Файловый менеджер

Файловый менеджер - Редактировать - /var/www/xthruster/html/wp-content/uploads/flags/net.tar

Назад
vmw_vsock/Kconfig��0000644��00000004146�14722053255�0010077 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Vsock protocol # config VSOCKETS tristate "Virtual Socket protocol" help Virtual Socket Protocol is a socket protocol similar to TCP/IP allowing communication between Virtual Machines and hypervisor or host. You should also select one or more hypervisor-specific transports below. To compile this driver as a module, choose M here: the module will be called vsock. If unsure, say N. config VSOCKETS_DIAG tristate "Virtual Sockets monitoring interface" depends on VSOCKETS default y help Support for PF_VSOCK sockets monitoring interface used by the ss tool. If unsure, say Y. Enable this module so userspace applications can query open sockets. config VMWARE_VMCI_VSOCKETS tristate "VMware VMCI transport for Virtual Sockets" depends on VSOCKETS && VMWARE_VMCI help This module implements a VMCI transport for Virtual Sockets. Enable this transport if your Virtual Machine runs on a VMware hypervisor. To compile this driver as a module, choose M here: the module will be called vmw_vsock_vmci_transport. If unsure, say N. config VIRTIO_VSOCKETS tristate "virtio transport for Virtual Sockets" depends on VSOCKETS && VIRTIO select VIRTIO_VSOCKETS_COMMON help This module implements a virtio transport for Virtual Sockets. Enable this transport if your Virtual Machine host supports Virtual Sockets over virtio. To compile this driver as a module, choose M here: the module will be called vmw_vsock_virtio_transport. If unsure, say N. config VIRTIO_VSOCKETS_COMMON tristate help This option is selected by any driver which needs to access the virtio_vsock. The module will be called vmw_vsock_virtio_transport_common. config HYPERV_VSOCKETS tristate "Hyper-V transport for Virtual Sockets" depends on VSOCKETS && HYPERV help This module implements a Hyper-V transport for Virtual Sockets. Enable this transport if your Virtual Machine host supports Virtual Sockets over Hyper-V VMBus. To compile this driver as a module, choose M here: the module will be called hv_sock. If unsure, say N. ��vmw_vsock/Makefile��0000644��00000001263�14722053255�0010231 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 obj-$(CONFIG_VSOCKETS) += vsock.o obj-$(CONFIG_VSOCKETS_DIAG) += vsock_diag.o obj-$(CONFIG_VMWARE_VMCI_VSOCKETS) += vmw_vsock_vmci_transport.o obj-$(CONFIG_VIRTIO_VSOCKETS) += vmw_vsock_virtio_transport.o obj-$(CONFIG_VIRTIO_VSOCKETS_COMMON) += vmw_vsock_virtio_transport_common.o obj-$(CONFIG_HYPERV_VSOCKETS) += hv_sock.o vsock-y += af_vsock.o af_vsock_tap.o vsock_addr.o vsock_diag-y += diag.o vmw_vsock_vmci_transport-y += vmci_transport.o vmci_transport_notify.o \ vmci_transport_notify_qstate.o vmw_vsock_virtio_transport-y += virtio_transport.o vmw_vsock_virtio_transport_common-y += virtio_transport_common.o hv_sock-y += hyperv_transport.o ��openvswitch/Kconfig��0000644��00000004423�14722053255�0010430 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Open vSwitch # config OPENVSWITCH tristate "Open vSwitch" depends on INET depends on !NF_CONNTRACK \|\| \ (NF_CONNTRACK && ((!NF_DEFRAG_IPV6 \|\| NF_DEFRAG_IPV6) && \ (!NF_NAT \|\| NF_NAT) && \ (!NETFILTER_CONNCOUNT \|\| NETFILTER_CONNCOUNT))) select LIBCRC32C select MPLS select NET_MPLS_GSO select DST_CACHE select NET_NSH ---help--- Open vSwitch is a multilayer Ethernet switch targeted at virtualized environments. In addition to supporting a variety of features expected in a traditional hardware switch, it enables fine-grained programmatic extension and flow-based control of the network. This control is useful in a wide variety of applications but is particularly important in multi-server virtualization deployments, which are often characterized by highly dynamic endpoints and the need to maintain logical abstractions for multiple tenants. The Open vSwitch datapath provides an in-kernel fast path for packet forwarding. It is complemented by a userspace daemon, ovs-vswitchd, which is able to accept configuration from a variety of sources and translate it into packet processing rules. See http://openvswitch.org for more information and userspace utilities. To compile this code as a module, choose M here: the module will be called openvswitch. If unsure, say N. config OPENVSWITCH_GRE tristate "Open vSwitch GRE tunneling support" depends on OPENVSWITCH depends on NET_IPGRE default OPENVSWITCH ---help--- If you say Y here, then the Open vSwitch will be able create GRE vport. Say N to exclude this support and reduce the binary size. If unsure, say Y. config OPENVSWITCH_VXLAN tristate "Open vSwitch VXLAN tunneling support" depends on OPENVSWITCH depends on VXLAN default OPENVSWITCH ---help--- If you say Y here, then the Open vSwitch will be able create vxlan vport. Say N to exclude this support and reduce the binary size. If unsure, say Y. config OPENVSWITCH_GENEVE tristate "Open vSwitch Geneve tunneling support" depends on OPENVSWITCH depends on GENEVE default OPENVSWITCH ---help--- If you say Y here, then the Open vSwitch will be able create geneve vport. Say N to exclude this support and reduce the binary size. ��openvswitch/Makefile��0000644��00000000754�14722053255�0010570 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for Open vSwitch. # obj-$(CONFIG_OPENVSWITCH) += openvswitch.o openvswitch-y := \ actions.o \ datapath.o \ dp_notify.o \ flow.o \ flow_netlink.o \ flow_table.o \ meter.o \ vport.o \ vport-internal_dev.o \ vport-netdev.o ifneq ($(CONFIG_NF_CONNTRACK),) openvswitch-y += conntrack.o endif obj-$(CONFIG_OPENVSWITCH_VXLAN)+= vport-vxlan.o obj-$(CONFIG_OPENVSWITCH_GENEVE)+= vport-geneve.o obj-$(CONFIG_OPENVSWITCH_GRE) += vport-gre.o ��bpf/Makefile��0000644��00000000120�14722053255�0006751 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only obj-$(CONFIG_BPF_SYSCALL) := test_run.o ��core/Makefile��0000644��00000002560�14722053255�0007144 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for the Linux networking core. # obj-y := sock.o request_sock.o skbuff.o datagram.o stream.o scm.o \ gen_stats.o gen_estimator.o net_namespace.o secure_seq.o flow_dissector.o obj-$(CONFIG_SYSCTL) += sysctl_net_core.o obj-y += dev.o ethtool.o dev_addr_lists.o dst.o netevent.o \ neighbour.o rtnetlink.o utils.o link_watch.o filter.o \ sock_diag.o dev_ioctl.o tso.o sock_reuseport.o \ fib_notifier.o xdp.o flow_offload.o obj-y += net-sysfs.o obj-$(CONFIG_PAGE_POOL) += page_pool.o obj-$(CONFIG_PROC_FS) += net-procfs.o obj-$(CONFIG_NET_SOCK_MSG) += skmsg.o obj-$(CONFIG_NET_PKTGEN) += pktgen.o obj-$(CONFIG_NETPOLL) += netpoll.o obj-$(CONFIG_FIB_RULES) += fib_rules.o obj-$(CONFIG_TRACEPOINTS) += net-traces.o obj-$(CONFIG_NET_DROP_MONITOR) += drop_monitor.o obj-$(CONFIG_NETWORK_PHY_TIMESTAMPING) += timestamping.o obj-$(CONFIG_NET_PTP_CLASSIFY) += ptp_classifier.o obj-$(CONFIG_CGROUP_NET_PRIO) += netprio_cgroup.o obj-$(CONFIG_CGROUP_NET_CLASSID) += netclassid_cgroup.o obj-$(CONFIG_LWTUNNEL) += lwtunnel.o obj-$(CONFIG_LWTUNNEL_BPF) += lwt_bpf.o obj-$(CONFIG_BPF_STREAM_PARSER) += sock_map.o obj-$(CONFIG_DST_CACHE) += dst_cache.o obj-$(CONFIG_HWBM) += hwbm.o obj-$(CONFIG_NET_DEVLINK) += devlink.o obj-$(CONFIG_GRO_CELLS) += gro_cells.o obj-$(CONFIG_FAILOVER) += failover.o obj-$(CONFIG_BPF_SYSCALL) += bpf_sk_storage.o ��ethernet/Makefile��0000644��00000000151�14722053255�0010024 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Makefile for the Linux Ethernet layer. # obj-y += eth.o ��8021q/Kconfig��0000644��00000002362�14722053255�0006632 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Configuration for 802.1Q VLAN support # config VLAN_8021Q tristate "802.1Q/802.1ad VLAN Support" ---help--- Select this and you will be able to create 802.1Q VLAN interfaces on your Ethernet interfaces. 802.1Q VLAN supports almost everything a regular Ethernet interface does, including firewalling, bridging, and of course IP traffic. You will need the 'ip' utility in order to effectively use VLANs. See the VLAN web page for more information: <http://www.candelatech.com/~greear/vlan.html> To compile this code as a module, choose M here: the module will be called 8021q. If unsure, say N. config VLAN_8021Q_GVRP bool "GVRP (GARP VLAN Registration Protocol) support" depends on VLAN_8021Q select GARP help Select this to enable GVRP end-system support. GVRP is used for automatic propagation of registered VLANs to switches. If unsure, say N. config VLAN_8021Q_MVRP bool "MVRP (Multiple VLAN Registration Protocol) support" depends on VLAN_8021Q select MRP help Select this to enable MVRP end-system support. MVRP is used for automatic propagation of registered VLANs to switches; it supersedes GVRP and is not backwards-compatible. If unsure, say N. ��8021q/Makefile��0000644��00000000537�14722053255�0006771 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for the Linux VLAN layer. # obj-$(subst m,y,$(CONFIG_VLAN_8021Q)) += vlan_core.o obj-$(CONFIG_VLAN_8021Q) += 8021q.o 8021q-y := vlan.o vlan_dev.o vlan_netlink.o 8021q-$(CONFIG_VLAN_8021Q_GVRP) += vlan_gvrp.o 8021q-$(CONFIG_VLAN_8021Q_MVRP) += vlan_mvrp.o 8021q-$(CONFIG_PROC_FS) += vlanproc.o ��rxrpc/Kconfig��0000644��00000002747�14722053255�0007224 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # RxRPC session sockets # config AF_RXRPC tristate "RxRPC session sockets" depends on INET select CRYPTO select KEYS help Say Y or M here to include support for RxRPC session sockets (just the transport part, not the presentation part: (un)marshalling is left to the application). These are used for AFS kernel filesystem and userspace utilities. This module at the moment only supports client operations and is currently incomplete. See Documentation/networking/rxrpc.txt. config AF_RXRPC_IPV6 bool "IPv6 support for RxRPC" depends on (IPV6 = m && AF_RXRPC = m) \|\| (IPV6 = y && AF_RXRPC) help Say Y here to allow AF_RXRPC to use IPV6 UDP as well as IPV4 UDP as its network transport. config AF_RXRPC_INJECT_LOSS bool "Inject packet loss into RxRPC packet stream" depends on AF_RXRPC help Say Y here to inject packet loss by discarding some received and some transmitted packets. config AF_RXRPC_DEBUG bool "RxRPC dynamic debugging" depends on AF_RXRPC help Say Y here to make runtime controllable debugging messages appear. See Documentation/networking/rxrpc.txt. config RXKAD bool "RxRPC Kerberos security" depends on AF_RXRPC select CRYPTO select CRYPTO_MANAGER select CRYPTO_BLKCIPHER select CRYPTO_PCBC select CRYPTO_FCRYPT help Provide kerberos 4 and AFS kaserver security handling for AF_RXRPC through the use of the key retention service. See Documentation/networking/rxrpc.txt. ��rxrpc/Makefile��0000644��00000001063�14722053255�0007347 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for Linux kernel RxRPC # obj-$(CONFIG_AF_RXRPC) += rxrpc.o rxrpc-y := \ af_rxrpc.o \ call_accept.o \ call_event.o \ call_object.o \ conn_client.o \ conn_event.o \ conn_object.o \ conn_service.o \ input.o \ insecure.o \ key.o \ local_event.o \ local_object.o \ misc.o \ net_ns.o \ output.o \ peer_event.o \ peer_object.o \ recvmsg.o \ rtt.o \ security.o \ sendmsg.o \ skbuff.o \ utils.o rxrpc-$(CONFIG_PROC_FS) += proc.o rxrpc-$(CONFIG_RXKAD) += rxkad.o rxrpc-$(CONFIG_SYSCTL) += sysctl.o ��mpls/Kconfig��0000644��00000002001�14722053255�0007020 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # MPLS configuration # menuconfig MPLS bool "MultiProtocol Label Switching" default n ---help--- MultiProtocol Label Switching routes packets through logical circuits. Originally conceived as a way of routing packets at hardware speeds (before hardware was capable of routing ipv4 packets), MPLS remains a simple way of making tunnels. If you have not heard of MPLS you probably want to say N here. if MPLS config NET_MPLS_GSO tristate "MPLS: GSO support" help This is helper module to allow segmentation of non-MPLS GSO packets that have had MPLS stack entries pushed onto them and thus become MPLS GSO packets. config MPLS_ROUTING tristate "MPLS: routing support" depends on NET_IP_TUNNEL \|\| NET_IP_TUNNEL=n depends on PROC_SYSCTL ---help--- Add support for forwarding of mpls packets. config MPLS_IPTUNNEL tristate "MPLS: IP over MPLS tunnel support" depends on LWTUNNEL && MPLS_ROUTING ---help--- mpls ip tunnel support. endif # MPLS ��mpls/Makefile��0000644��00000000341�14722053255�0007162 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Makefile for MPLS. # obj-$(CONFIG_NET_MPLS_GSO) += mpls_gso.o obj-$(CONFIG_MPLS_ROUTING) += mpls_router.o obj-$(CONFIG_MPLS_IPTUNNEL) += mpls_iptunnel.o mpls_router-y := af_mpls.o ��ieee802154/6lowpan/Kconfig��0000644��00000000271�14722053255�0011035 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only config IEEE802154_6LOWPAN tristate "6lowpan support over IEEE 802.15.4" depends on 6LOWPAN ---help--- IPv6 compression over IEEE 802.15.4. ��ieee802154/6lowpan/Makefile��0000644��00000000230�14722053255�0011165 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only obj-$(CONFIG_IEEE802154_6LOWPAN) += ieee802154_6lowpan.o ieee802154_6lowpan-y := core.o rx.o reassembly.o tx.o ��ieee802154/Kconfig��0000644��00000002002�14722053255�0007441 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only menuconfig IEEE802154 tristate "IEEE Std 802.15.4 Low-Rate Wireless Personal Area Networks support" ---help--- IEEE Std 802.15.4 defines a low data rate, low power and low complexity short range wireless personal area networks. It was designed to organise networks of sensors, switches, etc automation devices. Maximum allowed data rate is 250 kb/s and typical personal operating space around 10m. Say Y here to compile LR-WPAN support into the kernel or say M to compile it as modules. if IEEE802154 config IEEE802154_NL802154_EXPERIMENTAL bool "IEEE 802.15.4 experimental netlink support" ---help--- Adds experimental netlink support for nl802154. config IEEE802154_SOCKET tristate "IEEE 802.15.4 socket interface" default y ---help--- Socket interface for IEEE 802.15.4. Contains DGRAM sockets interface for 802.15.4 dataframes. Also RAW socket interface to build MAC header from userspace. source "net/ieee802154/6lowpan/Kconfig" endif ��ieee802154/Makefile��0000644��00000000513�14722053255�0007603 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 obj-$(CONFIG_IEEE802154) += ieee802154.o obj-$(CONFIG_IEEE802154_SOCKET) += ieee802154_socket.o obj-y += 6lowpan/ ieee802154-y := netlink.o nl-mac.o nl-phy.o nl_policy.o core.o \ header_ops.o sysfs.o nl802154.o trace.o ieee802154_socket-y := socket.o CFLAGS_trace.o := -I$(src) ��netlink/Kconfig��0000644��00000000370�14722053255�0007520 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Netlink Sockets # config NETLINK_DIAG tristate "NETLINK: socket monitoring interface" default n ---help--- Support for NETLINK socket monitoring interface used by the ss tool. If unsure, say Y. ��netlink/Makefile��0000644��00000000300�14722053255�0007646 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Makefile for the netlink driver. # obj-y := af_netlink.o genetlink.o obj-$(CONFIG_NETLINK_DIAG) += netlink_diag.o netlink_diag-y := diag.o ��strparser/Kconfig��0000644��00000000111�14722053255�0010072 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only config STREAM_PARSER def_bool n ��strparser/Makefile��0000644��00000000123�14722053255�0010232 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only obj-$(CONFIG_STREAM_PARSER) += strparser.o ��kcm/Kconfig��0000644��00000000515�14722053255�0006627 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only config AF_KCM tristate "KCM sockets" depends on INET select BPF_SYSCALL select STREAM_PARSER ---help--- KCM (Kernel Connection Multiplexor) sockets provide a method for multiplexing messages of a message based application protocol over kernel connectons (e.g. TCP connections). ��kcm/Makefile��0000644��00000000144�14722053255�0006762 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only obj-$(CONFIG_AF_KCM) += kcm.o kcm-y := kcmsock.o kcmproc.o ��sched/Kconfig��0000644��00000064752�14722053255�0007160 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Traffic control configuration. # menuconfig NET_SCHED bool "QoS and/or fair queueing" select NET_SCH_FIFO ---help--- When the kernel has several packets to send out over a network device, it has to decide which ones to send first, which ones to delay, and which ones to drop. This is the job of the queueing disciplines, several different algorithms for how to do this "fairly" have been proposed. If you say N here, you will get the standard packet scheduler, which is a FIFO (first come, first served). If you say Y here, you will be able to choose from among several alternative algorithms which can then be attached to different network devices. This is useful for example if some of your network devices are real time devices that need a certain minimum data flow rate, or if you need to limit the maximum data flow rate for traffic which matches specified criteria. This code is considered to be experimental. To administer these schedulers, you'll need the user-level utilities from the package iproute2+tc at <https://www.kernel.org/pub/linux/utils/net/iproute2/>. That package also contains some documentation; for more, check out <http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2>. This Quality of Service (QoS) support will enable you to use Differentiated Services (diffserv) and Resource Reservation Protocol (RSVP) on your Linux router if you also say Y to the corresponding classifiers below. Documentation and software is at <http://diffserv.sourceforge.net/>. If you say Y here and to "/proc file system" below, you will be able to read status information about packet schedulers from the file /proc/net/psched. The available schedulers are listed in the following questions; you can say Y to as many as you like. If unsure, say N now. if NET_SCHED comment "Queueing/Scheduling" config NET_SCH_HTB tristate "Hierarchical Token Bucket (HTB)" ---help--- Say Y here if you want to use the Hierarchical Token Buckets (HTB) packet scheduling algorithm. See <http://luxik.cdi.cz/~devik/qos/htb/> for complete manual and in-depth articles. HTB is very similar to CBQ regarding its goals however is has different properties and different algorithm. To compile this code as a module, choose M here: the module will be called sch_htb. config NET_SCH_HFSC tristate "Hierarchical Fair Service Curve (HFSC)" ---help--- Say Y here if you want to use the Hierarchical Fair Service Curve (HFSC) packet scheduling algorithm. To compile this code as a module, choose M here: the module will be called sch_hfsc. config NET_SCH_PRIO tristate "Multi