Loading...
1# SPDX-License-Identifier: GPL-2.0-only
2#
3# Traffic control configuration.
4#
5
6menuconfig NET_SCHED
7 bool "QoS and/or fair queueing"
8 select NET_SCH_FIFO
9 help
10 When the kernel has several packets to send out over a network
11 device, it has to decide which ones to send first, which ones to
12 delay, and which ones to drop. This is the job of the queueing
13 disciplines, several different algorithms for how to do this
14 "fairly" have been proposed.
15
16 If you say N here, you will get the standard packet scheduler, which
17 is a FIFO (first come, first served). If you say Y here, you will be
18 able to choose from among several alternative algorithms which can
19 then be attached to different network devices. This is useful for
20 example if some of your network devices are real time devices that
21 need a certain minimum data flow rate, or if you need to limit the
22 maximum data flow rate for traffic which matches specified criteria.
23 This code is considered to be experimental.
24
25 To administer these schedulers, you'll need the user-level utilities
26 from the package iproute2+tc at
27 <https://www.kernel.org/pub/linux/utils/net/iproute2/>. That package
28 also contains some documentation; for more, check out
29 <http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2>.
30
31 This Quality of Service (QoS) support will enable you to use
32 Differentiated Services (diffserv) and Resource Reservation Protocol
33 (RSVP) on your Linux router if you also say Y to the corresponding
34 classifiers below. Documentation and software is at
35 <http://diffserv.sourceforge.net/>.
36
37 If you say Y here and to "/proc file system" below, you will be able
38 to read status information about packet schedulers from the file
39 /proc/net/psched.
40
41 The available schedulers are listed in the following questions; you
42 can say Y to as many as you like. If unsure, say N now.
43
44if NET_SCHED
45
46comment "Queueing/Scheduling"
47
48config NET_SCH_HTB
49 tristate "Hierarchical Token Bucket (HTB)"
50 help
51 Say Y here if you want to use the Hierarchical Token Buckets (HTB)
52 packet scheduling algorithm. See
53 <http://luxik.cdi.cz/~devik/qos/htb/> for complete manual and
54 in-depth articles.
55
56 HTB is very similar to CBQ regarding its goals however is has
57 different properties and different algorithm.
58
59 To compile this code as a module, choose M here: the
60 module will be called sch_htb.
61
62config NET_SCH_HFSC
63 tristate "Hierarchical Fair Service Curve (HFSC)"
64 help
65 Say Y here if you want to use the Hierarchical Fair Service Curve
66 (HFSC) packet scheduling algorithm.
67
68 To compile this code as a module, choose M here: the
69 module will be called sch_hfsc.
70
71config NET_SCH_PRIO
72 tristate "Multi Band Priority Queueing (PRIO)"
73 help
74 Say Y here if you want to use an n-band priority queue packet
75 scheduler.
76
77 To compile this code as a module, choose M here: the
78 module will be called sch_prio.
79
80config NET_SCH_MULTIQ
81 tristate "Hardware Multiqueue-aware Multi Band Queuing (MULTIQ)"
82 help
83 Say Y here if you want to use an n-band queue packet scheduler
84 to support devices that have multiple hardware transmit queues.
85
86 To compile this code as a module, choose M here: the
87 module will be called sch_multiq.
88
89config NET_SCH_RED
90 tristate "Random Early Detection (RED)"
91 help
92 Say Y here if you want to use the Random Early Detection (RED)
93 packet scheduling algorithm.
94
95 See the top of <file:net/sched/sch_red.c> for more details.
96
97 To compile this code as a module, choose M here: the
98 module will be called sch_red.
99
100config NET_SCH_SFB
101 tristate "Stochastic Fair Blue (SFB)"
102 help
103 Say Y here if you want to use the Stochastic Fair Blue (SFB)
104 packet scheduling algorithm.
105
106 See the top of <file:net/sched/sch_sfb.c> for more details.
107
108 To compile this code as a module, choose M here: the
109 module will be called sch_sfb.
110
111config NET_SCH_SFQ
112 tristate "Stochastic Fairness Queueing (SFQ)"
113 help
114 Say Y here if you want to use the Stochastic Fairness Queueing (SFQ)
115 packet scheduling algorithm.
116
117 See the top of <file:net/sched/sch_sfq.c> for more details.
118
119 To compile this code as a module, choose M here: the
120 module will be called sch_sfq.
121
122config NET_SCH_TEQL
123 tristate "True Link Equalizer (TEQL)"
124 help
125 Say Y here if you want to use the True Link Equalizer (TLE) packet
126 scheduling algorithm. This queueing discipline allows the combination
127 of several physical devices into one virtual device.
128
129 See the top of <file:net/sched/sch_teql.c> for more details.
130
131 To compile this code as a module, choose M here: the
132 module will be called sch_teql.
133
134config NET_SCH_TBF
135 tristate "Token Bucket Filter (TBF)"
136 help
137 Say Y here if you want to use the Token Bucket Filter (TBF) packet
138 scheduling algorithm.
139
140 See the top of <file:net/sched/sch_tbf.c> for more details.
141
142 To compile this code as a module, choose M here: the
143 module will be called sch_tbf.
144
145config NET_SCH_CBS
146 tristate "Credit Based Shaper (CBS)"
147 help
148 Say Y here if you want to use the Credit Based Shaper (CBS) packet
149 scheduling algorithm.
150
151 See the top of <file:net/sched/sch_cbs.c> for more details.
152
153 To compile this code as a module, choose M here: the
154 module will be called sch_cbs.
155
156config NET_SCH_ETF
157 tristate "Earliest TxTime First (ETF)"
158 help
159 Say Y here if you want to use the Earliest TxTime First (ETF) packet
160 scheduling algorithm.
161
162 See the top of <file:net/sched/sch_etf.c> for more details.
163
164 To compile this code as a module, choose M here: the
165 module will be called sch_etf.
166
167config NET_SCH_MQPRIO_LIB
168 tristate
169 help
170 Common library for manipulating mqprio queue configurations.
171
172config NET_SCH_TAPRIO
173 tristate "Time Aware Priority (taprio) Scheduler"
174 select NET_SCH_MQPRIO_LIB
175 help
176 Say Y here if you want to use the Time Aware Priority (taprio) packet
177 scheduling algorithm.
178
179 See the top of <file:net/sched/sch_taprio.c> for more details.
180
181 To compile this code as a module, choose M here: the
182 module will be called sch_taprio.
183
184config NET_SCH_GRED
185 tristate "Generic Random Early Detection (GRED)"
186 help
187 Say Y here if you want to use the Generic Random Early Detection
188 (GRED) packet scheduling algorithm for some of your network devices
189 (see the top of <file:net/sched/sch_red.c> for details and
190 references about the algorithm).
191
192 To compile this code as a module, choose M here: the
193 module will be called sch_gred.
194
195config NET_SCH_NETEM
196 tristate "Network emulator (NETEM)"
197 help
198 Say Y if you want to emulate network delay, loss, and packet
199 re-ordering. This is often useful to simulate networks when
200 testing applications or protocols.
201
202 To compile this driver as a module, choose M here: the module
203 will be called sch_netem.
204
205 If unsure, say N.
206
207config NET_SCH_DRR
208 tristate "Deficit Round Robin scheduler (DRR)"
209 help
210 Say Y here if you want to use the Deficit Round Robin (DRR) packet
211 scheduling algorithm.
212
213 To compile this driver as a module, choose M here: the module
214 will be called sch_drr.
