| # SPDX-License-Identifier: GPL-2.0-only |
| # |
| # Traffic control configuration. |
| # |
| |
| menuconfig NET_SCHED |
| bool "QoS and/or fair queueing" |
| select NET_SCH_FIFO |
| ---help--- |
| When the kernel has several packets to send out over a network |
| device, it has to decide which ones to send first, which ones to |
| delay, and which ones to drop. This is the job of the queueing |
| disciplines, several different algorithms for how to do this |
| "fairly" have been proposed. |
| |
| If you say N here, you will get the standard packet scheduler, which |
| is a FIFO (first come, first served). If you say Y here, you will be |
| able to choose from among several alternative algorithms which can |
| then be attached to different network devices. This is useful for |
| example if some of your network devices are real time devices that |
| need a certain minimum data flow rate, or if you need to limit the |
| maximum data flow rate for traffic which matches specified criteria. |
| This code is considered to be experimental. |
| |
| To administer these schedulers, you'll need the user-level utilities |
| from the package iproute2+tc at |
| <https://www.kernel.org/pub/linux/utils/net/iproute2/>. That package |
| also contains some documentation; for more, check out |
| <http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2>. |
| |
| This Quality of Service (QoS) support will enable you to use |
| Differentiated Services (diffserv) and Resource Reservation Protocol |
| (RSVP) on your Linux router if you also say Y to the corresponding |
| classifiers below. Documentation and software is at |
| <http://diffserv.sourceforge.net/>. |
| |
| If you say Y here and to "/proc file system" below, you will be able |
| to read status information about packet schedulers from the file |
| /proc/net/psched. |
| |
| The available schedulers are listed in the following questions; you |
| can say Y to as many as you like. If unsure, say N now. |
| |
| if NET_SCHED |
| |
| comment "Queueing/Scheduling" |
| |
| config NET_SCH_CBQ |
| tristate "Class Based Queueing (CBQ)" |
| ---help--- |
| Say Y here if you want to use the Class-Based Queueing (CBQ) packet |
| scheduling algorithm. This algorithm classifies the waiting packets |
| into a tree-like hierarchy of classes; the leaves of this tree are |
| in turn scheduled by separate algorithms. |
| |
| See the top of <file:net/sched/sch_cbq.c> for more details. |
| |
| CBQ is a commonly used scheduler, so if you're unsure, you should |
| say Y here. Then say Y to all the queueing algorithms below that you |
| want to use as leaf disciplines. |
| |
| To compile this code as a module, choose M here: the |
| module will be called sch_cbq. |
| |
| config NET_SCH_HTB |
| tristate "Hierarchical Token Bucket (HTB)" |
| ---help--- |
| Say Y here if you want to use the Hierarchical Token Buckets (HTB) |
| packet scheduling algorithm. See |
| <http://luxik.cdi.cz/~devik/qos/htb/> for complete manual and |
| in-depth articles. |
| |
| HTB is very similar to CBQ regarding its goals however is has |
| different properties and different algorithm. |
| |
| To compile this code as a module, choose M here: the |
| module will be called sch_htb. |
| |
| config NET_SCH_HFSC |
| tristate "Hierarchical Fair Service Curve (HFSC)" |
| ---help--- |
| Say Y here if you want to use the Hierarchical Fair Service Curve |
| (HFSC) packet scheduling algorithm. |
| |
| To compile this code as a module, choose M here: the |
| module will be called sch_hfsc. |
| |
| config NET_SCH_ATM |
| tristate "ATM Virtual Circuits (ATM)" |
| depends on ATM |
| ---help--- |
| Say Y here if you want to use the ATM pseudo-scheduler. This |
| provides a framework for invoking classifiers, which in turn |
| select classes of this queuing discipline. Each class maps |
| the flow(s) it is handling to a given virtual circuit. |
| |
| See the top of <file:net/sched/sch_atm.c> for more details. |
| |
| To compile this code as a module, choose M here: the |
| module will be called sch_atm. |
| |
| config NET_SCH_PRIO |
| tristate "Multi Band Priority Queueing (PRIO)" |
