forked from Qortal/Brooklyn
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1027 lines
31 KiB
1027 lines
31 KiB
# SPDX-License-Identifier: GPL-2.0-only |
|
# |
|
# Traffic control configuration. |
|
# |
|
|
|
menuconfig NET_SCHED |
|
bool "QoS and/or fair queueing" |
|
select NET_SCH_FIFO |
|
help |
|
When the kernel has several packets to send out over a network |
|
device, it has to decide which ones to send first, which ones to |
|
delay, and which ones to drop. This is the job of the queueing |
|
disciplines, several different algorithms for how to do this |
|
"fairly" have been proposed. |
|
|
|
If you say N here, you will get the standard packet scheduler, which |
|
is a FIFO (first come, first served). If you say Y here, you will be |
|
able to choose from among several alternative algorithms which can |
|
then be attached to different network devices. This is useful for |
|
example if some of your network devices are real time devices that |
|
need a certain minimum data flow rate, or if you need to limit the |
|
maximum data flow rate for traffic which matches specified criteria. |
|
This code is considered to be experimental. |
|
|
|
To administer these schedulers, you'll need the user-level utilities |
|
from the package iproute2+tc at |
|
<https://www.kernel.org/pub/linux/utils/net/iproute2/>. That package |
|
also contains some documentation; for more, check out |
|
<http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2>. |
|
|
|
This Quality of Service (QoS) support will enable you to use |
|
Differentiated Services (diffserv) and Resource Reservation Protocol |
|
(RSVP) on your Linux router if you also say Y to the corresponding |
|
classifiers below. Documentation and software is at |
|
<http://diffserv.sourceforge.net/>. |
|
|
|
If you say Y here and to "/proc file system" below, you will be able |
|
to read status information about packet schedulers from the file |
|
/proc/net/psched. |
|
|
|
The available schedulers are listed in the following questions; you |
|
can say Y to as many as you like. If unsure, say N now. |
|
|
|
if NET_SCHED |
|
|
|
comment "Queueing/Scheduling" |
|
|
|
config NET_SCH_CBQ |
|
tristate "Class Based Queueing (CBQ)" |
|
help |
|
Say Y here if you want to use the Class-Based Queueing (CBQ) packet |
|
scheduling algorithm. This algorithm classifies the waiting packets |
|
into a tree-like hierarchy of classes; the leaves of this tree are |
|
in turn scheduled by separate algorithms. |
|
|
|
See the top of <file:net/sched/sch_cbq.c> for more details. |
|
|
|
CBQ is a commonly used scheduler, so if you're unsure, you should |
|
say Y here. Then say Y to all the queueing algorithms below that you |
|
want to use as leaf disciplines. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called sch_cbq. |
|
|
|
config NET_SCH_HTB |
|
tristate "Hierarchical Token Bucket (HTB)" |
|
help |
|
Say Y here if you want to use the Hierarchical Token Buckets (HTB) |
|
packet scheduling algorithm. See |
|
<http://luxik.cdi.cz/~devik/qos/htb/> for complete manual and |
|
in-depth articles. |
|
|
|
HTB is very similar to CBQ regarding its goals however is has |
|
different properties and different algorithm. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called sch_htb. |
|
|
|
config NET_SCH_HFSC |
|
tristate "Hierarchical Fair Service Curve (HFSC)" |
|
help |
|
Say Y here if you want to use the Hierarchical Fair Service Curve |
|
(HFSC) packet scheduling algorithm. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called sch_hfsc. |
|
|
|
config NET_SCH_ATM |
|
tristate "ATM Virtual Circuits (ATM)" |
|
depends on ATM |
|
help |
|
Say Y here if you want to use the ATM pseudo-scheduler. This |
|
provides a framework for invoking classifiers, which in turn |
|
select classes of this queuing discipline. Each class maps |
|
the flow(s) it is handling to a given virtual circuit. |
|
|
|
See the top of <file:net/sched/sch_atm.c> for more details. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called sch_atm. |