Band Priority Queueing (PRIO)" ---help--- Say Y here if you want to use an n-band priority queue packet scheduler. To compile this code as a module, choose M here: the module will be called sch_prio. config NET_SCH_MULTIQ tristate "Hardware Multiqueue-aware Multi Band Queuing (MULTIQ)" ---help--- Say Y here if you want to use an n-band queue packet scheduler to support devices that have multiple hardware transmit queues. To compile this code as a module, choose M here: the module will be called sch_multiq. config NET_SCH_RED tristate "Random Early Detection (RED)" ---help--- Say Y here if you want to use the Random Early Detection (RED) packet scheduling algorithm. See the top of <file:net/sched/sch_red.c> for more details. To compile this code as a module, choose M here: the module will be called sch_red. config NET_SCH_SFB tristate "Stochastic Fair Blue (SFB)" ---help--- Say Y here if you want to use the Stochastic Fair Blue (SFB) packet scheduling algorithm. See the top of <file:net/sched/sch_sfb.c> for more details. To compile this code as a module, choose M here: the module will be called sch_sfb. config NET_SCH_SFQ tristate "Stochastic Fairness Queueing (SFQ)" ---help--- Say Y here if you want to use the Stochastic Fairness Queueing (SFQ) packet scheduling algorithm. See the top of <file:net/sched/sch_sfq.c> for more details. To compile this code as a module, choose M here: the module will be called sch_sfq. config NET_SCH_TEQL tristate "True Link Equalizer (TEQL)" ---help--- Say Y here if you want to use the True Link Equalizer (TLE) packet scheduling algorithm. This queueing discipline allows the combination of several physical devices into one virtual device. See the top of <file:net/sched/sch_teql.c> for more details. To compile this code as a module, choose M here: the module will be called sch_teql. config NET_SCH_TBF tristate "Token Bucket Filter (TBF)" ---help--- Say Y here if you want to use the Token Bucket Filter (TBF) packet scheduling algorithm. See the top of <file:net/sched/sch_tbf.c> for more details. To compile this code as a module, choose M here: the module will be called sch_tbf. config NET_SCH_CBS tristate "Credit Based Shaper (CBS)" ---help--- Say Y here if you want to use the Credit Based Shaper (CBS) packet scheduling algorithm. See the top of <file:net/sched/sch_cbs.c> for more details. To compile this code as a module, choose M here: the module will be called sch_cbs. config NET_SCH_ETF tristate "Earliest TxTime First (ETF)" help Say Y here if you want to use the Earliest TxTime First (ETF) packet scheduling algorithm. See the top of <file:net/sched/sch_etf.c> for more details. To compile this code as a module, choose M here: the module will be called sch_etf. config NET_SCH_TAPRIO tristate "Time Aware Priority (taprio) Scheduler" help Say Y here if you want to use the Time Aware Priority (taprio) packet scheduling algorithm. See the top of <file:net/sched/sch_taprio.c> for more details. To compile this code as a module, choose M here: the module will be called sch_taprio. config NET_SCH_GRED tristate "Generic Random Early Detection (GRED)" ---help--- Say Y here if you want to use the Generic Random Early Detection (GRED) packet scheduling algorithm for some of your network devices (see the top of <file:net/sched/sch_red.c> for details and references about the algorithm). To compile this code as a module, choose M here: the module will be called sch_gred. config NET_SCH_NETEM tristate "Network emulator (NETEM)" ---help--- Say Y if you want to emulate network delay, loss, and packet re-ordering. This is often useful to simulate networks when testing applications or protocols. To compile this driver as a module, choose M here: the module will be called sch_netem. If unsure, say N. config NET_SCH_DRR tristate "Deficit Round Robin scheduler (DRR)" help Say Y here if you want to use the Deficit Round Robin (DRR) packet scheduling algorithm. To compile this driver as a module, choose M here: the module will be called sch_drr. If unsure, say N. config NET_SCH_MQPRIO tristate "Multi-queue priority scheduler (MQPRIO)" help Say Y here if you want to use the Multi-queue Priority scheduler. This scheduler allows QOS to be offloaded on NICs that have support for offloading QOS schedulers. To compile this driver as a module, choose M here: the module will be called sch_mqprio. If unsure, say N. config NET_SCH_SKBPRIO tristate "SKB priority queue scheduler (SKBPRIO)" help Say Y here if you want to use the SKB priority queue scheduler. This schedules packets according to skb->priority, which is useful for request packets in DoS mitigation systems such as Gatekeeper. To compile this driver as a module, choose M here: the module will be called sch_skbprio. If unsure, say N. config NET_SCH_CHOKE tristate "CHOose and Keep responsive flow scheduler (CHOKE)" help Say Y here if you want to use the CHOKe packet scheduler (CHOose and Keep for responsive flows, CHOose and Kill for unresponsive flows). This is a variation of RED which trys to penalize flows that monopolize the queue. To compile this code as a module, choose M here: the module will be called sch_choke. config NET_SCH_QFQ tristate "Quick Fair Queueing scheduler (QFQ)" help Say Y here if you want to use the Quick Fair Queueing Scheduler (QFQ) packet scheduling algorithm. To compile this driver as a module, choose M here: the module will be called sch_qfq. If unsure, say N. config NET_SCH_CODEL tristate "Controlled Delay AQM (CODEL)" help Say Y here if you want to use the Controlled Delay (CODEL) packet scheduling algorithm. To compile this driver as a module, choose M here: the module will be called sch_codel. If unsure, say N. config NET_SCH_FQ_CODEL tristate "Fair Queue Controlled Delay AQM (FQ_CODEL)" help Say Y here if you want to use the FQ Controlled Delay (FQ_CODEL) packet scheduling algorithm. To compile this driver as a module, choose M here: the module will be called sch_fq_codel. If unsure, say N. config NET_SCH_CAKE tristate "Common Applications Kept Enhanced (CAKE)" help Say Y here if you want to use the Common Applications Kept Enhanced (CAKE) queue management algorithm. To compile this driver as a module, choose M here: the module will be called sch_cake. If unsure, say N. config NET_SCH_FQ tristate "Fair Queue" help Say Y here if you want to use the FQ packet scheduling algorithm. FQ does flow separation, and is able to respect pacing requirements set by TCP stack into sk->sk_pacing_rate (for localy generated traffic) To compile this driver as a module, choose M here: the module will be called sch_fq. If unsure, say N. config NET_SCH_HHF tristate "Heavy-Hitter Filter (HHF)" help Say Y here if you want to use the Heavy-Hitter Filter (HHF) packet scheduling algorithm. To compile this driver as a module, choose M here: the module will be called sch_hhf. config NET_SCH_PIE tristate "Proportional Integral controller Enhanced (PIE) scheduler" help Say Y here if you want to use the Proportional Integral controller Enhanced scheduler packet scheduling algorithm. For more information, please see https://tools.ietf.org/html/rfc8033 To compile this driver as a module, choose M here: the module will be called sch_pie. If unsure, say N. config NET_SCH_INGRESS tristate "Ingress/classifier-action Qdisc" depends on NET_CLS_ACT select NET_INGRESS select NET_EGRESS ---help--- Say Y here if you want to use classifiers for incoming and/or outgoing packets. This qdisc doesn't do anything else besides running classifiers, which can also have actions attached to them. In case of outgoing packets, classifiers that this qdisc holds are executed in the transmit path before real enqueuing to an egress qdisc happens. If unsure, say Y. To compile this code as a module, choose M here: the module will be called sch_ingress with alias of sch_clsact. config NET_SCH_PLUG tristate "Plug network traffic until release (PLUG)" ---help--- This queuing discipline allows userspace to plug/unplug a network output queue, using the netlink interface. When it receives an enqueue command it inserts a plug into the outbound queue that causes following packets to enqueue until a dequeue command arrives over netlink, causing the plug to be removed and resuming the normal packet flow. This module also provides a generic "network output buffering" functionality (aka output commit), wherein upon arrival of a dequeue command, only packets up to the first plug are released for delivery. The Remus HA project uses this module to enable speculative execution of virtual machines by allowing the generated network output to be rolled back if needed. For more information, please refer to <http://wiki.xenproject.org/wiki/Remus> Say Y here if you are using this kernel for Xen dom0 and want to protect Xen guests with Remus. To compile this code as a module, choose M here: the module will be called sch_plug. menuconfig NET_SCH_DEFAULT bool "Allow override default queue discipline" ---help--- Support for selection of default queuing discipline. Nearly all users can safely say no here, and the default of pfifo_fast will be used. Many distributions already set the default value via /proc/sys/net/core/default_qdisc. If unsure, say N. if NET_SCH_DEFAULT choice prompt "Default queuing discipline" default DEFAULT_PFIFO_FAST help Select the queueing discipline that will be used by default for all network devices. config DEFAULT_FQ bool "Fair Queue" if NET_SCH_FQ config DEFAULT_CODEL bool "Controlled Delay" if NET_SCH_CODEL config DEFAULT_FQ_CODEL bool "Fair Queue Controlled Delay" if NET_SCH_FQ_CODEL config DEFAULT_SFQ bool "Stochastic Fair Queue" if NET_SCH_SFQ config DEFAULT_PFIFO_FAST bool "Priority FIFO Fast" endchoice config DEFAULT_NET_SCH string default "pfifo_fast" if DEFAULT_PFIFO_FAST default "fq" if DEFAULT_FQ default "fq_codel" if DEFAULT_FQ_CODEL default "sfq" if DEFAULT_SFQ default "pfifo_fast" endif comment "Classification" config NET_CLS bool config NET_CLS_BASIC tristate "Elementary classification (BASIC)" select NET_CLS ---help--- Say Y here if you want to be able to classify packets using only extended matches and actions. To compile this code as a module, choose M here: the module will be called cls_basic. config NET_CLS_ROUTE4 tristate "Routing decision (ROUTE)" depends on INET select IP_ROUTE_CLASSID select NET_CLS ---help--- If you say Y here, you will be able to classify packets according to the route table entry they matched. To compile this code as a module, choose M here: the module will be called cls_route. config NET_CLS_FW tristate "Netfilter mark (FW)" select NET_CLS ---help--- If you say Y here, you will be able to classify packets according to netfilter/firewall marks. To compile this code as a module, choose M here: the module will be called cls_fw. config NET_CLS_U32 tristate "Universal 32bit comparisons w/ hashing (U32)" select NET_CLS ---help--- Say Y here to be able to classify packets using a universal 32bit pieces based comparison scheme. To compile this code as a module, choose M here: the module will be called cls_u32. config CLS_U32_PERF bool "Performance counters support" depends on NET_CLS_U32 ---help--- Say Y here to make u32 gather additional statistics useful for fine tuning u32 classifiers. config CLS_U32_MARK bool "Netfilter marks support" depends on NET_CLS_U32 ---help--- Say Y here to be able to use netfilter marks as u32 key. config NET_CLS_FLOW tristate "Flow classifier" select NET_CLS ---help--- If you say Y here, you will be able to classify packets based on a configurable combination of packet keys. This is mostly useful in combination with SFQ. To compile this code as a module, choose M here: the module will be called cls_flow. config NET_CLS_CGROUP tristate "Control Group Classifier" select NET_CLS select CGROUP_NET_CLASSID depends on CGROUPS ---help--- Say Y here if you want to classify packets based on the control cgroup of their process. To compile this code as a module, choose M here: the module will be called cls_cgroup. config NET_CLS_BPF tristate "BPF-based classifier" select NET_CLS ---help--- If you say Y here, you will be able to classify packets based on programmable BPF (JIT'ed) filters as an alternative to ematches. To compile this code as a module, choose M here: the module will be called cls_bpf. config NET_CLS_FLOWER tristate "Flower classifier" select NET_CLS ---help--- If you say Y here, you will be able to classify packets based on a configurable combination of packet keys and masks. To compile this code as a module, choose M here: the module will be called cls_flower. config NET_CLS_MATCHALL tristate "Match-all classifier" select NET_CLS ---help--- If you say Y here, you will be able to classify packets based on nothing. Every packet will match. To compile this code as a module, choose M here: the module will be called cls_matchall. config NET_EMATCH bool "Extended Matches" select NET_CLS ---help--- Say Y here if you want to use extended matches on top of classifiers and select the extended matches below. Extended matches are small classification helpers not worth writing a separate classifier for. A recent version of the iproute2 package is required to use extended matches. config NET_EMATCH_STACK int "Stack size" depends on NET_EMATCH default "32" ---help--- Size of the local stack variable used while evaluating the tree of ematches. Limits the depth of the tree, i.e. the number of encapsulated precedences. Every level requires 4 bytes of additional stack space. config NET_EMATCH_CMP tristate "Simple packet data comparison" depends on NET_EMATCH ---help--- Say Y here if you want to be able to classify packets based on simple packet data comparisons for 8, 16, and 32bit values. To compile this code as a module, choose M here: the module will be called em_cmp. config NET_EMATCH_NBYTE tristate "Multi byte comparison" depends on NET_EMATCH ---help--- Say Y here if you want to be able to classify packets based on multiple byte comparisons mainly useful for IPv6 address comparisons. To compile this code as a module, choose M here: the module will be called em_nbyte. config NET_EMATCH_U32 tristate "U32 key" depends on NET_EMATCH ---help--- Say Y here if you want to be able to classify packets using the famous u32 key in combination with logic relations. To compile this code as a module, choose M here: the module will be called em_u32. config NET_EMATCH_META tristate "Metadata" depends on NET_EMATCH ---help--- Say Y here if you want to be able to classify packets based on metadata such as load average, netfilter attributes, socket attributes and routing decisions. To compile this code as a module, choose M here: the module will be called em_meta. config NET_EMATCH_TEXT tristate "Textsearch" depends on NET_EMATCH select TEXTSEARCH select TEXTSEARCH_KMP select TEXTSEARCH_BM select TEXTSEARCH_FSM ---help--- Say Y here if you want to be able to classify packets based on textsearch comparisons. To compile this code as a module, choose M here: the module will be called em_text. config NET_EMATCH_CANID tristate "CAN Identifier" depends on NET_EMATCH && (CAN=y \|\| CAN=m) ---help--- Say Y here if you want to be able to classify CAN frames based on CAN Identifier. To compile this code as a module, choose M here: the module will be called em_canid. config NET_EMATCH_IPSET tristate "IPset" depends on NET_EMATCH && IP_SET ---help--- Say Y here if you want to be able to classify packets based on ipset membership. To compile this code as a module, choose M here: the module will be called em_ipset. config NET_EMATCH_IPT tristate "IPtables Matches" depends on NET_EMATCH && NETFILTER && NETFILTER_XTABLES ---help--- Say Y here to be able to classify packets based on iptables matches. Current supported match is "policy" which allows packet classification based on IPsec policy that was used during decapsulation To compile this code as a module, choose M here: the module will be called em_ipt. config NET_CLS_ACT bool "Actions" select NET_CLS ---help--- Say Y here if you want to use traffic control actions. Actions get attached to classifiers and are invoked after a successful classification. They are used to overwrite the classification result, instantly drop or redirect packets, etc. A recent version of the iproute2 package is required to use extended matches. config NET_ACT_POLICE tristate "Traffic Policing" depends on NET_CLS_ACT ---help--- Say Y here if you want to do traffic policing, i.e. strict bandwidth limiting. This action replaces the existing policing module. To compile this code as a module, choose M here: the module will be called act_police. config NET_ACT_GACT tristate "Generic actions" depends on NET_CLS_ACT ---help--- Say Y here to take generic actions such as dropping and accepting packets. To compile this code as a module, choose M here: the module will be called act_gact. config GACT_PROB bool "Probability support" depends on NET_ACT_GACT ---help--- Say Y here to use the generic action randomly or deterministically. config NET_ACT_MIRRED tristate "Redirecting and Mirroring" depends on NET_CLS_ACT ---help--- Say Y here to allow packets to be mirrored or redirected to other devices. To compile this code as a module, choose M here: the module will be called act_mirred. config NET_ACT_SAMPLE tristate "Traffic Sampling" depends on NET_CLS_ACT select PSAMPLE ---help--- Say Y here to allow packet sampling tc action. The packet sample action consists of statistically choosing packets and sampling them using the psample module. To compile this code as a module, choose M here: the module will be called act_sample. config NET_ACT_IPT tristate "IPtables targets" depends on NET_CLS_ACT && NETFILTER && IP_NF_IPTABLES ---help--- Say Y here to be able to invoke iptables targets after successful classification. To compile this code as a module, choose M here: the module will be called act_ipt. config NET_ACT_NAT tristate "Stateless NAT" depends on NET_CLS_ACT ---help--- Say Y here to do stateless NAT on IPv4 packets. You should use netfilter for NAT unless you know what you are doing. To compile this code as a module, choose M here: the module will be called act_nat. config NET_ACT_PEDIT tristate "Packet Editing" depends on NET_CLS_ACT ---help--- Say Y here if you want to mangle the content of packets. To compile this code as a module, choose M here: the module will be called act_pedit. config NET_ACT_SIMP tristate "Simple Example (Debug)" depends on NET_CLS_ACT ---help--- Say Y here to add a simple action for demonstration purposes. It is meant as an example and for debugging purposes. It will print a configured policy string followed by the packet count to the console for every packet that passes by. If