| ---help--- |
| Say Y here if you want to use an n-band priority queue packet |
| scheduler. |
| |
| To compile this code as a module, choose M here: the |
| module will be called sch_prio. |
| |
| config NET_SCH_MULTIQ |
| tristate "Hardware Multiqueue-aware Multi Band Queuing (MULTIQ)" |
| ---help--- |
| Say Y here if you want to use an n-band queue packet scheduler |
| to support devices that have multiple hardware transmit queues. |
| |
| To compile this code as a module, choose M here: the |
| module will be called sch_multiq. |
| |
| config NET_SCH_RED |
| tristate "Random Early Detection (RED)" |
| ---help--- |
| Say Y here if you want to use the Random Early Detection (RED) |
| packet scheduling algorithm. |
| |
| See the top of <file:net/sched/sch_red.c> for more details. |
| |
| To compile this code as a module, choose M here: the |
| module will be called sch_red. |
| |
| config NET_SCH_SFB |
| tristate "Stochastic Fair Blue (SFB)" |
| ---help--- |
| Say Y here if you want to use the Stochastic Fair Blue (SFB) |
| packet scheduling algorithm. |
| |
| See the top of <file:net/sched/sch_sfb.c> for more details. |
| |
| To compile this code as a module, choose M here: the |
| module will be called sch_sfb. |
| |
| config NET_SCH_SFQ |
| tristate "Stochastic Fairness Queueing (SFQ)" |
| ---help--- |
| Say Y here if you want to use the Stochastic Fairness Queueing (SFQ) |
| packet scheduling algorithm. |
| |
| See the top of <file:net/sched/sch_sfq.c> for more details. |
| |
| To compile this code as a module, choose M here: the |
| module will be called sch_sfq. |
| |
| config NET_SCH_TEQL |
| tristate "True Link Equalizer (TEQL)" |
| ---help--- |
| Say Y here if you want to use the True Link Equalizer (TLE) packet |
| scheduling algorithm. This queueing discipline allows the combination |
| of several physical devices into one virtual device. |
| |
| See the top of <file:net/sched/sch_teql.c> for more details. |
| |
| To compile this code as a module, choose M here: the |
| module will be called sch_teql. |
| |
| config NET_SCH_TBF |
| tristate "Token Bucket Filter (TBF)" |
| ---help--- |
| Say Y here if you want to use the Token Bucket Filter (TBF) packet |
| scheduling algorithm. |
| |
| See the top of <file:net/sched/sch_tbf.c> for more details. |
| |
| To compile this code as a module, choose M here: the |
| module will be called sch_tbf. |
| |
| config NET_SCH_CBS |
| tristate "Credit Based Shaper (CBS)" |
| ---help--- |
| Say Y here if you want to use the Credit Based Shaper (CBS) packet |
| scheduling algorithm. |
| |
| See the top of <file:net/sched/sch_cbs.c> for more details. |
| |
| To compile this code as a module, choose M here: the |
| module will be called sch_cbs. |
| |
| config NET_SCH_ETF |
| tristate "Earliest TxTime First (ETF)" |
| help |
| Say Y here if you want to use the Earliest TxTime First (ETF) packet |
| scheduling algorithm. |
| |
| See the top of <file:net/sched/sch_etf.c> for more details. |
| |
| To compile this code as a module, choose M here: the |
| module will be called sch_etf. |
| |
| config NET_SCH_TAPRIO |
| tristate "Time Aware Priority (taprio) Scheduler" |
| help |
| Say Y here if you want to use the Time Aware Priority (taprio) packet |
| scheduling algorithm. |
| |
| See the top of <file:net/sched/sch_taprio.c> for more details. |
| |
| To compile this code as a module, choose M here: the |
| module will be called sch_taprio. |
| |
| config NET_SCH_GRED |
| tristate "Generic Random Early Detection (GRED)" |
| ---help--- |
| Say Y here if you want to use the Generic Random Early Detection |
| (GRED) packet scheduling algorithm for some of your network devices |
| (see the top of <file:net/sched/sch_red.c> for details and |
| references about the algorithm). |
| |
| To compile this code as a module, choose M here: the |
| module will be called sch_gred. |
| |
| config NET_SCH_DSMARK |
| tristate "Differentiated Services marker (DSMARK)" |
| ---help--- |
| Say Y if you want to schedule packets according to the |
| Differentiated Services architecture proposed in RFC 2475. |