215
216 If unsure, say N.
217
218config NET_SCH_MQPRIO
219 tristate "Multi-queue priority scheduler (MQPRIO)"
220 select NET_SCH_MQPRIO_LIB
221 help
222 Say Y here if you want to use the Multi-queue Priority scheduler.
223 This scheduler allows QOS to be offloaded on NICs that have support
224 for offloading QOS schedulers.
225
226 To compile this driver as a module, choose M here: the module will
227 be called sch_mqprio.
228
229 If unsure, say N.
230
231config NET_SCH_SKBPRIO
232 tristate "SKB priority queue scheduler (SKBPRIO)"
233 help
234 Say Y here if you want to use the SKB priority queue
235 scheduler. This schedules packets according to skb->priority,
236 which is useful for request packets in DoS mitigation systems such
237 as Gatekeeper.
238
239 To compile this driver as a module, choose M here: the module will
240 be called sch_skbprio.
241
242 If unsure, say N.
243
244config NET_SCH_CHOKE
245 tristate "CHOose and Keep responsive flow scheduler (CHOKE)"
246 help
247 Say Y here if you want to use the CHOKe packet scheduler (CHOose
248 and Keep for responsive flows, CHOose and Kill for unresponsive
249 flows). This is a variation of RED which tries to penalize flows
250 that monopolize the queue.
251
252 To compile this code as a module, choose M here: the
253 module will be called sch_choke.
254
255config NET_SCH_QFQ
256 tristate "Quick Fair Queueing scheduler (QFQ)"
257 help
258 Say Y here if you want to use the Quick Fair Queueing Scheduler (QFQ)
259 packet scheduling algorithm.
260
261 To compile this driver as a module, choose M here: the module
262 will be called sch_qfq.
263
264 If unsure, say N.
265
266config NET_SCH_CODEL
267 tristate "Controlled Delay AQM (CODEL)"
268 help
269 Say Y here if you want to use the Controlled Delay (CODEL)
270 packet scheduling algorithm.
271
272 To compile this driver as a module, choose M here: the module
273 will be called sch_codel.
274
275 If unsure, say N.
276
277config NET_SCH_FQ_CODEL
278 tristate "Fair Queue Controlled Delay AQM (FQ_CODEL)"
279 help
280 Say Y here if you want to use the FQ Controlled Delay (FQ_CODEL)
281 packet scheduling algorithm.
282
283 To compile this driver as a module, choose M here: the module
284 will be called sch_fq_codel.
285
286 If unsure, say N.
287
288config NET_SCH_CAKE
289 tristate "Common Applications Kept Enhanced (CAKE)"
290 help
291 Say Y here if you want to use the Common Applications Kept Enhanced
292 (CAKE) queue management algorithm.
293
294 To compile this driver as a module, choose M here: the module
295 will be called sch_cake.
296
297 If unsure, say N.
298
299config NET_SCH_FQ
300 tristate "Fair Queue"
301 help
302 Say Y here if you want to use the FQ packet scheduling algorithm.
303
304 FQ does flow separation, and is able to respect pacing requirements
305 set by TCP stack into sk->sk_pacing_rate (for locally generated
306 traffic)
307
308 To compile this driver as a module, choose M here: the module
309 will be called sch_fq.
310
311 If unsure, say N.
312
313config NET_SCH_HHF
314 tristate "Heavy-Hitter Filter (HHF)"
315 help
316 Say Y here if you want to use the Heavy-Hitter Filter (HHF)
317 packet scheduling algorithm.
318
319 To compile this driver as a module, choose M here: the module
320 will be called sch_hhf.
321
322config NET_SCH_PIE
323 tristate "Proportional Integral controller Enhanced (PIE) scheduler"
324 help
325 Say Y here if you want to use the Proportional Integral controller
326 Enhanced scheduler packet scheduling algorithm.
327 For more information, please see https://tools.ietf.org/html/rfc8033
328
329 To compile this driver as a module, choose M here: the module
330 will be called sch_pie.
331
332 If unsure, say N.
333
334config NET_SCH_FQ_PIE
335 depends on NET_SCH_PIE
336 tristate "Flow Queue Proportional Integral controller Enhanced (FQ-PIE)"
337 help
338 Say Y here if you want to use the Flow Queue Proportional Integral
339 controller Enhanced (FQ-PIE) packet scheduling algorithm.
340 For more information, please see https://tools.ietf.org/html/rfc8033
341
342 To compile this driver as a module, choose M here: the module
343 will be called sch_fq_pie.
344
345 If unsure, say N.
346
347config NET_SCH_INGRESS
348 tristate "Ingress/classifier-action Qdisc"
349 depends on NET_CLS_ACT
350 select NET_XGRESS
351 help
352 Say Y here if you want to use classifiers for incoming and/or outgoing
353 packets. This qdisc doesn't do anything else besides running classifiers,
354 which can also have actions attached to them. In case of outgoing packets,
355 classifiers that this qdisc holds are executed in the transmit path
356 before real enqueuing to an egress qdisc happens.
357
358 If unsure, say Y.
359
360 To compile this code as a module, choose M here: the module will be
361 called sch_ingress with alias of sch_clsact.
362
363config NET_SCH_PLUG
364 tristate "Plug network traffic until release (PLUG)"
365 help
366
367 This queuing discipline allows userspace to plug/unplug a network
368 output queue, using the netlink interface. When it receives an
369 enqueue command it inserts a plug into the outbound queue that
370 causes following packets to enqueue until a dequeue command arrives
371 over netlink, causing the plug to be removed and resuming the normal
372 packet flow.
373
374 This module also provides a generic "network output buffering"
375 functionality (aka output commit), wherein upon arrival of a dequeue
376 command, only packets up to the first plug are released for delivery.
377 The Remus HA project uses this module to enable speculative execution
378 of virtual machines by allowing the generated network output to be rolled
379 back if needed.
380
381 For more information, please refer to <http://wiki.xenproject.org/wiki/Remus>
382
383 Say Y here if you are using this kernel for Xen dom0 and
384 want to protect Xen guests with Remus.
385
386 To compile this code as a module, choose M here: the
387 module will be called sch_plug.
388
389config NET_SCH_ETS
390 tristate "Enhanced transmission selection scheduler (ETS)"
391 help
392 The Enhanced Transmission Selection scheduler is a classful
393 queuing discipline that merges functionality of PRIO and DRR
394 qdiscs in one scheduler. ETS makes it easy to configure a set of
395 strict and bandwidth-sharing bands to implement the transmission
396 selection described in 802.1Qaz.
397
398 Say Y here if you want to use the ETS packet scheduling
399 algorithm.
400
401 To compile this driver as a module, choose M here: the module
402 will be called sch_ets.
403
404 If unsure, say N.
405
406menuconfig NET_SCH_DEFAULT
407 bool "Allow override default queue discipline"
408 help
409 Support for selection of default queuing discipline.
410
411 Nearly all users can safely say no here, and the default
412 of pfifo_fast will be used. Many distributions already set
413 the default value via /proc/sys/net/core/default_qdisc.
414
415 If unsure, say N.
416
417if NET_SCH_DEFAULT
418
419choice
420 prompt "Default queuing discipline"
421 default DEFAULT_PFIFO_FAST
422 help
423 Select the queueing discipline that will be used by default
424 for all network devices.