unsure, say N. To compile this code as a module, choose M here: the module will be called act_simple. config NET_ACT_SKBEDIT tristate "SKB Editing" depends on NET_CLS_ACT ---help--- Say Y here to change skb priority or queue_mapping settings. If unsure, say N. To compile this code as a module, choose M here: the module will be called act_skbedit. config NET_ACT_CSUM tristate "Checksum Updating" depends on NET_CLS_ACT && INET select LIBCRC32C ---help--- Say Y here to update some common checksum after some direct packet alterations. To compile this code as a module, choose M here: the module will be called act_csum. config NET_ACT_MPLS tristate "MPLS manipulation" depends on NET_CLS_ACT help Say Y here to push or pop MPLS headers. If unsure, say N. To compile this code as a module, choose M here: the module will be called act_mpls. config NET_ACT_VLAN tristate "Vlan manipulation" depends on NET_CLS_ACT ---help--- Say Y here to push or pop vlan headers. If unsure, say N. To compile this code as a module, choose M here: the module will be called act_vlan. config NET_ACT_BPF tristate "BPF based action" depends on NET_CLS_ACT ---help--- Say Y here to execute BPF code on packets. The BPF code will decide if the packet should be dropped or not. If unsure, say N. To compile this code as a module, choose M here: the module will be called act_bpf. config NET_ACT_CONNMARK tristate "Netfilter Connection Mark Retriever" depends on NET_CLS_ACT && NETFILTER && IP_NF_IPTABLES depends on NF_CONNTRACK && NF_CONNTRACK_MARK ---help--- Say Y here to allow retrieving of conn mark If unsure, say N. To compile this code as a module, choose M here: the module will be called act_connmark. config NET_ACT_CTINFO tristate "Netfilter Connection Mark Actions" depends on NET_CLS_ACT && NETFILTER && IP_NF_IPTABLES depends on NF_CONNTRACK && NF_CONNTRACK_MARK help Say Y here to allow transfer of a connmark stored information. Current actions transfer connmark stored DSCP into ipv4/v6 diffserv and/or to transfer connmark to packet mark. Both are useful for restoring egress based marks back onto ingress connections for qdisc priority mapping purposes. If unsure, say N. To compile this code as a module, choose M here: the module will be called act_ctinfo. config NET_ACT_SKBMOD tristate "skb data modification action" depends on NET_CLS_ACT ---help--- Say Y here to allow modification of skb data If unsure, say N. To compile this code as a module, choose M here: the module will be called act_skbmod. config NET_ACT_IFE tristate "Inter-FE action based on IETF ForCES InterFE LFB" depends on NET_CLS_ACT select NET_IFE ---help--- Say Y here to allow for sourcing and terminating metadata For details refer to netdev01 paper: "Distributing Linux Traffic Control Classifier-Action Subsystem" Authors: Jamal Hadi Salim and Damascene M. Joachimpillai To compile this code as a module, choose M here: the module will be called act_ife. config NET_ACT_TUNNEL_KEY tristate "IP tunnel metadata manipulation" depends on NET_CLS_ACT ---help--- Say Y here to set/release ip tunnel metadata. If unsure, say N. To compile this code as a module, choose M here: the module will be called act_tunnel_key. config NET_ACT_CT tristate "connection tracking tc action" depends on NET_CLS_ACT && NF_CONNTRACK && NF_NAT help Say Y here to allow sending the packets to conntrack module. If unsure, say N. To compile this code as a module, choose M here: the module will be called act_ct. config NET_IFE_SKBMARK tristate "Support to encoding decoding skb mark on IFE action" depends on NET_ACT_IFE config NET_IFE_SKBPRIO tristate "Support to encoding decoding skb prio on IFE action" depends on NET_ACT_IFE config NET_IFE_SKBTCINDEX tristate "Support to encoding decoding skb tcindex on IFE action" depends on NET_ACT_IFE config NET_TC_SKB_EXT bool "TC recirculation support" depends on NET_CLS_ACT select SKB_EXTENSIONS help Say Y here to allow tc chain misses to continue in OvS datapath in the correct recirc_id, and hardware chain misses to continue in the correct chain in tc software datapath. Say N here if you won't be using tc<->ovs offload or tc chains offload. endif # NET_SCHED config NET_SCH_FIFO bool ��sched/Makefile��0000644��00000006114�14722053255�0007301 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for the Linux Traffic Control Unit. # obj-y := sch_generic.o sch_mq.o obj-$(CONFIG_NET_SCHED) += sch_api.o sch_blackhole.o obj-$(CONFIG_NET_CLS) += cls_api.o obj-$(CONFIG_NET_CLS_ACT) += act_api.o obj-$(CONFIG_NET_ACT_POLICE) += act_police.o obj-$(CONFIG_NET_ACT_GACT) += act_gact.o obj-$(CONFIG_NET_ACT_MIRRED) += act_mirred.o obj-$(CONFIG_NET_ACT_SAMPLE) += act_sample.o obj-$(CONFIG_NET_ACT_IPT) += act_ipt.o obj-$(CONFIG_NET_ACT_NAT) += act_nat.o obj-$(CONFIG_NET_ACT_PEDIT) += act_pedit.o obj-$(CONFIG_NET_ACT_SIMP) += act_simple.o obj-$(CONFIG_NET_ACT_SKBEDIT) += act_skbedit.o obj-$(CONFIG_NET_ACT_CSUM) += act_csum.o obj-$(CONFIG_NET_ACT_MPLS) += act_mpls.o obj-$(CONFIG_NET_ACT_VLAN) += act_vlan.o obj-$(CONFIG_NET_ACT_BPF) += act_bpf.o obj-$(CONFIG_NET_ACT_CONNMARK) += act_connmark.o obj-$(CONFIG_NET_ACT_CTINFO) += act_ctinfo.o obj-$(CONFIG_NET_ACT_SKBMOD) += act_skbmod.o obj-$(CONFIG_NET_ACT_IFE) += act_ife.o obj-$(CONFIG_NET_IFE_SKBMARK) += act_meta_mark.o obj-$(CONFIG_NET_IFE_SKBPRIO) += act_meta_skbprio.o obj-$(CONFIG_NET_IFE_SKBTCINDEX) += act_meta_skbtcindex.o obj-$(CONFIG_NET_ACT_TUNNEL_KEY)+= act_tunnel_key.o obj-$(CONFIG_NET_ACT_CT) += act_ct.o obj-$(CONFIG_NET_SCH_FIFO) += sch_fifo.o obj-$(CONFIG_NET_SCH_HTB) += sch_htb.o obj-$(CONFIG_NET_SCH_HFSC) += sch_hfsc.o obj-$(CONFIG_NET_SCH_RED) += sch_red.o obj-$(CONFIG_NET_SCH_GRED) += sch_gred.o obj-$(CONFIG_NET_SCH_INGRESS) += sch_ingress.o obj-$(CONFIG_NET_SCH_SFB) += sch_sfb.o obj-$(CONFIG_NET_SCH_SFQ) += sch_sfq.o obj-$(CONFIG_NET_SCH_TBF) += sch_tbf.o obj-$(CONFIG_NET_SCH_TEQL) += sch_teql.o obj-$(CONFIG_NET_SCH_PRIO) += sch_prio.o obj-$(CONFIG_NET_SCH_MULTIQ) += sch_multiq.o obj-$(CONFIG_NET_SCH_NETEM) += sch_netem.o obj-$(CONFIG_NET_SCH_DRR) += sch_drr.o obj-$(CONFIG_NET_SCH_PLUG) += sch_plug.o obj-$(CONFIG_NET_SCH_MQPRIO) += sch_mqprio.o obj-$(CONFIG_NET_SCH_SKBPRIO) += sch_skbprio.o obj-$(CONFIG_NET_SCH_CHOKE) += sch_choke.o obj-$(CONFIG_NET_SCH_QFQ) += sch_qfq.o obj-$(CONFIG_NET_SCH_CODEL) += sch_codel.o obj-$(CONFIG_NET_SCH_FQ_CODEL) += sch_fq_codel.o obj-$(CONFIG_NET_SCH_CAKE) += sch_cake.o obj-$(CONFIG_NET_SCH_FQ) += sch_fq.o obj-$(CONFIG_NET_SCH_HHF) += sch_hhf.o obj-$(CONFIG_NET_SCH_PIE) += sch_pie.o obj-$(CONFIG_NET_SCH_CBS) += sch_cbs.o obj-$(CONFIG_NET_SCH_ETF) += sch_etf.o obj-$(CONFIG_NET_SCH_TAPRIO) += sch_taprio.o obj-$(CONFIG_NET_CLS_U32) += cls_u32.o obj-$(CONFIG_NET_CLS_ROUTE4) += cls_route.o obj-$(CONFIG_NET_CLS_FW) += cls_fw.o obj-$(CONFIG_NET_CLS_BASIC) += cls_basic.o obj-$(CONFIG_NET_CLS_FLOW) += cls_flow.o obj-$(CONFIG_NET_CLS_CGROUP) += cls_cgroup.o obj-$(CONFIG_NET_CLS_BPF) += cls_bpf.o obj-$(CONFIG_NET_CLS_FLOWER) += cls_flower.o obj-$(CONFIG_NET_CLS_MATCHALL) += cls_matchall.o obj-$(CONFIG_NET_EMATCH) += ematch.o obj-$(CONFIG_NET_EMATCH_CMP) += em_cmp.o obj-$(CONFIG_NET_EMATCH_NBYTE) += em_nbyte.o obj-$(CONFIG_NET_EMATCH_U32) += em_u32.o obj-$(CONFIG_NET_EMATCH_META) += em_meta.o obj-$(CONFIG_NET_EMATCH_TEXT) += em_text.o obj-$(CONFIG_NET_EMATCH_CANID) += em_canid.o obj-$(CONFIG_NET_EMATCH_IPSET) += em_ipset.o obj-$(CONFIG_NET_EMATCH_IPT) += em_ipt.o ��mac80211/Kconfig��0000644��00000021531�14722053255�0007212 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only config MAC80211 tristate "Generic IEEE 802.11 Networking Stack (mac80211)" depends on CFG80211 select CRYPTO select CRYPTO_LIB_ARC4 select CRYPTO_AES select CRYPTO_CCM select CRYPTO_GCM select CRYPTO_CMAC select CRC32 ---help--- This option enables the hardware independent IEEE 802.11 networking stack. comment "CFG80211 needs to be enabled for MAC80211" depends on CFG80211=n if MAC80211 != n config MAC80211_HAS_RC bool config MAC80211_RC_MINSTREL bool "Minstrel" if EXPERT select MAC80211_HAS_RC default y ---help--- This option enables the 'minstrel' TX rate control algorithm choice prompt "Default rate control algorithm" depends on MAC80211_HAS_RC default MAC80211_RC_DEFAULT_MINSTREL ---help--- This option selects the default rate control algorithm mac80211 will use. Note that this default can still be overridden through the ieee80211_default_rc_algo module parameter if different algorithms are available. config MAC80211_RC_DEFAULT_MINSTREL bool "Minstrel" depends on MAC80211_RC_MINSTREL ---help--- Select Minstrel as the default rate control algorithm. endchoice config MAC80211_RC_DEFAULT string default "minstrel_ht" if MAC80211_RC_DEFAULT_MINSTREL default "" endif comment "Some wireless drivers require a rate control algorithm" depends on MAC80211 && MAC80211_HAS_RC=n config MAC80211_MESH bool "Enable mac80211 mesh networking support" depends on MAC80211 ---help--- Select this option to enable 802.11 mesh operation in mac80211 drivers that support it. 802.11 mesh connects multiple stations over (possibly multi-hop) wireless links to form a single logical LAN. config MAC80211_LEDS bool "Enable LED triggers" depends on MAC80211 depends on LEDS_CLASS select LEDS_TRIGGERS ---help--- This option enables a few LED triggers for different packet receive/transmit events. config MAC80211_DEBUGFS bool "Export mac80211 internals in DebugFS" depends on MAC80211 && DEBUG_FS ---help--- Select this to see extensive information about the internal state of mac80211 in debugfs. Say N unless you know you need this. config MAC80211_MESSAGE_TRACING bool "Trace all mac80211 debug messages" depends on MAC80211 ---help--- Select this option to have mac80211 register the mac80211_msg trace subsystem with tracepoints to collect all debugging messages, independent of printing them into the kernel log. The overhead in this option is that all the messages need to be present in the binary and formatted at runtime for tracing. menuconfig MAC80211_DEBUG_MENU bool "Select mac80211 debugging features" depends on MAC80211 ---help--- This option collects various mac80211 debug settings. config MAC80211_NOINLINE bool "Do not inline TX/RX handlers" depends on MAC80211_DEBUG_MENU ---help--- This option affects code generation in mac80211, when selected some functions are marked "noinline" to allow easier debugging of problems in the transmit and receive paths. This option increases code size a bit and inserts a lot of function calls in the code, but is otherwise safe to enable. If unsure, say N unless you expect to be finding problems in mac80211. config MAC80211_VERBOSE_DEBUG bool "Verbose debugging output" depends on MAC80211_DEBUG_MENU ---help--- Selecting this option causes mac80211 to print out many debugging messages. It should not be selected on production systems as some of the messages are remotely triggerable. Do not select this option. config MAC80211_MLME_DEBUG bool "Verbose managed MLME output" depends on MAC80211_DEBUG_MENU ---help--- Selecting this option causes mac80211 to print out debugging messages for the managed-mode MLME. It should not be selected on production systems as some of the messages are remotely triggerable. Do not select this option. config MAC80211_STA_DEBUG bool "Verbose station debugging" depends on MAC80211_DEBUG_MENU ---help--- Selecting this option causes mac80211 to print out debugging messages for station addition/removal. Do not select this option. config MAC80211_HT_DEBUG bool "Verbose HT debugging" depends on MAC80211_DEBUG_MENU ---help--- This option enables 802.11n High Throughput features debug tracing output. It should not be selected on production systems as some of the messages are remotely triggerable. Do not select this option. config MAC80211_OCB_DEBUG bool "Verbose OCB debugging" depends on MAC80211_DEBUG_MENU ---help--- Selecting this option causes mac80211 to print out very verbose OCB debugging messages. It should not be selected on production systems as those messages are remotely triggerable. Do not select this option. config MAC80211_IBSS_DEBUG bool "Verbose IBSS debugging" depends on MAC80211_DEBUG_MENU ---help--- Selecting this option causes mac80211 to print out very verbose IBSS debugging messages. It should not be selected on production systems as those messages are remotely triggerable. Do not select this option. config MAC80211_PS_DEBUG bool "Verbose powersave mode debugging" depends on MAC80211_DEBUG_MENU ---help--- Selecting this option causes mac80211 to print out very verbose power save mode debugging messages (when mac80211 is an AP and has power saving stations.) It should not be selected on production systems as those messages are remotely triggerable. Do not select this option. config MAC80211_MPL_DEBUG bool "Verbose mesh peer link debugging" depends on MAC80211_DEBUG_MENU depends on MAC80211_MESH ---help--- Selecting this option causes mac80211 to print out very verbose mesh peer link debugging messages (when mac80211 is taking part in a mesh network). It should not be selected on production systems as those messages are remotely triggerable. Do not select this option. config MAC80211_MPATH_DEBUG bool "Verbose mesh path debugging" depends on MAC80211_DEBUG_MENU depends on MAC80211_MESH ---help--- Selecting this option causes mac80211 to print out very verbose mesh path selection debugging messages (when mac80211 is taking part in a mesh network). It should not be selected on production systems as those messages are remotely triggerable. Do not select this option. config MAC80211_MHWMP_DEBUG bool "Verbose mesh HWMP routing debugging" depends on MAC80211_DEBUG_MENU depends on MAC80211_MESH ---help--- Selecting this option causes mac80211 to print out very verbose mesh routing (HWMP) debugging messages (when mac80211 is taking part in a mesh network). It should not be selected on production systems as those messages are remotely triggerable. Do not select this option. config MAC80211_MESH_SYNC_DEBUG bool "Verbose mesh synchronization debugging" depends on MAC80211_DEBUG_MENU depends on MAC80211_MESH ---help--- Selecting this option causes mac80211 to print out very verbose mesh synchronization debugging messages (when mac80211 is taking part in a mesh network). Do not select this option. config MAC80211_MESH_CSA_DEBUG bool "Verbose mesh channel switch debugging" depends on MAC80211_DEBUG_MENU depends on MAC80211_MESH ---help--- Selecting this option causes mac80211 to print out very verbose mesh channel switch debugging messages (when mac80211 is taking part in a mesh network). Do not select this option. config MAC80211_MESH_PS_DEBUG bool "Verbose mesh powersave debugging" depends on MAC80211_DEBUG_MENU depends on MAC80211_MESH ---help--- Selecting this option causes mac80211 to print out very verbose mesh powersave debugging messages (when mac80211 is taking part in a mesh network). Do not select this option. config MAC80211_TDLS_DEBUG bool "Verbose TDLS debugging" depends on MAC80211_DEBUG_MENU ---help--- Selecting this option causes mac80211 to print out very verbose TDLS selection debugging messages (when mac80211 is a TDLS STA). It should not be selected on production systems as those messages are remotely triggerable. Do not select this option. config MAC80211_DEBUG_COUNTERS bool "Extra statistics for TX/RX debugging" depends on MAC80211_DEBUG_MENU depends on MAC80211_DEBUGFS ---help--- Selecting this option causes mac80211 to keep additional and very verbose statistics about TX and RX handler use as well as a few selected dot11 counters. These will be exposed in debugfs. Note that some of the counters are not concurrency safe and may thus not always be accurate. If unsure, say N. config MAC80211_STA_HASH_MAX_SIZE int "Station hash table maximum size" if MAC80211_DEBUG_MENU default 0 ---help--- Setting this option to a low value (e.g. 4) allows testing the hash table with collisions relatively deterministically (just connect more stations than the number selected here.) If unsure, leave the default of 0. ��mac80211/Makefile��0000644��00000002067�14722053255�0007352 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 obj-$(CONFIG_MAC80211) += mac80211.o # mac80211 objects mac80211-y := \ main.o status.o \ driver-ops.o \ sta_info.o \ wep.o \ aead_api.o \ wpa.o \ scan.o offchannel.o \ ht.o agg-tx.o agg-rx.o \ vht.o \ he.o \ ibss.o \ iface.o \ rate.o \ michael.o \ tkip.o \ aes_cmac.o \ aes_gmac.o \ fils_aead.o \ cfg.o \ ethtool.o \ rx.o \ spectmgmt.o \ tx.o \ key.o \ util.o \ wme.o \ chan.o \ trace.o mlme.o \ tdls.o \ ocb.o mac80211-$(CONFIG_MAC80211_LEDS) += led.o mac80211-$(CONFIG_MAC80211_DEBUGFS) += \ debugfs.o \ debugfs_sta.o \ debugfs_netdev.o \ debugfs_key.o mac80211-$(CONFIG_MAC80211_MESH) += \ mesh.o \ mesh_pathtbl.o \ mesh_plink.o \ mesh_hwmp.o \ mesh_sync.o \ mesh_ps.o mac80211-$(CONFIG_PM) += pm.o CFLAGS_trace.o := -I$(src) rc80211_minstrel-y := \ rc80211_minstrel.o \ rc80211_minstrel_ht.o rc80211_minstrel-$(CONFIG_MAC80211_DEBUGFS) += \ rc80211_minstrel_debugfs.o \ rc80211_minstrel_ht_debugfs.o mac80211-$(CONFIG_MAC80211_RC_MINSTREL) += $(rc80211_minstrel-y) ccflags-y += -DDEBUG ��xdp/Kconfig��0000644��00000000631�14722053255�0006647 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only config XDP_SOCKETS bool "XDP sockets" depends on BPF_SYSCALL default n help XDP sockets allows a channel between XDP programs and userspace applications. config XDP_SOCKETS_DIAG tristate "XDP sockets: monitoring interface" depends on XDP_SOCKETS default n help Support for PF_XDP sockets monitoring interface used by the ss tool. If unsure, say Y. ��xdp/Makefile��0000644��00000000217�14722053255�0007004 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only obj-$(CONFIG_XDP_SOCKETS) += xsk.o xdp_umem.o xsk_queue.o obj-$(CONFIG_XDP_SOCKETS_DIAG) += xsk_diag.o ��hsr/Kconfig��0000644��00000002171�14722053255�0006651 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # IEC 62439-3 High-availability Seamless Redundancy # config HSR tristate "High-availability Seamless Redundancy (HSR)" ---help--- If you say Y here, then your Linux box will be able to act as a DANH ("Doubly attached node implementing HSR"). For this to work, your Linux box needs (at least) two physical Ethernet interfaces, and it must be connected as a node in a ring network together with other HSR capable nodes. All Ethernet frames sent over the hsr device will be sent in both directions on the ring (over both slave ports), giving a redundant, instant fail-over network. Each HSR node in the ring acts like a bridge for HSR frames, but filters frames that have been forwarded earlier. This code is a "best effort" to comply with the HSR standard as described in IEC 62439-3:2010 (HSRv0) and IEC 62439-3:2012 (HSRv1), but no compliancy tests have been made. Use iproute2 to select the version you desire. You need to perform any and all necessary tests yourself before relying on this code in a safety critical system! If unsure, say N. ��hsr/Makefile��0000644��00000000346�14722053255�0007010 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Makefile for HSR # obj-$(CONFIG_HSR) += hsr.o hsr-y := hsr_main.o hsr_framereg.o hsr_device.o \ hsr_netlink.o hsr_slave.o hsr_forward.o hsr-$(CONFIG_DEBUG_FS) += hsr_debugfs.o ��batman-adv/Kconfig��0000644��00000007760�14722053255�0010100 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # Copyright (C) 2007-2019 B.A.T.M.A.N. contributors: # # Marek Lindner, Simon Wunderlich # # B.A.T.M.A.N meshing protocol # config BATMAN_ADV tristate "B.A.T.M.A.N. Advanced Meshing Protocol" depends on NET select LIBCRC32C help B.A.T.M.A.N. (better approach to mobile ad-hoc networking) is a routing protocol for multi-hop ad-hoc mesh networks. The networks may be wired or wireless. See https://www.open-mesh.org/ for more information and user space tools. config BATMAN_ADV_BATMAN_V bool "B.A.T.M.A.N. V protocol" depends on BATMAN_ADV && !