1 # SPDX-License-Identifier: GPL-2.0-only 2 # 3 # Traffic control configuration. 4 # 5 6 menuconfig NET_SCHED 7 bool "QoS and/or fair queueing" 8 select NET_SCH_FIFO 9 help 10 When the kernel has several packets to send out over a network 11 device, it has to decide which ones to send first, which ones to 12 delay, and which ones to drop. This is the job of the queueing 13 disciplines, several different algorithms for how to do this 14 "fairly" have been proposed. 15 16 If you say N here, you will get the standard packet scheduler, which 17 is a FIFO (first come, first served). If you say Y here, you will be 18 able to choose from among several alternative algorithms which can 19 then be attached to different network devices. This is useful for 20 example if some of your network devices are real time devices that 21 need a certain minimum data flow rate, or if you need to limit the 22 maximum data flow rate for traffic which matches specified criteria. 23 This code is considered to be experimental. 24 25 To administer these schedulers, you'll need the user-level utilities 26 from the package iproute2+tc at 27 <https://www.kernel.org/pub/linux/utils/net/iproute2/>. That package 28 also contains some documentation; for more, check out 29 <http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2>. 30 31 This Quality of Service (QoS) support will enable you to use 32 Differentiated Services (diffserv) and Resource Reservation Protocol 33 (RSVP) on your Linux router if you also say Y to the corresponding 34 classifiers below. Documentation and software is at 35 <http://diffserv.sourceforge.net/>. 36 37 If you say Y here and to "/proc file system" below, you will be able 38 to read status information about packet schedulers from the file 39 /proc/net/psched. 40 41 The available schedulers are listed in the following questions; you 42 can say Y to as many as you like. If unsure, say N now. 43 44 if NET_SCHED 45 46 comment "Queueing/Scheduling" 47 48 config NET_SCH_HTB 49 tristate "Hierarchical Token Bucket (HTB)" 50 help 51 Say Y here if you want to use the Hierarchical Token Buckets (HTB) 52 packet scheduling algorithm. See 53 <http://luxik.cdi.cz/~devik/qos/htb/> for complete manual and 54 in-depth articles. 55 56 HTB is very similar to CBQ regarding its goals however is has 57 different properties and different algorithm. 58 59 To compile this code as a module, choose M here: the 60 module will be called sch_htb. 61 62 config NET_SCH_HFSC 63 tristate "Hierarchical Fair Service Curve (HFSC)" 64 help 65 Say Y here if you want to use the Hierarchical Fair Service Curve 66 (HFSC) packet scheduling algorithm. 67 68 To compile this code as a module, choose M here: the 69 module will be called sch_hfsc. 70 71 config NET_SCH_PRIO 72 tristate "Multi Band Priority Queueing (PRIO)" 73 help 74 Say Y here if you want to use an n-band priority queue packet 75 scheduler. 76 77 To compile this code as a module, choose M here: the 78 module will be called sch_prio. 79 80 config NET_SCH_MULTIQ 81 tristate "Hardware Multiqueue-aware Multi Band Queuing (MULTIQ)" 82 help 83 Say Y here if you want to use an n-band queue packet scheduler 84 to support devices that have multiple hardware transmit queues. 85 86 To compile this code as a module, choose M here: the 87 module will be called sch_multiq. 88 89 config NET_SCH_RED 90 tristate "Random Early Detection (RED)" 91 help 92 Say Y here if you want to use the Random Early Detection (RED) 93 packet scheduling algorithm. 94 95 See the top of <file:net/sched/sch_red.c> for more details. 96 97 To compile this code as a module, choose M here: the 98 module will be called sch_red. 99 100 config NET_SCH_SFB 101 tristate "Stochastic Fair Blue (SFB)" 102 help 103 Say Y here if you want to use the Stochastic Fair Blue (SFB) 104 packet scheduling algorithm. 