425
426 config DEFAULT_FQ
427 bool "Fair Queue" if NET_SCH_FQ
428
429 config DEFAULT_CODEL
430 bool "Controlled Delay" if NET_SCH_CODEL
431
432 config DEFAULT_FQ_CODEL
433 bool "Fair Queue Controlled Delay" if NET_SCH_FQ_CODEL
434
435 config DEFAULT_FQ_PIE
436 bool "Flow Queue Proportional Integral controller Enhanced" if NET_SCH_FQ_PIE
437
438 config DEFAULT_SFQ
439 bool "Stochastic Fair Queue" if NET_SCH_SFQ
440
441 config DEFAULT_PFIFO_FAST
442 bool "Priority FIFO Fast"
443endchoice
444
445config DEFAULT_NET_SCH
446 string
447 default "pfifo_fast" if DEFAULT_PFIFO_FAST
448 default "fq" if DEFAULT_FQ
449 default "fq_codel" if DEFAULT_FQ_CODEL
450 default "fq_pie" if DEFAULT_FQ_PIE
451 default "sfq" if DEFAULT_SFQ
452 default "pfifo_fast"
453endif
454
455comment "Classification"
456
457config NET_CLS
458 bool
459
460config NET_CLS_BASIC
461 tristate "Elementary classification (BASIC)"
462 select NET_CLS
463 help
464 Say Y here if you want to be able to classify packets using
465 only extended matches and actions.
466
467 To compile this code as a module, choose M here: the
468 module will be called cls_basic.
469
470config NET_CLS_ROUTE4
471 tristate "Routing decision (ROUTE)"
472 depends on INET
473 select IP_ROUTE_CLASSID
474 select NET_CLS
475 help
476 If you say Y here, you will be able to classify packets
477 according to the route table entry they matched.
478
479 To compile this code as a module, choose M here: the
480 module will be called cls_route.
481
482config NET_CLS_FW
483 tristate "Netfilter mark (FW)"
484 select NET_CLS
485 help
486 If you say Y here, you will be able to classify packets
487 according to netfilter/firewall marks.
488
489 To compile this code as a module, choose M here: the
490 module will be called cls_fw.
491
492config NET_CLS_U32
493 tristate "Universal 32bit comparisons w/ hashing (U32)"
494 select NET_CLS
495 help
496 Say Y here to be able to classify packets using a universal
497 32bit pieces based comparison scheme.
498
499 To compile this code as a module, choose M here: the
500 module will be called cls_u32.
501
502config CLS_U32_PERF
503 bool "Performance counters support"
504 depends on NET_CLS_U32
505 help
506 Say Y here to make u32 gather additional statistics useful for
507 fine tuning u32 classifiers.
508
509config CLS_U32_MARK
510 bool "Netfilter marks support"
511 depends on NET_CLS_U32
512 help
513 Say Y here to be able to use netfilter marks as u32 key.
514
515config NET_CLS_FLOW
516 tristate "Flow classifier"
517 select NET_CLS
518 help
519 If you say Y here, you will be able to classify packets based on
520 a configurable combination of packet keys. This is mostly useful
521 in combination with SFQ.
522
523 To compile this code as a module, choose M here: the
524 module will be called cls_flow.
525
526config NET_CLS_CGROUP
527 tristate "Control Group Classifier"
528 select NET_CLS
529 select CGROUP_NET_CLASSID
530 depends on CGROUPS
531 help
532 Say Y here if you want to classify packets based on the control
533 cgroup of their process.
534
535 To compile this code as a module, choose M here: the
536 module will be called cls_cgroup.
537
538config NET_CLS_BPF
539 tristate "BPF-based classifier"
540 select NET_CLS
541 help
542 If you say Y here, you will be able to classify packets based on
543 programmable BPF (JIT'ed) filters as an alternative to ematches.
544
545 To compile this code as a module, choose M here: the module will
546 be called cls_bpf.
547
548config NET_CLS_FLOWER
549 tristate "Flower classifier"
550 select NET_CLS
551 help
552 If you say Y here, you will be able to classify packets based on
553 a configurable combination of packet keys and masks.
554
555 To compile this code as a module, choose M here: the module will
556 be called cls_flower.
557
558config NET_CLS_MATCHALL
559 tristate "Match-all classifier"
560 select NET_CLS
561 help
562 If you say Y here, you will be able to classify packets based on
563 nothing. Every packet will match.
564
565 To compile this code as a module, choose M here: the module will
566 be called cls_matchall.
567
568config NET_EMATCH
569 bool "Extended Matches"
570 select NET_CLS
571 help
572 Say Y here if you want to use extended matches on top of classifiers
573 and select the extended matches below.
574
575 Extended matches are small classification helpers not worth writing
576 a separate classifier for.
577
578 A recent version of the iproute2 package is required to use
579 extended matches.
580
581config NET_EMATCH_STACK
582 int "Stack size"
583 depends on NET_EMATCH
584 default "32"
585 help
586 Size of the local stack variable used while evaluating the tree of
587 ematches. Limits the depth of the tree, i.e. the number of
588 encapsulated precedences. Every level requires 4 bytes of additional
589 stack space.
590
591config NET_EMATCH_CMP
592 tristate "Simple packet data comparison"
593 depends on NET_EMATCH
594 help
595 Say Y here if you want to be able to classify packets based on
596 simple packet data comparisons for 8, 16, and 32bit values.
597
598 To compile this code as a module, choose M here: the
599 module will be called em_cmp.
600
601config NET_EMATCH_NBYTE
602 tristate "Multi byte comparison"
603 depends on NET_EMATCH
604 help
605 Say Y here if you want to be able to classify packets based on
606 multiple byte comparisons mainly useful for IPv6 address comparisons.
607
608 To compile this code as a module, choose M here: the
609 module will be called em_nbyte.
610
611config NET_EMATCH_U32
612 tristate "U32 key"
613 depends on NET_EMATCH
614 help
615 Say Y here if you want to be able to classify packets using
616 the famous u32 key in combination with logic relations.
617
618 To compile this code as a module, choose M here: the
619 module will be called em_u32.
620
621config NET_EMATCH_META
622 tristate "Metadata"
623 depends on NET_EMATCH
624 help
625 Say Y here if you want to be able to classify packets based on
626 metadata such as load average, netfilter attributes, socket
627 attributes and routing decisions.
628
629 To compile this code as a module, choose M here: the
630 module will be called em_meta.
631
632config NET_EMATCH_TEXT
633 tristate "Textsearch"
634 depends on NET_EMATCH
635 select TEXTSEARCH
636 select TEXTSEARCH_KMP
637 select TEXTSEARCH_BM
638 select TEXTSEARCH_FSM
639 help
640 Say Y here if you want to be able to classify packets based on
641 textsearch comparisons.
642
643 To compile this code as a module, choose M here: the
644 module will be called em_text.
645
646config NET_EMATCH_CANID
647 tristate "CAN Identifier"
648 depends on NET_EMATCH && (CAN=y || CAN=m)
649 help
650 Say Y here if you want to be able to classify CAN frames based
651 on CAN Identifier.
652
653 To compile this code as a module, choose M here: the
654 module will be called em_canid.
655
656config NET_EMATCH_IPSET
657 tristate "IPset"
658 depends on NET_EMATCH && IP_SET
659 help
660 Say Y here if you want to be able to classify packets based on
661 ipset membership.
662
663 To compile this code as a module, choose M here: the
664 module will be called em_ipset.
665
666config NET_EMATCH_IPT
667 tristate "IPtables Matches"
668 depends on NET_EMATCH && NETFILTER && NETFILTER_XTABLES
669 help
670 Say Y here to be able to classify packets based on iptables
671 matches.
672 Current supported match is "policy" which allows packet classification
673 based on IPsec policy that was used during decapsulation
674
675 To compile this code as a module, choose M here: the
676 module will be called em_ipt.
677
678config NET_CLS_ACT
679 bool "Actions"
680 select NET_CLS
681 select NET_XGRESS
682 help
683 Say Y here if you want to use traffic control actions. Actions
684 get attached to classifiers and are invoked after a successful
685 classification. They are used to overwrite the classification
686 result, instantly drop or redirect packets, etc.
