Kconfig (14359B)
1# SPDX-License-Identifier: GPL-2.0-only 2# 3# Network configuration 4# 5 6menuconfig NET 7 bool "Networking support" 8 select NLATTR 9 select GENERIC_NET_UTILS 10 select BPF 11 help 12 Unless you really know what you are doing, you should say Y here. 13 The reason is that some programs need kernel networking support even 14 when running on a stand-alone machine that isn't connected to any 15 other computer. 16 17 If you are upgrading from an older kernel, you 18 should consider updating your networking tools too because changes 19 in the kernel and the tools often go hand in hand. The tools are 20 contained in the package net-tools, the location and version number 21 of which are given in <file:Documentation/Changes>. 22 23 For a general introduction to Linux networking, it is highly 24 recommended to read the NET-HOWTO, available from 25 <http://www.tldp.org/docs.html#howto>. 26 27if NET 28 29config WANT_COMPAT_NETLINK_MESSAGES 30 bool 31 help 32 This option can be selected by other options that need compat 33 netlink messages. 34 35config COMPAT_NETLINK_MESSAGES 36 def_bool y 37 depends on COMPAT 38 depends on WEXT_CORE || WANT_COMPAT_NETLINK_MESSAGES 39 help 40 This option makes it possible to send different netlink messages 41 to tasks depending on whether the task is a compat task or not. To 42 achieve this, you need to set skb_shinfo(skb)->frag_list to the 43 compat skb before sending the skb, the netlink code will sort out 44 which message to actually pass to the task. 45 46 Newly written code should NEVER need this option but do 47 compat-independent messages instead! 48 49config NET_INGRESS 50 bool 51 52config NET_EGRESS 53 bool 54 55config NET_REDIRECT 56 bool 57 58config SKB_EXTENSIONS 59 bool 60 61menu "Networking options" 62 63source "net/packet/Kconfig" 64source "net/unix/Kconfig" 65source "net/tls/Kconfig" 66source "net/xfrm/Kconfig" 67source "net/iucv/Kconfig" 68source "net/smc/Kconfig" 69source "net/xdp/Kconfig" 70 71config INET 72 bool "TCP/IP networking" 73 help 74 These are the protocols used on the Internet and on most local 75 Ethernets. It is highly recommended to say Y here (this will enlarge 76 your kernel by about 400 KB), since some programs (e.g. the X window 77 system) use TCP/IP even if your machine is not connected to any 78 other computer. You will get the so-called loopback device which 79 allows you to ping yourself (great fun, that!). 80 81 For an excellent introduction to Linux networking, please read the 82 Linux Networking HOWTO, available from 83 <http://www.tldp.org/docs.html#howto>. 84 85 If you say Y here and also to "/proc file system support" and 86 "Sysctl support" below, you can change various aspects of the 87 behavior of the TCP/IP code by writing to the (virtual) files in 88 /proc/sys/net/ipv4/*; the options are explained in the file 89 <file:Documentation/networking/ip-sysctl.rst>. 90 91 Short answer: say Y. 92 93if INET 94source "net/ipv4/Kconfig" 95source "net/ipv6/Kconfig" 96source "net/netlabel/Kconfig" 97source "net/mptcp/Kconfig" 98 99endif # if INET 100 101config NETWORK_SECMARK 102 bool "Security Marking" 103 help 104 This enables security marking of network packets, similar 105 to nfmark, but designated for security purposes. 106 If you are unsure how to answer this question, answer N. 107 108config NET_PTP_CLASSIFY 109 def_bool n 110 111config NETWORK_PHY_TIMESTAMPING 112 bool "Timestamping in PHY devices" 113 select NET_PTP_CLASSIFY 114 help 115 This allows timestamping of network packets by PHYs (or 116 other MII bus snooping devices) with hardware timestamping 117 capabilities. This option adds some overhead in the transmit 118 and receive paths. 