1# SPDX-License-Identifier: GPL-2.0-only 2# 3# Traffic control configuration. 4# 5 6menuconfig NET_SCHED 7 bool "QoS and/or fair queueing" 8 select NET_SCH_FIFO 9 help 10 When the kernel has several packets to send out over a network 11 device, it has to decide which ones to send first, which ones to 12 delay, and which ones to drop. This is the job of the queueing 13 disciplines, several different algorithms for how to do this 14 "fairly" have been proposed. 15 16 If you say N here, you will get the standard packet scheduler, which 17 is a FIFO (first come, first served). If you say Y here, you will be 18 able to choose from among several alternative algorithms which can 19 then be attached to different network devices. This is useful for 20 example if some of your network devices are real time devices that 21 need a certain minimum data flow rate, or if you need to limit the 22 maximum data flow rate for traffic which matches specified criteria. 23 This code is considered to be experimental. 24 25 To administer these schedulers, you'll need the user-level utilities 26 from the package iproute2+tc at 27 <https://www.kernel.org/pub/linux/utils/net/iproute2/>. That package 28 also contains some documentation; for more, check out 29 <http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2>. 30 31 This Quality of Service (QoS) support will enable you to use 32 Differentiated Services (diffserv) and Resource Reservation Protocol 33 (RSVP) on your Linux router if you also say Y to the corresponding 34 classifiers below. Documentation and software is at 35 <http://diffserv.sourceforge.net/>. 36 37 If you say Y here and to "/proc file system" below, you will be able 38 to read status information about packet schedulers from the file 39 /proc/net/psched. 40 41 The available schedulers are listed in the following questions; you 42 can say Y to as many as you like. If unsure, say N now. 43 44if NET_SCHED 45 46comment "Queueing/Scheduling" 47 48config NET_SCH_HTB 49 tristate "Hierarchical Token Bucket (HTB)" 50 help 51 Say Y here if you want to use the Hierarchical Token Buckets (HTB) 52 packet scheduling algorithm. See 53 <http://luxik.cdi.cz/~devik/qos/htb/> for complete manual and 54 in-depth articles. 55 56 HTB is very similar to CBQ regarding its goals however is has 57 different properties and different algorithm. 58 59 To compile this code as a module, choose M here: the 60 module will be called sch_htb. 61 62config NET_SCH_HFSC 63 tristate "Hierarchical Fair Service Curve (HFSC)" 64 help 65 Say Y here if you want to use the Hierarchical Fair Service Curve 66 (HFSC) packet scheduling algorithm. 67 68 To compile this code as a module, choose M here: the 69 module will be called sch_hfsc. 70 71config NET_SCH_PRIO 72 tristate "Multi Band Priority Queueing (PRIO)" 73 help 74 Say Y here if you want to use an n-band priority queue packet 75 scheduler. 76 77 To compile this code as a module, choose M here: the 78 module will be called sch_prio. 79 80config NET_SCH_MULTIQ 81 tristate "Hardware Multiqueue-aware Multi Band Queuing (MULTIQ)" 82 help 83 Say Y here if you want to use an n-band queue packet scheduler 84 to support devices that have multiple hardware transmit queues. 85 86 To compile this code as a module, choose M here: the 87 module will be called sch_multiq. 88 89config NET_SCH_RED 90 tristate "Random Early Detection (RED)" 91 help 92 Say Y here if you want to use the Random Early Detection (RED) 93 packet scheduling algorithm. 94 95 See the top of <file:net/sched/sch_red.c> for more details. 96 97 To compile this code as a module, choose M here: the 98 module will be called sch_red. 99 100config NET_SCH_SFB 101 tristate "Stochastic Fair Blue (SFB)" 102 help 103 Say Y here if you want to use the Stochastic Fair Blue (SFB) 104 packet scheduling algorithm. 105 106 See the top of <file:net/sched/sch_sfb.c> for more details. 