Version:  2.0.40 2.2.26 2.4.37 3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13 3.14 3.15 3.16 3.17

Linux/net/ipv4/Kconfig

  1 #
  2 # IP configuration
  3 #
  4 config IP_MULTICAST
  5         bool "IP: multicasting"
  6         help
  7           This is code for addressing several networked computers at once,
  8           enlarging your kernel by about 2 KB. You need multicasting if you
  9           intend to participate in the MBONE, a high bandwidth network on top
 10           of the Internet which carries audio and video broadcasts. More
 11           information about the MBONE is on the WWW at
 12           <http://www.savetz.com/mbone/>. For most people, it's safe to say N.
 13 
 14 config IP_ADVANCED_ROUTER
 15         bool "IP: advanced router"
 16         ---help---
 17           If you intend to run your Linux box mostly as a router, i.e. as a
 18           computer that forwards and redistributes network packets, say Y; you
 19           will then be presented with several options that allow more precise
 20           control about the routing process.
 21 
 22           The answer to this question won't directly affect the kernel:
 23           answering N will just cause the configurator to skip all the
 24           questions about advanced routing.
 25 
 26           Note that your box can only act as a router if you enable IP
 27           forwarding in your kernel; you can do that by saying Y to "/proc
 28           file system support" and "Sysctl support" below and executing the
 29           line
 30 
 31           echo "1" > /proc/sys/net/ipv4/ip_forward
 32 
 33           at boot time after the /proc file system has been mounted.
 34 
 35           If you turn on IP forwarding, you should consider the rp_filter, which
 36           automatically rejects incoming packets if the routing table entry
 37           for their source address doesn't match the network interface they're
 38           arriving on. This has security advantages because it prevents the
 39           so-called IP spoofing, however it can pose problems if you use
 40           asymmetric routing (packets from you to a host take a different path
 41           than packets from that host to you) or if you operate a non-routing
 42           host which has several IP addresses on different interfaces. To turn
 43           rp_filter on use:
 44 
 45           echo 1 > /proc/sys/net/ipv4/conf/<device>/rp_filter
 46            or
 47           echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
 48 
 49           Note that some distributions enable it in startup scripts.
 50           For details about rp_filter strict and loose mode read
 51           <file:Documentation/networking/ip-sysctl.txt>.
 52 
 53           If unsure, say N here.
 54 
 55 config IP_FIB_TRIE_STATS
 56         bool "FIB TRIE statistics"
 57         depends on IP_ADVANCED_ROUTER
 58         ---help---
 59           Keep track of statistics on structure of FIB TRIE table.
 60           Useful for testing and measuring TRIE performance.
 61 
 62 config IP_MULTIPLE_TABLES
 63         bool "IP: policy routing"
 64         depends on IP_ADVANCED_ROUTER
 65         select FIB_RULES
 66         ---help---
 67           Normally, a router decides what to do with a received packet based
 68           solely on the packet's final destination address. If you say Y here,
 69           the Linux router will also be able to take the packet's source
 70           address into account. Furthermore, the TOS (Type-Of-Service) field
 71           of the packet can be used for routing decisions as well.
 72 
 73           If you are interested in this, please see the preliminary
 74           documentation at <http://www.compendium.com.ar/policy-routing.txt>
 75           and <ftp://post.tepkom.ru/pub/vol2/Linux/docs/advanced-routing.tex>.
 76           You will need supporting software from
 77           <ftp://ftp.tux.org/pub/net/ip-routing/>.
 78 
 79           If unsure, say N.
 80 
 81 config IP_ROUTE_MULTIPATH
 82         bool "IP: equal cost multipath"
 83         depends on IP_ADVANCED_ROUTER
 84         help
 85           Normally, the routing tables specify a single action to be taken in
 86           a deterministic manner for a given packet. If you say Y here
 87           however, it becomes possible to attach several actions to a packet
 88           pattern, in effect specifying several alternative paths to travel
 89           for those packets. The router considers all these paths to be of
 90           equal "cost" and chooses one of them in a non-deterministic fashion
 91           if a matching packet arrives.