(CFG80211=m && BATMAN_ADV=y) default y help This option enables the B.A.T.M.A.N. V protocol, the successor of the currently used B.A.T.M.A.N. IV protocol. The main changes include splitting of the OGM protocol into a neighbor discovery protocol (Echo Location Protocol, ELP) and a new OGM Protocol OGMv2 for flooding protocol information through the network, as well as a throughput based metric. B.A.T.M.A.N. V is currently considered experimental and not compatible to B.A.T.M.A.N. IV networks. config BATMAN_ADV_BLA bool "Bridge Loop Avoidance" depends on BATMAN_ADV && INET select CRC16 default y help This option enables BLA (Bridge Loop Avoidance), a mechanism to avoid Ethernet frames looping when mesh nodes are connected to both the same LAN and the same mesh. If you will never use more than one mesh node in the same LAN, you can safely remove this feature and save some space. config BATMAN_ADV_DAT bool "Distributed ARP Table" depends on BATMAN_ADV && INET default y help This option enables DAT (Distributed ARP Table), a DHT based mechanism that increases ARP reliability on sparse wireless mesh networks. If you think that your network does not need this option you can safely remove it and save some space. config BATMAN_ADV_NC bool "Network Coding" depends on BATMAN_ADV help This option enables network coding, a mechanism that aims to increase the overall network throughput by fusing multiple packets in one transmission. Note that interfaces controlled by batman-adv must be manually configured to have promiscuous mode enabled in order to make network coding work. If you think that your network does not need this feature you can safely disable it and save some space. config BATMAN_ADV_MCAST bool "Multicast optimisation" depends on BATMAN_ADV && INET && !(BRIDGE=m && BATMAN_ADV=y) default y help This option enables the multicast optimisation which aims to reduce the air overhead while improving the reliability of multicast messages. config BATMAN_ADV_DEBUGFS bool "batman-adv debugfs entries" depends on BATMAN_ADV depends on DEBUG_FS help Enable this to export routing related debug tables via debugfs. The information for each soft-interface and used hard-interface can be found under batman_adv/ If unsure, say N. config BATMAN_ADV_DEBUG bool "B.A.T.M.A.N. debugging" depends on BATMAN_ADV help This is an option for use by developers; most people should say N here. This enables compilation of support for outputting debugging information to the debugfs log or tracing buffer. The output is controlled via the batadv netdev specific log_level setting. config BATMAN_ADV_SYSFS bool "batman-adv sysfs entries" depends on BATMAN_ADV default y help Say Y here if you want to enable batman-adv device configuration and status interface through sysfs attributes. It is replaced by the batadv generic netlink family but still used by various userspace tools and scripts. If unsure, say Y. config BATMAN_ADV_TRACING bool "B.A.T.M.A.N. tracing support" depends on BATMAN_ADV depends on EVENT_TRACING help This is an option for use by developers; most people should say N here. Select this option to gather traces like the debug messages using the generic tracing infrastructure of the kernel. BATMAN_ADV_DEBUG must also be selected to get trace events for batadv_dbg. ��batman-adv/Makefile��0000644��00000002465�14722053255�0010232 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # Copyright (C) 2007-2019 B.A.T.M.A.N. contributors: # # Marek Lindner, Simon Wunderlich obj-$(CONFIG_BATMAN_ADV) += batman-adv.o batman-adv-y += bat_algo.o batman-adv-y += bat_iv_ogm.o batman-adv-$(CONFIG_BATMAN_ADV_BATMAN_V) += bat_v.o batman-adv-$(CONFIG_BATMAN_ADV_BATMAN_V) += bat_v_elp.o batman-adv-$(CONFIG_BATMAN_ADV_BATMAN_V) += bat_v_ogm.o batman-adv-y += bitarray.o batman-adv-$(CONFIG_BATMAN_ADV_BLA) += bridge_loop_avoidance.o batman-adv-$(CONFIG_BATMAN_ADV_DEBUGFS) += debugfs.o batman-adv-$(CONFIG_BATMAN_ADV_DAT) += distributed-arp-table.o batman-adv-y += fragmentation.o batman-adv-y += gateway_client.o batman-adv-y += gateway_common.o batman-adv-y += hard-interface.o batman-adv-y += hash.o batman-adv-$(CONFIG_BATMAN_ADV_DEBUGFS) += icmp_socket.o batman-adv-$(CONFIG_BATMAN_ADV_DEBUG) += log.o batman-adv-y += main.o batman-adv-$(CONFIG_BATMAN_ADV_MCAST) += multicast.o batman-adv-y += netlink.o batman-adv-$(CONFIG_BATMAN_ADV_NC) += network-coding.o batman-adv-y += originator.o batman-adv-y += routing.o batman-adv-y += send.o batman-adv-y += soft-interface.o batman-adv-$(CONFIG_BATMAN_ADV_SYSFS) += sysfs.o batman-adv-$(CONFIG_BATMAN_ADV_TRACING) += trace.o batman-adv-y += tp_meter.o batman-adv-y += translation-table.o batman-adv-y += tvlv.o CFLAGS_trace.o := -I$(src) ��psample/Kconfig��0000644��00000000661�14722053255�0007520 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # psample packet sampling configuration # menuconfig PSAMPLE depends on NET tristate "Packet-sampling netlink channel" default n help Say Y here to add support for packet-sampling netlink channel This netlink channel allows transferring packets alongside some metadata to userspace. To compile this support as a module, choose M here: the module will be called psample. ��psample/Makefile��0000644��00000000173�14722053255�0007653 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Makefile for the psample netlink channel # obj-$(CONFIG_PSAMPLE) += psample.o ��9p/Kconfig��0000644��00000001753�14722053255�0006412 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # 9P protocol configuration # menuconfig NET_9P depends on NET tristate "Plan 9 Resource Sharing Support (9P2000)" help If you say Y here, you will get experimental support for Plan 9 resource sharing via the 9P2000 protocol. See <http://v9fs.sf.net> for more information. If unsure, say N. if NET_9P config NET_9P_VIRTIO depends on VIRTIO tristate "9P Virtio Transport" help This builds support for a transports between guest partitions and a host partition. config NET_9P_XEN depends on XEN select XEN_XENBUS_FRONTEND tristate "9P Xen Transport" help This builds support for a transport for 9pfs between two Xen domains. config NET_9P_RDMA depends on INET && INFINIBAND && INFINIBAND_ADDR_TRANS tristate "9P RDMA Transport (Experimental)" help This builds support for an RDMA transport. config NET_9P_DEBUG bool "Debug information" help Say Y if you want the 9P subsystem to log debug information. endif ��9p/Makefile��0000644��00000000626�14722053255�0006545 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 obj-$(CONFIG_NET_9P) := 9pnet.o obj-$(CONFIG_NET_9P_XEN) += 9pnet_xen.o obj-$(CONFIG_NET_9P_VIRTIO) += 9pnet_virtio.o obj-$(CONFIG_NET_9P_RDMA) += 9pnet_rdma.o 9pnet-objs := \ mod.o \ client.o \ error.o \ protocol.o \ trans_fd.o \ trans_common.o \ 9pnet_virtio-objs := \ trans_virtio.o \ 9pnet_xen-objs := \ trans_xen.o \ 9pnet_rdma-objs := \ trans_rdma.o \ ��iucv/Kconfig��0000644��00000001140�14722053255�0007016 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only config IUCV depends on S390 def_tristate y if S390 prompt "IUCV support (S390 - z/VM only)" help Select this option if you want to use inter-user communication under VM or VIF. If you run on z/VM, say "Y" to enable a fast communication link between VM guests. config AFIUCV depends on S390 def_tristate m if QETH_L3 \|\| IUCV prompt "AF_IUCV Socket support (S390 - z/VM and HiperSockets transport)" help Select this option if you want to use AF_IUCV socket applications based on z/VM inter-user communication vehicle or based on HiperSockets. ��iucv/Makefile��0000644��00000000200�14722053255�0007147 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Makefile for IUCV # obj-$(CONFIG_IUCV) += iucv.o obj-$(CONFIG_AFIUCV) += af_iucv.o ��6lowpan/Kconfig��0000644��00000005360�14722053255�0007446 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only menuconfig 6LOWPAN tristate "6LoWPAN Support" depends on IPV6 ---help--- This enables IPv6 over Low power Wireless Personal Area Network - "6LoWPAN" which is supported by IEEE 802.15.4 or Bluetooth stacks. config 6LOWPAN_DEBUGFS bool "6LoWPAN debugfs support" depends on 6LOWPAN depends on DEBUG_FS ---help--- This enables 6LoWPAN debugfs support. For example to manipulate IPHC context information at runtime. menuconfig 6LOWPAN_NHC tristate "Next Header and Generic Header Compression Support" depends on 6LOWPAN default y ---help--- Support for next header and generic header compression defined in RFC6282 and RFC7400. if 6LOWPAN_NHC config 6LOWPAN_NHC_DEST tristate "Destination Options Header Support" default y ---help--- 6LoWPAN IPv6 Destination Options Header compression according to RFC6282. config 6LOWPAN_NHC_FRAGMENT tristate "Fragment Header Support" default y ---help--- 6LoWPAN IPv6 Fragment Header compression according to RFC6282. config 6LOWPAN_NHC_HOP tristate "Hop-by-Hop Options Header Support" default y ---help--- 6LoWPAN IPv6 Hop-by-Hop Options Header compression according to RFC6282. config 6LOWPAN_NHC_IPV6 tristate "IPv6 Header Support" default y ---help--- 6LoWPAN IPv6 Header compression according to RFC6282. config 6LOWPAN_NHC_MOBILITY tristate "Mobility Header Support" default y ---help--- 6LoWPAN IPv6 Mobility Header compression according to RFC6282. config 6LOWPAN_NHC_ROUTING tristate "Routing Header Support" default y ---help--- 6LoWPAN IPv6 Routing Header compression according to RFC6282. config 6LOWPAN_NHC_UDP tristate "UDP Header Support" default y ---help--- 6LoWPAN IPv6 UDP Header compression according to RFC6282. config 6LOWPAN_GHC_EXT_HDR_HOP tristate "GHC Hop-by-Hop Options Header Support" ---help--- 6LoWPAN IPv6 Hop-by-Hop option generic header compression according to RFC7400. config 6LOWPAN_GHC_UDP tristate "GHC UDP Support" ---help--- 6LoWPAN IPv6 UDP generic header compression according to RFC7400. config 6LOWPAN_GHC_ICMPV6 tristate "GHC ICMPv6 Support" ---help--- 6LoWPAN IPv6 ICMPv6 generic header compression according to RFC7400. config 6LOWPAN_GHC_EXT_HDR_DEST tristate "GHC Destination Options Header Support" ---help--- 6LoWPAN IPv6 destination option generic header compression according to RFC7400. config 6LOWPAN_GHC_EXT_HDR_FRAG tristate "GHC Fragmentation Options Header Support" ---help--- 6LoWPAN IPv6 fragmentation option generic header compression according to RFC7400. config 6LOWPAN_GHC_EXT_HDR_ROUTE tristate "GHC Routing Options Header Support" ---help--- 6LoWPAN IPv6 routing option generic header compression according to RFC7400. endif ��6lowpan/Makefile��0000644��00000001542�14722053255�0007601 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 obj-$(CONFIG_6LOWPAN) += 6lowpan.o 6lowpan-y := core.o iphc.o nhc.o ndisc.o 6lowpan-$(CONFIG_6LOWPAN_DEBUGFS) += debugfs.o #rfc6282 nhcs obj-$(CONFIG_6LOWPAN_NHC_DEST) += nhc_dest.o obj-$(CONFIG_6LOWPAN_NHC_FRAGMENT) += nhc_fragment.o obj-$(CONFIG_6LOWPAN_NHC_HOP) += nhc_hop.o obj-$(CONFIG_6LOWPAN_NHC_IPV6) += nhc_ipv6.o obj-$(CONFIG_6LOWPAN_NHC_MOBILITY) += nhc_mobility.o obj-$(CONFIG_6LOWPAN_NHC_ROUTING) += nhc_routing.o obj-$(CONFIG_6LOWPAN_NHC_UDP) += nhc_udp.o #rfc7400 ghcs obj-$(CONFIG_6LOWPAN_GHC_EXT_HDR_HOP) += nhc_ghc_ext_hop.o obj-$(CONFIG_6LOWPAN_GHC_UDP) += nhc_ghc_udp.o obj-$(CONFIG_6LOWPAN_GHC_ICMPV6) += nhc_ghc_icmpv6.o obj-$(CONFIG_6LOWPAN_GHC_EXT_HDR_DEST) += nhc_ghc_ext_dest.o obj-$(CONFIG_6LOWPAN_GHC_EXT_HDR_FRAG) += nhc_ghc_ext_frag.o obj-$(CONFIG_6LOWPAN_GHC_EXT_HDR_ROUTE) += nhc_ghc_ext_route.o ��802/Kconfig��0000644��00000000202�14722053255�0006357 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only config STP tristate select LLC config GARP tristate select STP config MRP tristate ��802/Makefile��0000644��00000000745�14722053255�0006530 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for the Linux 802.x protocol layers. # # Check the p8022 selections against net/core/Makefile. obj-$(CONFIG_LLC) += p8022.o psnap.o obj-$(CONFIG_NET_FC) += fc.o obj-$(CONFIG_FDDI) += fddi.o obj-$(CONFIG_HIPPI) += hippi.o obj-$(CONFIG_IPX) += p8022.o psnap.o p8023.o obj-$(CONFIG_ATALK) += p8022.o psnap.o obj-$(CONFIG_STP) += stp.o obj-$(CONFIG_GARP) += garp.o obj-$(CONFIG_MRP) += mrp.o ��netlabel/Kconfig��0000644��00000000774�14722053255�0007652 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # NetLabel configuration # config NETLABEL bool "NetLabel subsystem support" depends on SECURITY select CRC_CCITT if IPV6 default n ---help--- NetLabel provides support for explicit network packet labeling protocols such as CIPSO and RIPSO. For more information see Documentation/netlabel as well as the NetLabel SourceForge project for configuration tools and additional documentation. * http://netlabel.sf.net If you are unsure, say N. ��netlabel/Makefile��0000644��00000000556�14722053255�0010005 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for the NetLabel subsystem. # # base objects obj-y := netlabel_user.o netlabel_kapi.o obj-y += netlabel_domainhash.o netlabel_addrlist.o # management objects obj-y += netlabel_mgmt.o # protocol modules obj-y += netlabel_unlabeled.o obj-y += netlabel_cipso_v4.o obj-$(subst m,y,$(CONFIG_IPV6)) += netlabel_calipso.o ��tipc/Kconfig��0000644��00000002457�14722053255�0007023 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # TIPC configuration # menuconfig TIPC tristate "The TIPC Protocol" depends on INET ---help--- The Transparent Inter Process Communication (TIPC) protocol is specially designed for intra cluster communication. This protocol originates from Ericsson where it has been used in carrier grade cluster applications for many years. For more information about TIPC, see http://tipc.sourceforge.net. This protocol support is also available as a module ( = code which can be inserted in and removed from the running kernel whenever you want). The module will be called tipc. If you want to compile it as a module, say M here and read <file:Documentation/kbuild/modules.rst>. If in doubt, say N. config TIPC_MEDIA_IB bool "InfiniBand media type support" depends on TIPC && INFINIBAND_IPOIB help Saying Y here will enable support for running TIPC on IP-over-InfiniBand devices. config TIPC_MEDIA_UDP bool "IP/UDP media type support" depends on TIPC select NET_UDP_TUNNEL help Saying Y here will enable support for running TIPC over IP/UDP bool default y config TIPC_DIAG tristate "TIPC: socket monitoring interface" depends on TIPC default y ---help--- Support for TIPC socket monitoring interface used by ss tool. If unsure, say Y. ��tipc/Makefile��0000644��00000001045�14722053255�0007150 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for the Linux TIPC layer # obj-$(CONFIG_TIPC) := tipc.o tipc-y += addr.o bcast.o bearer.o \ core.o link.o discover.o msg.o \ name_distr.o subscr.o monitor.o name_table.o net.o \ netlink.o netlink_compat.o node.o socket.o eth_media.o \ topsrv.o socket.o group.o trace.o CFLAGS_trace.o += -I$(src) tipc-$(CONFIG_TIPC_MEDIA_UDP) += udp_media.o tipc-$(CONFIG_TIPC_MEDIA_IB) += ib_media.o tipc-$(CONFIG_SYSCTL) += sysctl.o obj-$(CONFIG_TIPC_DIAG) += diag.o tipc_diag-y := diag.o ��sctp/Kconfig��0000644��00000005366�14722053255�0007037 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # SCTP configuration # menuconfig IP_SCTP tristate "The SCTP Protocol" depends on INET depends on IPV6 \|\| IPV6=n select CRYPTO select CRYPTO_HMAC select CRYPTO_SHA1 select LIBCRC32C ---help--- Stream Control Transmission Protocol From RFC 2960 <http://www.ietf.org/rfc/rfc2960.txt>. "SCTP is a reliable transport protocol operating on top of a connectionless packet network such as IP. It offers the following services to its users: -- acknowledged error-free non-duplicated transfer of user data, -- data fragmentation to conform to discovered path MTU size, -- sequenced delivery of user messages within multiple streams, with an option for order-of-arrival delivery of individual user messages, -- optional bundling of multiple user messages into a single SCTP packet, and -- network-level fault tolerance through supporting of multi- homing at either or both ends of an association." To compile this protocol support as a module, choose M here: the module will be called sctp. Debug messages are handeled by the kernel's dynamic debugging framework. If in doubt, say N. if IP_SCTP config SCTP_DBG_OBJCNT bool "SCTP: Debug object counts" depends on PROC_FS help If you say Y, this will enable debugging support for counting the type of objects that are currently allocated. This is useful for identifying memory leaks. This debug information can be viewed by 'cat /proc/net/sctp/sctp_dbg_objcnt' If unsure, say N choice prompt "Default SCTP cookie HMAC encoding" default SCTP_DEFAULT_COOKIE_HMAC_MD5 help This option sets the default sctp cookie hmac algorithm when in doubt select 'md5' config SCTP_DEFAULT_COOKIE_HMAC_MD5 bool "Enable optional MD5 hmac cookie generation" help Enable optional MD5 hmac based SCTP cookie generation select SCTP_COOKIE_HMAC_MD5 config SCTP_DEFAULT_COOKIE_HMAC_SHA1 bool "Enable optional SHA1 hmac cookie generation" help Enable optional SHA1 hmac based SCTP cookie generation select SCTP_COOKIE_HMAC_SHA1 config SCTP_DEFAULT_COOKIE_HMAC_NONE bool "Use no hmac alg in SCTP cookie generation" help Use no hmac algorithm in SCTP cookie generation endchoice config SCTP_COOKIE_HMAC_MD5 bool "Enable optional MD5 hmac cookie generation" help Enable optional MD5 hmac based SCTP cookie generation select CRYPTO_HMAC if SCTP_COOKIE_HMAC_MD5 select CRYPTO_MD5 if SCTP_COOKIE_HMAC_MD5 config SCTP_COOKIE_HMAC_SHA1 bool "Enable optional SHA1 hmac cookie generation" help Enable optional SHA1 hmac based SCTP cookie generation select CRYPTO_HMAC