687
688 A recent version of the iproute2 package is required to use
689 extended matches.
690
691config NET_ACT_POLICE
692 tristate "Traffic Policing"
693 depends on NET_CLS_ACT
694 help
695 Say Y here if you want to do traffic policing, i.e. strict
696 bandwidth limiting. This action replaces the existing policing
697 module.
698
699 To compile this code as a module, choose M here: the
700 module will be called act_police.
701
702config NET_ACT_GACT
703 tristate "Generic actions"
704 depends on NET_CLS_ACT
705 help
706 Say Y here to take generic actions such as dropping and
707 accepting packets.
708
709 To compile this code as a module, choose M here: the
710 module will be called act_gact.
711
712config GACT_PROB
713 bool "Probability support"
714 depends on NET_ACT_GACT
715 help
716 Say Y here to use the generic action randomly or deterministically.
717
718config NET_ACT_MIRRED
719 tristate "Redirecting and Mirroring"
720 depends on NET_CLS_ACT
721 help
722 Say Y here to allow packets to be mirrored or redirected to
723 other devices.
724
725 To compile this code as a module, choose M here: the
726 module will be called act_mirred.
727
728config NET_ACT_SAMPLE
729 tristate "Traffic Sampling"
730 depends on NET_CLS_ACT
731 select PSAMPLE
732 help
733 Say Y here to allow packet sampling tc action. The packet sample
734 action consists of statistically choosing packets and sampling
735 them using the psample module.
736
737 To compile this code as a module, choose M here: the
738 module will be called act_sample.
739
740config NET_ACT_NAT
741 tristate "Stateless NAT"
742 depends on NET_CLS_ACT
743 help
744 Say Y here to do stateless NAT on IPv4 packets. You should use
745 netfilter for NAT unless you know what you are doing.
746
747 To compile this code as a module, choose M here: the
748 module will be called act_nat.
749
750config NET_ACT_PEDIT
751 tristate "Packet Editing"
752 depends on NET_CLS_ACT
753 help
754 Say Y here if you want to mangle the content of packets.
755
756 To compile this code as a module, choose M here: the
757 module will be called act_pedit.
758
759config NET_ACT_SIMP
760 tristate "Simple Example (Debug)"
761 depends on NET_CLS_ACT
762 help
763 Say Y here to add a simple action for demonstration purposes.
764 It is meant as an example and for debugging purposes. It will
765 print a configured policy string followed by the packet count
766 to the console for every packet that passes by.
767
768 If unsure, say N.
769
770 To compile this code as a module, choose M here: the
771 module will be called act_simple.
772
773config NET_ACT_SKBEDIT
774 tristate "SKB Editing"
775 depends on NET_CLS_ACT
776 help
777 Say Y here to change skb priority or queue_mapping settings.
778
779 If unsure, say N.
780
781 To compile this code as a module, choose M here: the
782 module will be called act_skbedit.
783
784config NET_ACT_CSUM
785 tristate "Checksum Updating"
786 depends on NET_CLS_ACT && INET
787 select LIBCRC32C
788 help
789 Say Y here to update some common checksum after some direct
790 packet alterations.
791
792 To compile this code as a module, choose M here: the
793 module will be called act_csum.
794
795config NET_ACT_MPLS
796 tristate "MPLS manipulation"
797 depends on NET_CLS_ACT
798 help
799 Say Y here to push or pop MPLS headers.
800
801 If unsure, say N.
802
803 To compile this code as a module, choose M here: the
804 module will be called act_mpls.
805
806config NET_ACT_VLAN
807 tristate "Vlan manipulation"
808 depends on NET_CLS_ACT
809 help
810 Say Y here to push or pop vlan headers.
811
812 If unsure, say N.
813
814 To compile this code as a module, choose M here: the
815 module will be called act_vlan.
816
817config NET_ACT_BPF
818 tristate "BPF based action"
819 depends on NET_CLS_ACT
820 help
821 Say Y here to execute BPF code on packets. The BPF code will decide
822 if the packet should be dropped or not.
823
824 If unsure, say N.
825
826 To compile this code as a module, choose M here: the
827 module will be called act_bpf.
828
829config NET_ACT_CONNMARK
830 tristate "Netfilter Connection Mark Retriever"
831 depends on NET_CLS_ACT && NETFILTER
832 depends on NF_CONNTRACK && NF_CONNTRACK_MARK
833 help
834 Say Y here to allow retrieving of conn mark
835
836 If unsure, say N.
837
838 To compile this code as a module, choose M here: the
839 module will be called act_connmark.
840
841config NET_ACT_CTINFO
842 tristate "Netfilter Connection Mark Actions"
843 depends on NET_CLS_ACT && NETFILTER
844 depends on NF_CONNTRACK && NF_CONNTRACK_MARK
845 help
846 Say Y here to allow transfer of a connmark stored information.
847 Current actions transfer connmark stored DSCP into
848 ipv4/v6 diffserv and/or to transfer connmark to packet
849 mark. Both are useful for restoring egress based marks
850 back onto ingress connections for qdisc priority mapping
851 purposes.
852
853 If unsure, say N.
854
855 To compile this code as a module, choose M here: the
856 module will be called act_ctinfo.
857
858config NET_ACT_SKBMOD
859 tristate "skb data modification action"
860 depends on NET_CLS_ACT
861 help
862 Say Y here to allow modification of skb data
863
864 If unsure, say N.
865
866 To compile this code as a module, choose M here: the
867 module will be called act_skbmod.
868
869config NET_ACT_IFE
870 tristate "Inter-FE action based on IETF ForCES InterFE LFB"
871 depends on NET_CLS_ACT
872 select NET_IFE
873 help
874 Say Y here to allow for sourcing and terminating metadata
875 For details refer to netdev01 paper:
876 "Distributing Linux Traffic Control Classifier-Action Subsystem"
877 Authors: Jamal Hadi Salim and Damascene M. Joachimpillai
878
879 To compile this code as a module, choose M here: the
880 module will be called act_ife.
881
882config NET_ACT_TUNNEL_KEY
883 tristate "IP tunnel metadata manipulation"
884 depends on NET_CLS_ACT
885 help
886 Say Y here to set/release ip tunnel metadata.
887
888 If unsure, say N.
889
890 To compile this code as a module, choose M here: the
891 module will be called act_tunnel_key.
892
893config NET_ACT_CT
894 tristate "connection tracking tc action"
895 depends on NET_CLS_ACT && NF_CONNTRACK && (!NF_NAT || NF_NAT) && NF_FLOW_TABLE
896 select NF_CONNTRACK_OVS
897 select NF_NAT_OVS if NF_NAT
898 help
899 Say Y here to allow sending the packets to conntrack module.
900
901 If unsure, say N.
902
903 To compile this code as a module, choose M here: the
904 module will be called act_ct.
905
906config NET_ACT_GATE
907 tristate "Frame gate entry list control tc action"
908 depends on NET_CLS_ACT
909 help
910 Say Y here to allow to control the ingress flow to be passed at
911 specific time slot and be dropped at other specific time slot by
912 the gate entry list.
913
914 If unsure, say N.
915 To compile this code as a module, choose M here: the
916 module will be called act_gate.
