2005-04-17 06:20:36 +08:00
|
|
|
#
|
|
|
|
# IP configuration
|
|
|
|
#
|
|
|
|
config IP_MULTICAST
|
|
|
|
bool "IP: multicasting"
|
|
|
|
help
|
|
|
|
This is code for addressing several networked computers at once,
|
|
|
|
enlarging your kernel by about 2 KB. You need multicasting if you
|
|
|
|
intend to participate in the MBONE, a high bandwidth network on top
|
|
|
|
of the Internet which carries audio and video broadcasts. More
|
|
|
|
information about the MBONE is on the WWW at
|
2007-02-18 02:49:13 +08:00
|
|
|
<http://www.savetz.com/mbone/>. Information about the multicast
|
2005-04-17 06:20:36 +08:00
|
|
|
capabilities of the various network cards is contained in
|
|
|
|
<file:Documentation/networking/multicast.txt>. For most people, it's
|
|
|
|
safe to say N.
|
|
|
|
|
|
|
|
config IP_ADVANCED_ROUTER
|
|
|
|
bool "IP: advanced router"
|
|
|
|
---help---
|
|
|
|
If you intend to run your Linux box mostly as a router, i.e. as a
|
|
|
|
computer that forwards and redistributes network packets, say Y; you
|
|
|
|
will then be presented with several options that allow more precise
|
|
|
|
control about the routing process.
|
|
|
|
|
|
|
|
The answer to this question won't directly affect the kernel:
|
|
|
|
answering N will just cause the configurator to skip all the
|
|
|
|
questions about advanced routing.
|
|
|
|
|
|
|
|
Note that your box can only act as a router if you enable IP
|
|
|
|
forwarding in your kernel; you can do that by saying Y to "/proc
|
|
|
|
file system support" and "Sysctl support" below and executing the
|
|
|
|
line
|
|
|
|
|
|
|
|
echo "1" > /proc/sys/net/ipv4/ip_forward
|
|
|
|
|
|
|
|
at boot time after the /proc file system has been mounted.
|
|
|
|
|
|
|
|
If you turn on IP forwarding, you will also get the rp_filter, which
|
|
|
|
automatically rejects incoming packets if the routing table entry
|
|
|
|
for their source address doesn't match the network interface they're
|
|
|
|
arriving on. This has security advantages because it prevents the
|
|
|
|
so-called IP spoofing, however it can pose problems if you use
|
|
|
|
asymmetric routing (packets from you to a host take a different path
|
|
|
|
than packets from that host to you) or if you operate a non-routing
|
|
|
|
host which has several IP addresses on different interfaces. To turn
|
|
|
|
rp_filter off use:
|
|
|
|
|
|
|
|
echo 0 > /proc/sys/net/ipv4/conf/<device>/rp_filter
|
|
|
|
or
|
|
|
|
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
|
|
|
|
|
|
|
|
If unsure, say N here.
|
|
|
|
|
2005-06-25 08:50:53 +08:00
|
|
|
choice
|
|
|
|
prompt "Choose IP: FIB lookup algorithm (choose FIB_HASH if unsure)"
|
|
|
|
depends on IP_ADVANCED_ROUTER
|
2005-07-19 04:55:19 +08:00
|
|
|
default ASK_IP_FIB_HASH
|
2005-06-25 08:50:53 +08:00
|
|
|
|
2005-07-19 04:55:19 +08:00
|
|
|
config ASK_IP_FIB_HASH
|
2005-06-25 08:50:53 +08:00
|
|
|
bool "FIB_HASH"
|
|
|
|
---help---
|
|
|
|
Current FIB is very proven and good enough for most users.
|
|
|
|
|
|
|
|
config IP_FIB_TRIE
|
|
|
|
bool "FIB_TRIE"
|
|
|
|
---help---
|
2006-10-04 04:34:14 +08:00
|
|
|
Use new experimental LC-trie as FIB lookup algorithm.
|
2005-06-25 08:50:53 +08:00
|
|
|
This improves lookup performance if you have a large
|
|
|
|
number of routes.
|
|
|
|
|
|
|
|
LC-trie is a longest matching prefix lookup algorithm which
|
|
|
|
performs better than FIB_HASH for large routing tables.
|
|
|
|
But, it consumes more memory and is more complex.
|
|
|
|
|
|
|
|
LC-trie is described in:
|
|
|
|
|
|
|
|
IP-address lookup using LC-tries. Stefan Nilsson and Gunnar Karlsson
|
|
|
|
IEEE Journal on Selected Areas in Communications, 17(6):1083-1092, June 1999
|
|
|
|
An experimental study of compression methods for dynamic tries
|
|
|
|
Stefan Nilsson and Matti Tikkanen. Algorithmica, 33(1):19-33, 2002.
|
|
|
|
http://www.nada.kth.se/~snilsson/public/papers/dyntrie2/
|
|
|
|
|
|
|
|
endchoice
|
|
|
|
|
|
|
|
config IP_FIB_HASH
|
2005-07-19 04:55:19 +08:00
|
|
|
def_bool ASK_IP_FIB_HASH || !IP_ADVANCED_ROUTER
|
2005-06-25 08:50:53 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
config IP_MULTIPLE_TABLES
|
|
|
|
bool "IP: policy routing"
|
|
|
|
depends on IP_ADVANCED_ROUTER
|
2006-08-04 18:39:22 +08:00
|
|
|
select FIB_RULES
|
2005-04-17 06:20:36 +08:00
|
|
|
---help---
|
|
|
|
Normally, a router decides what to do with a received packet based
|
|
|
|
solely on the packet's final destination address. If you say Y here,
|
|
|
|
the Linux router will also be able to take the packet's source
|
|
|
|
address into account. Furthermore, the TOS (Type-Of-Service) field
|
|
|
|
of the packet can be used for routing decisions as well.
