1# SPDX-License-Identifier: GPL-2.0-only 2# 3# Traffic control configuration. 4# 5 6menuconfig NET_SCHED 7 bool "QoS and/or fair queueing" 8 select NET_SCH_FIFO 9 ---help--- 10 When the kernel has several packets to send out over a network 11 device, it has to decide which ones to send first, which ones to 12 delay, and which ones to drop. This is the job of the queueing 13 disciplines, several different algorithms for how to do this 14 "fairly" have been proposed. 15 16 If you say N here, you will get the standard packet scheduler, which 17 is a FIFO (first come, first served). If you say Y here, you will be 18 able to choose from among several alternative algorithms which can 19 then be attached to different network devices. This is useful for 20 example if some of your network devices are real time devices that 21 need a certain minimum data flow rate, or if you need to limit the 22 maximum data flow rate for traffic which matches specified criteria. 23 This code is considered to be experimental. 24 25 To administer these schedulers, you'll need the user-level utilities 26 from the package iproute2+tc at 27 <https://www.kernel.org/pub/linux/utils/net/iproute2/>. That package 28 also contains some documentation; for more, check out 29 <http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2>. 30 31 This Quality of Service (QoS) support will enable you to use 32 Differentiated Services (diffserv) and Resource Reservation Protocol 33 (RSVP) on your Linux router if you also say Y to the corresponding 34 classifiers below. Documentation and software is at 35 <http://diffserv.sourceforge.net/>. 36 37 If you say Y here and to "/proc file system" below, you will be able 38 to read status information about packet schedulers from the file 39 /proc/net/psched. 40 41 The available schedulers are listed in the following questions; you 42 can say Y to as many as you like. If unsure, say N now. 43 44if NET_SCHED 45 46comment "Queueing/Scheduling" 47 48config NET_SCH_CBQ 49 tristate "Class Based Queueing (CBQ)" 50 ---help--- 51 Say Y here if you want to use the Class-Based Queueing (CBQ) packet 52 scheduling algorithm. This algorithm classifies the waiting packets 53 into a tree-like hierarchy of classes; the leaves of this tree are 54 in turn scheduled by separate algorithms. 55 56 See the top of <file:net/sched/sch_cbq.c> for more details. 57 58 CBQ is a commonly used scheduler, so if you're unsure, you should 59 say Y here. Then say Y to all the queueing algorithms below that you 60 want to use as leaf disciplines. 61 62 To compile this code as a module, choose M here: the 63 module will be called sch_cbq. 64 65config NET_SCH_HTB 66 tristate "Hierarchical Token Bucket (HTB)" 67 ---help--- 68 Say Y here if you want to use the Hierarchical Token Buckets (HTB) 69 packet scheduling algorithm. See 70 <http://luxik.cdi.cz/~devik/qos/htb/> for complete manual and 71 in-depth articles. 72 73 HTB is very similar to CBQ regarding its goals however is has 74 different properties and different algorithm. 75 76 To compile this code as a module, choose M here: the 77 module will be called sch_htb. 78 79config NET_SCH_HFSC 80 tristate "Hierarchical Fair Service Curve (HFSC)" 81 ---help--- 82 Say Y here if you want to use the Hierarchical Fair Service Curve 83 (HFSC) packet scheduling algorithm. 84 85 To compile this code as a module, choose M here: the 86 module will be called sch_hfsc. 87 88config NET_SCH_ATM 89 tristate "ATM Virtual Circuits (ATM)" 90 depends on ATM 91 ---help--- 92 Say Y here if you want to use the ATM pseudo-scheduler. This 93 provides a framework for invoking classifiers, which in turn 94 select classes of this queuing discipline. Each class maps 95 the flow(s) it is handling to a given virtual circuit. 96 97 See the top of <file:net/sched/sch_atm.c> for more details. 