917
918config NET_IFE_SKBMARK
919 tristate "Support to encoding decoding skb mark on IFE action"
920 depends on NET_ACT_IFE
921
922config NET_IFE_SKBPRIO
923 tristate "Support to encoding decoding skb prio on IFE action"
924 depends on NET_ACT_IFE
925
926config NET_IFE_SKBTCINDEX
927 tristate "Support to encoding decoding skb tcindex on IFE action"
928 depends on NET_ACT_IFE
929
930config NET_TC_SKB_EXT
931 bool "TC recirculation support"
932 depends on NET_CLS_ACT
933 select SKB_EXTENSIONS
934
935 help
936 Say Y here to allow tc chain misses to continue in OvS datapath in
937 the correct recirc_id, and hardware chain misses to continue in
938 the correct chain in tc software datapath.
939
940 Say N here if you won't be using tc<->ovs offload or tc chains offload.
941
942endif # NET_SCHED
943
944config NET_SCH_FIFO
945 bool
1#
2# Traffic control configuration.
3#
4
5menuconfig NET_SCHED
6 bool "QoS and/or fair queueing"
7 select NET_SCH_FIFO
8 ---help---
9 When the kernel has several packets to send out over a network
10 device, it has to decide which ones to send first, which ones to
11 delay, and which ones to drop. This is the job of the queueing
12 disciplines, several different algorithms for how to do this
13 "fairly" have been proposed.
14
15 If you say N here, you will get the standard packet scheduler, which
16 is a FIFO (first come, first served). If you say Y here, you will be
17 able to choose from among several alternative algorithms which can
18 then be attached to different network devices. This is useful for
19 example if some of your network devices are real time devices that
20 need a certain minimum data flow rate, or if you need to limit the
21 maximum data flow rate for traffic which matches specified criteria.
22 This code is considered to be experimental.
23
24 To administer these schedulers, you'll need the user-level utilities
25 from the package iproute2+tc at
26 <https://www.kernel.org/pub/linux/utils/net/iproute2/>. That package
27 also contains some documentation; for more, check out
28 <http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2>.
29
30 This Quality of Service (QoS) support will enable you to use
31 Differentiated Services (diffserv) and Resource Reservation Protocol
32 (RSVP) on your Linux router if you also say Y to the corresponding
33 classifiers below. Documentation and software is at
34 <http://diffserv.sourceforge.net/>.
35
36 If you say Y here and to "/proc file system" below, you will be able
37 to read status information about packet schedulers from the file
38 /proc/net/psched.
39
40 The available schedulers are listed in the following questions; you
41 can say Y to as many as you like. If unsure, say N now.
42
43if NET_SCHED
44
45comment "Queueing/Scheduling"
46
47config NET_SCH_CBQ
48 tristate "Class Based Queueing (CBQ)"
49 ---help---
50 Say Y here if you want to use the Class-Based Queueing (CBQ) packet
51 scheduling algorithm. This algorithm classifies the waiting packets
52 into a tree-like hierarchy of classes; the leaves of this tree are
53 in turn scheduled by separate algorithms.
54
55 See the top of <file:net/sched/sch_cbq.c> for more details.
56
57 CBQ is a commonly used scheduler, so if you're unsure, you should
58 say Y here. Then say Y to all the queueing algorithms below that you
59 want to use as leaf disciplines.
60
61 To compile this code as a module, choose M here: the
62 module will be called sch_cbq.
63
64config NET_SCH_HTB
65 tristate "Hierarchical Token Bucket (HTB)"
66 ---help---
67 Say Y here if you want to use the Hierarchical Token Buckets (HTB)
68 packet scheduling algorithm. See
69 <http://luxik.cdi.cz/~devik/qos/htb/> for complete manual and
70 in-depth articles.
71
72 HTB is very similar to CBQ regarding its goals however is has
73 different properties and different algorithm.
74
75 To compile this code as a module, choose M here: the
76 module will be called sch_htb.
77
78config NET_SCH_HFSC
79 tristate "Hierarchical Fair Service Curve (HFSC)"
80 ---help---
81 Say Y here if you want to use the Hierarchical Fair Service Curve
82 (HFSC) packet scheduling algorithm.
83
84 To compile this code as a module, choose M here: the
85 module will be called sch_hfsc.
86
87config NET_SCH_ATM
88 tristate "ATM Virtual Circuits (ATM)"
89 depends on ATM
90 ---help---
91 Say Y here if you want to use the ATM pseudo-scheduler. This
92 provides a framework for invoking classifiers, which in turn
93 select classes of this queuing discipline. Each class maps
94 the flow(s) it is handling to a given virtual circuit.
95
96 See the top of <file:net/sched/sch_atm.c> for more details.
97
98 To compile this code as a module, choose M here: the
99 module will be called sch_atm.
100
101config NET_SCH_PRIO
102 tristate "Multi Band Priority Queueing (PRIO)"
103 ---help---
104 Say Y here if you want to use an n-band priority queue packet
105 scheduler.
106
107 To compile this code as a module, choose M here: the
108 module will be called sch_prio.
109
110config NET_SCH_MULTIQ
111 tristate "Hardware Multiqueue-aware Multi Band Queuing (MULTIQ)"
112 ---help---
113 Say Y here if you want to use an n-band queue packet scheduler
114 to support devices that have multiple hardware transmit queues.
115
116 To compile this code as a module, choose M here: the
117 module will be called sch_multiq.
118
119config NET_SCH_RED
120 tristate "Random Early Detection (RED)"
121 ---help---
122 Say Y here if you want to use the Random Early Detection (RED)
123 packet scheduling algorithm.
124
125 See the top of <file:net/sched/sch_red.c> for more details.
126
127 To compile this code as a module, choose M here: the
128 module will be called sch_red.
129
130config NET_SCH_SFB
131 tristate "Stochastic Fair Blue (SFB)"
132 ---help---
133 Say Y here if you want to use the Stochastic Fair Blue (SFB)
134 packet scheduling algorithm.
135
136 See the top of <file:net/sched/sch_sfb.c> for more details.
137
138 To compile this code as a module, choose M here: the
139 module will be called sch_sfb.
140
141config NET_SCH_SFQ
142 tristate "Stochastic Fairness Queueing (SFQ)"
143 ---help---
144 Say Y here if you want to use the Stochastic Fairness Queueing (SFQ)
145 packet scheduling algorithm.
146
147 See the top of <file:net/sched/sch_sfq.c> for more details.
148
149 To compile this code as a module, choose M here: the
150 module will be called sch_sfq.
151
152config NET_SCH_TEQL
153 tristate "True Link Equalizer (TEQL)"
154 ---help---
155 Say Y here if you want to use the True Link Equalizer (TLE) packet
156 scheduling algorithm. This queueing discipline allows the combination
157 of several physical devices into one virtual device.
158
159 See the top of <file:net/sched/sch_teql.c> for more details.
160
161 To compile this code as a module, choose M here: the
162 module will be called sch_teql.
163
164config NET_SCH_TBF
165 tristate "Token Bucket Filter (TBF)"
166 ---help---
167 Say Y here if you want to use the Token Bucket Filter (TBF) packet
168 scheduling algorithm.
169
170 See the top of <file:net/sched/sch_tbf.c> for more details.
171
172 To compile this code as a module, choose M here: the
173 module will be called sch_tbf.
174
175config NET_SCH_CBS
176 tristate "Credit Based Shaper (CBS)"
177 ---help---
178 Say Y here if you want to use the Credit Based Shaper (CBS) packet
179 scheduling algorithm.
180
181 See the top of <file:net/sched/sch_cbs.c> for more details.
182
183 To compile this code as a module, choose M here: the
184 module will be called sch_cbs.
185
186config NET_SCH_GRED
187 tristate "Generic Random Early Detection (GRED)"
188 ---help---
189 Say Y here if you want to use the Generic Random Early Detection
190 (GRED) packet scheduling algorithm for some of your network devices
191 (see the top of <file:net/sched/sch_red.c> for details and
192 references about the algorithm).
