]>
Commit | Line | Data |
---|---|---|
ec8f24b7 | 1 | # SPDX-License-Identifier: GPL-2.0-only |
1da177e4 LT |
2 | # |
3 | # IP configuration | |
4 | # | |
5 | config IP_MULTICAST | |
6 | bool "IP: multicasting" | |
1da177e4 LT |
7 | help |
8 | This is code for addressing several networked computers at once, | |
9 | enlarging your kernel by about 2 KB. You need multicasting if you | |
10 | intend to participate in the MBONE, a high bandwidth network on top | |
11 | of the Internet which carries audio and video broadcasts. More | |
12 | information about the MBONE is on the WWW at | |
7a6498eb | 13 | <https://www.savetz.com/mbone/>. For most people, it's safe to say N. |
1da177e4 LT |
14 | |
15 | config IP_ADVANCED_ROUTER | |
16 | bool "IP: advanced router" | |
a7f7f624 | 17 | help |
1da177e4 LT |
18 | If you intend to run your Linux box mostly as a router, i.e. as a |
19 | computer that forwards and redistributes network packets, say Y; you | |
20 | will then be presented with several options that allow more precise | |
21 | control about the routing process. | |
22 | ||
23 | The answer to this question won't directly affect the kernel: | |
24 | answering N will just cause the configurator to skip all the | |
25 | questions about advanced routing. | |
26 | ||
27 | Note that your box can only act as a router if you enable IP | |
28 | forwarding in your kernel; you can do that by saying Y to "/proc | |
29 | file system support" and "Sysctl support" below and executing the | |
30 | line | |
31 | ||
32 | echo "1" > /proc/sys/net/ipv4/ip_forward | |
33 | ||
34 | at boot time after the /proc file system has been mounted. | |
35 | ||
b2cc46a8 | 36 | If you turn on IP forwarding, you should consider the rp_filter, which |
1da177e4 LT |
37 | automatically rejects incoming packets if the routing table entry |
38 | for their source address doesn't match the network interface they're | |
39 | arriving on. This has security advantages because it prevents the | |
40 | so-called IP spoofing, however it can pose problems if you use | |
41 | asymmetric routing (packets from you to a host take a different path | |
42 | than packets from that host to you) or if you operate a non-routing | |
43 | host which has several IP addresses on different interfaces. To turn | |
d7394372 | 44 | rp_filter on use: |
1da177e4 | 45 | |
d7394372 | 46 | echo 1 > /proc/sys/net/ipv4/conf/<device>/rp_filter |
750e9fad | 47 | or |
d7394372 | 48 | echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter |
1da177e4 | 49 | |
b2cc46a8 | 50 | Note that some distributions enable it in startup scripts. |
d18921a0 | 51 | For details about rp_filter strict and loose mode read |
1cec2cac | 52 | <file:Documentation/networking/ip-sysctl.rst>. |
b2cc46a8 | 53 | |
1da177e4 LT |
54 | If unsure, say N here. |
55 | ||
66a2f7fd SH |
56 | config IP_FIB_TRIE_STATS |
57 | bool "FIB TRIE statistics" | |
3630b7c0 | 58 | depends on IP_ADVANCED_ROUTER |
a7f7f624 | 59 | help |
66a2f7fd SH |
60 | Keep track of statistics on structure of FIB TRIE table. |
61 | Useful for testing and measuring TRIE performance. | |
62 | ||
1da177e4 LT |
63 | config IP_MULTIPLE_TABLES |
64 | bool "IP: policy routing" | |
65 | depends on IP_ADVANCED_ROUTER | |
e1ef4bf2 | 66 | select FIB_RULES |
a7f7f624 | 67 | help |
1da177e4 LT |
68 | Normally, a router decides what to do with a received packet based |
69 | solely on the packet's final destination address. If you say Y here, | |
70 | the Linux router will also be able to take the packet's source | |
71 | address into account. Furthermore, the TOS (Type-Of-Service) field | |
72 | of the packet can be used for routing decisions as well. | |
73 | ||
12ed3772 SH |
74 | If you need more information, see the Linux Advanced |
75 | Routing and Traffic Control documentation at | |
7a6498eb | 76 | <https://lartc.org/howto/lartc.rpdb.html> |
1da177e4 LT |
77 | |
78 | If unsure, say N. | |
79 | ||
1da177e4 LT |
80 | config IP_ROUTE_MULTIPATH |
81 | bool "IP: equal cost multipath" | |
82 | depends on IP_ADVANCED_ROUTER | |
83 | help | |
84 | Normally, the routing tables specify a single action to be taken in | |
85 | a deterministic manner for a given packet. If you say Y here | |
86 | however, it becomes possible to attach several actions to a packet | |
87 | pattern, in effect specifying several alternative paths to travel | |
88 | for those packets. The router considers all these paths to be of | |
