2 # Network configuration
5 menu "Networking support"
8 bool "Networking support"
10 Unless you really know what you are doing, you should say Y here.
11 The reason is that some programs need kernel networking support even
12 when running on a stand-alone machine that isn't connected to any
13 other computer. If you are upgrading from an older kernel, you
14 should consider updating your networking tools too because changes
15 in the kernel and the tools often go hand in hand. The tools are
16 contained in the package net-tools, the location and version number
17 of which are given in <file:Documentation/Changes>.
19 For a general introduction to Linux networking, it is highly
20 recommended to read the NET-HOWTO, available from
21 <http://www.tldp.org/docs.html#howto>.
23 menu "Networking options"
27 tristate "Packet socket"
29 The Packet protocol is used by applications which communicate
30 directly with network devices without an intermediate network
31 protocol implemented in the kernel, e.g. tcpdump. If you want them
34 To compile this driver as a module, choose M here: the module will
40 bool "Packet socket: mmapped IO"
43 If you say Y here, the Packet protocol driver will use an IO
44 mechanism that results in faster communication.
49 tristate "Unix domain sockets"
51 If you say Y here, you will include support for Unix domain sockets;
52 sockets are the standard Unix mechanism for establishing and
53 accessing network connections. Many commonly used programs such as
54 the X Window system and syslog use these sockets even if your
55 machine is not connected to any network. Unless you are working on
56 an embedded system or something similar, you therefore definitely
59 To compile this driver as a module, choose M here: the module will be
60 called unix. Note that several important services won't work
61 correctly if you say M here and then neglect to load the module.
63 Say Y unless you know what you are doing.
66 tristate "PF_KEY sockets"
69 PF_KEYv2 socket family, compatible to KAME ones.
70 They are required if you are going to use IPsec tools ported
73 Say Y unless you know what you are doing.
76 bool "TCP/IP networking"
78 These are the protocols used on the Internet and on most local
79 Ethernets. It is highly recommended to say Y here (this will enlarge
80 your kernel by about 144 KB), since some programs (e.g. the X window
81 system) use TCP/IP even if your machine is not connected to any
82 other computer. You will get the so-called loopback device which
83 allows you to ping yourself (great fun, that!).
85 For an excellent introduction to Linux networking, please read the
86 Linux Networking HOWTO, available from
87 <http://www.tldp.org/docs.html#howto>.
89 If you say Y here and also to "/proc file system support" and
90 "Sysctl support" below, you can change various aspects of the
91 behavior of the TCP/IP code by writing to the (virtual) files in
92 /proc/sys/net/ipv4/*; the options are explained in the file
93 <file:Documentation/networking/ip-sysctl.txt>.
97 source "net/ipv4/Kconfig"
99 # IPv6 as module will cause a CRASH if you try to unload it
101 tristate "The IPv6 protocol"
104 select CRYPTO if IPV6_PRIVACY
105 select CRYPTO_MD5 if IPV6_PRIVACY
107 This is complemental support for the IP version 6.
108 You will still be able to do traditional IPv4 networking as well.
110 For general information about IPv6, see
111 <http://playground.sun.com/pub/ipng/html/ipng-main.html>.
112 For Linux IPv6 development information, see <http://www.linux-ipv6.org>.
113 For specific information about IPv6 under Linux, read the HOWTO at
114 <http://www.bieringer.de/linux/IPv6/>.
116 To compile this protocol support as a module, choose M here: the
117 module will be called ipv6.
119 source "net/ipv6/Kconfig"
122 bool "Network packet filtering (replaces ipchains)"
124 Netfilter is a framework for filtering and mangling network packets
125 that pass through your Linux box.
127 The most common use of packet filtering is to run your Linux box as
128 a firewall protecting a local network from the Internet. The type of
129 firewall provided by this kernel support is called a "packet
130 filter", which means that it can reject individual network packets
131 based on type, source, destination etc. The other kind of firewall,
132 a "proxy-based" one, is more secure but more intrusive and more
133 bothersome to set up; it inspects the network traffic much more
134 closely, modifies it and has knowledge about the higher level
135 protocols, which a packet filter lacks. Moreover, proxy-based
136 firewalls often require changes to the programs running on the local
137 clients. Proxy-based firewalls don't need support by the kernel, but
138 they are often combined with a packet filter, which only works if
141 You should also say Y here if you intend to use your Linux box as
142 the gateway to the Internet for a local network of machines without
143 globally valid IP addresses. This is called "masquerading": if one
144 of the computers on your local network wants to send something to
145 the outside, your box can "masquerade" as that computer, i.e. it
146 forwards the traffic to the intended outside destination, but
147 modifies the packets to make it look like they came from the
148 firewall box itself. It works both ways: if the outside host
149 replies, the Linux box will silently forward the traffic to the
150 correct local computer. This way, the computers on your local net
151 are completely invisible to the outside world, even though they can
152 reach the outside and can receive replies. It is even possible to
153 run globally visible servers from within a masqueraded local network
154 using a mechanism called portforwarding. Masquerading is also often
155 called NAT (Network Address Translation).
