Loading...
1# SPDX-License-Identifier: GPL-2.0-only
2#
3# Traffic control configuration.
4#
5
6menuconfig NET_SCHED
7 bool "QoS and/or fair queueing"
8 select NET_SCH_FIFO
9 help
10 When the kernel has several packets to send out over a network
11 device, it has to decide which ones to send first, which ones to
12 delay, and which ones to drop. This is the job of the queueing
13 disciplines, several different algorithms for how to do this
14 "fairly" have been proposed.
15
16 If you say N here, you will get the standard packet scheduler, which
17 is a FIFO (first come, first served). If you say Y here, you will be
18 able to choose from among several alternative algorithms which can
19 then be attached to different network devices. This is useful for
20 example if some of your network devices are real time devices that
21 need a certain minimum data flow rate, or if you need to limit the
22 maximum data flow rate for traffic which matches specified criteria.
23 This code is considered to be experimental.
24
25 To administer these schedulers, you'll need the user-level utilities
26 from the package iproute2+tc at
27 <https://www.kernel.org/pub/linux/utils/net/iproute2/>. That package
28 also contains some documentation; for more, check out
29 <http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2>.
30
31 This Quality of Service (QoS) support will enable you to use
32 Differentiated Services (diffserv) and Resource Reservation Protocol
33 (RSVP) on your Linux router if you also say Y to the corresponding
34 classifiers below. Documentation and software is at
35 <http://diffserv.sourceforge.net/>.
36
37 If you say Y here and to "/proc file system" below, you will be able
38 to read status information about packet schedulers from the file
39 /proc/net/psched.
40
41 The available schedulers are listed in the following questions; you
42 can say Y to as many as you like. If unsure, say N now.
43
44if NET_SCHED
45
46comment "Queueing/Scheduling"
47
48config NET_SCH_HTB
49 tristate "Hierarchical Token Bucket (HTB)"
50 help
51 Say Y here if you want to use the Hierarchical Token Buckets (HTB)
52 packet scheduling algorithm. See
53 <http://luxik.cdi.cz/~devik/qos/htb/> for complete manual and
54 in-depth articles.
55
56 HTB is very similar to CBQ regarding its goals however is has
57 different properties and different algorithm.
58
59 To compile this code as a module, choose M here: the
60 module will be called sch_htb.
61
62config NET_SCH_HFSC
63 tristate "Hierarchical Fair Service Curve (HFSC)"
64 help
65 Say Y here if you want to use the Hierarchical Fair Service Curve
66 (HFSC) packet scheduling algorithm.
67
68 To compile this code as a module, choose M here: the
69 module will be called sch_hfsc.
70
71config NET_SCH_PRIO
72 tristate "Multi Band Priority Queueing (PRIO)"
73 help
74 Say Y here if you want to use an n-band priority queue packet
75 scheduler.
76
77 To compile this code as a module, choose M here: the
78 module will be called sch_prio.
79
80config NET_SCH_MULTIQ
81 tristate "Hardware Multiqueue-aware Multi Band Queuing (MULTIQ)"
82 help
83 Say Y here if you want to use an n-band queue packet scheduler
84 to support devices that have multiple hardware transmit queues.
85
86 To compile this code as a module, choose M here: the
87 module will be called sch_multiq.
88
89config NET_SCH_RED
90 tristate "Random Early Detection (RED)"
91 help
92 Say Y here if you want to use the Random Early Detection (RED)
93 packet scheduling algorithm.
94
95 See the top of <file:net/sched/sch_red.c> for more details.
96
97 To compile this code as a module, choose M here: the
98 module will be called sch_red.
99
100config NET_SCH_SFB
101 tristate "Stochastic Fair Blue (SFB)"
102 help
103 Say Y here if you want to use the Stochastic Fair Blue (SFB)
104 packet scheduling algorithm.
105
106 See the top of <file:net/sched/sch_sfb.c> for more details.
107
108 To compile this code as a module, choose M here: the
109 module will be called sch_sfb.
110
111config NET_SCH_SFQ
112 tristate "Stochastic Fairness Queueing (SFQ)"
113 help
114 Say Y here if you want to use the Stochastic Fairness Queueing (SFQ)
115 packet scheduling algorithm.
116
117 See the top of <file:net/sched/sch_sfq.c> for more details.
118
119 To compile this code as a module, choose M here: the
120 module will be called sch_sfq.
121
122config NET_SCH_TEQL
123 tristate "True Link Equalizer (TEQL)"
124 help
125 Say Y here if you want to use the True Link Equalizer (TLE) packet
126 scheduling algorithm. This queueing discipline allows the combination
127 of several physical devices into one virtual device.
128
129 See the top of <file:net/sched/sch_teql.c> for more details.
130
131 To compile this code as a module, choose M here: the
132 module will be called sch_teql.
133
134config NET_SCH_TBF
135 tristate "Token Bucket Filter (TBF)"
136 help
137 Say Y here if you want to use the Token Bucket Filter (TBF) packet
138 scheduling algorithm.
139
140 See the top of <file:net/sched/sch_tbf.c> for more details.
141
142 To compile this code as a module, choose M here: the
143 module will be called sch_tbf.
144
145config NET_SCH_CBS
146 tristate "Credit Based Shaper (CBS)"
147 help
148 Say Y here if you want to use the Credit Based Shaper (CBS) packet
149 scheduling algorithm.
150
151 See the top of <file:net/sched/sch_cbs.c> for more details.
152
153 To compile this code as a module, choose M here: the
154 module will be called sch_cbs.
155
156config NET_SCH_ETF
157 tristate "Earliest TxTime First (ETF)"
158 help
159 Say Y here if you want to use the Earliest TxTime First (ETF) packet
160 scheduling algorithm.
161
162 See the top of <file:net/sched/sch_etf.c> for more details.
163
164 To compile this code as a module, choose M here: the
165 module will be called sch_etf.
166
167config NET_SCH_MQPRIO_LIB
168 tristate
169 help
170 Common library for manipulating mqprio queue configurations.
171
172config NET_SCH_TAPRIO
173 tristate "Time Aware Priority (taprio) Scheduler"
174 select NET_SCH_MQPRIO_LIB
175 help
176 Say Y here if you want to use the Time Aware Priority (taprio) packet
177 scheduling algorithm.
178
179 See the top of <file:net/sched/sch_taprio.c> for more details.
180
181 To compile this code as a module, choose M here: the
182 module will be called sch_taprio.
183
184config NET_SCH_GRED
185 tristate "Generic Random Early Detection (GRED)"
186 help
187 Say Y here if you want to use the Generic Random Early Detection
188 (GRED) packet scheduling algorithm for some of your network devices
189 (see the top of <file:net/sched/sch_red.c> for details and
190 references about the algorithm).
191
192 To compile this code as a module, choose M here: the
193 module will be called sch_gred.
194
195config NET_SCH_NETEM
196 tristate "Network emulator (NETEM)"
197 help
198 Say Y if you want to emulate network delay, loss, and packet
199 re-ordering. This is often useful to simulate networks when
200 testing applications or protocols.
201
202 To compile this driver as a module, choose M here: the module
203 will be called sch_netem.
204
205 If unsure, say N.
206
207config NET_SCH_DRR
208 tristate "Deficit Round Robin scheduler (DRR)"
209 help
210 Say Y here if you want to use the Deficit Round Robin (DRR) packet
211 scheduling algorithm.