|
|
|
|
|
|
|
|
If you are interested in this, please see the preliminary
|
|
|
|
documentation at <http://www.compendium.com.ar/policy-routing.txt>
|
|
|
|
and <ftp://post.tepkom.ru/pub/vol2/Linux/docs/advanced-routing.tex>.
|
|
|
|
You will need supporting software from
|
|
|
|
<ftp://ftp.tux.org/pub/net/ip-routing/>.
|
|
|
|
|
|
|
|
If unsure, say N.
|
|
|
|
|
|
|
|
config IP_ROUTE_MULTIPATH
|
|
|
|
bool "IP: equal cost multipath"
|
|
|
|
depends on IP_ADVANCED_ROUTER
|
|
|
|
help
|
|
|
|
Normally, the routing tables specify a single action to be taken in
|
|
|
|
a deterministic manner for a given packet. If you say Y here
|
|
|
|
however, it becomes possible to attach several actions to a packet
|
|
|
|
pattern, in effect specifying several alternative paths to travel
|
|
|
|
for those packets. The router considers all these paths to be of
|
|
|
|
equal "cost" and chooses one of them in a non-deterministic fashion
|
|
|
|
if a matching packet arrives.
|
|
|
|
|
|
|
|
config IP_ROUTE_MULTIPATH_CACHED
|
|
|
|
bool "IP: equal cost multipath with caching support (EXPERIMENTAL)"
|
2005-07-28 04:00:04 +08:00
|
|
|
depends on IP_ROUTE_MULTIPATH
|
2005-04-17 06:20:36 +08:00
|
|
|
help
|
|
|
|
Normally, equal cost multipath routing is not supported by the
|
|
|
|
routing cache. If you say Y here, alternative routes are cached
|
|
|
|
and on cache lookup a route is chosen in a configurable fashion.
|
|
|
|
|
|
|
|
If unsure, say N.
|
|
|
|
|
|
|
|
config IP_ROUTE_MULTIPATH_RR
|
|
|
|
tristate "MULTIPATH: round robin algorithm"
|
|
|
|
depends on IP_ROUTE_MULTIPATH_CACHED
|
|
|
|
help
|
|
|
|
Mulitpath routes are chosen according to Round Robin
|
|
|
|
|
|
|
|
config IP_ROUTE_MULTIPATH_RANDOM
|
|
|
|
tristate "MULTIPATH: random algorithm"
|
|
|
|
depends on IP_ROUTE_MULTIPATH_CACHED
|
|
|
|
help
|
|
|
|
Multipath routes are chosen in a random fashion. Actually,
|
|
|
|
there is no weight for a route. The advantage of this policy
|
|
|
|
is that it is implemented stateless and therefore introduces only
|
|
|
|
a very small delay.
|
|
|
|
|
|
|
|
config IP_ROUTE_MULTIPATH_WRANDOM
|
|
|
|
tristate "MULTIPATH: weighted random algorithm"
|
|
|
|
depends on IP_ROUTE_MULTIPATH_CACHED
|
|
|
|
help
|
|
|
|
Multipath routes are chosen in a weighted random fashion.
|
|
|
|
The per route weights are the weights visible via ip route 2. As the
|
|
|
|
corresponding state management introduces some overhead routing delay
|
|
|
|
is increased.
|
|
|
|
|
|
|
|
config IP_ROUTE_MULTIPATH_DRR
|
|
|
|
tristate "MULTIPATH: interface round robin algorithm"
|
|
|
|
depends on IP_ROUTE_MULTIPATH_CACHED
|
|
|
|
help
|
|
|
|
Connections are distributed in a round robin fashion over the
|
|
|
|
available interfaces. This policy makes sense if the connections
|
|
|
|
should be primarily distributed on interfaces and not on routes.
|
|
|
|
|
|
|
|
config IP_ROUTE_VERBOSE
|
|
|
|
bool "IP: verbose route monitoring"
|
|
|
|
depends on IP_ADVANCED_ROUTER
|
|
|
|
help
|
|
|
|
If you say Y here, which is recommended, then the kernel will print
|
|
|
|
verbose messages regarding the routing, for example warnings about
|
|
|
|
received packets which look strange and could be evidence of an
|
|
|
|
attack or a misconfigured system somewhere. The information is
|
|
|
|
handled by the klogd daemon which is responsible for kernel messages
|
|
|
|
("man klogd").
|
|
|
|
|
|
|
|
config IP_PNP
|
|
|
|
bool "IP: kernel level autoconfiguration"
|
|
|
|
help
|
|
|
|
This enables automatic configuration of IP addresses of devices and
|
|
|
|
of the routing table during kernel boot, based on either information
|
|
|
|
supplied on the kernel command line or by BOOTP or RARP protocols.
|
|
|
|
You need to say Y only for diskless machines requiring network
|
|
|
|
access to boot (in which case you want to say Y to "Root file system
|
|
|
|
on NFS" as well), because all other machines configure the network
|
|
|
|
in their startup scripts.