107 108 To compile this code as a module, choose M here: the 109 module will be called sch_sfb. 110 111config NET_SCH_SFQ 112 tristate "Stochastic Fairness Queueing (SFQ)" 113 help 114 Say Y here if you want to use the Stochastic Fairness Queueing (SFQ) 115 packet scheduling algorithm. 116 117 See the top of <file:net/sched/sch_sfq.c> for more details. 118 119 To compile this code as a module, choose M here: the 120 module will be called sch_sfq. 121 122config NET_SCH_TEQL 123 tristate "True Link Equalizer (TEQL)" 124 help 125 Say Y here if you want to use the True Link Equalizer (TLE) packet 126 scheduling algorithm. This queueing discipline allows the combination 127 of several physical devices into one virtual device. 128 129 See the top of <file:net/sched/sch_teql.c> for more details. 130 131 To compile this code as a module, choose M here: the 132 module will be called sch_teql. 133 134config NET_SCH_TBF 135 tristate "Token Bucket Filter (TBF)" 136 help 137 Say Y here if you want to use the Token Bucket Filter (TBF) packet 138 scheduling algorithm. 139 140 See the top of <file:net/sched/sch_tbf.c> for more details. 141 142 To compile this code as a module, choose M here: the 143 module will be called sch_tbf. 144 145config NET_SCH_CBS 146 tristate "Credit Based Shaper (CBS)" 147 help 148 Say Y here if you want to use the Credit Based Shaper (CBS) packet 149 scheduling algorithm. 150 151 See the top of <file:net/sched/sch_cbs.c> for more details. 152 153 To compile this code as a module, choose M here: the 154 module will be called sch_cbs. 155 156config NET_SCH_ETF 157 tristate "Earliest TxTime First (ETF)" 158 help 159 Say Y here if you want to use the Earliest TxTime First (ETF) packet 160 scheduling algorithm. 161 162 See the top of <file:net/sched/sch_etf.c> for more details. 163 164 To compile this code as a module, choose M here: the 165 module will be called sch_etf. 166 167config NET_SCH_MQPRIO_LIB 168 tristate 169 help 170 Common library for manipulating mqprio queue configurations. 171 172config NET_SCH_TAPRIO 173 tristate "Time Aware Priority (taprio) Scheduler" 174 select NET_SCH_MQPRIO_LIB 175 help 176 Say Y here if you want to use the Time Aware Priority (taprio) packet 177 scheduling algorithm. 178 179 See the top of <file:net/sched/sch_taprio.c> for more details. 180 181 To compile this code as a module, choose M here: the 182 module will be called sch_taprio. 183 184config NET_SCH_GRED 185 tristate "Generic Random Early Detection (GRED)" 186 help 187 Say Y here if you want to use the Generic Random Early Detection 188 (GRED) packet scheduling algorithm for some of your network devices 189 (see the top of <file:net/sched/sch_red.c> for details and 190 references about the algorithm). 191 192 To compile this code as a module, choose M here: the 193 module will be called sch_gred. 194 195config NET_SCH_NETEM 196 tristate "Network emulator (NETEM)" 197 help 198 Say Y if you want to emulate network delay, loss, and packet 199 re-ordering. This is often useful to simulate networks when 200 testing applications or protocols. 201 202 To compile this driver as a module, choose M here: the module 203 will be called sch_netem. 204 205 If unsure, say N. 206 207config NET_SCH_DRR 208 tristate "Deficit Round Robin scheduler (DRR)" 209 help 210 Say Y here if you want to use the Deficit Round Robin (DRR) packet 211 scheduling algorithm. 212 213 To compile this driver as a module, choose M here: the module 214 will be called sch_drr. 215 216 If unsure, say N. 217 218config NET_SCH_MQPRIO 219 tristate "Multi-queue priority scheduler (MQPRIO)" 220 select NET_SCH_MQPRIO_LIB 221 help 222 Say Y here if you want to use the Multi-queue Priority scheduler. 223 This scheduler allows QOS to be offloaded on NICs that have support 224 for offloading QOS schedulers. 