212
213 To compile this driver as a module, choose M here: the module
214 will be called sch_drr.
215
216 If unsure, say N.
217
218config NET_SCH_MQPRIO
219 tristate "Multi-queue priority scheduler (MQPRIO)"
220 select NET_SCH_MQPRIO_LIB
221 help
222 Say Y here if you want to use the Multi-queue Priority scheduler.
223 This scheduler allows QOS to be offloaded on NICs that have support
224 for offloading QOS schedulers.
225
226 To compile this driver as a module, choose M here: the module will
227 be called sch_mqprio.
228
229 If unsure, say N.
230
231config NET_SCH_SKBPRIO
232 tristate "SKB priority queue scheduler (SKBPRIO)"
233 help
234 Say Y here if you want to use the SKB priority queue
235 scheduler. This schedules packets according to skb->priority,
236 which is useful for request packets in DoS mitigation systems such
237 as Gatekeeper.
238
239 To compile this driver as a module, choose M here: the module will
240 be called sch_skbprio.
241
242 If unsure, say N.
243
244config NET_SCH_CHOKE
245 tristate "CHOose and Keep responsive flow scheduler (CHOKE)"
246 help
247 Say Y here if you want to use the CHOKe packet scheduler (CHOose
248 and Keep for responsive flows, CHOose and Kill for unresponsive
249 flows). This is a variation of RED which tries to penalize flows
250 that monopolize the queue.
251
252 To compile this code as a module, choose M here: the
253 module will be called sch_choke.
254
255config NET_SCH_QFQ
256 tristate "Quick Fair Queueing scheduler (QFQ)"
257 help
258 Say Y here if you want to use the Quick Fair Queueing Scheduler (QFQ)
259 packet scheduling algorithm.
260
261 To compile this driver as a module, choose M here: the module
262 will be called sch_qfq.
263
264 If unsure, say N.
265
266config NET_SCH_CODEL
267 tristate "Controlled Delay AQM (CODEL)"
268 help
269 Say Y here if you want to use the Controlled Delay (CODEL)
270 packet scheduling algorithm.
271
272 To compile this driver as a module, choose M here: the module
273 will be called sch_codel.
274
275 If unsure, say N.
276
277config NET_SCH_FQ_CODEL
278 tristate "Fair Queue Controlled Delay AQM (FQ_CODEL)"
279 help
280 Say Y here if you want to use the FQ Controlled Delay (FQ_CODEL)
281 packet scheduling algorithm.
282
283 To compile this driver as a module, choose M here: the module
284 will be called sch_fq_codel.
285
286 If unsure, say N.
287
288config NET_SCH_CAKE
289 tristate "Common Applications Kept Enhanced (CAKE)"
290 help
291 Say Y here if you want to use the Common Applications Kept Enhanced
292 (CAKE) queue management algorithm.
293
294 To compile this driver as a module, choose M here: the module
295 will be called sch_cake.
296
297 If unsure, say N.
298
299config NET_SCH_FQ
300 tristate "Fair Queue"
301 help
302 Say Y here if you want to use the FQ packet scheduling algorithm.
303
304 FQ does flow separation, and is able to respect pacing requirements
305 set by TCP stack into sk->sk_pacing_rate (for locally generated
306 traffic)
307
308 To compile this driver as a module, choose M here: the module
309 will be called sch_fq.
310
311 If unsure, say N.
312
313config NET_SCH_HHF
314 tristate "Heavy-Hitter Filter (HHF)"
315 help
316 Say Y here if you want to use the Heavy-Hitter Filter (HHF)
317 packet scheduling algorithm.
318
319 To compile this driver as a module, choose M here: the module
320 will be called sch_hhf.
321
322config NET_SCH_PIE
323 tristate "Proportional Integral controller Enhanced (PIE) scheduler"
324 help
325 Say Y here if you want to use the Proportional Integral controller
326 Enhanced scheduler packet scheduling algorithm.
327 For more information, please see https://tools.ietf.org/html/rfc8033
328
329 To compile this driver as a module, choose M here: the module
330 will be called sch_pie.
331
332 If unsure, say N.
333
334config NET_SCH_FQ_PIE
335 depends on NET_SCH_PIE
336 tristate "Flow Queue Proportional Integral controller Enhanced (FQ-PIE)"
337 help
338 Say Y here if you want to use the Flow Queue Proportional Integral
339 controller Enhanced (FQ-PIE) packet scheduling algorithm.
340 For more information, please see https://tools.ietf.org/html/rfc8033
341
342 To compile this driver as a module, choose M here: the module
343 will be called sch_fq_pie.
344
345 If unsure, say N.
346
347config NET_SCH_INGRESS
348 tristate "Ingress/classifier-action Qdisc"
349 depends on NET_CLS_ACT
350 select NET_XGRESS
351 help
352 Say Y here if you want to use classifiers for incoming and/or outgoing
353 packets. This qdisc doesn't do anything else besides running classifiers,
354 which can also have actions attached to them. In case of outgoing packets,
355 classifiers that this qdisc holds are executed in the transmit path
356 before real enqueuing to an egress qdisc happens.
357
358 If unsure, say Y.
359
360 To compile this code as a module, choose M here: the module will be
361 called sch_ingress with alias of sch_clsact.
362
363config NET_SCH_PLUG
364 tristate "Plug network traffic until release (PLUG)"
365 help
366
367 This queuing discipline allows userspace to plug/unplug a network
368 output queue, using the netlink interface. When it receives an
369 enqueue command it inserts a plug into the outbound queue that
370 causes following packets to enqueue until a dequeue command arrives
371 over netlink, causing the plug to be removed and resuming the normal
372 packet flow.
373
374 This module also provides a generic "network output buffering"
375 functionality (aka output commit), wherein upon arrival of a dequeue
376 command, only packets up to the first plug are released for delivery.
377 The Remus HA project uses this module to enable speculative execution
378 of virtual machines by allowing the generated network output to be rolled
379 back if needed.
380
381 For more information, please refer to <http://wiki.xenproject.org/wiki/Remus>
382
383 Say Y here if you are using this kernel for Xen dom0 and
384 want to protect Xen guests with Remus.
385
386 To compile this code as a module, choose M here: the
387 module will be called sch_plug.
388
389config NET_SCH_ETS
390 tristate "Enhanced transmission selection scheduler (ETS)"
391 help
392 The Enhanced Transmission Selection scheduler is a classful
393 queuing discipline that merges functionality of PRIO and DRR
394 qdiscs in one scheduler. ETS makes it easy to configure a set of
395 strict and bandwidth-sharing bands to implement the transmission
396 selection described in 802.1Qaz.
397
398 Say Y here if you want to use the ETS packet scheduling
399 algorithm.
400
401 To compile this driver as a module, choose M here: the module
402 will be called sch_ets.
403
404 If unsure, say N.
405
406menuconfig NET_SCH_DEFAULT
407 bool "Allow override default queue discipline"
408 help
409 Support for selection of default queuing discipline.
410
411 Nearly all users can safely say no here, and the default
412 of pfifo_fast will be used. Many distributions already set
413 the default value via /proc/sys/net/core/default_qdisc.