157 Another use of Netfilter is in transparent proxying: if a machine on
158 the local network tries to connect to an outside host, your Linux
159 box can transparently forward the traffic to a local server,
160 typically a caching proxy server.
162 Yet another use of Netfilter is building a bridging firewall. Using
163 a bridge with Network packet filtering enabled makes iptables "see"
164 the bridged traffic. For filtering on the lower network and Ethernet
165 protocols over the bridge, use ebtables (under bridge netfilter
168 Various modules exist for netfilter which replace the previous
169 masquerading (ipmasqadm), packet filtering (ipchains), transparent
170 proxying, and portforwarding mechanisms. Please see
171 <file:Documentation/Changes> under "iptables" for the location of
174 Make sure to say N to "Fast switching" below if you intend to say Y
175 here, as Fast switching currently bypasses netfilter.
177 Chances are that you should say Y here if you compile a kernel which
178 will run as a router and N for regular hosts. If unsure, say N.
182 config NETFILTER_DEBUG
183 bool "Network packet filtering debugging"
186 You can say Y here if you want to get additional messages useful in
187 debugging the netfilter code.
189 config BRIDGE_NETFILTER
190 bool "Bridged IP/ARP packets filtering"
191 depends on BRIDGE && NETFILTER && INET
194 Enabling this option will let arptables resp. iptables see bridged
195 ARP resp. IP traffic. If you want a bridging firewall, you probably
196 want this option enabled.
197 Enabling or disabling this option doesn't enable or disable
202 source "net/ipv4/netfilter/Kconfig"
203 source "net/ipv6/netfilter/Kconfig"
204 source "net/decnet/netfilter/Kconfig"
205 source "net/bridge/netfilter/Kconfig"
213 source "net/xfrm/Kconfig"
215 source "net/sctp/Kconfig"
218 tristate "Asynchronous Transfer Mode (ATM) (EXPERIMENTAL)"
219 depends on EXPERIMENTAL
221 ATM is a high-speed networking technology for Local Area Networks
222 and Wide Area Networks. It uses a fixed packet size and is
223 connection oriented, allowing for the negotiation of minimum
224 bandwidth requirements.
226 In order to participate in an ATM network, your Linux box needs an
227 ATM networking card. If you have that, say Y here and to the driver
228 of your ATM card below.
230 Note that you need a set of user-space programs to actually make use
231 of ATM. See the file <file:Documentation/networking/atm.txt> for
235 tristate "Classical IP over ATM (EXPERIMENTAL)"
236 depends on ATM && INET
238 Classical IP over ATM for PVCs and SVCs, supporting InARP and
239 ATMARP. If you want to communication with other IP hosts on your ATM
240 network, you will typically either say Y here or to "LAN Emulation
243 config ATM_CLIP_NO_ICMP
244 bool "Do NOT send ICMP if no neighbour (EXPERIMENTAL)"
247 Normally, an "ICMP host unreachable" message is sent if a neighbour
248 cannot be reached because there is no VC to it in the kernel's
249 ATMARP table. This may cause problems when ATMARP table entries are
250 briefly removed during revalidation. If you say Y here, packets to
251 such neighbours are silently discarded instead.
254 tristate "LAN Emulation (LANE) support (EXPERIMENTAL)"
257 LAN Emulation emulates services of existing LANs across an ATM
258 network. Besides operating as a normal ATM end station client, Linux
259 LANE client can also act as an proxy client bridging packets between
260 ELAN and Ethernet segments. You need LANE if you want to try MPOA.
263 tristate "Multi-Protocol Over ATM (MPOA) support (EXPERIMENTAL)"
264 depends on ATM && INET && ATM_LANE!=n
266 Multi-Protocol Over ATM allows ATM edge devices such as routers,
267 bridges and ATM attached hosts establish direct ATM VCs across
268 subnetwork boundaries. These shortcut connections bypass routers
269 enhancing overall network performance.
