Kconfig (31318B)
1# SPDX-License-Identifier: GPL-2.0-only 2# 3# Traffic control configuration. 4# 5 6menuconfig NET_SCHED 7 bool "QoS and/or fair queueing" 8 select NET_SCH_FIFO 9 help 10 When the kernel has several packets to send out over a network 11 device, it has to decide which ones to send first, which ones to 12 delay, and which ones to drop. This is the job of the queueing 13 disciplines, several different algorithms for how to do this 14 "fairly" have been proposed. 15 16 If you say N here, you will get the standard packet scheduler, which 17 is a FIFO (first come, first served). If you say Y here, you will be 18 able to choose from among several alternative algorithms which can 19 then be attached to different network devices. This is useful for 20 example if some of your network devices are real time devices that 21 need a certain minimum data flow rate, or if you need to limit the 22 maximum data flow rate for traffic which matches specified criteria. 23 This code is considered to be experimental. 24 25 To administer these schedulers, you'll need the user-level utilities 26 from the package iproute2+tc at 27 <https://www.kernel.org/pub/linux/utils/net/iproute2/>. That package 28 also contains some documentation; for more, check out 29 <http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2>. 30 31 This Quality of Service (QoS) support will enable you to use 32 Differentiated Services (diffserv) and Resource Reservation Protocol 33 (RSVP) on your Linux router if you also say Y to the corresponding 34 classifiers below. Documentation and software is at 35 <http://diffserv.sourceforge.net/>. 36 37 If you say Y here and to "/proc file system" below, you will be able 38 to read status information about packet schedulers from the file 39 /proc/net/psched. 40 41 The available schedulers are listed in the following questions; you 42 can say Y to as many as you like. If unsure, say N now. 43 44if NET_SCHED 45 46comment "Queueing/Scheduling" 47 48config NET_SCH_CBQ 49 tristate "Class Based Queueing (CBQ)" 50 help 51 Say Y here if you want to use the Class-Based Queueing (CBQ) packet 52 scheduling algorithm. This algorithm classifies the waiting packets 53 into a tree-like hierarchy of classes; the leaves of this tree are 54 in turn scheduled by separate algorithms. 55 56 See the top of <file:net/sched/sch_cbq.c> for more details. 57 58 CBQ is a commonly used scheduler, so if you're unsure, you should 59 say Y here. Then say Y to all the queueing algorithms below that you 60 want to use as leaf disciplines. 61 62 To compile this code as a module, choose M here: the 63 module will be called sch_cbq. 64 65config NET_SCH_HTB 66 tristate "Hierarchical Token Bucket (HTB)" 67 help 68 Say Y here if you want to use the Hierarchical Token Buckets (HTB) 69 packet scheduling algorithm. See 70 <http://luxik.cdi.cz/~devik/qos/htb/> for complete manual and 71 in-depth articles. 72 73 HTB is very similar to CBQ regarding its goals however is has 74 different properties and different algorithm. 75 76 To compile this code as a module, choose M here: the 77 module will be called sch_htb. 78 79config NET_SCH_HFSC 80 tristate "Hierarchical Fair Service Curve (HFSC)" 81 help 82 Say Y here if you want to use the Hierarchical Fair Service Curve 83 (HFSC) packet scheduling algorithm. 84 85 To compile this code as a module, choose M here: the 86 module will be called sch_hfsc. 87 88config NET_SCH_ATM 89 tristate "ATM Virtual Circuits (ATM)" 90 depends on ATM 91 help 92 Say Y here if you want to use the ATM pseudo-scheduler. This 93 provides a framework for invoking classifiers, which in turn 94 select classes of this queuing discipline. Each class maps 95 the flow(s) it is handling to a given virtual circuit. 96 97 See the top of <file:net/sched/sch_atm.c> for more details. 98 99 To compile this code as a module, choose M here: the 100 module will be called sch_atm. 101 102config NET_SCH_PRIO 103 tristate "Multi Band Priority Queueing (PRIO)" 104 help 105 Say Y here if you want to use an n-band priority queue packet 106 scheduler. 