414
415 If unsure, say N.
416
417if NET_SCH_DEFAULT
418
419choice
420 prompt "Default queuing discipline"
421 default DEFAULT_PFIFO_FAST
422 help
423 Select the queueing discipline that will be used by default
424 for all network devices.
425
426 config DEFAULT_FQ
427 bool "Fair Queue" if NET_SCH_FQ
428
429 config DEFAULT_CODEL
430 bool "Controlled Delay" if NET_SCH_CODEL
431
432 config DEFAULT_FQ_CODEL
433 bool "Fair Queue Controlled Delay" if NET_SCH_FQ_CODEL
434
435 config DEFAULT_FQ_PIE
436 bool "Flow Queue Proportional Integral controller Enhanced" if NET_SCH_FQ_PIE
437
438 config DEFAULT_SFQ
439 bool "Stochastic Fair Queue" if NET_SCH_SFQ
440
441 config DEFAULT_PFIFO_FAST
442 bool "Priority FIFO Fast"
443endchoice
444
445config DEFAULT_NET_SCH
446 string
447 default "pfifo_fast" if DEFAULT_PFIFO_FAST
448 default "fq" if DEFAULT_FQ
449 default "fq_codel" if DEFAULT_FQ_CODEL
450 default "fq_pie" if DEFAULT_FQ_PIE
451 default "sfq" if DEFAULT_SFQ
452 default "pfifo_fast"
453endif
454
455comment "Classification"
456
457config NET_CLS
458 bool
459
460config NET_CLS_BASIC
461 tristate "Elementary classification (BASIC)"
462 select NET_CLS
463 help
464 Say Y here if you want to be able to classify packets using
465 only extended matches and actions.
466
467 To compile this code as a module, choose M here: the
468 module will be called cls_basic.
469
470config NET_CLS_ROUTE4
471 tristate "Routing decision (ROUTE)"
472 depends on INET
473 select IP_ROUTE_CLASSID
474 select NET_CLS
475 help
476 If you say Y here, you will be able to classify packets
477 according to the route table entry they matched.
478
479 To compile this code as a module, choose M here: the
480 module will be called cls_route.
481
482config NET_CLS_FW
483 tristate "Netfilter mark (FW)"
484 select NET_CLS
485 help
486 If you say Y here, you will be able to classify packets
487 according to netfilter/firewall marks.
488
489 To compile this code as a module, choose M here: the
490 module will be called cls_fw.
491
492config NET_CLS_U32
493 tristate "Universal 32bit comparisons w/ hashing (U32)"
494 select NET_CLS
495 help
496 Say Y here to be able to classify packets using a universal
497 32bit pieces based comparison scheme.
498
499 To compile this code as a module, choose M here: the
500 module will be called cls_u32.
501
502config CLS_U32_PERF
503 bool "Performance counters support"
504 depends on NET_CLS_U32
505 help
506 Say Y here to make u32 gather additional statistics useful for
507 fine tuning u32 classifiers.
508
509config CLS_U32_MARK
510 bool "Netfilter marks support"
511 depends on NET_CLS_U32
512 help
513 Say Y here to be able to use netfilter marks as u32 key.
514
515config NET_CLS_FLOW
516 tristate "Flow classifier"
517 select NET_CLS
518 help
519 If you say Y here, you will be able to classify packets based on
520 a configurable combination of packet keys. This is mostly useful
521 in combination with SFQ.
522
523 To compile this code as a module, choose M here: the
524 module will be called cls_flow.
525
526config NET_CLS_CGROUP
527 tristate "Control Group Classifier"
528 select NET_CLS
529 select CGROUP_NET_CLASSID
530 depends on CGROUPS
531 help
532 Say Y here if you want to classify packets based on the control
533 cgroup of their process.
534
535 To compile this code as a module, choose M here: the
536 module will be called cls_cgroup.
537
538config NET_CLS_BPF
539 tristate "BPF-based classifier"
540 select NET_CLS
541 help
542 If you say Y here, you will be able to classify packets based on
543 programmable BPF (JIT'ed) filters as an alternative to ematches.
544
545 To compile this code as a module, choose M here: the module will
546 be called cls_bpf.
547
548config NET_CLS_FLOWER
549 tristate "Flower classifier"
550 select NET_CLS
551 help
552 If you say Y here, you will be able to classify packets based on
553 a configurable combination of packet keys and masks.
554
555 To compile this code as a module, choose M here: the module will
556 be called cls_flower.
557
558config NET_CLS_MATCHALL
559 tristate "Match-all classifier"
560 select NET_CLS
561 help
562 If you say Y here, you will be able to classify packets based on
563 nothing. Every packet will match.
564
565 To compile this code as a module, choose M here: the module will
566 be called cls_matchall.
567
568config NET_EMATCH
569 bool "Extended Matches"
570 select NET_CLS
571 help
572 Say Y here if you want to use extended matches on top of classifiers
573 and select the extended matches below.
574
575 Extended matches are small classification helpers not worth writing
576 a separate classifier for.
577
578 A recent version of the iproute2 package is required to use
579 extended matches.
580
581config NET_EMATCH_STACK
582 int "Stack size"
583 depends on NET_EMATCH
584 default "32"
585 help
586 Size of the local stack variable used while evaluating the tree of
587 ematches. Limits the depth of the tree, i.e. the number of
588 encapsulated precedences. Every level requires 4 bytes of additional
589 stack space.
590
591config NET_EMATCH_CMP
592 tristate "Simple packet data comparison"
593 depends on NET_EMATCH
594 help
595 Say Y here if you want to be able to classify packets based on
596 simple packet data comparisons for 8, 16, and 32bit values.
597
598 To compile this code as a module, choose M here: the
599 module will be called em_cmp.
600
601config NET_EMATCH_NBYTE
602 tristate "Multi byte comparison"
603 depends on NET_EMATCH
604 help
605 Say Y here if you want to be able to classify packets based on
606 multiple byte comparisons mainly useful for IPv6 address comparisons.
607
608 To compile this code as a module, choose M here: the
609 module will be called em_nbyte.
610
611config NET_EMATCH_U32
612 tristate "U32 key"
613 depends on NET_EMATCH
614 help
615 Say Y here if you want to be able to classify packets using
616 the famous u32 key in combination with logic relations.
617
618 To compile this code as a module, choose M here: the
619 module will be called em_u32.
620
621config NET_EMATCH_META
622 tristate "Metadata"
623 depends on NET_EMATCH
624 help
625 Say Y here if you want to be able to classify packets based on
626 metadata such as load average, netfilter attributes, socket
627 attributes and routing decisions.
628
629 To compile this code as a module, choose M here: the
630 module will be called em_meta.
631
632config NET_EMATCH_TEXT
633 tristate "Textsearch"
634 depends on NET_EMATCH
635 select TEXTSEARCH
636 select TEXTSEARCH_KMP
637 select TEXTSEARCH_BM
638 select TEXTSEARCH_FSM
639 help
640 Say Y here if you want to be able to classify packets based on
641 textsearch comparisons.
642
643 To compile this code as a module, choose M here: the
644 module will be called em_text.
645
646config NET_EMATCH_CANID
647 tristate "CAN Identifier"
648 depends on NET_EMATCH && (CAN=y || CAN=m)
649 help
650 Say Y here if you want to be able to classify CAN frames based
651 on CAN Identifier.