105 106 See the top of <file:net/sched/sch_sfb.c> for more details. 107 108 To compile this code as a module, choose M here: the 109 module will be called sch_sfb. 110 111 config NET_SCH_SFQ 112 tristate "Stochastic Fairness Queueing (SFQ)" 113 help 114 Say Y here if you want to use the Stochastic Fairness Queueing (SFQ) 115 packet scheduling algorithm. 116 117 See the top of <file:net/sched/sch_sfq.c> for more details. 118 119 To compile this code as a module, choose M here: the 120 module will be called sch_sfq. 121 122 config NET_SCH_TEQL 123 tristate "True Link Equalizer (TEQL)" 124 help 125 Say Y here if you want to use the True Link Equalizer (TLE) packet 126 scheduling algorithm. This queueing discipline allows the combination 127 of several physical devices into one virtual device. 128 129 See the top of <file:net/sched/sch_teql.c> for more details. 130 131 To compile this code as a module, choose M here: the 132 module will be called sch_teql. 133 134 config NET_SCH_TBF 135 tristate "Token Bucket Filter (TBF)" 136 help 137 Say Y here if you want to use the Token Bucket Filter (TBF) packet 138 scheduling algorithm. 139 140 See the top of <file:net/sched/sch_tbf.c> for more details. 141 142 To compile this code as a module, choose M here: the 143 module will be called sch_tbf. 144 145 config NET_SCH_CBS 146 tristate "Credit Based Shaper (CBS)" 147 help 148 Say Y here if you want to use the Credit Based Shaper (CBS) packet 149 scheduling algorithm. 150 151 See the top of <file:net/sched/sch_cbs.c> for more details. 152 153 To compile this code as a module, choose M here: the 154 module will be called sch_cbs. 155 156 config NET_SCH_ETF 157 tristate "Earliest TxTime First (ETF)" 158 help 159 Say Y here if you want to use the Earliest TxTime First (ETF) packet 160 scheduling algorithm. 161 162 See the top of <file:net/sched/sch_etf.c> for more details. 163 164 To compile this code as a module, choose M here: the 165 module will be called sch_etf. 166 167 config NET_SCH_MQPRIO_LIB 168 tristate 169 help 170 Common library for manipulating mqprio queue configurations. 171 172 config NET_SCH_TAPRIO 173 tristate "Time Aware Priority (taprio) Scheduler" 174 select NET_SCH_MQPRIO_LIB 175 help 176 Say Y here if you want to use the Time Aware Priority (taprio) packet 177 scheduling algorithm. 178 179 See the top of <file:net/sched/sch_taprio.c> for more details. 180 181 To compile this code as a module, choose M here: the 182 module will be called sch_taprio. 183 184 config NET_SCH_GRED 185 tristate "Generic Random Early Detection (GRED)" 186 help 187 Say Y here if you want to use the Generic Random Early Detection 188 (GRED) packet scheduling algorithm for some of your network devices 189 (see the top of <file:net/sched/sch_red.c> for details and 190 references about the algorithm). 191 192 To compile this code as a module, choose M here: the 193 module will be called sch_gred. 194 195 config NET_SCH_NETEM 196 tristate "Network emulator (NETEM)" 197 help 198 Say Y if you want to emulate network delay, loss, and packet 199 re-ordering. This is often useful to simulate networks when 200 testing applications or protocols. 201 202 To compile this driver as a module, choose M here: the module 203 will be called sch_netem. 204 205 If unsure, say N. 206 207 config NET_SCH_DRR 208 tristate "Deficit Round Robin scheduler (DRR)" 209 help 210 Say Y here if you want to use the Deficit Round Robin (DRR) packet 211 scheduling algorithm. 212 213 To compile this driver as a module, choose M here: the module 214 will be called sch_drr. 215 216 If unsure, say N. 217 218 config NET_SCH_MQPRIO 219 tristate "Multi-queue priority scheduler (MQPRIO)" 220 select NET_SCH_MQPRIO_LIB 221 help 222 Say Y here if you want to use the Multi-queue Priority scheduler. 