1# SPDX-License-Identifier: GPL-2.0-only 2# 3# Traffic control configuration. 4# 5 6menuconfig NET_SCHED 7 bool "QoS and/or fair queueing" 8 select NET_SCH_FIFO 9 help 10 When the kernel has several packets to send out over a network 11 device, it has to decide which ones to send first, which ones to 12 delay, and which ones to drop. This is the job of the queueing 13 disciplines, several different algorithms for how to do this 14 "fairly" have been proposed. 15 16 If you say N here, you will get the standard packet scheduler, which 17 is a FIFO (first come, first served). If you say Y here, you will be 18 able to choose from among several alternative algorithms which can 19 then be attached to different network devices. This is useful for 20 example if some of your network devices are real time devices that 21 need a certain minimum data flow rate, or if you need to limit the 22 maximum data flow rate for traffic which matches specified criteria. 23 This code is considered to be experimental. 24 25 To administer these schedulers, you'll need the user-level utilities 26 from the package iproute2+tc at 27 <https://www.kernel.org/pub/linux/utils/net/iproute2/>. That package 28 also contains some documentation; for more, check out 29 <http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2>. 30 31 This Quality of Service (QoS) support will enable you to use 32 Differentiated Services (diffserv) and Resource Reservation Protocol 33 (RSVP) on your Linux router if you also say Y to the corresponding 34 classifiers below. Documentation and software is at 35 <http://diffserv.sourceforge.net/>. 36 37 If you say Y here and to "/proc file system" below, you will be able 38 to read status information about packet schedulers from the file 39 /proc/net/psched. 40 41 The available schedulers are listed in the following questions; you 42 can say Y to as many as you like. If unsure, say N now. 43 44if NET_SCHED 45 46comment "Queueing/Scheduling" 47 48config NET_SCH_HTB 49 tristate "Hierarchical Token Bucket (HTB)" 50 help 51 Say Y here if you want to use the Hierarchical Token Buckets (HTB) 52 packet scheduling algorithm. See 53 <http://luxik.cdi.cz/~devik/qos/htb/> for complete manual and 54 in-depth articles. 55 56 HTB is very similar to CBQ regarding its goals however is has 57 different properties and different algorithm. 58 59 To compile this code as a module, choose M here: the 60 module will be called sch_htb. 61 62config NET_SCH_HFSC 63 tristate "Hierarchical Fair Service Curve (HFSC)" 64 help 65 Say Y here if you want to use the Hierarchical Fair Service Curve 66 (HFSC) packet scheduling algorithm. 67 68 To compile this code as a module, choose M here: the 69 module will be called sch_hfsc. 70 71config NET_SCH_PRIO 72 tristate "Multi Band Priority Queueing (PRIO)" 73 help 74 Say Y here if you want to use an n-band priority queue packet 75 scheduler. 76 77 To compile this code as a module, choose M here: the 78 module will be called sch_prio. 79 80config NET_SCH_MULTIQ 81 tristate "Hardware Multiqueue-aware Multi Band Queuing (MULTIQ)" 82 help 83 Say Y here if you want to use an n-band queue packet scheduler 84 to support devices that have multiple hardware transmit queues. 85 86 To compile this code as a module, choose M here: the 87 module will be called sch_multiq. 88 89config NET_SCH_RED 90 tristate "Random Early Detection (RED)" 91 help 92 Say Y here if you want to use the Random Early Detection (RED) 93 packet scheduling algorithm. 94 95 See the top of <file:net/sched/sch_red.c> for more details. 96 97 To compile this code as a module, choose M here: the 98 module will be called sch_red. 99 100config NET_SCH_SFB 101 tristate "Stochastic Fair Blue (SFB)" 102 help 103 Say Y here if you want to use the Stochastic Fair Blue (SFB) 104 packet scheduling algorithm. 