89 | equal "cost" and chooses one of them in a non-deterministic fashion | |
90 | if a matching packet arrives. | |
91 | ||
1da177e4 LT |
92 | config IP_ROUTE_VERBOSE |
93 | bool "IP: verbose route monitoring" | |
94 | depends on IP_ADVANCED_ROUTER | |
95 | help | |
96 | If you say Y here, which is recommended, then the kernel will print | |
97 | verbose messages regarding the routing, for example warnings about | |
98 | received packets which look strange and could be evidence of an | |
99 | attack or a misconfigured system somewhere. The information is | |
100 | handled by the klogd daemon which is responsible for kernel messages | |
101 | ("man klogd"). | |
102 | ||
c7066f70 PM |
103 | config IP_ROUTE_CLASSID |
104 | bool | |
105 | ||
1da177e4 LT |
106 | config IP_PNP |
107 | bool "IP: kernel level autoconfiguration" | |
1da177e4 LT |
108 | help |
109 | This enables automatic configuration of IP addresses of devices and | |
110 | of the routing table during kernel boot, based on either information | |
111 | supplied on the kernel command line or by BOOTP or RARP protocols. | |
112 | You need to say Y only for diskless machines requiring network | |
113 | access to boot (in which case you want to say Y to "Root file system | |
114 | on NFS" as well), because all other machines configure the network | |
115 | in their startup scripts. | |
116 | ||
117 | config IP_PNP_DHCP | |
118 | bool "IP: DHCP support" | |
119 | depends on IP_PNP | |
a7f7f624 | 120 | help |
1da177e4 LT |
121 | If you want your Linux box to mount its whole root file system (the |
122 | one containing the directory /) from some other computer over the | |
123 | net via NFS and you want the IP address of your computer to be | |
124 | discovered automatically at boot time using the DHCP protocol (a | |
125 | special protocol designed for doing this job), say Y here. In case | |
126 | the boot ROM of your network card was designed for booting Linux and | |
127 | does DHCP itself, providing all necessary information on the kernel | |
128 | command line, you can say N here. | |
129 | ||
130 | If unsure, say Y. Note that if you want to use DHCP, a DHCP server | |
131 | must be operating on your network. Read | |
3eb30c51 | 132 | <file:Documentation/admin-guide/nfs/nfsroot.rst> for details. |
1da177e4 LT |
133 | |
134 | config IP_PNP_BOOTP | |
135 | bool "IP: BOOTP support" | |
136 | depends on IP_PNP | |
a7f7f624 | 137 | help |
1da177e4 LT |
138 | If you want your Linux box to mount its whole root file system (the |
139 | one containing the directory /) from some other computer over the | |
140 | net via NFS and you want the IP address of your computer to be | |
141 | discovered automatically at boot time using the BOOTP protocol (a | |
142 | special protocol designed for doing this job), say Y here. In case | |
143 | the boot ROM of your network card was designed for booting Linux and | |
144 | does BOOTP itself, providing all necessary information on the kernel | |
145 | command line, you can say N here. If unsure, say Y. Note that if you | |
146 | want to use BOOTP, a BOOTP server must be operating on your network. | |
3eb30c51 | 147 | Read <file:Documentation/admin-guide/nfs/nfsroot.rst> for details. |
1da177e4 LT |
148 | |
149 | config IP_PNP_RARP | |
150 | bool "IP: RARP support" | |
151 | depends on IP_PNP | |
152 | help | |
153 | If you want your Linux box to mount its whole root file system (the | |
154 | one containing the directory /) from some other computer over the | |
155 | net via NFS and you want the IP address of your computer to be | |
156 | discovered automatically at boot time using the RARP protocol (an | |
157 | older protocol which is being obsoleted by BOOTP and DHCP), say Y | |
158 | here. Note that if you want to use RARP, a RARP server must be | |
6ded55da | 159 | operating on your network. Read |
3eb30c51 | 160 | <file:Documentation/admin-guide/nfs/nfsroot.rst> for details. |
1da177e4 | 161 | |
1da177e4 LT |
162 | config NET_IPIP |
163 | tristate "IP: tunneling" | |
d2acc347 | 164 | select INET_TUNNEL |
fd58156e | 165 | select NET_IP_TUNNEL |
a7f7f624 | 166 | help |
1da177e4 LT |
167 | Tunneling means encapsulating data of one protocol type within |
168 | another protocol and sending it over a channel that understands the | |
169 | encapsulating protocol. This particular tunneling driver implements | |
170 | encapsulation of IP within IP, which sounds kind of pointless, but | |