|
|
|
config NET_SCH_PRIO |
|
tristate "Multi Band Priority Queueing (PRIO)" |
|
help |
|
Say Y here if you want to use an n-band priority queue packet |
|
scheduler. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called sch_prio. |
|
|
|
config NET_SCH_MULTIQ |
|
tristate "Hardware Multiqueue-aware Multi Band Queuing (MULTIQ)" |
|
help |
|
Say Y here if you want to use an n-band queue packet scheduler |
|
to support devices that have multiple hardware transmit queues. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called sch_multiq. |
|
|
|
config NET_SCH_RED |
|
tristate "Random Early Detection (RED)" |
|
help |
|
Say Y here if you want to use the Random Early Detection (RED) |
|
packet scheduling algorithm. |
|
|
|
See the top of <file:net/sched/sch_red.c> for more details. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called sch_red. |
|
|
|
config NET_SCH_SFB |
|
tristate "Stochastic Fair Blue (SFB)" |
|
help |
|
Say Y here if you want to use the Stochastic Fair Blue (SFB) |
|
packet scheduling algorithm. |
|
|
|
See the top of <file:net/sched/sch_sfb.c> for more details. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called sch_sfb. |
|
|
|
config NET_SCH_SFQ |
|
tristate "Stochastic Fairness Queueing (SFQ)" |
|
help |
|
Say Y here if you want to use the Stochastic Fairness Queueing (SFQ) |
|
packet scheduling algorithm. |
|
|
|
See the top of <file:net/sched/sch_sfq.c> for more details. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called sch_sfq. |
|
|
|
config NET_SCH_TEQL |
|
tristate "True Link Equalizer (TEQL)" |
|
help |
|
Say Y here if you want to use the True Link Equalizer (TLE) packet |
|
scheduling algorithm. This queueing discipline allows the combination |
|
of several physical devices into one virtual device. |
|
|
|
See the top of <file:net/sched/sch_teql.c> for more details. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called sch_teql. |
|
|
|
config NET_SCH_TBF |
|
tristate "Token Bucket Filter (TBF)" |
|
help |
|
Say Y here if you want to use the Token Bucket Filter (TBF) packet |
|
scheduling algorithm. |
|
|
|
See the top of <file:net/sched/sch_tbf.c> for more details. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called sch_tbf. |
|
|
|
config NET_SCH_CBS |
|
tristate "Credit Based Shaper (CBS)" |
|
help |
|
Say Y here if you want to use the Credit Based Shaper (CBS) packet |
|
scheduling algorithm. |
|
|
|
See the top of <file:net/sched/sch_cbs.c> for more details. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called sch_cbs. |
|
|
|
config NET_SCH_ETF |
|
tristate "Earliest TxTime First (ETF)" |
|
help |
|
Say Y here if you want to use the Earliest TxTime First (ETF) packet |
|
scheduling algorithm. |
|
|
|
See the top of <file:net/sched/sch_etf.c> for more details. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called sch_etf. |
|
|
|
config NET_SCH_TAPRIO |
|
tristate "Time Aware Priority (taprio) Scheduler" |
|
help |
|
Say Y here if you want to use the Time Aware Priority (taprio) packet |
|
scheduling algorithm. |
|
|
|
See the top of <file:net/sched/sch_taprio.c> for more details. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called sch_taprio. |
|
|
|
config NET_SCH_GRED |
|
tristate "Generic Random Early Detection (GRED)" |
|
help |
|
Say Y here if you want to use the Generic Random Early Detection |
|
(GRED) packet scheduling algorithm for some of your network devices |
|
(see the top of <file:net/sched/sch_red.c> for details and |
|
references about the algorithm). |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called sch_gred. |
|
|
|
config NET_SCH_DSMARK |
|
tristate "Differentiated Services marker (DSMARK)" |
|
help |
|
Say Y if you want to schedule packets according to the |
|
Differentiated Services architecture proposed in RFC 2475. |
|
Technical information on this method, with pointers to associated |
|
RFCs, is available at <http://www.gta.ufrj.br/diffserv/>. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called sch_dsmark. |
|
|
|