| Technical information on this method, with pointers to associated |
| RFCs, is available at <http://www.gta.ufrj.br/diffserv/>. |
| |
| To compile this code as a module, choose M here: the |
| module will be called sch_dsmark. |
| |
| config NET_SCH_NETEM |
| tristate "Network emulator (NETEM)" |
| ---help--- |
| Say Y if you want to emulate network delay, loss, and packet |
| re-ordering. This is often useful to simulate networks when |
| testing applications or protocols. |
| |
| To compile this driver as a module, choose M here: the module |
| will be called sch_netem. |
| |
| If unsure, say N. |
| |
| config NET_SCH_DRR |
| tristate "Deficit Round Robin scheduler (DRR)" |
| help |
| Say Y here if you want to use the Deficit Round Robin (DRR) packet |
| scheduling algorithm. |
| |
| To compile this driver as a module, choose M here: the module |
| will be called sch_drr. |
| |
| If unsure, say N. |
| |
| config NET_SCH_MQPRIO |
| tristate "Multi-queue priority scheduler (MQPRIO)" |
| help |
| Say Y here if you want to use the Multi-queue Priority scheduler. |
| This scheduler allows QOS to be offloaded on NICs that have support |
| for offloading QOS schedulers. |
| |
| To compile this driver as a module, choose M here: the module will |
| be called sch_mqprio. |
| |
| If unsure, say N. |
| |
| config NET_SCH_SKBPRIO |
| tristate "SKB priority queue scheduler (SKBPRIO)" |
| help |
| Say Y here if you want to use the SKB priority queue |
| scheduler. This schedules packets according to skb->priority, |
| which is useful for request packets in DoS mitigation systems such |
| as Gatekeeper. |
| |
| To compile this driver as a module, choose M here: the module will |
| be called sch_skbprio. |
| |
| If unsure, say N. |
| |
| config NET_SCH_CHOKE |
| tristate "CHOose and Keep responsive flow scheduler (CHOKE)" |
| help |
| Say Y here if you want to use the CHOKe packet scheduler (CHOose |
| and Keep for responsive flows, CHOose and Kill for unresponsive |
| flows). This is a variation of RED which trys to penalize flows |
| that monopolize the queue. |
| |
| To compile this code as a module, choose M here: the |
| module will be called sch_choke. |
| |
| config NET_SCH_QFQ |
| tristate "Quick Fair Queueing scheduler (QFQ)" |
| help |
| Say Y here if you want to use the Quick Fair Queueing Scheduler (QFQ) |
| packet scheduling algorithm. |
| |
| To compile this driver as a module, choose M here: the module |
| will be called sch_qfq. |
| |
| If unsure, say N. |
| |
| config NET_SCH_CODEL |
| tristate "Controlled Delay AQM (CODEL)" |
| help |
| Say Y here if you want to use the Controlled Delay (CODEL) |
| packet scheduling algorithm. |
| |
| To compile this driver as a module, choose M here: the module |
| will be called sch_codel. |
| |
| If unsure, say N. |
| |
| config NET_SCH_FQ_CODEL |
| tristate "Fair Queue Controlled Delay AQM (FQ_CODEL)" |
| help |
| Say Y here if you want to use the FQ Controlled Delay (FQ_CODEL) |
| packet scheduling algorithm. |
| |
| To compile this driver as a module, choose M here: the module |
| will be called sch_fq_codel. |
| |
| If unsure, say N. |
| |
| config NET_SCH_CAKE |
| tristate "Common Applications Kept Enhanced (CAKE)" |
| help |
| Say Y here if you want to use the Common Applications Kept Enhanced |
| (CAKE) queue management algorithm. |
| |
| To compile this driver as a module, choose M here: the module |
| will be called sch_cake. |
| |
| If unsure, say N. |
| |
| config NET_SCH_FQ |
| tristate "Fair Queue" |
| help |
| Say Y here if you want to use the FQ packet scheduling algorithm. |
| |
| FQ does flow separation, and is able to respect pacing requirements |
| set by TCP stack into sk->sk_pacing_rate (for localy generated |
| traffic) |
| |
| To compile this driver as a module, choose M here: the module |
| will be called sch_fq. |
| |
| If unsure, say N. |
| |
| config NET_SCH_HHF |
| tristate "Heavy-Hitter Filter (HHF)" |
| help |
| Say Y here if you want to use the Heavy-Hitter Filter (HHF) |
| packet scheduling algorithm. |
| |
| To compile this driver as a module, choose M here: the module |