171 | can be useful if you want to make your (or some other) machine | |
172 | appear on a different network than it physically is, or to use | |
173 | mobile-IP facilities (allowing laptops to seamlessly move between | |
174 | networks without changing their IP addresses). | |
175 | ||
176 | Saying Y to this option will produce two modules ( = code which can | |
177 | be inserted in and removed from the running kernel whenever you | |
178 | want). Most people won't need this and can say N. | |
179 | ||
00959ade DK |
180 | config NET_IPGRE_DEMUX |
181 | tristate "IP: GRE demultiplexer" | |
182 | help | |
43da1411 KK |
183 | This is helper module to demultiplex GRE packets on GRE version field criteria. |
184 | Required by ip_gre and pptp modules. | |
00959ade | 185 | |
c5441932 PS |
186 | config NET_IP_TUNNEL |
187 | tristate | |
e09acddf | 188 | select DST_CACHE |
97e219b7 | 189 | select GRO_CELLS |
c5441932 PS |
190 | default n |
191 | ||
1da177e4 LT |
192 | config NET_IPGRE |
193 | tristate "IP: GRE tunnels over IP" | |
21a180cd | 194 | depends on (IPV6 || IPV6=n) && NET_IPGRE_DEMUX |
c5441932 | 195 | select NET_IP_TUNNEL |
1da177e4 LT |
196 | help |
197 | Tunneling means encapsulating data of one protocol type within | |
198 | another protocol and sending it over a channel that understands the | |
199 | encapsulating protocol. This particular tunneling driver implements | |
200 | GRE (Generic Routing Encapsulation) and at this time allows | |
201 | encapsulating of IPv4 or IPv6 over existing IPv4 infrastructure. | |
202 | This driver is useful if the other endpoint is a Cisco router: Cisco | |
203 | likes GRE much better than the other Linux tunneling driver ("IP | |
204 | tunneling" above). In addition, GRE allows multicast redistribution | |
205 | through the tunnel. | |
206 | ||
207 | config NET_IPGRE_BROADCAST | |
208 | bool "IP: broadcast GRE over IP" | |
209 | depends on IP_MULTICAST && NET_IPGRE | |
210 | help | |
211 | One application of GRE/IP is to construct a broadcast WAN (Wide Area | |
212 | Network), which looks like a normal Ethernet LAN (Local Area | |
213 | Network), but can be distributed all over the Internet. If you want | |
214 | to do that, say Y here and to "IP multicast routing" below. | |
215 | ||
6853f21f YM |
216 | config IP_MROUTE_COMMON |
217 | bool | |
218 | depends on IP_MROUTE || IPV6_MROUTE | |
219 | ||
1da177e4 LT |
220 | config IP_MROUTE |
221 | bool "IP: multicast routing" | |
222 | depends on IP_MULTICAST | |
6853f21f | 223 | select IP_MROUTE_COMMON |
1da177e4 LT |
224 | help |
225 | This is used if you want your machine to act as a router for IP | |
226 | packets that have several destination addresses. It is needed on the | |
227 | MBONE, a high bandwidth network on top of the Internet which carries | |
228 | audio and video broadcasts. In order to do that, you would most | |
4960c2c6 JS |
229 | likely run the program mrouted. If you haven't heard about it, you |
230 | don't need it. | |
1da177e4 | 231 | |
f0ad0860 PM |
232 | config IP_MROUTE_MULTIPLE_TABLES |
233 | bool "IP: multicast policy routing" | |
66496d49 | 234 | depends on IP_MROUTE && IP_ADVANCED_ROUTER |
f0ad0860 PM |
235 | select FIB_RULES |
236 | help | |
237 | Normally, a multicast router runs a userspace daemon and decides | |
238 | what to do with a multicast packet based on the source and | |
239 | destination addresses. If you say Y here, the multicast router | |
240 | will also be able to take interfaces and packet marks into | |
241 | account and run multiple instances of userspace daemons | |
242 | simultaneously, each one handling a single table. | |
243 | ||
244 | If unsure, say N. | |
245 | ||
1da177e4 LT |
246 | config IP_PIMSM_V1 |
247 | bool "IP: PIM-SM version 1 support" | |
248 | depends on IP_MROUTE | |
249 | help | |
250 | Kernel side support for Sparse Mode PIM (Protocol Independent | |
251 | Multicast) version 1. This multicast routing protocol is used widely | |
252 | because Cisco supports it. You need special software to use it | |
253 | (pimd-v1). Please see <http://netweb.usc.edu/pim/> for more | |
254 | information about PIM. | |
255 | ||
256 | Say Y if you want to use PIM-SM v1. Note that you can say N here if | |
257 | you just want to use Dense Mode PIM. | |
258 | ||
259 | config IP_PIMSM_V2 | |
260 | bool "IP: PIM-SM version 2 support" | |
261 | depends on IP_MROUTE | |
262 | help | |