272 tristate "RFC1483/2684 Bridged protocols"
273 depends on ATM && INET
275 ATM PVCs can carry ethernet PDUs according to rfc2684 (formerly 1483)
276 This device will act like an ethernet from the kernels point of view,
277 with the traffic being carried by ATM PVCs (currently 1 PVC/device).
278 This is sometimes used over DSL lines. If in doubt, say N.
280 config ATM_BR2684_IPFILTER
281 bool "Per-VC IP filter kludge"
282 depends on ATM_BR2684
284 This is an experimental mechanism for users who need to terminating a
285 large number of IP-only vcc's. Do not enable this unless you are sure
286 you know what you are doing.
289 tristate "802.1d Ethernet Bridging"
291 If you say Y here, then your Linux box will be able to act as an
292 Ethernet bridge, which means that the different Ethernet segments it
293 is connected to will appear as one Ethernet to the participants.
294 Several such bridges can work together to create even larger
295 networks of Ethernets using the IEEE 802.1 spanning tree algorithm.
296 As this is a standard, Linux bridges will cooperate properly with
297 other third party bridge products.
299 In order to use the Ethernet bridge, you'll need the bridge
300 configuration tools; see <file:Documentation/networking/bridge.txt>
301 for location. Please read the Bridge mini-HOWTO for more
304 If you enable iptables support along with the bridge support then you
305 turn your bridge into a bridging IP firewall.
306 iptables will then see the IP packets being bridged, so you need to
307 take this into account when setting up your firewall rules.
308 Enabling arptables support when bridging will let arptables see
309 bridged ARP traffic in the arptables FORWARD chain.
311 To compile this code as a module, choose M here: the module
312 will be called bridge.
317 tristate "802.1Q VLAN Support"
319 Select this and you will be able to create 802.1Q VLAN interfaces
320 on your ethernet interfaces. 802.1Q VLAN supports almost
321 everything a regular ethernet interface does, including
322 firewalling, bridging, and of course IP traffic. You will need
323 the 'vconfig' tool from the VLAN project in order to effectively
324 use VLANs. See the VLAN web page for more information:
325 <http://www.candelatech.com/~greear/vlan.html>
327 To compile this code as a module, choose M here: the module
328 will be called 8021q.
333 tristate "DECnet Support"
335 The DECnet networking protocol was used in many products made by
336 Digital (now Compaq). It provides reliable stream and sequenced
337 packet communications over which run a variety of services similar
338 to those which run over TCP/IP.
340 To find some tools to use with the kernel layer support, please
341 look at Patrick Caulfield's web site:
342 <http://linux-decnet.sourceforge.net/>.
344 More detailed documentation is available in
345 <file:Documentation/networking/decnet.txt>.
347 Be sure to say Y to "/proc file system support" and "Sysctl support"
348 below when using DECnet, since you will need sysctl support to aid
349 in configuration at run time.
351 The DECnet code is also available as a module ( = code which can be
352 inserted in and removed from the running kernel whenever you want).
353 The module is called decnet.
355 source "net/decnet/Kconfig"
357 source "net/llc/Kconfig"
360 tristate "The IPX protocol"
363 This is support for the Novell networking protocol, IPX, commonly
364 used for local networks of Windows machines. You need it if you
365 want to access Novell NetWare file or print servers using the Linux
366 Novell client ncpfs (available from
367 <ftp://platan.vc.cvut.cz/pub/linux/ncpfs/>) or from
368 within the Linux DOS emulator DOSEMU (read the DOSEMU-HOWTO,
369 available from <http://www.tldp.org/docs.html#howto>). In order
370 to do the former, you'll also have to say Y to "NCP file system
373 IPX is similar in scope to IP, while SPX, which runs on top of IPX,
374 is similar to TCP. There is also experimental support for SPX in
375 Linux (see "SPX networking", below).
377 To turn your Linux box into a fully featured NetWare file server and
378 IPX router, say Y here and fetch either lwared from
379 <ftp://ibiblio.org/pub/Linux/system/network/daemons/> or
380 mars_nwe from <ftp://www.compu-art.de/mars_nwe/>. For more
381 information, read the IPX-HOWTO available from
382 <http://www.tldp.org/docs.html#howto>.
384 General information about how to connect Linux, Windows machines and
385 Macs is on the WWW at <http://www.eats.com/linux_mac_win.html>.
387 The IPX driver would enlarge your kernel by about 16 KB. To compile
388 this driver as a module, choose M here: the module will be called ipx.