config NET_SCH_NETEM |
|
tristate "Network emulator (NETEM)" |
|
help |
|
Say Y if you want to emulate network delay, loss, and packet |
|
re-ordering. This is often useful to simulate networks when |
|
testing applications or protocols. |
|
|
|
To compile this driver as a module, choose M here: the module |
|
will be called sch_netem. |
|
|
|
If unsure, say N. |
|
|
|
config NET_SCH_DRR |
|
tristate "Deficit Round Robin scheduler (DRR)" |
|
help |
|
Say Y here if you want to use the Deficit Round Robin (DRR) packet |
|
scheduling algorithm. |
|
|
|
To compile this driver as a module, choose M here: the module |
|
will be called sch_drr. |
|
|
|
If unsure, say N. |
|
|
|
config NET_SCH_MQPRIO |
|
tristate "Multi-queue priority scheduler (MQPRIO)" |
|
help |
|
Say Y here if you want to use the Multi-queue Priority scheduler. |
|
This scheduler allows QOS to be offloaded on NICs that have support |
|
for offloading QOS schedulers. |
|
|
|
To compile this driver as a module, choose M here: the module will |
|
be called sch_mqprio. |
|
|
|
If unsure, say N. |
|
|
|
config NET_SCH_SKBPRIO |
|
tristate "SKB priority queue scheduler (SKBPRIO)" |
|
help |
|
Say Y here if you want to use the SKB priority queue |
|
scheduler. This schedules packets according to skb->priority, |
|
which is useful for request packets in DoS mitigation systems such |
|
as Gatekeeper. |
|
|
|
To compile this driver as a module, choose M here: the module will |
|
be called sch_skbprio. |
|
|
|
If unsure, say N. |
|
|
|
config NET_SCH_CHOKE |
|
tristate "CHOose and Keep responsive flow scheduler (CHOKE)" |
|
help |
|
Say Y here if you want to use the CHOKe packet scheduler (CHOose |
|
and Keep for responsive flows, CHOose and Kill for unresponsive |
|
flows). This is a variation of RED which tries to penalize flows |
|
that monopolize the queue. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called sch_choke. |
|
|
|
config NET_SCH_QFQ |
|
tristate "Quick Fair Queueing scheduler (QFQ)" |
|
help |
|
Say Y here if you want to use the Quick Fair Queueing Scheduler (QFQ) |
|
packet scheduling algorithm. |
|
|
|
To compile this driver as a module, choose M here: the module |
|
will be called sch_qfq. |
|
|
|
If unsure, say N. |
|
|
|
config NET_SCH_CODEL |
|
tristate "Controlled Delay AQM (CODEL)" |
|
help |
|
Say Y here if you want to use the Controlled Delay (CODEL) |
|
packet scheduling algorithm. |
|
|
|
To compile this driver as a module, choose M here: the module |
|
will be called sch_codel. |
|
|
|
If unsure, say N. |
|
|
|
config NET_SCH_FQ_CODEL |
|
tristate "Fair Queue Controlled Delay AQM (FQ_CODEL)" |
|
help |
|
Say Y here if you want to use the FQ Controlled Delay (FQ_CODEL) |
|
packet scheduling algorithm. |
|
|
|
To compile this driver as a module, choose M here: the module |
|
will be called sch_fq_codel. |
|
|
|
If unsure, say N. |
|
|
|
config NET_SCH_CAKE |
|
tristate "Common Applications Kept Enhanced (CAKE)" |
|
help |
|
Say Y here if you want to use the Common Applications Kept Enhanced |
|
(CAKE) queue management algorithm. |
|
|
|
To compile this driver as a module, choose M here: the module |
|
will be called sch_cake. |
|
|
|
If unsure, say N. |
|
|
|
config NET_SCH_FQ |
|
tristate "Fair Queue" |
|
help |
|
Say Y here if you want to use the FQ packet scheduling algorithm. |
|
|
|
FQ does flow separation, and is able to respect pacing requirements |
|
set by TCP stack into sk->sk_pacing_rate (for localy generated |
|
traffic) |
|
|
|
To compile this driver as a module, choose M here: the module |
|
will be called sch_fq. |
|
|
|
If unsure, say N. |
|
|
|
config NET_SCH_HHF |
|
tristate "Heavy-Hitter Filter (HHF)" |
|
help |
|
Say Y here if you want to use the Heavy-Hitter Filter (HHF) |
|
packet scheduling algorithm. |
|
|
|
To compile this driver as a module, choose M here: the module |
|
will be called sch_hhf. |
|
|
|
config NET_SCH_PIE |
|
tristate "Proportional Integral controller Enhanced (PIE) scheduler" |
|
help |
|