| will be called sch_hhf. |
| |
| config NET_SCH_PIE |
| tristate "Proportional Integral controller Enhanced (PIE) scheduler" |
| help |
| Say Y here if you want to use the Proportional Integral controller |
| Enhanced scheduler packet scheduling algorithm. |
| For more information, please see https://tools.ietf.org/html/rfc8033 |
| |
| To compile this driver as a module, choose M here: the module |
| will be called sch_pie. |
| |
| If unsure, say N. |
| |
| config NET_SCH_INGRESS |
| tristate "Ingress/classifier-action Qdisc" |
| depends on NET_CLS_ACT |
| select NET_INGRESS |
| select NET_EGRESS |
| ---help--- |
| Say Y here if you want to use classifiers for incoming and/or outgoing |
| packets. This qdisc doesn't do anything else besides running classifiers, |
| which can also have actions attached to them. In case of outgoing packets, |
| classifiers that this qdisc holds are executed in the transmit path |
| before real enqueuing to an egress qdisc happens. |
| |
| If unsure, say Y. |
| |
| To compile this code as a module, choose M here: the module will be |
| called sch_ingress with alias of sch_clsact. |
| |
| config NET_SCH_PLUG |
| tristate "Plug network traffic until release (PLUG)" |
| ---help--- |
| |
| This queuing discipline allows userspace to plug/unplug a network |
| output queue, using the netlink interface. When it receives an |
| enqueue command it inserts a plug into the outbound queue that |
| causes following packets to enqueue until a dequeue command arrives |
| over netlink, causing the plug to be removed and resuming the normal |
| packet flow. |
| |
| This module also provides a generic "network output buffering" |
| functionality (aka output commit), wherein upon arrival of a dequeue |
| command, only packets up to the first plug are released for delivery. |
| The Remus HA project uses this module to enable speculative execution |
| of virtual machines by allowing the generated network output to be rolled |
| back if needed. |
| |
| For more information, please refer to <http://wiki.xenproject.org/wiki/Remus> |
| |
| Say Y here if you are using this kernel for Xen dom0 and |
| want to protect Xen guests with Remus. |
| |
| To compile this code as a module, choose M here: the |
| module will be called sch_plug. |
| |
| config NET_SCH_ETS |
| tristate "Enhanced transmission selection scheduler (ETS)" |
| help |
| The Enhanced Transmission Selection scheduler is a classful |
| queuing discipline that merges functionality of PRIO and DRR |
| qdiscs in one scheduler. ETS makes it easy to configure a set of |
| strict and bandwidth-sharing bands to implement the transmission |
| selection described in 802.1Qaz. |
| |
| Say Y here if you want to use the ETS packet scheduling |
| algorithm. |
| |
| To compile this driver as a module, choose M here: the module |
| will be called sch_ets. |
| |
| If unsure, say N. |
| |
| menuconfig NET_SCH_DEFAULT |
| bool "Allow override default queue discipline" |
| ---help--- |
| Support for selection of default queuing discipline. |
| |
| Nearly all users can safely say no here, and the default |
| of pfifo_fast will be used. Many distributions already set |
| the default value via /proc/sys/net/core/default_qdisc. |
| |
| If unsure, say N. |
| |
| if NET_SCH_DEFAULT |
| |
| choice |
| prompt "Default queuing discipline" |
| default DEFAULT_PFIFO_FAST |
| help |
| Select the queueing discipline that will be used by default |
| for all network devices. |
| |
| config DEFAULT_FQ |
| bool "Fair Queue" if NET_SCH_FQ |
| |
| config DEFAULT_CODEL |
| bool "Controlled Delay" if NET_SCH_CODEL |
| |
| config DEFAULT_FQ_CODEL |
| bool "Fair Queue Controlled Delay" if NET_SCH_FQ_CODEL |
| |
| config DEFAULT_SFQ |
| bool "Stochastic Fair Queue" if NET_SCH_SFQ |
| |
| config DEFAULT_PFIFO_FAST |
| bool "Priority FIFO Fast" |
| endchoice |
| |
| config DEFAULT_NET_SCH |
| string |
| default "pfifo_fast" if DEFAULT_PFIFO_FAST |
| default "fq" if DEFAULT_FQ |
| default "fq_codel" if DEFAULT_FQ_CODEL |
| default "sfq" if DEFAULT_SFQ |
| default "pfifo_fast" |
| endif |
| |