|
|
|
|
|
|
|
|
config IP_PNP_DHCP
|
|
|
|
bool "IP: DHCP support"
|
|
|
|
depends on IP_PNP
|
|
|
|
---help---
|
|
|
|
If you want your Linux box to mount its whole root file system (the
|
|
|
|
one containing the directory /) from some other computer over the
|
|
|
|
net via NFS and you want the IP address of your computer to be
|
|
|
|
discovered automatically at boot time using the DHCP protocol (a
|
|
|
|
special protocol designed for doing this job), say Y here. In case
|
|
|
|
the boot ROM of your network card was designed for booting Linux and
|
|
|
|
does DHCP itself, providing all necessary information on the kernel
|
|
|
|
command line, you can say N here.
|
|
|
|
|
|
|
|
If unsure, say Y. Note that if you want to use DHCP, a DHCP server
|
|
|
|
must be operating on your network. Read
|
|
|
|
<file:Documentation/nfsroot.txt> for details.
|
|
|
|
|
|
|
|
config IP_PNP_BOOTP
|
|
|
|
bool "IP: BOOTP support"
|
|
|
|
depends on IP_PNP
|
|
|
|
---help---
|
|
|
|
If you want your Linux box to mount its whole root file system (the
|
|
|
|
one containing the directory /) from some other computer over the
|
|
|
|
net via NFS and you want the IP address of your computer to be
|
|
|
|
discovered automatically at boot time using the BOOTP protocol (a
|
|
|
|
special protocol designed for doing this job), say Y here. In case
|
|
|
|
the boot ROM of your network card was designed for booting Linux and
|
|
|
|
does BOOTP itself, providing all necessary information on the kernel
|
|
|
|
command line, you can say N here. If unsure, say Y. Note that if you
|
|
|
|
want to use BOOTP, a BOOTP server must be operating on your network.
|
|
|
|
Read <file:Documentation/nfsroot.txt> for details.
|
|
|
|
|
|
|
|
config IP_PNP_RARP
|
|
|
|
bool "IP: RARP support"
|
|
|
|
depends on IP_PNP
|
|
|
|
help
|
|
|
|
If you want your Linux box to mount its whole root file system (the
|
|
|
|
one containing the directory /) from some other computer over the
|
|
|
|
net via NFS and you want the IP address of your computer to be
|
|
|
|
discovered automatically at boot time using the RARP protocol (an
|
|
|
|
older protocol which is being obsoleted by BOOTP and DHCP), say Y
|
|
|
|
here. Note that if you want to use RARP, a RARP server must be
|
|
|
|
operating on your network. Read <file:Documentation/nfsroot.txt> for
|
|
|
|
details.
|
|
|
|
|
|
|
|
# not yet ready..
|
|
|
|
# bool ' IP: ARP support' CONFIG_IP_PNP_ARP
|
|
|
|
config NET_IPIP
|
|
|
|
tristate "IP: tunneling"
|
2006-03-28 17:12:13 +08:00
|
|
|
select INET_TUNNEL
|
2005-04-17 06:20:36 +08:00
|
|
|
---help---
|
|
|
|
Tunneling means encapsulating data of one protocol type within
|
|
|
|
another protocol and sending it over a channel that understands the
|
|
|
|
encapsulating protocol. This particular tunneling driver implements
|
|
|
|
encapsulation of IP within IP, which sounds kind of pointless, but
|
|
|
|
can be useful if you want to make your (or some other) machine
|
|
|
|
appear on a different network than it physically is, or to use
|
|
|
|
mobile-IP facilities (allowing laptops to seamlessly move between
|
|
|
|
networks without changing their IP addresses).
|
|
|
|
|
|
|
|
Saying Y to this option will produce two modules ( = code which can
|
|
|
|
be inserted in and removed from the running kernel whenever you
|
|
|
|
want). Most people won't need this and can say N.
|
|
|
|
|
|
|
|
config NET_IPGRE
|
|
|
|
tristate "IP: GRE tunnels over IP"
|
|
|
|
help
|
|
|
|
Tunneling means encapsulating data of one protocol type within
|
|
|
|
another protocol and sending it over a channel that understands the
|
|
|
|
encapsulating protocol. This particular tunneling driver implements
|
|
|
|
GRE (Generic Routing Encapsulation) and at this time allows
|
|
|
|
encapsulating of IPv4 or IPv6 over existing IPv4 infrastructure.
|
|
|
|
This driver is useful if the other endpoint is a Cisco router: Cisco
|
|
|
|
likes GRE much better than the other Linux tunneling driver ("IP
|
|
|
|
tunneling" above). In addition, GRE allows multicast redistribution
|
|
|
|
through the tunnel.
|
|
|
|
|
|
|
|
config NET_IPGRE_BROADCAST
|
|
|
|
bool "IP: broadcast GRE over IP"
|
|
|
|
depends on IP_MULTICAST && NET_IPGRE
|
|
|
|
help
|
|
|
|
One application of GRE/IP is to construct a broadcast WAN (Wide Area
|
|
|
|
Network), which looks like a normal Ethernet LAN (Local Area
|
|
|
|
Network), but can be distributed all over the Internet. If you want
|
|
|
|
to do that, say Y here and to "IP multicast routing" below.