105 106 See the top of <file:net/sched/sch_sfb.c> for more details. 107 108 To compile this code as a module, choose M here: the 109 module will be called sch_sfb. 110 111config NET_SCH_SFQ 112 tristate "Stochastic Fairness Queueing (SFQ)" 113 help 114 Say Y here if you want to use the Stochastic Fairness Queueing (SFQ) 115 packet scheduling algorithm. 116 117 See the top of <file:net/sched/sch_sfq.c> for more details. 118 119 To compile this code as a module, choose M here: the 120 module will be called sch_sfq. 121 122config NET_SCH_TEQL 123 tristate "True Link Equalizer (TEQL)" 124 help 125 Say Y here if you want to use the True Link Equalizer (TLE) packet 126 scheduling algorithm. This queueing discipline allows the combination 127 of several physical devices into one virtual device. 128 129 See the top of <file:net/sched/sch_teql.c> for more details. 130 131 To compile this code as a module, choose M here: the 132 module will be called sch_teql. 133 134config NET_SCH_TBF 135 tristate "Token Bucket Filter (TBF)" 136 help 137 Say Y here if you want to use the Token Bucket Filter (TBF) packet 138 scheduling algorithm. 139 140 See the top of <file:net/sched/sch_tbf.c> for more details. 141 142 To compile this code as a module, choose M here: the 143 module will be called sch_tbf. 144 145config NET_SCH_CBS 146 tristate "Credit Based Shaper (CBS)" 147 help 148 Say Y here if you want to use the Credit Based Shaper (CBS) packet 149 scheduling algorithm. 150 151 See the top of <file:net/sched/sch_cbs.c> for more details. 152 153 To compile this code as a module, choose M here: the 154 module will be called sch_cbs. 155 156config NET_SCH_ETF 157 tristate "Earliest TxTime First (ETF)" 158 help 159 Say Y here if you want to use the Earliest TxTime First (ETF) packet 160 scheduling algorithm. 161 162 See the top of <file:net/sched/sch_etf.c> for more details. 163 164 To compile this code as a module, choose M here: the 165 module will be called sch_etf. 166 167config NET_SCH_MQPRIO_LIB 168 tristate 169 help 170 Common library for manipulating mqprio queue configurations. 171 172config NET_SCH_TAPRIO 173 tristate "Time Aware Priority (taprio) Scheduler" 174 select NET_SCH_MQPRIO_LIB 175 help 176 Say Y here if you want to use the Time Aware Priority (taprio) packet 177 scheduling algorithm. 178 179 See the top of <file:net/sched/sch_taprio.c> for more details. 180 181 To compile this code as a module, choose M here: the 182 module will be called sch_taprio. 183 184config NET_SCH_GRED 185 tristate "Generic Random Early Detection (GRED)" 186 help 187 Say Y here if you want to use the Generic Random Early Detection 188 (GRED) packet scheduling algorithm for some of your network devices 189 (see the top of <file:net/sched/sch_red.c> for details and 190 references about the algorithm). 191 192 To compile this code as a module, choose M here: the 193 module will be called sch_gred. 194 195config NET_SCH_NETEM 196 tristate "Network emulator (NETEM)" 197 help 198 Say Y if you want to emulate network delay, loss, and packet 199 re-ordering. This is often useful to simulate networks when 200 testing applications or protocols. 201 202 To compile this driver as a module, choose M here: the module 203 will be called sch_netem. 204 205 If unsure, say N. 206 207config NET_SCH_DRR 208 tristate "Deficit Round Robin scheduler (DRR)" 209 help 210 Say Y here if you want to use the Deficit Round Robin (DRR) packet 211 scheduling algorithm. 212 213 To compile this driver as a module, choose M here: the module 214 will be called sch_drr. 215 216 If unsure, say N. 217 218config NET_SCH_MQPRIO 219 tristate "Multi-queue priority scheduler (MQPRIO)" 220 select NET_SCH_MQPRIO_LIB 221 help 222 Say Y here if you want to use the Multi-queue Priority scheduler. 