652
653 To compile this code as a module, choose M here: the
654 module will be called em_canid.
655
656config NET_EMATCH_IPSET
657 tristate "IPset"
658 depends on NET_EMATCH && IP_SET
659 help
660 Say Y here if you want to be able to classify packets based on
661 ipset membership.
662
663 To compile this code as a module, choose M here: the
664 module will be called em_ipset.
665
666config NET_EMATCH_IPT
667 tristate "IPtables Matches"
668 depends on NET_EMATCH && NETFILTER && NETFILTER_XTABLES
669 help
670 Say Y here to be able to classify packets based on iptables
671 matches.
672 Current supported match is "policy" which allows packet classification
673 based on IPsec policy that was used during decapsulation
674
675 To compile this code as a module, choose M here: the
676 module will be called em_ipt.
677
678config NET_CLS_ACT
679 bool "Actions"
680 select NET_CLS
681 select NET_XGRESS
682 help
683 Say Y here if you want to use traffic control actions. Actions
684 get attached to classifiers and are invoked after a successful
685 classification. They are used to overwrite the classification
686 result, instantly drop or redirect packets, etc.
687
688 A recent version of the iproute2 package is required to use
689 extended matches.
690
691config NET_ACT_POLICE
692 tristate "Traffic Policing"
693 depends on NET_CLS_ACT
694 help
695 Say Y here if you want to do traffic policing, i.e. strict
696 bandwidth limiting. This action replaces the existing policing
697 module.
698
699 To compile this code as a module, choose M here: the
700 module will be called act_police.
701
702config NET_ACT_GACT
703 tristate "Generic actions"
704 depends on NET_CLS_ACT
705 help
706 Say Y here to take generic actions such as dropping and
707 accepting packets.
708
709 To compile this code as a module, choose M here: the
710 module will be called act_gact.
711
712config GACT_PROB
713 bool "Probability support"
714 depends on NET_ACT_GACT
715 help
716 Say Y here to use the generic action randomly or deterministically.
717
718config NET_ACT_MIRRED
719 tristate "Redirecting and Mirroring"
720 depends on NET_CLS_ACT
721 help
722 Say Y here to allow packets to be mirrored or redirected to
723 other devices.
724
725 To compile this code as a module, choose M here: the
726 module will be called act_mirred.
727
728config NET_ACT_SAMPLE
729 tristate "Traffic Sampling"
730 depends on NET_CLS_ACT
731 select PSAMPLE
732 help
733 Say Y here to allow packet sampling tc action. The packet sample
734 action consists of statistically choosing packets and sampling
735 them using the psample module.
736
737 To compile this code as a module, choose M here: the
738 module will be called act_sample.
739
740config NET_ACT_NAT
741 tristate "Stateless NAT"
742 depends on NET_CLS_ACT
743 help
744 Say Y here to do stateless NAT on IPv4 packets. You should use
745 netfilter for NAT unless you know what you are doing.
746
747 To compile this code as a module, choose M here: the
748 module will be called act_nat.
749
750config NET_ACT_PEDIT
751 tristate "Packet Editing"
752 depends on NET_CLS_ACT
753 help
754 Say Y here if you want to mangle the content of packets.
755
756 To compile this code as a module, choose M here: the
757 module will be called act_pedit.
758
759config NET_ACT_SIMP
760 tristate "Simple Example (Debug)"
761 depends on NET_CLS_ACT
762 help
763 Say Y here to add a simple action for demonstration purposes.
764 It is meant as an example and for debugging purposes. It will
765 print a configured policy string followed by the packet count
766 to the console for every packet that passes by.
767
768 If unsure, say N.
769
770 To compile this code as a module, choose M here: the
771 module will be called act_simple.
772
773config NET_ACT_SKBEDIT
774 tristate "SKB Editing"
775 depends on NET_CLS_ACT
776 help
777 Say Y here to change skb priority or queue_mapping settings.
778
779 If unsure, say N.
780
781 To compile this code as a module, choose M here: the
782 module will be called act_skbedit.
783
784config NET_ACT_CSUM
785 tristate "Checksum Updating"
786 depends on NET_CLS_ACT && INET
787 select LIBCRC32C
788 help
789 Say Y here to update some common checksum after some direct
790 packet alterations.
791
792 To compile this code as a module, choose M here: the
793 module will be called act_csum.
794
795config NET_ACT_MPLS
796 tristate "MPLS manipulation"
797 depends on NET_CLS_ACT
798 help
799 Say Y here to push or pop MPLS headers.
800
801 If unsure, say N.
802
803 To compile this code as a module, choose M here: the
804 module will be called act_mpls.
805
806config NET_ACT_VLAN
807 tristate "Vlan manipulation"
808 depends on NET_CLS_ACT
809 help
810 Say Y here to push or pop vlan headers.
811
812 If unsure, say N.
813
814 To compile this code as a module, choose M here: the
815 module will be called act_vlan.
816
817config NET_ACT_BPF
818 tristate "BPF based action"
819 depends on NET_CLS_ACT
820 help
821 Say Y here to execute BPF code on packets. The BPF code will decide
822 if the packet should be dropped or not.
823
824 If unsure, say N.
825
826 To compile this code as a module, choose M here: the
827 module will be called act_bpf.
828
829config NET_ACT_CONNMARK
830 tristate "Netfilter Connection Mark Retriever"
831 depends on NET_CLS_ACT && NETFILTER
832 depends on NF_CONNTRACK && NF_CONNTRACK_MARK
833 help
834 Say Y here to allow retrieving of conn mark
835
836 If unsure, say N.
837
838 To compile this code as a module, choose M here: the
839 module will be called act_connmark.
840
841config NET_ACT_CTINFO
842 tristate "Netfilter Connection Mark Actions"
843 depends on NET_CLS_ACT && NETFILTER
844 depends on NF_CONNTRACK && NF_CONNTRACK_MARK
845 help
846 Say Y here to allow transfer of a connmark stored information.
847 Current actions transfer connmark stored DSCP into
848 ipv4/v6 diffserv and/or to transfer connmark to packet
849 mark. Both are useful for restoring egress based marks
850 back onto ingress connections for qdisc priority mapping
851 purposes.
852
853 If unsure, say N.
854
855 To compile this code as a module, choose M here: the
856 module will be called act_ctinfo.
857
858config NET_ACT_SKBMOD
859 tristate "skb data modification action"
860 depends on NET_CLS_ACT
861 help
862 Say Y here to allow modification of skb data
863
864 If unsure, say N.
865
866 To compile this code as a module, choose M here: the
867 module will be called act_skbmod.
868
869config NET_ACT_IFE
870 tristate "Inter-FE action based on IETF ForCES InterFE LFB"
871 depends on NET_CLS_ACT
872 select NET_IFE
873 help
874 Say Y here to allow for sourcing and terminating metadata
875 For details refer to netdev01 paper:
876 "Distributing Linux Traffic Control Classifier-Action Subsystem"
877 Authors: Jamal Hadi Salim and Damascene M. Joachimpillai
878
879 To compile this code as a module, choose M here: the
880 module will be called act_ife.
881
882config NET_ACT_TUNNEL_KEY
883 tristate "IP tunnel metadata manipulation"
884 depends on NET_CLS_ACT
885 help
886 Say Y here to set/release ip tunnel metadata.
887
888 If unsure, say N.
889
890 To compile this code as a module, choose M here: the
891 module will be called act_tunnel_key.