263 | Kernel side support for Sparse Mode PIM version 2. In order to use | |
264 | this, you need an experimental routing daemon supporting it (pimd or | |
265 | gated-5). This routing protocol is not used widely, so say N unless | |
266 | you want to play with it. | |
267 | ||
1da177e4 | 268 | config SYN_COOKIES |
57f1553e | 269 | bool "IP: TCP syncookie support" |
a7f7f624 | 270 | help |
1da177e4 LT |
271 | Normal TCP/IP networking is open to an attack known as "SYN |
272 | flooding". This denial-of-service attack prevents legitimate remote | |
273 | users from being able to connect to your computer during an ongoing | |
274 | attack and requires very little work from the attacker, who can | |
275 | operate from anywhere on the Internet. | |
276 | ||
277 | SYN cookies provide protection against this type of attack. If you | |
278 | say Y here, the TCP/IP stack will use a cryptographic challenge | |
279 | protocol known as "SYN cookies" to enable legitimate users to | |
280 | continue to connect, even when your machine is under attack. There | |
281 | is no need for the legitimate users to change their TCP/IP software; | |
282 | SYN cookies work transparently to them. For technical information | |
7a6498eb | 283 | about SYN cookies, check out <https://cr.yp.to/syncookies.html>. |
1da177e4 LT |
284 | |
285 | If you are SYN flooded, the source address reported by the kernel is | |
286 | likely to have been forged by the attacker; it is only reported as | |
287 | an aid in tracing the packets to their actual source and should not | |
288 | be taken as absolute truth. | |
289 | ||
290 | SYN cookies may prevent correct error reporting on clients when the | |
291 | server is really overloaded. If this happens frequently better turn | |
292 | them off. | |
293 | ||
57f1553e FW |
294 | If you say Y here, you can disable SYN cookies at run time by |
295 | saying Y to "/proc file system support" and | |
1da177e4 LT |
296 | "Sysctl support" below and executing the command |
297 | ||
57f1553e | 298 | echo 0 > /proc/sys/net/ipv4/tcp_syncookies |
1da177e4 | 299 | |
57f1553e | 300 | after the /proc file system has been mounted. |
1da177e4 LT |
301 | |
302 | If unsure, say N. | |
303 | ||
1181412c S |
304 | config NET_IPVTI |
305 | tristate "Virtual (secure) IP: tunneling" | |
f1ed1026 | 306 | depends on IPV6 || IPV6=n |
1181412c | 307 | select INET_TUNNEL |
f61dd388 | 308 | select NET_IP_TUNNEL |
4c145dce | 309 | select XFRM |
a7f7f624 | 310 | help |
1181412c S |
311 | Tunneling means encapsulating data of one protocol type within |
312 | another protocol and sending it over a channel that understands the | |
313 | encapsulating protocol. This can be used with xfrm mode tunnel to give | |
314 | the notion of a secure tunnel for IPSEC and then use routing protocol | |
315 | on top. | |
316 | ||
8024e028 TH |
317 | config NET_UDP_TUNNEL |
318 | tristate | |
7c5df8fa | 319 | select NET_IP_TUNNEL |
8024e028 TH |
320 | default n |
321 | ||
23461551 TH |
322 | config NET_FOU |
323 | tristate "IP: Foo (IP protocols) over UDP" | |
324 | select XFRM | |
325 | select NET_UDP_TUNNEL | |
a7f7f624 | 326 | help |
23461551 TH |
327 | Foo over UDP allows any IP protocol to be directly encapsulated |
328 | over UDP include tunnels (IPIP, GRE, SIT). By encapsulating in UDP | |
329 | network mechanisms and optimizations for UDP (such as ECMP | |
330 | and RSS) can be leveraged to provide better service. | |
331 | ||
63487bab TH |
332 | config NET_FOU_IP_TUNNELS |
333 | bool "IP: FOU encapsulation of IP tunnels" | |
334 | depends on NET_IPIP || NET_IPGRE || IPV6_SIT | |
335 | select NET_FOU | |
a7f7f624 | 336 | help |
63487bab TH |
337 | Allow configuration of FOU or GUE encapsulation for IP tunnels. |
338 | When this option is enabled IP tunnels can be configured to use | |
339 | FOU or GUE encapsulation. | |
340 | ||
1da177e4 LT |
341 | config INET_AH |
342 | tristate "IP: AH transformation" | |
7d4e3919 | 343 | select XFRM_AH |
a7f7f624 | 344 | help |
be013698 EB |
345 | Support for IPsec AH (Authentication Header). |
346 | ||
347 | AH can be used with various authentication algorithms. Besides | |
348 | enabling AH support itself, this option enables the generic | |
349 | implementations of the algorithms that RFC 8221 lists as MUST be | |
350 | implemented. If you need any other algorithms, you'll need to enable | |
351 | them in the crypto API. You should also enable accelerated | |