389 Unless you want to integrate your Linux box with a local Novell
392 source "net/ipx/Kconfig"
395 tristate "Appletalk protocol support"
398 AppleTalk is the protocol that Apple computers can use to communicate
399 on a network. If your Linux box is connected to such a network and you
400 wish to connect to it, say Y. You will need to use the netatalk package
401 so that your Linux box can act as a print and file server for Macs as
402 well as access AppleTalk printers. Check out
403 <http://www.zettabyte.net/netatalk/> on the WWW for details.
404 EtherTalk is the name used for AppleTalk over Ethernet and the
405 cheaper and slower LocalTalk is AppleTalk over a proprietary Apple
406 network using serial links. EtherTalk and LocalTalk are fully
409 General information about how to connect Linux, Windows machines and
410 Macs is on the WWW at <http://www.eats.com/linux_mac_win.html>. The
411 NET-3-HOWTO, available from
412 <http://www.tldp.org/docs.html#howto>, contains valuable
415 To compile this driver as a module, choose M here: the module will be
416 called appletalk. You almost certainly want to compile it as a
417 module so you can restart your AppleTalk stack without rebooting
418 your machine. I hear that the GNU boycott of Apple is over, so
419 even politically correct people are allowed to say Y here.
421 source "drivers/net/appletalk/Kconfig"
424 tristate "CCITT X.25 Packet Layer (EXPERIMENTAL)"
425 depends on EXPERIMENTAL
427 X.25 is a set of standardized network protocols, similar in scope to
428 frame relay; the one physical line from your box to the X.25 network
429 entry point can carry several logical point-to-point connections
430 (called "virtual circuits") to other computers connected to the X.25
431 network. Governments, banks, and other organizations tend to use it
432 to connect to each other or to form Wide Area Networks (WANs). Many
433 countries have public X.25 networks. X.25 consists of two
434 protocols: the higher level Packet Layer Protocol (PLP) (say Y here
435 if you want that) and the lower level data link layer protocol LAPB
436 (say Y to "LAPB Data Link Driver" below if you want that).
438 You can read more about X.25 at <http://www.sangoma.com/x25.htm> and
439 <http://www.cisco.com/univercd/cc/td/doc/product/software/ios11/cbook/cx25.htm>.
440 Information about X.25 for Linux is contained in the files
441 <file:Documentation/networking/x25.txt> and
442 <file:Documentation/networking/x25-iface.txt>.
444 One connects to an X.25 network either with a dedicated network card
445 using the X.21 protocol (not yet supported by Linux) or one can do
446 X.25 over a standard telephone line using an ordinary modem (say Y
447 to "X.25 async driver" below) or over Ethernet using an ordinary
448 Ethernet card and the LAPB over Ethernet (say Y to "LAPB Data Link
449 Driver" and "LAPB over Ethernet driver" below).
451 To compile this driver as a module, choose M here: the module
452 will be called x25. If unsure, say N.
455 tristate "LAPB Data Link Driver (EXPERIMENTAL)"
456 depends on EXPERIMENTAL
458 Link Access Procedure, Balanced (LAPB) is the data link layer (i.e.
459 the lower) part of the X.25 protocol. It offers a reliable
460 connection service to exchange data frames with one other host, and
461 it is used to transport higher level protocols (mostly X.25 Packet
462 Layer, the higher part of X.25, but others are possible as well).
463 Usually, LAPB is used with specialized X.21 network cards, but Linux
464 currently supports LAPB only over Ethernet connections. If you want
465 to use LAPB connections over Ethernet, say Y here and to "LAPB over
466 Ethernet driver" below. Read
467 <file:Documentation/networking/lapb-module.txt> for technical
470 To compile this driver as a module, choose M here: the
471 module will be called lapb. If unsure, say N.
474 bool "Frame Diverter (EXPERIMENTAL)"
475 depends on EXPERIMENTAL
477 The Frame Diverter allows you to divert packets from the
478 network, that are not aimed at the interface receiving it (in
479 promisc. mode). Typically, a Linux box setup as an Ethernet bridge
480 with the Frames Diverter on, can do some *really* transparent www
481 caching using a Squid proxy for example.
483 This is very useful when you don't want to change your router's
484 config (or if you simply don't have access to it).