| comment "Classification" |
| |
| config NET_CLS |
| bool |
| |
| config NET_CLS_BASIC |
| tristate "Elementary classification (BASIC)" |
| select NET_CLS |
| ---help--- |
| Say Y here if you want to be able to classify packets using |
| only extended matches and actions. |
| |
| To compile this code as a module, choose M here: the |
| module will be called cls_basic. |
| |
| config NET_CLS_TCINDEX |
| tristate "Traffic-Control Index (TCINDEX)" |
| select NET_CLS |
| ---help--- |
| Say Y here if you want to be able to classify packets based on |
| traffic control indices. You will want this feature if you want |
| to implement Differentiated Services together with DSMARK. |
| |
| To compile this code as a module, choose M here: the |
| module will be called cls_tcindex. |
| |
| config NET_CLS_ROUTE4 |
| tristate "Routing decision (ROUTE)" |
| depends on INET |
| select IP_ROUTE_CLASSID |
| select NET_CLS |
| ---help--- |
| If you say Y here, you will be able to classify packets |
| according to the route table entry they matched. |
| |
| To compile this code as a module, choose M here: the |
| module will be called cls_route. |
| |
| config NET_CLS_FW |
| tristate "Netfilter mark (FW)" |
| select NET_CLS |
| ---help--- |
| If you say Y here, you will be able to classify packets |
| according to netfilter/firewall marks. |
| |
| To compile this code as a module, choose M here: the |
| module will be called cls_fw. |
| |
| config NET_CLS_U32 |
| tristate "Universal 32bit comparisons w/ hashing (U32)" |
| select NET_CLS |
| ---help--- |
| Say Y here to be able to classify packets using a universal |
| 32bit pieces based comparison scheme. |
| |
| To compile this code as a module, choose M here: the |
| module will be called cls_u32. |
| |
| config CLS_U32_PERF |
| bool "Performance counters support" |
| depends on NET_CLS_U32 |
| ---help--- |
| Say Y here to make u32 gather additional statistics useful for |
| fine tuning u32 classifiers. |
| |
| config CLS_U32_MARK |
| bool "Netfilter marks support" |
| depends on NET_CLS_U32 |
| ---help--- |
| Say Y here to be able to use netfilter marks as u32 key. |
| |
| config NET_CLS_RSVP |
| tristate "IPv4 Resource Reservation Protocol (RSVP)" |
| select NET_CLS |
| ---help--- |
| The Resource Reservation Protocol (RSVP) permits end systems to |
| request a minimum and maximum data flow rate for a connection; this |
| is important for real time data such as streaming sound or video. |
| |
| Say Y here if you want to be able to classify outgoing packets based |
| on their RSVP requests. |
| |
| To compile this code as a module, choose M here: the |
| module will be called cls_rsvp. |
| |
| config NET_CLS_RSVP6 |
| tristate "IPv6 Resource Reservation Protocol (RSVP6)" |
| select NET_CLS |
| ---help--- |
| The Resource Reservation Protocol (RSVP) permits end systems to |
| request a minimum and maximum data flow rate for a connection; this |
| is important for real time data such as streaming sound or video. |
| |
| Say Y here if you want to be able to classify outgoing packets based |
| on their RSVP requests and you are using the IPv6 protocol. |
| |
| To compile this code as a module, choose M here: the |
| module will be called cls_rsvp6. |
| |
| config NET_CLS_FLOW |
| tristate "Flow classifier" |
| select NET_CLS |
| ---help--- |
| If you say Y here, you will be able to classify packets based on |
| a configurable combination of packet keys. This is mostly useful |
| in combination with SFQ. |
| |
| To compile this code as a module, choose M here: the |
| module will be called cls_flow. |
| |
| config NET_CLS_CGROUP |
| tristate "Control Group Classifier" |
| select NET_CLS |
| select CGROUP_NET_CLASSID |
| depends on CGROUPS |
| ---help--- |
| Say Y here if you want to classify packets based on the control |
| cgroup of their process. |
| |
| To compile this code as a module, choose M here: the |
| module will be called cls_cgroup. |
| |
| config NET_CLS_BPF |
| tristate "BPF-based classifier" |
| select NET_CLS |
| ---help--- |
| If you say Y here, you will be able to classify packets based on |
