[net-next-2.6.git] / net / Kconfig

#
# Network configuration
#

menu "Networking"

config NET
	bool "Networking support"
	---help---
	  Unless you really know what you are doing, you should say Y here.
	  The reason is that some programs need kernel networking support even
	  when running on a stand-alone machine that isn't connected to any
	  other computer.
	  
	  If you are upgrading from an older kernel, you
	  should consider updating your networking tools too because changes
	  in the kernel and the tools often go hand in hand. The tools are
	  contained in the package net-tools, the location and version number
	  of which are given in <file:Documentation/Changes>.

	  For a general introduction to Linux networking, it is highly
	  recommended to read the NET-HOWTO, available from
	  <http://www.tldp.org/docs.html#howto>.

# Make sure that all config symbols are dependent on NET
if NET

menu "Networking options"

config NETDEBUG
	bool "Network packet debugging"
	help
	  You can say Y here if you want to get additional messages useful in
	  debugging bad packets, but can overwhelm logs under denial of service
	  attacks.

source "net/packet/Kconfig"
source "net/unix/Kconfig"
source "net/xfrm/Kconfig"

config INET
	bool "TCP/IP networking"
	---help---
	  These are the protocols used on the Internet and on most local
	  Ethernets. It is highly recommended to say Y here (this will enlarge
	  your kernel by about 144 KB), since some programs (e.g. the X window
	  system) use TCP/IP even if your machine is not connected to any
	  other computer. You will get the so-called loopback device which
	  allows you to ping yourself (great fun, that!).

	  For an excellent introduction to Linux networking, please read the
	  Linux Networking HOWTO, available from
	  <http://www.tldp.org/docs.html#howto>.

	  If you say Y here and also to "/proc file system support" and
	  "Sysctl support" below, you can change various aspects of the
	  behavior of the TCP/IP code by writing to the (virtual) files in
	  /proc/sys/net/ipv4/*; the options are explained in the file
	  <file:Documentation/networking/ip-sysctl.txt>.

	  Short answer: say Y.

if INET
source "net/ipv4/Kconfig"
source "net/ipv6/Kconfig"

endif # if INET

menuconfig NETFILTER
	bool "Network packet filtering (replaces ipchains)"
	---help---
	  Netfilter is a framework for filtering and mangling network packets
	  that pass through your Linux box.

	  The most common use of packet filtering is to run your Linux box as
	  a firewall protecting a local network from the Internet. The type of
	  firewall provided by this kernel support is called a "packet
	  filter", which means that it can reject individual network packets
	  based on type, source, destination etc. The other kind of firewall,
	  a "proxy-based" one, is more secure but more intrusive and more
	  bothersome to set up; it inspects the network traffic much more
	  closely, modifies it and has knowledge about the higher level
	  protocols, which a packet filter lacks. Moreover, proxy-based
	  firewalls often require changes to the programs running on the local
	  clients. Proxy-based firewalls don't need support by the kernel, but
	  they are often combined with a packet filter, which only works if
	  you say Y here.

	  You should also say Y here if you intend to use your Linux box as
	  the gateway to the Internet for a local network of machines without
	  globally valid IP addresses. This is called "masquerading": if one
	  of the computers on your local network wants to send something to
	  the outside, your box can "masquerade" as that computer, i.e. it
	  forwards the traffic to the intended outside destination, but
	  modifies the packets to make it look like they came from the
	  firewall box itself. It works both ways: if the outside host
	  replies, the Linux box will silently forward the traffic to the
	  correct local computer. This way, the computers on your local net
	  are completely invisible to the outside world, even though they can
	  reach the outside and can receive replies. It is even possible to
	  run globally visible servers from within a masqueraded local network
	  using a mechanism called portforwarding. Masquerading is also often
	  called NAT (Network Address Translation).

	  Another use of Netfilter is in transparent proxying: if a machine on
	  the local network tries to connect to an outside host, your Linux
	  box can transparently forward the traffic to a local server,
	  typically a caching proxy server.

	  Yet another use of Netfilter is building a bridging firewall. Using
	  a bridge with Network packet filtering enabled makes iptables "see"
	  the bridged traffic. For filtering on the lower network and Ethernet
	  protocols over the bridge, use ebtables (under bridge netfilter
	  configuration).

	  Various modules exist for netfilter which replace the previous
	  masquerading (ipmasqadm), packet filtering (ipchains), transparent
	  proxying, and portforwarding mechanisms. Please see
	  <file:Documentation/Changes> under "iptables" for the location of
	  these packages.

	  Make sure to say N to "Fast switching" below if you intend to say Y
	  here, as Fast switching currently bypasses netfilter.