Say Y here if you want to use the Proportional Integral controller |
|
Enhanced scheduler packet scheduling algorithm. |
|
For more information, please see https://tools.ietf.org/html/rfc8033 |
|
|
|
To compile this driver as a module, choose M here: the module |
|
will be called sch_pie. |
|
|
|
If unsure, say N. |
|
|
|
config NET_SCH_FQ_PIE |
|
depends on NET_SCH_PIE |
|
tristate "Flow Queue Proportional Integral controller Enhanced (FQ-PIE)" |
|
help |
|
Say Y here if you want to use the Flow Queue Proportional Integral |
|
controller Enhanced (FQ-PIE) packet scheduling algorithm. |
|
For more information, please see https://tools.ietf.org/html/rfc8033 |
|
|
|
To compile this driver as a module, choose M here: the module |
|
will be called sch_fq_pie. |
|
|
|
If unsure, say N. |
|
|
|
config NET_SCH_INGRESS |
|
tristate "Ingress/classifier-action Qdisc" |
|
depends on NET_CLS_ACT |
|
select NET_INGRESS |
|
select NET_EGRESS |
|
help |
|
Say Y here if you want to use classifiers for incoming and/or outgoing |
|
packets. This qdisc doesn't do anything else besides running classifiers, |
|
which can also have actions attached to them. In case of outgoing packets, |
|
classifiers that this qdisc holds are executed in the transmit path |
|
before real enqueuing to an egress qdisc happens. |
|
|
|
If unsure, say Y. |
|
|
|
To compile this code as a module, choose M here: the module will be |
|
called sch_ingress with alias of sch_clsact. |
|
|
|
config NET_SCH_PLUG |
|
tristate "Plug network traffic until release (PLUG)" |
|
help |
|
|
|
This queuing discipline allows userspace to plug/unplug a network |
|
output queue, using the netlink interface. When it receives an |
|
enqueue command it inserts a plug into the outbound queue that |
|
causes following packets to enqueue until a dequeue command arrives |
|
over netlink, causing the plug to be removed and resuming the normal |
|
packet flow. |
|
|
|
This module also provides a generic "network output buffering" |
|
functionality (aka output commit), wherein upon arrival of a dequeue |
|
command, only packets up to the first plug are released for delivery. |
|
The Remus HA project uses this module to enable speculative execution |
|
of virtual machines by allowing the generated network output to be rolled |
|
back if needed. |
|
|
|
For more information, please refer to <http://wiki.xenproject.org/wiki/Remus> |
|
|
|
Say Y here if you are using this kernel for Xen dom0 and |
|
want to protect Xen guests with Remus. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called sch_plug. |
|
|
|
config NET_SCH_ETS |
|
tristate "Enhanced transmission selection scheduler (ETS)" |
|
help |
|
The Enhanced Transmission Selection scheduler is a classful |
|
queuing discipline that merges functionality of PRIO and DRR |
|
qdiscs in one scheduler. ETS makes it easy to configure a set of |
|
strict and bandwidth-sharing bands to implement the transmission |
|
selection described in 802.1Qaz. |
|
|
|
Say Y here if you want to use the ETS packet scheduling |
|
algorithm. |
|
|
|
To compile this driver as a module, choose M here: the module |
|
will be called sch_ets. |
|
|
|
If unsure, say N. |
|
|
|
menuconfig NET_SCH_DEFAULT |
|
bool "Allow override default queue discipline" |
|
help |
|
Support for selection of default queuing discipline. |
|
|
|
Nearly all users can safely say no here, and the default |
|
of pfifo_fast will be used. Many distributions already set |
|
the default value via /proc/sys/net/core/default_qdisc. |
|
|
|
If unsure, say N. |
|
|
|
if NET_SCH_DEFAULT |
|
|
|
choice |
|
prompt "Default queuing discipline" |
|
default DEFAULT_PFIFO_FAST |
|
help |
|
Select the queueing discipline that will be used by default |
|
for all network devices. |
|
|
|
config DEFAULT_FQ |
|
bool "Fair Queue" if NET_SCH_FQ |
|
|
|
config DEFAULT_CODEL |
|
bool "Controlled Delay" if NET_SCH_CODEL |
|
|
|
config DEFAULT_FQ_CODEL |
|
bool "Fair Queue Controlled Delay" if NET_SCH_FQ_CODEL |
|
|
|
config DEFAULT_FQ_PIE |
|