| programmable BPF (JIT'ed) filters as an alternative to ematches. |
| |
| To compile this code as a module, choose M here: the module will |
| be called cls_bpf. |
| |
| config NET_CLS_FLOWER |
| tristate "Flower classifier" |
| select NET_CLS |
| ---help--- |
| If you say Y here, you will be able to classify packets based on |
| a configurable combination of packet keys and masks. |
| |
| To compile this code as a module, choose M here: the module will |
| be called cls_flower. |
| |
| config NET_CLS_MATCHALL |
| tristate "Match-all classifier" |
| select NET_CLS |
| ---help--- |
| If you say Y here, you will be able to classify packets based on |
| nothing. Every packet will match. |
| |
| To compile this code as a module, choose M here: the module will |
| be called cls_matchall. |
| |
| config NET_EMATCH |
| bool "Extended Matches" |
| select NET_CLS |
| ---help--- |
| Say Y here if you want to use extended matches on top of classifiers |
| and select the extended matches below. |
| |
| Extended matches are small classification helpers not worth writing |
| a separate classifier for. |
| |
| A recent version of the iproute2 package is required to use |
| extended matches. |
| |
| config NET_EMATCH_STACK |
| int "Stack size" |
| depends on NET_EMATCH |
| default "32" |
| ---help--- |
| Size of the local stack variable used while evaluating the tree of |
| ematches. Limits the depth of the tree, i.e. the number of |
| encapsulated precedences. Every level requires 4 bytes of additional |
| stack space. |
| |
| config NET_EMATCH_CMP |
| tristate "Simple packet data comparison" |
| depends on NET_EMATCH |
| ---help--- |
| Say Y here if you want to be able to classify packets based on |
| simple packet data comparisons for 8, 16, and 32bit values. |
| |
| To compile this code as a module, choose M here: the |
| module will be called em_cmp. |
| |
| config NET_EMATCH_NBYTE |
| tristate "Multi byte comparison" |
| depends on NET_EMATCH |
| ---help--- |
| Say Y here if you want to be able to classify packets based on |
| multiple byte comparisons mainly useful for IPv6 address comparisons. |
| |
| To compile this code as a module, choose M here: the |
| module will be called em_nbyte. |
| |
| config NET_EMATCH_U32 |
| tristate "U32 key" |
| depends on NET_EMATCH |
| ---help--- |
| Say Y here if you want to be able to classify packets using |
| the famous u32 key in combination with logic relations. |
| |
| To compile this code as a module, choose M here: the |
| module will be called em_u32. |
| |
| config NET_EMATCH_META |
| tristate "Metadata" |
| depends on NET_EMATCH |
| ---help--- |
| Say Y here if you want to be able to classify packets based on |
| metadata such as load average, netfilter attributes, socket |
| attributes and routing decisions. |
| |
| To compile this code as a module, choose M here: the |
| module will be called em_meta. |
| |
| config NET_EMATCH_TEXT |
| tristate "Textsearch" |
| depends on NET_EMATCH |
| select TEXTSEARCH |
| select TEXTSEARCH_KMP |
| select TEXTSEARCH_BM |
| select TEXTSEARCH_FSM |
| ---help--- |
| Say Y here if you want to be able to classify packets based on |
| textsearch comparisons. |
| |
| To compile this code as a module, choose M here: the |
| module will be called em_text. |
| |
| config NET_EMATCH_CANID |
| tristate "CAN Identifier" |
| depends on NET_EMATCH && (CAN=y || CAN=m) |
| ---help--- |
| Say Y here if you want to be able to classify CAN frames based |
| on CAN Identifier. |
| |
| To compile this code as a module, choose M here: the |
| module will be called em_canid. |
| |
| config NET_EMATCH_IPSET |
| tristate "IPset" |
| depends on NET_EMATCH && IP_SET |
| ---help--- |
| Say Y here if you want to be able to classify packets based on |
| ipset membership. |
| |
| To compile this code as a module, choose M here: the |
| module will be called em_ipset. |
| |
| config NET_EMATCH_IPT |
| tristate "IPtables Matches" |
| depends on NET_EMATCH && NETFILTER && NETFILTER_XTABLES |
| ---help--- |
| Say Y here to be able to classify packets based on iptables |
| matches. |