if SCTP_COOKIE_HMAC_SHA1 select CRYPTO_SHA1 if SCTP_COOKIE_HMAC_SHA1 config INET_SCTP_DIAG depends on INET_DIAG def_tristate INET_DIAG endif # IP_SCTP ��sctp/Makefile��0000644��00000001277�14722053255�0007171 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for SCTP support code. # obj-$(CONFIG_IP_SCTP) += sctp.o obj-$(CONFIG_INET_SCTP_DIAG) += sctp_diag.o sctp-y := sm_statetable.o sm_statefuns.o sm_sideeffect.o \ protocol.o endpointola.o associola.o \ transport.o chunk.o sm_make_chunk.o ulpevent.o \ inqueue.o outqueue.o ulpqueue.o \ tsnmap.o bind_addr.o socket.o primitive.o \ output.o input.o debug.o stream.o auth.o \ offload.o stream_sched.o stream_sched_prio.o \ stream_sched_rr.o stream_interleave.o sctp_diag-y := diag.o sctp-$(CONFIG_SCTP_DBG_OBJCNT) += objcnt.o sctp-$(CONFIG_PROC_FS) += proc.o sctp-$(CONFIG_SYSCTL) += sysctl.o sctp-$(subst m,y,$(CONFIG_IPV6)) += ipv6.o ��Kconfig��0000644��00000033376�14722053255�0006070 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Network configuration # menuconfig NET bool "Networking support" select NLATTR select GENERIC_NET_UTILS select BPF ---help--- Unless you really know what you are doing, you should say Y here. The reason is that some programs need kernel networking support even when running on a stand-alone machine that isn't connected to any other computer. If you are upgrading from an older kernel, you should consider updating your networking tools too because changes in the kernel and the tools often go hand in hand. The tools are contained in the package net-tools, the location and version number of which are given in <file:Documentation/Changes>. For a general introduction to Linux networking, it is highly recommended to read the NET-HOWTO, available from <http://www.tldp.org/docs.html#howto>. if NET config WANT_COMPAT_NETLINK_MESSAGES bool help This option can be selected by other options that need compat netlink messages. config COMPAT_NETLINK_MESSAGES def_bool y depends on COMPAT depends on WEXT_CORE \|\| WANT_COMPAT_NETLINK_MESSAGES help This option makes it possible to send different netlink messages to tasks depending on whether the task is a compat task or not. To achieve this, you need to set skb_shinfo(skb)->frag_list to the compat skb before sending the skb, the netlink code will sort out which message to actually pass to the task. Newly written code should NEVER need this option but do compat-independent messages instead! config NET_INGRESS bool config NET_EGRESS bool config NET_REDIRECT bool config SKB_EXTENSIONS bool menu "Networking options" source "net/packet/Kconfig" source "net/unix/Kconfig" source "net/tls/Kconfig" source "net/xfrm/Kconfig" source "net/iucv/Kconfig" source "net/smc/Kconfig" source "net/xdp/Kconfig" config INET bool "TCP/IP networking" ---help--- These are the protocols used on the Internet and on most local Ethernets. It is highly recommended to say Y here (this will enlarge your kernel by about 400 KB), since some programs (e.g. the X window system) use TCP/IP even if your machine is not connected to any other computer. You will get the so-called loopback device which allows you to ping yourself (great fun, that!). For an excellent introduction to Linux networking, please read the Linux Networking HOWTO, available from <http://www.tldp.org/docs.html#howto>. If you say Y here and also to "/proc file system support" and "Sysctl support" below, you can change various aspects of the behavior of the TCP/IP code by writing to the (virtual) files in /proc/sys/net/ipv4/; the options are explained in the file <file:Documentation/networking/ip-sysctl.txt>. Short answer: say Y. if INET source "net/ipv4/Kconfig" source "net/ipv6/Kconfig" source "net/netlabel/Kconfig" endif # if INET config NETWORK_SECMARK bool "Security Marking" help This enables security marking of network packets, similar to nfmark, but designated for security purposes. If you are unsure how to answer this question, answer N. config NET_PTP_CLASSIFY def_bool n config NETWORK_PHY_TIMESTAMPING bool "Timestamping in PHY devices" select NET_PTP_CLASSIFY help This allows timestamping of network packets by PHYs with hardware timestamping capabilities. This option adds some overhead in the transmit and receive paths. If you are unsure how to answer this question, answer N. menuconfig NETFILTER bool "Network packet filtering framework (Netfilter)" ---help--- Netfilter is a framework for filtering and mangling network packets that pass through your Linux box. The most common use of packet filtering is to run your Linux box as a firewall protecting a local network from the Internet. The type of firewall provided by this kernel support is called a "packet filter", which means that it can reject individual network packets based on type, source, destination etc. The other kind of firewall, a "proxy-based" one, is more secure but more intrusive and more bothersome to set up; it inspects the network traffic much more closely, modifies it and has knowledge about the higher level protocols, which a packet filter lacks. Moreover, proxy-based firewalls often require changes to the programs running on the local clients. Proxy-based firewalls don't need support by the kernel, but they are often combined with a packet filter, which only works if you say Y here. You should also say Y here if you intend to use your Linux box as the gateway to the Internet for a local network of machines without globally valid IP addresses. This is called "masquerading": if one of the computers on your local network wants to send something to the outside, your box can "masquerade" as that computer, i.e. it forwards the traffic to the intended outside destination, but modifies the packets to make it look like they came from the firewall box itself. It works both ways: if the outside host replies, the Linux box will silently forward the traffic to the correct local computer. This way, the computers on your local net are completely invisible to the outside world, even though they can reach the outside and can receive replies. It is even possible to run globally visible servers from within a masqueraded local network using a mechanism called portforwarding. Masquerading is also often called NAT (Network Address Translation). Another use of Netfilter is in transparent proxying: if a machine on the local network tries to connect to an outside host, your Linux box can transparently forward the traffic to a local server, typically a caching proxy server. Yet another use of Netfilter is building a bridging firewall. Using a bridge with Network packet filtering enabled makes iptables "see" the bridged traffic. For filtering on the lower network and Ethernet protocols over the bridge, use ebtables (under bridge netfilter configuration). Various modules exist for netfilter which replace the previous masquerading (ipmasqadm), packet filtering (ipchains), transparent proxying, and portforwarding mechanisms. Please see <file:Documentation/Changes> under "iptables" for the location of these packages. if NETFILTER config NETFILTER_ADVANCED bool "Advanced netfilter configuration" depends on NETFILTER default y help If you say Y here you can select between all the netfilter modules. If you say N the more unusual ones will not be shown and the basic ones needed by most people will default to 'M'. If unsure, say Y. config BRIDGE_NETFILTER tristate "Bridged IP/ARP packets filtering" depends on BRIDGE depends on NETFILTER && INET depends on NETFILTER_ADVANCED select NETFILTER_FAMILY_BRIDGE select SKB_EXTENSIONS default m ---help--- Enabling this option will let arptables resp. iptables see bridged ARP resp. IP traffic. If you want a bridging firewall, you probably want this option enabled. Enabling or disabling this option doesn't enable or disable ebtables. If unsure, say N. source "net/netfilter/Kconfig" source "net/ipv4/netfilter/Kconfig" source "net/ipv6/netfilter/Kconfig" source "net/bridge/netfilter/Kconfig" endif source "net/bpfilter/Kconfig" source "net/dccp/Kconfig" source "net/sctp/Kconfig" source "net/rds/Kconfig" source "net/tipc/Kconfig" source "net/atm/Kconfig" source "net/l2tp/Kconfig" source "net/802/Kconfig" source "net/bridge/Kconfig" source "net/dsa/Kconfig" source "net/8021q/Kconfig" source "net/llc/Kconfig" source "drivers/net/appletalk/Kconfig" source "net/x25/Kconfig" source "net/lapb/Kconfig" source "net/phonet/Kconfig" source "net/6lowpan/Kconfig" source "net/ieee802154/Kconfig" source "net/mac802154/Kconfig" source "net/sched/Kconfig" source "net/dcb/Kconfig" source "net/dns_resolver/Kconfig" source "net/batman-adv/Kconfig" source "net/openvswitch/Kconfig" source "net/vmw_vsock/Kconfig" source "net/netlink/Kconfig" source "net/mpls/Kconfig" source "net/nsh/Kconfig" source "net/hsr/Kconfig" source "net/switchdev/Kconfig" source "net/l3mdev/Kconfig" source "net/qrtr/Kconfig" source "net/ncsi/Kconfig" config RPS bool depends on SMP && SYSFS default y config RFS_ACCEL bool depends on RPS select CPU_RMAP default y config XPS bool depends on SMP default y config HWBM bool config CGROUP_NET_PRIO bool "Network priority cgroup" depends on CGROUPS select SOCK_CGROUP_DATA ---help--- Cgroup subsystem for use in assigning processes to network priorities on a per-interface basis. config CGROUP_NET_CLASSID bool "Network classid cgroup" depends on CGROUPS select SOCK_CGROUP_DATA ---help--- Cgroup subsystem for use as general purpose socket classid marker that is being used in cls_cgroup and for netfilter matching. config NET_RX_BUSY_POLL bool default y config BQL bool depends on SYSFS select DQL default y config BPF_JIT bool "enable BPF Just In Time compiler" depends on HAVE_CBPF_JIT \|\| HAVE_EBPF_JIT depends on MODULES ---help--- Berkeley Packet Filter filtering capabilities are normally handled by an interpreter. This option allows kernel to generate a native code when filter is loaded in memory. This should speedup packet sniffing (libpcap/tcpdump). Note, admin should enable this feature changing: /proc/sys/net/core/bpf_jit_enable /proc/sys/net/core/bpf_jit_harden (optional) /proc/sys/net/core/bpf_jit_kallsyms (optional) config BPF_STREAM_PARSER bool "enable BPF STREAM_PARSER" depends on INET depends on BPF_SYSCALL depends on CGROUP_BPF select STREAM_PARSER select NET_SOCK_MSG ---help--- Enabling this allows a stream parser to be used with BPF_MAP_TYPE_SOCKMAP. BPF_MAP_TYPE_SOCKMAP provides a map type to use with network sockets. It can be used to enforce socket policy, implement socket redirects, etc. config NET_FLOW_LIMIT bool depends on RPS default y ---help--- The network stack has to drop packets when a receive processing CPU's backlog reaches netdev_max_backlog. If a few out of many active flows generate the vast majority of load, drop their traffic earlier to maintain capacity for the other flows. This feature provides servers with many clients some protection against DoS by a single (spoofed) flow that greatly exceeds average workload. menu "Network testing" config NET_PKTGEN tristate "Packet Generator (USE WITH CAUTION)" depends on INET && PROC_FS ---help--- This module will inject preconfigured packets, at a configurable rate, out of a given interface. It is used for network interface stress testing and performance analysis. If you don't understand what was just said, you don't need it: say N. Documentation on how to use the packet generator can be found at <file:Documentation/networking/pktgen.txt>. To compile this code as a module, choose M here: the module will be called pktgen. config NET_DROP_MONITOR tristate "Network packet drop alerting service" depends on INET && TRACEPOINTS ---help--- This feature provides an alerting service to userspace in the event that packets are discarded in the network stack. Alerts are broadcast via netlink socket to any listening user space process. If you don't need network drop alerts, or if you are ok just checking the various proc files and other utilities for drop statistics, say N here. endmenu endmenu source "net/ax25/Kconfig" source "net/can/Kconfig" source "net/bluetooth/Kconfig" source "net/rxrpc/Kconfig" source "net/kcm/Kconfig" source "net/strparser/Kconfig" config FIB_RULES bool menuconfig WIRELESS bool "Wireless" depends on !S390 default y if WIRELESS source "net/wireless/Kconfig" source "net/mac80211/Kconfig" endif # WIRELESS source "net/wimax/Kconfig" source "net/rfkill/Kconfig" source "net/9p/Kconfig" source "net/caif/Kconfig" source "net/ceph/Kconfig" source "net/nfc/Kconfig" source "net/psample/Kconfig" source "net/ife/Kconfig" config LWTUNNEL bool "Network light weight tunnels" ---help--- This feature provides an infrastructure to support light weight tunnels like mpls. There is no netdevice associated with a light weight tunnel endpoint. Tunnel encapsulation parameters are stored with light weight tunnel state associated with fib routes. config LWTUNNEL_BPF bool "Execute BPF program as route nexthop action" depends on LWTUNNEL && INET default y if LWTUNNEL=y ---help--- Allows to run BPF programs as a nexthop action following a route lookup for incoming and outgoing packets. config DST_CACHE bool default n config GRO_CELLS bool default n config SOCK_VALIDATE_XMIT bool config NET_SOCK_MSG bool default n help The NET_SOCK_MSG provides a framework for plain sockets (e.g. TCP) or ULPs (upper layer modules, e.g. TLS) to process L7 application data with the help of BPF programs. config NET_DEVLINK bool default n imply NET_DROP_MONITOR config PAGE_POOL bool config FAILOVER tristate "Generic failover module" help The failover module provides a generic interface for paravirtual drivers to register a netdev and a set of ops with a failover instance. The ops are used as event handlers that get called to handle netdev register/unregister/link change/name change events on slave pci ethernet devices with the same mac address as the failover netdev. This enables paravirtual drivers to use a VF as an accelerated low latency datapath. It also allows live migration of VMs with direct attached VFs by failing over to the paravirtual datapath when the VF is unplugged. endif # if NET # Used by archs to tell that they support BPF JIT compiler plus which flavour. # Only one of the two can be selected for a specific arch since eBPF JIT supersedes # the cBPF JIT. # Classic BPF JIT (cBPF) config HAVE_CBPF_JIT bool # Extended BPF JIT (eBPF) config HAVE_EBPF_JIT bool ��nsh/Kconfig��0000644��00000000532�14722053255�0006644 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only menuconfig NET_NSH tristate "Network Service Header (NSH) protocol" default n ---help--- Network Service Header is an implementation of Service Function Chaining (RFC 7665). The current implementation in Linux supports only MD type 1 and only with the openvswitch module. If unsure, say N. ��nsh/Makefile��0000644��00000000107�14722053255�0006777 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only obj-$(CONFIG_NET_NSH) += nsh.o ��x25/Kconfig��0000644��00000003112�14722053255�0006467 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # CCITT X.25 Packet Layer # config X25 tristate "CCITT X.25 Packet Layer" ---help--- X.25 is a set of standardized network protocols, similar in scope to frame relay; the one physical line from your box to the X.25 network entry point can carry several logical point-to-point connections (called "virtual circuits") to other computers connected to the X.25 network. Governments, banks, and other organizations tend to use it to connect to each other or to form Wide Area Networks (WANs). Many countries have public X.25 networks. X.25 consists of two protocols: the higher level Packet Layer Protocol (PLP) (say Y here if you want that) and the lower level data link layer protocol LAPB (say Y to "LAPB Data Link Driver" below if you want that). You can read more about X.25 at <http://www.sangoma.com/tutorials/x25/> and <http://docwiki.cisco.com/wiki/X.25>. Information about X.25 for Linux is contained in the files <file:Documentation/networking/x25.txt> and <file:Documentation/networking/x25-iface.txt>. One connects to an X.25 network either with a dedicated network card using the X.21 protocol (not yet supported by Linux) or one can do X.25 over a standard telephone line using an ordinary modem (say Y to "X.25 async driver" below) or over Ethernet using an ordinary Ethernet card and the LAPB over Ethernet (say Y to "LAPB Data Link Driver" and "LAPB over Ethernet driver" below). To compile this driver as a module, choose M here: the module will be called x25. If unsure, say N. ��x25/Makefile��0000644��00000000462�14722053255�0006631 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for the Linux X.25 Packet layer. # obj-$(CONFIG_X25) += x25.o x25-y := af_x25.o x25_dev.o x25_facilities.o x25_in.o \ x25_link.o x25_out.o x25_route.o x25_subr.o \ x25_timer.o x25_proc.o x25_forward.o x25-$(CONFIG_SYSCTL) += sysctl_net_x25.o ��phonet/Kconfig��0000644��00000001054�14722053255�0007351 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Phonet protocol # config PHONET tristate "Phonet protocols family" help The Phone Network protocol (PhoNet) is a packet-oriented communication protocol developed by Nokia for use with its modems. This is required for Maemo to use cellular data connectivity (if supported). It can also be used to control Nokia phones from a Linux computer, although AT commands may be easier to use. To compile this driver as a module, choose M here: the module will be called phonet. If unsure, say N. ��phonet/Makefile��0000644��00000000311�14722053255�0007501 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 obj-$(CONFIG_PHONET) += phonet.o pn_pep.o phonet-y := \ pn_dev.o \ pn_netlink.o \ socket.o \ datagram.o \ sysctl.o \ af_phonet.o pn_pep-y := pep.o pep-gprs.o ��ncsi/Kconfig��0000644��00000001064�14722053255�0007011 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Configuration for NCSI support # config NET_NCSI bool "NCSI interface support" depends on INET ---help--- This module provides NCSI (Network Controller Sideband Interface) support. Enable this only if your system connects to a network device via NCSI and the ethernet driver you're using supports the protocol explicitly. config NCSI_OEM_CMD_GET_MAC bool "Get NCSI OEM MAC Address" depends on NET_NCSI ---help--- This allows to get MAC address from NCSI firmware and set them back to controller. ��ncsi/Makefile��0000644��00000000234�14722053255�0007144 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Makefile for NCSI API # obj-$(CONFIG_NET_NCSI) += ncsi-cmd.o ncsi-rsp.o ncsi-aen.o ncsi-manage.o ncsi-netlink.o ��sunrpc/xprtrdma/Makefile��0000644��00000000472�14722053255�0011367 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 obj-$(CONFIG_SUNRPC_XPRT_RDMA) += rpcrdma.o