107 108 To compile this code as a module, choose M here: the 109 module will be called sch_prio. 110 111config NET_SCH_MULTIQ 112 tristate "Hardware Multiqueue-aware Multi Band Queuing (MULTIQ)" 113 help 114 Say Y here if you want to use an n-band queue packet scheduler 115 to support devices that have multiple hardware transmit queues. 116 117 To compile this code as a module, choose M here: the 118 module will be called sch_multiq. 119 120config NET_SCH_RED 121 tristate "Random Early Detection (RED)" 122 help 123 Say Y here if you want to use the Random Early Detection (RED) 124 packet scheduling algorithm. 125 126 See the top of <file:net/sched/sch_red.c> for more details. 127 128 To compile this code as a module, choose M here: the 129 module will be called sch_red. 130 131config NET_SCH_SFB 132 tristate "Stochastic Fair Blue (SFB)" 133 help 134 Say Y here if you want to use the Stochastic Fair Blue (SFB) 135 packet scheduling algorithm. 136 137 See the top of <file:net/sched/sch_sfb.c> for more details. 138 139 To compile this code as a module, choose M here: the 140 module will be called sch_sfb. 141 142config NET_SCH_SFQ 143 tristate "Stochastic Fairness Queueing (SFQ)" 144 help 145 Say Y here if you want to use the Stochastic Fairness Queueing (SFQ) 146 packet scheduling algorithm. 147 148 See the top of <file:net/sched/sch_sfq.c> for more details. 149 150 To compile this code as a module, choose M here: the 151 module will be called sch_sfq. 152 153config NET_SCH_TEQL 154 tristate "True Link Equalizer (TEQL)" 155 help 156 Say Y here if you want to use the True Link Equalizer (TLE) packet 157 scheduling algorithm. This queueing discipline allows the combination 158 of several physical devices into one virtual device. 159 160 See the top of <file:net/sched/sch_teql.c> for more details. 161 162 To compile this code as a module, choose M here: the 163 module will be called sch_teql. 164 165config NET_SCH_TBF 166 tristate "Token Bucket Filter (TBF)" 167 help 168 Say Y here if you want to use the Token Bucket Filter (TBF) packet 169 scheduling algorithm. 170 171 See the top of <file:net/sched/sch_tbf.c> for more details. 172 173 To compile this code as a module, choose M here: the 174 module will be called sch_tbf. 175 176config NET_SCH_CBS 177 tristate "Credit Based Shaper (CBS)" 178 help 179 Say Y here if you want to use the Credit Based Shaper (CBS) packet 180 scheduling algorithm. 181 182 See the top of <file:net/sched/sch_cbs.c> for more details. 183 184 To compile this code as a module, choose M here: the 185 module will be called sch_cbs. 186 187config NET_SCH_ETF 188 tristate "Earliest TxTime First (ETF)" 189 help 190 Say Y here if you want to use the Earliest TxTime First (ETF) packet 191 scheduling algorithm. 192 193 See the top of <file:net/sched/sch_etf.c> for more details. 194 195 To compile this code as a module, choose M here: the 196 module will be called sch_etf. 197 198config NET_SCH_TAPRIO 199 tristate "Time Aware Priority (taprio) Scheduler" 200 help 201 Say Y here if you want to use the Time Aware Priority (taprio) packet 202 scheduling algorithm. 203 204 See the top of <file:net/sched/sch_taprio.c> for more details. 205 206 To compile this code as a module, choose M here: the 207 module will be called sch_taprio. 208 209config NET_SCH_GRED 210 tristate "Generic Random Early Detection (GRED)" 211 help 212 Say Y here if you want to use the Generic Random Early Detection 213 (GRED) packet scheduling algorithm for some of your network devices 214 (see the top of <file:net/sched/sch_red.c> for details and 215 references about the algorithm). 216 217 To compile this code as a module, choose M here: the 218 module will be called sch_gred. 219 220config NET_SCH_DSMARK 221 tristate "Differentiated Services marker (DSMARK)" 222 help 223 Say Y if you want to schedule packets according to the 224 Differentiated Services architecture proposed in RFC 2475. 225 Technical information on this method, with pointers to associated 226 RFCs, is available at <http://www.gta.ufrj.br/diffserv/>. 227 228 To compile this code as a module, choose M here: the 229 module will be called sch_dsmark. 