| Current supported match is "policy" which allows packet classification |
| based on IPsec policy that was used during decapsulation |
| |
| To compile this code as a module, choose M here: the |
| module will be called em_ipt. |
| |
| config NET_CLS_ACT |
| bool "Actions" |
| select NET_CLS |
| ---help--- |
| Say Y here if you want to use traffic control actions. Actions |
| get attached to classifiers and are invoked after a successful |
| classification. They are used to overwrite the classification |
| result, instantly drop or redirect packets, etc. |
| |
| A recent version of the iproute2 package is required to use |
| extended matches. |
| |
| config NET_ACT_POLICE |
| tristate "Traffic Policing" |
| depends on NET_CLS_ACT |
| ---help--- |
| Say Y here if you want to do traffic policing, i.e. strict |
| bandwidth limiting. This action replaces the existing policing |
| module. |
| |
| To compile this code as a module, choose M here: the |
| module will be called act_police. |
| |
| config NET_ACT_GACT |
| tristate "Generic actions" |
| depends on NET_CLS_ACT |
| ---help--- |
| Say Y here to take generic actions such as dropping and |
| accepting packets. |
| |
| To compile this code as a module, choose M here: the |
| module will be called act_gact. |
| |
| config GACT_PROB |
| bool "Probability support" |
| depends on NET_ACT_GACT |
| ---help--- |
| Say Y here to use the generic action randomly or deterministically. |
| |
| config NET_ACT_MIRRED |
| tristate "Redirecting and Mirroring" |
| depends on NET_CLS_ACT |
| ---help--- |
| Say Y here to allow packets to be mirrored or redirected to |
| other devices. |
| |
| To compile this code as a module, choose M here: the |
| module will be called act_mirred. |
| |
| config NET_ACT_SAMPLE |
| tristate "Traffic Sampling" |
| depends on NET_CLS_ACT |
| select PSAMPLE |
| ---help--- |
| Say Y here to allow packet sampling tc action. The packet sample |
| action consists of statistically choosing packets and sampling |
| them using the psample module. |
| |
| To compile this code as a module, choose M here: the |
| module will be called act_sample. |
| |
| config NET_ACT_IPT |
| tristate "IPtables targets" |
| depends on NET_CLS_ACT && NETFILTER && IP_NF_IPTABLES |
| ---help--- |
| Say Y here to be able to invoke iptables targets after successful |
| classification. |
| |
| To compile this code as a module, choose M here: the |
| module will be called act_ipt. |
| |
| config NET_ACT_NAT |
| tristate "Stateless NAT" |
| depends on NET_CLS_ACT |
| ---help--- |
| Say Y here to do stateless NAT on IPv4 packets. You should use |
| netfilter for NAT unless you know what you are doing. |
| |
| To compile this code as a module, choose M here: the |
| module will be called act_nat. |
| |
| config NET_ACT_PEDIT |
| tristate "Packet Editing" |
| depends on NET_CLS_ACT |
| ---help--- |
| Say Y here if you want to mangle the content of packets. |
| |
| To compile this code as a module, choose M here: the |
| module will be called act_pedit. |
| |
| config NET_ACT_SIMP |
| tristate "Simple Example (Debug)" |
| depends on NET_CLS_ACT |
| ---help--- |
| Say Y here to add a simple action for demonstration purposes. |
| It is meant as an example and for debugging purposes. It will |
| print a configured policy string followed by the packet count |
| to the console for every packet that passes by. |
| |
| If unsure, say N. |
| |
| To compile this code as a module, choose M here: the |
| module will be called act_simple. |
| |
| config NET_ACT_SKBEDIT |
| tristate "SKB Editing" |
| depends on NET_CLS_ACT |
| ---help--- |
| Say Y here to change skb priority or queue_mapping settings. |
| |
| If unsure, say N. |
| |
| To compile this code as a module, choose M here: the |
| module will be called act_skbedit. |
| |
| config NET_ACT_CSUM |
| tristate "Checksum Updating" |
| depends on NET_CLS_ACT && INET |
| select LIBCRC32C |
| ---help--- |
| Say Y here to update some common checksum after some direct |
| packet alterations. |
| |
| To compile this code as a module, choose M here: the |
| module will be called act_csum. |
| |