	  Chances are that you should say Y here if you compile a kernel which
	  will run as a router and N for regular hosts. If unsure, say N.

if NETFILTER

config NETFILTER_DEBUG
	bool "Network packet filtering debugging"
	depends on NETFILTER
	help
	  You can say Y here if you want to get additional messages useful in
	  debugging the netfilter code.

config BRIDGE_NETFILTER
	bool "Bridged IP/ARP packets filtering"
	depends on BRIDGE && NETFILTER && INET
	default y
	---help---
	  Enabling this option will let arptables resp. iptables see bridged
	  ARP resp. IP traffic. If you want a bridging firewall, you probably
	  want this option enabled.
	  Enabling or disabling this option doesn't enable or disable
	  ebtables.

	  If unsure, say N.

source "net/netfilter/Kconfig"
source "net/ipv4/netfilter/Kconfig"
source "net/ipv6/netfilter/Kconfig"
source "net/decnet/netfilter/Kconfig"
source "net/bridge/netfilter/Kconfig"

endif

source "net/dccp/Kconfig"
source "net/sctp/Kconfig"
source "net/tipc/Kconfig"
source "net/atm/Kconfig"
source "net/bridge/Kconfig"
source "net/8021q/Kconfig"
source "net/decnet/Kconfig"
source "net/llc/Kconfig"
source "net/ipx/Kconfig"
source "drivers/net/appletalk/Kconfig"
source "net/x25/Kconfig"
source "net/lapb/Kconfig"

config NET_DIVERT
	bool "Frame Diverter (EXPERIMENTAL)"
	depends on EXPERIMENTAL
	---help---
	  The Frame Diverter allows you to divert packets from the
	  network, that are not aimed at the interface receiving it (in
	  promisc. mode). Typically, a Linux box setup as an Ethernet bridge
	  with the Frames Diverter on, can do some *really* transparent www
	  caching using a Squid proxy for example.

	  This is very useful when you don't want to change your router's
	  config (or if you simply don't have access to it).

	  The other possible usages of diverting Ethernet Frames are
	  numberous:
	  - reroute smtp traffic to another interface
	  - traffic-shape certain network streams
	  - transparently proxy smtp connections
	  - etc...

	  For more informations, please refer to:
	  <http://diverter.sourceforge.net/>
	  <http://perso.wanadoo.fr/magpie/EtherDivert.html>

	  If unsure, say N.

source "net/econet/Kconfig"
source "net/wanrouter/Kconfig"
source "net/sched/Kconfig"

menu "Network testing"

config NET_PKTGEN
	tristate "Packet Generator (USE WITH CAUTION)"
	depends on PROC_FS
	---help---
	  This module will inject preconfigured packets, at a configurable
	  rate, out of a given interface.  It is used for network interface
	  stress testing and performance analysis.  If you don't understand
	  what was just said, you don't need it: say N.

	  Documentation on how to use the packet generator can be found
	  at <file:Documentation/networking/pktgen.txt>.

	  To compile this code as a module, choose M here: the
	  module will be called pktgen.

config NET_TCPPROBE
	tristate "TCP connection probing"
	depends on INET && EXPERIMENTAL && PROC_FS && KPROBES
	---help---
	This module allows for capturing the changes to TCP connection
	state in response to incoming patckets. It is used for debugging
	TCP congestion avoidance modules. If you don't understand
	what was just said, you don't need it: say N.

	Documentation on how to use the packet generator can be found
	at http://linux-net.osdl.org/index.php/TcpProbe

	To compile this code as a module, choose M here: the
	module will be called tcp_probe.

endmenu

endmenu

source "net/ax25/Kconfig"
source "net/irda/Kconfig"
source "net/bluetooth/Kconfig"
source "net/ieee80211/Kconfig"