193
194 To compile this code as a module, choose M here: the
195 module will be called sch_gred.
196
197config NET_SCH_DSMARK
198 tristate "Differentiated Services marker (DSMARK)"
199 ---help---
200 Say Y if you want to schedule packets according to the
201 Differentiated Services architecture proposed in RFC 2475.
202 Technical information on this method, with pointers to associated
203 RFCs, is available at <http://www.gta.ufrj.br/diffserv/>.
204
205 To compile this code as a module, choose M here: the
206 module will be called sch_dsmark.
207
208config NET_SCH_NETEM
209 tristate "Network emulator (NETEM)"
210 ---help---
211 Say Y if you want to emulate network delay, loss, and packet
212 re-ordering. This is often useful to simulate networks when
213 testing applications or protocols.
214
215 To compile this driver as a module, choose M here: the module
216 will be called sch_netem.
217
218 If unsure, say N.
219
220config NET_SCH_DRR
221 tristate "Deficit Round Robin scheduler (DRR)"
222 help
223 Say Y here if you want to use the Deficit Round Robin (DRR) packet
224 scheduling algorithm.
225
226 To compile this driver as a module, choose M here: the module
227 will be called sch_drr.
228
229 If unsure, say N.
230
231config NET_SCH_MQPRIO
232 tristate "Multi-queue priority scheduler (MQPRIO)"
233 help
234 Say Y here if you want to use the Multi-queue Priority scheduler.
235 This scheduler allows QOS to be offloaded on NICs that have support
236 for offloading QOS schedulers.
237
238 To compile this driver as a module, choose M here: the module will
239 be called sch_mqprio.
240
241 If unsure, say N.
242
243config NET_SCH_CHOKE
244 tristate "CHOose and Keep responsive flow scheduler (CHOKE)"
245 help
246 Say Y here if you want to use the CHOKe packet scheduler (CHOose
247 and Keep for responsive flows, CHOose and Kill for unresponsive
248 flows). This is a variation of RED which trys to penalize flows
249 that monopolize the queue.
250
251 To compile this code as a module, choose M here: the
252 module will be called sch_choke.
253
254config NET_SCH_QFQ
255 tristate "Quick Fair Queueing scheduler (QFQ)"
256 help
257 Say Y here if you want to use the Quick Fair Queueing Scheduler (QFQ)
258 packet scheduling algorithm.
259
260 To compile this driver as a module, choose M here: the module
261 will be called sch_qfq.
262
263 If unsure, say N.
264
265config NET_SCH_CODEL
266 tristate "Controlled Delay AQM (CODEL)"
267 help
268 Say Y here if you want to use the Controlled Delay (CODEL)
269 packet scheduling algorithm.
270
271 To compile this driver as a module, choose M here: the module
272 will be called sch_codel.
273
274 If unsure, say N.
275
276config NET_SCH_FQ_CODEL
277 tristate "Fair Queue Controlled Delay AQM (FQ_CODEL)"
278 help
279 Say Y here if you want to use the FQ Controlled Delay (FQ_CODEL)
280 packet scheduling algorithm.
281
282 To compile this driver as a module, choose M here: the module
283 will be called sch_fq_codel.
284
285 If unsure, say N.
286
287config NET_SCH_FQ
288 tristate "Fair Queue"
289 help
290 Say Y here if you want to use the FQ packet scheduling algorithm.
291
292 FQ does flow separation, and is able to respect pacing requirements
293 set by TCP stack into sk->sk_pacing_rate (for localy generated
294 traffic)
295
296 To compile this driver as a module, choose M here: the module
297 will be called sch_fq.
298
299 If unsure, say N.
300
301config NET_SCH_HHF
302 tristate "Heavy-Hitter Filter (HHF)"
303 help
304 Say Y here if you want to use the Heavy-Hitter Filter (HHF)
305 packet scheduling algorithm.
306
307 To compile this driver as a module, choose M here: the module
308 will be called sch_hhf.
309
310config NET_SCH_PIE
311 tristate "Proportional Integral controller Enhanced (PIE) scheduler"
312 help
313 Say Y here if you want to use the Proportional Integral controller
314 Enhanced scheduler packet scheduling algorithm.
315 For more information, please see
316 http://tools.ietf.org/html/draft-pan-tsvwg-pie-00
317
318 To compile this driver as a module, choose M here: the module
319 will be called sch_pie.
320
321 If unsure, say N.
322
323config NET_SCH_INGRESS
324 tristate "Ingress/classifier-action Qdisc"
325 depends on NET_CLS_ACT
326 select NET_INGRESS
327 select NET_EGRESS
328 ---help---
329 Say Y here if you want to use classifiers for incoming and/or outgoing
330 packets. This qdisc doesn't do anything else besides running classifiers,
331 which can also have actions attached to them. In case of outgoing packets,
332 classifiers that this qdisc holds are executed in the transmit path
333 before real enqueuing to an egress qdisc happens.
334
335 If unsure, say Y.
336
337 To compile this code as a module, choose M here: the module will be
338 called sch_ingress with alias of sch_clsact.
339
340config NET_SCH_PLUG
341 tristate "Plug network traffic until release (PLUG)"
342 ---help---
343
344 This queuing discipline allows userspace to plug/unplug a network
345 output queue, using the netlink interface. When it receives an
346 enqueue command it inserts a plug into the outbound queue that
347 causes following packets to enqueue until a dequeue command arrives
348 over netlink, causing the plug to be removed and resuming the normal
349 packet flow.
350
351 This module also provides a generic "network output buffering"
352 functionality (aka output commit), wherein upon arrival of a dequeue
353 command, only packets up to the first plug are released for delivery.
354 The Remus HA project uses this module to enable speculative execution
355 of virtual machines by allowing the generated network output to be rolled
356 back if needed.
357
358 For more information, please refer to <http://wiki.xenproject.org/wiki/Remus>
359
360 Say Y here if you are using this kernel for Xen dom0 and
361 want to protect Xen guests with Remus.
362
363 To compile this code as a module, choose M here: the
364 module will be called sch_plug.
365
366menuconfig NET_SCH_DEFAULT
367 bool "Allow override default queue discipline"
368 ---help---
369 Support for selection of default queuing discipline.
370
371 Nearly all users can safely say no here, and the default
372 of pfifo_fast will be used. Many distributions already set
373 the default value via /proc/sys/net/core/default_qdisc.
374
375 If unsure, say N.
376
377if NET_SCH_DEFAULT
378
379choice
380 prompt "Default queuing discipline"
381 default DEFAULT_PFIFO_FAST
382 help
383 Select the queueing discipline that will be used by default
384 for all network devices.
385
386 config DEFAULT_FQ
387 bool "Fair Queue" if NET_SCH_FQ
388
389 config DEFAULT_CODEL
390 bool "Controlled Delay" if NET_SCH_CODEL
391
392 config DEFAULT_FQ_CODEL
393 bool "Fair Queue Controlled Delay" if NET_SCH_FQ_CODEL
394
395 config DEFAULT_SFQ
396 bool "Stochastic Fair Queue" if NET_SCH_SFQ
397
398 config DEFAULT_PFIFO_FAST
399 bool "Priority FIFO Fast"
400endchoice
401
402config DEFAULT_NET_SCH
403 string
404 default "pfifo_fast" if DEFAULT_PFIFO_FAST
405 default "fq" if DEFAULT_FQ
406 default "fq_codel" if DEFAULT_FQ_CODEL
407 default "sfq" if DEFAULT_SFQ
408 default "pfifo_fast"
409endif
410
411comment "Classification"
412
413config NET_CLS
414 bool
415
416config NET_CLS_BASIC
417 tristate "Elementary classification (BASIC)"
418 select NET_CLS
419 ---help---
420 Say Y here if you want to be able to classify packets using
421 only extended matches and actions.