230 231config NET_SCH_NETEM 232 tristate "Network emulator (NETEM)" 233 help 234 Say Y if you want to emulate network delay, loss, and packet 235 re-ordering. This is often useful to simulate networks when 236 testing applications or protocols. 237 238 To compile this driver as a module, choose M here: the module 239 will be called sch_netem. 240 241 If unsure, say N. 242 243config NET_SCH_DRR 244 tristate "Deficit Round Robin scheduler (DRR)" 245 help 246 Say Y here if you want to use the Deficit Round Robin (DRR) packet 247 scheduling algorithm. 248 249 To compile this driver as a module, choose M here: the module 250 will be called sch_drr. 251 252 If unsure, say N. 253 254config NET_SCH_MQPRIO 255 tristate "Multi-queue priority scheduler (MQPRIO)" 256 help 257 Say Y here if you want to use the Multi-queue Priority scheduler. 258 This scheduler allows QOS to be offloaded on NICs that have support 259 for offloading QOS schedulers. 260 261 To compile this driver as a module, choose M here: the module will 262 be called sch_mqprio. 263 264 If unsure, say N. 265 266config NET_SCH_SKBPRIO 267 tristate "SKB priority queue scheduler (SKBPRIO)" 268 help 269 Say Y here if you want to use the SKB priority queue 270 scheduler. This schedules packets according to skb->priority, 271 which is useful for request packets in DoS mitigation systems such 272 as Gatekeeper. 273 274 To compile this driver as a module, choose M here: the module will 275 be called sch_skbprio. 276 277 If unsure, say N. 278 279config NET_SCH_CHOKE 280 tristate "CHOose and Keep responsive flow scheduler (CHOKE)" 281 help 282 Say Y here if you want to use the CHOKe packet scheduler (CHOose 283 and Keep for responsive flows, CHOose and Kill for unresponsive 284 flows). This is a variation of RED which tries to penalize flows 285 that monopolize the queue. 286 287 To compile this code as a module, choose M here: the 288 module will be called sch_choke. 289 290config NET_SCH_QFQ 291 tristate "Quick Fair Queueing scheduler (QFQ)" 292 help 293 Say Y here if you want to use the Quick Fair Queueing Scheduler (QFQ) 294 packet scheduling algorithm. 295 296 To compile this driver as a module, choose M here: the module 297 will be called sch_qfq. 298 299 If unsure, say N. 300 301config NET_SCH_CODEL 302 tristate "Controlled Delay AQM (CODEL)" 303 help 304 Say Y here if you want to use the Controlled Delay (CODEL) 305 packet scheduling algorithm. 306 307 To compile this driver as a module, choose M here: the module 308 will be called sch_codel. 309 310 If unsure, say N. 311 312config NET_SCH_FQ_CODEL 313 tristate "Fair Queue Controlled Delay AQM (FQ_CODEL)" 314 help 315 Say Y here if you want to use the FQ Controlled Delay (FQ_CODEL) 316 packet scheduling algorithm. 317 318 To compile this driver as a module, choose M here: the module 319 will be called sch_fq_codel. 320 321 If unsure, say N. 322 323config NET_SCH_CAKE 324 tristate "Common Applications Kept Enhanced (CAKE)" 325 help 326 Say Y here if you want to use the Common Applications Kept Enhanced 327 (CAKE) queue management algorithm. 328 329 To compile this driver as a module, choose M here: the module 330 will be called sch_cake. 331 332 If unsure, say N. 333 334config NET_SCH_FQ 335 tristate "Fair Queue" 336 help 337 Say Y here if you want to use the FQ packet scheduling algorithm. 338 339 FQ does flow separation, and is able to respect pacing requirements 340 set by TCP stack into sk->sk_pacing_rate (for localy generated 341 traffic) 342 343 To compile this driver as a module, choose M here: the module 344 will be called sch_fq. 345 346 If unsure, say N. 347 348config NET_SCH_HHF 349 tristate "Heavy-Hitter Filter (HHF)" 350 help 351 Say Y here if you want to use the Heavy-Hitter Filter (HHF) 352 packet scheduling algorithm. 353 354 To compile this driver as a module, choose M here: the module 355 will be called sch_hhf. 356 357config NET_SCH_PIE 358 tristate "Proportional Integral controller Enhanced (PIE) scheduler" 359 help 360 Say Y here if you want to use the Proportional Integral controller 361 Enhanced scheduler packet scheduling algorithm. 