223 This scheduler allows QOS to be offloaded on NICs that have support 224 for offloading QOS schedulers. 225 226 To compile this driver as a module, choose M here: the module will 227 be called sch_mqprio. 228 229 If unsure, say N. 230 231 config NET_SCH_SKBPRIO 232 tristate "SKB priority queue scheduler (SKBPRIO)" 233 help 234 Say Y here if you want to use the SKB priority queue 235 scheduler. This schedules packets according to skb->priority, 236 which is useful for request packets in DoS mitigation systems such 237 as Gatekeeper. 238 239 To compile this driver as a module, choose M here: the module will 240 be called sch_skbprio. 241 242 If unsure, say N. 243 244 config NET_SCH_CHOKE 245 tristate "CHOose and Keep responsive flow scheduler (CHOKE)" 246 help 247 Say Y here if you want to use the CHOKe packet scheduler (CHOose 248 and Keep for responsive flows, CHOose and Kill for unresponsive 249 flows). This is a variation of RED which tries to penalize flows 250 that monopolize the queue. 251 252 To compile this code as a module, choose M here: the 253 module will be called sch_choke. 254 255 config NET_SCH_QFQ 256 tristate "Quick Fair Queueing scheduler (QFQ)" 257 help 258 Say Y here if you want to use the Quick Fair Queueing Scheduler (QFQ) 259 packet scheduling algorithm. 260 261 To compile this driver as a module, choose M here: the module 262 will be called sch_qfq. 263 264 If unsure, say N. 265 266 config NET_SCH_CODEL 267 tristate "Controlled Delay AQM (CODEL)" 268 help 269 Say Y here if you want to use the Controlled Delay (CODEL) 270 packet scheduling algorithm. 271 272 To compile this driver as a module, choose M here: the module 273 will be called sch_codel. 274 275 If unsure, say N. 276 277 config NET_SCH_FQ_CODEL 278 tristate "Fair Queue Controlled Delay AQM (FQ_CODEL)" 279 help 280 Say Y here if you want to use the FQ Controlled Delay (FQ_CODEL) 281 packet scheduling algorithm. 282 283 To compile this driver as a module, choose M here: the module 284 will be called sch_fq_codel. 285 286 If unsure, say N. 287 288 config NET_SCH_CAKE 289 tristate "Common Applications Kept Enhanced (CAKE)" 290 help 291 Say Y here if you want to use the Common Applications Kept Enhanced 292 (CAKE) queue management algorithm. 293 294 To compile this driver as a module, choose M here: the module 295 will be called sch_cake. 296 297 If unsure, say N. 298 299 config NET_SCH_FQ 300 tristate "Fair Queue" 301 help 302 Say Y here if you want to use the FQ packet scheduling algorithm. 303 304 FQ does flow separation, and is able to respect pacing requirements 305 set by TCP stack into sk->sk_pacing_rate (for locally generated 306 traffic) 307 308 To compile this driver as a module, choose M here: the module 309 will be called sch_fq. 310 311 If unsure, say N. 312 313 config NET_SCH_HHF 314 tristate "Heavy-Hitter Filter (HHF)" 315 help 316 Say Y here if you want to use the Heavy-Hitter Filter (HHF) 317 packet scheduling algorithm. 318 319 To compile this driver as a module, choose M here: the module 320 will be called sch_hhf. 321 322 config NET_SCH_PIE 323 tristate "Proportional Integral controller Enhanced (PIE) scheduler" 324 help 325 Say Y here if you want to use the Proportional Integral controller 326 Enhanced scheduler packet scheduling algorithm. 327 For more information, please see https://tools.ietf.org/html/rfc8033 328 329 To compile this driver as a module, choose M here: the module 330 will be called sch_pie. 331 332 If unsure, say N. 333 334 config NET_SCH_FQ_PIE 335 depends on NET_SCH_PIE 336 tristate "Flow Queue Proportional Integral controller Enhanced (FQ-PIE)" 337 help 338 Say Y here if you want to use the Flow Queue Proportional Integral 339 controller Enhanced (FQ-PIE) packet scheduling algorithm. 