98 99 To compile this code as a module, choose M here: the 100 module will be called sch_atm. 101 102config NET_SCH_PRIO 103 tristate "Multi Band Priority Queueing (PRIO)" 104 ---help--- 105 Say Y here if you want to use an n-band priority queue packet 106 scheduler. 107 108 To compile this code as a module, choose M here: the 109 module will be called sch_prio. 110 111config NET_SCH_MULTIQ 112 tristate "Hardware Multiqueue-aware Multi Band Queuing (MULTIQ)" 113 ---help--- 114 Say Y here if you want to use an n-band queue packet scheduler 115 to support devices that have multiple hardware transmit queues. 116 117 To compile this code as a module, choose M here: the 118 module will be called sch_multiq. 119 120config NET_SCH_RED 121 tristate "Random Early Detection (RED)" 122 ---help--- 123 Say Y here if you want to use the Random Early Detection (RED) 124 packet scheduling algorithm. 125 126 See the top of <file:net/sched/sch_red.c> for more details. 127 128 To compile this code as a module, choose M here: the 129 module will be called sch_red. 130 131config NET_SCH_SFB 132 tristate "Stochastic Fair Blue (SFB)" 133 ---help--- 134 Say Y here if you want to use the Stochastic Fair Blue (SFB) 135 packet scheduling algorithm. 136 137 See the top of <file:net/sched/sch_sfb.c> for more details. 138 139 To compile this code as a module, choose M here: the 140 module will be called sch_sfb. 141 142config NET_SCH_SFQ 143 tristate "Stochastic Fairness Queueing (SFQ)" 144 ---help--- 145 Say Y here if you want to use the Stochastic Fairness Queueing (SFQ) 146 packet scheduling algorithm. 147 148 See the top of <file:net/sched/sch_sfq.c> for more details. 149 150 To compile this code as a module, choose M here: the 151 module will be called sch_sfq. 152 153config NET_SCH_TEQL 154 tristate "True Link Equalizer (TEQL)" 155 ---help--- 156 Say Y here if you want to use the True Link Equalizer (TLE) packet 157 scheduling algorithm. This queueing discipline allows the combination 158 of several physical devices into one virtual device. 159 160 See the top of <file:net/sched/sch_teql.c> for more details. 161 162 To compile this code as a module, choose M here: the 163 module will be called sch_teql. 164 165config NET_SCH_TBF 166 tristate "Token Bucket Filter (TBF)" 167 ---help--- 168 Say Y here if you want to use the Token Bucket Filter (TBF) packet 169 scheduling algorithm. 170 171 See the top of <file:net/sched/sch_tbf.c> for more details. 172 173 To compile this code as a module, choose M here: the 174 module will be called sch_tbf. 175 176config NET_SCH_CBS 177 tristate "Credit Based Shaper (CBS)" 178 ---help--- 179 Say Y here if you want to use the Credit Based Shaper (CBS) packet 180 scheduling algorithm. 181 182 See the top of <file:net/sched/sch_cbs.c> for more details. 183 184 To compile this code as a module, choose M here: the 185 module will be called sch_cbs. 186 187config NET_SCH_ETF 188 tristate "Earliest TxTime First (ETF)" 189 help 190 Say Y here if you want to use the Earliest TxTime First (ETF) packet 191 scheduling algorithm. 192 193 See the top of <file:net/sched/sch_etf.c> for more details. 194 195 To compile this code as a module, choose M here: the 196 module will be called sch_etf. 197 198config NET_SCH_TAPRIO 199 tristate "Time Aware Priority (taprio) Scheduler" 200 help 201 Say Y here if you want to use the Time Aware Priority (taprio) packet 202 scheduling algorithm. 203 204 See the top of <file:net/sched/sch_taprio.c> for more details. 205 206 To compile this code as a module, choose M here: the 207 module will be called sch_taprio. 208 209config NET_SCH_GRED 210 tristate "Generic Random Early Detection (GRED)" 211 ---help--- 212 Say Y here if you want to use the Generic Random Early Detection 213 (GRED) packet scheduling algorithm for some of your network devices 214 (see the top of <file:net/sched/sch_red.c> for details and 215 references about the algorithm). 