rpcrdma-y := transport.o rpc_rdma.o verbs.o frwr_ops.o \ svc_rdma.o svc_rdma_backchannel.o svc_rdma_transport.o \ svc_rdma_sendto.o svc_rdma_recvfrom.o svc_rdma_rw.o \ module.o rpcrdma-$(CONFIG_SUNRPC_BACKCHANNEL) += backchannel.o ��sunrpc/auth_gss/Makefile��0000644��00000000711�14722053255�0011337 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for Linux kernel rpcsec_gss implementation # obj-$(CONFIG_SUNRPC_GSS) += auth_rpcgss.o auth_rpcgss-y := auth_gss.o gss_generic_token.o \ gss_mech_switch.o svcauth_gss.o \ gss_rpc_upcall.o gss_rpc_xdr.o trace.o obj-$(CONFIG_RPCSEC_GSS_KRB5) += rpcsec_gss_krb5.o rpcsec_gss_krb5-y := gss_krb5_mech.o gss_krb5_seal.o gss_krb5_unseal.o \ gss_krb5_seqnum.o gss_krb5_wrap.o gss_krb5_crypto.o gss_krb5_keys.o ��sunrpc/Kconfig��0000644��00000004673�14722053255�0007400 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only config SUNRPC tristate depends on MULTIUSER config SUNRPC_GSS tristate select OID_REGISTRY depends on MULTIUSER config SUNRPC_BACKCHANNEL bool depends on SUNRPC config SUNRPC_SWAP bool depends on SUNRPC config RPCSEC_GSS_KRB5 tristate "Secure RPC: Kerberos V mechanism" depends on SUNRPC && CRYPTO depends on CRYPTO_MD5 && CRYPTO_DES && CRYPTO_CBC && CRYPTO_CTS depends on CRYPTO_ECB && CRYPTO_HMAC && CRYPTO_SHA1 && CRYPTO_AES depends on CRYPTO_ARC4 default y select SUNRPC_GSS help Choose Y here to enable Secure RPC using the Kerberos version 5 GSS-API mechanism (RFC 1964). Secure RPC calls with Kerberos require an auxiliary user-space daemon which may be found in the Linux nfs-utils package available from http://linux-nfs.org/. In addition, user-space Kerberos support should be installed. If unsure, say Y. config SUNRPC_DISABLE_INSECURE_ENCTYPES bool "Secure RPC: Disable insecure Kerberos encryption types" depends on RPCSEC_GSS_KRB5 default n help Choose Y here to disable the use of deprecated encryption types with the Kerberos version 5 GSS-API mechanism (RFC 1964). The deprecated encryption types include DES-CBC-MD5, DES-CBC-CRC, and DES-CBC-MD4. These types were deprecated by RFC 6649 because they were found to be insecure. N is the default because many sites have deployed KDCs and keytabs that contain only these deprecated encryption types. Choosing Y prevents the use of known-insecure encryption types but might result in compatibility problems. config SUNRPC_DEBUG bool "RPC: Enable dprintk debugging" depends on SUNRPC && SYSCTL select DEBUG_FS help This option enables a sysctl-based debugging interface that is be used by the 'rpcdebug' utility to turn on or off logging of different aspects of the kernel RPC activity. Disabling this option will make your kernel slightly smaller, but makes troubleshooting NFS issues significantly harder. If unsure, say Y. config SUNRPC_XPRT_RDMA tristate "RPC-over-RDMA transport" depends on SUNRPC && INFINIBAND && INFINIBAND_ADDR_TRANS default SUNRPC && INFINIBAND select SG_POOL help This option allows the NFS client and server to use RDMA transports (InfiniBand, iWARP, or RoCE). To compile this support as a module, choose M. The module will be called rpcrdma.ko. If unsure, or you know there is no RDMA capability on your hardware platform, say N. ��sunrpc/Makefile��0000644��00000001164�14722053255�0007525 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for Linux kernel SUN RPC # obj-$(CONFIG_SUNRPC) += sunrpc.o obj-$(CONFIG_SUNRPC_GSS) += auth_gss/ obj-$(CONFIG_SUNRPC_XPRT_RDMA) += xprtrdma/ sunrpc-y := clnt.o xprt.o socklib.o xprtsock.o sched.o \ auth.o auth_null.o auth_unix.o \ svc.o svcsock.o svcauth.o svcauth_unix.o \ addr.o rpcb_clnt.o timer.o xdr.o \ sunrpc_syms.o cache.o rpc_pipe.o \ svc_xprt.o \ xprtmultipath.o sunrpc-$(CONFIG_SUNRPC_DEBUG) += debugfs.o sunrpc-$(CONFIG_SUNRPC_BACKCHANNEL) += backchannel_rqst.o sunrpc-$(CONFIG_PROC_FS) += stats.o sunrpc-$(CONFIG_SYSCTL) += sysctl.o ��switchdev/Kconfig��0000644��00000000745�14722053255�0010062 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Configuration for Switch device support # config NET_SWITCHDEV bool "Switch (and switch-ish) device support" depends on INET ---help--- This module provides glue between core networking code and device drivers in order to support hardware switch chips in very generic meaning of the word "switch". This include devices supporting L2/L3 but also various flow offloading chips, including switches embedded into SR-IOV NICs. ��switchdev/Makefile��0000644��00000000175�14722053255�0010214 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Makefile for the Switch device API # obj-$(CONFIG_NET_SWITCHDEV) += switchdev.o ��key/Makefile��0000644��00000000152�14722053255�0006777 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Makefile for the key AF. # obj-$(CONFIG_NET_KEY) += af_key.o ��atm/Kconfig��0000644��00000005342�14722053255�0006641 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Asynchronous Transfer Mode (ATM) # config ATM tristate "Asynchronous Transfer Mode (ATM)" ---help--- ATM is a high-speed networking technology for Local Area Networks and Wide Area Networks. It uses a fixed packet size and is connection oriented, allowing for the negotiation of minimum bandwidth requirements. In order to participate in an ATM network, your Linux box needs an ATM networking card. If you have that, say Y here and to the driver of your ATM card below. Note that you need a set of user-space programs to actually make use of ATM. See the file <file:Documentation/networking/atm.txt> for further details. config ATM_CLIP tristate "Classical IP over ATM" depends on ATM && INET help Classical IP over ATM for PVCs and SVCs, supporting InARP and ATMARP. If you want to communication with other IP hosts on your ATM network, you will typically either say Y here or to "LAN Emulation (LANE)" below. config ATM_CLIP_NO_ICMP bool "Do NOT send ICMP if no neighbour" depends on ATM_CLIP help Normally, an "ICMP host unreachable" message is sent if a neighbour cannot be reached because there is no VC to it in the kernel's ATMARP table. This may cause problems when ATMARP table entries are briefly removed during revalidation. If you say Y here, packets to such neighbours are silently discarded instead. config ATM_LANE tristate "LAN Emulation (LANE) support" depends on ATM help LAN Emulation emulates services of existing LANs across an ATM network. Besides operating as a normal ATM end station client, Linux LANE client can also act as an proxy client bridging packets between ELAN and Ethernet segments. You need LANE if you want to try MPOA. config ATM_MPOA tristate "Multi-Protocol Over ATM (MPOA) support" depends on ATM && INET && ATM_LANE!=n help Multi-Protocol Over ATM allows ATM edge devices such as routers, bridges and ATM attached hosts establish direct ATM VCs across subnetwork boundaries. These shortcut connections bypass routers enhancing overall network performance. config ATM_BR2684 tristate "RFC1483/2684 Bridged protocols" depends on ATM && INET help ATM PVCs can carry ethernet PDUs according to RFC2684 (formerly 1483) This device will act like an ethernet from the kernels point of view, with the traffic being carried by ATM PVCs (currently 1 PVC/device). This is sometimes used over DSL lines. If in doubt, say N. config ATM_BR2684_IPFILTER bool "Per-VC IP filter kludge" depends on ATM_BR2684 help This is an experimental mechanism for users who need to terminate a large number of IP-only vcc's. Do not enable this unless you are sure you know what you are doing. ��atm/Makefile��0000644��00000000711�14722053255�0006771 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for the ATM Protocol Families. # atm-y := addr.o pvc.o signaling.o svc.o ioctl.o common.o atm_misc.o raw.o resources.o atm_sysfs.o mpoa-objs := mpc.o mpoa_caches.o mpoa_proc.o obj-$(CONFIG_ATM) += atm.o obj-$(CONFIG_ATM_CLIP) += clip.o obj-$(CONFIG_ATM_BR2684) += br2684.o atm-$(CONFIG_PROC_FS) += proc.o obj-$(CONFIG_ATM_LANE) += lec.o obj-$(CONFIG_ATM_MPOA) += mpoa.o obj-$(CONFIG_PPPOATM) += pppoatm.o ��bpfilter/Kconfig��0000644��00000000736�14722053255�0007671 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only menuconfig BPFILTER bool "BPF based packet filtering framework (BPFILTER)" depends on NET && BPF && INET help This builds experimental bpfilter framework that is aiming to provide netfilter compatible functionality via BPF if BPFILTER config BPFILTER_UMH tristate "bpfilter kernel module with user mode helper" depends on CC_CAN_LINK default m help This builds bpfilter kernel module with embedded user mode helper endif ��bpfilter/Makefile��0000644��00000001151�14722053255�0010016 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for the Linux BPFILTER layer. # hostprogs-y := bpfilter_umh bpfilter_umh-objs := main.o KBUILD_HOSTCFLAGS += -I $(srctree)/tools/include/ -I $(srctree)/tools/include/uapi HOSTCC := $(CC) ifeq ($(CONFIG_BPFILTER_UMH), y) # builtin bpfilter_umh should be compiled with -static # since rootfs isn't mounted at the time of __init # function is called and do_execv won't find elf interpreter KBUILD_HOSTLDFLAGS += -static endif $(obj)/bpfilter_umh_blob.o: $(obj)/bpfilter_umh obj-$(CONFIG_BPFILTER_UMH) += bpfilter.o bpfilter-objs += bpfilter_kern.o bpfilter_umh_blob.o ��ax25/Kconfig��0000644��00000011460�14722053255�0006635 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Amateur Radio protocols and AX.25 device configuration # menuconfig HAMRADIO depends on NET && !S390 bool "Amateur Radio support" help If you want to connect your Linux box to an amateur radio, answer Y here. You want to read <http://www.tapr.org/> and more specifically about AX.25 on Linux <http://www.linux-ax25.org/>. Note that the answer to this question won't directly affect the kernel: saying N will just cause the configurator to skip all the questions about amateur radio. comment "Packet Radio protocols" depends on HAMRADIO config AX25 tristate "Amateur Radio AX.25 Level 2 protocol" depends on HAMRADIO help This is the protocol used for computer communication over amateur radio. It is either used by itself for point-to-point links, or to carry other protocols such as tcp/ip. To use it, you need a device that connects your Linux box to your amateur radio. You can either use a low speed TNC (a Terminal Node Controller acts as a kind of modem connecting your computer's serial port to your radio's microphone input and speaker output) supporting the KISS protocol or one of the various SCC cards that are supported by the generic Z8530 or the DMA SCC driver. Another option are the Baycom modem serial and parallel port hacks or the sound card modem (supported by their own drivers). If you say Y here, you also have to say Y to one of those drivers. Information about where to get supporting software for Linux amateur radio as well as information about how to configure an AX.25 port is contained in the AX25-HOWTO, available from <http://www.tldp.org/docs.html#howto>. You might also want to check out the file <file:Documentation/networking/ax25.txt> in the kernel source. More information about digital amateur radio in general is on the WWW at <http://www.tapr.org/>. To compile this driver as a module, choose M here: the module will be called ax25. config AX25_DAMA_SLAVE bool "AX.25 DAMA Slave support" default y depends on AX25 help DAMA is a mechanism to prevent collisions when doing AX.25 networking. A DAMA server (called "master") accepts incoming traffic from clients (called "slaves") and redistributes it to other slaves. If you say Y here, your Linux box will act as a DAMA slave; this is transparent in that you don't have to do any special DAMA configuration. Linux cannot yet act as a DAMA server. This option only compiles DAMA slave support into the kernel. It still needs to be enabled at runtime. For more about DAMA see <http://www.linux-ax25.org>. If unsure, say Y. # placeholder until implemented config AX25_DAMA_MASTER bool 'AX.25 DAMA Master support' depends on AX25_DAMA_SLAVE && BROKEN help DAMA is a mechanism to prevent collisions when doing AX.25 networking. A DAMA server (called "master") accepts incoming traffic from clients (called "slaves") and redistributes it to other slaves. If you say Y here, your Linux box will act as a DAMA master; this is transparent in that you don't have to do any special DAMA configuration. Linux cannot yet act as a DAMA server. This option only compiles DAMA slave support into the kernel. It still needs to be explicitly enabled, so if unsure, say Y. config NETROM tristate "Amateur Radio NET/ROM protocol" depends on AX25 help NET/ROM is a network layer protocol on top of AX.25 useful for routing. A comprehensive listing of all the software for Linux amateur radio users as well as information about how to configure an AX.25 port is contained in the Linux Ham Wiki, available from <http://www.linux-ax25.org>. You also might want to check out the file <file:Documentation/networking/ax25.txt>. More information about digital amateur radio in general is on the WWW at <http://www.tapr.org/>. To compile this driver as a module, choose M here: the module will be called netrom. config ROSE tristate "Amateur Radio X.25 PLP (Rose)" depends on AX25 help The Packet Layer Protocol (PLP) is a way to route packets over X.25 connections in general and amateur radio AX.25 connections in particular, essentially an alternative to NET/ROM. A comprehensive listing of all the software for Linux amateur radio users as well as information about how to configure an AX.25 port is contained in the Linux Ham Wiki, available from <http://www.linux-ax25.org>. You also might want to check out the file <file:Documentation/networking/ax25.txt>. More information about digital amateur radio in general is on the WWW at <http://www.tapr.org/>. To compile this driver as a module, choose M here: the module will be called rose. menu "AX.25 network device drivers" depends on HAMRADIO && AX25 source "drivers/net/hamradio/Kconfig" endmenu ��ax25/Makefile��0000644��00000000653�14722053255�0006774 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for the Linux AX.25 layer. # obj-$(CONFIG_AX25) += ax25.o ax25-y := ax25_addr.o ax25_dev.o ax25_iface.o ax25_in.o ax25_ip.o ax25_out.o \ ax25_route.o ax25_std_in.o ax25_std_subr.o ax25_std_timer.o \ ax25_subr.o ax25_timer.o ax25_uid.o af_ax25.o ax25-$(CONFIG_AX25_DAMA_SLAVE) += ax25_ds_in.o ax25_ds_subr.o ax25_ds_timer.o ax25-$(CONFIG_SYSCTL) += sysctl_net_ax25.o ��rds/Kconfig��0000644��00000001330�14722053255�0006641 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only config RDS tristate "The Reliable Datagram Sockets Protocol" depends on INET ---help--- The RDS (Reliable Datagram Sockets) protocol provides reliable, sequenced delivery of datagrams over Infiniband or TCP. config RDS_RDMA tristate "RDS over Infiniband" depends on RDS && INFINIBAND && INFINIBAND_ADDR_TRANS ---help--- Allow RDS to use Infiniband as a transport. This transport supports RDMA operations. config RDS_TCP tristate "RDS over TCP" depends on RDS depends on IPV6 \|\| !IPV6 ---help--- Allow RDS to use TCP as a transport. This transport does not support RDMA operations. config RDS_DEBUG bool "RDS debugging messages" depends on RDS default n ��rds/Makefile��0000644��00000001047�14722053255�0007003 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 obj-$(CONFIG_RDS) += rds.o rds-y := af_rds.o bind.o cong.o connection.o info.o message.o \ recv.o send.o stats.o sysctl.o threads.o transport.o \ loop.o page.o rdma.o obj-$(CONFIG_RDS_RDMA) += rds_rdma.o rds_rdma-y := rdma_transport.o \ ib.o ib_cm.o ib_recv.o ib_ring.o ib_send.o ib_stats.o \ ib_sysctl.o ib_rdma.o ib_fmr.o ib_frmr.o obj-$(CONFIG_RDS_TCP) += rds_tcp.o rds_tcp-y := tcp.o tcp_connect.o tcp_listen.o tcp_recv.o \ tcp_send.o tcp_stats.o ccflags-$(CONFIG_RDS_DEBUG) := -DRDS_DEBUG ��ipv6/Kconfig��0000644��00000020665�14722053255�0006751 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # IPv6 configuration # # IPv6 as module will cause a CRASH if you try to unload it menuconfig IPV6 tristate "The IPv6 protocol" default y ---help--- Support for IP version 6 (IPv6). For general information about IPv6, see <https://en.wikipedia.org/wiki/IPv6>. For specific information about IPv6 under Linux, see Documentation/networking/ipv6.txt and read the HOWTO at <http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/> To compile this protocol support as a module, choose M here: the module will be called ipv6. if IPV6 config IPV6_ROUTER_PREF bool "IPv6: Router Preference (RFC 4191) support" ---help--- Router Preference is an optional extension to the Router Advertisement message which improves the ability of hosts to pick an appropriate router, especially when the hosts are placed in a multi-homed network. If unsure, say N. config IPV6_ROUTE_INFO bool "IPv6: Route Information (RFC 4191) support" depends on IPV6_ROUTER_PREF ---help--- Support of Route Information. If unsure, say N. config IPV6_OPTIMISTIC_DAD bool "IPv6: Enable RFC 4429 Optimistic DAD" ---help--- Support for optimistic Duplicate Address Detection. It allows for autoconfigured addresses to be used more quickly. If unsure, say N. config INET6_AH tristate "IPv6: AH transformation" select XFRM_ALGO select CRYPTO select CRYPTO_HMAC select CRYPTO_MD5 select CRYPTO_SHA1 ---help--- Support for IPsec AH. If unsure, say Y. config INET6_ESP tristate "IPv6: ESP transformation" select XFRM_ALGO select CRYPTO select CRYPTO_AUTHENC select CRYPTO_HMAC select CRYPTO_MD5 select CRYPTO_CBC select CRYPTO_SHA1 select CRYPTO_DES select CRYPTO_ECHAINIV ---help--- Support for IPsec ESP. If unsure, say Y. config INET6_ESP_OFFLOAD tristate "IPv6: ESP transformation offload" depends on INET6_ESP select XFRM_OFFLOAD default n ---help--- Support for ESP transformation offload. This makes sense only if this system really does IPsec and want to do it with high throughput. A typical desktop system does not need it, even if it does IPsec. If unsure, say N. config INET6_IPCOMP tristate "IPv6: IPComp transformation" select INET6_XFRM_TUNNEL select XFRM_IPCOMP ---help--- Support for IP Payload Compression Protocol (IPComp) (RFC3173), typically needed for IPsec. If unsure, say Y. config IPV6_MIP6 tristate "IPv6: Mobility" select XFRM ---help--- Support for IPv6 Mobility described in RFC 3775. If unsure, say N. config IPV6_ILA tristate "IPv6: Identifier Locator Addressing (ILA)" depends on NETFILTER select DST_CACHE select LWTUNNEL ---help--- Support for IPv6 Identifier Locator Addressing (ILA). ILA is a mechanism to do network virtualization without encapsulation. The basic concept of ILA is that we split an IPv6 address into a 64 bit locator and 64 bit identifier. The identifier is the identity of an entity in communication ("who") and the locator