340 For more information, please see https://tools.ietf.org/html/rfc8033 341 342 To compile this driver as a module, choose M here: the module 343 will be called sch_fq_pie. 344 345 If unsure, say N. 346 347 config NET_SCH_INGRESS 348 tristate "Ingress/classifier-action Qdisc" 349 depends on NET_CLS_ACT 350 select NET_XGRESS 351 help 352 Say Y here if you want to use classifiers for incoming and/or outgoing 353 packets. This qdisc doesn't do anything else besides running classifiers, 354 which can also have actions attached to them. In case of outgoing packets, 355 classifiers that this qdisc holds are executed in the transmit path 356 before real enqueuing to an egress qdisc happens. 357 358 If unsure, say Y. 359 360 To compile this code as a module, choose M here: the module will be 361 called sch_ingress with alias of sch_clsact. 362 363 config NET_SCH_PLUG 364 tristate "Plug network traffic until release (PLUG)" 365 help 366 367 This queuing discipline allows userspace to plug/unplug a network 368 output queue, using the netlink interface. When it receives an 369 enqueue command it inserts a plug into the outbound queue that 370 causes following packets to enqueue until a dequeue command arrives 371 over netlink, causing the plug to be removed and resuming the normal 372 packet flow. 373 374 This module also provides a generic "network output buffering" 375 functionality (aka output commit), wherein upon arrival of a dequeue 376 command, only packets up to the first plug are released for delivery. 377 The Remus HA project uses this module to enable speculative execution 378 of virtual machines by allowing the generated network output to be rolled 379 back if needed. 380 381 For more information, please refer to <http://wiki.xenproject.org/wiki/Remus> 382 383 Say Y here if you are using this kernel for Xen dom0 and 384 want to protect Xen guests with Remus. 385 386 To compile this code as a module, choose M here: the 387 module will be called sch_plug. 388 389 config NET_SCH_ETS 390 tristate "Enhanced transmission selection scheduler (ETS)" 391 help 392 The Enhanced Transmission Selection scheduler is a classful 393 queuing discipline that merges functionality of PRIO and DRR 394 qdiscs in one scheduler. ETS makes it easy to configure a set of 395 strict and bandwidth-sharing bands to implement the transmission 396 selection described in 802.1Qaz. 397 398 Say Y here if you want to use the ETS packet scheduling 399 algorithm. 400 401 To compile this driver as a module, choose M here: the module 402 will be called sch_ets. 403 404 If unsure, say N. 405 406 menuconfig NET_SCH_DEFAULT 407 bool "Allow override default queue discipline" 408 help 409 Support for selection of default queuing discipline. 410 411 Nearly all users can safely say no here, and the default 412 of pfifo_fast will be used. Many distributions already set 413 the default value via /proc/sys/net/core/default_qdisc. 414 415 If unsure, say N. 416 417 if NET_SCH_DEFAULT 418 419 choice 420 prompt "Default queuing discipline" 421 default DEFAULT_PFIFO_FAST 422 help 423 Select the queueing discipline that will be used by default 424 for all network devices. 425 426 config DEFAULT_FQ 427 bool "Fair Queue" if NET_SCH_FQ 428 429 config DEFAULT_CODEL 430 bool "Controlled Delay" if NET_SCH_CODEL 431 432 config DEFAULT_FQ_CODEL 433 bool "Fair Queue Controlled Delay" if NET_SCH_FQ_CODEL 434 435 config DEFAULT_FQ_PIE 436 bool "Flow Queue Proportional Integral controller Enhanced" if NET_SCH_FQ_PIE 437 438 config DEFAULT_SFQ 439 bool "Stochastic Fair Queue" if NET_SCH_SFQ 440 441 config DEFAULT_PFIFO_FAST 442 bool "Priority FIFO Fast" 443 endchoice 444 445 config DEFAULT_NET_SCH 446 string 447 default "pfifo_fast" if DEFAULT_PFIFO_FAST 448 default "fq" if DEFAULT_FQ 449 default "fq_codel" if DEFAULT_FQ_CODEL 450 default "fq_pie" if DEFAULT_FQ_PIE 451 default "sfq" if DEFAULT_SFQ 452 default "pfifo_fast" 453 endif 454 455 comment "Classification" 456 457 config NET_CLS 458 bool 459 460 config NET_CLS_BASIC 461 tristate "Elementary classification (BASIC)" 462 select NET_CLS 463 help 464 Say Y here if you want to be able to classify packets using 465 only extended matches and actions. 