223 This scheduler allows QOS to be offloaded on NICs that have support 224 for offloading QOS schedulers. 225 226 To compile this driver as a module, choose M here: the module will 227 be called sch_mqprio. 228 229 If unsure, say N. 230 231config NET_SCH_SKBPRIO 232 tristate "SKB priority queue scheduler (SKBPRIO)" 233 help 234 Say Y here if you want to use the SKB priority queue 235 scheduler. This schedules packets according to skb->priority, 236 which is useful for request packets in DoS mitigation systems such 237 as Gatekeeper. 238 239 To compile this driver as a module, choose M here: the module will 240 be called sch_skbprio. 241 242 If unsure, say N. 243 244config NET_SCH_CHOKE 245 tristate "CHOose and Keep responsive flow scheduler (CHOKE)" 246 help 247 Say Y here if you want to use the CHOKe packet scheduler (CHOose 248 and Keep for responsive flows, CHOose and Kill for unresponsive 249 flows). This is a variation of RED which tries to penalize flows 250 that monopolize the queue. 251 252 To compile this code as a module, choose M here: the 253 module will be called sch_choke. 254 255config NET_SCH_QFQ 256 tristate "Quick Fair Queueing scheduler (QFQ)" 257 help 258 Say Y here if you want to use the Quick Fair Queueing Scheduler (QFQ) 259 packet scheduling algorithm. 260 261 To compile this driver as a module, choose M here: the module 262 will be called sch_qfq. 263 264 If unsure, say N. 265 266config NET_SCH_CODEL 267 tristate "Controlled Delay AQM (CODEL)" 268 help 269 Say Y here if you want to use the Controlled Delay (CODEL) 270 packet scheduling algorithm. 271 272 To compile this driver as a module, choose M here: the module 273 will be called sch_codel. 274 275 If unsure, say N. 276 277config NET_SCH_FQ_CODEL 278 tristate "Fair Queue Controlled Delay AQM (FQ_CODEL)" 279 help 280 Say Y here if you want to use the FQ Controlled Delay (FQ_CODEL) 281 packet scheduling algorithm. 282 283 To compile this driver as a module, choose M here: the module 284 will be called sch_fq_codel. 285 286 If unsure, say N. 287 288config NET_SCH_CAKE 289 tristate "Common Applications Kept Enhanced (CAKE)" 290 help 291 Say Y here if you want to use the Common Applications Kept Enhanced 292 (CAKE) queue management algorithm. 293 294 To compile this driver as a module, choose M here: the module 295 will be called sch_cake. 296 297 If unsure, say N. 298 299config NET_SCH_FQ 300 tristate "Fair Queue" 301 help 302 Say Y here if you want to use the FQ packet scheduling algorithm. 303 304 FQ does flow separation, and is able to respect pacing requirements 305 set by TCP stack into sk->sk_pacing_rate (for locally generated 306 traffic) 307 308 To compile this driver as a module, choose M here: the module 309 will be called sch_fq. 310 311 If unsure, say N. 312 313config NET_SCH_HHF 314 tristate "Heavy-Hitter Filter (HHF)" 315 help 316 Say Y here if you want to use the Heavy-Hitter Filter (HHF) 317 packet scheduling algorithm. 318 319 To compile this driver as a module, choose M here: the module 320 will be called sch_hhf. 321 322config NET_SCH_PIE 323 tristate "Proportional Integral controller Enhanced (PIE) scheduler" 324 help 325 Say Y here if you want to use the Proportional Integral controller 326 Enhanced scheduler packet scheduling algorithm. 327 For more information, please see https://tools.ietf.org/html/rfc8033 328 329 To compile this driver as a module, choose M here: the module 330 will be called sch_pie. 331 332 If unsure, say N. 333 334config NET_SCH_FQ_PIE 335 depends on NET_SCH_PIE 336 tristate "Flow Queue Proportional Integral controller Enhanced (FQ-PIE)" 337 help 338 Say Y here if you want to use the Flow Queue Proportional Integral 339 controller Enhanced (FQ-PIE) packet scheduling algorithm. 