352 | implementations of any needed algorithms when available. | |
1da177e4 LT |
353 | |
354 | If unsure, say Y. | |
355 | ||
356 | config INET_ESP | |
357 | tristate "IP: ESP transformation" | |
7d4e3919 | 358 | select XFRM_ESP |
a7f7f624 | 359 | help |
be013698 EB |
360 | Support for IPsec ESP (Encapsulating Security Payload). |
361 | ||
362 | ESP can be used with various encryption and authentication algorithms. | |
363 | Besides enabling ESP support itself, this option enables the generic | |
364 | implementations of the algorithms that RFC 8221 lists as MUST be | |
365 | implemented. If you need any other algorithms, you'll need to enable | |
366 | them in the crypto API. You should also enable accelerated | |
367 | implementations of any needed algorithms when available. | |
1da177e4 LT |
368 | |
369 | If unsure, say Y. | |
370 | ||
7785bba2 SK |
371 | config INET_ESP_OFFLOAD |
372 | tristate "IP: ESP transformation offload" | |
373 | depends on INET_ESP | |
374 | select XFRM_OFFLOAD | |
375 | default n | |
a7f7f624 | 376 | help |
7785bba2 SK |
377 | Support for ESP transformation offload. This makes sense |
378 | only if this system really does IPsec and want to do it | |
379 | with high throughput. A typical desktop system does not | |
380 | need it, even if it does IPsec. | |
381 | ||
382 | If unsure, say N. | |
383 | ||
e27cca96 SD |
384 | config INET_ESPINTCP |
385 | bool "IP: ESP in TCP encapsulation (RFC 8229)" | |
386 | depends on XFRM && INET_ESP | |
387 | select STREAM_PARSER | |
388 | select NET_SOCK_MSG | |
26333c37 | 389 | select XFRM_ESPINTCP |
e27cca96 SD |
390 | help |
391 | Support for RFC 8229 encapsulation of ESP and IKE over | |
392 | TCP/IPv4 sockets. | |
393 | ||
394 | If unsure, say N. | |
395 | ||
1da177e4 LT |
396 | config INET_IPCOMP |
397 | tristate "IP: IPComp transformation" | |
d2acc347 | 398 | select INET_XFRM_TUNNEL |
6fccab67 | 399 | select XFRM_IPCOMP |
a7f7f624 | 400 | help |
1da177e4 LT |
401 | Support for IP Payload Compression Protocol (IPComp) (RFC3173), |
402 | typically needed for IPsec. | |
a6e8f27f | 403 | |
1da177e4 LT |
404 | If unsure, say Y. |
405 | ||
d2acc347 HX |
406 | config INET_XFRM_TUNNEL |
407 | tristate | |
408 | select INET_TUNNEL | |
409 | default n | |
410 | ||
1da177e4 | 411 | config INET_TUNNEL |
d2acc347 HX |
412 | tristate |
413 | default n | |
1da177e4 | 414 | |
17b085ea ACM |
415 | config INET_DIAG |
416 | tristate "INET: socket monitoring interface" | |
1da177e4 | 417 | default y |
a7f7f624 | 418 | help |
73c1f4a0 ACM |
419 | Support for INET (TCP, DCCP, etc) socket monitoring interface used by |
420 | native Linux tools such as ss. ss is included in iproute2, currently | |
c996d8b9 | 421 | downloadable at: |
e446a276 | 422 | |
c996d8b9 | 423 | http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2 |
a6e8f27f | 424 | |
1da177e4 LT |
425 | If unsure, say Y. |
426 | ||
17b085ea ACM |
427 | config INET_TCP_DIAG |
428 | depends on INET_DIAG | |
429 | def_tristate INET_DIAG | |
430 | ||
507dd796 | 431 | config INET_UDP_DIAG |
6d62a66e | 432 | tristate "UDP: socket monitoring interface" |
6d25886e | 433 | depends on INET_DIAG && (IPV6 || IPV6=n) |
6d62a66e | 434 | default n |
a7f7f624 | 435 | help |
6d62a66e DM |
436 | Support for UDP socket monitoring interface used by the ss tool. |
437 | If unsure, say Y. | |
507dd796 | 438 | |
432490f9 CG |
439 | config INET_RAW_DIAG |
440 | tristate "RAW: socket monitoring interface" | |
441 | depends on INET_DIAG && (IPV6 || IPV6=n) | |
442 | default n | |
a7f7f624 | 443 | help |
432490f9 CG |
444 | Support for RAW socket monitoring interface used by the ss tool. |
445 | If unsure, say Y. | |
446 | ||
c1e64e29 LC |
447 | config INET_DIAG_DESTROY |
448 | bool "INET: allow privileged process to administratively close sockets" | |
449 | depends on INET_DIAG | |
450 | default n | |
a7f7f624 | 451 | help |
c1e64e29 LC |
452 | Provides a SOCK_DESTROY operation that allows privileged processes |
453 | (e.g., a connection manager or a network administration tool such as | |
454 | ss) to close sockets opened by other processes. Closing a socket in | |
455 | this way interrupts any blocking read/write/connect operations on | |
456 | the socket and causes future socket calls to behave as if the socket | |
457 | had been disconnected. | |
458 | If unsure, say N. | |
459 | ||
3d2573f7 | 460 | menuconfig TCP_CONG_ADVANCED |