486 The other possible usages of diverting Ethernet Frames are
488 - reroute smtp traffic to another interface
489 - traffic-shape certain network streams
490 - transparently proxy smtp connections
493 For more informations, please refer to:
494 <http://diverter.sourceforge.net/>
495 <http://perso.wanadoo.fr/magpie/EtherDivert.html>
500 tristate "Acorn Econet/AUN protocols (EXPERIMENTAL)"
501 depends on EXPERIMENTAL && INET
503 Econet is a fairly old and slow networking protocol mainly used by
504 Acorn computers to access file and print servers. It uses native
505 Econet network cards. AUN is an implementation of the higher level
506 parts of Econet that runs over ordinary Ethernet connections, on
507 top of the UDP packet protocol, which in turn runs on top of the
508 Internet protocol IP.
510 If you say Y here, you can choose with the next two options whether
511 to send Econet/AUN traffic over a UDP Ethernet connection or over
512 a native Econet network card.
514 To compile this driver as a module, choose M here: the module
515 will be called econet.
521 Say Y here if you want to send Econet/AUN traffic over a UDP
522 connection (UDP is a packet based protocol that runs on top of the
523 Internet protocol IP) using an ordinary Ethernet network card.
529 Say Y here if you have a native Econet network card installed in
533 tristate "WAN router"
534 depends on EXPERIMENTAL
536 Wide Area Networks (WANs), such as X.25, frame relay and leased
537 lines, are used to interconnect Local Area Networks (LANs) over vast
538 distances with data transfer rates significantly higher than those
539 achievable with commonly used asynchronous modem connections.
540 Usually, a quite expensive external device called a `WAN router' is
541 needed to connect to a WAN.
543 As an alternative, WAN routing can be built into the Linux kernel.
544 With relatively inexpensive WAN interface cards available on the
545 market, a perfectly usable router can be built for less than half
546 the price of an external router. If you have one of those cards and
547 wish to use your Linux box as a WAN router, say Y here and also to
548 the WAN driver for your card, below. You will then need the
549 wan-tools package which is available from <ftp://ftp.sangoma.com/>.
550 Read <file:Documentation/networking/wan-router.txt> for more
553 To compile WAN routing support as a module, choose M here: the
554 module will be called wanrouter.
558 menu "QoS and/or fair queueing"
561 bool "QoS and/or fair queueing"
563 When the kernel has several packets to send out over a network
564 device, it has to decide which ones to send first, which ones to
565 delay, and which ones to drop. This is the job of the packet
566 scheduler, and several different algorithms for how to do this
567 "fairly" have been proposed.
569 If you say N here, you will get the standard packet scheduler, which
570 is a FIFO (first come, first served). If you say Y here, you will be
571 able to choose from among several alternative algorithms which can
572 then be attached to different network devices. This is useful for
573 example if some of your network devices are real time devices that
574 need a certain minimum data flow rate, or if you need to limit the
575 maximum data flow rate for traffic which matches specified criteria.
576 This code is considered to be experimental.
578 To administer these schedulers, you'll need the user-level utilities
579 from the package iproute2+tc at <ftp://ftp.tux.org/pub/net/ip-routing/>.
580 That package also contains some documentation; for more, check out
581 <http://snafu.freedom.org/linux2.2/iproute-notes.html>.
583 This Quality of Service (QoS) support will enable you to use
584 Differentiated Services (diffserv) and Resource Reservation Protocol
585 (RSVP) on your Linux router if you also say Y to "QoS support",
586 "Packet classifier API" and to some classifiers below. Documentation
587 and software is at <http://diffserv.sourceforge.net/>.
589 If you say Y here and to "/proc file system" below, you will be able
590 to read status information about packet schedulers from the file
593 The available schedulers are listed in the following questions; you
594 can say Y to as many as you like. If unsure, say N now.
596 source "net/sched/Kconfig"
600 menu "Network testing"
603 tristate "Packet Generator (USE WITH CAUTION)"
606 This module will inject preconfigured packets, at a configurable
607 rate, out of a given interface. It is used for network interface
608 stress testing and performance analysis. If you don't understand
609 what was just said, you don't need it: say N.
611 Documentation on how to use the packet generator can be found
612 at <file:Documentation/networking/pktgen.txt>.
614 To compile this code as a module, choose M here: the
615 module will be called pktgen.
625 bool "Netpoll support for trapping incoming packets"
630 bool "Netpoll traffic trapping"
634 config NET_POLL_CONTROLLER
637 source "net/ax25/Kconfig"
639 source "net/irda/Kconfig"
641 source "net/bluetooth/Kconfig"
643 source "drivers/net/Kconfig"