225 226 To compile this driver as a module, choose M here: the module will 227 be called sch_mqprio. 228 229 If unsure, say N. 230 231config NET_SCH_SKBPRIO 232 tristate "SKB priority queue scheduler (SKBPRIO)" 233 help 234 Say Y here if you want to use the SKB priority queue 235 scheduler. This schedules packets according to skb->priority, 236 which is useful for request packets in DoS mitigation systems such 237 as Gatekeeper. 238 239 To compile this driver as a module, choose M here: the module will 240 be called sch_skbprio. 241 242 If unsure, say N. 243 244config NET_SCH_CHOKE 245 tristate "CHOose and Keep responsive flow scheduler (CHOKE)" 246 help 247 Say Y here if you want to use the CHOKe packet scheduler (CHOose 248 and Keep for responsive flows, CHOose and Kill for unresponsive 249 flows). This is a variation of RED which tries to penalize flows 250 that monopolize the queue. 251 252 To compile this code as a module, choose M here: the 253 module will be called sch_choke. 254 255config NET_SCH_QFQ 256 tristate "Quick Fair Queueing scheduler (QFQ)" 257 help 258 Say Y here if you want to use the Quick Fair Queueing Scheduler (QFQ) 259 packet scheduling algorithm. 260 261 To compile this driver as a module, choose M here: the module 262 will be called sch_qfq. 263 264 If unsure, say N. 265 266config NET_SCH_CODEL 267 tristate "Controlled Delay AQM (CODEL)" 268 help 269 Say Y here if you want to use the Controlled Delay (CODEL) 270 packet scheduling algorithm. 271 272 To compile this driver as a module, choose M here: the module 273 will be called sch_codel. 274 275 If unsure, say N. 276 277config NET_SCH_FQ_CODEL 278 tristate "Fair Queue Controlled Delay AQM (FQ_CODEL)" 279 help 280 Say Y here if you want to use the FQ Controlled Delay (FQ_CODEL) 281 packet scheduling algorithm. 282 283 To compile this driver as a module, choose M here: the module 284 will be called sch_fq_codel. 285 286 If unsure, say N. 287 288config NET_SCH_CAKE 289 tristate "Common Applications Kept Enhanced (CAKE)" 290 help 291 Say Y here if you want to use the Common Applications Kept Enhanced 292 (CAKE) queue management algorithm. 293 294 To compile this driver as a module, choose M here: the module 295 will be called sch_cake. 296 297 If unsure, say N. 298 299config NET_SCH_FQ 300 tristate "Fair Queue" 301 help 302 Say Y here if you want to use the FQ packet scheduling algorithm. 303 304 FQ does flow separation, and is able to respect pacing requirements 305 set by TCP stack into sk->sk_pacing_rate (for locally generated 306 traffic) 307 308 To compile this driver as a module, choose M here: the module 309 will be called sch_fq. 310 311 If unsure, say N. 312 313config NET_SCH_HHF 314 tristate "Heavy-Hitter Filter (HHF)" 315 help 316 Say Y here if you want to use the Heavy-Hitter Filter (HHF) 317 packet scheduling algorithm. 318 319 To compile this driver as a module, choose M here: the module 320 will be called sch_hhf. 321 322config NET_SCH_PIE 323 tristate "Proportional Integral controller Enhanced (PIE) scheduler" 324 help 325 Say Y here if you want to use the Proportional Integral controller 326 Enhanced scheduler packet scheduling algorithm. 327 For more information, please see https://tools.ietf.org/html/rfc8033 328 329 To compile this driver as a module, choose M here: the module 330 will be called sch_pie. 331 332 If unsure, say N. 333 334config NET_SCH_FQ_PIE 335 depends on NET_SCH_PIE 336 tristate "Flow Queue Proportional Integral controller Enhanced (FQ-PIE)" 337 help 338 Say Y here if you want to use the Flow Queue Proportional Integral 339 controller Enhanced (FQ-PIE) packet scheduling algorithm. 