340 For more information, please see https://tools.ietf.org/html/rfc8033 341 342 To compile this driver as a module, choose M here: the module 343 will be called sch_fq_pie. 344 345 If unsure, say N. 346 347config NET_SCH_INGRESS 348 tristate "Ingress/classifier-action Qdisc" 349 depends on NET_CLS_ACT 350 select NET_XGRESS 351 help 352 Say Y here if you want to use classifiers for incoming and/or outgoing 353 packets. This qdisc doesn't do anything else besides running classifiers, 354 which can also have actions attached to them. In case of outgoing packets, 355 classifiers that this qdisc holds are executed in the transmit path 356 before real enqueuing to an egress qdisc happens. 357 358 If unsure, say Y. 359 360 To compile this code as a module, choose M here: the module will be 361 called sch_ingress with alias of sch_clsact. 362 363config NET_SCH_PLUG 364 tristate "Plug network traffic until release (PLUG)" 365 help 366 367 This queuing discipline allows userspace to plug/unplug a network 368 output queue, using the netlink interface. When it receives an 369 enqueue command it inserts a plug into the outbound queue that 370 causes following packets to enqueue until a dequeue command arrives 371 over netlink, causing the plug to be removed and resuming the normal 372 packet flow. 373 374 This module also provides a generic "network output buffering" 375 functionality (aka output commit), wherein upon arrival of a dequeue 376 command, only packets up to the first plug are released for delivery. 377 The Remus HA project uses this module to enable speculative execution 378 of virtual machines by allowing the generated network output to be rolled 379 back if needed. 380 381 For more information, please refer to <http://wiki.xenproject.org/wiki/Remus> 382 383 Say Y here if you are using this kernel for Xen dom0 and 384 want to protect Xen guests with Remus. 385 386 To compile this code as a module, choose M here: the 387 module will be called sch_plug. 388 389config NET_SCH_ETS 390 tristate "Enhanced transmission selection scheduler (ETS)" 391 help 392 The Enhanced Transmission Selection scheduler is a classful 393 queuing discipline that merges functionality of PRIO and DRR 394 qdiscs in one scheduler. ETS makes it easy to configure a set of 395 strict and bandwidth-sharing bands to implement the transmission 396 selection described in 802.1Qaz. 397 398 Say Y here if you want to use the ETS packet scheduling 399 algorithm. 400 401 To compile this driver as a module, choose M here: the module 402 will be called sch_ets. 403 404 If unsure, say N. 405 406menuconfig NET_SCH_DEFAULT 407 bool "Allow override default queue discipline" 408 help 409 Support for selection of default queuing discipline. 410 411 Nearly all users can safely say no here, and the default 412 of pfifo_fast will be used. Many distributions already set 413 the default value via /proc/sys/net/core/default_qdisc. 414 415 If unsure, say N. 416 417if NET_SCH_DEFAULT 418 419choice 420 prompt "Default queuing discipline" 421 default DEFAULT_PFIFO_FAST 422 help 423 Select the queueing discipline that will be used by default 424 for all network devices. 425 426 config DEFAULT_FQ 427 bool "Fair Queue" if NET_SCH_FQ 428 429 config DEFAULT_CODEL 430 bool "Controlled Delay" if NET_SCH_CODEL 431 432 config DEFAULT_FQ_CODEL 433 bool "Fair Queue Controlled Delay" if NET_SCH_FQ_CODEL 434 435 config DEFAULT_FQ_PIE 436 bool "Flow Queue Proportional Integral controller Enhanced" if NET_SCH_FQ_PIE 437 438 config DEFAULT_SFQ 439 bool "Stochastic Fair Queue" if NET_SCH_SFQ 440 441 config DEFAULT_PFIFO_FAST 442 bool "Priority FIFO Fast" 443endchoice 444 445config DEFAULT_NET_SCH 446 string 447 default "pfifo_fast" if DEFAULT_PFIFO_FAST 448 default "fq" if DEFAULT_FQ 449 default "fq_codel" if DEFAULT_FQ_CODEL 450 default "fq_pie" if DEFAULT_FQ_PIE 451 default "sfq" if DEFAULT_SFQ 452 default "pfifo_fast" 453endif 454 455comment "Classification" 456 457config NET_CLS 458 bool 459 460config NET_CLS_BASIC 461 tristate "Elementary classification (BASIC)" 462 select NET_CLS 463 help 464 Say Y here if you want to be able to classify packets using 465 only extended matches and actions. 