422
423 To compile this code as a module, choose M here: the
424 module will be called cls_basic.
425
426config NET_CLS_TCINDEX
427 tristate "Traffic-Control Index (TCINDEX)"
428 select NET_CLS
429 ---help---
430 Say Y here if you want to be able to classify packets based on
431 traffic control indices. You will want this feature if you want
432 to implement Differentiated Services together with DSMARK.
433
434 To compile this code as a module, choose M here: the
435 module will be called cls_tcindex.
436
437config NET_CLS_ROUTE4
438 tristate "Routing decision (ROUTE)"
439 depends on INET
440 select IP_ROUTE_CLASSID
441 select NET_CLS
442 ---help---
443 If you say Y here, you will be able to classify packets
444 according to the route table entry they matched.
445
446 To compile this code as a module, choose M here: the
447 module will be called cls_route.
448
449config NET_CLS_FW
450 tristate "Netfilter mark (FW)"
451 select NET_CLS
452 ---help---
453 If you say Y here, you will be able to classify packets
454 according to netfilter/firewall marks.
455
456 To compile this code as a module, choose M here: the
457 module will be called cls_fw.
458
459config NET_CLS_U32
460 tristate "Universal 32bit comparisons w/ hashing (U32)"
461 select NET_CLS
462 ---help---
463 Say Y here to be able to classify packets using a universal
464 32bit pieces based comparison scheme.
465
466 To compile this code as a module, choose M here: the
467 module will be called cls_u32.
468
469config CLS_U32_PERF
470 bool "Performance counters support"
471 depends on NET_CLS_U32
472 ---help---
473 Say Y here to make u32 gather additional statistics useful for
474 fine tuning u32 classifiers.
475
476config CLS_U32_MARK
477 bool "Netfilter marks support"
478 depends on NET_CLS_U32
479 ---help---
480 Say Y here to be able to use netfilter marks as u32 key.
481
482config NET_CLS_RSVP
483 tristate "IPv4 Resource Reservation Protocol (RSVP)"
484 select NET_CLS
485 ---help---
486 The Resource Reservation Protocol (RSVP) permits end systems to
487 request a minimum and maximum data flow rate for a connection; this
488 is important for real time data such as streaming sound or video.
489
490 Say Y here if you want to be able to classify outgoing packets based
491 on their RSVP requests.
492
493 To compile this code as a module, choose M here: the
494 module will be called cls_rsvp.
495
496config NET_CLS_RSVP6
497 tristate "IPv6 Resource Reservation Protocol (RSVP6)"
498 select NET_CLS
499 ---help---
500 The Resource Reservation Protocol (RSVP) permits end systems to
501 request a minimum and maximum data flow rate for a connection; this
502 is important for real time data such as streaming sound or video.
503
504 Say Y here if you want to be able to classify outgoing packets based
505 on their RSVP requests and you are using the IPv6 protocol.
506
507 To compile this code as a module, choose M here: the
508 module will be called cls_rsvp6.
509
510config NET_CLS_FLOW
511 tristate "Flow classifier"
512 select NET_CLS
513 ---help---
514 If you say Y here, you will be able to classify packets based on
515 a configurable combination of packet keys. This is mostly useful
516 in combination with SFQ.
517
518 To compile this code as a module, choose M here: the
519 module will be called cls_flow.
520
521config NET_CLS_CGROUP
522 tristate "Control Group Classifier"
523 select NET_CLS
524 select CGROUP_NET_CLASSID
525 depends on CGROUPS
526 ---help---
527 Say Y here if you want to classify packets based on the control
528 cgroup of their process.
529
530 To compile this code as a module, choose M here: the
531 module will be called cls_cgroup.
532
533config NET_CLS_BPF
534 tristate "BPF-based classifier"
535 select NET_CLS
536 ---help---
537 If you say Y here, you will be able to classify packets based on
538 programmable BPF (JIT'ed) filters as an alternative to ematches.
539
540 To compile this code as a module, choose M here: the module will
541 be called cls_bpf.
542
543config NET_CLS_FLOWER
544 tristate "Flower classifier"
545 select NET_CLS
546 ---help---
547 If you say Y here, you will be able to classify packets based on
548 a configurable combination of packet keys and masks.
549
550 To compile this code as a module, choose M here: the module will
551 be called cls_flower.
552
553config NET_CLS_MATCHALL
554 tristate "Match-all classifier"
555 select NET_CLS
556 ---help---
557 If you say Y here, you will be able to classify packets based on
558 nothing. Every packet will match.
559
560 To compile this code as a module, choose M here: the module will
561 be called cls_matchall.
562
563config NET_EMATCH
564 bool "Extended Matches"
565 select NET_CLS
566 ---help---
567 Say Y here if you want to use extended matches on top of classifiers
568 and select the extended matches below.
569
570 Extended matches are small classification helpers not worth writing
571 a separate classifier for.
572
573 A recent version of the iproute2 package is required to use
574 extended matches.
575
576config NET_EMATCH_STACK
577 int "Stack size"
578 depends on NET_EMATCH
579 default "32"
580 ---help---
581 Size of the local stack variable used while evaluating the tree of
582 ematches. Limits the depth of the tree, i.e. the number of
583 encapsulated precedences. Every level requires 4 bytes of additional
584 stack space.
585
586config NET_EMATCH_CMP
587 tristate "Simple packet data comparison"
588 depends on NET_EMATCH
589 ---help---
590 Say Y here if you want to be able to classify packets based on
591 simple packet data comparisons for 8, 16, and 32bit values.
592
593 To compile this code as a module, choose M here: the
594 module will be called em_cmp.
595
596config NET_EMATCH_NBYTE
597 tristate "Multi byte comparison"
598 depends on NET_EMATCH
599 ---help---
600 Say Y here if you want to be able to classify packets based on
601 multiple byte comparisons mainly useful for IPv6 address comparisons.
602
603 To compile this code as a module, choose M here: the
604 module will be called em_nbyte.
605
606config NET_EMATCH_U32
607 tristate "U32 key"
608 depends on NET_EMATCH
609 ---help---
610 Say Y here if you want to be able to classify packets using
611 the famous u32 key in combination with logic relations.
612
613 To compile this code as a module, choose M here: the
614 module will be called em_u32.
615
616config NET_EMATCH_META
617 tristate "Metadata"
618 depends on NET_EMATCH
619 ---help---
620 Say Y here if you want to be able to classify packets based on
621 metadata such as load average, netfilter attributes, socket
622 attributes and routing decisions.
623
624 To compile this code as a module, choose M here: the
625 module will be called em_meta.
626
627config NET_EMATCH_TEXT
628 tristate "Textsearch"
629 depends on NET_EMATCH
630 select TEXTSEARCH
631 select TEXTSEARCH_KMP
632 select TEXTSEARCH_BM
633 select TEXTSEARCH_FSM
634 ---help---
635 Say Y here if you want to be able to classify packets based on
636 textsearch comparisons.
637
638 To compile this code as a module, choose M here: the
639 module will be called em_text.
640
641config NET_EMATCH_CANID
642 tristate "CAN Identifier"
643 depends on NET_EMATCH && (CAN=y || CAN=m)
644 ---help---
645 Say Y here if you want to be able to classify CAN frames based
646 on CAN Identifier.
647
648 To compile this code as a module, choose M here: the
649 module will be called em_canid.