340 For more information, please see https://tools.ietf.org/html/rfc8033 341 342 To compile this driver as a module, choose M here: the module 343 will be called sch_fq_pie. 344 345 If unsure, say N. 346 347config NET_SCH_INGRESS 348 tristate "Ingress/classifier-action Qdisc" 349 depends on NET_CLS_ACT 350 select NET_XGRESS 351 help 352 Say Y here if you want to use classifiers for incoming and/or outgoing 353 packets. This qdisc doesn't do anything else besides running classifiers, 354 which can also have actions attached to them. In case of outgoing packets, 355 classifiers that this qdisc holds are executed in the transmit path 356 before real enqueuing to an egress qdisc happens. 357 358 If unsure, say Y. 359 360 To compile this code as a module, choose M here: the module will be 361 called sch_ingress with alias of sch_clsact. 362 363config NET_SCH_PLUG 364 tristate "Plug network traffic until release (PLUG)" 365 help 366 367 This queuing discipline allows userspace to plug/unplug a network 368 output queue, using the netlink interface. When it receives an 369 enqueue command it inserts a plug into the outbound queue that 370 causes following packets to enqueue until a dequeue command arrives 371 over netlink, causing the plug to be removed and resuming the normal 372 packet flow. 373 374 This module also provides a generic "network output buffering" 375 functionality (aka output commit), wherein upon arrival of a dequeue 376 command, only packets up to the first plug are released for delivery. 377 The Remus HA project uses this module to enable speculative execution 378 of virtual machines by allowing the generated network output to be rolled 379 back if needed. 380 381 For more information, please refer to <http://wiki.xenproject.org/wiki/Remus> 382 383 Say Y here if you are using this kernel for Xen dom0 and 384 want to protect Xen guests with Remus. 385 386 To compile this code as a module, choose M here: the 387 module will be called sch_plug. 388 389config NET_SCH_ETS 390 tristate "Enhanced transmission selection scheduler (ETS)" 391 help 392 The Enhanced Transmission Selection scheduler is a classful 393 queuing discipline that merges functionality of PRIO and DRR 394 qdiscs in one scheduler. ETS makes it easy to configure a set of 395 strict and bandwidth-sharing bands to implement the transmission 396 selection described in 802.1Qaz. 397 398 Say Y here if you want to use the ETS packet scheduling 399 algorithm. 400 401 To compile this driver as a module, choose M here: the module 402 will be called sch_ets. 403 404 If unsure, say N. 405 406config NET_SCH_BPF 407 bool "BPF-based Qdisc" 408 depends on BPF_SYSCALL && BPF_JIT && DEBUG_INFO_BTF 409 help 410 This option allows BPF-based queueing disiplines. With BPF struct_ops, 411 users can implement supported operators in Qdisc_ops using BPF programs. 412 The queue holding skb can be built with BPF maps or graphs. 413 414 Say Y here if you want to use BPF-based Qdisc. 415 416 If unsure, say N. 417 418config NET_SCH_DUALPI2 419 tristate "Dual Queue PI Square (DUALPI2) scheduler" 420 help 421 Say Y here if you want to use the Dual Queue Proportional Integral 422 Controller Improved with a Square scheduling algorithm. 423 For more information, please see https://tools.ietf.org/html/rfc9332 424 425 To compile this driver as a module, choose M here: the module 426 will be called sch_dualpi2. 427 428 If unsure, say N. 429 430menuconfig NET_SCH_DEFAULT 431 bool "Allow override default queue discipline" 432 help 433 Support for selection of default queuing discipline. 434 435 Nearly all users can safely say no here, and the default 436 of pfifo_fast will be used. Many distributions already set 437 the default value via /proc/sys/net/core/default_qdisc. 438 439 If unsure, say N. 440 441if NET_SCH_DEFAULT 442 443choice 444 prompt "Default queuing discipline" 445 default DEFAULT_PFIFO_FAST 446 help 447 Select the queueing discipline that will be used by default 448 for all network devices. 