|
|
|
|
|
|
|
|
config IP_MROUTE
|
|
|
|
bool "IP: multicast routing"
|
|
|
|
depends on IP_MULTICAST
|
|
|
|
help
|
|
|
|
This is used if you want your machine to act as a router for IP
|
|
|
|
packets that have several destination addresses. It is needed on the
|
|
|
|
MBONE, a high bandwidth network on top of the Internet which carries
|
|
|
|
audio and video broadcasts. In order to do that, you would most
|
|
|
|
likely run the program mrouted. Information about the multicast
|
|
|
|
capabilities of the various network cards is contained in
|
|
|
|
<file:Documentation/networking/multicast.txt>. If you haven't heard
|
|
|
|
about it, you don't need it.
|
|
|
|
|
|
|
|
config IP_PIMSM_V1
|
|
|
|
bool "IP: PIM-SM version 1 support"
|
|
|
|
depends on IP_MROUTE
|
|
|
|
help
|
|
|
|
Kernel side support for Sparse Mode PIM (Protocol Independent
|
|
|
|
Multicast) version 1. This multicast routing protocol is used widely
|
|
|
|
because Cisco supports it. You need special software to use it
|
|
|
|
(pimd-v1). Please see <http://netweb.usc.edu/pim/> for more
|
|
|
|
information about PIM.
|
|
|
|
|
|
|
|
Say Y if you want to use PIM-SM v1. Note that you can say N here if
|
|
|
|
you just want to use Dense Mode PIM.
|
|
|
|
|
|
|
|
config IP_PIMSM_V2
|
|
|
|
bool "IP: PIM-SM version 2 support"
|
|
|
|
depends on IP_MROUTE
|
|
|
|
help
|
|
|
|
Kernel side support for Sparse Mode PIM version 2. In order to use
|
|
|
|
this, you need an experimental routing daemon supporting it (pimd or
|
|
|
|
gated-5). This routing protocol is not used widely, so say N unless
|
|
|
|
you want to play with it.
|
|
|
|
|
|
|
|
config ARPD
|
|
|
|
bool "IP: ARP daemon support (EXPERIMENTAL)"
|
2005-07-12 12:13:56 +08:00
|
|
|
depends on EXPERIMENTAL
|
2005-04-17 06:20:36 +08:00
|
|
|
---help---
|
|
|
|
Normally, the kernel maintains an internal cache which maps IP
|
|
|
|
addresses to hardware addresses on the local network, so that
|
|
|
|
Ethernet/Token Ring/ etc. frames are sent to the proper address on
|
|
|
|
the physical networking layer. For small networks having a few
|
|
|
|
hundred directly connected hosts or less, keeping this address
|
|
|
|
resolution (ARP) cache inside the kernel works well. However,
|
|
|
|
maintaining an internal ARP cache does not work well for very large
|
|
|
|
switched networks, and will use a lot of kernel memory if TCP/IP
|
|
|
|
connections are made to many machines on the network.
|
|
|
|
|
|
|
|
If you say Y here, the kernel's internal ARP cache will never grow
|
|
|
|
to more than 256 entries (the oldest entries are expired in a LIFO
|
|
|
|
manner) and communication will be attempted with the user space ARP
|
|
|
|
daemon arpd. Arpd then answers the address resolution request either
|
|
|
|
from its own cache or by asking the net.
|
|
|
|
|
|
|
|
This code is experimental and also obsolete. If you want to use it,
|
|
|
|
you need to find a version of the daemon arpd on the net somewhere,
|
|
|
|
and you should also say Y to "Kernel/User network link driver",
|
|
|
|
below. If unsure, say N.
|
|
|
|
|
|
|
|
config SYN_COOKIES
|
|
|
|
bool "IP: TCP syncookie support (disabled per default)"
|
|
|
|
---help---
|
|
|
|
Normal TCP/IP networking is open to an attack known as "SYN
|
|
|
|
flooding". This denial-of-service attack prevents legitimate remote
|
|
|
|
users from being able to connect to your computer during an ongoing
|
|
|
|
attack and requires very little work from the attacker, who can
|
|
|
|
operate from anywhere on the Internet.
|
|
|
|
|
|
|
|
SYN cookies provide protection against this type of attack. If you
|
|
|
|
say Y here, the TCP/IP stack will use a cryptographic challenge
|
|
|
|
protocol known as "SYN cookies" to enable legitimate users to
|
|
|
|
continue to connect, even when your machine is under attack. There
|
|
|
|
is no need for the legitimate users to change their TCP/IP software;
|
|
|
|
SYN cookies work transparently to them. For technical information
|
|
|
|
about SYN cookies, check out <http://cr.yp.to/syncookies.html>.
|
|
|
|
|
|
|
|
If you are SYN flooded, the source address reported by the kernel is
|
|
|
|
likely to have been forged by the attacker; it is only reported as
|
|
|
|
an aid in tracing the packets to their actual source and should not
|
|
|
|
be taken as absolute truth.
|
|
|
|
|
|
|
|
SYN cookies may prevent correct error reporting on clients when the
|
|
|
|
server is really overloaded. If this happens frequently better turn
|
|
|
|
them off.
|
|
|
|
|
|
|
|
If you say Y here, note that SYN cookies aren't enabled by default;
|
|
|
|
you can enable them by saying Y to "/proc file system support" and
|
|
|
|
"Sysctl support" below and executing the command
|
|
|
|
|
|
|
|
echo 1 >/proc/sys/net/ipv4/tcp_syncookies
|
|
|
|
|
|
|
|
at boot time after the /proc file system has been mounted.