466 467 To compile this code as a module, choose M here: the 468 module will be called cls_basic. 469 470 config NET_CLS_ROUTE4 471 tristate "Routing decision (ROUTE)" 472 depends on INET 473 select IP_ROUTE_CLASSID 474 select NET_CLS 475 help 476 If you say Y here, you will be able to classify packets 477 according to the route table entry they matched. 478 479 To compile this code as a module, choose M here: the 480 module will be called cls_route. 481 482 config NET_CLS_FW 483 tristate "Netfilter mark (FW)" 484 select NET_CLS 485 help 486 If you say Y here, you will be able to classify packets 487 according to netfilter/firewall marks. 488 489 To compile this code as a module, choose M here: the 490 module will be called cls_fw. 491 492 config NET_CLS_U32 493 tristate "Universal 32bit comparisons w/ hashing (U32)" 494 select NET_CLS 495 help 496 Say Y here to be able to classify packets using a universal 497 32bit pieces based comparison scheme. 498 499 To compile this code as a module, choose M here: the 500 module will be called cls_u32. 501 502 config CLS_U32_PERF 503 bool "Performance counters support" 504 depends on NET_CLS_U32 505 help 506 Say Y here to make u32 gather additional statistics useful for 507 fine tuning u32 classifiers. 508 509 config CLS_U32_MARK 510 bool "Netfilter marks support" 511 depends on NET_CLS_U32 512 help 513 Say Y here to be able to use netfilter marks as u32 key. 514 515 config NET_CLS_FLOW 516 tristate "Flow classifier" 517 select NET_CLS 518 help 519 If you say Y here, you will be able to classify packets based on 520 a configurable combination of packet keys. This is mostly useful 521 in combination with SFQ. 522 523 To compile this code as a module, choose M here: the 524 module will be called cls_flow. 525 526 config NET_CLS_CGROUP 527 tristate "Control Group Classifier" 528 select NET_CLS 529 select CGROUP_NET_CLASSID 530 depends on CGROUPS 531 help 532 Say Y here if you want to classify packets based on the control 533 cgroup of their process. 534 535 To compile this code as a module, choose M here: the 536 module will be called cls_cgroup. 537 538 config NET_CLS_BPF 539 tristate "BPF-based classifier" 540 select NET_CLS 541 help 542 If you say Y here, you will be able to classify packets based on 543 programmable BPF (JIT'ed) filters as an alternative to ematches. 544 545 To compile this code as a module, choose M here: the module will 546 be called cls_bpf. 547 548 config NET_CLS_FLOWER 549 tristate "Flower classifier" 550 select NET_CLS 551 help 552 If you say Y here, you will be able to classify packets based on 553 a configurable combination of packet keys and masks. 554 555 To compile this code as a module, choose M here: the module will 556 be called cls_flower. 557 558 config NET_CLS_MATCHALL 559 tristate "Match-all classifier" 560 select NET_CLS 561 help 562 If you say Y here, you will be able to classify packets based on 563 nothing. Every packet will match. 564 565 To compile this code as a module, choose M here: the module will 566 be called cls_matchall. 567 568 config NET_EMATCH 569 bool "Extended Matches" 570 select NET_CLS 571 help 572 Say Y here if you want to use extended matches on top of classifiers 573 and select the extended matches below. 