216 217 To compile this code as a module, choose M here: the 218 module will be called sch_gred. 219 220config NET_SCH_DSMARK 221 tristate "Differentiated Services marker (DSMARK)" 222 ---help--- 223 Say Y if you want to schedule packets according to the 224 Differentiated Services architecture proposed in RFC 2475. 225 Technical information on this method, with pointers to associated 226 RFCs, is available at <http://www.gta.ufrj.br/diffserv/>. 227 228 To compile this code as a module, choose M here: the 229 module will be called sch_dsmark. 230 231config NET_SCH_NETEM 232 tristate "Network emulator (NETEM)" 233 ---help--- 234 Say Y if you want to emulate network delay, loss, and packet 235 re-ordering. This is often useful to simulate networks when 236 testing applications or protocols. 237 238 To compile this driver as a module, choose M here: the module 239 will be called sch_netem. 240 241 If unsure, say N. 242 243config NET_SCH_DRR 244 tristate "Deficit Round Robin scheduler (DRR)" 245 help 246 Say Y here if you want to use the Deficit Round Robin (DRR) packet 247 scheduling algorithm. 248 249 To compile this driver as a module, choose M here: the module 250 will be called sch_drr. 251 252 If unsure, say N. 253 254config NET_SCH_MQPRIO 255 tristate "Multi-queue priority scheduler (MQPRIO)" 256 help 257 Say Y here if you want to use the Multi-queue Priority scheduler. 258 This scheduler allows QOS to be offloaded on NICs that have support 259 for offloading QOS schedulers. 260 261 To compile this driver as a module, choose M here: the module will 262 be called sch_mqprio. 263 264 If unsure, say N. 265 266config NET_SCH_SKBPRIO 267 tristate "SKB priority queue scheduler (SKBPRIO)" 268 help 269 Say Y here if you want to use the SKB priority queue 270 scheduler. This schedules packets according to skb->priority, 271 which is useful for request packets in DoS mitigation systems such 272 as Gatekeeper. 273 274 To compile this driver as a module, choose M here: the module will 275 be called sch_skbprio. 276 277 If unsure, say N. 278 279config NET_SCH_CHOKE 280 tristate "CHOose and Keep responsive flow scheduler (CHOKE)" 281 help 282 Say Y here if you want to use the CHOKe packet scheduler (CHOose 283 and Keep for responsive flows, CHOose and Kill for unresponsive 284 flows). This is a variation of RED which trys to penalize flows 285 that monopolize the queue. 286 287 To compile this code as a module, choose M here: the 288 module will be called sch_choke. 289 290config NET_SCH_QFQ 291 tristate "Quick Fair Queueing scheduler (QFQ)" 292 help 293 Say Y here if you want to use the Quick Fair Queueing Scheduler (QFQ) 294 packet scheduling algorithm. 295 296 To compile this driver as a module, choose M here: the module 297 will be called sch_qfq. 298 299 If unsure, say N. 300 301config NET_SCH_CODEL 302 tristate "Controlled Delay AQM (CODEL)" 303 help 304 Say Y here if you want to use the Controlled Delay (CODEL) 305 packet scheduling algorithm. 306 307 To compile this driver as a module, choose M here: the module 308 will be called sch_codel. 309 310 If unsure, say N. 311 312config NET_SCH_FQ_CODEL 313 tristate "Fair Queue Controlled Delay AQM (FQ_CODEL)" 314 help 315 Say Y here if you want to use the FQ Controlled Delay (FQ_CODEL) 316 packet scheduling algorithm. 317 318 To compile this driver as a module, choose M here: the module 319 will be called sch_fq_codel. 320 321 If unsure, say N. 322 323config NET_SCH_CAKE 324 tristate "Common Applications Kept Enhanced (CAKE)" 325 help 326 Say Y here if you want to use the Common Applications Kept Enhanced 327 (CAKE) queue management algorithm. 328 329 To compile this driver as a module, choose M here: the module 330 will be called sch_cake. 331 332 If unsure, say N. 333 334config NET_SCH_FQ 335 tristate "Fair Queue" 336 help 337 Say Y here if you want to use the FQ packet scheduling algorithm. 