|
|
|
|
|
|
|
|
If unsure, say N.
|
|
|
|
|
|
|
|
config INET_AH
|
|
|
|
tristate "IP: AH transformation"
|
|
|
|
select XFRM
|
|
|
|
select CRYPTO
|
|
|
|
select CRYPTO_HMAC
|
|
|
|
select CRYPTO_MD5
|
|
|
|
select CRYPTO_SHA1
|
|
|
|
---help---
|
|
|
|
Support for IPsec AH.
|
|
|
|
|
|
|
|
If unsure, say Y.
|
|
|
|
|
|
|
|
config INET_ESP
|
|
|
|
tristate "IP: ESP transformation"
|
|
|
|
select XFRM
|
|
|
|
select CRYPTO
|
|
|
|
select CRYPTO_HMAC
|
|
|
|
select CRYPTO_MD5
|
2006-07-30 13:41:01 +08:00
|
|
|
select CRYPTO_CBC
|
2005-04-17 06:20:36 +08:00
|
|
|
select CRYPTO_SHA1
|
|
|
|
select CRYPTO_DES
|
|
|
|
---help---
|
|
|
|
Support for IPsec ESP.
|
|
|
|
|
|
|
|
If unsure, say Y.
|
|
|
|
|
|
|
|
config INET_IPCOMP
|
|
|
|
tristate "IP: IPComp transformation"
|
|
|
|
select XFRM
|
2006-03-28 17:12:13 +08:00
|
|
|
select INET_XFRM_TUNNEL
|
2005-04-17 06:20:36 +08:00
|
|
|
select CRYPTO
|
|
|
|
select CRYPTO_DEFLATE
|
|
|
|
---help---
|
|
|
|
Support for IP Payload Compression Protocol (IPComp) (RFC3173),
|
|
|
|
typically needed for IPsec.
|
|
|
|
|
|
|
|
If unsure, say Y.
|
|
|
|
|
2006-03-28 17:12:13 +08:00
|
|
|
config INET_XFRM_TUNNEL
|
|
|
|
tristate
|
|
|
|
select INET_TUNNEL
|
|
|
|
default n
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
config INET_TUNNEL
|
2006-03-28 17:12:13 +08:00
|
|
|
tristate
|
|
|
|
default n
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2006-05-28 14:05:54 +08:00
|
|
|
config INET_XFRM_MODE_TRANSPORT
|
|
|
|
tristate "IP: IPsec transport mode"
|
|
|
|
default y
|
|
|
|
select XFRM
|
|
|
|
---help---
|
|
|
|
Support for IPsec transport mode.
|
|
|
|
|
|
|
|
If unsure, say Y.
|
|
|
|
|
|
|
|
config INET_XFRM_MODE_TUNNEL
|
|
|
|
tristate "IP: IPsec tunnel mode"
|
|
|
|
default y
|
|
|
|
select XFRM
|
|
|
|
---help---
|
|
|
|
Support for IPsec tunnel mode.
|
|
|
|
|
|
|
|
If unsure, say Y.
|
|
|
|
|
2006-10-04 14:47:05 +08:00
|
|
|
config INET_XFRM_MODE_BEET
|
|
|
|
tristate "IP: IPsec BEET mode"
|
|
|
|
default y
|
|
|
|
select XFRM
|
|
|
|
---help---
|
|
|
|
Support for IPsec BEET mode.
|
|
|
|
|
|
|
|
If unsure, say Y.
|
|
|
|
|
[INET_DIAG]: Move the tcp_diag interface to the proper place
With this the previous setup is back, i.e. tcp_diag can be built as a module,
as dccp_diag and both share the infrastructure available in inet_diag.
If one selects CONFIG_INET_DIAG as module CONFIG_INET_TCP_DIAG will also be
built as a module, as will CONFIG_INET_DCCP_DIAG, if CONFIG_IP_DCCP was
selected static or as a module, if CONFIG_INET_DIAG is y, being statically
linked CONFIG_INET_TCP_DIAG will follow suit and CONFIG_INET_DCCP_DIAG will be
built in the same manner as CONFIG_IP_DCCP.
Now to aim at UDP, converting it to use inet_hashinfo, so that we can use
iproute2 for UDP sockets as well.
Ah, just to show an example of this new infrastructure working for DCCP :-)
[root@qemu ~]# ./ss -dane
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 0 *:5001 *:* ino:942 sk:cfd503a0
ESTAB 0 0 127.0.0.1:5001 127.0.0.1:32770 ino:943 sk:cfd50a60
ESTAB 0 0 127.0.0.1:32770 127.0.0.1:5001 ino:947 sk:cfd50700
TIME-WAIT 0 0 127.0.0.1:32769 127.0.0.1:5001 timer:(timewait,3.430ms,0) ino:0 sk:cf209620
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-12 23:59:17 +08:00
|
|
|
config INET_DIAG
|
|
|
|
tristate "INET: socket monitoring interface"
|
2005-04-17 06:20:36 +08:00
|
|
|
default y
|
|
|
|
---help---
|
2005-08-12 23:51:49 +08:00
|
|
|
Support for INET (TCP, DCCP, etc) socket monitoring interface used by
|
|
|
|
native Linux tools such as ss. ss is included in iproute2, currently
|
2007-02-22 11:32:37 +08:00
|
|
|
downloadable at <http://linux-net.osdl.org/index.php/Iproute2>.