574 575 Extended matches are small classification helpers not worth writing 576 a separate classifier for. 577 578 A recent version of the iproute2 package is required to use 579 extended matches. 580 581 config NET_EMATCH_STACK 582 int "Stack size" 583 depends on NET_EMATCH 584 default "32" 585 help 586 Size of the local stack variable used while evaluating the tree of 587 ematches. Limits the depth of the tree, i.e. the number of 588 encapsulated precedences. Every level requires 4 bytes of additional 589 stack space. 590 591 config NET_EMATCH_CMP 592 tristate "Simple packet data comparison" 593 depends on NET_EMATCH 594 help 595 Say Y here if you want to be able to classify packets based on 596 simple packet data comparisons for 8, 16, and 32bit values. 597 598 To compile this code as a module, choose M here: the 599 module will be called em_cmp. 600 601 config NET_EMATCH_NBYTE 602 tristate "Multi byte comparison" 603 depends on NET_EMATCH 604 help 605 Say Y here if you want to be able to classify packets based on 606 multiple byte comparisons mainly useful for IPv6 address comparisons. 607 608 To compile this code as a module, choose M here: the 609 module will be called em_nbyte. 610 611 config NET_EMATCH_U32 612 tristate "U32 key" 613 depends on NET_EMATCH 614 help 615 Say Y here if you want to be able to classify packets using 616 the famous u32 key in combination with logic relations. 617 618 To compile this code as a module, choose M here: the 619 module will be called em_u32. 620 621 config NET_EMATCH_META 622 tristate "Metadata" 623 depends on NET_EMATCH 624 help 625 Say Y here if you want to be able to classify packets based on 626 metadata such as load average, netfilter attributes, socket 627 attributes and routing decisions. 628 629 To compile this code as a module, choose M here: the 630 module will be called em_meta. 631 632 config NET_EMATCH_TEXT 633 tristate "Textsearch" 634 depends on NET_EMATCH 635 select TEXTSEARCH 636 select TEXTSEARCH_KMP 637 select TEXTSEARCH_BM 638 select TEXTSEARCH_FSM 639 help 640 Say Y here if you want to be able to classify packets based on 641 textsearch comparisons. 642 643 To compile this code as a module, choose M here: the 644 module will be called em_text. 645 646 config NET_EMATCH_CANID 647 tristate "CAN Identifier" 648 depends on NET_EMATCH && (CAN=y || CAN=m) 649 help 650 Say Y here if you want to be able to classify CAN frames based 651 on CAN Identifier. 652 653 To compile this code as a module, choose M here: the 654 module will be called em_canid. 655 656 config NET_EMATCH_IPSET 657 tristate "IPset" 658 depends on NET_EMATCH && IP_SET 659 help 660 Say Y here if you want to be able to classify packets based on 661 ipset membership. 662 663 To compile this code as a module, choose M here: the 664 module will be called em_ipset. 665 666 config NET_EMATCH_IPT 667 tristate "IPtables Matches" 668 depends on NET_EMATCH && NETFILTER && NETFILTER_XTABLES 669 help 670 Say Y here to be able to classify packets based on iptables 671 matches. 672 Current supported match is "policy" which allows packet classification 673 based on IPsec policy that was used during decapsulation 674 675 To compile this code as a module, choose M here: the 676 module will be called em_ipt. 677 678 config NET_CLS_ACT 679 bool "Actions" 680 select NET_CLS 681 select NET_XGRESS 682 help 683 Say Y here if you want to use traffic control actions. Actions 684 get attached to classifiers and are invoked after a successful 685 classification. They are used to overwrite the classification 686 result, instantly drop or redirect packets, etc. 687 688 A recent version of the iproute2 package is required to use 689 extended matches. 