 92 
 93 config IP_ROUTE_VERBOSE
 94         bool "IP: verbose route monitoring"
 95         depends on IP_ADVANCED_ROUTER
 96         help
 97           If you say Y here, which is recommended, then the kernel will print
 98           verbose messages regarding the routing, for example warnings about
 99           received packets which look strange and could be evidence of an
100           attack or a misconfigured system somewhere. The information is
101           handled by the klogd daemon which is responsible for kernel messages
102           ("man klogd").
103 
104 config IP_ROUTE_CLASSID
105         bool
106 
107 config IP_PNP
108         bool "IP: kernel level autoconfiguration"
109         help
110           This enables automatic configuration of IP addresses of devices and
111           of the routing table during kernel boot, based on either information
112           supplied on the kernel command line or by BOOTP or RARP protocols.
113           You need to say Y only for diskless machines requiring network
114           access to boot (in which case you want to say Y to "Root file system
115           on NFS" as well), because all other machines configure the network
116           in their startup scripts.
117 
118 config IP_PNP_DHCP
119         bool "IP: DHCP support"
120         depends on IP_PNP
121         ---help---
122           If you want your Linux box to mount its whole root file system (the
123           one containing the directory /) from some other computer over the
124           net via NFS and you want the IP address of your computer to be
125           discovered automatically at boot time using the DHCP protocol (a
126           special protocol designed for doing this job), say Y here. In case
127           the boot ROM of your network card was designed for booting Linux and
128           does DHCP itself, providing all necessary information on the kernel
129           command line, you can say N here.
130 
131           If unsure, say Y. Note that if you want to use DHCP, a DHCP server
132           must be operating on your network.  Read
133           <file:Documentation/filesystems/nfs/nfsroot.txt> for details.
134 
135 config IP_PNP_BOOTP
136         bool "IP: BOOTP support"
137         depends on IP_PNP
138         ---help---
139           If you want your Linux box to mount its whole root file system (the
140           one containing the directory /) from some other computer over the
141           net via NFS and you want the IP address of your computer to be
142           discovered automatically at boot time using the BOOTP protocol (a
143           special protocol designed for doing this job), say Y here. In case
144           the boot ROM of your network card was designed for booting Linux and
145           does BOOTP itself, providing all necessary information on the kernel
146           command line, you can say N here. If unsure, say Y. Note that if you
147           want to use BOOTP, a BOOTP server must be operating on your network.
148           Read <file:Documentation/filesystems/nfs/nfsroot.txt> for details.
149 
150 config IP_PNP_RARP
151         bool "IP: RARP support"
152         depends on IP_PNP
153         help
154           If you want your Linux box to mount its whole root file system (the
155           one containing the directory /) from some other computer over the
156           net via NFS and you want the IP address of your computer to be
157           discovered automatically at boot time using the RARP protocol (an
158           older protocol which is being obsoleted by BOOTP and DHCP), say Y
159           here. Note that if you want to use RARP, a RARP server must be
160           operating on your network. Read
161           <file:Documentation/filesystems/nfs/nfsroot.txt> for details.
162 
163 config NET_IPIP
164         tristate "IP: tunneling"
165         select INET_TUNNEL
166         select NET_IP_TUNNEL
167         ---help---
168           Tunneling means encapsulating data of one protocol type within
169           another protocol and sending it over a channel that understands the
170           encapsulating protocol. This particular tunneling driver implements
171           encapsulation of IP within IP, which sounds kind of pointless, but
172           can be useful if you want to make your (or some other) machine
173           appear on a different network than it physically is, or to use
174           mobile-IP facilities (allowing laptops to seamlessly move between
175           networks without changing their IP addresses).
176 
177           Saying Y to this option will produce two modules ( = code which can
178           be inserted in and removed from the running kernel whenever you
179           want). Most people won't need this and can say N.