466 467 To compile this code as a module, choose M here: the 468 module will be called cls_basic. 469 470config NET_CLS_ROUTE4 471 tristate "Routing decision (ROUTE)" 472 depends on INET 473 select IP_ROUTE_CLASSID 474 select NET_CLS 475 help 476 If you say Y here, you will be able to classify packets 477 according to the route table entry they matched. 478 479 To compile this code as a module, choose M here: the 480 module will be called cls_route. 481 482config NET_CLS_FW 483 tristate "Netfilter mark (FW)" 484 select NET_CLS 485 help 486 If you say Y here, you will be able to classify packets 487 according to netfilter/firewall marks. 488 489 To compile this code as a module, choose M here: the 490 module will be called cls_fw. 491 492config NET_CLS_U32 493 tristate "Universal 32bit comparisons w/ hashing (U32)" 494 select NET_CLS 495 help 496 Say Y here to be able to classify packets using a universal 497 32bit pieces based comparison scheme. 498 499 To compile this code as a module, choose M here: the 500 module will be called cls_u32. 501 502config CLS_U32_PERF 503 bool "Performance counters support" 504 depends on NET_CLS_U32 505 help 506 Say Y here to make u32 gather additional statistics useful for 507 fine tuning u32 classifiers. 508 509config CLS_U32_MARK 510 bool "Netfilter marks support" 511 depends on NET_CLS_U32 512 help 513 Say Y here to be able to use netfilter marks as u32 key. 514 515config NET_CLS_FLOW 516 tristate "Flow classifier" 517 select NET_CLS 518 help 519 If you say Y here, you will be able to classify packets based on 520 a configurable combination of packet keys. This is mostly useful 521 in combination with SFQ. 522 523 To compile this code as a module, choose M here: the 524 module will be called cls_flow. 525 526config NET_CLS_CGROUP 527 tristate "Control Group Classifier" 528 select NET_CLS 529 select CGROUP_NET_CLASSID 530 depends on CGROUPS 531 help 532 Say Y here if you want to classify packets based on the control 533 cgroup of their process. 534 535 To compile this code as a module, choose M here: the 536 module will be called cls_cgroup. 537 538config NET_CLS_BPF 539 tristate "BPF-based classifier" 540 select NET_CLS 541 help 542 If you say Y here, you will be able to classify packets based on 543 programmable BPF (JIT'ed) filters as an alternative to ematches. 544 545 To compile this code as a module, choose M here: the module will 546 be called cls_bpf. 547 548config NET_CLS_FLOWER 549 tristate "Flower classifier" 550 select NET_CLS 551 help 552 If you say Y here, you will be able to classify packets based on 553 a configurable combination of packet keys and masks. 554 555 To compile this code as a module, choose M here: the module will 556 be called cls_flower. 557 558config NET_CLS_MATCHALL 559 tristate "Match-all classifier" 560 select NET_CLS 561 help 562 If you say Y here, you will be able to classify packets based on 563 nothing. Every packet will match. 564 565 To compile this code as a module, choose M here: the module will 566 be called cls_matchall. 567 568config NET_EMATCH 569 bool "Extended Matches" 570 select NET_CLS 571 help 572 Say Y here if you want to use extended matches on top of classifiers 573 and select the extended matches below. 574 575 Extended matches are small classification helpers not worth writing 576 a separate classifier for. 577 578 A recent version of the iproute2 package is required to use 579 extended matches. 