expresses the location of the entity ("where"). ILA can be configured using the "encap ila" option with "ip -6 route" command. ILA is described in https://tools.ietf.org/html/draft-herbert-nvo3-ila-00. If unsure, say N. config INET6_XFRM_TUNNEL tristate select INET6_TUNNEL default n config INET6_TUNNEL tristate default n config IPV6_VTI tristate "Virtual (secure) IPv6: tunneling" select IPV6_TUNNEL select NET_IP_TUNNEL select XFRM ---help--- Tunneling means encapsulating data of one protocol type within another protocol and sending it over a channel that understands the encapsulating protocol. This can be used with xfrm mode tunnel to give the notion of a secure tunnel for IPSEC and then use routing protocol on top. config IPV6_SIT tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" select INET_TUNNEL select NET_IP_TUNNEL select IPV6_NDISC_NODETYPE default y ---help--- Tunneling means encapsulating data of one protocol type within another protocol and sending it over a channel that understands the encapsulating protocol. This driver implements encapsulation of IPv6 into IPv4 packets. This is useful if you want to connect two IPv6 networks over an IPv4-only path. Saying M here will produce a module called sit. If unsure, say Y. config IPV6_SIT_6RD bool "IPv6: IPv6 Rapid Deployment (6RD)" depends on IPV6_SIT default n ---help--- IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly deploy IPv6 unicast service to IPv4 sites to which it provides customer premise equipment. Like 6to4, it utilizes stateless IPv6 in IPv4 encapsulation in order to transit IPv4-only network infrastructure. Unlike 6to4, a 6rd service provider uses an IPv6 prefix of its own in place of the fixed 6to4 prefix. With this option enabled, the SIT driver offers 6rd functionality by providing additional ioctl API to configure the IPv6 Prefix for in stead of static 2002::/16 for 6to4. If unsure, say N. config IPV6_NDISC_NODETYPE bool config IPV6_TUNNEL tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)" select INET6_TUNNEL select DST_CACHE select GRO_CELLS ---help--- Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in RFC 2473. If unsure, say N. config IPV6_GRE tristate "IPv6: GRE tunnel" select IPV6_TUNNEL select NET_IP_TUNNEL depends on NET_IPGRE_DEMUX ---help--- Tunneling means encapsulating data of one protocol type within another protocol and sending it over a channel that understands the encapsulating protocol. This particular tunneling driver implements GRE (Generic Routing Encapsulation) and at this time allows encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure. This driver is useful if the other endpoint is a Cisco router: Cisco likes GRE much better than the other Linux tunneling driver ("IP tunneling" above). In addition, GRE allows multicast redistribution through the tunnel. Saying M here will produce a module called ip6_gre. If unsure, say N. config IPV6_FOU tristate default NET_FOU && IPV6 config IPV6_FOU_TUNNEL tristate default NET_FOU_IP_TUNNELS && IPV6_FOU select IPV6_TUNNEL config IPV6_MULTIPLE_TABLES bool "IPv6: Multiple Routing Tables" select FIB_RULES ---help--- Support multiple routing tables. config IPV6_SUBTREES bool "IPv6: source address based routing" depends on IPV6_MULTIPLE_TABLES ---help--- Enable routing by source address or prefix. The destination address is still the primary routing key, so mixing normal and source prefix specific routes in the same routing table may sometimes lead to unintended routing behavior. This can be avoided by defining different routing tables for the normal and source prefix specific routes. If unsure, say N. config IPV6_MROUTE bool "IPv6: multicast routing" depends on IPV6 select IP_MROUTE_COMMON ---help--- Support for IPv6 multicast forwarding. If unsure, say N. config IPV6_MROUTE_MULTIPLE_TABLES bool "IPv6: multicast policy routing" depends on IPV6_MROUTE select FIB_RULES help Normally, a multicast router runs a userspace daemon and decides what to do with a multicast packet based on the source and destination addresses. If you say Y here, the multicast router will also be able to take interfaces and packet marks into account and run multiple instances of userspace daemons simultaneously, each one handling a single table. If unsure, say N. config IPV6_PIMSM_V2 bool "IPv6: PIM-SM version 2 support" depends on IPV6_MROUTE ---help--- Support for IPv6 PIM multicast routing protocol PIM-SMv2. If unsure, say N. config IPV6_SEG6_LWTUNNEL bool "IPv6: Segment Routing Header encapsulation support" depends on IPV6 select LWTUNNEL select DST_CACHE select IPV6_MULTIPLE_TABLES ---help--- Support for encapsulation of packets within an outer IPv6 header and a Segment Routing Header using the lightweight tunnels mechanism. Also enable support for advanced local processing of SRv6 packets based on their active segment. If unsure, say N. config IPV6_SEG6_HMAC bool "IPv6: Segment Routing HMAC support" depends on IPV6 select CRYPTO select CRYPTO_HMAC select CRYPTO_SHA1 select CRYPTO_SHA256 ---help--- Support for HMAC signature generation and verification of SR-enabled packets. If unsure, say N. config IPV6_SEG6_BPF def_bool y depends on IPV6_SEG6_LWTUNNEL depends on IPV6 = y endif # IPV6 ��ipv6/ila/Makefile��0000644��00000000241�14722053255�0007637 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Makefile for ILA module # obj-$(CONFIG_IPV6_ILA) += ila.o ila-objs := ila_main.o ila_common.o ila_lwt.o ila_xlat.o ��ipv6/Makefile��0000644��00000003451�14722053255�0007100 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for the Linux TCP/IP (INET6) layer. # obj-$(CONFIG_IPV6) += ipv6.o ipv6-objs := af_inet6.o anycast.o ip6_output.o ip6_input.o addrconf.o \ addrlabel.o \ route.o ip6_fib.o ipv6_sockglue.o ndisc.o udp.o udplite.o \ raw.o icmp.o mcast.o reassembly.o tcp_ipv6.o ping.o \ exthdrs.o datagram.o ip6_flowlabel.o inet6_connection_sock.o \ udp_offload.o seg6.o fib6_notifier.o ipv6-offload := ip6_offload.o tcpv6_offload.o exthdrs_offload.o ipv6-$(CONFIG_SYSCTL) = sysctl_net_ipv6.o ipv6-$(CONFIG_IPV6_MROUTE) += ip6mr.o ipv6-$(CONFIG_XFRM) += xfrm6_policy.o xfrm6_state.o xfrm6_input.o \ xfrm6_output.o xfrm6_protocol.o ipv6-$(CONFIG_NETFILTER) += netfilter.o ipv6-$(CONFIG_IPV6_MULTIPLE_TABLES) += fib6_rules.o ipv6-$(CONFIG_PROC_FS) += proc.o ipv6-$(CONFIG_SYN_COOKIES) += syncookies.o ipv6-$(CONFIG_NETLABEL) += calipso.o ipv6-$(CONFIG_IPV6_SEG6_LWTUNNEL) += seg6_iptunnel.o seg6_local.o ipv6-$(CONFIG_IPV6_SEG6_HMAC) += seg6_hmac.o ipv6-objs += $(ipv6-y) obj-$(CONFIG_INET6_AH) += ah6.o obj-$(CONFIG_INET6_ESP) += esp6.o obj-$(CONFIG_INET6_ESP_OFFLOAD) += esp6_offload.o obj-$(CONFIG_INET6_IPCOMP) += ipcomp6.o obj-$(CONFIG_INET6_XFRM_TUNNEL) += xfrm6_tunnel.o obj-$(CONFIG_INET6_TUNNEL) += tunnel6.o obj-$(CONFIG_IPV6_MIP6) += mip6.o obj-$(CONFIG_IPV6_ILA) += ila/ obj-$(CONFIG_NETFILTER) += netfilter/ obj-$(CONFIG_IPV6_VTI) += ip6_vti.o obj-$(CONFIG_IPV6_SIT) += sit.o obj-$(CONFIG_IPV6_TUNNEL) += ip6_tunnel.o obj-$(CONFIG_IPV6_GRE) += ip6_gre.o obj-$(CONFIG_IPV6_FOU) += fou6.o obj-y += addrconf_core.o exthdrs_core.o ip6_checksum.o ip6_icmp.o obj-$(CONFIG_INET) += output_core.o protocol.o $(ipv6-offload) obj-$(subst m,y,$(CONFIG_IPV6)) += inet6_hashtables.o ifneq ($(CONFIG_IPV6),) obj-$(CONFIG_NET_UDP_TUNNEL) += ip6_udp_tunnel.o obj-y += mcast_snoop.o endif ��ipv6/netfilter/Kconfig��0000644��00000020705�14722053255�0010740 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # IP netfilter configuration # menu "IPv6: Netfilter Configuration" depends on INET && IPV6 && NETFILTER config NF_SOCKET_IPV6 tristate "IPv6 socket lookup support" help This option enables the IPv6 socket lookup infrastructure. This is used by the {ip6,nf}tables socket match. config NF_TPROXY_IPV6 tristate "IPv6 tproxy support" if NF_TABLES config NF_TABLES_IPV6 bool "IPv6 nf_tables support" help This option enables the IPv6 support for nf_tables. if NF_TABLES_IPV6 config NFT_REJECT_IPV6 select NF_REJECT_IPV6 default NFT_REJECT tristate config NFT_DUP_IPV6 tristate "IPv6 nf_tables packet duplication support" depends on !NF_CONNTRACK \|\| NF_CONNTRACK select NF_DUP_IPV6 help This module enables IPv6 packet duplication support for nf_tables. config NFT_FIB_IPV6 tristate "nf_tables fib / ipv6 route lookup support" select NFT_FIB help This module enables IPv6 FIB lookups, e.g. for reverse path filtering. It also allows query of the FIB for the route type, e.g. local, unicast, multicast or blackhole. endif # NF_TABLES_IPV6 endif # NF_TABLES config NF_FLOW_TABLE_IPV6 tristate "Netfilter flow table IPv6 module" depends on NF_FLOW_TABLE help This option adds the flow table IPv6 support. To compile it as a module, choose M here. config NF_DUP_IPV6 tristate "Netfilter IPv6 packet duplication to alternate destination" depends on !NF_CONNTRACK \|\| NF_CONNTRACK help This option enables the nf_dup_ipv6 core, which duplicates an IPv6 packet to be rerouted to another destination. config NF_REJECT_IPV6 tristate "IPv6 packet rejection" default m if NETFILTER_ADVANCED=n config NF_LOG_IPV6 tristate "IPv6 packet logging" default m if NETFILTER_ADVANCED=n select NF_LOG_COMMON config IP6_NF_IPTABLES tristate "IP6 tables support (required for filtering)" depends on INET && IPV6 select NETFILTER_XTABLES default m if NETFILTER_ADVANCED=n help ip6tables is a general, extensible packet identification framework. Currently only the packet filtering and packet mangling subsystem for IPv6 use this, but connection tracking is going to follow. Say 'Y' or 'M' here if you want to use either of those. To compile it as a module, choose M here. If unsure, say N. if IP6_NF_IPTABLES # The simple matches. config IP6_NF_MATCH_AH tristate '"ah" match support' depends on NETFILTER_ADVANCED help This module allows one to match AH packets. To compile it as a module, choose M here. If unsure, say N. config IP6_NF_MATCH_EUI64 tristate '"eui64" address check' depends on NETFILTER_ADVANCED help This module performs checking on the IPv6 source address Compares the last 64 bits with the EUI64 (delivered from the MAC address) address To compile it as a module, choose M here. If unsure, say N. config IP6_NF_MATCH_FRAG tristate '"frag" Fragmentation header match support' depends on NETFILTER_ADVANCED help frag matching allows you to match packets based on the fragmentation header of the packet. To compile it as a module, choose M here. If unsure, say N. config IP6_NF_MATCH_OPTS tristate '"hbh" hop-by-hop and "dst" opts header match support' depends on NETFILTER_ADVANCED help This allows one to match packets based on the hop-by-hop and destination options headers of a packet. To compile it as a module, choose M here. If unsure, say N. config IP6_NF_MATCH_HL tristate '"hl" hoplimit match support' depends on NETFILTER_ADVANCED select NETFILTER_XT_MATCH_HL ---help--- This is a backwards-compat option for the user's convenience (e.g. when running oldconfig). It selects CONFIG_NETFILTER_XT_MATCH_HL. config IP6_NF_MATCH_IPV6HEADER tristate '"ipv6header" IPv6 Extension Headers Match' default m if NETFILTER_ADVANCED=n help This module allows one to match packets based upon the ipv6 extension headers. To compile it as a module, choose M here. If unsure, say N. config IP6_NF_MATCH_MH tristate '"mh" match support' depends on NETFILTER_ADVANCED help This module allows one to match MH packets. To compile it as a module, choose M here. If unsure, say N. config IP6_NF_MATCH_RPFILTER tristate '"rpfilter" reverse path filter match support' depends on NETFILTER_ADVANCED depends on IP6_NF_MANGLE \|\| IP6_NF_RAW ---help--- This option allows you to match packets whose replies would go out via the interface the packet came in. To compile it as a module, choose M here. If unsure, say N. The module will be called ip6t_rpfilter. config IP6_NF_MATCH_RT tristate '"rt" Routing header match support' depends on NETFILTER_ADVANCED help rt matching allows you to match packets based on the routing header of the packet. To compile it as a module, choose M here. If unsure, say N. config IP6_NF_MATCH_SRH tristate '"srh" Segment Routing header match support' depends on NETFILTER_ADVANCED help srh matching allows you to match packets based on the segment routing header of the packet. To compile it as a module, choose M here. If unsure, say N. # The targets config IP6_NF_TARGET_HL tristate '"HL" hoplimit target support' depends on NETFILTER_ADVANCED && IP6_NF_MANGLE select NETFILTER_XT_TARGET_HL ---help--- This is a backwards-compatible option for the user's convenience (e.g. when running oldconfig). It selects CONFIG_NETFILTER_XT_TARGET_HL. config IP6_NF_FILTER tristate "Packet filtering" default m if NETFILTER_ADVANCED=n help Packet filtering defines a table `filter', which has a series of rules for simple packet filtering at local input, forwarding and local output. See the man page for iptables(8). To compile it as a module, choose M here. If unsure, say N. config IP6_NF_TARGET_REJECT tristate "REJECT target support" depends on IP6_NF_FILTER select NF_REJECT_IPV6 default m if NETFILTER_ADVANCED=n help The REJECT target allows a filtering rule to specify that an ICMPv6 error should be issued in response to an incoming packet, rather than silently being dropped. To compile it as a module, choose M here. If unsure, say N. config IP6_NF_TARGET_SYNPROXY tristate "SYNPROXY target support" depends on NF_CONNTRACK && NETFILTER_ADVANCED select NETFILTER_SYNPROXY select SYN_COOKIES help The SYNPROXY target allows you to intercept TCP connections and establish them using syncookies before they are passed on to the server. This allows to avoid conntrack and server resource usage during SYN-flood attacks. To compile it as a module, choose M here. If unsure, say N. config IP6_NF_MANGLE tristate "Packet mangling" default m if NETFILTER_ADVANCED=n help This option adds a `mangle' table to iptables: see the man page for iptables(8). This table is used for various packet alterations which can effect how the packet is routed. To compile it as a module, choose M here. If unsure, say N. config IP6_NF_RAW tristate 'raw table support (required for TRACE)' help This option adds a `raw' table to ip6tables. This table is the very first in the netfilter framework and hooks in at the PREROUTING and OUTPUT chains. If you want to compile it as a module, say M here and read <file:Documentation/kbuild/modules.rst>. If unsure, say `N'. # security table for MAC policy config IP6_NF_SECURITY tristate "Security table" depends on SECURITY depends on NETFILTER_ADVANCED help This option adds a `security' table to iptables, for use with Mandatory Access Control (MAC) policy. If unsure, say N. config IP6_NF_NAT tristate "ip6tables NAT support" depends on NF_CONNTRACK depends on NETFILTER_ADVANCED select NF_NAT select NETFILTER_XT_NAT help This enables the `nat' table in ip6tables. This allows masquerading, port forwarding and other forms of full Network Address Port Translation. To compile it as a module, choose M here. If unsure, say N. if IP6_NF_NAT config IP6_NF_TARGET_MASQUERADE tristate "MASQUERADE target support" select NETFILTER_XT_TARGET_MASQUERADE help This is a backwards-compat option for the user's convenience (e.g. when running oldconfig). It selects NETFILTER_XT_TARGET_MASQUERADE. config IP6_NF_TARGET_NPT tristate "NPT (Network Prefix translation) target support" help This option adds the `SNPT' and `DNPT' target, which perform stateless IPv6-to-IPv6 Network Prefix Translation per RFC 6296. To compile it as a module, choose M here. If unsure, say N. endif # IP6_NF_NAT endif # IP6_NF_IPTABLES endmenu config NF_DEFRAG_IPV6 tristate ��ipv6/netfilter/Makefile��0000644��00000003125�14722053255�0011072 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for the netfilter modules on top of IPv6. # # Link order matters here. obj-$(CONFIG_IP6_NF_IPTABLES) += ip6_tables.o obj-$(CONFIG_IP6_NF_FILTER) += ip6table_filter.o obj-$(CONFIG_IP6_NF_MANGLE) += ip6table_mangle.o obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o obj-$(CONFIG_IP6_NF_SECURITY) += ip6table_security.o obj-$(CONFIG_IP6_NF_NAT) += ip6table_nat.o # defrag nf_defrag_ipv6-y := nf_defrag_ipv6_hooks.o nf_conntrack_reasm.o obj-$(CONFIG_NF_DEFRAG_IPV6) += nf_defrag_ipv6.o obj-$(CONFIG_NF_SOCKET_IPV6) += nf_socket_ipv6.o obj-$(CONFIG_NF_TPROXY_IPV6) += nf_tproxy_ipv6.o # logging obj-$(CONFIG_NF_LOG_IPV6) += nf_log_ipv6.o # reject obj-$(CONFIG_NF_REJECT_IPV6) += nf_reject_ipv6.o obj-$(CONFIG_NF_DUP_IPV6) += nf_dup_ipv6.o # nf_tables obj-$(CONFIG_NFT_REJECT_IPV6) += nft_reject_ipv6.o obj-$(CONFIG_NFT_DUP_IPV6) += nft_dup_ipv6.o obj-$(CONFIG_NFT_FIB_IPV6) += nft_fib_ipv6.o # flow table support obj-$(CONFIG_NF_FLOW_TABLE_IPV6) += nf_flow_table_ipv6.o # matches obj-$(CONFIG_IP6_NF_MATCH_AH) += ip6t_ah.o obj-$(CONFIG_IP6_NF_MATCH_EUI64) += ip6t_eui64.o obj-$(CONFIG_IP6_NF_MATCH_FRAG) += ip6t_frag.o obj-$(CONFIG_IP6_NF_MATCH_IPV6HEADER) += ip6t_ipv6header.o obj-$(CONFIG_IP6_NF_MATCH_MH) += ip6t_mh.o obj-$(CONFIG_IP6_NF_MATCH_OPTS) += ip6t_hbh.o obj-$(CONFIG_IP6_NF_MATCH_RPFILTER) += ip6t_rpfilter.o obj-$(CONFIG_IP6_NF_MATCH_RT) += ip6t_rt.o obj-$(CONFIG_IP6_NF_MATCH_SRH) += ip6t_srh.o # targets obj-$(CONFIG_IP6_NF_TARGET_NPT) += ip6t_NPT.o obj-$(CONFIG_IP6_NF_TARGET_REJECT) += ip6t_REJECT.o obj-$(CONFIG_IP6_NF_TARGET_SYNPROXY) += ip6t_SYNPROXY.o ��ipv4/Kconfig��0000644��00000062743�14722053255�0006752 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # IP configuration # config IP_MULTICAST bool "IP: multicasting" help This is code for addressing several networked computers at once, enlarging your kernel by about 2 KB. You need multicasting if you intend to participate in the MBONE, a high bandwidth network on top of the Internet which carries audio and video broadcasts. More information about the MBONE is on the WWW at <http://www.savetz.com/mbone/>. For most people, it's safe to say N. config IP_ADVANCED_ROUTER bool "IP: advanced router" ---help--- If you intend to run your Linux box mostly as a router, i.e. as a computer that forwards and redistributes network packets, say Y; you will then be presented with several options that allow more precise control about the routing process. The answer to this question won't directly affect the kernel: answering N will just cause the configurator to skip all the questions about advanced routing. Note that your box can only act as a router if you enable IP forwarding in your kernel; you can do that by saying Y to "/proc file system support" and "Sysctl support" below and executing the line echo "1" > /proc/sys/net/ipv4/ip_forward at boot time after the /proc file system has been mounted. If you turn on IP forwarding, you should consider the rp_filter, which automatically rejects incoming packets if the