bool "Flow Queue Proportional Integral controller Enhanced" if NET_SCH_FQ_PIE |
|
|
|
config DEFAULT_SFQ |
|
bool "Stochastic Fair Queue" if NET_SCH_SFQ |
|
|
|
config DEFAULT_PFIFO_FAST |
|
bool "Priority FIFO Fast" |
|
endchoice |
|
|
|
config DEFAULT_NET_SCH |
|
string |
|
default "pfifo_fast" if DEFAULT_PFIFO_FAST |
|
default "fq" if DEFAULT_FQ |
|
default "fq_codel" if DEFAULT_FQ_CODEL |
|
default "fq_pie" if DEFAULT_FQ_PIE |
|
default "sfq" if DEFAULT_SFQ |
|
default "pfifo_fast" |
|
endif |
|
|
|
comment "Classification" |
|
|
|
config NET_CLS |
|
bool |
|
|
|
config NET_CLS_BASIC |
|
tristate "Elementary classification (BASIC)" |
|
select NET_CLS |
|
help |
|
Say Y here if you want to be able to classify packets using |
|
only extended matches and actions. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called cls_basic. |
|
|
|
config NET_CLS_TCINDEX |
|
tristate "Traffic-Control Index (TCINDEX)" |
|
select NET_CLS |
|
help |
|
Say Y here if you want to be able to classify packets based on |
|
traffic control indices. You will want this feature if you want |
|
to implement Differentiated Services together with DSMARK. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called cls_tcindex. |
|
|
|
config NET_CLS_ROUTE4 |
|
tristate "Routing decision (ROUTE)" |
|
depends on INET |
|
select IP_ROUTE_CLASSID |
|
select NET_CLS |
|
help |
|
If you say Y here, you will be able to classify packets |
|
according to the route table entry they matched. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called cls_route. |
|
|
|
config NET_CLS_FW |
|
tristate "Netfilter mark (FW)" |
|
select NET_CLS |
|
help |
|
If you say Y here, you will be able to classify packets |
|
according to netfilter/firewall marks. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called cls_fw. |
|
|
|
config NET_CLS_U32 |
|
tristate "Universal 32bit comparisons w/ hashing (U32)" |
|
select NET_CLS |
|
help |
|
Say Y here to be able to classify packets using a universal |
|
32bit pieces based comparison scheme. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called cls_u32. |
|
|
|
config CLS_U32_PERF |
|
bool "Performance counters support" |
|
depends on NET_CLS_U32 |
|
help |
|
Say Y here to make u32 gather additional statistics useful for |
|
fine tuning u32 classifiers. |
|
|
|
config CLS_U32_MARK |
|
bool "Netfilter marks support" |
|
depends on NET_CLS_U32 |
|
help |
|
Say Y here to be able to use netfilter marks as u32 key. |
|
|
|
config NET_CLS_RSVP |
|
tristate "IPv4 Resource Reservation Protocol (RSVP)" |
|
select NET_CLS |
|
help |
|
The Resource Reservation Protocol (RSVP) permits end systems to |
|
request a minimum and maximum data flow rate for a connection; this |
|
is important for real time data such as streaming sound or video. |
|
|
|
Say Y here if you want to be able to classify outgoing packets based |
|
on their RSVP requests. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called cls_rsvp. |
|
|
|
config NET_CLS_RSVP6 |
|
tristate "IPv6 Resource Reservation Protocol (RSVP6)" |
|
select NET_CLS |
|
help |
|
The Resource Reservation Protocol (RSVP) permits end systems to |
|
request a minimum and maximum data flow rate for a connection; this |
|
is important for real time data such as streaming sound or video. |
|
|
|
Say Y here if you want to be able to classify outgoing packets based |
|
on their RSVP requests and you are using the IPv6 protocol. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called cls_rsvp6. |
|
|
|
config NET_CLS_FLOW |
|
tristate "Flow classifier" |
|
select NET_CLS |
|
help |
|
If you say Y here, you will be able to classify packets based on |
|
a configurable combination of packet keys. This is mostly useful |
|
in combination with SFQ. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called cls_flow. |
|
|
|
config NET_CLS_CGROUP |
|
tristate "Control Group Classifier" |
|
select NET_CLS |
|
select CGROUP_NET_CLASSID |
|
depends on CGROUPS |
|
help |
|
Say Y here if you want to classify packets based on the control |
|