580 581config NET_EMATCH_STACK 582 int "Stack size" 583 depends on NET_EMATCH 584 default "32" 585 help 586 Size of the local stack variable used while evaluating the tree of 587 ematches. Limits the depth of the tree, i.e. the number of 588 encapsulated precedences. Every level requires 4 bytes of additional 589 stack space. 590 591config NET_EMATCH_CMP 592 tristate "Simple packet data comparison" 593 depends on NET_EMATCH 594 help 595 Say Y here if you want to be able to classify packets based on 596 simple packet data comparisons for 8, 16, and 32bit values. 597 598 To compile this code as a module, choose M here: the 599 module will be called em_cmp. 600 601config NET_EMATCH_NBYTE 602 tristate "Multi byte comparison" 603 depends on NET_EMATCH 604 help 605 Say Y here if you want to be able to classify packets based on 606 multiple byte comparisons mainly useful for IPv6 address comparisons. 607 608 To compile this code as a module, choose M here: the 609 module will be called em_nbyte. 610 611config NET_EMATCH_U32 612 tristate "U32 key" 613 depends on NET_EMATCH 614 help 615 Say Y here if you want to be able to classify packets using 616 the famous u32 key in combination with logic relations. 617 618 To compile this code as a module, choose M here: the 619 module will be called em_u32. 620 621config NET_EMATCH_META 622 tristate "Metadata" 623 depends on NET_EMATCH 624 help 625 Say Y here if you want to be able to classify packets based on 626 metadata such as load average, netfilter attributes, socket 627 attributes and routing decisions. 628 629 To compile this code as a module, choose M here: the 630 module will be called em_meta. 631 632config NET_EMATCH_TEXT 633 tristate "Textsearch" 634 depends on NET_EMATCH 635 select TEXTSEARCH 636 select TEXTSEARCH_KMP 637 select TEXTSEARCH_BM 638 select TEXTSEARCH_FSM 639 help 640 Say Y here if you want to be able to classify packets based on 641 textsearch comparisons. 642 643 To compile this code as a module, choose M here: the 644 module will be called em_text. 645 646config NET_EMATCH_CANID 647 tristate "CAN Identifier" 648 depends on NET_EMATCH && (CAN=y || CAN=m) 649 help 650 Say Y here if you want to be able to classify CAN frames based 651 on CAN Identifier. 652 653 To compile this code as a module, choose M here: the 654 module will be called em_canid. 655 656config NET_EMATCH_IPSET 657 tristate "IPset" 658 depends on NET_EMATCH && IP_SET 659 help 660 Say Y here if you want to be able to classify packets based on 661 ipset membership. 662 663 To compile this code as a module, choose M here: the 664 module will be called em_ipset. 665 666config NET_EMATCH_IPT 667 tristate "IPtables Matches" 668 depends on NET_EMATCH && NETFILTER && NETFILTER_XTABLES 669 help 670 Say Y here to be able to classify packets based on iptables 671 matches. 672 Current supported match is "policy" which allows packet classification 673 based on IPsec policy that was used during decapsulation 674 675 To compile this code as a module, choose M here: the 676 module will be called em_ipt. 677 678config NET_CLS_ACT 679 bool "Actions" 680 select NET_CLS 681 select NET_XGRESS 682 help 683 Say Y here if you want to use traffic control actions. Actions 684 get attached to classifiers and are invoked after a successful 685 classification. They are used to overwrite the classification 686 result, instantly drop or redirect packets, etc. 687 688 A recent version of the iproute2 package is required to use 689 extended matches. 690 691config NET_ACT_POLICE 692 tristate "Traffic Policing" 693 depends on NET_CLS_ACT 694 help 695 Say Y here if you want to do traffic policing, i.e. strict 696 bandwidth limiting. This action replaces the existing policing 697 module. 698 699 To compile this code as a module, choose M here: the 700 module will be called act_police. 