690 691 config NET_ACT_POLICE 692 tristate "Traffic Policing" 693 depends on NET_CLS_ACT 694 help 695 Say Y here if you want to do traffic policing, i.e. strict 696 bandwidth limiting. This action replaces the existing policing 697 module. 698 699 To compile this code as a module, choose M here: the 700 module will be called act_police. 701 702 config NET_ACT_GACT 703 tristate "Generic actions" 704 depends on NET_CLS_ACT 705 help 706 Say Y here to take generic actions such as dropping and 707 accepting packets. 708 709 To compile this code as a module, choose M here: the 710 module will be called act_gact. 711 712 config GACT_PROB 713 bool "Probability support" 714 depends on NET_ACT_GACT 715 help 716 Say Y here to use the generic action randomly or deterministically. 717 718 config NET_ACT_MIRRED 719 tristate "Redirecting and Mirroring" 720 depends on NET_CLS_ACT 721 help 722 Say Y here to allow packets to be mirrored or redirected to 723 other devices. 724 725 To compile this code as a module, choose M here: the 726 module will be called act_mirred. 727 728 config NET_ACT_SAMPLE 729 tristate "Traffic Sampling" 730 depends on NET_CLS_ACT 731 select PSAMPLE 732 help 733 Say Y here to allow packet sampling tc action. The packet sample 734 action consists of statistically choosing packets and sampling 735 them using the psample module. 736 737 To compile this code as a module, choose M here: the 738 module will be called act_sample. 739 740 config NET_ACT_NAT 741 tristate "Stateless NAT" 742 depends on NET_CLS_ACT 743 help 744 Say Y here to do stateless NAT on IPv4 packets. You should use 745 netfilter for NAT unless you know what you are doing. 746 747 To compile this code as a module, choose M here: the 748 module will be called act_nat. 749 750 config NET_ACT_PEDIT 751 tristate "Packet Editing" 752 depends on NET_CLS_ACT 753 help 754 Say Y here if you want to mangle the content of packets. 755 756 To compile this code as a module, choose M here: the 757 module will be called act_pedit. 758 759 config NET_ACT_SIMP 760 tristate "Simple Example (Debug)" 761 depends on NET_CLS_ACT 762 help 763 Say Y here to add a simple action for demonstration purposes. 764 It is meant as an example and for debugging purposes. It will 765 print a configured policy string followed by the packet count 766 to the console for every packet that passes by. 767 768 If unsure, say N. 769 770 To compile this code as a module, choose M here: the 771 module will be called act_simple. 772 773 config NET_ACT_SKBEDIT 774 tristate "SKB Editing" 775 depends on NET_CLS_ACT 776 help 777 Say Y here to change skb priority or queue_mapping settings. 778 779 If unsure, say N. 780 781 To compile this code as a module, choose M here: the 782 module will be called act_skbedit. 783 784 config NET_ACT_CSUM 785 tristate "Checksum Updating" 786 depends on NET_CLS_ACT && INET 787 select LIBCRC32C 788 help 789 Say Y here to update some common checksum after some direct 790 packet alterations. 791 792 To compile this code as a module, choose M here: the 793 module will be called act_csum. 794 795 config NET_ACT_MPLS 796 tristate "MPLS manipulation" 797 depends on NET_CLS_ACT 798 help 799 Say Y here to push or pop MPLS headers. 800 801 If unsure, say N. 802 803 To compile this code as a module, choose M here: the 804 module will be called act_mpls. 805 806 config NET_ACT_VLAN 807 tristate "Vlan manipulation" 808 depends on NET_CLS_ACT 809 help 810 Say Y here to push or pop vlan headers. 