cgroup of their process. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called cls_cgroup. |
|
|
|
config NET_CLS_BPF |
|
tristate "BPF-based classifier" |
|
select NET_CLS |
|
help |
|
If you say Y here, you will be able to classify packets based on |
|
programmable BPF (JIT'ed) filters as an alternative to ematches. |
|
|
|
To compile this code as a module, choose M here: the module will |
|
be called cls_bpf. |
|
|
|
config NET_CLS_FLOWER |
|
tristate "Flower classifier" |
|
select NET_CLS |
|
help |
|
If you say Y here, you will be able to classify packets based on |
|
a configurable combination of packet keys and masks. |
|
|
|
To compile this code as a module, choose M here: the module will |
|
be called cls_flower. |
|
|
|
config NET_CLS_MATCHALL |
|
tristate "Match-all classifier" |
|
select NET_CLS |
|
help |
|
If you say Y here, you will be able to classify packets based on |
|
nothing. Every packet will match. |
|
|
|
To compile this code as a module, choose M here: the module will |
|
be called cls_matchall. |
|
|
|
config NET_EMATCH |
|
bool "Extended Matches" |
|
select NET_CLS |
|
help |
|
Say Y here if you want to use extended matches on top of classifiers |
|
and select the extended matches below. |
|
|
|
Extended matches are small classification helpers not worth writing |
|
a separate classifier for. |
|
|
|
A recent version of the iproute2 package is required to use |
|
extended matches. |
|
|
|
config NET_EMATCH_STACK |
|
int "Stack size" |
|
depends on NET_EMATCH |
|
default "32" |
|
help |
|
Size of the local stack variable used while evaluating the tree of |
|
ematches. Limits the depth of the tree, i.e. the number of |
|
encapsulated precedences. Every level requires 4 bytes of additional |
|
stack space. |
|
|
|
config NET_EMATCH_CMP |
|
tristate "Simple packet data comparison" |
|
depends on NET_EMATCH |
|
help |
|
Say Y here if you want to be able to classify packets based on |
|
simple packet data comparisons for 8, 16, and 32bit values. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called em_cmp. |
|
|
|
config NET_EMATCH_NBYTE |
|
tristate "Multi byte comparison" |
|
depends on NET_EMATCH |
|
help |
|
Say Y here if you want to be able to classify packets based on |
|
multiple byte comparisons mainly useful for IPv6 address comparisons. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called em_nbyte. |
|
|
|
config NET_EMATCH_U32 |
|
tristate "U32 key" |
|
depends on NET_EMATCH |
|
help |
|
Say Y here if you want to be able to classify packets using |
|
the famous u32 key in combination with logic relations. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called em_u32. |
|
|
|
config NET_EMATCH_META |
|
tristate "Metadata" |
|
depends on NET_EMATCH |
|
help |
|
Say Y here if you want to be able to classify packets based on |
|
metadata such as load average, netfilter attributes, socket |
|
attributes and routing decisions. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called em_meta. |
|
|
|
config NET_EMATCH_TEXT |
|
tristate "Textsearch" |
|
depends on NET_EMATCH |
|
select TEXTSEARCH |
|
select TEXTSEARCH_KMP |
|
select TEXTSEARCH_BM |
|
select TEXTSEARCH_FSM |
|
help |
|
Say Y here if you want to be able to classify packets based on |
|
textsearch comparisons. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called em_text. |
|
|
|
config NET_EMATCH_CANID |
|
tristate "CAN Identifier" |
|
depends on NET_EMATCH && (CAN=y || CAN=m) |
|
help |
|
Say Y here if you want to be able to classify CAN frames based |
|
on CAN Identifier. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called em_canid. |
|
|
|
config NET_EMATCH_IPSET |
|
tristate "IPset" |
|
depends on NET_EMATCH && IP_SET |
|
help |
|
Say Y here if you want to be able to classify packets based on |
|
ipset membership. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called em_ipset. |
|
|
|
config NET_EMATCH_IPT |
|
tristate "IPtables Matches" |
|
depends on NET_EMATCH && NETFILTER && NETFILTER_XTABLES |
|
help |
|