650
651config NET_EMATCH_IPSET
652 tristate "IPset"
653 depends on NET_EMATCH && IP_SET
654 ---help---
655 Say Y here if you want to be able to classify packets based on
656 ipset membership.
657
658 To compile this code as a module, choose M here: the
659 module will be called em_ipset.
660
661config NET_EMATCH_IPT
662 tristate "IPtables Matches"
663 depends on NET_EMATCH && NETFILTER && NETFILTER_XTABLES
664 ---help---
665 Say Y here to be able to classify packets based on iptables
666 matches.
667 Current supported match is "policy" which allows packet classification
668 based on IPsec policy that was used during decapsulation
669
670 To compile this code as a module, choose M here: the
671 module will be called em_ipt.
672
673config NET_CLS_ACT
674 bool "Actions"
675 select NET_CLS
676 ---help---
677 Say Y here if you want to use traffic control actions. Actions
678 get attached to classifiers and are invoked after a successful
679 classification. They are used to overwrite the classification
680 result, instantly drop or redirect packets, etc.
681
682 A recent version of the iproute2 package is required to use
683 extended matches.
684
685config NET_ACT_POLICE
686 tristate "Traffic Policing"
687 depends on NET_CLS_ACT
688 ---help---
689 Say Y here if you want to do traffic policing, i.e. strict
690 bandwidth limiting. This action replaces the existing policing
691 module.
692
693 To compile this code as a module, choose M here: the
694 module will be called act_police.
695
696config NET_ACT_GACT
697 tristate "Generic actions"
698 depends on NET_CLS_ACT
699 ---help---
700 Say Y here to take generic actions such as dropping and
701 accepting packets.
702
703 To compile this code as a module, choose M here: the
704 module will be called act_gact.
705
706config GACT_PROB
707 bool "Probability support"
708 depends on NET_ACT_GACT
709 ---help---
710 Say Y here to use the generic action randomly or deterministically.
711
712config NET_ACT_MIRRED
713 tristate "Redirecting and Mirroring"
714 depends on NET_CLS_ACT
715 ---help---
716 Say Y here to allow packets to be mirrored or redirected to
717 other devices.
718
719 To compile this code as a module, choose M here: the
720 module will be called act_mirred.
721
722config NET_ACT_SAMPLE
723 tristate "Traffic Sampling"
724 depends on NET_CLS_ACT
725 select PSAMPLE
726 ---help---
727 Say Y here to allow packet sampling tc action. The packet sample
728 action consists of statistically choosing packets and sampling
729 them using the psample module.
730
731 To compile this code as a module, choose M here: the
732 module will be called act_sample.
733
734config NET_ACT_IPT
735 tristate "IPtables targets"
736 depends on NET_CLS_ACT && NETFILTER && IP_NF_IPTABLES
737 ---help---
738 Say Y here to be able to invoke iptables targets after successful
739 classification.
740
741 To compile this code as a module, choose M here: the
742 module will be called act_ipt.
743
744config NET_ACT_NAT
745 tristate "Stateless NAT"
746 depends on NET_CLS_ACT
747 ---help---
748 Say Y here to do stateless NAT on IPv4 packets. You should use
749 netfilter for NAT unless you know what you are doing.
750
751 To compile this code as a module, choose M here: the
752 module will be called act_nat.
753
754config NET_ACT_PEDIT
755 tristate "Packet Editing"
756 depends on NET_CLS_ACT
757 ---help---
758 Say Y here if you want to mangle the content of packets.
759
760 To compile this code as a module, choose M here: the
761 module will be called act_pedit.
762
763config NET_ACT_SIMP
764 tristate "Simple Example (Debug)"
765 depends on NET_CLS_ACT
766 ---help---
767 Say Y here to add a simple action for demonstration purposes.
768 It is meant as an example and for debugging purposes. It will
769 print a configured policy string followed by the packet count
770 to the console for every packet that passes by.
771
772 If unsure, say N.
773
774 To compile this code as a module, choose M here: the
775 module will be called act_simple.
776
777config NET_ACT_SKBEDIT
778 tristate "SKB Editing"
779 depends on NET_CLS_ACT
780 ---help---
781 Say Y here to change skb priority or queue_mapping settings.
782
783 If unsure, say N.
784
785 To compile this code as a module, choose M here: the
786 module will be called act_skbedit.
787
788config NET_ACT_CSUM
789 tristate "Checksum Updating"
790 depends on NET_CLS_ACT && INET
791 select LIBCRC32C
792 ---help---
793 Say Y here to update some common checksum after some direct
794 packet alterations.
795
796 To compile this code as a module, choose M here: the
797 module will be called act_csum.
798
799config NET_ACT_VLAN
800 tristate "Vlan manipulation"
801 depends on NET_CLS_ACT
802 ---help---
803 Say Y here to push or pop vlan headers.
804
805 If unsure, say N.
806
807 To compile this code as a module, choose M here: the
808 module will be called act_vlan.
809
810config NET_ACT_BPF
811 tristate "BPF based action"
812 depends on NET_CLS_ACT
813 ---help---
814 Say Y here to execute BPF code on packets. The BPF code will decide
815 if the packet should be dropped or not.
816
817 If unsure, say N.
818
819 To compile this code as a module, choose M here: the
820 module will be called act_bpf.
821
822config NET_ACT_CONNMARK
823 tristate "Netfilter Connection Mark Retriever"
824 depends on NET_CLS_ACT && NETFILTER && IP_NF_IPTABLES
825 depends on NF_CONNTRACK && NF_CONNTRACK_MARK
826 ---help---
827 Say Y here to allow retrieving of conn mark
828
829 If unsure, say N.
830
831 To compile this code as a module, choose M here: the
832 module will be called act_connmark.
833
834config NET_ACT_SKBMOD
835 tristate "skb data modification action"
836 depends on NET_CLS_ACT
837 ---help---
838 Say Y here to allow modification of skb data
839
840 If unsure, say N.
841
842 To compile this code as a module, choose M here: the
843 module will be called act_skbmod.
844
845config NET_ACT_IFE
846 tristate "Inter-FE action based on IETF ForCES InterFE LFB"
847 depends on NET_CLS_ACT
848 select NET_IFE
849 ---help---
850 Say Y here to allow for sourcing and terminating metadata
851 For details refer to netdev01 paper:
852 "Distributing Linux Traffic Control Classifier-Action Subsystem"
853 Authors: Jamal Hadi Salim and Damascene M. Joachimpillai
854
855 To compile this code as a module, choose M here: the
856 module will be called act_ife.
857
858config NET_ACT_TUNNEL_KEY
859 tristate "IP tunnel metadata manipulation"
860 depends on NET_CLS_ACT
861 ---help---
862 Say Y here to set/release ip tunnel metadata.
863
864 If unsure, say N.
865
866 To compile this code as a module, choose M here: the
867 module will be called act_tunnel_key.
868
869config NET_IFE_SKBMARK
870 tristate "Support to encoding decoding skb mark on IFE action"
871 depends on NET_ACT_IFE
872
873config NET_IFE_SKBPRIO
874 tristate "Support to encoding decoding skb prio on IFE action"
875 depends on NET_ACT_IFE
876
877config NET_IFE_SKBTCINDEX
878 tristate "Support to encoding decoding skb tcindex on IFE action"
879 depends on NET_ACT_IFE
880
881config NET_CLS_IND
882 bool "Incoming device classification"
883 depends on NET_CLS_U32 || NET_CLS_FW
884 ---help---
885 Say Y here to extend the u32 and fw classifier to support
886 classification based on the incoming device. This option is
887 likely to disappear in favour of the metadata ematch.
888
889endif # NET_SCHED
890
891config NET_SCH_FIFO
892 bool