 528a628d29bSJohn Heffner tristate "High Speed TCP" 529a628d29bSJohn Heffner default n 530a628d29bSJohn Heffner ---help--- 531a628d29bSJohn Heffner Sally Floyd's High Speed TCP (RFC 3649) congestion control. 532a628d29bSJohn Heffner A modification to TCP's congestion control mechanism for use 533a628d29bSJohn Heffner with large congestion windows. A table indicates how much to 534a628d29bSJohn Heffner increase the congestion window by when an ACK is received. 535a628d29bSJohn Heffner For more detail see http://www.icir.org/floyd/hstcp.html 536a628d29bSJohn Heffner 537835b3f0cSDaniele Lacameraconfig TCP_CONG_HYBLA 538835b3f0cSDaniele Lacamera tristate "TCP-Hybla congestion control algorithm" 539835b3f0cSDaniele Lacamera default n 540835b3f0cSDaniele Lacamera ---help--- 541835b3f0cSDaniele Lacamera TCP-Hybla is a sender-side only change that eliminates penalization of 542835b3f0cSDaniele Lacamera long-RTT, large-bandwidth connections, like when satellite legs are 54344c09201SMatt LaPlante involved, especially when sharing a common bottleneck with normal 544835b3f0cSDaniele Lacamera terrestrial connections. 545835b3f0cSDaniele Lacamera 546b87d8561SStephen Hemmingerconfig TCP_CONG_VEGAS 547b87d8561SStephen Hemminger tristate "TCP Vegas" 548b87d8561SStephen Hemminger default n 549b87d8561SStephen Hemminger ---help--- 550b87d8561SStephen Hemminger TCP Vegas is a sender-side only change to TCP that anticipates 551b87d8561SStephen Hemminger the onset of congestion by estimating the bandwidth. TCP Vegas 552b87d8561SStephen Hemminger adjusts the sending rate by modifying the congestion 553b87d8561SStephen Hemminger window. TCP Vegas should provide less packet loss, but it is 554b87d8561SStephen Hemminger not as aggressive as TCP Reno. 555b87d8561SStephen Hemminger 556699fafafSLawrence Brakmoconfig TCP_CONG_NV 557699fafafSLawrence Brakmo tristate "TCP NV" 558699fafafSLawrence Brakmo default n 559699fafafSLawrence Brakmo ---help--- 560699fafafSLawrence Brakmo TCP NV is a follow up to TCP Vegas. It has been modified to deal with 561699fafafSLawrence Brakmo 10G networks, measurement noise introduced by LRO, GRO and interrupt 562699fafafSLawrence Brakmo coalescence. In addition, it will decrease its cwnd multiplicatively 563699fafafSLawrence Brakmo instead of linearly. 564699fafafSLawrence Brakmo 565699fafafSLawrence Brakmo Note that in general congestion avoidance (cwnd decreased when # packets 566699fafafSLawrence Brakmo queued grows) cannot coexist with congestion control (cwnd decreased only 567699fafafSLawrence Brakmo when there is packet loss) due to fairness issues. One scenario when they 568699fafafSLawrence Brakmo can coexist safely is when the CA flows have RTTs << CC flows RTTs. 569699fafafSLawrence Brakmo 570699fafafSLawrence Brakmo For further details see http://www.brakmo.org/networking/tcp-nv/ 571699fafafSLawrence Brakmo 5720e57976bSJohn Heffnerconfig TCP_CONG_SCALABLE 5730e57976bSJohn Heffner tristate "Scalable TCP" 5740e57976bSJohn Heffner default n 5750e57976bSJohn Heffner ---help--- 5760e57976bSJohn Heffner Scalable TCP is a sender-side only change to TCP which uses a 5770e57976bSJohn Heffner MIMD congestion control algorithm which has some nice scaling 5780e57976bSJohn Heffner properties, though is known to have fairness issues. 