362 For more information, please see https://tools.ietf.org/html/rfc8033 363 364 To compile this driver as a module, choose M here: the module 365 will be called sch_pie. 366 367 If unsure, say N. 368 369config NET_SCH_FQ_PIE 370 depends on NET_SCH_PIE 371 tristate "Flow Queue Proportional Integral controller Enhanced (FQ-PIE)" 372 help 373 Say Y here if you want to use the Flow Queue Proportional Integral 374 controller Enhanced (FQ-PIE) packet scheduling algorithm. 375 For more information, please see https://tools.ietf.org/html/rfc8033 376 377 To compile this driver as a module, choose M here: the module 378 will be called sch_fq_pie. 379 380 If unsure, say N. 381 382config NET_SCH_INGRESS 383 tristate "Ingress/classifier-action Qdisc" 384 depends on NET_CLS_ACT 385 select NET_INGRESS 386 select NET_EGRESS 387 help 388 Say Y here if you want to use classifiers for incoming and/or outgoing 389 packets. This qdisc doesn't do anything else besides running classifiers, 390 which can also have actions attached to them. In case of outgoing packets, 391 classifiers that this qdisc holds are executed in the transmit path 392 before real enqueuing to an egress qdisc happens. 393 394 If unsure, say Y. 395 396 To compile this code as a module, choose M here: the module will be 397 called sch_ingress with alias of sch_clsact. 398 399config NET_SCH_PLUG 400 tristate "Plug network traffic until release (PLUG)" 401 help 402 403 This queuing discipline allows userspace to plug/unplug a network 404 output queue, using the netlink interface. When it receives an 405 enqueue command it inserts a plug into the outbound queue that 406 causes following packets to enqueue until a dequeue command arrives 407 over netlink, causing the plug to be removed and resuming the normal 408 packet flow. 409 410 This module also provides a generic "network output buffering" 411 functionality (aka output commit), wherein upon arrival of a dequeue 412 command, only packets up to the first plug are released for delivery. 413 The Remus HA project uses this module to enable speculative execution 414 of virtual machines by allowing the generated network output to be rolled 415 back if needed. 416 417 For more information, please refer to <http://wiki.xenproject.org/wiki/Remus> 418 419 Say Y here if you are using this kernel for Xen dom0 and 420 want to protect Xen guests with Remus. 421 422 To compile this code as a module, choose M here: the 423 module will be called sch_plug. 424 425config NET_SCH_ETS 426 tristate "Enhanced transmission selection scheduler (ETS)" 427 help 428 The Enhanced Transmission Selection scheduler is a classful 429 queuing discipline that merges functionality of PRIO and DRR 430 qdiscs in one scheduler. ETS makes it easy to configure a set of 431 strict and bandwidth-sharing bands to implement the transmission 432 selection described in 802.1Qaz. 433 434 Say Y here if you want to use the ETS packet scheduling 435 algorithm. 436 437 To compile this driver as a module, choose M here: the module 438 will be called sch_ets. 439 440 If unsure, say N. 441 442menuconfig NET_SCH_DEFAULT 443 bool "Allow override default queue discipline" 444 help 445 Support for selection of default queuing discipline. 446 447 Nearly all users can safely say no here, and the default 448 of pfifo_fast will be used. Many distributions already set 449 the default value via /proc/sys/net/core/default_qdisc. 450 451 If unsure, say N. 452 453if NET_SCH_DEFAULT 454 455choice 456 prompt "Default queuing discipline" 457 default DEFAULT_PFIFO_FAST 458 help 459 Select the queueing discipline that will be used by default 460 for all network devices. 461 462 config DEFAULT_FQ 463 bool "Fair Queue" if NET_SCH_FQ 464 465 config DEFAULT_CODEL 466 bool "Controlled Delay" if NET_SCH_CODEL 467 468 config DEFAULT_FQ_CODEL 469 bool "Fair Queue Controlled Delay" if NET_SCH_FQ_CODEL 470 471 config DEFAULT_FQ_PIE 472 bool "Flow Queue Proportional Integral controller Enhanced" if NET_SCH_FQ_PIE 473 474 config DEFAULT_SFQ 475 bool "Stochastic Fair Queue" if NET_SCH_SFQ 476 477 config DEFAULT_PFIFO_FAST 478 bool "Priority FIFO Fast" 479endchoice 480 481config DEFAULT_NET_SCH 482 string 483 default "pfifo_fast" if DEFAULT_PFIFO_FAST 484 default "fq" if DEFAULT_FQ 485 default "fq_codel" if DEFAULT_FQ_CODEL 486 default "fq_pie" if DEFAULT_FQ_PIE 487 default "sfq" if DEFAULT_SFQ 488 default "pfifo_fast" 489endif 490 491comment "Classification" 492 493config NET_CLS 494 bool 495 496config NET_CLS_BASIC 497 tristate "Elementary classification (BASIC)" 498 select NET_CLS 499 help 500 Say Y here if you want to be able to classify packets using 501 only extended matches and actions. 