119 120 If you are unsure how to answer this question, answer N. 121 122menuconfig NETFILTER 123 bool "Network packet filtering framework (Netfilter)" 124 help 125 Netfilter is a framework for filtering and mangling network packets 126 that pass through your Linux box. 127 128 The most common use of packet filtering is to run your Linux box as 129 a firewall protecting a local network from the Internet. The type of 130 firewall provided by this kernel support is called a "packet 131 filter", which means that it can reject individual network packets 132 based on type, source, destination etc. The other kind of firewall, 133 a "proxy-based" one, is more secure but more intrusive and more 134 bothersome to set up; it inspects the network traffic much more 135 closely, modifies it and has knowledge about the higher level 136 protocols, which a packet filter lacks. Moreover, proxy-based 137 firewalls often require changes to the programs running on the local 138 clients. Proxy-based firewalls don't need support by the kernel, but 139 they are often combined with a packet filter, which only works if 140 you say Y here. 141 142 You should also say Y here if you intend to use your Linux box as 143 the gateway to the Internet for a local network of machines without 144 globally valid IP addresses. This is called "masquerading": if one 145 of the computers on your local network wants to send something to 146 the outside, your box can "masquerade" as that computer, i.e. it 147 forwards the traffic to the intended outside destination, but 148 modifies the packets to make it look like they came from the 149 firewall box itself. It works both ways: if the outside host 150 replies, the Linux box will silently forward the traffic to the 151 correct local computer. This way, the computers on your local net 152 are completely invisible to the outside world, even though they can 153 reach the outside and can receive replies. It is even possible to 154 run globally visible servers from within a masqueraded local network 155 using a mechanism called portforwarding. Masquerading is also often 156 called NAT (Network Address Translation). 157 158 Another use of Netfilter is in transparent proxying: if a machine on 159 the local network tries to connect to an outside host, your Linux 160 box can transparently forward the traffic to a local server, 161 typically a caching proxy server. 162 163 Yet another use of Netfilter is building a bridging firewall. Using 164 a bridge with Network packet filtering enabled makes iptables "see" 165 the bridged traffic. For filtering on the lower network and Ethernet 166 protocols over the bridge, use ebtables (under bridge netfilter 167 configuration). 168 169 Various modules exist for netfilter which replace the previous 170 masquerading (ipmasqadm), packet filtering (ipchains), transparent 171 proxying, and portforwarding mechanisms. Please see 172 <file:Documentation/Changes> under "iptables" for the location of 173 these packages. 174 175if NETFILTER 176 177config NETFILTER_ADVANCED 178 bool "Advanced netfilter configuration" 179 depends on NETFILTER 180 default y 181 help 182 If you say Y here you can select between all the netfilter modules. 183 If you say N the more unusual ones will not be shown and the 184 basic ones needed by most people will default to 'M'. 185 186 If unsure, say Y. 187 188config BRIDGE_NETFILTER 189 tristate "Bridged IP/ARP packets filtering" 190 depends on BRIDGE 191 depends on NETFILTER && INET 192 depends on NETFILTER_ADVANCED 193 select NETFILTER_FAMILY_BRIDGE 194 select SKB_EXTENSIONS 195 help 196 Enabling this option will let arptables resp. iptables see bridged 197 ARP resp. IP traffic. If you want a bridging firewall, you probably 198 want this option enabled. 199 Enabling or disabling this option doesn't enable or disable 200 ebtables. 