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
If unsure, say Y.
|
|
|
|
|
[INET_DIAG]: Move the tcp_diag interface to the proper place
With this the previous setup is back, i.e. tcp_diag can be built as a module,
as dccp_diag and both share the infrastructure available in inet_diag.
If one selects CONFIG_INET_DIAG as module CONFIG_INET_TCP_DIAG will also be
built as a module, as will CONFIG_INET_DCCP_DIAG, if CONFIG_IP_DCCP was
selected static or as a module, if CONFIG_INET_DIAG is y, being statically
linked CONFIG_INET_TCP_DIAG will follow suit and CONFIG_INET_DCCP_DIAG will be
built in the same manner as CONFIG_IP_DCCP.
Now to aim at UDP, converting it to use inet_hashinfo, so that we can use
iproute2 for UDP sockets as well.
Ah, just to show an example of this new infrastructure working for DCCP :-)
[root@qemu ~]# ./ss -dane
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 0 *:5001 *:* ino:942 sk:cfd503a0
ESTAB 0 0 127.0.0.1:5001 127.0.0.1:32770 ino:943 sk:cfd50a60
ESTAB 0 0 127.0.0.1:32770 127.0.0.1:5001 ino:947 sk:cfd50700
TIME-WAIT 0 0 127.0.0.1:32769 127.0.0.1:5001 timer:(timewait,3.430ms,0) ino:0 sk:cf209620
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-12 23:59:17 +08:00
|
|
|
config INET_TCP_DIAG
|
|
|
|
depends on INET_DIAG
|
|
|
|
def_tristate INET_DIAG
|
|
|
|
|
2006-09-25 11:11:58 +08:00
|
|
|
menuconfig TCP_CONG_ADVANCED
|
2005-06-25 09:07:51 +08:00
|
|
|
bool "TCP: advanced congestion control"
|
|
|
|
---help---
|
|
|
|
Support for selection of various TCP congestion control
|
|
|
|
modules.
|
|
|
|
|
|
|
|
Nearly all users can safely say no here, and a safe default
|
2006-09-25 11:13:03 +08:00
|
|
|
selection will be made (CUBIC with new Reno as a fallback).
|
2005-06-25 09:07:51 +08:00
|
|
|
|
|
|
|
If unsure, say N.
|
|
|
|
|
2006-09-25 11:11:58 +08:00
|
|
|
if TCP_CONG_ADVANCED
|
2005-06-24 03:23:25 +08:00
|
|
|
|
|
|
|
config TCP_CONG_BIC
|
|
|
|
tristate "Binary Increase Congestion (BIC) control"
|
2006-09-25 11:13:03 +08:00
|
|
|
default m
|
2005-06-24 03:23:25 +08:00
|
|
|
---help---
|
|
|
|
BIC-TCP is a sender-side only change that ensures a linear RTT
|
|
|
|
fairness under large windows while offering both scalability and
|
|
|
|
bounded TCP-friendliness. The protocol combines two schemes
|
|
|
|
called additive increase and binary search increase. When the
|
|
|
|
congestion window is large, additive increase with a large
|
|
|
|
increment ensures linear RTT fairness as well as good
|
|
|
|
scalability. Under small congestion windows, binary search
|
|
|
|
increase provides TCP friendliness.
|
|
|
|
See http://www.csc.ncsu.edu/faculty/rhee/export/bitcp/
|
|
|
|
|
2005-12-14 15:13:28 +08:00
|
|
|
config TCP_CONG_CUBIC
|
|
|
|
tristate "CUBIC TCP"
|
2006-09-25 11:13:03 +08:00
|
|
|
default y
|
2005-12-14 15:13:28 +08:00
|
|
|
---help---
|
|
|
|
This is version 2.0 of BIC-TCP which uses a cubic growth function
|
|
|
|
among other techniques.
|
|
|
|
See http://www.csc.ncsu.edu/faculty/rhee/export/bitcp/cubic-paper.pdf
|
|
|
|
|
2005-06-24 03:24:09 +08:00
|
|
|
config TCP_CONG_WESTWOOD
|
|
|
|
tristate "TCP Westwood+"
|
|
|
|
default m
|
|
|
|
---help---
|
|
|
|
TCP Westwood+ is a sender-side only modification of the TCP Reno
|
|
|
|
protocol stack that optimizes the performance of TCP congestion
|
|
|
|
control. It is based on end-to-end bandwidth estimation to set
|
|
|
|
congestion window and slow start threshold after a congestion
|
|
|
|
episode. Using this estimation, TCP Westwood+ adaptively sets a
|
|
|
|
slow start threshold and a congestion window which takes into
|
|
|
|
account the bandwidth used at the time congestion is experienced.
|
|
|
|
TCP Westwood+ significantly increases fairness wrt TCP Reno in
|
|
|
|
wired networks and throughput over wireless links.
|
|
|
|
|
2005-06-24 03:28:11 +08:00
|
|
|
config TCP_CONG_HTCP
|
|
|
|
tristate "H-TCP"
|
|
|
|
default m
|
|
|
|
---help---
|
|
|
|
H-TCP is a send-side only modifications of the TCP Reno
|
|
|
|
protocol stack that optimizes the performance of TCP
|
|
|
|
congestion control for high speed network links. It uses a
|
|
|
|
modeswitch to change the alpha and beta parameters of TCP Reno
|
|
|
|
based on network conditions and in a way so as to be fair with
|
|
|
|
other Reno and H-TCP flows.