449 450 config DEFAULT_FQ 451 bool "Fair Queue" if NET_SCH_FQ 452 453 config DEFAULT_CODEL 454 bool "Controlled Delay" if NET_SCH_CODEL 455 456 config DEFAULT_FQ_CODEL 457 bool "Fair Queue Controlled Delay" if NET_SCH_FQ_CODEL 458 459 config DEFAULT_FQ_PIE 460 bool "Flow Queue Proportional Integral controller Enhanced" if NET_SCH_FQ_PIE 461 462 config DEFAULT_SFQ 463 bool "Stochastic Fair Queue" if NET_SCH_SFQ 464 465 config DEFAULT_PFIFO_FAST 466 bool "Priority FIFO Fast" 467endchoice 468 469config DEFAULT_NET_SCH 470 string 471 default "pfifo_fast" if DEFAULT_PFIFO_FAST 472 default "fq" if DEFAULT_FQ 473 default "fq_codel" if DEFAULT_FQ_CODEL 474 default "fq_pie" if DEFAULT_FQ_PIE 475 default "sfq" if DEFAULT_SFQ 476 default "pfifo_fast" 477endif 478 479comment "Classification" 480 481config NET_CLS 482 bool 483 484config NET_CLS_BASIC 485 tristate "Elementary classification (BASIC)" 486 select NET_CLS 487 help 488 Say Y here if you want to be able to classify packets using 489 only extended matches and actions. 490 491 To compile this code as a module, choose M here: the 492 module will be called cls_basic. 493 494config NET_CLS_ROUTE4 495 tristate "Routing decision (ROUTE)" 496 depends on INET 497 select IP_ROUTE_CLASSID 498 select NET_CLS 499 help 500 If you say Y here, you will be able to classify packets 501 according to the route table entry they matched. 502 503 To compile this code as a module, choose M here: the 504 module will be called cls_route. 505 506config NET_CLS_FW 507 tristate "Netfilter mark (FW)" 508 select NET_CLS 509 help 510 If you say Y here, you will be able to classify packets 511 according to netfilter/firewall marks. 512 513 To compile this code as a module, choose M here: the 514 module will be called cls_fw. 515 516config NET_CLS_U32 517 tristate "Universal 32bit comparisons w/ hashing (U32)" 518 select NET_CLS 519 help 520 Say Y here to be able to classify packets using a universal 521 32bit pieces based comparison scheme. 522 523 To compile this code as a module, choose M here: the 524 module will be called cls_u32. 525 526config CLS_U32_PERF 527 bool "Performance counters support" 528 depends on NET_CLS_U32 529 help 530 Say Y here to make u32 gather additional statistics useful for 531 fine tuning u32 classifiers. 532 533config CLS_U32_MARK 534 bool "Netfilter marks support" 535 depends on NET_CLS_U32 536 help 537 Say Y here to be able to use netfilter marks as u32 key. 538 539config NET_CLS_FLOW 540 tristate "Flow classifier" 541 select NET_CLS 542 help 543 If you say Y here, you will be able to classify packets based on 544 a configurable combination of packet keys. This is mostly useful 545 in combination with SFQ. 546 547 To compile this code as a module, choose M here: the 548 module will be called cls_flow. 549 550config NET_CLS_CGROUP 551 tristate "Control Group Classifier" 552 select NET_CLS 553 select CGROUP_NET_CLASSID 554 depends on CGROUPS 555 help 556 Say Y here if you want to classify packets based on the control 557 cgroup of their process. 558 559 To compile this code as a module, choose M here: the 560 module will be called cls_cgroup. 561 562config NET_CLS_BPF 563 tristate "BPF-based classifier" 564 select NET_CLS 565 help 566 If you say Y here, you will be able to classify packets based on 567 programmable BPF (JIT'ed) filters as an alternative to ematches. 568 569 To compile this code as a module, choose M here: the module will 570 be called cls_bpf. 571 572config NET_CLS_FLOWER 573 tristate "Flower classifier" 574 select NET_CLS 575 help 576 If you say Y here, you will be able to classify packets based on 577 a configurable combination of packet keys and masks. 578 579 To compile this code as a module, choose M here: the module will 580 be called cls_flower. 581 582config NET_CLS_MATCHALL 583 tristate "Match-all classifier" 584 select NET_CLS 585 help 586 If you say Y here, you will be able to classify packets based on 587 nothing. Every packet will match. 