338 339 FQ does flow separation, and is able to respect pacing requirements 340 set by TCP stack into sk->sk_pacing_rate (for localy generated 341 traffic) 342 343 To compile this driver as a module, choose M here: the module 344 will be called sch_fq. 345 346 If unsure, say N. 347 348config NET_SCH_HHF 349 tristate "Heavy-Hitter Filter (HHF)" 350 help 351 Say Y here if you want to use the Heavy-Hitter Filter (HHF) 352 packet scheduling algorithm. 353 354 To compile this driver as a module, choose M here: the module 355 will be called sch_hhf. 356 357config NET_SCH_PIE 358 tristate "Proportional Integral controller Enhanced (PIE) scheduler" 359 help 360 Say Y here if you want to use the Proportional Integral controller 361 Enhanced scheduler packet scheduling algorithm. 362 For more information, please see https://tools.ietf.org/html/rfc8033 363 364 To compile this driver as a module, choose M here: the module 365 will be called sch_pie. 366 367 If unsure, say N. 368 369config NET_SCH_INGRESS 370 tristate "Ingress/classifier-action Qdisc" 371 depends on NET_CLS_ACT 372 select NET_INGRESS 373 select NET_EGRESS 374 ---help--- 375 Say Y here if you want to use classifiers for incoming and/or outgoing 376 packets. This qdisc doesn't do anything else besides running classifiers, 377 which can also have actions attached to them. In case of outgoing packets, 378 classifiers that this qdisc holds are executed in the transmit path 379 before real enqueuing to an egress qdisc happens. 380 381 If unsure, say Y. 382 383 To compile this code as a module, choose M here: the module will be 384 called sch_ingress with alias of sch_clsact. 385 386config NET_SCH_PLUG 387 tristate "Plug network traffic until release (PLUG)" 388 ---help--- 389 390 This queuing discipline allows userspace to plug/unplug a network 391 output queue, using the netlink interface. When it receives an 392 enqueue command it inserts a plug into the outbound queue that 393 causes following packets to enqueue until a dequeue command arrives 394 over netlink, causing the plug to be removed and resuming the normal 395 packet flow. 396 397 This module also provides a generic "network output buffering" 398 functionality (aka output commit), wherein upon arrival of a dequeue 399 command, only packets up to the first plug are released for delivery. 400 The Remus HA project uses this module to enable speculative execution 401 of virtual machines by allowing the generated network output to be rolled 402 back if needed. 403 404 For more information, please refer to <http://wiki.xenproject.org/wiki/Remus> 405 406 Say Y here if you are using this kernel for Xen dom0 and 407 want to protect Xen guests with Remus. 408 409 To compile this code as a module, choose M here: the 410 module will be called sch_plug. 411 412menuconfig NET_SCH_DEFAULT 413 bool "Allow override default queue discipline" 414 ---help--- 415 Support for selection of default queuing discipline. 416 417 Nearly all users can safely say no here, and the default 418 of pfifo_fast will be used. Many distributions already set 419 the default value via /proc/sys/net/core/default_qdisc. 420 421 If unsure, say N. 422 423if NET_SCH_DEFAULT 424 425choice 426 prompt "Default queuing discipline" 427 default DEFAULT_PFIFO_FAST 428 help 429 Select the queueing discipline that will be used by default 430 for all network devices. 431 432 config DEFAULT_FQ 433 bool "Fair Queue" if NET_SCH_FQ 434 435 config DEFAULT_CODEL 436 bool "Controlled Delay" if NET_SCH_CODEL 437 438 config DEFAULT_FQ_CODEL 439 bool "Fair Queue Controlled Delay" if NET_SCH_FQ_CODEL 440 441 config DEFAULT_SFQ 442 bool "Stochastic Fair Queue" if NET_SCH_SFQ 443 444 config DEFAULT_PFIFO_FAST 445 bool "Priority FIFO Fast" 446endchoice 447 448config DEFAULT_NET_SCH 449 string 450 default "pfifo_fast" if DEFAULT_PFIFO_FAST 451 default "fq" if DEFAULT_FQ 452 default "fq_codel" if DEFAULT_FQ_CODEL 453 default "sfq" if DEFAULT_SFQ 454 default "pfifo_fast" 455endif 456 457comment "Classification" 458 459config NET_CLS 460 bool 461 462config NET_CLS_BASIC 463 tristate "Elementary classification (BASIC)" 464 select NET_CLS 465 ---help--- 466 Say Y here if you want to be able to classify packets using 467 only extended matches and actions. 