502 503 To compile this code as a module, choose M here: the 504 module will be called cls_basic. 505 506config NET_CLS_TCINDEX 507 tristate "Traffic-Control Index (TCINDEX)" 508 select NET_CLS 509 help 510 Say Y here if you want to be able to classify packets based on 511 traffic control indices. You will want this feature if you want 512 to implement Differentiated Services together with DSMARK. 513 514 To compile this code as a module, choose M here: the 515 module will be called cls_tcindex. 516 517config NET_CLS_ROUTE4 518 tristate "Routing decision (ROUTE)" 519 depends on INET 520 select IP_ROUTE_CLASSID 521 select NET_CLS 522 help 523 If you say Y here, you will be able to classify packets 524 according to the route table entry they matched. 525 526 To compile this code as a module, choose M here: the 527 module will be called cls_route. 528 529config NET_CLS_FW 530 tristate "Netfilter mark (FW)" 531 select NET_CLS 532 help 533 If you say Y here, you will be able to classify packets 534 according to netfilter/firewall marks. 535 536 To compile this code as a module, choose M here: the 537 module will be called cls_fw. 538 539config NET_CLS_U32 540 tristate "Universal 32bit comparisons w/ hashing (U32)" 541 select NET_CLS 542 help 543 Say Y here to be able to classify packets using a universal 544 32bit pieces based comparison scheme. 545 546 To compile this code as a module, choose M here: the 547 module will be called cls_u32. 548 549config CLS_U32_PERF 550 bool "Performance counters support" 551 depends on NET_CLS_U32 552 help 553 Say Y here to make u32 gather additional statistics useful for 554 fine tuning u32 classifiers. 555 556config CLS_U32_MARK 557 bool "Netfilter marks support" 558 depends on NET_CLS_U32 559 help 560 Say Y here to be able to use netfilter marks as u32 key. 561 562config NET_CLS_RSVP 563 tristate "IPv4 Resource Reservation Protocol (RSVP)" 564 select NET_CLS 565 help 566 The Resource Reservation Protocol (RSVP) permits end systems to 567 request a minimum and maximum data flow rate for a connection; this 568 is important for real time data such as streaming sound or video. 569 570 Say Y here if you want to be able to classify outgoing packets based 571 on their RSVP requests. 572 573 To compile this code as a module, choose M here: the 574 module will be called cls_rsvp. 575 576config NET_CLS_RSVP6 577 tristate "IPv6 Resource Reservation Protocol (RSVP6)" 578 select NET_CLS 579 help 580 The Resource Reservation Protocol (RSVP) permits end systems to 581 request a minimum and maximum data flow rate for a connection; this 582 is important for real time data such as streaming sound or video. 583 584 Say Y here if you want to be able to classify outgoing packets based 585 on their RSVP requests and you are using the IPv6 protocol. 586 587 To compile this code as a module, choose M here: the 588 module will be called cls_rsvp6. 589 590config NET_CLS_FLOW 591 tristate "Flow classifier" 592 select NET_CLS 593 help 594 If you say Y here, you will be able to classify packets based on 595 a configurable combination of packet keys. This is mostly useful 596 in combination with SFQ. 597 598 To compile this code as a module, choose M here: the 599 module will be called cls_flow. 600 601config NET_CLS_CGROUP 602 tristate "Control Group Classifier" 603 select NET_CLS 604 select CGROUP_NET_CLASSID 605 depends on CGROUPS 606 help 607 Say Y here if you want to classify packets based on the control 608 cgroup of their process. 609 610 To compile this code as a module, choose M here: the 611 module will be called cls_cgroup. 612 613config NET_CLS_BPF 614 tristate "BPF-based classifier" 615 select NET_CLS 616 help 617 If you say Y here, you will be able to classify packets based on 618 programmable BPF (JIT'ed) filters as an alternative to ematches. 