|
|
|
|
|
2005-06-24 03:24:58 +08:00
|
|
|
config TCP_CONG_HSTCP
|
|
|
|
tristate "High Speed TCP"
|
2005-07-12 12:13:56 +08:00
|
|
|
depends on EXPERIMENTAL
|
2005-06-24 03:24:58 +08:00
|
|
|
default n
|
|
|
|
---help---
|
|
|
|
Sally Floyd's High Speed TCP (RFC 3649) congestion control.
|
|
|
|
A modification to TCP's congestion control mechanism for use
|
|
|
|
with large congestion windows. A table indicates how much to
|
|
|
|
increase the congestion window by when an ACK is received.
|
|
|
|
For more detail see http://www.icir.org/floyd/hstcp.html
|
|
|
|
|
[TCP]: Add TCP Hybla congestion control module.
TCP Hybla congestion avoidance.
- "In heterogeneous networks, TCP connections that incorporate a
terrestrial or satellite radio link are greatly disadvantaged with
respect to entirely wired connections, because of their longer round
trip times (RTTs). To cope with this problem, a new TCP proposal, the
TCP Hybla, is presented and discussed in the paper[1]. It stems from an
analytical evaluation of the congestion window dynamics in the TCP
standard versions (Tahoe, Reno, NewReno), which suggests the necessary
modifications to remove the performance dependence on RTT.[...]"[1]
[1]: Carlo Caini, Rosario Firrincieli, "TCP Hybla: a TCP enhancement for
heterogeneous networks",
International Journal of Satellite Communications and Networking
Volume 22, Issue 5 , Pages 547 - 566. September 2004.
Signed-off-by: Daniele Lacamera (root at danielinux.net)net
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-06-24 03:26:34 +08:00
|
|
|
config TCP_CONG_HYBLA
|
|
|
|
tristate "TCP-Hybla congestion control algorithm"
|
2005-07-12 12:13:56 +08:00
|
|
|
depends on EXPERIMENTAL
|
[TCP]: Add TCP Hybla congestion control module.
TCP Hybla congestion avoidance.
- "In heterogeneous networks, TCP connections that incorporate a
terrestrial or satellite radio link are greatly disadvantaged with
respect to entirely wired connections, because of their longer round
trip times (RTTs). To cope with this problem, a new TCP proposal, the
TCP Hybla, is presented and discussed in the paper[1]. It stems from an
analytical evaluation of the congestion window dynamics in the TCP
standard versions (Tahoe, Reno, NewReno), which suggests the necessary
modifications to remove the performance dependence on RTT.[...]"[1]
[1]: Carlo Caini, Rosario Firrincieli, "TCP Hybla: a TCP enhancement for
heterogeneous networks",
International Journal of Satellite Communications and Networking
Volume 22, Issue 5 , Pages 547 - 566. September 2004.
Signed-off-by: Daniele Lacamera (root at danielinux.net)net
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-06-24 03:26:34 +08:00
|
|
|
default n
|
|
|
|
---help---
|
|
|
|
TCP-Hybla is a sender-side only change that eliminates penalization of
|
|
|
|
long-RTT, large-bandwidth connections, like when satellite legs are
|
2006-10-04 04:34:14 +08:00
|
|
|
involved, especially when sharing a common bottleneck with normal
|
[TCP]: Add TCP Hybla congestion control module.
TCP Hybla congestion avoidance.
- "In heterogeneous networks, TCP connections that incorporate a
terrestrial or satellite radio link are greatly disadvantaged with
respect to entirely wired connections, because of their longer round
trip times (RTTs). To cope with this problem, a new TCP proposal, the
TCP Hybla, is presented and discussed in the paper[1]. It stems from an
analytical evaluation of the congestion window dynamics in the TCP
standard versions (Tahoe, Reno, NewReno), which suggests the necessary
modifications to remove the performance dependence on RTT.[...]"[1]
[1]: Carlo Caini, Rosario Firrincieli, "TCP Hybla: a TCP enhancement for
heterogeneous networks",
International Journal of Satellite Communications and Networking
Volume 22, Issue 5 , Pages 547 - 566. September 2004.
Signed-off-by: Daniele Lacamera (root at danielinux.net)net
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-06-24 03:26:34 +08:00
|
|
|
terrestrial connections.
|
|
|
|
|
2005-06-24 03:27:19 +08:00
|
|
|
config TCP_CONG_VEGAS
|
|
|
|
tristate "TCP Vegas"
|
2005-07-12 12:13:56 +08:00
|
|
|
depends on EXPERIMENTAL
|
2005-06-24 03:27:19 +08:00
|
|
|
default n
|
|
|
|
---help---
|
|
|
|
TCP Vegas is a sender-side only change to TCP that anticipates
|
|
|
|
the onset of congestion by estimating the bandwidth. TCP Vegas
|
|
|
|
adjusts the sending rate by modifying the congestion
|
|
|
|
window. TCP Vegas should provide less packet loss, but it is
|
|
|
|
not as aggressive as TCP Reno.
