1# 2# Network configuration 3# 4 5menu "Networking" 6 7config NET 8 bool "Networking support" 9 ---help--- 10 Unless you really know what you are doing, you should say Y here. 11 The reason is that some programs need kernel networking support even 12 when running on a stand-alone machine that isn't connected to any 13 other computer. 14 15 If you are upgrading from an older kernel, you 16 should consider updating your networking tools too because changes 17 in the kernel and the tools often go hand in hand. The tools are 18 contained in the package net-tools, the location and version number 19 of which are given in <file:Documentation/Changes>. 20 21 For a general introduction to Linux networking, it is highly 22 recommended to read the NET-HOWTO, available from 23 <http://www.tldp.org/docs.html#howto>. 24 25# Make sure that all config symbols are dependent on NET 26if NET 27 28menu "Networking options" 29 30config NETDEBUG 31 bool "Network packet debugging" 32 help 33 You can say Y here if you want to get additional messages useful in 34 debugging bad packets, but can overwhelm logs under denial of service 35 attacks. 36 37source "net/packet/Kconfig" 38source "net/unix/Kconfig" 39source "net/xfrm/Kconfig" 40 41config INET 42 bool "TCP/IP networking" 43 ---help--- 44 These are the protocols used on the Internet and on most local 45 Ethernets. It is highly recommended to say Y here (this will enlarge 46 your kernel by about 144 KB), since some programs (e.g. the X window 47 system) use TCP/IP even if your machine is not connected to any 48 other computer. You will get the so-called loopback device which 49 allows you to ping yourself (great fun, that!). 50 51 For an excellent introduction to Linux networking, please read the 52 Linux Networking HOWTO, available from 53 <http://www.tldp.org/docs.html#howto>. 54 55 If you say Y here and also to "/proc file system support" and 56 "Sysctl support" below, you can change various aspects of the 57 behavior of the TCP/IP code by writing to the (virtual) files in 58 /proc/sys/net/ipv4/*; the options are explained in the file 59 <file:Documentation/networking/ip-sysctl.txt>. 60 61 Short answer: say Y. 62 63if INET 64source "net/ipv4/Kconfig" 65source "net/ipv6/Kconfig" 66 67endif # if INET 68 69config NETWORK_SECMARK 70 bool "Security Marking" 71 help 72 This enables security marking of network packets, similar 73 to nfmark, but designated for security purposes. 74 If you are unsure how to answer this question, answer N. 75 76menuconfig NETFILTER 77 bool "Network packet filtering (replaces ipchains)" 78 ---help--- 79 Netfilter is a framework for filtering and mangling network packets 80 that pass through your Linux box. 81 82 The most common use of packet filtering is to run your Linux box as 83 a firewall protecting a local network from the Internet. The type of 84 firewall provided by this kernel support is called a "packet 85 filter", which means that it can reject individual network packets 86 based on type, source, destination etc. The other kind of firewall, 87 a "proxy-based" one, is more secure but more intrusive and more 88 bothersome to set up; it inspects the network traffic much more 89 closely, modifies it and has knowledge about the higher level 90 protocols, which a packet filter lacks. Moreover, proxy-based 91 firewalls often require changes to the programs running on the local 92 clients. Proxy-based firewalls don't need support by the kernel, but 93 they are often combined with a packet filter, which only works if 94 you say Y here. 95 96 You should also say Y here if you intend to use your Linux box as 97 the gateway to the Internet for a local network of machines without 98 globally valid IP addresses. This is called "masquerading": if one 99 of the computers on your local network wants to send something to 100 the outside, your box can "masquerade" as that computer, i.e. it 101 forwards the traffic to the intended outside destination, but 102 modifies the packets to make it look like they came from the 103 firewall box itself. It works both ways: if the outside host 104 replies, the Linux box will silently forward the traffic to the 105 correct local computer. This way, the computers on your local net 106 are completely invisible to the outside world, even though they can 107 reach the outside and can receive replies. It is even possible to 108 run globally visible servers from within a masqueraded local network 109 using a mechanism called portforwarding. Masquerading is also often 110 called NAT (Network Address Translation). 111 112 Another use of Netfilter is in transparent proxying: if a machine on 113 the local network tries to connect to an outside host, your Linux 114 box can transparently forward the traffic to a local server, 115 typically a caching proxy server. 