468 469 To compile this code as a module, choose M here: the 470 module will be called cls_basic. 471 472config NET_CLS_TCINDEX 473 tristate "Traffic-Control Index (TCINDEX)" 474 select NET_CLS 475 ---help--- 476 Say Y here if you want to be able to classify packets based on 477 traffic control indices. You will want this feature if you want 478 to implement Differentiated Services together with DSMARK. 479 480 To compile this code as a module, choose M here: the 481 module will be called cls_tcindex. 482 483config NET_CLS_ROUTE4 484 tristate "Routing decision (ROUTE)" 485 depends on INET 486 select IP_ROUTE_CLASSID 487 select NET_CLS 488 ---help--- 489 If you say Y here, you will be able to classify packets 490 according to the route table entry they matched. 491 492 To compile this code as a module, choose M here: the 493 module will be called cls_route. 494 495config NET_CLS_FW 496 tristate "Netfilter mark (FW)" 497 select NET_CLS 498 ---help--- 499 If you say Y here, you will be able to classify packets 500 according to netfilter/firewall marks. 501 502 To compile this code as a module, choose M here: the 503 module will be called cls_fw. 504 505config NET_CLS_U32 506 tristate "Universal 32bit comparisons w/ hashing (U32)" 507 select NET_CLS 508 ---help--- 509 Say Y here to be able to classify packets using a universal 510 32bit pieces based comparison scheme. 511 512 To compile this code as a module, choose M here: the 513 module will be called cls_u32. 514 515config CLS_U32_PERF 516 bool "Performance counters support" 517 depends on NET_CLS_U32 518 ---help--- 519 Say Y here to make u32 gather additional statistics useful for 520 fine tuning u32 classifiers. 521 522config CLS_U32_MARK 523 bool "Netfilter marks support" 524 depends on NET_CLS_U32 525 ---help--- 526 Say Y here to be able to use netfilter marks as u32 key. 527 528config NET_CLS_RSVP 529 tristate "IPv4 Resource Reservation Protocol (RSVP)" 530 select NET_CLS 531 ---help--- 532 The Resource Reservation Protocol (RSVP) permits end systems to 533 request a minimum and maximum data flow rate for a connection; this 534 is important for real time data such as streaming sound or video. 535 536 Say Y here if you want to be able to classify outgoing packets based 537 on their RSVP requests. 538 539 To compile this code as a module, choose M here: the 540 module will be called cls_rsvp. 541 542config NET_CLS_RSVP6 543 tristate "IPv6 Resource Reservation Protocol (RSVP6)" 544 select NET_CLS 545 ---help--- 546 The Resource Reservation Protocol (RSVP) permits end systems to 547 request a minimum and maximum data flow rate for a connection; this 548 is important for real time data such as streaming sound or video. 549 550 Say Y here if you want to be able to classify outgoing packets based 551 on their RSVP requests and you are using the IPv6 protocol. 552 553 To compile this code as a module, choose M here: the 554 module will be called cls_rsvp6. 555 556config NET_CLS_FLOW 557 tristate "Flow classifier" 558 select NET_CLS 559 ---help--- 560 If you say Y here, you will be able to classify packets based on 561 a configurable combination of packet keys. This is mostly useful 562 in combination with SFQ. 563 564 To compile this code as a module, choose M here: the 565 module will be called cls_flow. 566 567config NET_CLS_CGROUP 568 tristate "Control Group Classifier" 569 select NET_CLS 570 select CGROUP_NET_CLASSID 571 depends on CGROUPS 572 ---help--- 573 Say Y here if you want to classify packets based on the control 574 cgroup of their process. 575 576 To compile this code as a module, choose M here: the 577 module will be called cls_cgroup. 578 579config NET_CLS_BPF 580 tristate "BPF-based classifier" 581 select NET_CLS 582 ---help--- 583 If you say Y here, you will be able to classify packets based on 584 programmable BPF (JIT'ed) filters as an alternative to ematches. 