config WIRELESS_EXT
	bool

endif   # if NET
endmenu # Networking
Commit	Line	Data
1da177e4 LT	1	#
	2	# Network configuration
	3	#
	4
d5950b43	5	menu "Networking"
1da177e4 LT	6
	7	config NET
	8	bool "Networking support"
	9	---help---
	10	Unless you really know what you are doing, you should say Y here.
	11	The reason is that some programs need kernel networking support even
	12	when running on a stand-alone machine that isn't connected to any
d5950b43 SR	13	other computer.
	14
	15	If you are upgrading from an older kernel, you
1da177e4 LT	16	should consider updating your networking tools too because changes
	17	in the kernel and the tools often go hand in hand. The tools are
	18	contained in the package net-tools, the location and version number
	19	of which are given in <file:Documentation/Changes>.
	20
	21	For a general introduction to Linux networking, it is highly
	22	recommended to read the NET-HOWTO, available from
	23	<http://www.tldp.org/docs.html#howto>.
	24
6a2e9b73 SR	25	# Make sure that all config symbols are dependent on NET
6a2e9b73 SR	26	if NET
1da177e4	27
6a2e9b73	28	menu "Networking options"
1da177e4	29
0dec456d SH	30	config NETDEBUG
	31	bool "Network packet debugging"
	32	help
	33	You can say Y here if you want to get additional messages useful in
	34	debugging bad packets, but can overwhelm logs under denial of service
	35	attacks.
	36
6a2e9b73 SR	37	source "net/packet/Kconfig"
	38	source "net/unix/Kconfig"
	39	source "net/xfrm/Kconfig"
1da177e4 LT	40
	41	config INET
	42	bool "TCP/IP networking"
	43	---help---
	44	These are the protocols used on the Internet and on most local
	45	Ethernets. It is highly recommended to say Y here (this will enlarge
	46	your kernel by about 144 KB), since some programs (e.g. the X window
	47	system) use TCP/IP even if your machine is not connected to any
	48	other computer. You will get the so-called loopback device which
	49	allows you to ping yourself (great fun, that!).
	50
	51	For an excellent introduction to Linux networking, please read the
	52	Linux Networking HOWTO, available from
	53	<http://www.tldp.org/docs.html#howto>.
	54
	55	If you say Y here and also to "/proc file system support" and
	56	"Sysctl support" below, you can change various aspects of the
	57	behavior of the TCP/IP code by writing to the (virtual) files in
	58	/proc/sys/net/ipv4/*; the options are explained in the file
	59	<file:Documentation/networking/ip-sysctl.txt>.
	60
	61	Short answer: say Y.
	62
6a2e9b73	63	if INET
1da177e4	64	source "net/ipv4/Kconfig"
1da177e4 LT	65	source "net/ipv6/Kconfig"
1da177e4 LT	66
6a2e9b73 SR	67	endif # if INET
6a2e9b73 SR	68
1da177e4 LT	69	menuconfig NETFILTER
	70	bool "Network packet filtering (replaces ipchains)"
	71	---help---
	72	Netfilter is a framework for filtering and mangling network packets
	73	that pass through your Linux box.
	74
	75	The most common use of packet filtering is to run your Linux box as
	76	a firewall protecting a local network from the Internet. The type of
	77	firewall provided by this kernel support is called a "packet
	78	filter", which means that it can reject individual network packets
	79	based on type, source, destination etc. The other kind of firewall,
	80	a "proxy-based" one, is more secure but more intrusive and more
	81	bothersome to set up; it inspects the network traffic much more
	82	closely, modifies it and has knowledge about the higher level
	83	protocols, which a packet filter lacks. Moreover, proxy-based
	84	firewalls often require changes to the programs running on the local
	85	clients. Proxy-based firewalls don't need support by the kernel, but
	86	they are often combined with a packet filter, which only works if
	87	you say Y here.
	88
	89	You should also say Y here if you intend to use your Linux box as
	90	the gateway to the Internet for a local network of machines without
	91	globally valid IP addresses. This is called "masquerading": if one
	92	of the computers on your local network wants to send something to
	93	the outside, your box can "masquerade" as that computer, i.e. it
	94	forwards the traffic to the intended outside destination, but
	95	modifies the packets to make it look like they came from the
	96	firewall box itself. It works both ways: if the outside host
	97	replies, the Linux box will silently forward the traffic to the
	98	correct local computer. This way, the computers on your local net
	99	are completely invisible to the outside world, even though they can
	100	reach the outside and can receive replies. It is even possible to
	101	run globally visible servers from within a masqueraded local network
	102	using a mechanism called portforwarding. Masquerading is also often
	103	called NAT (Network Address Translation).
	104
	105	Another use of Netfilter is in transparent proxying: if a machine on
	106	the local network tries to connect to an outside host, your Linux
	107	box can transparently forward the traffic to a local server,
	108	typically a caching proxy server.
	109