892
893config NET_ACT_CT
894 tristate "connection tracking tc action"
895 depends on NET_CLS_ACT && NF_CONNTRACK && (!NF_NAT || NF_NAT) && NF_FLOW_TABLE
896 select NF_CONNTRACK_OVS
897 select NF_NAT_OVS if NF_NAT
898 help
899 Say Y here to allow sending the packets to conntrack module.
900
901 If unsure, say N.
902
903 To compile this code as a module, choose M here: the
904 module will be called act_ct.
905
906config NET_ACT_GATE
907 tristate "Frame gate entry list control tc action"
908 depends on NET_CLS_ACT
909 help
910 Say Y here to allow to control the ingress flow to be passed at
911 specific time slot and be dropped at other specific time slot by
912 the gate entry list.
913
914 If unsure, say N.
915 To compile this code as a module, choose M here: the
916 module will be called act_gate.
917
918config NET_IFE_SKBMARK
919 tristate "Support to encoding decoding skb mark on IFE action"
920 depends on NET_ACT_IFE
921
922config NET_IFE_SKBPRIO
923 tristate "Support to encoding decoding skb prio on IFE action"
924 depends on NET_ACT_IFE
925
926config NET_IFE_SKBTCINDEX
927 tristate "Support to encoding decoding skb tcindex on IFE action"
928 depends on NET_ACT_IFE
929
930config NET_TC_SKB_EXT
931 bool "TC recirculation support"
932 depends on NET_CLS_ACT
933 select SKB_EXTENSIONS
934
935 help
936 Say Y here to allow tc chain misses to continue in OvS datapath in
937 the correct recirc_id, and hardware chain misses to continue in
938 the correct chain in tc software datapath.
939
940 Say N here if you won't be using tc<->ovs offload or tc chains offload.
941
942endif # NET_SCHED
943
944config NET_SCH_FIFO
945 bool
1#
2# Traffic control configuration.
3#
4
5menuconfig NET_SCHED
6 bool "QoS and/or fair queueing"
7 select NET_SCH_FIFO
8 ---help---
9 When the kernel has several packets to send out over a network
10 device, it has to decide which ones to send first, which ones to
11 delay, and which ones to drop. This is the job of the queueing
12 disciplines, several different algorithms for how to do this
13 "fairly" have been proposed.
14
15 If you say N here, you will get the standard packet scheduler, which
16 is a FIFO (first come, first served). If you say Y here, you will be
17 able to choose from among several alternative algorithms which can
18 then be attached to different network devices. This is useful for
19 example if some of your network devices are real time devices that
20 need a certain minimum data flow rate, or if you need to limit the
21 maximum data flow rate for traffic which matches specified criteria.
22 This code is considered to be experimental.
23
24 To administer these schedulers, you'll need the user-level utilities
25 from the package iproute2+tc at
26 <https://www.kernel.org/pub/linux/utils/net/iproute2/>. That package
27 also contains some documentation; for more, check out
28 <http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2>.
29
30 This Quality of Service (QoS) support will enable you to use
31 Differentiated Services (diffserv) and Resource Reservation Protocol
32 (RSVP) on your Linux router if you also say Y to the corresponding
33 classifiers below. Documentation and software is at
34 <http://diffserv.sourceforge.net/>.
35
36 If you say Y here and to "/proc file system" below, you will be able
37 to read status information about packet schedulers from the file
38 /proc/net/psched.
39
40 The available schedulers are listed in the following questions; you
41 can say Y to as many as you like. If unsure, say N now.
42
43if NET_SCHED
44
45comment "Queueing/Scheduling"
46
47config NET_SCH_CBQ
48 tristate "Class Based Queueing (CBQ)"
49 ---help---
50 Say Y here if you want to use the Class-Based Queueing (CBQ) packet
51 scheduling algorithm. This algorithm classifies the waiting packets
52 into a tree-like hierarchy of classes; the leaves of this tree are
53 in turn scheduled by separate algorithms.
54
55 See the top of <file:net/sched/sch_cbq.c> for more details.
56
57 CBQ is a commonly used scheduler, so if you're unsure, you should
58 say Y here. Then say Y to all the queueing algorithms below that you
59 want to use as leaf disciplines.
60
61 To compile this code as a module, choose M here: the
62 module will be called sch_cbq.
63
64config NET_SCH_HTB
65 tristate "Hierarchical Token Bucket (HTB)"
66 ---help---
67 Say Y here if you want to use the Hierarchical Token Buckets (HTB)
68 packet scheduling algorithm. See
69 <http://luxik.cdi.cz/~devik/qos/htb/> for complete manual and
70 in-depth articles.
71
72 HTB is very similar to CBQ regarding its goals however is has
73 different properties and different algorithm.
74
75 To compile this code as a module, choose M here: the
76 module will be called sch_htb.
77
78config NET_SCH_HFSC
79 tristate "Hierarchical Fair Service Curve (HFSC)"
80 ---help---
81 Say Y here if you want to use the Hierarchical Fair Service Curve
82 (HFSC) packet scheduling algorithm.
83
84 To compile this code as a module, choose M here: the
85 module will be called sch_hfsc.
86
87config NET_SCH_ATM
88 tristate "ATM Virtual Circuits (ATM)"
89 depends on ATM
90 ---help---
91 Say Y here if you want to use the ATM pseudo-scheduler. This
92 provides a framework for invoking classifiers, which in turn
93 select classes of this queuing discipline. Each class maps
94 the flow(s) it is handling to a given virtual circuit.
95
96 See the top of <file:net/sched/sch_atm.c> for more details.
97
98 To compile this code as a module, choose M here: the
99 module will be called sch_atm.
100
101config NET_SCH_PRIO
102 tristate "Multi Band Priority Queueing (PRIO)"
103 ---help---
104 Say Y here if you want to use an n-band priority queue packet
105 scheduler.
106
107 To compile this code as a module, choose M here: the
108 module will be called sch_prio.
109
110config NET_SCH_MULTIQ
111 tristate "Hardware Multiqueue-aware Multi Band Queuing (MULTIQ)"
112 ---help---
113 Say Y here if you want to use an n-band queue packet scheduler
114 to support devices that have multiple hardware transmit queues.
115
116 To compile this code as a module, choose M here: the
117 module will be called sch_multiq.
118
119config NET_SCH_RED
120 tristate "Random Early Detection (RED)"
121 ---help---
122 Say Y here if you want to use the Random Early Detection (RED)
123 packet scheduling algorithm.
124
125 See the top of <file:net/sched/sch_red.c> for more details.
126
127 To compile this code as a module, choose M here: the
128 module will be called sch_red.
129
130config NET_SCH_SFB
131 tristate "Stochastic Fair Blue (SFB)"
132 ---help---
133 Say Y here if you want to use the Stochastic Fair Blue (SFB)
134 packet scheduling algorithm.
135
136 See the top of <file:net/sched/sch_sfb.c> for more details.
137
138 To compile this code as a module, choose M here: the
139 module will be called sch_sfb.
140
141config NET_SCH_SFQ
142 tristate "Stochastic Fairness Queueing (SFQ)"
143 ---help---
144 Say Y here if you want to use the Stochastic Fairness Queueing (SFQ)
145 packet scheduling algorithm.