585 586 To compile this code as a module, choose M here: the module will 587 be called cls_bpf. 588 589config NET_CLS_FLOWER 590 tristate "Flower classifier" 591 select NET_CLS 592 ---help--- 593 If you say Y here, you will be able to classify packets based on 594 a configurable combination of packet keys and masks. 595 596 To compile this code as a module, choose M here: the module will 597 be called cls_flower. 598 599config NET_CLS_MATCHALL 600 tristate "Match-all classifier" 601 select NET_CLS 602 ---help--- 603 If you say Y here, you will be able to classify packets based on 604 nothing. Every packet will match. 605 606 To compile this code as a module, choose M here: the module will 607 be called cls_matchall. 608 609config NET_EMATCH 610 bool "Extended Matches" 611 select NET_CLS 612 ---help--- 613 Say Y here if you want to use extended matches on top of classifiers 614 and select the extended matches below. 615 616 Extended matches are small classification helpers not worth writing 617 a separate classifier for. 618 619 A recent version of the iproute2 package is required to use 620 extended matches. 621 622config NET_EMATCH_STACK 623 int "Stack size" 624 depends on NET_EMATCH 625 default "32" 626 ---help--- 627 Size of the local stack variable used while evaluating the tree of 628 ematches. Limits the depth of the tree, i.e. the number of 629 encapsulated precedences. Every level requires 4 bytes of additional 630 stack space. 631 632config NET_EMATCH_CMP 633 tristate "Simple packet data comparison" 634 depends on NET_EMATCH 635 ---help--- 636 Say Y here if you want to be able to classify packets based on 637 simple packet data comparisons for 8, 16, and 32bit values. 638 639 To compile this code as a module, choose M here: the 640 module will be called em_cmp. 641 642config NET_EMATCH_NBYTE 643 tristate "Multi byte comparison" 644 depends on NET_EMATCH 645 ---help--- 646 Say Y here if you want to be able to classify packets based on 647 multiple byte comparisons mainly useful for IPv6 address comparisons. 648 649 To compile this code as a module, choose M here: the 650 module will be called em_nbyte. 651 652config NET_EMATCH_U32 653 tristate "U32 key" 654 depends on NET_EMATCH 655 ---help--- 656 Say Y here if you want to be able to classify packets using 657 the famous u32 key in combination with logic relations. 658 659 To compile this code as a module, choose M here: the 660 module will be called em_u32. 661 662config NET_EMATCH_META 663 tristate "Metadata" 664 depends on NET_EMATCH 665 ---help--- 666 Say Y here if you want to be able to classify packets based on 667 metadata such as load average, netfilter attributes, socket 668 attributes and routing decisions. 669 670 To compile this code as a module, choose M here: the 671 module will be called em_meta. 672 673config NET_EMATCH_TEXT 674 tristate "Textsearch" 675 depends on NET_EMATCH 676 select TEXTSEARCH 677 select TEXTSEARCH_KMP 678 select TEXTSEARCH_BM 679 select TEXTSEARCH_FSM 680 ---help--- 681 Say Y here if you want to be able to classify packets based on 682 textsearch comparisons. 683 684 To compile this code as a module, choose M here: the 685 module will be called em_text. 686 687config NET_EMATCH_CANID 688 tristate "CAN Identifier" 689 depends on NET_EMATCH && (CAN=y || CAN=m) 690 ---help--- 691 Say Y here if you want to be able to classify CAN frames based 692 on CAN Identifier. 693 694 To compile this code as a module, choose M here: the 695 module will be called em_canid. 696 697config NET_EMATCH_IPSET 698 tristate "IPset" 699 depends on NET_EMATCH && IP_SET 700 ---help--- 701 Say Y here if you want to be able to classify packets based on 702 ipset membership. 703 704 To compile this code as a module, choose M here: the 705 module will be called em_ipset. 706 707config NET_EMATCH_IPT 708 tristate "IPtables Matches" 709 depends on NET_EMATCH && NETFILTER && NETFILTER_XTABLES 710 ---help--- 711 Say Y here to be able to classify packets based on iptables 712 matches. 