619 620 To compile this code as a module, choose M here: the module will 621 be called cls_bpf. 622 623config NET_CLS_FLOWER 624 tristate "Flower classifier" 625 select NET_CLS 626 help 627 If you say Y here, you will be able to classify packets based on 628 a configurable combination of packet keys and masks. 629 630 To compile this code as a module, choose M here: the module will 631 be called cls_flower. 632 633config NET_CLS_MATCHALL 634 tristate "Match-all classifier" 635 select NET_CLS 636 help 637 If you say Y here, you will be able to classify packets based on 638 nothing. Every packet will match. 639 640 To compile this code as a module, choose M here: the module will 641 be called cls_matchall. 642 643config NET_EMATCH 644 bool "Extended Matches" 645 select NET_CLS 646 help 647 Say Y here if you want to use extended matches on top of classifiers 648 and select the extended matches below. 649 650 Extended matches are small classification helpers not worth writing 651 a separate classifier for. 652 653 A recent version of the iproute2 package is required to use 654 extended matches. 655 656config NET_EMATCH_STACK 657 int "Stack size" 658 depends on NET_EMATCH 659 default "32" 660 help 661 Size of the local stack variable used while evaluating the tree of 662 ematches. Limits the depth of the tree, i.e. the number of 663 encapsulated precedences. Every level requires 4 bytes of additional 664 stack space. 665 666config NET_EMATCH_CMP 667 tristate "Simple packet data comparison" 668 depends on NET_EMATCH 669 help 670 Say Y here if you want to be able to classify packets based on 671 simple packet data comparisons for 8, 16, and 32bit values. 672 673 To compile this code as a module, choose M here: the 674 module will be called em_cmp. 675 676config NET_EMATCH_NBYTE 677 tristate "Multi byte comparison" 678 depends on NET_EMATCH 679 help 680 Say Y here if you want to be able to classify packets based on 681 multiple byte comparisons mainly useful for IPv6 address comparisons. 682 683 To compile this code as a module, choose M here: the 684 module will be called em_nbyte. 685 686config NET_EMATCH_U32 687 tristate "U32 key" 688 depends on NET_EMATCH 689 help 690 Say Y here if you want to be able to classify packets using 691 the famous u32 key in combination with logic relations. 692 693 To compile this code as a module, choose M here: the 694 module will be called em_u32. 695 696config NET_EMATCH_META 697 tristate "Metadata" 698 depends on NET_EMATCH 699 help 700 Say Y here if you want to be able to classify packets based on 701 metadata such as load average, netfilter attributes, socket 702 attributes and routing decisions. 703 704 To compile this code as a module, choose M here: the 705 module will be called em_meta. 706 707config NET_EMATCH_TEXT 708 tristate "Textsearch" 709 depends on NET_EMATCH 710 select TEXTSEARCH 711 select TEXTSEARCH_KMP 712 select TEXTSEARCH_BM 713 select TEXTSEARCH_FSM 714 help 715 Say Y here if you want to be able to classify packets based on 716 textsearch comparisons. 717 718 To compile this code as a module, choose M here: the 719 module will be called em_text. 720 721config NET_EMATCH_CANID 722 tristate "CAN Identifier" 723 depends on NET_EMATCH && (CAN=y || CAN=m) 724 help 725 Say Y here if you want to be able to classify CAN frames based 726 on CAN Identifier. 727 728 To compile this code as a module, choose M here: the 729 module will be called em_canid. 730 731config NET_EMATCH_IPSET 732 tristate "IPset" 733 depends on NET_EMATCH && IP_SET 734 help 735 Say Y here if you want to be able to classify packets based on 736 ipset membership. 737 738 To compile this code as a module, choose M here: the 739 module will be called em_ipset. 740 741config NET_EMATCH_IPT 742 tristate "IPtables Matches" 743 depends on NET_EMATCH && NETFILTER && NETFILTER_XTABLES 744 help 745 Say Y here to be able to classify packets based on iptables 746 matches. 