146
147 See the top of <file:net/sched/sch_sfq.c> for more details.
148
149 To compile this code as a module, choose M here: the
150 module will be called sch_sfq.
151
152config NET_SCH_TEQL
153 tristate "True Link Equalizer (TEQL)"
154 ---help---
155 Say Y here if you want to use the True Link Equalizer (TLE) packet
156 scheduling algorithm. This queueing discipline allows the combination
157 of several physical devices into one virtual device.
158
159 See the top of <file:net/sched/sch_teql.c> for more details.
160
161 To compile this code as a module, choose M here: the
162 module will be called sch_teql.
163
164config NET_SCH_TBF
165 tristate "Token Bucket Filter (TBF)"
166 ---help---
167 Say Y here if you want to use the Token Bucket Filter (TBF) packet
168 scheduling algorithm.
169
170 See the top of <file:net/sched/sch_tbf.c> for more details.
171
172 To compile this code as a module, choose M here: the
173 module will be called sch_tbf.
174
175config NET_SCH_GRED
176 tristate "Generic Random Early Detection (GRED)"
177 ---help---
178 Say Y here if you want to use the Generic Random Early Detection
179 (GRED) packet scheduling algorithm for some of your network devices
180 (see the top of <file:net/sched/sch_red.c> for details and
181 references about the algorithm).
182
183 To compile this code as a module, choose M here: the
184 module will be called sch_gred.
185
186config NET_SCH_DSMARK
187 tristate "Differentiated Services marker (DSMARK)"
188 ---help---
189 Say Y if you want to schedule packets according to the
190 Differentiated Services architecture proposed in RFC 2475.
191 Technical information on this method, with pointers to associated
192 RFCs, is available at <http://www.gta.ufrj.br/diffserv/>.
193
194 To compile this code as a module, choose M here: the
195 module will be called sch_dsmark.
196
197config NET_SCH_NETEM
198 tristate "Network emulator (NETEM)"
199 ---help---
200 Say Y if you want to emulate network delay, loss, and packet
201 re-ordering. This is often useful to simulate networks when
202 testing applications or protocols.
203
204 To compile this driver as a module, choose M here: the module
205 will be called sch_netem.
206
207 If unsure, say N.
208
209config NET_SCH_DRR
210 tristate "Deficit Round Robin scheduler (DRR)"
211 help
212 Say Y here if you want to use the Deficit Round Robin (DRR) packet
213 scheduling algorithm.
214
215 To compile this driver as a module, choose M here: the module
216 will be called sch_drr.
217
218 If unsure, say N.
219
220config NET_SCH_MQPRIO
221 tristate "Multi-queue priority scheduler (MQPRIO)"
222 help
223 Say Y here if you want to use the Multi-queue Priority scheduler.
224 This scheduler allows QOS to be offloaded on NICs that have support
225 for offloading QOS schedulers.
226
227 To compile this driver as a module, choose M here: the module will
228 be called sch_mqprio.
229
230 If unsure, say N.
231
232config NET_SCH_CHOKE
233 tristate "CHOose and Keep responsive flow scheduler (CHOKE)"
234 help
235 Say Y here if you want to use the CHOKe packet scheduler (CHOose
236 and Keep for responsive flows, CHOose and Kill for unresponsive
237 flows). This is a variation of RED which trys to penalize flows
238 that monopolize the queue.
239
240 To compile this code as a module, choose M here: the
241 module will be called sch_choke.
242
243config NET_SCH_QFQ
244 tristate "Quick Fair Queueing scheduler (QFQ)"
245 help
246 Say Y here if you want to use the Quick Fair Queueing Scheduler (QFQ)
247 packet scheduling algorithm.
248
249 To compile this driver as a module, choose M here: the module
250 will be called sch_qfq.
251
252 If unsure, say N.
253
254config NET_SCH_CODEL
255 tristate "Controlled Delay AQM (CODEL)"
256 help
257 Say Y here if you want to use the Controlled Delay (CODEL)
258 packet scheduling algorithm.
259
260 To compile this driver as a module, choose M here: the module
261 will be called sch_codel.
262
263 If unsure, say N.
264
265config NET_SCH_FQ_CODEL
266 tristate "Fair Queue Controlled Delay AQM (FQ_CODEL)"
267 help
268 Say Y here if you want to use the FQ Controlled Delay (FQ_CODEL)
269 packet scheduling algorithm.
270
271 To compile this driver as a module, choose M here: the module
272 will be called sch_fq_codel.
273
274 If unsure, say N.
275
276config NET_SCH_FQ
277 tristate "Fair Queue"
278 help
279 Say Y here if you want to use the FQ packet scheduling algorithm.
280
281 FQ does flow separation, and is able to respect pacing requirements
282 set by TCP stack into sk->sk_pacing_rate (for localy generated
283 traffic)
284
285 To compile this driver as a module, choose M here: the module
286 will be called sch_fq.
287
288 If unsure, say N.
289
290config NET_SCH_HHF
291 tristate "Heavy-Hitter Filter (HHF)"
292 help
293 Say Y here if you want to use the Heavy-Hitter Filter (HHF)
294 packet scheduling algorithm.
295
296 To compile this driver as a module, choose M here: the module
297 will be called sch_hhf.
298
299config NET_SCH_PIE
300 tristate "Proportional Integral controller Enhanced (PIE) scheduler"
301 help
302 Say Y here if you want to use the Proportional Integral controller
303 Enhanced scheduler packet scheduling algorithm.
304 For more information, please see
305 http://tools.ietf.org/html/draft-pan-tsvwg-pie-00
306
307 To compile this driver as a module, choose M here: the module
308 will be called sch_pie.
309
310 If unsure, say N.
311
312config NET_SCH_INGRESS
313 tristate "Ingress/classifier-action Qdisc"
314 depends on NET_CLS_ACT
315 select NET_INGRESS
316 select NET_EGRESS
317 ---help---
318 Say Y here if you want to use classifiers for incoming and/or outgoing
319 packets. This qdisc doesn't do anything else besides running classifiers,
320 which can also have actions attached to them. In case of outgoing packets,
321 classifiers that this qdisc holds are executed in the transmit path
322 before real enqueuing to an egress qdisc happens.
323
324 If unsure, say Y.
325
326 To compile this code as a module, choose M here: the module will be
327 called sch_ingress with alias of sch_clsact.
328
329config NET_SCH_PLUG
330 tristate "Plug network traffic until release (PLUG)"
331 ---help---
332
333 This queuing discipline allows userspace to plug/unplug a network
334 output queue, using the netlink interface. When it receives an
335 enqueue command it inserts a plug into the outbound queue that
336 causes following packets to enqueue until a dequeue command arrives
337 over netlink, causing the plug to be removed and resuming the normal
338 packet flow.
339
340 This module also provides a generic "network output buffering"
341 functionality (aka output commit), wherein upon arrival of a dequeue
342 command, only packets up to the first plug are released for delivery.
343 The Remus HA project uses this module to enable speculative execution
344 of virtual machines by allowing the generated network output to be rolled
345 back if needed.
346
347 For more information, please refer to <http://wiki.xenproject.org/wiki/Remus>
348
349 Say Y here if you are using this kernel for Xen dom0 and
350 want to protect Xen guests with Remus.