713 Current supported match is "policy" which allows packet classification 714 based on IPsec policy that was used during decapsulation 715 716 To compile this code as a module, choose M here: the 717 module will be called em_ipt. 718 719config NET_CLS_ACT 720 bool "Actions" 721 select NET_CLS 722 ---help--- 723 Say Y here if you want to use traffic control actions. Actions 724 get attached to classifiers and are invoked after a successful 725 classification. They are used to overwrite the classification 726 result, instantly drop or redirect packets, etc. 727 728 A recent version of the iproute2 package is required to use 729 extended matches. 730 731config NET_ACT_POLICE 732 tristate "Traffic Policing" 733 depends on NET_CLS_ACT 734 ---help--- 735 Say Y here if you want to do traffic policing, i.e. strict 736 bandwidth limiting. This action replaces the existing policing 737 module. 738 739 To compile this code as a module, choose M here: the 740 module will be called act_police. 741 742config NET_ACT_GACT 743 tristate "Generic actions" 744 depends on NET_CLS_ACT 745 ---help--- 746 Say Y here to take generic actions such as dropping and 747 accepting packets. 748 749 To compile this code as a module, choose M here: the 750 module will be called act_gact. 751 752config GACT_PROB 753 bool "Probability support" 754 depends on NET_ACT_GACT 755 ---help--- 756 Say Y here to use the generic action randomly or deterministically. 757 758config NET_ACT_MIRRED 759 tristate "Redirecting and Mirroring" 760 depends on NET_CLS_ACT 761 ---help--- 762 Say Y here to allow packets to be mirrored or redirected to 763 other devices. 764 765 To compile this code as a module, choose M here: the 766 module will be called act_mirred. 767 768config NET_ACT_SAMPLE 769 tristate "Traffic Sampling" 770 depends on NET_CLS_ACT 771 select PSAMPLE 772 ---help--- 773 Say Y here to allow packet sampling tc action. The packet sample 774 action consists of statistically choosing packets and sampling 775 them using the psample module. 776 777 To compile this code as a module, choose M here: the 778 module will be called act_sample. 779 780config NET_ACT_IPT 781 tristate "IPtables targets" 782 depends on NET_CLS_ACT && NETFILTER && IP_NF_IPTABLES 783 ---help--- 784 Say Y here to be able to invoke iptables targets after successful 785 classification. 786 787 To compile this code as a module, choose M here: the 788 module will be called act_ipt. 789 790config NET_ACT_NAT 791 tristate "Stateless NAT" 792 depends on NET_CLS_ACT 793 ---help--- 794 Say Y here to do stateless NAT on IPv4 packets. You should use 795 netfilter for NAT unless you know what you are doing. 796 797 To compile this code as a module, choose M here: the 798 module will be called act_nat. 799 800config NET_ACT_PEDIT 801 tristate "Packet Editing" 802 depends on NET_CLS_ACT 803 ---help--- 804 Say Y here if you want to mangle the content of packets. 805 806 To compile this code as a module, choose M here: the 807 module will be called act_pedit. 808 809config NET_ACT_SIMP 810 tristate "Simple Example (Debug)" 811 depends on NET_CLS_ACT 812 ---help--- 813 Say Y here to add a simple action for demonstration purposes. 814 It is meant as an example and for debugging purposes. It will 815 print a configured policy string followed by the packet count 816 to the console for every packet that passes by. 817 818 If unsure, say N. 819 820 To compile this code as a module, choose M here: the 821 module will be called act_simple. 822 823config NET_ACT_SKBEDIT 824 tristate "SKB Editing" 825 depends on NET_CLS_ACT 826 ---help--- 827 Say Y here to change skb priority or queue_mapping settings. 828 829 If unsure, say N. 830 831 To compile this code as a module, choose M here: the 832 module will be called act_skbedit. 