180 
181 config NET_IPGRE_DEMUX
182         tristate "IP: GRE demultiplexer"
183         help
184          This is helper module to demultiplex GRE packets on GRE version field criteria.
185          Required by ip_gre and pptp modules.
186 
187 config NET_IP_TUNNEL
188         tristate
189         default n
190 
191 config NET_IPGRE
192         tristate "IP: GRE tunnels over IP"
193         depends on (IPV6 || IPV6=n) && NET_IPGRE_DEMUX
194         select NET_IP_TUNNEL
195         help
196           Tunneling means encapsulating data of one protocol type within
197           another protocol and sending it over a channel that understands the
198           encapsulating protocol. This particular tunneling driver implements
199           GRE (Generic Routing Encapsulation) and at this time allows
200           encapsulating of IPv4 or IPv6 over existing IPv4 infrastructure.
201           This driver is useful if the other endpoint is a Cisco router: Cisco
202           likes GRE much better than the other Linux tunneling driver ("IP
203           tunneling" above). In addition, GRE allows multicast redistribution
204           through the tunnel.
205 
206 config NET_IPGRE_BROADCAST
207         bool "IP: broadcast GRE over IP"
208         depends on IP_MULTICAST && NET_IPGRE
209         help
210           One application of GRE/IP is to construct a broadcast WAN (Wide Area
211           Network), which looks like a normal Ethernet LAN (Local Area
212           Network), but can be distributed all over the Internet. If you want
213           to do that, say Y here and to "IP multicast routing" below.
214 
215 config IP_MROUTE
216         bool "IP: multicast routing"
217         depends on IP_MULTICAST
218         help
219           This is used if you want your machine to act as a router for IP
220           packets that have several destination addresses. It is needed on the
221           MBONE, a high bandwidth network on top of the Internet which carries
222           audio and video broadcasts. In order to do that, you would most
223           likely run the program mrouted. If you haven't heard about it, you
224           don't need it.
225 
226 config IP_MROUTE_MULTIPLE_TABLES
227         bool "IP: multicast policy routing"
228         depends on IP_MROUTE && IP_ADVANCED_ROUTER
229         select FIB_RULES
230         help
231           Normally, a multicast router runs a userspace daemon and decides
232           what to do with a multicast packet based on the source and
233           destination addresses. If you say Y here, the multicast router
234           will also be able to take interfaces and packet marks into
235           account and run multiple instances of userspace daemons
236           simultaneously, each one handling a single table.
237 
238           If unsure, say N.
239 
240 config IP_PIMSM_V1
241         bool "IP: PIM-SM version 1 support"
242         depends on IP_MROUTE
243         help
244           Kernel side support for Sparse Mode PIM (Protocol Independent
245           Multicast) version 1. This multicast routing protocol is used widely
246           because Cisco supports it. You need special software to use it
247           (pimd-v1). Please see <http://netweb.usc.edu/pim/> for more
248           information about PIM.
249 
250           Say Y if you want to use PIM-SM v1. Note that you can say N here if
251           you just want to use Dense Mode PIM.
252 
253 config IP_PIMSM_V2
254         bool "IP: PIM-SM version 2 support"
255         depends on IP_MROUTE
256         help
257           Kernel side support for Sparse Mode PIM version 2. In order to use
258           this, you need an experimental routing daemon supporting it (pimd or
259           gated-5). This routing protocol is not used widely, so say N unless
260           you want to play with it.
261 
262 config SYN_COOKIES
263         bool "IP: TCP syncookie support"
264         ---help---
265           Normal TCP/IP networking is open to an attack known as "SYN
266           flooding". This denial-of-service attack prevents legitimate remote
267           users from being able to connect to your computer during an ongoing
268           attack and requires very little work from the attacker, who can
269           operate from anywhere on the Internet.
270 
271           SYN cookies provide protection against this type of attack. If you
272           say Y here, the TCP/IP stack will use a cryptographic challenge
273           protocol known as "SYN cookies" to enable legitimate users to
274           continue to connect, even when your machine is under attack. There
275           is no need for the legitimate users to change their TCP/IP software;
276           SYN cookies work transparently to them. For technical information
277           about SYN cookies, check out <http://cr.yp.to/syncookies.html>.