| config NET_ACT_MPLS |
| tristate "MPLS manipulation" |
| depends on NET_CLS_ACT |
| help |
| Say Y here to push or pop MPLS headers. |
| |
| If unsure, say N. |
| |
| To compile this code as a module, choose M here: the |
| module will be called act_mpls. |
| |
| config NET_ACT_VLAN |
| tristate "Vlan manipulation" |
| depends on NET_CLS_ACT |
| ---help--- |
| Say Y here to push or pop vlan headers. |
| |
| If unsure, say N. |
| |
| To compile this code as a module, choose M here: the |
| module will be called act_vlan. |
| |
| config NET_ACT_BPF |
| tristate "BPF based action" |
| depends on NET_CLS_ACT |
| ---help--- |
| Say Y here to execute BPF code on packets. The BPF code will decide |
| if the packet should be dropped or not. |
| |
| If unsure, say N. |
| |
| To compile this code as a module, choose M here: the |
| module will be called act_bpf. |
| |
| config NET_ACT_CONNMARK |
| tristate "Netfilter Connection Mark Retriever" |
| depends on NET_CLS_ACT && NETFILTER && IP_NF_IPTABLES |
| depends on NF_CONNTRACK && NF_CONNTRACK_MARK |
| ---help--- |
| Say Y here to allow retrieving of conn mark |
| |
| If unsure, say N. |
| |
| To compile this code as a module, choose M here: the |
| module will be called act_connmark. |
| |
| config NET_ACT_CTINFO |
| tristate "Netfilter Connection Mark Actions" |
| depends on NET_CLS_ACT && NETFILTER && IP_NF_IPTABLES |
| depends on NF_CONNTRACK && NF_CONNTRACK_MARK |
| help |
| Say Y here to allow transfer of a connmark stored information. |
| Current actions transfer connmark stored DSCP into |
| ipv4/v6 diffserv and/or to transfer connmark to packet |
| mark. Both are useful for restoring egress based marks |
| back onto ingress connections for qdisc priority mapping |
| purposes. |
| |
| If unsure, say N. |
| |
| To compile this code as a module, choose M here: the |
| module will be called act_ctinfo. |
| |
| config NET_ACT_SKBMOD |
| tristate "skb data modification action" |
| depends on NET_CLS_ACT |
| ---help--- |
| Say Y here to allow modification of skb data |
| |
| If unsure, say N. |
| |
| To compile this code as a module, choose M here: the |
| module will be called act_skbmod. |
| |
| config NET_ACT_IFE |
| tristate "Inter-FE action based on IETF ForCES InterFE LFB" |
| depends on NET_CLS_ACT |
| select NET_IFE |
| ---help--- |
| Say Y here to allow for sourcing and terminating metadata |
| For details refer to netdev01 paper: |
| "Distributing Linux Traffic Control Classifier-Action Subsystem" |
| Authors: Jamal Hadi Salim and Damascene M. Joachimpillai |
| |
| To compile this code as a module, choose M here: the |
| module will be called act_ife. |
| |
| config NET_ACT_TUNNEL_KEY |
| tristate "IP tunnel metadata manipulation" |
| depends on NET_CLS_ACT |
| ---help--- |
| Say Y here to set/release ip tunnel metadata. |
| |
| If unsure, say N. |
| |
| To compile this code as a module, choose M here: the |
| module will be called act_tunnel_key. |
| |
| config NET_ACT_CT |
| tristate "connection tracking tc action" |
| depends on NET_CLS_ACT && NF_CONNTRACK && NF_NAT |
| help |
| Say Y here to allow sending the packets to conntrack module. |
| |
| If unsure, say N. |
| |
| To compile this code as a module, choose M here: the |
| module will be called act_ct. |
| |
| config NET_IFE_SKBMARK |
| tristate "Support to encoding decoding skb mark on IFE action" |
| depends on NET_ACT_IFE |
| |
| config NET_IFE_SKBPRIO |
| tristate "Support to encoding decoding skb prio on IFE action" |
| depends on NET_ACT_IFE |
| |
| config NET_IFE_SKBTCINDEX |
| tristate "Support to encoding decoding skb tcindex on IFE action" |
| depends on NET_ACT_IFE |
| |
| config NET_TC_SKB_EXT |
| bool "TC recirculation support" |
| depends on NET_CLS_ACT |
| select SKB_EXTENSIONS |
| |
| help |
| Say Y here to allow tc chain misses to continue in OvS datapath in |
| the correct recirc_id, and hardware chain misses to continue in |
| the correct chain in tc software datapath. |
| |
| Say N here if you won't be using tc<->ovs offload or tc chains offload. |
| |
| endif # NET_SCHED |
| |
| config NET_SCH_FIFO |
| bool |