351
352 To compile this code as a module, choose M here: the
353 module will be called sch_plug.
354
355comment "Classification"
356
357config NET_CLS
358 bool
359
360config NET_CLS_BASIC
361 tristate "Elementary classification (BASIC)"
362 select NET_CLS
363 ---help---
364 Say Y here if you want to be able to classify packets using
365 only extended matches and actions.
366
367 To compile this code as a module, choose M here: the
368 module will be called cls_basic.
369
370config NET_CLS_TCINDEX
371 tristate "Traffic-Control Index (TCINDEX)"
372 select NET_CLS
373 ---help---
374 Say Y here if you want to be able to classify packets based on
375 traffic control indices. You will want this feature if you want
376 to implement Differentiated Services together with DSMARK.
377
378 To compile this code as a module, choose M here: the
379 module will be called cls_tcindex.
380
381config NET_CLS_ROUTE4
382 tristate "Routing decision (ROUTE)"
383 depends on INET
384 select IP_ROUTE_CLASSID
385 select NET_CLS
386 ---help---
387 If you say Y here, you will be able to classify packets
388 according to the route table entry they matched.
389
390 To compile this code as a module, choose M here: the
391 module will be called cls_route.
392
393config NET_CLS_FW
394 tristate "Netfilter mark (FW)"
395 select NET_CLS
396 ---help---
397 If you say Y here, you will be able to classify packets
398 according to netfilter/firewall marks.
399
400 To compile this code as a module, choose M here: the
401 module will be called cls_fw.
402
403config NET_CLS_U32
404 tristate "Universal 32bit comparisons w/ hashing (U32)"
405 select NET_CLS
406 ---help---
407 Say Y here to be able to classify packets using a universal
408 32bit pieces based comparison scheme.
409
410 To compile this code as a module, choose M here: the
411 module will be called cls_u32.
412
413config CLS_U32_PERF
414 bool "Performance counters support"
415 depends on NET_CLS_U32
416 ---help---
417 Say Y here to make u32 gather additional statistics useful for
418 fine tuning u32 classifiers.
419
420config CLS_U32_MARK
421 bool "Netfilter marks support"
422 depends on NET_CLS_U32
423 ---help---
424 Say Y here to be able to use netfilter marks as u32 key.
425
426config NET_CLS_RSVP
427 tristate "IPv4 Resource Reservation Protocol (RSVP)"
428 select NET_CLS
429 ---help---
430 The Resource Reservation Protocol (RSVP) permits end systems to
431 request a minimum and maximum data flow rate for a connection; this
432 is important for real time data such as streaming sound or video.
433
434 Say Y here if you want to be able to classify outgoing packets based
435 on their RSVP requests.
436
437 To compile this code as a module, choose M here: the
438 module will be called cls_rsvp.
439
440config NET_CLS_RSVP6
441 tristate "IPv6 Resource Reservation Protocol (RSVP6)"
442 select NET_CLS
443 ---help---
444 The Resource Reservation Protocol (RSVP) permits end systems to
445 request a minimum and maximum data flow rate for a connection; this
446 is important for real time data such as streaming sound or video.
447
448 Say Y here if you want to be able to classify outgoing packets based
449 on their RSVP requests and you are using the IPv6 protocol.
450
451 To compile this code as a module, choose M here: the
452 module will be called cls_rsvp6.
453
454config NET_CLS_FLOW
455 tristate "Flow classifier"
456 select NET_CLS
457 ---help---
458 If you say Y here, you will be able to classify packets based on
459 a configurable combination of packet keys. This is mostly useful
460 in combination with SFQ.
461
462 To compile this code as a module, choose M here: the
463 module will be called cls_flow.
464
465config NET_CLS_CGROUP
466 tristate "Control Group Classifier"
467 select NET_CLS
468 select CGROUP_NET_CLASSID
469 depends on CGROUPS
470 ---help---
471 Say Y here if you want to classify packets based on the control
472 cgroup of their process.
473
474 To compile this code as a module, choose M here: the
475 module will be called cls_cgroup.
476
477config NET_CLS_BPF
478 tristate "BPF-based classifier"
479 select NET_CLS
480 ---help---
481 If you say Y here, you will be able to classify packets based on
482 programmable BPF (JIT'ed) filters as an alternative to ematches.
483
484 To compile this code as a module, choose M here: the module will
485 be called cls_bpf.
486
487config NET_CLS_FLOWER
488 tristate "Flower classifier"
489 select NET_CLS
490 ---help---
491 If you say Y here, you will be able to classify packets based on
492 a configurable combination of packet keys and masks.
493
494 To compile this code as a module, choose M here: the module will
495 be called cls_flower.
496
497config NET_CLS_MATCHALL
498 tristate "Match-all classifier"
499 select NET_CLS
500 ---help---
501 If you say Y here, you will be able to classify packets based on
502 nothing. Every packet will match.
503
504 To compile this code as a module, choose M here: the module will
505 be called cls_matchall.
506
507config NET_EMATCH
508 bool "Extended Matches"
509 select NET_CLS
510 ---help---
511 Say Y here if you want to use extended matches on top of classifiers
512 and select the extended matches below.
513
514 Extended matches are small classification helpers not worth writing
515 a separate classifier for.
516
517 A recent version of the iproute2 package is required to use
518 extended matches.
519
520config NET_EMATCH_STACK
521 int "Stack size"
522 depends on NET_EMATCH
523 default "32"
524 ---help---
525 Size of the local stack variable used while evaluating the tree of
526 ematches. Limits the depth of the tree, i.e. the number of
527 encapsulated precedences. Every level requires 4 bytes of additional
528 stack space.
529
530config NET_EMATCH_CMP
531 tristate "Simple packet data comparison"
532 depends on NET_EMATCH
533 ---help---
534 Say Y here if you want to be able to classify packets based on
535 simple packet data comparisons for 8, 16, and 32bit values.
536
537 To compile this code as a module, choose M here: the
538 module will be called em_cmp.
539
540config NET_EMATCH_NBYTE
541 tristate "Multi byte comparison"
542 depends on NET_EMATCH
543 ---help---
544 Say Y here if you want to be able to classify packets based on
545 multiple byte comparisons mainly useful for IPv6 address comparisons.
546
547 To compile this code as a module, choose M here: the
548 module will be called em_nbyte.
549
550config NET_EMATCH_U32
551 tristate "U32 key"
552 depends on NET_EMATCH
553 ---help---
554 Say Y here if you want to be able to classify packets using
555 the famous u32 key in combination with logic relations.
556
557 To compile this code as a module, choose M here: the
558 module will be called em_u32.
559
560config NET_EMATCH_META
561 tristate "Metadata"
562 depends on NET_EMATCH
563 ---help---
564 Say Y here if you want to be able to classify packets based on
565 metadata such as load average, netfilter attributes, socket
566 attributes and routing decisions.
567
568 To compile this code as a module, choose M here: the
569 module will be called em_meta.
570
571config NET_EMATCH_TEXT
572 tristate "Textsearch"
573 depends on NET_EMATCH
574 select TEXTSEARCH
575 select TEXTSEARCH_KMP
576 select TEXTSEARCH_BM
577 select TEXTSEARCH_FSM
578 ---help---
579 Say Y here if you want to be able to classify packets based on
580 textsearch comparisons.