278 
279           If you are SYN flooded, the source address reported by the kernel is
280           likely to have been forged by the attacker; it is only reported as
281           an aid in tracing the packets to their actual source and should not
282           be taken as absolute truth.
283 
284           SYN cookies may prevent correct error reporting on clients when the
285           server is really overloaded. If this happens frequently better turn
286           them off.
287 
288           If you say Y here, you can disable SYN cookies at run time by
289           saying Y to "/proc file system support" and
290           "Sysctl support" below and executing the command
291 
292           echo 0 > /proc/sys/net/ipv4/tcp_syncookies
293 
294           after the /proc file system has been mounted.
295 
296           If unsure, say N.
297 
298 config NET_IPVTI
299         tristate "Virtual (secure) IP: tunneling"
300         select INET_TUNNEL
301         select NET_IP_TUNNEL
302         depends on INET_XFRM_MODE_TUNNEL
303         ---help---
304           Tunneling means encapsulating data of one protocol type within
305           another protocol and sending it over a channel that understands the
306           encapsulating protocol. This can be used with xfrm mode tunnel to give
307           the notion of a secure tunnel for IPSEC and then use routing protocol
308           on top.
309 
310 config NET_UDP_TUNNEL
311         tristate
312         default n
313 
314 config INET_AH
315         tristate "IP: AH transformation"
316         select XFRM_ALGO
317         select CRYPTO
318         select CRYPTO_HMAC
319         select CRYPTO_MD5
320         select CRYPTO_SHA1
321         ---help---
322           Support for IPsec AH.
323 
324           If unsure, say Y.
325 
326 config INET_ESP
327         tristate "IP: ESP transformation"
328         select XFRM_ALGO
329         select CRYPTO
330         select CRYPTO_AUTHENC
331         select CRYPTO_HMAC
332         select CRYPTO_MD5
333         select CRYPTO_CBC
334         select CRYPTO_SHA1
335         select CRYPTO_DES
336         ---help---
337           Support for IPsec ESP.
338 
339           If unsure, say Y.
340 
341 config INET_IPCOMP
342         tristate "IP: IPComp transformation"
343         select INET_XFRM_TUNNEL
344         select XFRM_IPCOMP
345         ---help---
346           Support for IP Payload Compression Protocol (IPComp) (RFC3173),
347           typically needed for IPsec.
348 
349           If unsure, say Y.
350 
351 config INET_XFRM_TUNNEL
352         tristate
353         select INET_TUNNEL
354         default n
355 
356 config INET_TUNNEL
357         tristate
358         default n
359 
360 config INET_XFRM_MODE_TRANSPORT
361         tristate "IP: IPsec transport mode"
362         default y
363         select XFRM
364         ---help---
365           Support for IPsec transport mode.
366 
367           If unsure, say Y.
368 
369 config INET_XFRM_MODE_TUNNEL
370         tristate "IP: IPsec tunnel mode"
371         default y
372         select XFRM
373         ---help---
374           Support for IPsec tunnel mode.
375 
376           If unsure, say Y.
377 
378 config INET_XFRM_MODE_BEET
379         tristate "IP: IPsec BEET mode"
380         default y
381         select XFRM
382         ---help---
383           Support for IPsec BEET mode.
384 
385           If unsure, say Y.
386 
387 config INET_LRO
388         tristate "Large Receive Offload (ipv4/tcp)"
389         default y
390         ---help---
391           Support for Large Receive Offload (ipv4/tcp).
392 
393           If unsure, say Y.
394 
395 config INET_DIAG
396         tristate "INET: socket monitoring interface"
397         default y
398         ---help---
399           Support for INET (TCP, DCCP, etc) socket monitoring interface used by
400           native Linux tools such as ss. ss is included in iproute2, currently
401           downloadable at:
402           
403             http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2
404 
405           If unsure, say Y.
406 
407 config INET_TCP_DIAG
408         depends on INET_DIAG
409         def_tristate INET_DIAG
410 
411 config INET_UDP_DIAG
412         tristate "UDP: socket monitoring interface"
413         depends on INET_DIAG && (IPV6 || IPV6=n)
414         default n
415         ---help---
416           Support for UDP socket monitoring interface used by the ss tool.
417           If unsure, say Y.
418 
419 menuconfig TCP_CONG_ADVANCED
420         bool "TCP: advanced congestion control"
421         ---help---
422           Support for selection of various TCP congestion control
423           modules.