588 589 To compile this code as a module, choose M here: the module will 590 be called cls_matchall. 591 592config NET_EMATCH 593 bool "Extended Matches" 594 select NET_CLS 595 help 596 Say Y here if you want to use extended matches on top of classifiers 597 and select the extended matches below. 598 599 Extended matches are small classification helpers not worth writing 600 a separate classifier for. 601 602 A recent version of the iproute2 package is required to use 603 extended matches. 604 605config NET_EMATCH_STACK 606 int "Stack size" 607 depends on NET_EMATCH 608 default "32" 609 help 610 Size of the local stack variable used while evaluating the tree of 611 ematches. Limits the depth of the tree, i.e. the number of 612 encapsulated precedences. Every level requires 4 bytes of additional 613 stack space. 614 615config NET_EMATCH_CMP 616 tristate "Simple packet data comparison" 617 depends on NET_EMATCH 618 help 619 Say Y here if you want to be able to classify packets based on 620 simple packet data comparisons for 8, 16, and 32bit values. 621 622 To compile this code as a module, choose M here: the 623 module will be called em_cmp. 624 625config NET_EMATCH_NBYTE 626 tristate "Multi byte comparison" 627 depends on NET_EMATCH 628 help 629 Say Y here if you want to be able to classify packets based on 630 multiple byte comparisons mainly useful for IPv6 address comparisons. 631 632 To compile this code as a module, choose M here: the 633 module will be called em_nbyte. 634 635config NET_EMATCH_U32 636 tristate "U32 key" 637 depends on NET_EMATCH 638 help 639 Say Y here if you want to be able to classify packets using 640 the famous u32 key in combination with logic relations. 641 642 To compile this code as a module, choose M here: the 643 module will be called em_u32. 644 645config NET_EMATCH_META 646 tristate "Metadata" 647 depends on NET_EMATCH 648 help 649 Say Y here if you want to be able to classify packets based on 650 metadata such as load average, netfilter attributes, socket 651 attributes and routing decisions. 652 653 To compile this code as a module, choose M here: the 654 module will be called em_meta. 655 656config NET_EMATCH_TEXT 657 tristate "Textsearch" 658 depends on NET_EMATCH 659 select TEXTSEARCH 660 select TEXTSEARCH_KMP 661 select TEXTSEARCH_BM 662 select TEXTSEARCH_FSM 663 help 664 Say Y here if you want to be able to classify packets based on 665 textsearch comparisons. 666 667 To compile this code as a module, choose M here: the 668 module will be called em_text. 669 670config NET_EMATCH_CANID 671 tristate "CAN Identifier" 672 depends on NET_EMATCH && (CAN=y || CAN=m) 673 help 674 Say Y here if you want to be able to classify CAN frames based 675 on CAN Identifier. 676 677 To compile this code as a module, choose M here: the 678 module will be called em_canid. 679 680config NET_EMATCH_IPSET 681 tristate "IPset" 682 depends on NET_EMATCH && IP_SET 683 help 684 Say Y here if you want to be able to classify packets based on 685 ipset membership. 686 687 To compile this code as a module, choose M here: the 688 module will be called em_ipset. 689 690config NET_EMATCH_IPT 691 tristate "IPtables Matches" 692 depends on NET_EMATCH && NETFILTER && NETFILTER_XTABLES 693 help 694 Say Y here to be able to classify packets based on iptables 695 matches. 696 Current supported match is "policy" which allows packet classification 697 based on IPsec policy that was used during decapsulation 698 699 To compile this code as a module, choose M here: the 700 module will be called em_ipt. 701 702config NET_CLS_ACT 703 bool "Actions" 704 select NET_CLS 705 select NET_XGRESS 706 help 707 Say Y here if you want to use traffic control actions. Actions 708 get attached to classifiers and are invoked after a successful 709 classification. They are used to overwrite the classification 710 result, instantly drop or redirect packets, etc. 711 712 A recent version of the iproute2 package is required to use 713 extended matches. 