a6484045 | 461 | bool "TCP: advanced congestion control" |
a7f7f624 | 462 | help |
a6484045 DM |
463 | Support for selection of various TCP congestion control |
464 | modules. | |
465 | ||
466 | Nearly all users can safely say no here, and a safe default | |
597811ec | 467 | selection will be made (CUBIC with new Reno as a fallback). |
a6484045 DM |
468 | |
469 | If unsure, say N. | |
470 | ||
3d2573f7 | 471 | if TCP_CONG_ADVANCED |
83803034 SH |
472 | |
473 | config TCP_CONG_BIC | |
474 | tristate "Binary Increase Congestion (BIC) control" | |
597811ec | 475 | default m |
a7f7f624 | 476 | help |
43da1411 KK |
477 | BIC-TCP is a sender-side only change that ensures a linear RTT |
478 | fairness under large windows while offering both scalability and | |
479 | bounded TCP-friendliness. The protocol combines two schemes | |
480 | called additive increase and binary search increase. When the | |
481 | congestion window is large, additive increase with a large | |
482 | increment ensures linear RTT fairness as well as good | |
483 | scalability. Under small congestion windows, binary search | |
484 | increase provides TCP friendliness. | |
485 | See http://www.csc.ncsu.edu/faculty/rhee/export/bitcp/ | |
83803034 | 486 | |
df3271f3 SH |
487 | config TCP_CONG_CUBIC |
488 | tristate "CUBIC TCP" | |
597811ec | 489 | default y |
a7f7f624 | 490 | help |
43da1411 KK |
491 | This is version 2.0 of BIC-TCP which uses a cubic growth function |
492 | among other techniques. | |
493 | See http://www.csc.ncsu.edu/faculty/rhee/export/bitcp/cubic-paper.pdf | |
df3271f3 | 494 | |
87270762 SH |
495 | config TCP_CONG_WESTWOOD |
496 | tristate "TCP Westwood+" | |
87270762 | 497 | default m |
a7f7f624 | 498 | help |
43da1411 KK |
499 | TCP Westwood+ is a sender-side only modification of the TCP Reno |
500 | protocol stack that optimizes the performance of TCP congestion | |
501 | control. It is based on end-to-end bandwidth estimation to set | |
502 | congestion window and slow start threshold after a congestion | |
503 | episode. Using this estimation, TCP Westwood+ adaptively sets a | |
504 | slow start threshold and a congestion window which takes into | |
505 | account the bandwidth used at the time congestion is experienced. | |
506 | TCP Westwood+ significantly increases fairness wrt TCP Reno in | |
507 | wired networks and throughput over wireless links. | |
87270762 | 508 | |
a7868ea6 | 509 | config TCP_CONG_HTCP |
bf69abad KK |
510 | tristate "H-TCP" |
511 | default m | |
a7f7f624 | 512 | help |
43da1411 KK |
513 | H-TCP is a send-side only modifications of the TCP Reno |
514 | protocol stack that optimizes the performance of TCP | |
515 | congestion control for high speed network links. It uses a | |
516 | modeswitch to change the alpha and beta parameters of TCP Reno | |
517 | based on network conditions and in a way so as to be fair with | |
518 | other Reno and H-TCP flows. | |
a7868ea6 | 519 | |
a628d29b JH |
520 | config TCP_CONG_HSTCP |
521 | tristate "High Speed TCP" | |
a628d29b | 522 | default n |
a7f7f624 | 523 | help |
43da1411 KK |
524 | Sally Floyd's High Speed TCP (RFC 3649) congestion control. |
525 | A modification to TCP's congestion control mechanism for use | |
526 | with large congestion windows. A table indicates how much to | |
527 | increase the congestion window by when an ACK is received. | |
7a6498eb | 528 | For more detail see https://www.icir.org/floyd/hstcp.html |
a628d29b | 529 | |
835b3f0c DL |
530 | config TCP_CONG_HYBLA |
531 | tristate "TCP-Hybla congestion control algorithm" | |
835b3f0c | 532 | default n |
a7f7f624 | 533 | help |
43da1411 KK |
534 | TCP-Hybla is a sender-side only change that eliminates penalization of |
535 | long-RTT, large-bandwidth connections, like when satellite legs are | |
536 | involved, especially when sharing a common bottleneck with normal | |
537 | terrestrial connections. | |
835b3f0c | 538 | |
b87d8561 SH |
539 | config TCP_CONG_VEGAS |
540 | tristate "TCP Vegas" | |
b87d8561 | 541 | default n |
a7f7f624 | 542 | help |
43da1411 KK |
543 | TCP Vegas is a sender-side only change to TCP that anticipates |
544 | the onset of congestion by estimating the bandwidth. TCP Vegas | |
545 | adjusts the sending rate by modifying the congestion | |
546 | window. TCP Vegas should provide less packet loss, but it is | |
547 | not as aggressive as TCP Reno. | |
b87d8561 | 548 | |
699fafaf | 549 | config TCP_CONG_NV |