579f4b9479dSBaruch Even See http://www.deneholme.net/tom/scalable/ 580a7868ea6SBaruch Even 5817c106d7eSWong Hoi Sing Edisonconfig TCP_CONG_LP 5827c106d7eSWong Hoi Sing Edison tristate "TCP Low Priority" 5837c106d7eSWong Hoi Sing Edison default n 5847c106d7eSWong Hoi Sing Edison ---help--- 5857c106d7eSWong Hoi Sing Edison TCP Low Priority (TCP-LP), a distributed algorithm whose goal is 586cab00891SMatt LaPlante to utilize only the excess network bandwidth as compared to the 5877c106d7eSWong Hoi Sing Edison ``fair share`` of bandwidth as targeted by TCP. 5887c106d7eSWong Hoi Sing Edison See http://www-ece.rice.edu/networks/TCP-LP/ 5897c106d7eSWong Hoi Sing Edison 59076f10177SBin Zhouconfig TCP_CONG_VENO 59176f10177SBin Zhou tristate "TCP Veno" 59276f10177SBin Zhou default n 59376f10177SBin Zhou ---help--- 59476f10177SBin Zhou TCP Veno is a sender-side only enhancement of TCP to obtain better 59576f10177SBin Zhou throughput over wireless networks. TCP Veno makes use of state 59676f10177SBin Zhou distinguishing to circumvent the difficult judgment of the packet loss 59776f10177SBin Zhou type. TCP Veno cuts down less congestion window in response to random 59876f10177SBin Zhou loss packets. 599631dd1a8SJustin P. Mattock See <http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=1177186> 60076f10177SBin Zhou 6015ef81475SAngelo P. Castellaniconfig TCP_CONG_YEAH 6025ef81475SAngelo P. Castellani tristate "YeAH TCP" 6032ff011efSDavid S. Miller select TCP_CONG_VEGAS 6045ef81475SAngelo P. Castellani default n 6055ef81475SAngelo P. Castellani ---help--- 6065ef81475SAngelo P. Castellani YeAH-TCP is a sender-side high-speed enabled TCP congestion control 6075ef81475SAngelo P. Castellani algorithm, which uses a mixed loss/delay approach to compute the 6085ef81475SAngelo P. Castellani congestion window. It's design goals target high efficiency, 6095ef81475SAngelo P. Castellani internal, RTT and Reno fairness, resilience to link loss while 6105ef81475SAngelo P. Castellani keeping network elements load as low as possible. 6115ef81475SAngelo P. Castellani 6125ef81475SAngelo P. Castellani For further details look here: 6135ef81475SAngelo P. Castellani http://wil.cs.caltech.edu/pfldnet2007/paper/YeAH_TCP.pdf 6145ef81475SAngelo P. Castellani 615c462238dSStephen Hemmingerconfig TCP_CONG_ILLINOIS 616c462238dSStephen Hemminger tristate "TCP Illinois" 617c462238dSStephen Hemminger default n 618c462238dSStephen Hemminger ---help--- 61901dd2fbfSMatt LaPlante TCP-Illinois is a sender-side modification of TCP Reno for 620c462238dSStephen Hemminger high speed long delay links. It uses round-trip-time to 621c462238dSStephen Hemminger adjust the alpha and beta parameters to achieve a higher average 622c462238dSStephen Hemminger throughput and maintain fairness. 623c462238dSStephen Hemminger 624c462238dSStephen Hemminger For further details see: 625c462238dSStephen Hemminger http://www.ews.uiuc.edu/~shaoliu/tcpillinois/index.html 626c462238dSStephen Hemminger 627e3118e83SDaniel Borkmannconfig TCP_CONG_DCTCP 628e3118e83SDaniel Borkmann tristate "DataCenter TCP (DCTCP)" 629e3118e83SDaniel Borkmann default n 630e3118e83SDaniel Borkmann ---help--- 631e3118e83SDaniel Borkmann DCTCP leverages Explicit Congestion Notification (ECN) in the network to 632e3118e83SDaniel Borkmann provide multi-bit feedback to the end hosts. It is designed to provide: 633e3118e83SDaniel Borkmann 634e3118e83SDaniel Borkmann - High burst tolerance (incast due to partition/aggregate), 635e3118e83SDaniel Borkmann - Low latency (short flows, queries), 636e3118e83SDaniel Borkmann - High throughput (continuous data updates, large file transfers) with 637e3118e83SDaniel Borkmann commodity, shallow-buffered switches. 