714 715config NET_ACT_POLICE 716 tristate "Traffic Policing" 717 depends on NET_CLS_ACT 718 help 719 Say Y here if you want to do traffic policing, i.e. strict 720 bandwidth limiting. This action replaces the existing policing 721 module. 722 723 To compile this code as a module, choose M here: the 724 module will be called act_police. 725 726config NET_ACT_GACT 727 tristate "Generic actions" 728 depends on NET_CLS_ACT 729 help 730 Say Y here to take generic actions such as dropping and 731 accepting packets. 732 733 To compile this code as a module, choose M here: the 734 module will be called act_gact. 735 736config GACT_PROB 737 bool "Probability support" 738 depends on NET_ACT_GACT 739 help 740 Say Y here to use the generic action randomly or deterministically. 741 742config NET_ACT_MIRRED 743 tristate "Redirecting and Mirroring" 744 depends on NET_CLS_ACT 745 help 746 Say Y here to allow packets to be mirrored or redirected to 747 other devices. 748 749 To compile this code as a module, choose M here: the 750 module will be called act_mirred. 751 752config NET_ACT_SAMPLE 753 tristate "Traffic Sampling" 754 depends on NET_CLS_ACT 755 select PSAMPLE 756 help 757 Say Y here to allow packet sampling tc action. The packet sample 758 action consists of statistically choosing packets and sampling 759 them using the psample module. 760 761 To compile this code as a module, choose M here: the 762 module will be called act_sample. 763 764config NET_ACT_NAT 765 tristate "Stateless NAT" 766 depends on NET_CLS_ACT 767 help 768 Say Y here to do stateless NAT on IPv4 packets. You should use 769 netfilter for NAT unless you know what you are doing. 770 771 To compile this code as a module, choose M here: the 772 module will be called act_nat. 773 774config NET_ACT_PEDIT 775 tristate "Packet Editing" 776 depends on NET_CLS_ACT 777 help 778 Say Y here if you want to mangle the content of packets. 779 780 To compile this code as a module, choose M here: the 781 module will be called act_pedit. 782 783config NET_ACT_SIMP 784 tristate "Simple Example (Debug)" 785 depends on NET_CLS_ACT 786 help 787 Say Y here to add a simple action for demonstration purposes. 788 It is meant as an example and for debugging purposes. It will 789 print a configured policy string followed by the packet count 790 to the console for every packet that passes by. 791 792 If unsure, say N. 793 794 To compile this code as a module, choose M here: the 795 module will be called act_simple. 796 797config NET_ACT_SKBEDIT 798 tristate "SKB Editing" 799 depends on NET_CLS_ACT 800 help 801 Say Y here to change skb priority or queue_mapping settings. 802 803 If unsure, say N. 804 805 To compile this code as a module, choose M here: the 806 module will be called act_skbedit. 807 808config NET_ACT_CSUM 809 tristate "Checksum Updating" 810 depends on NET_CLS_ACT && INET 811 select NET_CRC32C 812 help 813 Say Y here to update some common checksum after some direct 814 packet alterations. 815 816 To compile this code as a module, choose M here: the 817 module will be called act_csum. 818 819config NET_ACT_MPLS 820 tristate "MPLS manipulation" 821 depends on NET_CLS_ACT 822 help 823 Say Y here to push or pop MPLS headers. 824 825 If unsure, say N. 826 827 To compile this code as a module, choose M here: the 828 module will be called act_mpls. 829 830config NET_ACT_VLAN 831 tristate "Vlan manipulation" 832 depends on NET_CLS_ACT 833 help 834 Say Y here to push or pop vlan headers. 