43da1411 KK |
550 | tristate "TCP NV" |
551 | default n | |
a7f7f624 | 552 | help |
43da1411 KK |
553 | TCP NV is a follow up to TCP Vegas. It has been modified to deal with |
554 | 10G networks, measurement noise introduced by LRO, GRO and interrupt | |
555 | coalescence. In addition, it will decrease its cwnd multiplicatively | |
556 | instead of linearly. | |
699fafaf | 557 | |
43da1411 KK |
558 | Note that in general congestion avoidance (cwnd decreased when # packets |
559 | queued grows) cannot coexist with congestion control (cwnd decreased only | |
560 | when there is packet loss) due to fairness issues. One scenario when they | |
561 | can coexist safely is when the CA flows have RTTs << CC flows RTTs. | |
699fafaf | 562 | |
43da1411 | 563 | For further details see http://www.brakmo.org/networking/tcp-nv/ |
699fafaf | 564 | |
0e57976b JH |
565 | config TCP_CONG_SCALABLE |
566 | tristate "Scalable TCP" | |
0e57976b | 567 | default n |
a7f7f624 | 568 | help |
43da1411 KK |
569 | Scalable TCP is a sender-side only change to TCP which uses a |
570 | MIMD congestion control algorithm which has some nice scaling | |
571 | properties, though is known to have fairness issues. | |
572 | See http://www.deneholme.net/tom/scalable/ | |
a7868ea6 | 573 | |
7c106d7e WHSE |
574 | config TCP_CONG_LP |
575 | tristate "TCP Low Priority" | |
7c106d7e | 576 | default n |
a7f7f624 | 577 | help |
43da1411 KK |
578 | TCP Low Priority (TCP-LP), a distributed algorithm whose goal is |
579 | to utilize only the excess network bandwidth as compared to the | |
580 | ``fair share`` of bandwidth as targeted by TCP. | |
581 | See http://www-ece.rice.edu/networks/TCP-LP/ | |
7c106d7e | 582 | |
76f10177 BZ |
583 | config TCP_CONG_VENO |
584 | tristate "TCP Veno" | |
76f10177 | 585 | default n |
a7f7f624 | 586 | help |
43da1411 KK |
587 | TCP Veno is a sender-side only enhancement of TCP to obtain better |
588 | throughput over wireless networks. TCP Veno makes use of state | |
589 | distinguishing to circumvent the difficult judgment of the packet loss | |
590 | type. TCP Veno cuts down less congestion window in response to random | |
591 | loss packets. | |
592 | See <http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=1177186> | |
76f10177 | 593 | |
5ef81475 AC |
594 | config TCP_CONG_YEAH |
595 | tristate "YeAH TCP" | |
2ff011ef | 596 | select TCP_CONG_VEGAS |
5ef81475 | 597 | default n |
a7f7f624 | 598 | help |
43da1411 KK |
599 | YeAH-TCP is a sender-side high-speed enabled TCP congestion control |
600 | algorithm, which uses a mixed loss/delay approach to compute the | |
601 | congestion window. It's design goals target high efficiency, | |
602 | internal, RTT and Reno fairness, resilience to link loss while | |
603 | keeping network elements load as low as possible. | |
5ef81475 | 604 | |
43da1411 KK |
605 | For further details look here: |
606 | http://wil.cs.caltech.edu/pfldnet2007/paper/YeAH_TCP.pdf | |
5ef81475 | 607 | |
c462238d SH |
608 | config TCP_CONG_ILLINOIS |
609 | tristate "TCP Illinois" | |
c462238d | 610 | default n |
a7f7f624 | 611 | help |
43da1411 KK |
612 | TCP-Illinois is a sender-side modification of TCP Reno for |
613 | high speed long delay links. It uses round-trip-time to | |
614 | adjust the alpha and beta parameters to achieve a higher average | |
615 | throughput and maintain fairness. | |
c462238d | 616 | |
43da1411 KK |
617 | For further details see: |
618 | http://www.ews.uiuc.edu/~shaoliu/tcpillinois/index.html | |
c462238d | 619 | |
e3118e83 DB |
620 | config TCP_CONG_DCTCP |
621 | tristate "DataCenter TCP (DCTCP)" | |
622 | default n | |
a7f7f624 | 623 | help |
43da1411 KK |
624 | DCTCP leverages Explicit Congestion Notification (ECN) in the network to |
625 | provide multi-bit feedback to the end hosts. It is designed to provide: | |
e3118e83 | 626 | |
43da1411 KK |
627 | - High burst tolerance (incast due to partition/aggregate), |
628 | - Low latency (short flows, queries), | |
629 | - High throughput (continuous data updates, large file transfers) with | |
630 | commodity, shallow-buffered switches. | |
e3118e83 | 631 | |
43da1411 KK |
632 | All switches in the data center network running DCTCP must support |
633 | ECN marking and be configured for marking when reaching defined switch | |
634 | buffer thresholds. The default ECN marking threshold heuristic for | |
635 | DCTCP on switches is 20 packets (30KB) at 1Gbps, and 65 packets | |