	110	Yet another use of Netfilter is building a bridging firewall. Using
	111	a bridge with Network packet filtering enabled makes iptables "see"
	112	the bridged traffic. For filtering on the lower network and Ethernet
	113	protocols over the bridge, use ebtables (under bridge netfilter
	114	configuration).
	115
	116	Various modules exist for netfilter which replace the previous
	117	masquerading (ipmasqadm), packet filtering (ipchains), transparent
	118	proxying, and portforwarding mechanisms. Please see
	119	<file:Documentation/Changes> under "iptables" for the location of
	120	these packages.
	121
	122	Make sure to say N to "Fast switching" below if you intend to say Y
	123	here, as Fast switching currently bypasses netfilter.
	124
	125	Chances are that you should say Y here if you compile a kernel which
	126	will run as a router and N for regular hosts. If unsure, say N.
	127
	128	if NETFILTER
	129
	130	config NETFILTER_DEBUG
	131	bool "Network packet filtering debugging"
	132	depends on NETFILTER
133	help
134	You can say Y here if you want to get additional messages useful in
135	debugging the netfilter code.
136
137	config BRIDGE_NETFILTER
138	bool "Bridged IP/ARP packets filtering"
139	depends on BRIDGE && NETFILTER && INET
140	default y
141	---help---
142	Enabling this option will let arptables resp. iptables see bridged
143	ARP resp. IP traffic. If you want a bridging firewall, you probably
144	want this option enabled.
145	Enabling or disabling this option doesn't enable or disable
146	ebtables.
147
148	If unsure, say N.
149
9eb0eec7	150	source "net/netfilter/Kconfig"
1da177e4 LT	151	source "net/ipv4/netfilter/Kconfig"
	152	source "net/ipv6/netfilter/Kconfig"
	153	source "net/decnet/netfilter/Kconfig"
	154	source "net/bridge/netfilter/Kconfig"
	155
	156	endif
	157
7c657876	158	source "net/dccp/Kconfig"
1da177e4	159	source "net/sctp/Kconfig"
1e63e681	160	source "net/tipc/Kconfig"
6a2e9b73 SR	161	source "net/atm/Kconfig"
	162	source "net/bridge/Kconfig"
	163	source "net/8021q/Kconfig"
1da177e4	164	source "net/decnet/Kconfig"
1da177e4	165	source "net/llc/Kconfig"
1da177e4	166	source "net/ipx/Kconfig"
1da177e4	167	source "drivers/net/appletalk/Kconfig"
6a2e9b73 SR	168	source "net/x25/Kconfig"
6a2e9b73 SR	169	source "net/lapb/Kconfig"
1da177e4 LT	170
	171	config NET_DIVERT
	172	bool "Frame Diverter (EXPERIMENTAL)"
	173	depends on EXPERIMENTAL
	174	---help---
	175	The Frame Diverter allows you to divert packets from the
	176	network, that are not aimed at the interface receiving it (in
	177	promisc. mode). Typically, a Linux box setup as an Ethernet bridge
	178	with the Frames Diverter on, can do some really transparent www
	179	caching using a Squid proxy for example.
	180
	181	This is very useful when you don't want to change your router's
	182	config (or if you simply don't have access to it).
	183
	184	The other possible usages of diverting Ethernet Frames are
	185	numberous:
	186	- reroute smtp traffic to another interface
	187	- traffic-shape certain network streams
	188	- transparently proxy smtp connections
	189	- etc...
	190
	191	For more informations, please refer to:
	192	<http://diverter.sourceforge.net/>
	193	<http://perso.wanadoo.fr/magpie/EtherDivert.html>
	194
	195	If unsure, say N.
	196
6a2e9b73 SR	197	source "net/econet/Kconfig"
6a2e9b73 SR	198	source "net/wanrouter/Kconfig"
1da177e4 LT	199	source "net/sched/Kconfig"
1da177e4 LT	200
1da177e4 LT	201	menu "Network testing"
	202
	203	config NET_PKTGEN
	204	tristate "Packet Generator (USE WITH CAUTION)"
	205	depends on PROC_FS
	206	---help---
	207	This module will inject preconfigured packets, at a configurable
	208	rate, out of a given interface. It is used for network interface
	209	stress testing and performance analysis. If you don't understand
	210	what was just said, you don't need it: say N.
	211
	212	Documentation on how to use the packet generator can be found
	213	at <file:Documentation/networking/pktgen.txt>.
	214
	215	To compile this code as a module, choose M here: the
	216	module will be called pktgen.
	217
a42e9d6c SH	218	config NET_TCPPROBE
	219	tristate "TCP connection probing"
	220	depends on INET && EXPERIMENTAL && PROC_FS && KPROBES
	221	---help---
	222	This module allows for capturing the changes to TCP connection
	223	state in response to incoming patckets. It is used for debugging
	224	TCP congestion avoidance modules. If you don't understand
	225	what was just said, you don't need it: say N.
	226
	227	Documentation on how to use the packet generator can be found
	228	at http://linux-net.osdl.org/index.php/TcpProbe
	229
	230	To compile this code as a module, choose M here: the
	231	module will be called tcp_probe.
	232
1da177e4 LT	233	endmenu
	234
	235	endmenu
	236
1da177e4	237	source "net/ax25/Kconfig"
1da177e4	238	source "net/irda/Kconfig"
1da177e4	239	source "net/bluetooth/Kconfig"
b453872c JG	240	source "net/ieee80211/Kconfig"
b453872c JG	241
d86b5e0e AB	242	config WIRELESS_EXT
	243	bool
	244
6a2e9b73	245	endif # if NET
d5950b43	246	endmenu # Networking
1da177e4	247