747 Current supported match is "policy" which allows packet classification 748 based on IPsec policy that was used during decapsulation 749 750 To compile this code as a module, choose M here: the 751 module will be called em_ipt. 752 753config NET_CLS_ACT 754 bool "Actions" 755 select NET_CLS 756 help 757 Say Y here if you want to use traffic control actions. Actions 758 get attached to classifiers and are invoked after a successful 759 classification. They are used to overwrite the classification 760 result, instantly drop or redirect packets, etc. 761 762 A recent version of the iproute2 package is required to use 763 extended matches. 764 765config NET_ACT_POLICE 766 tristate "Traffic Policing" 767 depends on NET_CLS_ACT 768 help 769 Say Y here if you want to do traffic policing, i.e. strict 770 bandwidth limiting. This action replaces the existing policing 771 module. 772 773 To compile this code as a module, choose M here: the 774 module will be called act_police. 775 776config NET_ACT_GACT 777 tristate "Generic actions" 778 depends on NET_CLS_ACT 779 help 780 Say Y here to take generic actions such as dropping and 781 accepting packets. 782 783 To compile this code as a module, choose M here: the 784 module will be called act_gact. 785 786config GACT_PROB 787 bool "Probability support" 788 depends on NET_ACT_GACT 789 help 790 Say Y here to use the generic action randomly or deterministically. 791 792config NET_ACT_MIRRED 793 tristate "Redirecting and Mirroring" 794 depends on NET_CLS_ACT 795 help 796 Say Y here to allow packets to be mirrored or redirected to 797 other devices. 798 799 To compile this code as a module, choose M here: the 800 module will be called act_mirred. 801 802config NET_ACT_SAMPLE 803 tristate "Traffic Sampling" 804 depends on NET_CLS_ACT 805 select PSAMPLE 806 help 807 Say Y here to allow packet sampling tc action. The packet sample 808 action consists of statistically choosing packets and sampling 809 them using the psample module. 810 811 To compile this code as a module, choose M here: the 812 module will be called act_sample. 813 814config NET_ACT_IPT 815 tristate "IPtables targets" 816 depends on NET_CLS_ACT && NETFILTER && NETFILTER_XTABLES 817 help 818 Say Y here to be able to invoke iptables targets after successful 819 classification. 820 821 To compile this code as a module, choose M here: the 822 module will be called act_ipt. 823 824config NET_ACT_NAT 825 tristate "Stateless NAT" 826 depends on NET_CLS_ACT 827 help 828 Say Y here to do stateless NAT on IPv4 packets. You should use 829 netfilter for NAT unless you know what you are doing. 830 831 To compile this code as a module, choose M here: the 832 module will be called act_nat. 833 834config NET_ACT_PEDIT 835 tristate "Packet Editing" 836 depends on NET_CLS_ACT 837 help 838 Say Y here if you want to mangle the content of packets. 839 840 To compile this code as a module, choose M here: the 841 module will be called act_pedit. 842 843config NET_ACT_SIMP 844 tristate "Simple Example (Debug)" 845 depends on NET_CLS_ACT 846 help 847 Say Y here to add a simple action for demonstration purposes. 848 It is meant as an example and for debugging purposes. It will 849 print a configured policy string followed by the packet count 850 to the console for every packet that passes by. 851 852 If unsure, say N. 853 854 To compile this code as a module, choose M here: the 855 module will be called act_simple. 856 857config NET_ACT_SKBEDIT 858 tristate "SKB Editing" 859 depends on NET_CLS_ACT 860 help 861 Say Y here to change skb priority or queue_mapping settings. 862 863 If unsure, say N. 864 865 To compile this code as a module, choose M here: the 866 module will be called act_skbedit. 867 868config NET_ACT_CSUM 869 tristate "Checksum Updating" 870 depends on NET_CLS_ACT && INET 871 select LIBCRC32C 872 help 873 Say Y here to update some common checksum after some direct 874 packet alterations. 875 876 To compile this code as a module, choose M here: the 877 module will be called act_csum. 878 879config NET_ACT_MPLS 880 tristate "MPLS manipulation" 881 depends on NET_CLS_ACT 882 help 883 Say Y here to push or pop MPLS headers. 884 885 If unsure, say N. 886 887 To compile this code as a module, choose M here: the 888 module will be called act_mpls. 889 890config NET_ACT_VLAN 891 tristate "Vlan manipulation" 892 depends on NET_CLS_ACT 893 help 894 Say Y here to push or pop vlan headers. 