833 834config NET_ACT_CSUM 835 tristate "Checksum Updating" 836 depends on NET_CLS_ACT && INET 837 select LIBCRC32C 838 ---help--- 839 Say Y here to update some common checksum after some direct 840 packet alterations. 841 842 To compile this code as a module, choose M here: the 843 module will be called act_csum. 844 845config NET_ACT_MPLS 846 tristate "MPLS manipulation" 847 depends on NET_CLS_ACT 848 help 849 Say Y here to push or pop MPLS headers. 850 851 If unsure, say N. 852 853 To compile this code as a module, choose M here: the 854 module will be called act_mpls. 855 856config NET_ACT_VLAN 857 tristate "Vlan manipulation" 858 depends on NET_CLS_ACT 859 ---help--- 860 Say Y here to push or pop vlan headers. 861 862 If unsure, say N. 863 864 To compile this code as a module, choose M here: the 865 module will be called act_vlan. 866 867config NET_ACT_BPF 868 tristate "BPF based action" 869 depends on NET_CLS_ACT 870 ---help--- 871 Say Y here to execute BPF code on packets. The BPF code will decide 872 if the packet should be dropped or not. 873 874 If unsure, say N. 875 876 To compile this code as a module, choose M here: the 877 module will be called act_bpf. 878 879config NET_ACT_CONNMARK 880 tristate "Netfilter Connection Mark Retriever" 881 depends on NET_CLS_ACT && NETFILTER && IP_NF_IPTABLES 882 depends on NF_CONNTRACK && NF_CONNTRACK_MARK 883 ---help--- 884 Say Y here to allow retrieving of conn mark 885 886 If unsure, say N. 887 888 To compile this code as a module, choose M here: the 889 module will be called act_connmark. 890 891config NET_ACT_CTINFO 892 tristate "Netfilter Connection Mark Actions" 893 depends on NET_CLS_ACT && NETFILTER && IP_NF_IPTABLES 894 depends on NF_CONNTRACK && NF_CONNTRACK_MARK 895 help 896 Say Y here to allow transfer of a connmark stored information. 897 Current actions transfer connmark stored DSCP into 898 ipv4/v6 diffserv and/or to transfer connmark to packet 899 mark. Both are useful for restoring egress based marks 900 back onto ingress connections for qdisc priority mapping 901 purposes. 902 903 If unsure, say N. 904 905 To compile this code as a module, choose M here: the 906 module will be called act_ctinfo. 907 908config NET_ACT_SKBMOD 909 tristate "skb data modification action" 910 depends on NET_CLS_ACT 911 ---help--- 912 Say Y here to allow modification of skb data 913 914 If unsure, say N. 915 916 To compile this code as a module, choose M here: the 917 module will be called act_skbmod. 918 919config NET_ACT_IFE 920 tristate "Inter-FE action based on IETF ForCES InterFE LFB" 921 depends on NET_CLS_ACT 922 select NET_IFE 923 ---help--- 924 Say Y here to allow for sourcing and terminating metadata 925 For details refer to netdev01 paper: 926 "Distributing Linux Traffic Control Classifier-Action Subsystem" 927 Authors: Jamal Hadi Salim and Damascene M. Joachimpillai 928 929 To compile this code as a module, choose M here: the 930 module will be called act_ife. 931 932config NET_ACT_TUNNEL_KEY 933 tristate "IP tunnel metadata manipulation" 934 depends on NET_CLS_ACT 935 ---help--- 936 Say Y here to set/release ip tunnel metadata. 937 938 If unsure, say N. 939 940 To compile this code as a module, choose M here: the 941 module will be called act_tunnel_key. 942 943config NET_ACT_CT 944 tristate "connection tracking tc action" 945 depends on NET_CLS_ACT && NF_CONNTRACK && NF_NAT 946 help 947 Say Y here to allow sending the packets to conntrack module. 948 949 If unsure, say N. 950 951 To compile this code as a module, choose M here: the 952 module will be called act_ct. 953 954config NET_IFE_SKBMARK 955 tristate "Support to encoding decoding skb mark on IFE action" 956 depends on NET_ACT_IFE 957 958config NET_IFE_SKBPRIO 959 tristate "Support to encoding decoding skb prio on IFE action" 960 depends on NET_ACT_IFE 961 962config NET_IFE_SKBTCINDEX 963 tristate "Support to encoding decoding skb tcindex on IFE action" 964 depends on NET_ACT_IFE 965 966endif # NET_SCHED 967 968config NET_SCH_FIFO 969 bool 970