Say Y here to be able to classify packets based on iptables |
|
matches. |
|
Current supported match is "policy" which allows packet classification |
|
based on IPsec policy that was used during decapsulation |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called em_ipt. |
|
|
|
config NET_CLS_ACT |
|
bool "Actions" |
|
select NET_CLS |
|
help |
|
Say Y here if you want to use traffic control actions. Actions |
|
get attached to classifiers and are invoked after a successful |
|
classification. They are used to overwrite the classification |
|
result, instantly drop or redirect packets, etc. |
|
|
|
A recent version of the iproute2 package is required to use |
|
extended matches. |
|
|
|
config NET_ACT_POLICE |
|
tristate "Traffic Policing" |
|
depends on NET_CLS_ACT |
|
help |
|
Say Y here if you want to do traffic policing, i.e. strict |
|
bandwidth limiting. This action replaces the existing policing |
|
module. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called act_police. |
|
|
|
config NET_ACT_GACT |
|
tristate "Generic actions" |
|
depends on NET_CLS_ACT |
|
help |
|
Say Y here to take generic actions such as dropping and |
|
accepting packets. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called act_gact. |
|
|
|
config GACT_PROB |
|
bool "Probability support" |
|
depends on NET_ACT_GACT |
|
help |
|
Say Y here to use the generic action randomly or deterministically. |
|
|
|
config NET_ACT_MIRRED |
|
tristate "Redirecting and Mirroring" |
|
depends on NET_CLS_ACT |
|
help |
|
Say Y here to allow packets to be mirrored or redirected to |
|
other devices. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called act_mirred. |
|
|
|
config NET_ACT_SAMPLE |
|
tristate "Traffic Sampling" |
|
depends on NET_CLS_ACT |
|
select PSAMPLE |
|
help |
|
Say Y here to allow packet sampling tc action. The packet sample |
|
action consists of statistically choosing packets and sampling |
|
them using the psample module. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called act_sample. |
|
|
|
config NET_ACT_IPT |
|
tristate "IPtables targets" |
|
depends on NET_CLS_ACT && NETFILTER && NETFILTER_XTABLES |
|
help |
|
Say Y here to be able to invoke iptables targets after successful |
|
classification. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called act_ipt. |
|
|
|
config NET_ACT_NAT |
|
tristate "Stateless NAT" |
|
depends on NET_CLS_ACT |
|
help |
|
Say Y here to do stateless NAT on IPv4 packets. You should use |
|
netfilter for NAT unless you know what you are doing. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called act_nat. |
|
|
|
config NET_ACT_PEDIT |
|
tristate "Packet Editing" |
|
depends on NET_CLS_ACT |
|
help |
|
Say Y here if you want to mangle the content of packets. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called act_pedit. |
|
|
|
config NET_ACT_SIMP |
|
tristate "Simple Example (Debug)" |
|
depends on NET_CLS_ACT |
|
help |
|
Say Y here to add a simple action for demonstration purposes. |
|
It is meant as an example and for debugging purposes. It will |
|
print a configured policy string followed by the packet count |
|
to the console for every packet that passes by. |
|
|
|
If unsure, say N. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called act_simple. |
|
|
|
config NET_ACT_SKBEDIT |
|
tristate "SKB Editing" |
|
depends on NET_CLS_ACT |
|
help |
|
Say Y here to change skb priority or queue_mapping settings. |
|
|
|
If unsure, say N. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called act_skbedit. |
|
|
|
config NET_ACT_CSUM |
|
tristate "Checksum Updating" |
|
depends on NET_CLS_ACT && INET |
|
select LIBCRC32C |
|
help |
|
Say Y here to update some common checksum after some direct |
|
packet alterations. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called act_csum. |
|
|
|
config NET_ACT_MPLS |
|
tristate "MPLS manipulation" |
|
depends on NET_CLS_ACT |
|
help |
|
Say Y here to push or pop MPLS headers. |
|
|
|
If unsure, say N. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called act_mpls. |