|
|
|
|
|
2005-06-24 03:29:07 +08:00
|
|
|
config TCP_CONG_SCALABLE
|
|
|
|
tristate "Scalable TCP"
|
2005-07-12 12:13:56 +08:00
|
|
|
depends on EXPERIMENTAL
|
2005-06-24 03:29:07 +08:00
|
|
|
default n
|
|
|
|
---help---
|
|
|
|
Scalable TCP is a sender-side only change to TCP which uses a
|
|
|
|
MIMD congestion control algorithm which has some nice scaling
|
|
|
|
properties, though is known to have fairness issues.
|
2007-02-22 11:32:37 +08:00
|
|
|
See http://www.deneholme.net/tom/scalable/
|
2005-06-24 03:28:11 +08:00
|
|
|
|
2006-06-06 08:27:58 +08:00
|
|
|
config TCP_CONG_LP
|
|
|
|
tristate "TCP Low Priority"
|
|
|
|
depends on EXPERIMENTAL
|
|
|
|
default n
|
|
|
|
---help---
|
|
|
|
TCP Low Priority (TCP-LP), a distributed algorithm whose goal is
|
2006-10-04 04:36:44 +08:00
|
|
|
to utilize only the excess network bandwidth as compared to the
|
2006-06-06 08:27:58 +08:00
|
|
|
``fair share`` of bandwidth as targeted by TCP.
|
|
|
|
See http://www-ece.rice.edu/networks/TCP-LP/
|
|
|
|
|
2006-06-06 08:28:30 +08:00
|
|
|
config TCP_CONG_VENO
|
|
|
|
tristate "TCP Veno"
|
|
|
|
depends on EXPERIMENTAL
|
|
|
|
default n
|
|
|
|
---help---
|
|
|
|
TCP Veno is a sender-side only enhancement of TCP to obtain better
|
|
|
|
throughput over wireless networks. TCP Veno makes use of state
|
|
|
|
distinguishing to circumvent the difficult judgment of the packet loss
|
|
|
|
type. TCP Veno cuts down less congestion window in response to random
|
|
|
|
loss packets.
|
|
|
|
See http://www.ntu.edu.sg/home5/ZHOU0022/papers/CPFu03a.pdf
|
|
|
|
|
2006-09-25 11:11:58 +08:00
|
|
|
choice
|
|
|
|
prompt "Default TCP congestion control"
|
2006-09-25 11:13:03 +08:00
|
|
|
default DEFAULT_CUBIC
|
2006-09-25 11:11:58 +08:00
|
|
|
help
|
|
|
|
Select the TCP congestion control that will be used by default
|
|
|
|
for all connections.
|
|
|
|
|
|
|
|
config DEFAULT_BIC
|
|
|
|
bool "Bic" if TCP_CONG_BIC=y
|
|
|
|
|
|
|
|
config DEFAULT_CUBIC
|
|
|
|
bool "Cubic" if TCP_CONG_CUBIC=y
|
|
|
|
|
|
|
|
config DEFAULT_HTCP
|
|
|
|
bool "Htcp" if TCP_CONG_HTCP=y
|
|
|
|
|
|
|
|
config DEFAULT_VEGAS
|
|
|
|
bool "Vegas" if TCP_CONG_VEGAS=y
|
|
|
|
|
|
|
|
config DEFAULT_WESTWOOD
|
|
|
|
bool "Westwood" if TCP_CONG_WESTWOOD=y
|
|
|
|
|
|
|
|
config DEFAULT_RENO
|
|
|
|
bool "Reno"
|
|
|
|
|
|
|
|
endchoice
|
|
|
|
|
|
|
|
endif
|
2005-06-24 03:23:25 +08:00
|
|
|
|
2006-09-25 11:13:03 +08:00
|
|
|
config TCP_CONG_CUBIC
|
2005-06-27 06:20:20 +08:00
|
|
|
tristate
|
2005-06-25 09:07:51 +08:00
|
|
|
depends on !TCP_CONG_ADVANCED
|
|
|
|
default y
|
|
|
|
|
2006-09-25 11:11:58 +08:00
|
|
|
config DEFAULT_TCP_CONG
|
|
|
|
string
|
|
|
|
default "bic" if DEFAULT_BIC
|
|
|
|
default "cubic" if DEFAULT_CUBIC
|
|
|
|
default "htcp" if DEFAULT_HTCP
|
|
|
|
default "vegas" if DEFAULT_VEGAS
|
|
|
|
default "westwood" if DEFAULT_WESTWOOD
|
|
|
|
default "reno" if DEFAULT_RENO
|
2006-09-25 11:13:03 +08:00
|
|
|
default "cubic"
|
2006-09-25 11:11:58 +08:00
|
|
|
|
2006-11-15 11:07:45 +08:00
|
|
|
config TCP_MD5SIG
|
|
|
|
bool "TCP: MD5 Signature Option support (RFC2385) (EXPERIMENTAL)"
|
|
|
|
depends on EXPERIMENTAL
|
|
|
|
select CRYPTO
|
|
|
|
select CRYPTO_MD5
|
|
|
|
---help---
|
|
|
|
RFC2385 specifices a method of giving MD5 protection to TCP sessions.
|
|
|
|
Its main (only?) use is to protect BGP sessions between core routers
|
|
|
|
on the Internet.
|
|
|
|
|
|
|
|
If unsure, say N.
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
source "net/ipv4/ipvs/Kconfig"
|
|
|
|
|