116 117 Yet another use of Netfilter is building a bridging firewall. Using 118 a bridge with Network packet filtering enabled makes iptables "see" 119 the bridged traffic. For filtering on the lower network and Ethernet 120 protocols over the bridge, use ebtables (under bridge netfilter 121 configuration). 122 123 Various modules exist for netfilter which replace the previous 124 masquerading (ipmasqadm), packet filtering (ipchains), transparent 125 proxying, and portforwarding mechanisms. Please see 126 <file:Documentation/Changes> under "iptables" for the location of 127 these packages. 128 129 Make sure to say N to "Fast switching" below if you intend to say Y 130 here, as Fast switching currently bypasses netfilter. 131 132 Chances are that you should say Y here if you compile a kernel which 133 will run as a router and N for regular hosts. If unsure, say N. 134 135if NETFILTER 136 137config NETFILTER_DEBUG 138 bool "Network packet filtering debugging" 139 depends on NETFILTER 140 help 141 You can say Y here if you want to get additional messages useful in 142 debugging the netfilter code. 143 144config BRIDGE_NETFILTER 145 bool "Bridged IP/ARP packets filtering" 146 depends on BRIDGE && NETFILTER && INET 147 default y 148 ---help--- 149 Enabling this option will let arptables resp. iptables see bridged 150 ARP resp. IP traffic. If you want a bridging firewall, you probably 151 want this option enabled. 152 Enabling or disabling this option doesn't enable or disable 153 ebtables. 154 155 If unsure, say N. 156 157source "net/netfilter/Kconfig" 158source "net/ipv4/netfilter/Kconfig" 159source "net/ipv6/netfilter/Kconfig" 160source "net/decnet/netfilter/Kconfig" 161source "net/bridge/netfilter/Kconfig" 162 163endif 164 165source "net/dccp/Kconfig" 166source "net/sctp/Kconfig" 167source "net/tipc/Kconfig" 168source "net/atm/Kconfig" 169source "net/bridge/Kconfig" 170source "net/8021q/Kconfig" 171source "net/decnet/Kconfig" 172source "net/llc/Kconfig" 173source "net/ipx/Kconfig" 174source "drivers/net/appletalk/Kconfig" 175source "net/x25/Kconfig" 176source "net/lapb/Kconfig" 177 178config NET_DIVERT 179 bool "Frame Diverter (EXPERIMENTAL)" 180 depends on EXPERIMENTAL && BROKEN 181 ---help--- 182 The Frame Diverter allows you to divert packets from the 183 network, that are not aimed at the interface receiving it (in 184 promisc. mode). Typically, a Linux box setup as an Ethernet bridge 185 with the Frames Diverter on, can do some *really* transparent www 186 caching using a Squid proxy for example. 187 188 This is very useful when you don't want to change your router's 189 config (or if you simply don't have access to it). 190 191 The other possible usages of diverting Ethernet Frames are 192 numberous: 193 - reroute smtp traffic to another interface 194 - traffic-shape certain network streams 195 - transparently proxy smtp connections 196 - etc... 197 198 For more informations, please refer to: 199 <http://diverter.sourceforge.net/> 200 <http://perso.wanadoo.fr/magpie/EtherDivert.html> 201 202 If unsure, say N. 203 204source "net/econet/Kconfig" 205source "net/wanrouter/Kconfig" 206source "net/sched/Kconfig" 207 208menu "Network testing" 209 210config NET_PKTGEN 211 tristate "Packet Generator (USE WITH CAUTION)" 212 depends on PROC_FS 213 ---help--- 214 This module will inject preconfigured packets, at a configurable 215 rate, out of a given interface. It is used for network interface 216 stress testing and performance analysis. If you don't understand 217 what was just said, you don't need it: say N. 218 219 Documentation on how to use the packet generator can be found 220 at <file:Documentation/networking/pktgen.txt>. 221 222 To compile this code as a module, choose M here: the 223 module will be called pktgen. 224 225config NET_TCPPROBE 226 tristate "TCP connection probing" 227 depends on INET && EXPERIMENTAL && PROC_FS && KPROBES 228 ---help--- 229 This module allows for capturing the changes to TCP connection 230 state in response to incoming packets. It is used for debugging 231 TCP congestion avoidance modules. If you don't understand 232 what was just said, you don't need it: say N. 233 234 Documentation on how to use the packet generator can be found 235 at http://linux-net.osdl.org/index.php/TcpProbe 236 237 To compile this code as a module, choose M here: the 238 module will be called tcp_probe. 239 240endmenu 241 242endmenu 243 244source "net/ax25/Kconfig" 245source "net/irda/Kconfig" 246source "net/bluetooth/Kconfig" 247source "net/ieee80211/Kconfig" 248 249config WIRELESS_EXT 250 bool 251 252endif # if NET 253endmenu # Networking 254 255