581
582 To compile this code as a module, choose M here: the
583 module will be called em_text.
584
585config NET_EMATCH_CANID
586 tristate "CAN Identifier"
587 depends on NET_EMATCH && (CAN=y || CAN=m)
588 ---help---
589 Say Y here if you want to be able to classify CAN frames based
590 on CAN Identifier.
591
592 To compile this code as a module, choose M here: the
593 module will be called em_canid.
594
595config NET_EMATCH_IPSET
596 tristate "IPset"
597 depends on NET_EMATCH && IP_SET
598 ---help---
599 Say Y here if you want to be able to classify packets based on
600 ipset membership.
601
602 To compile this code as a module, choose M here: the
603 module will be called em_ipset.
604
605config NET_CLS_ACT
606 bool "Actions"
607 ---help---
608 Say Y here if you want to use traffic control actions. Actions
609 get attached to classifiers and are invoked after a successful
610 classification. They are used to overwrite the classification
611 result, instantly drop or redirect packets, etc.
612
613 A recent version of the iproute2 package is required to use
614 extended matches.
615
616config NET_ACT_POLICE
617 tristate "Traffic Policing"
618 depends on NET_CLS_ACT
619 ---help---
620 Say Y here if you want to do traffic policing, i.e. strict
621 bandwidth limiting. This action replaces the existing policing
622 module.
623
624 To compile this code as a module, choose M here: the
625 module will be called act_police.
626
627config NET_ACT_GACT
628 tristate "Generic actions"
629 depends on NET_CLS_ACT
630 ---help---
631 Say Y here to take generic actions such as dropping and
632 accepting packets.
633
634 To compile this code as a module, choose M here: the
635 module will be called act_gact.
636
637config GACT_PROB
638 bool "Probability support"
639 depends on NET_ACT_GACT
640 ---help---
641 Say Y here to use the generic action randomly or deterministically.
642
643config NET_ACT_MIRRED
644 tristate "Redirecting and Mirroring"
645 depends on NET_CLS_ACT
646 ---help---
647 Say Y here to allow packets to be mirrored or redirected to
648 other devices.
649
650 To compile this code as a module, choose M here: the
651 module will be called act_mirred.
652
653config NET_ACT_IPT
654 tristate "IPtables targets"
655 depends on NET_CLS_ACT && NETFILTER && IP_NF_IPTABLES
656 ---help---
657 Say Y here to be able to invoke iptables targets after successful
658 classification.
659
660 To compile this code as a module, choose M here: the
661 module will be called act_ipt.
662
663config NET_ACT_NAT
664 tristate "Stateless NAT"
665 depends on NET_CLS_ACT
666 ---help---
667 Say Y here to do stateless NAT on IPv4 packets. You should use
668 netfilter for NAT unless you know what you are doing.
669
670 To compile this code as a module, choose M here: the
671 module will be called act_nat.
672
673config NET_ACT_PEDIT
674 tristate "Packet Editing"
675 depends on NET_CLS_ACT
676 ---help---
677 Say Y here if you want to mangle the content of packets.
678
679 To compile this code as a module, choose M here: the
680 module will be called act_pedit.
681
682config NET_ACT_SIMP
683 tristate "Simple Example (Debug)"
684 depends on NET_CLS_ACT
685 ---help---
686 Say Y here to add a simple action for demonstration purposes.
687 It is meant as an example and for debugging purposes. It will
688 print a configured policy string followed by the packet count
689 to the console for every packet that passes by.
690
691 If unsure, say N.
692
693 To compile this code as a module, choose M here: the
694 module will be called act_simple.
695
696config NET_ACT_SKBEDIT
697 tristate "SKB Editing"
698 depends on NET_CLS_ACT
699 ---help---
700 Say Y here to change skb priority or queue_mapping settings.
701
702 If unsure, say N.
703
704 To compile this code as a module, choose M here: the
705 module will be called act_skbedit.
706
707config NET_ACT_CSUM
708 tristate "Checksum Updating"
709 depends on NET_CLS_ACT && INET
710 ---help---
711 Say Y here to update some common checksum after some direct
712 packet alterations.
713
714 To compile this code as a module, choose M here: the
715 module will be called act_csum.
716
717config NET_ACT_VLAN
718 tristate "Vlan manipulation"
719 depends on NET_CLS_ACT
720 ---help---
721 Say Y here to push or pop vlan headers.
722
723 If unsure, say N.
724
725 To compile this code as a module, choose M here: the
726 module will be called act_vlan.
727
728config NET_ACT_BPF
729 tristate "BPF based action"
730 depends on NET_CLS_ACT
731 ---help---
732 Say Y here to execute BPF code on packets. The BPF code will decide
733 if the packet should be dropped or not.
734
735 If unsure, say N.
736
737 To compile this code as a module, choose M here: the
738 module will be called act_bpf.
739
740config NET_ACT_CONNMARK
741 tristate "Netfilter Connection Mark Retriever"
742 depends on NET_CLS_ACT && NETFILTER && IP_NF_IPTABLES
743 depends on NF_CONNTRACK && NF_CONNTRACK_MARK
744 ---help---
745 Say Y here to allow retrieving of conn mark
746
747 If unsure, say N.
748
749 To compile this code as a module, choose M here: the
750 module will be called act_connmark.
751
752config NET_ACT_SKBMOD
753 tristate "skb data modification action"
754 depends on NET_CLS_ACT
755 ---help---
756 Say Y here to allow modification of skb data
757
758 If unsure, say N.
759
760 To compile this code as a module, choose M here: the
761 module will be called act_skbmod.
762
763config NET_ACT_IFE
764 tristate "Inter-FE action based on IETF ForCES InterFE LFB"
765 depends on NET_CLS_ACT
766 ---help---
767 Say Y here to allow for sourcing and terminating metadata
768 For details refer to netdev01 paper:
769 "Distributing Linux Traffic Control Classifier-Action Subsystem"
770 Authors: Jamal Hadi Salim and Damascene M. Joachimpillai
771
772 To compile this code as a module, choose M here: the
773 module will be called act_ife.
774
775config NET_ACT_TUNNEL_KEY
776 tristate "IP tunnel metadata manipulation"
777 depends on NET_CLS_ACT
778 ---help---
779 Say Y here to set/release ip tunnel metadata.
780
781 If unsure, say N.
782
783 To compile this code as a module, choose M here: the
784 module will be called act_tunnel_key.
785
786config NET_IFE_SKBMARK
787 tristate "Support to encoding decoding skb mark on IFE action"
788 depends on NET_ACT_IFE
789 ---help---
790
791config NET_IFE_SKBPRIO
792 tristate "Support to encoding decoding skb prio on IFE action"
793 depends on NET_ACT_IFE
794 ---help---
795
796config NET_IFE_SKBTCINDEX
797 tristate "Support to encoding decoding skb tcindex on IFE action"
798 depends on NET_ACT_IFE
799 ---help---
800
801config NET_CLS_IND
802 bool "Incoming device classification"
803 depends on NET_CLS_U32 || NET_CLS_FW
804 ---help---
805 Say Y here to extend the u32 and fw classifier to support
806 classification based on the incoming device. This option is
807 likely to disappear in favour of the metadata ematch.
808
809endif # NET_SCHED
810
811config NET_SCH_FIFO
812 bool