|
|
|
config NET_ACT_VLAN |
|
tristate "Vlan manipulation" |
|
depends on NET_CLS_ACT |
|
help |
|
Say Y here to push or pop vlan headers. |
|
|
|
If unsure, say N. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called act_vlan. |
|
|
|
config NET_ACT_BPF |
|
tristate "BPF based action" |
|
depends on NET_CLS_ACT |
|
help |
|
Say Y here to execute BPF code on packets. The BPF code will decide |
|
if the packet should be dropped or not. |
|
|
|
If unsure, say N. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called act_bpf. |
|
|
|
config NET_ACT_CONNMARK |
|
tristate "Netfilter Connection Mark Retriever" |
|
depends on NET_CLS_ACT && NETFILTER |
|
depends on NF_CONNTRACK && NF_CONNTRACK_MARK |
|
help |
|
Say Y here to allow retrieving of conn mark |
|
|
|
If unsure, say N. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called act_connmark. |
|
|
|
config NET_ACT_CTINFO |
|
tristate "Netfilter Connection Mark Actions" |
|
depends on NET_CLS_ACT && NETFILTER |
|
depends on NF_CONNTRACK && NF_CONNTRACK_MARK |
|
help |
|
Say Y here to allow transfer of a connmark stored information. |
|
Current actions transfer connmark stored DSCP into |
|
ipv4/v6 diffserv and/or to transfer connmark to packet |
|
mark. Both are useful for restoring egress based marks |
|
back onto ingress connections for qdisc priority mapping |
|
purposes. |
|
|
|
If unsure, say N. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called act_ctinfo. |
|
|
|
config NET_ACT_SKBMOD |
|
tristate "skb data modification action" |
|
depends on NET_CLS_ACT |
|
help |
|
Say Y here to allow modification of skb data |
|
|
|
If unsure, say N. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called act_skbmod. |
|
|
|
config NET_ACT_IFE |
|
tristate "Inter-FE action based on IETF ForCES InterFE LFB" |
|
depends on NET_CLS_ACT |
|
select NET_IFE |
|
help |
|
Say Y here to allow for sourcing and terminating metadata |
|
For details refer to netdev01 paper: |
|
"Distributing Linux Traffic Control Classifier-Action Subsystem" |
|
Authors: Jamal Hadi Salim and Damascene M. Joachimpillai |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called act_ife. |
|
|
|
config NET_ACT_TUNNEL_KEY |
|
tristate "IP tunnel metadata manipulation" |
|
depends on NET_CLS_ACT |
|
help |
|
Say Y here to set/release ip tunnel metadata. |
|
|
|
If unsure, say N. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called act_tunnel_key. |
|
|
|
config NET_ACT_CT |
|
tristate "connection tracking tc action" |
|
depends on NET_CLS_ACT && NF_CONNTRACK && NF_NAT && NF_FLOW_TABLE |
|
help |
|
Say Y here to allow sending the packets to conntrack module. |
|
|
|
If unsure, say N. |
|
|
|
To compile this code as a module, choose M here: the |
|
module will be called act_ct. |
|
|
|
config NET_ACT_GATE |
|
tristate "Frame gate entry list control tc action" |
|
depends on NET_CLS_ACT |
|
help |
|
Say Y here to allow to control the ingress flow to be passed at |
|
specific time slot and be dropped at other specific time slot by |
|
the gate entry list. |
|
|
|
If unsure, say N. |
|
To compile this code as a module, choose M here: the |
|
module will be called act_gate. |
|
|
|
config NET_IFE_SKBMARK |
|
tristate "Support to encoding decoding skb mark on IFE action" |
|
depends on NET_ACT_IFE |
|
|
|
config NET_IFE_SKBPRIO |
|
tristate "Support to encoding decoding skb prio on IFE action" |
|
depends on NET_ACT_IFE |
|
|
|
config NET_IFE_SKBTCINDEX |
|
tristate "Support to encoding decoding skb tcindex on IFE action" |
|
depends on NET_ACT_IFE |
|
|
|
config NET_TC_SKB_EXT |
|
bool "TC recirculation support" |
|
depends on NET_CLS_ACT |
|
select SKB_EXTENSIONS |
|
|
|
help |
|
Say Y here to allow tc chain misses to continue in OvS datapath in |
|
the correct recirc_id, and hardware chain misses to continue in |
|
the correct chain in tc software datapath. |
|
|
|
Say N here if you won't be using tc<->ovs offload or tc chains offload. |
|
|
|
endif # NET_SCHED |
|
|
|
config NET_SCH_FIFO |
|
bool
|
|
|