895 896 If unsure, say N. 897 898 To compile this code as a module, choose M here: the 899 module will be called act_vlan. 900 901config NET_ACT_BPF 902 tristate "BPF based action" 903 depends on NET_CLS_ACT 904 help 905 Say Y here to execute BPF code on packets. The BPF code will decide 906 if the packet should be dropped or not. 907 908 If unsure, say N. 909 910 To compile this code as a module, choose M here: the 911 module will be called act_bpf. 912 913config NET_ACT_CONNMARK 914 tristate "Netfilter Connection Mark Retriever" 915 depends on NET_CLS_ACT && NETFILTER 916 depends on NF_CONNTRACK && NF_CONNTRACK_MARK 917 help 918 Say Y here to allow retrieving of conn mark 919 920 If unsure, say N. 921 922 To compile this code as a module, choose M here: the 923 module will be called act_connmark. 924 925config NET_ACT_CTINFO 926 tristate "Netfilter Connection Mark Actions" 927 depends on NET_CLS_ACT && NETFILTER 928 depends on NF_CONNTRACK && NF_CONNTRACK_MARK 929 help 930 Say Y here to allow transfer of a connmark stored information. 931 Current actions transfer connmark stored DSCP into 932 ipv4/v6 diffserv and/or to transfer connmark to packet 933 mark. Both are useful for restoring egress based marks 934 back onto ingress connections for qdisc priority mapping 935 purposes. 936 937 If unsure, say N. 938 939 To compile this code as a module, choose M here: the 940 module will be called act_ctinfo. 941 942config NET_ACT_SKBMOD 943 tristate "skb data modification action" 944 depends on NET_CLS_ACT 945 help 946 Say Y here to allow modification of skb data 947 948 If unsure, say N. 949 950 To compile this code as a module, choose M here: the 951 module will be called act_skbmod. 952 953config NET_ACT_IFE 954 tristate "Inter-FE action based on IETF ForCES InterFE LFB" 955 depends on NET_CLS_ACT 956 select NET_IFE 957 help 958 Say Y here to allow for sourcing and terminating metadata 959 For details refer to netdev01 paper: 960 "Distributing Linux Traffic Control Classifier-Action Subsystem" 961 Authors: Jamal Hadi Salim and Damascene M. Joachimpillai 962 963 To compile this code as a module, choose M here: the 964 module will be called act_ife. 965 966config NET_ACT_TUNNEL_KEY 967 tristate "IP tunnel metadata manipulation" 968 depends on NET_CLS_ACT 969 help 970 Say Y here to set/release ip tunnel metadata. 971 972 If unsure, say N. 973 974 To compile this code as a module, choose M here: the 975 module will be called act_tunnel_key. 976 977config NET_ACT_CT 978 tristate "connection tracking tc action" 979 depends on NET_CLS_ACT && NF_CONNTRACK && NF_NAT && NF_FLOW_TABLE 980 help 981 Say Y here to allow sending the packets to conntrack module. 982 983 If unsure, say N. 984 985 To compile this code as a module, choose M here: the 986 module will be called act_ct. 987 988config NET_ACT_GATE 989 tristate "Frame gate entry list control tc action" 990 depends on NET_CLS_ACT 991 help 992 Say Y here to allow to control the ingress flow to be passed at 993 specific time slot and be dropped at other specific time slot by 994 the gate entry list. 995 996 If unsure, say N. 997 To compile this code as a module, choose M here: the 998 module will be called act_gate. 999 1000config NET_IFE_SKBMARK 1001 tristate "Support to encoding decoding skb mark on IFE action" 1002 depends on NET_ACT_IFE 1003 1004config NET_IFE_SKBPRIO 1005 tristate "Support to encoding decoding skb prio on IFE action" 1006 depends on NET_ACT_IFE 1007 1008config NET_IFE_SKBTCINDEX 1009 tristate "Support to encoding decoding skb tcindex on IFE action" 1010 depends on NET_ACT_IFE 1011 1012config NET_TC_SKB_EXT 1013 bool "TC recirculation support" 1014 depends on NET_CLS_ACT 1015 select SKB_EXTENSIONS 1016 1017 help 1018 Say Y here to allow tc chain misses to continue in OvS datapath in 1019 the correct recirc_id, and hardware chain misses to continue in 1020 the correct chain in tc software datapath. 1021 1022 Say N here if you won't be using tc<->ovs offload or tc chains offload. 1023 1024endif # NET_SCHED 1025 1026config NET_SCH_FIFO 1027 bool