701 702config NET_ACT_GACT 703 tristate "Generic actions" 704 depends on NET_CLS_ACT 705 help 706 Say Y here to take generic actions such as dropping and 707 accepting packets. 708 709 To compile this code as a module, choose M here: the 710 module will be called act_gact. 711 712config GACT_PROB 713 bool "Probability support" 714 depends on NET_ACT_GACT 715 help 716 Say Y here to use the generic action randomly or deterministically. 717 718config NET_ACT_MIRRED 719 tristate "Redirecting and Mirroring" 720 depends on NET_CLS_ACT 721 help 722 Say Y here to allow packets to be mirrored or redirected to 723 other devices. 724 725 To compile this code as a module, choose M here: the 726 module will be called act_mirred. 727 728config NET_ACT_SAMPLE 729 tristate "Traffic Sampling" 730 depends on NET_CLS_ACT 731 select PSAMPLE 732 help 733 Say Y here to allow packet sampling tc action. The packet sample 734 action consists of statistically choosing packets and sampling 735 them using the psample module. 736 737 To compile this code as a module, choose M here: the 738 module will be called act_sample. 739 740config NET_ACT_IPT 741 tristate "IPtables targets" 742 depends on NET_CLS_ACT && NETFILTER && NETFILTER_XTABLES 743 help 744 Say Y here to be able to invoke iptables targets after successful 745 classification. 746 747 To compile this code as a module, choose M here: the 748 module will be called act_ipt. 749 750config NET_ACT_NAT 751 tristate "Stateless NAT" 752 depends on NET_CLS_ACT 753 help 754 Say Y here to do stateless NAT on IPv4 packets. You should use 755 netfilter for NAT unless you know what you are doing. 756 757 To compile this code as a module, choose M here: the 758 module will be called act_nat. 759 760config NET_ACT_PEDIT 761 tristate "Packet Editing" 762 depends on NET_CLS_ACT 763 help 764 Say Y here if you want to mangle the content of packets. 765 766 To compile this code as a module, choose M here: the 767 module will be called act_pedit. 768 769config NET_ACT_SIMP 770 tristate "Simple Example (Debug)" 771 depends on NET_CLS_ACT 772 help 773 Say Y here to add a simple action for demonstration purposes. 774 It is meant as an example and for debugging purposes. It will 775 print a configured policy string followed by the packet count 776 to the console for every packet that passes by. 777 778 If unsure, say N. 779 780 To compile this code as a module, choose M here: the 781 module will be called act_simple. 782 783config NET_ACT_SKBEDIT 784 tristate "SKB Editing" 785 depends on NET_CLS_ACT 786 help 787 Say Y here to change skb priority or queue_mapping settings. 788 789 If unsure, say N. 790 791 To compile this code as a module, choose M here: the 792 module will be called act_skbedit. 793 794config NET_ACT_CSUM 795 tristate "Checksum Updating" 796 depends on NET_CLS_ACT && INET 797 select LIBCRC32C 798 help 799 Say Y here to update some common checksum after some direct 800 packet alterations. 801 802 To compile this code as a module, choose M here: the 803 module will be called act_csum. 804 805config NET_ACT_MPLS 806 tristate "MPLS manipulation" 807 depends on NET_CLS_ACT 808 help 809 Say Y here to push or pop MPLS headers. 810 811 If unsure, say N. 812 813 To compile this code as a module, choose M here: the 814 module will be called act_mpls. 815 816config NET_ACT_VLAN 817 tristate "Vlan manipulation" 818 depends on NET_CLS_ACT 819 help 820 Say Y here to push or pop vlan headers. 