424 
425           Nearly all users can safely say no here, and a safe default
426           selection will be made (CUBIC with new Reno as a fallback).
427 
428           If unsure, say N.
429 
430 if TCP_CONG_ADVANCED
431 
432 config TCP_CONG_BIC
433         tristate "Binary Increase Congestion (BIC) control"
434         default m
435         ---help---
436         BIC-TCP is a sender-side only change that ensures a linear RTT
437         fairness under large windows while offering both scalability and
438         bounded TCP-friendliness. The protocol combines two schemes
439         called additive increase and binary search increase. When the
440         congestion window is large, additive increase with a large
441         increment ensures linear RTT fairness as well as good
442         scalability. Under small congestion windows, binary search
443         increase provides TCP friendliness.
444         See http://www.csc.ncsu.edu/faculty/rhee/export/bitcp/
445 
446 config TCP_CONG_CUBIC
447         tristate "CUBIC TCP"
448         default y
449         ---help---
450         This is version 2.0 of BIC-TCP which uses a cubic growth function
451         among other techniques.
452         See http://www.csc.ncsu.edu/faculty/rhee/export/bitcp/cubic-paper.pdf
453 
454 config TCP_CONG_WESTWOOD
455         tristate "TCP Westwood+"
456         default m
457         ---help---
458         TCP Westwood+ is a sender-side only modification of the TCP Reno
459         protocol stack that optimizes the performance of TCP congestion
460         control. It is based on end-to-end bandwidth estimation to set
461         congestion window and slow start threshold after a congestion
462         episode. Using this estimation, TCP Westwood+ adaptively sets a
463         slow start threshold and a congestion window which takes into
464         account the bandwidth used  at the time congestion is experienced.
465         TCP Westwood+ significantly increases fairness wrt TCP Reno in
466         wired networks and throughput over wireless links.
467 
468 config TCP_CONG_HTCP
469         tristate "H-TCP"
470         default m
471         ---help---
472         H-TCP is a send-side only modifications of the TCP Reno
473         protocol stack that optimizes the performance of TCP
474         congestion control for high speed network links. It uses a
475         modeswitch to change the alpha and beta parameters of TCP Reno
476         based on network conditions and in a way so as to be fair with
477         other Reno and H-TCP flows.
478 
479 config TCP_CONG_HSTCP
480         tristate "High Speed TCP"
481         default n
482         ---help---
483         Sally Floyd's High Speed TCP (RFC 3649) congestion control.
484         A modification to TCP's congestion control mechanism for use
485         with large congestion windows. A table indicates how much to
486         increase the congestion window by when an ACK is received.
487         For more detail see http://www.icir.org/floyd/hstcp.html
488 
489 config TCP_CONG_HYBLA
490         tristate "TCP-Hybla congestion control algorithm"
491         default n
492         ---help---
493         TCP-Hybla is a sender-side only change that eliminates penalization of
494         long-RTT, large-bandwidth connections, like when satellite legs are
495         involved, especially when sharing a common bottleneck with normal
496         terrestrial connections.
497 
498 config TCP_CONG_VEGAS
499         tristate "TCP Vegas"
500         default n
501         ---help---
502         TCP Vegas is a sender-side only change to TCP that anticipates
503         the onset of congestion by estimating the bandwidth. TCP Vegas
504         adjusts the sending rate by modifying the congestion
505         window. TCP Vegas should provide less packet loss, but it is
506         not as aggressive as TCP Reno.
507 
508 config TCP_CONG_SCALABLE
509         tristate "Scalable TCP"
510         default n
511         ---help---
512         Scalable TCP is a sender-side only change to TCP which uses a
513         MIMD congestion control algorithm which has some nice scaling
514         properties, though is known to have fairness issues.