201 202 If unsure, say N. 203 204source "net/netfilter/Kconfig" 205source "net/ipv4/netfilter/Kconfig" 206source "net/ipv6/netfilter/Kconfig" 207source "net/decnet/netfilter/Kconfig" 208source "net/bridge/netfilter/Kconfig" 209 210endif 211 212source "net/bpfilter/Kconfig" 213 214source "net/dccp/Kconfig" 215source "net/sctp/Kconfig" 216source "net/rds/Kconfig" 217source "net/tipc/Kconfig" 218source "net/atm/Kconfig" 219source "net/l2tp/Kconfig" 220source "net/802/Kconfig" 221source "net/bridge/Kconfig" 222source "net/dsa/Kconfig" 223source "net/8021q/Kconfig" 224source "net/decnet/Kconfig" 225source "net/llc/Kconfig" 226source "drivers/net/appletalk/Kconfig" 227source "net/x25/Kconfig" 228source "net/lapb/Kconfig" 229source "net/phonet/Kconfig" 230source "net/6lowpan/Kconfig" 231source "net/ieee802154/Kconfig" 232source "net/mac802154/Kconfig" 233source "net/sched/Kconfig" 234source "net/dcb/Kconfig" 235source "net/dns_resolver/Kconfig" 236source "net/batman-adv/Kconfig" 237source "net/openvswitch/Kconfig" 238source "net/vmw_vsock/Kconfig" 239source "net/netlink/Kconfig" 240source "net/mpls/Kconfig" 241source "net/nsh/Kconfig" 242source "net/hsr/Kconfig" 243source "net/switchdev/Kconfig" 244source "net/l3mdev/Kconfig" 245source "net/qrtr/Kconfig" 246source "net/ncsi/Kconfig" 247 248config PCPU_DEV_REFCNT 249 bool "Use percpu variables to maintain network device refcount" 250 depends on SMP 251 default y 252 help 253 network device refcount are using per cpu variables if this option is set. 254 This can be forced to N to detect underflows (with a performance drop). 255 256config RPS 257 bool 258 depends on SMP && SYSFS 259 default y 260 261config RFS_ACCEL 262 bool 263 depends on RPS 264 select CPU_RMAP 265 default y 266 267config SOCK_RX_QUEUE_MAPPING 268 bool 269 270config XPS 271 bool 272 depends on SMP 273 select SOCK_RX_QUEUE_MAPPING 274 default y 275 276config HWBM 277 bool 278 279config CGROUP_NET_PRIO 280 bool "Network priority cgroup" 281 depends on CGROUPS 282 select SOCK_CGROUP_DATA 283 help 284 Cgroup subsystem for use in assigning processes to network priorities on 285 a per-interface basis. 286 287config CGROUP_NET_CLASSID 288 bool "Network classid cgroup" 289 depends on CGROUPS 290 select SOCK_CGROUP_DATA 291 help 292 Cgroup subsystem for use as general purpose socket classid marker that is 293 being used in cls_cgroup and for netfilter matching. 294 295config NET_RX_BUSY_POLL 296 bool 297 default y if !PREEMPT_RT 298 299config BQL 300 bool 301 depends on SYSFS 302 select DQL 303 default y 304 305config BPF_STREAM_PARSER 306 bool "enable BPF STREAM_PARSER" 307 depends on INET 308 depends on BPF_SYSCALL 309 depends on CGROUP_BPF 310 select STREAM_PARSER 311 select NET_SOCK_MSG 312 help 313 Enabling this allows a TCP stream parser to be used with 314 BPF_MAP_TYPE_SOCKMAP. 315 316config NET_FLOW_LIMIT 317 bool 318 depends on RPS 319 default y 320 help 321 The network stack has to drop packets when a receive processing CPU's 322 backlog reaches netdev_max_backlog. If a few out of many active flows 323 generate the vast majority of load, drop their traffic earlier to 324 maintain capacity for the other flows. This feature provides servers 325 with many clients some protection against DoS by a single (spoofed) 326 flow that greatly exceeds average workload. 327 328menu "Network testing" 329 330config NET_PKTGEN 331 tristate "Packet Generator (USE WITH CAUTION)" 332 depends on INET && PROC_FS 333 help 334 This module will inject preconfigured packets, at a configurable 335 rate, out of a given interface. It is used for network interface 336 stress testing and performance analysis. If you don't understand 337 what was just said, you don't need it: say N. 338 339 Documentation on how to use the packet generator can be found 340 at <file:Documentation/networking/pktgen.rst>. 341 342 To compile this code as a module, choose M here: the 343 module will be called pktgen. 