636 | (~100KB) at 10Gbps, but might need further careful tweaking. | |
e3118e83 | 637 | |
43da1411 KK |
638 | For further details see: |
639 | http://simula.stanford.edu/~alizade/Site/DCTCP_files/dctcp-final.pdf | |
e3118e83 | 640 | |
2b0a8c9e KKJ |
641 | config TCP_CONG_CDG |
642 | tristate "CAIA Delay-Gradient (CDG)" | |
643 | default n | |
a7f7f624 | 644 | help |
43da1411 KK |
645 | CAIA Delay-Gradient (CDG) is a TCP congestion control that modifies |
646 | the TCP sender in order to: | |
2b0a8c9e KKJ |
647 | |
648 | o Use the delay gradient as a congestion signal. | |
649 | o Back off with an average probability that is independent of the RTT. | |
650 | o Coexist with flows that use loss-based congestion control. | |
651 | o Tolerate packet loss unrelated to congestion. | |
652 | ||
43da1411 KK |
653 | For further details see: |
654 | D.A. Hayes and G. Armitage. "Revisiting TCP congestion control using | |
655 | delay gradients." In Networking 2011. Preprint: http://goo.gl/No3vdg | |
2b0a8c9e | 656 | |
0f8782ea NC |
657 | config TCP_CONG_BBR |
658 | tristate "BBR TCP" | |
659 | default n | |
a7f7f624 | 660 | help |
0f8782ea | 661 | |
43da1411 KK |
662 | BBR (Bottleneck Bandwidth and RTT) TCP congestion control aims to |
663 | maximize network utilization and minimize queues. It builds an explicit | |
ad664118 CIK |
664 | model of the bottleneck delivery rate and path round-trip propagation |
665 | delay. It tolerates packet loss and delay unrelated to congestion. It | |
666 | can operate over LAN, WAN, cellular, wifi, or cable modem links. It can | |
667 | coexist with flows that use loss-based congestion control, and can | |
668 | operate with shallow buffers, deep buffers, bufferbloat, policers, or | |
669 | AQM schemes that do not provide a delay signal. It requires the fq | |
670 | ("Fair Queue") pacing packet scheduler. | |
0f8782ea | 671 | |
3d2573f7 SH |
672 | choice |
673 | prompt "Default TCP congestion control" | |
597811ec | 674 | default DEFAULT_CUBIC |
3d2573f7 SH |
675 | help |
676 | Select the TCP congestion control that will be used by default | |
677 | for all connections. | |
678 | ||
679 | config DEFAULT_BIC | |
680 | bool "Bic" if TCP_CONG_BIC=y | |
681 | ||
682 | config DEFAULT_CUBIC | |
683 | bool "Cubic" if TCP_CONG_CUBIC=y | |
684 | ||
685 | config DEFAULT_HTCP | |
686 | bool "Htcp" if TCP_CONG_HTCP=y | |
687 | ||
dd2acaa7 JE |
688 | config DEFAULT_HYBLA |
689 | bool "Hybla" if TCP_CONG_HYBLA=y | |
690 | ||
3d2573f7 SH |
691 | config DEFAULT_VEGAS |
692 | bool "Vegas" if TCP_CONG_VEGAS=y | |
693 | ||
6ce1a6df JE |
694 | config DEFAULT_VENO |
695 | bool "Veno" if TCP_CONG_VENO=y | |
696 | ||
3d2573f7 SH |
697 | config DEFAULT_WESTWOOD |
698 | bool "Westwood" if TCP_CONG_WESTWOOD=y | |
699 | ||
e3118e83 DB |
700 | config DEFAULT_DCTCP |
701 | bool "DCTCP" if TCP_CONG_DCTCP=y | |
702 | ||
2b0a8c9e KKJ |
703 | config DEFAULT_CDG |
704 | bool "CDG" if TCP_CONG_CDG=y | |
705 | ||
0f8782ea NC |
706 | config DEFAULT_BBR |
707 | bool "BBR" if TCP_CONG_BBR=y | |
708 | ||
3d2573f7 SH |
709 | config DEFAULT_RENO |
710 | bool "Reno" | |
3d2573f7 SH |
711 | endchoice |
712 | ||
713 | endif | |
83803034 | 714 | |
597811ec | 715 | config TCP_CONG_CUBIC |
6c360767 | 716 | tristate |
a6484045 DM |
717 | depends on !TCP_CONG_ADVANCED |
718 | default y | |
719 | ||
3d2573f7 SH |
720 | config DEFAULT_TCP_CONG |
721 | string | |
722 | default "bic" if DEFAULT_BIC | |
723 | default "cubic" if DEFAULT_CUBIC | |
724 | default "htcp" if DEFAULT_HTCP | |
dd2acaa7 | 725 | default "hybla" if DEFAULT_HYBLA |
3d2573f7 SH |
726 | default "vegas" if DEFAULT_VEGAS |
727 | default "westwood" if DEFAULT_WESTWOOD | |
6ce1a6df | 728 | default "veno" if DEFAULT_VENO |
3d2573f7 | 729 | default "reno" if DEFAULT_RENO |
e3118e83 | 730 | default "dctcp" if DEFAULT_DCTCP |
2b0a8c9e | 731 | default "cdg" if DEFAULT_CDG |
4df21dfc | 732 | default "bbr" if DEFAULT_BBR |
597811ec | 733 | default "cubic" |
3d2573f7 | 734 | |
cfb6eeb4 | 735 | config TCP_MD5SIG |
44fbe920 | 736 | bool "TCP: MD5 Signature Option support (RFC2385)" |
cfb6eeb4 YH |
737 | select CRYPTO |
738 | select CRYPTO_MD5 | |
a7f7f624 | 739 | help |
3dde6ad8 | 740 | RFC2385 specifies a method of giving MD5 protection to TCP sessions. |
cfb6eeb4 YH |
741 | Its main (only?) use is to protect BGP sessions between core routers |
742 | on the Internet. | |
743 | ||
744 | If unsure, say N. |