515         See http://www.deneholme.net/tom/scalable/
516 
517 config TCP_CONG_LP
518         tristate "TCP Low Priority"
519         default n
520         ---help---
521         TCP Low Priority (TCP-LP), a distributed algorithm whose goal is
522         to utilize only the excess network bandwidth as compared to the
523         ``fair share`` of bandwidth as targeted by TCP.
524         See http://www-ece.rice.edu/networks/TCP-LP/
525 
526 config TCP_CONG_VENO
527         tristate "TCP Veno"
528         default n
529         ---help---
530         TCP Veno is a sender-side only enhancement of TCP to obtain better
531         throughput over wireless networks. TCP Veno makes use of state
532         distinguishing to circumvent the difficult judgment of the packet loss
533         type. TCP Veno cuts down less congestion window in response to random
534         loss packets.
535         See <http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=1177186> 
536 
537 config TCP_CONG_YEAH
538         tristate "YeAH TCP"
539         select TCP_CONG_VEGAS
540         default n
541         ---help---
542         YeAH-TCP is a sender-side high-speed enabled TCP congestion control
543         algorithm, which uses a mixed loss/delay approach to compute the
544         congestion window. It's design goals target high efficiency,
545         internal, RTT and Reno fairness, resilience to link loss while
546         keeping network elements load as low as possible.
547 
548         For further details look here:
549           http://wil.cs.caltech.edu/pfldnet2007/paper/YeAH_TCP.pdf
550 
551 config TCP_CONG_ILLINOIS
552         tristate "TCP Illinois"
553         default n
554         ---help---
555         TCP-Illinois is a sender-side modification of TCP Reno for
556         high speed long delay links. It uses round-trip-time to
557         adjust the alpha and beta parameters to achieve a higher average
558         throughput and maintain fairness.
559 
560         For further details see:
561           http://www.ews.uiuc.edu/~shaoliu/tcpillinois/index.html
562 
563 choice
564         prompt "Default TCP congestion control"
565         default DEFAULT_CUBIC
566         help
567           Select the TCP congestion control that will be used by default
568           for all connections.
569 
570         config DEFAULT_BIC
571                 bool "Bic" if TCP_CONG_BIC=y
572 
573         config DEFAULT_CUBIC
574                 bool "Cubic" if TCP_CONG_CUBIC=y
575 
576         config DEFAULT_HTCP
577                 bool "Htcp" if TCP_CONG_HTCP=y
578 
579         config DEFAULT_HYBLA
580                 bool "Hybla" if TCP_CONG_HYBLA=y
581 
582         config DEFAULT_VEGAS
583                 bool "Vegas" if TCP_CONG_VEGAS=y
584 
585         config DEFAULT_VENO
586                 bool "Veno" if TCP_CONG_VENO=y
587 
588         config DEFAULT_WESTWOOD
589                 bool "Westwood" if TCP_CONG_WESTWOOD=y
590 
591         config DEFAULT_RENO
592                 bool "Reno"
593 
594 endchoice
595 
596 endif
597 
598 config TCP_CONG_CUBIC
599         tristate
600         depends on !TCP_CONG_ADVANCED
601         default y
602 
603 config DEFAULT_TCP_CONG
604         string
605         default "bic" if DEFAULT_BIC
606         default "cubic" if DEFAULT_CUBIC
607         default "htcp" if DEFAULT_HTCP
608         default "hybla" if DEFAULT_HYBLA
609         default "vegas" if DEFAULT_VEGAS
610         default "westwood" if DEFAULT_WESTWOOD
611         default "veno" if DEFAULT_VENO
612         default "reno" if DEFAULT_RENO
613         default "cubic"
614 
615 config TCP_MD5SIG
616         bool "TCP: MD5 Signature Option support (RFC2385)"
617         select CRYPTO
618         select CRYPTO_MD5
619         ---help---
620           RFC2385 specifies a method of giving MD5 protection to TCP sessions.
621           Its main (only?) use is to protect BGP sessions between core routers
622           on the Internet.
623 
624           If unsure, say N.

This page was automatically generated by LXR 0.3.1 (source).  •  Linux is a registered trademark of Linus Torvalds  •  Contact us