344 345config NET_DROP_MONITOR 346 tristate "Network packet drop alerting service" 347 depends on INET && TRACEPOINTS 348 help 349 This feature provides an alerting service to userspace in the 350 event that packets are discarded in the network stack. Alerts 351 are broadcast via netlink socket to any listening user space 352 process. If you don't need network drop alerts, or if you are ok 353 just checking the various proc files and other utilities for 354 drop statistics, say N here. 355 356endmenu 357 358endmenu 359 360source "net/ax25/Kconfig" 361source "net/can/Kconfig" 362source "net/bluetooth/Kconfig" 363source "net/rxrpc/Kconfig" 364source "net/kcm/Kconfig" 365source "net/strparser/Kconfig" 366source "net/mctp/Kconfig" 367 368config FIB_RULES 369 bool 370 371menuconfig WIRELESS 372 bool "Wireless" 373 depends on !S390 374 default y 375 376if WIRELESS 377 378source "net/wireless/Kconfig" 379source "net/mac80211/Kconfig" 380 381endif # WIRELESS 382 383source "net/rfkill/Kconfig" 384source "net/9p/Kconfig" 385source "net/caif/Kconfig" 386source "net/ceph/Kconfig" 387source "net/nfc/Kconfig" 388source "net/psample/Kconfig" 389source "net/ife/Kconfig" 390 391config LWTUNNEL 392 bool "Network light weight tunnels" 393 help 394 This feature provides an infrastructure to support light weight 395 tunnels like mpls. There is no netdevice associated with a light 396 weight tunnel endpoint. Tunnel encapsulation parameters are stored 397 with light weight tunnel state associated with fib routes. 398 399config LWTUNNEL_BPF 400 bool "Execute BPF program as route nexthop action" 401 depends on LWTUNNEL && INET 402 default y if LWTUNNEL=y 403 help 404 Allows to run BPF programs as a nexthop action following a route 405 lookup for incoming and outgoing packets. 406 407config DST_CACHE 408 bool 409 default n 410 411config GRO_CELLS 412 bool 413 default n 414 415config SOCK_VALIDATE_XMIT 416 bool 417 418config NET_SELFTESTS 419 def_tristate PHYLIB 420 depends on PHYLIB && INET 421 422config NET_SOCK_MSG 423 bool 424 default n 425 help 426 The NET_SOCK_MSG provides a framework for plain sockets (e.g. TCP) or 427 ULPs (upper layer modules, e.g. TLS) to process L7 application data 428 with the help of BPF programs. 429 430config NET_DEVLINK 431 bool 432 default n 433 434config PAGE_POOL 435 bool 436 437config PAGE_POOL_STATS 438 default n 439 bool "Page pool stats" 440 depends on PAGE_POOL 441 help 442 Enable page pool statistics to track page allocation and recycling 443 in page pools. This option incurs additional CPU cost in allocation 444 and recycle paths and additional memory cost to store the statistics. 445 These statistics are only available if this option is enabled and if 446 the driver using the page pool supports exporting this data. 447 448 If unsure, say N. 449 450config FAILOVER 451 tristate "Generic failover module" 452 help 453 The failover module provides a generic interface for paravirtual 454 drivers to register a netdev and a set of ops with a failover 455 instance. The ops are used as event handlers that get called to 456 handle netdev register/unregister/link change/name change events 457 on slave pci ethernet devices with the same mac address as the 458 failover netdev. This enables paravirtual drivers to use a 459 VF as an accelerated low latency datapath. It also allows live 460 migration of VMs with direct attached VFs by failing over to the 461 paravirtual datapath when the VF is unplugged. 462 463config ETHTOOL_NETLINK 464 bool "Netlink interface for ethtool" 465 default y 466 help 467 An alternative userspace interface for ethtool based on generic 468 netlink. It provides better extensibility and some new features, 469 e.g. notification messages. 470 471config NETDEV_ADDR_LIST_TEST 472 tristate "Unit tests for device address list" 473 default KUNIT_ALL_TESTS 474 depends on KUNIT 475 476endif # if NET