638e3118e83SDaniel Borkmann 639e3118e83SDaniel Borkmann All switches in the data center network running DCTCP must support 640e3118e83SDaniel Borkmann ECN marking and be configured for marking when reaching defined switch 641e3118e83SDaniel Borkmann buffer thresholds. The default ECN marking threshold heuristic for 642e3118e83SDaniel Borkmann DCTCP on switches is 20 packets (30KB) at 1Gbps, and 65 packets 643e3118e83SDaniel Borkmann (~100KB) at 10Gbps, but might need further careful tweaking. 644e3118e83SDaniel Borkmann 645e3118e83SDaniel Borkmann For further details see: 646e3118e83SDaniel Borkmann http://simula.stanford.edu/~alizade/Site/DCTCP_files/dctcp-final.pdf 647e3118e83SDaniel Borkmann 6482b0a8c9eSKenneth Klette Jonassenconfig TCP_CONG_CDG 6492b0a8c9eSKenneth Klette Jonassen tristate "CAIA Delay-Gradient (CDG)" 6502b0a8c9eSKenneth Klette Jonassen default n 6512b0a8c9eSKenneth Klette Jonassen ---help--- 6522b0a8c9eSKenneth Klette Jonassen CAIA Delay-Gradient (CDG) is a TCP congestion control that modifies 6532b0a8c9eSKenneth Klette Jonassen the TCP sender in order to: 6542b0a8c9eSKenneth Klette Jonassen 6552b0a8c9eSKenneth Klette Jonassen o Use the delay gradient as a congestion signal. 6562b0a8c9eSKenneth Klette Jonassen o Back off with an average probability that is independent of the RTT. 6572b0a8c9eSKenneth Klette Jonassen o Coexist with flows that use loss-based congestion control. 6582b0a8c9eSKenneth Klette Jonassen o Tolerate packet loss unrelated to congestion. 6592b0a8c9eSKenneth Klette Jonassen 6602b0a8c9eSKenneth Klette Jonassen For further details see: 6612b0a8c9eSKenneth Klette Jonassen D.A. Hayes and G. Armitage. "Revisiting TCP congestion control using 6622b0a8c9eSKenneth Klette Jonassen delay gradients." In Networking 2011. Preprint: http://goo.gl/No3vdg 6632b0a8c9eSKenneth Klette Jonassen 6640f8782eaSNeal Cardwellconfig TCP_CONG_BBR 6650f8782eaSNeal Cardwell tristate "BBR TCP" 6660f8782eaSNeal Cardwell default n 6670f8782eaSNeal Cardwell ---help--- 6680f8782eaSNeal Cardwell 6690f8782eaSNeal Cardwell BBR (Bottleneck Bandwidth and RTT) TCP congestion control aims to 6700f8782eaSNeal Cardwell maximize network utilization and minimize queues. It builds an explicit 6710f8782eaSNeal Cardwell model of the the bottleneck delivery rate and path round-trip 6720f8782eaSNeal Cardwell propagation delay. It tolerates packet loss and delay unrelated to 6730f8782eaSNeal Cardwell congestion. It can operate over LAN, WAN, cellular, wifi, or cable 6740f8782eaSNeal Cardwell modem links. It can coexist with flows that use loss-based congestion 6750f8782eaSNeal Cardwell control, and can operate with shallow buffers, deep buffers, 6760f8782eaSNeal Cardwell bufferbloat, policers, or AQM schemes that do not provide a delay 6770f8782eaSNeal Cardwell signal. It requires the fq ("Fair Queue") pacing packet scheduler. 6780f8782eaSNeal Cardwell 6793d2573f7SStephen Hemmingerchoice 6803d2573f7SStephen Hemminger prompt "Default TCP congestion control" 681597811ecSStephen Hemminger default DEFAULT_CUBIC 6823d2573f7SStephen Hemminger help 6833d2573f7SStephen Hemminger Select the TCP congestion control that will be used by default 6843d2573f7SStephen Hemminger for all connections. 