821 822 If unsure, say N. 823 824 To compile this code as a module, choose M here: the 825 module will be called act_vlan. 826 827config NET_ACT_BPF 828 tristate "BPF based action" 829 depends on NET_CLS_ACT 830 help 831 Say Y here to execute BPF code on packets. The BPF code will decide 832 if the packet should be dropped or not. 833 834 If unsure, say N. 835 836 To compile this code as a module, choose M here: the 837 module will be called act_bpf. 838 839config NET_ACT_CONNMARK 840 tristate "Netfilter Connection Mark Retriever" 841 depends on NET_CLS_ACT && NETFILTER 842 depends on NF_CONNTRACK && NF_CONNTRACK_MARK 843 help 844 Say Y here to allow retrieving of conn mark 845 846 If unsure, say N. 847 848 To compile this code as a module, choose M here: the 849 module will be called act_connmark. 850 851config NET_ACT_CTINFO 852 tristate "Netfilter Connection Mark Actions" 853 depends on NET_CLS_ACT && NETFILTER 854 depends on NF_CONNTRACK && NF_CONNTRACK_MARK 855 help 856 Say Y here to allow transfer of a connmark stored information. 857 Current actions transfer connmark stored DSCP into 858 ipv4/v6 diffserv and/or to transfer connmark to packet 859 mark. Both are useful for restoring egress based marks 860 back onto ingress connections for qdisc priority mapping 861 purposes. 862 863 If unsure, say N. 864 865 To compile this code as a module, choose M here: the 866 module will be called act_ctinfo. 867 868config NET_ACT_SKBMOD 869 tristate "skb data modification action" 870 depends on NET_CLS_ACT 871 help 872 Say Y here to allow modification of skb data 873 874 If unsure, say N. 875 876 To compile this code as a module, choose M here: the 877 module will be called act_skbmod. 878 879config NET_ACT_IFE 880 tristate "Inter-FE action based on IETF ForCES InterFE LFB" 881 depends on NET_CLS_ACT 882 select NET_IFE 883 help 884 Say Y here to allow for sourcing and terminating metadata 885 For details refer to netdev01 paper: 886 "Distributing Linux Traffic Control Classifier-Action Subsystem" 887 Authors: Jamal Hadi Salim and Damascene M. Joachimpillai 888 889 To compile this code as a module, choose M here: the 890 module will be called act_ife. 891 892config NET_ACT_TUNNEL_KEY 893 tristate "IP tunnel metadata manipulation" 894 depends on NET_CLS_ACT 895 help 896 Say Y here to set/release ip tunnel metadata. 897 898 If unsure, say N. 899 900 To compile this code as a module, choose M here: the 901 module will be called act_tunnel_key. 902 903config NET_ACT_CT 904 tristate "connection tracking tc action" 905 depends on NET_CLS_ACT && NF_CONNTRACK && (!NF_NAT || NF_NAT) && NF_FLOW_TABLE 906 select NF_CONNTRACK_OVS 907 select NF_NAT_OVS if NF_NAT 908 help 909 Say Y here to allow sending the packets to conntrack module. 910 911 If unsure, say N. 912 913 To compile this code as a module, choose M here: the 914 module will be called act_ct. 915 916config NET_ACT_GATE 917 tristate "Frame gate entry list control tc action" 918 depends on NET_CLS_ACT 919 help 920 Say Y here to allow to control the ingress flow to be passed at 921 specific time slot and be dropped at other specific time slot by 922 the gate entry list. 923 924 If unsure, say N. 925 To compile this code as a module, choose M here: the 926 module will be called act_gate. 927 928config NET_IFE_SKBMARK 929 tristate "Support to encoding decoding skb mark on IFE action" 930 depends on NET_ACT_IFE 931 932config NET_IFE_SKBPRIO 933 tristate "Support to encoding decoding skb prio on IFE action" 934 depends on NET_ACT_IFE 935 936config NET_IFE_SKBTCINDEX 937 tristate "Support to encoding decoding skb tcindex on IFE action" 938 depends on NET_ACT_IFE 939 940config NET_TC_SKB_EXT 941 bool "TC recirculation support" 942 depends on NET_CLS_ACT 943 select SKB_EXTENSIONS 944 945 help 946 Say Y here to allow tc chain misses to continue in OvS datapath in 947 the correct recirc_id, and hardware chain misses to continue in 948 the correct chain in tc software datapath. 949 950 Say N here if you won't be using tc<->ovs offload or tc chains offload. 951 952endif # NET_SCHED 953 954config NET_SCH_FIFO 955 bool 956