811 812 If unsure, say N. 813 814 To compile this code as a module, choose M here: the 815 module will be called act_vlan. 816 817 config NET_ACT_BPF 818 tristate "BPF based action" 819 depends on NET_CLS_ACT 820 help 821 Say Y here to execute BPF code on packets. The BPF code will decide 822 if the packet should be dropped or not. 823 824 If unsure, say N. 825 826 To compile this code as a module, choose M here: the 827 module will be called act_bpf. 828 829 config NET_ACT_CONNMARK 830 tristate "Netfilter Connection Mark Retriever" 831 depends on NET_CLS_ACT && NETFILTER 832 depends on NF_CONNTRACK && NF_CONNTRACK_MARK 833 help 834 Say Y here to allow retrieving of conn mark 835 836 If unsure, say N. 837 838 To compile this code as a module, choose M here: the 839 module will be called act_connmark. 840 841 config NET_ACT_CTINFO 842 tristate "Netfilter Connection Mark Actions" 843 depends on NET_CLS_ACT && NETFILTER 844 depends on NF_CONNTRACK && NF_CONNTRACK_MARK 845 help 846 Say Y here to allow transfer of a connmark stored information. 847 Current actions transfer connmark stored DSCP into 848 ipv4/v6 diffserv and/or to transfer connmark to packet 849 mark. Both are useful for restoring egress based marks 850 back onto ingress connections for qdisc priority mapping 851 purposes. 852 853 If unsure, say N. 854 855 To compile this code as a module, choose M here: the 856 module will be called act_ctinfo. 857 858 config NET_ACT_SKBMOD 859 tristate "skb data modification action" 860 depends on NET_CLS_ACT 861 help 862 Say Y here to allow modification of skb data 863 864 If unsure, say N. 865 866 To compile this code as a module, choose M here: the 867 module will be called act_skbmod. 868 869 config NET_ACT_IFE 870 tristate "Inter-FE action based on IETF ForCES InterFE LFB" 871 depends on NET_CLS_ACT 872 select NET_IFE 873 help 874 Say Y here to allow for sourcing and terminating metadata 875 For details refer to netdev01 paper: 876 "Distributing Linux Traffic Control Classifier-Action Subsystem" 877 Authors: Jamal Hadi Salim and Damascene M. Joachimpillai 878 879 To compile this code as a module, choose M here: the 880 module will be called act_ife. 881 882 config NET_ACT_TUNNEL_KEY 883 tristate "IP tunnel metadata manipulation" 884 depends on NET_CLS_ACT 885 help 886 Say Y here to set/release ip tunnel metadata. 887 888 If unsure, say N. 889 890 To compile this code as a module, choose M here: the 891 module will be called act_tunnel_key. 892 893 config NET_ACT_CT 894 tristate "connection tracking tc action" 895 depends on NET_CLS_ACT && NF_CONNTRACK && (!NF_NAT || NF_NAT) && NF_FLOW_TABLE 896 select NF_CONNTRACK_OVS 897 select NF_NAT_OVS if NF_NAT 898 help 899 Say Y here to allow sending the packets to conntrack module. 900 901 If unsure, say N. 902 903 To compile this code as a module, choose M here: the 904 module will be called act_ct. 905 906 config NET_ACT_GATE 907 tristate "Frame gate entry list control tc action" 908 depends on NET_CLS_ACT 909 help 910 Say Y here to allow to control the ingress flow to be passed at 911 specific time slot and be dropped at other specific time slot by 912 the gate entry list. 913 914 If unsure, say N. 915 To compile this code as a module, choose M here: the 916 module will be called act_gate. 917 918 config NET_IFE_SKBMARK 919 tristate "Support to encoding decoding skb mark on IFE action" 920 depends on NET_ACT_IFE 921 922 config NET_IFE_SKBPRIO 923 tristate "Support to encoding decoding skb prio on IFE action" 924 depends on NET_ACT_IFE 925 926 config NET_IFE_SKBTCINDEX 927 tristate "Support to encoding decoding skb tcindex on IFE action" 928 depends on NET_ACT_IFE 929 930 config NET_TC_SKB_EXT 931 bool "TC recirculation support" 932 depends on NET_CLS_ACT 933 select SKB_EXTENSIONS 934 935 help 936 Say Y here to allow tc chain misses to continue in OvS datapath in 937 the correct recirc_id, and hardware chain misses to continue in 938 the correct chain in tc software datapath. 939 940 Say N here if you won't be using tc<->ovs offload or tc chains offload. 941 942 endif # NET_SCHED 943 944 config NET_SCH_FIFO 945 bool
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.