6853d2573f7SStephen Hemminger 6863d2573f7SStephen Hemminger config DEFAULT_BIC 6873d2573f7SStephen Hemminger bool "Bic" if TCP_CONG_BIC=y 6883d2573f7SStephen Hemminger 6893d2573f7SStephen Hemminger config DEFAULT_CUBIC 6903d2573f7SStephen Hemminger bool "Cubic" if TCP_CONG_CUBIC=y 6913d2573f7SStephen Hemminger 6923d2573f7SStephen Hemminger config DEFAULT_HTCP 6933d2573f7SStephen Hemminger bool "Htcp" if TCP_CONG_HTCP=y 6943d2573f7SStephen Hemminger 695dd2acaa7SJan Engelhardt config DEFAULT_HYBLA 696dd2acaa7SJan Engelhardt bool "Hybla" if TCP_CONG_HYBLA=y 697dd2acaa7SJan Engelhardt 6983d2573f7SStephen Hemminger config DEFAULT_VEGAS 6993d2573f7SStephen Hemminger bool "Vegas" if TCP_CONG_VEGAS=y 7003d2573f7SStephen Hemminger 7016ce1a6dfSJan Engelhardt config DEFAULT_VENO 7026ce1a6dfSJan Engelhardt bool "Veno" if TCP_CONG_VENO=y 7036ce1a6dfSJan Engelhardt 7043d2573f7SStephen Hemminger config DEFAULT_WESTWOOD 7053d2573f7SStephen Hemminger bool "Westwood" if TCP_CONG_WESTWOOD=y 7063d2573f7SStephen Hemminger 707e3118e83SDaniel Borkmann config DEFAULT_DCTCP 708e3118e83SDaniel Borkmann bool "DCTCP" if TCP_CONG_DCTCP=y 709e3118e83SDaniel Borkmann 7102b0a8c9eSKenneth Klette Jonassen config DEFAULT_CDG 7112b0a8c9eSKenneth Klette Jonassen bool "CDG" if TCP_CONG_CDG=y 7122b0a8c9eSKenneth Klette Jonassen 7130f8782eaSNeal Cardwell config DEFAULT_BBR 7140f8782eaSNeal Cardwell bool "BBR" if TCP_CONG_BBR=y 7150f8782eaSNeal Cardwell 7163d2573f7SStephen Hemminger config DEFAULT_RENO 7173d2573f7SStephen Hemminger bool "Reno" 7183d2573f7SStephen Hemmingerendchoice 7193d2573f7SStephen Hemminger 7203d2573f7SStephen Hemmingerendif 72183803034SStephen Hemminger 722597811ecSStephen Hemmingerconfig TCP_CONG_CUBIC 7236c360767SDavid S. Miller tristate 724a6484045SDavid S. Miller depends on !TCP_CONG_ADVANCED 725a6484045SDavid S. Miller default y 726a6484045SDavid S. Miller 7273d2573f7SStephen Hemmingerconfig DEFAULT_TCP_CONG 7283d2573f7SStephen Hemminger string 7293d2573f7SStephen Hemminger default "bic" if DEFAULT_BIC 7303d2573f7SStephen Hemminger default "cubic" if DEFAULT_CUBIC 7313d2573f7SStephen Hemminger default "htcp" if DEFAULT_HTCP 732dd2acaa7SJan Engelhardt default "hybla" if DEFAULT_HYBLA 7333d2573f7SStephen Hemminger default "vegas" if DEFAULT_VEGAS 7343d2573f7SStephen Hemminger default "westwood" if DEFAULT_WESTWOOD 7356ce1a6dfSJan Engelhardt default "veno" if DEFAULT_VENO 7363d2573f7SStephen Hemminger default "reno" if DEFAULT_RENO 737e3118e83SDaniel Borkmann default "dctcp" if DEFAULT_DCTCP 7382b0a8c9eSKenneth Klette Jonassen default "cdg" if DEFAULT_CDG 7394df21dfcSJulian Wollrath default "bbr" if DEFAULT_BBR 740597811ecSStephen Hemminger default "cubic" 7413d2573f7SStephen Hemminger 742cfb6eeb4SYOSHIFUJI Hideakiconfig TCP_MD5SIG 74344fbe920SKees Cook bool "TCP: MD5 Signature Option support (RFC2385)" 744cfb6eeb4SYOSHIFUJI Hideaki select CRYPTO 745cfb6eeb4SYOSHIFUJI Hideaki select CRYPTO_MD5 746cfb6eeb4SYOSHIFUJI Hideaki ---help--- 7473dde6ad8SDavid Sterba RFC2385 specifies a method of giving MD5 protection to TCP sessions. 748cfb6eeb4SYOSHIFUJI Hideaki Its main (only?) use is to protect BGP sessions between core routers 749cfb6eeb4SYOSHIFUJI Hideaki on the Internet. 750cfb6eeb4SYOSHIFUJI Hideaki 751cfb6eeb4SYOSHIFUJI Hideaki If unsure, say N. 752