835 836 If unsure, say N. 837 838 To compile this code as a module, choose M here: the 839 module will be called act_vlan. 840 841config NET_ACT_BPF 842 tristate "BPF based action" 843 depends on NET_CLS_ACT 844 help 845 Say Y here to execute BPF code on packets. The BPF code will decide 846 if the packet should be dropped or not. 847 848 If unsure, say N. 849 850 To compile this code as a module, choose M here: the 851 module will be called act_bpf. 852 853config NET_ACT_CONNMARK 854 tristate "Netfilter Connection Mark Retriever" 855 depends on NET_CLS_ACT && NETFILTER 856 depends on NF_CONNTRACK && NF_CONNTRACK_MARK 857 help 858 Say Y here to allow retrieving of conn mark 859 860 If unsure, say N. 861 862 To compile this code as a module, choose M here: the 863 module will be called act_connmark. 864 865config NET_ACT_CTINFO 866 tristate "Netfilter Connection Mark Actions" 867 depends on NET_CLS_ACT && NETFILTER 868 depends on NF_CONNTRACK && NF_CONNTRACK_MARK 869 help 870 Say Y here to allow transfer of a connmark stored information. 871 Current actions transfer connmark stored DSCP into 872 ipv4/v6 diffserv and/or to transfer connmark to packet 873 mark. Both are useful for restoring egress based marks 874 back onto ingress connections for qdisc priority mapping 875 purposes. 876 877 If unsure, say N. 878 879 To compile this code as a module, choose M here: the 880 module will be called act_ctinfo. 881 882config NET_ACT_SKBMOD 883 tristate "skb data modification action" 884 depends on NET_CLS_ACT 885 help 886 Say Y here to allow modification of skb data 887 888 If unsure, say N. 889 890 To compile this code as a module, choose M here: the 891 module will be called act_skbmod. 892 893config NET_ACT_IFE 894 tristate "Inter-FE action based on IETF ForCES InterFE LFB" 895 depends on NET_CLS_ACT 896 select NET_IFE 897 help 898 Say Y here to allow for sourcing and terminating metadata 899 For details refer to netdev01 paper: 900 "Distributing Linux Traffic Control Classifier-Action Subsystem" 901 Authors: Jamal Hadi Salim and Damascene M. Joachimpillai 902 903 To compile this code as a module, choose M here: the 904 module will be called act_ife. 905 906config NET_ACT_TUNNEL_KEY 907 tristate "IP tunnel metadata manipulation" 908 depends on NET_CLS_ACT 909 help 910 Say Y here to set/release ip tunnel metadata. 911 912 If unsure, say N. 913 914 To compile this code as a module, choose M here: the 915 module will be called act_tunnel_key. 916 917config NET_ACT_CT 918 tristate "connection tracking tc action" 919 depends on NET_CLS_ACT && NF_CONNTRACK && (!NF_NAT || NF_NAT) && NF_FLOW_TABLE 920 select NF_CONNTRACK_OVS 921 select NF_NAT_OVS if NF_NAT 922 help 923 Say Y here to allow sending the packets to conntrack module. 924 925 If unsure, say N. 926 927 To compile this code as a module, choose M here: the 928 module will be called act_ct. 929 930config NET_ACT_GATE 931 tristate "Frame gate entry list control tc action" 932 depends on NET_CLS_ACT 933 help 934 Say Y here to allow to control the ingress flow to be passed at 935 specific time slot and be dropped at other specific time slot by 936 the gate entry list. 937 938 If unsure, say N. 939 To compile this code as a module, choose M here: the 940 module will be called act_gate. 941 942config NET_IFE_SKBMARK 943 tristate "Support to encoding decoding skb mark on IFE action" 944 depends on NET_ACT_IFE 945 946config NET_IFE_SKBPRIO 947 tristate "Support to encoding decoding skb prio on IFE action" 948 depends on NET_ACT_IFE 949 950config NET_IFE_SKBTCINDEX 951 tristate "Support to encoding decoding skb tcindex on IFE action" 952 depends on NET_ACT_IFE 953 954config NET_TC_SKB_EXT 955 bool "TC recirculation support" 956 depends on NET_CLS_ACT 957 select SKB_EXTENSIONS 958 959 help 960 Say Y here to allow tc chain misses to continue in OvS datapath in 961 the correct recirc_id, and hardware chain misses to continue in 962 the correct chain in tc software datapath. 963 964 Say N here if you won't be using tc<->ovs offload or tc chains offload. 965 966endif # NET_SCHED 967 968config NET_SCH_FIFO 969 bool 970