routing table entry for their source address doesn't match the network interface they're arriving on. This has security advantages because it prevents the so-called IP spoofing, however it can pose problems if you use asymmetric routing (packets from you to a host take a different path than packets from that host to you) or if you operate a non-routing host which has several IP addresses on different interfaces. To turn rp_filter on use: echo 1 > /proc/sys/net/ipv4/conf/<device>/rp_filter or echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter Note that some distributions enable it in startup scripts. For details about rp_filter strict and loose mode read <file:Documentation/networking/ip-sysctl.txt>. If unsure, say N here. config IP_FIB_TRIE_STATS bool "FIB TRIE statistics" depends on IP_ADVANCED_ROUTER ---help--- Keep track of statistics on structure of FIB TRIE table. Useful for testing and measuring TRIE performance. config IP_MULTIPLE_TABLES bool "IP: policy routing" depends on IP_ADVANCED_ROUTER select FIB_RULES ---help--- Normally, a router decides what to do with a received packet based solely on the packet's final destination address. If you say Y here, the Linux router will also be able to take the packet's source address into account. Furthermore, the TOS (Type-Of-Service) field of the packet can be used for routing decisions as well. If you need more information, see the Linux Advanced Routing and Traffic Control documentation at <http://lartc.org/howto/lartc.rpdb.html> If unsure, say N. config IP_ROUTE_MULTIPATH bool "IP: equal cost multipath" depends on IP_ADVANCED_ROUTER help Normally, the routing tables specify a single action to be taken in a deterministic manner for a given packet. If you say Y here however, it becomes possible to attach several actions to a packet pattern, in effect specifying several alternative paths to travel for those packets. The router considers all these paths to be of equal "cost" and chooses one of them in a non-deterministic fashion if a matching packet arrives. config IP_ROUTE_VERBOSE bool "IP: verbose route monitoring" depends on IP_ADVANCED_ROUTER help If you say Y here, which is recommended, then the kernel will print verbose messages regarding the routing, for example warnings about received packets which look strange and could be evidence of an attack or a misconfigured system somewhere. The information is handled by the klogd daemon which is responsible for kernel messages ("man klogd"). config IP_ROUTE_CLASSID bool config IP_PNP bool "IP: kernel level autoconfiguration" help This enables automatic configuration of IP addresses of devices and of the routing table during kernel boot, based on either information supplied on the kernel command line or by BOOTP or RARP protocols. You need to say Y only for diskless machines requiring network access to boot (in which case you want to say Y to "Root file system on NFS" as well), because all other machines configure the network in their startup scripts. config IP_PNP_DHCP bool "IP: DHCP support" depends on IP_PNP ---help--- If you want your Linux box to mount its whole root file system (the one containing the directory /) from some other computer over the net via NFS and you want the IP address of your computer to be discovered automatically at boot time using the DHCP protocol (a special protocol designed for doing this job), say Y here. In case the boot ROM of your network card was designed for booting Linux and does DHCP itself, providing all necessary information on the kernel command line, you can say N here. If unsure, say Y. Note that if you want to use DHCP, a DHCP server must be operating on your network. Read <file:Documentation/filesystems/nfs/nfsroot.txt> for details. config IP_PNP_BOOTP bool "IP: BOOTP support" depends on IP_PNP ---help--- If you want your Linux box to mount its whole root file system (the one containing the directory /) from some other computer over the net via NFS and you want the IP address of your computer to be discovered automatically at boot time using the BOOTP protocol (a special protocol designed for doing this job), say Y here. In case the boot ROM of your network card was designed for booting Linux and does BOOTP itself, providing all necessary information on the kernel command line, you can say N here. If unsure, say Y. Note that if you want to use BOOTP, a BOOTP server must be operating on your network. Read <file:Documentation/filesystems/nfs/nfsroot.txt> for details. config IP_PNP_RARP bool "IP: RARP support" depends on IP_PNP help If you want your Linux box to mount its whole root file system (the one containing the directory /) from some other computer over the net via NFS and you want the IP address of your computer to be discovered automatically at boot time using the RARP protocol (an older protocol which is being obsoleted by BOOTP and DHCP), say Y here. Note that if you want to use RARP, a RARP server must be operating on your network. Read <file:Documentation/filesystems/nfs/nfsroot.txt> for details. config NET_IPIP tristate "IP: tunneling" select INET_TUNNEL select NET_IP_TUNNEL ---help--- Tunneling means encapsulating data of one protocol type within another protocol and sending it over a channel that understands the encapsulating protocol. This particular tunneling driver implements encapsulation of IP within IP, which sounds kind of pointless, but can be useful if you want to make your (or some other) machine appear on a different network than it physically is, or to use mobile-IP facilities (allowing laptops to seamlessly move between networks without changing their IP addresses). Saying Y to this option will produce two modules ( = code which can be inserted in and removed from the running kernel whenever you want). Most people won't need this and can say N. config NET_IPGRE_DEMUX tristate "IP: GRE demultiplexer" help This is helper module to demultiplex GRE packets on GRE version field criteria. Required by ip_gre and pptp modules. config NET_IP_TUNNEL tristate select DST_CACHE select GRO_CELLS default n config NET_IPGRE tristate "IP: GRE tunnels over IP" depends on (IPV6 \|\| IPV6=n) && NET_IPGRE_DEMUX select NET_IP_TUNNEL help Tunneling means encapsulating data of one protocol type within another protocol and sending it over a channel that understands the encapsulating protocol. This particular tunneling driver implements GRE (Generic Routing Encapsulation) and at this time allows encapsulating of IPv4 or IPv6 over existing IPv4 infrastructure. This driver is useful if the other endpoint is a Cisco router: Cisco likes GRE much better than the other Linux tunneling driver ("IP tunneling" above). In addition, GRE allows multicast redistribution through the tunnel. config NET_IPGRE_BROADCAST bool "IP: broadcast GRE over IP" depends on IP_MULTICAST && NET_IPGRE help One application of GRE/IP is to construct a broadcast WAN (Wide Area Network), which looks like a normal Ethernet LAN (Local Area Network), but can be distributed all over the Internet. If you want to do that, say Y here and to "IP multicast routing" below. config IP_MROUTE_COMMON bool depends on IP_MROUTE \|\| IPV6_MROUTE config IP_MROUTE bool "IP: multicast routing" depends on IP_MULTICAST select IP_MROUTE_COMMON help This is used if you want your machine to act as a router for IP packets that have several destination addresses. It is needed on the MBONE, a high bandwidth network on top of the Internet which carries audio and video broadcasts. In order to do that, you would most likely run the program mrouted. If you haven't heard about it, you don't need it. config IP_MROUTE_MULTIPLE_TABLES bool "IP: multicast policy routing" depends on IP_MROUTE && IP_ADVANCED_ROUTER select FIB_RULES help Normally, a multicast router runs a userspace daemon and decides what to do with a multicast packet based on the source and destination addresses. If you say Y here, the multicast router will also be able to take interfaces and packet marks into account and run multiple instances of userspace daemons simultaneously, each one handling a single table. If unsure, say N. config IP_PIMSM_V1 bool "IP: PIM-SM version 1 support" depends on IP_MROUTE help Kernel side support for Sparse Mode PIM (Protocol Independent Multicast) version 1. This multicast routing protocol is used widely because Cisco supports it. You need special software to use it (pimd-v1). Please see <http://netweb.usc.edu/pim/> for more information about PIM. Say Y if you want to use PIM-SM v1. Note that you can say N here if you just want to use Dense Mode PIM. config IP_PIMSM_V2 bool "IP: PIM-SM version 2 support" depends on IP_MROUTE help Kernel side support for Sparse Mode PIM version 2. In order to use this, you need an experimental routing daemon supporting it (pimd or gated-5). This routing protocol is not used widely, so say N unless you want to play with it. config SYN_COOKIES bool "IP: TCP syncookie support" ---help--- Normal TCP/IP networking is open to an attack known as "SYN flooding". This denial-of-service attack prevents legitimate remote users from being able to connect to your computer during an ongoing attack and requires very little work from the attacker, who can operate from anywhere on the Internet. SYN cookies provide protection against this type of attack. If you say Y here, the TCP/IP stack will use a cryptographic challenge protocol known as "SYN cookies" to enable legitimate users to continue to connect, even when your machine is under attack. There is no need for the legitimate users to change their TCP/IP software; SYN cookies work transparently to them. For technical information about SYN cookies, check out <http://cr.yp.to/syncookies.html>. If you are SYN flooded, the source address reported by the kernel is likely to have been forged by the attacker; it is only reported as an aid in tracing the packets to their actual source and should not be taken as absolute truth. SYN cookies may prevent correct error reporting on clients when the server is really overloaded. If this happens frequently better turn them off. If you say Y here, you can disable SYN cookies at run time by saying Y to "/proc file system support" and "Sysctl support" below and executing the command echo 0 > /proc/sys/net/ipv4/tcp_syncookies after the /proc file system has been mounted. If unsure, say N. config NET_IPVTI tristate "Virtual (secure) IP: tunneling" depends on IPV6 \|\| IPV6=n select INET_TUNNEL select NET_IP_TUNNEL select XFRM ---help--- Tunneling means encapsulating data of one protocol type within another protocol and sending it over a channel that understands the encapsulating protocol. This can be used with xfrm mode tunnel to give the notion of a secure tunnel for IPSEC and then use routing protocol on top. config NET_UDP_TUNNEL tristate select NET_IP_TUNNEL default n config NET_FOU tristate "IP: Foo (IP protocols) over UDP" select XFRM select NET_UDP_TUNNEL ---help--- Foo over UDP allows any IP protocol to be directly encapsulated over UDP include tunnels (IPIP, GRE, SIT). By encapsulating in UDP network mechanisms and optimizations for UDP (such as ECMP and RSS) can be leveraged to provide better service. config NET_FOU_IP_TUNNELS bool "IP: FOU encapsulation of IP tunnels" depends on NET_IPIP \|\| NET_IPGRE \|\| IPV6_SIT select NET_FOU ---help--- Allow configuration of FOU or GUE encapsulation for IP tunnels. When this option is enabled IP tunnels can be configured to use FOU or GUE encapsulation. config INET_AH tristate "IP: AH transformation" select XFRM_ALGO select CRYPTO select CRYPTO_HMAC select CRYPTO_MD5 select CRYPTO_SHA1 ---help--- Support for IPsec AH. If unsure, say Y. config INET_ESP tristate "IP: ESP transformation" select XFRM_ALGO select CRYPTO select CRYPTO_AUTHENC select CRYPTO_HMAC select CRYPTO_MD5 select CRYPTO_CBC select CRYPTO_SHA1 select CRYPTO_DES select CRYPTO_ECHAINIV ---help--- Support for IPsec ESP. If unsure, say Y. config INET_ESP_OFFLOAD tristate "IP: ESP transformation offload" depends on INET_ESP select XFRM_OFFLOAD default n ---help--- Support for ESP transformation offload. This makes sense only if this system really does IPsec and want to do it with high throughput. A typical desktop system does not need it, even if it does IPsec. If unsure, say N. config INET_IPCOMP tristate "IP: IPComp transformation" select INET_XFRM_TUNNEL select XFRM_IPCOMP ---help--- Support for IP Payload Compression Protocol (IPComp) (RFC3173), typically needed for IPsec. If unsure, say Y. config INET_TABLE_PERTURB_ORDER int "INET: Source port perturbation table size (as power of 2)" if EXPERT default 16 help Source port perturbation table size (as power of 2) for RFC 6056 3.3.4. Algorithm 4: Double-Hash Port Selection Algorithm. The default is almost always what you want. Only change this if you know what you are doing. config INET_XFRM_TUNNEL tristate select INET_TUNNEL default n config INET_TUNNEL tristate default n config INET_DIAG tristate "INET: socket monitoring interface" default y ---help--- Support for INET (TCP, DCCP, etc) socket monitoring interface used by native Linux tools such as ss. ss is included in iproute2, currently downloadable at: http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2 If unsure, say Y. config INET_TCP_DIAG depends on INET_DIAG def_tristate INET_DIAG config INET_UDP_DIAG tristate "UDP: socket monitoring interface" depends on INET_DIAG && (IPV6 \|\| IPV6=n) default n ---help--- Support for UDP socket monitoring interface used by the ss tool. If unsure, say Y. config INET_RAW_DIAG tristate "RAW: socket monitoring interface" depends on INET_DIAG && (IPV6 \|\| IPV6=n) default n ---help--- Support for RAW socket monitoring interface used by the ss tool. If unsure, say Y. config INET_DIAG_DESTROY bool "INET: allow privileged process to administratively close sockets" depends on INET_DIAG default n ---help--- Provides a SOCK_DESTROY operation that allows privileged processes (e.g., a connection manager or a network administration tool such as ss) to close sockets opened by other processes. Closing a socket in this way interrupts any blocking read/write/connect operations on the socket and causes future socket calls to behave as if the socket had been disconnected. If unsure, say N. menuconfig TCP_CONG_ADVANCED bool "TCP: advanced congestion control" ---help--- Support for selection of various TCP congestion control modules. Nearly all users can safely say no here, and a safe default selection will be made (CUBIC with new Reno as a fallback). If unsure, say N. if TCP_CONG_ADVANCED config TCP_CONG_BIC tristate "Binary Increase Congestion (BIC) control" default m ---help--- BIC-TCP is a sender-side only change that ensures a linear RTT fairness under large windows while offering both scalability and bounded TCP-friendliness. The protocol combines two schemes called additive increase and binary search increase. When the congestion window is large, additive increase with a large increment ensures linear RTT fairness as well as good scalability. Under small congestion windows, binary search increase provides TCP friendliness. See http://www.csc.ncsu.edu/faculty/rhee/export/bitcp/ config TCP_CONG_CUBIC tristate "CUBIC TCP" default y ---help--- This is version 2.0 of BIC-TCP which uses a cubic growth function among other techniques. See http://www.csc.ncsu.edu/faculty/rhee/export/bitcp/cubic-paper.pdf config TCP_CONG_WESTWOOD tristate "TCP Westwood+" default m ---help--- TCP Westwood+ is a sender-side only modification of the TCP Reno protocol stack that optimizes the performance of TCP congestion control. It is based on end-to-end bandwidth estimation to set congestion window and slow start threshold after a congestion episode. Using this estimation, TCP Westwood+ adaptively sets a slow start threshold and a congestion window which takes into account the bandwidth used at the time congestion is experienced. TCP Westwood+ significantly increases fairness wrt TCP Reno in wired networks and throughput over wireless links. config TCP_CONG_HTCP tristate "H-TCP" default m ---help--- H-TCP is a send-side only modifications of the TCP Reno protocol stack that optimizes the performance of TCP congestion control for high speed network links. It uses a modeswitch to change the alpha and beta parameters of TCP Reno based on network conditions and in a way so as to be fair with other Reno and H-TCP flows. config TCP_CONG_HSTCP tristate "High Speed TCP" default n ---help--- Sally Floyd's High Speed TCP (RFC 3649) congestion control. A modification to TCP's congestion control mechanism for use with large congestion windows. A table indicates how much to increase the congestion window by when an ACK is received. For more detail see http://www.icir.org/floyd/hstcp.html config TCP_CONG_HYBLA tristate "TCP-Hybla congestion control algorithm" default n ---help--- TCP-Hybla is a sender-side only change that eliminates penalization of long-RTT, large-bandwidth connections, like when satellite legs are involved, especially when sharing a common bottleneck with normal terrestrial connections. config TCP_CONG_VEGAS tristate "TCP Vegas" default n ---help--- TCP Vegas is a sender-side only change to TCP that anticipates the onset of congestion by estimating the bandwidth. TCP Vegas adjusts the sending rate by modifying the congestion window. TCP Vegas should provide less packet loss, but it is not as aggressive as TCP Reno. config TCP_CONG_NV tristate "TCP NV" default n ---help--- TCP NV is a follow up to TCP Vegas. It has been modified to deal with 10G networks, measurement noise introduced by LRO, GRO and interrupt coalescence. In addition, it will decrease its cwnd multiplicatively instead of linearly. Note that in general congestion avoidance (cwnd decreased when # packets queued grows) cannot coexist with congestion control (cwnd decreased only when there is packet loss) due to fairness issues. One scenario when they can coexist safely is when the CA flows have RTTs << CC flows RTTs. For further details see http://www.brakmo.org/networking/tcp-nv/ config TCP_CONG_SCALABLE tristate "Scalable TCP" default n ---help--- Scalable TCP is a sender-side only change to TCP which uses a MIMD congestion control algorithm which has some nice scaling properties, though is known to have fairness issues. See http://www.deneholme.net/tom/scalable/ config TCP_CONG_LP tristate "TCP Low Priority" default n ---help--- TCP Low Priority (TCP-LP), a distributed algorithm whose goal is to utilize only the excess network bandwidth as compared to the ``fair share`` of bandwidth as targeted by TCP. See http://www-ece.rice.edu/networks/TCP-LP/ config TCP_CONG_VENO tristate "TCP Veno" default n ---help--- TCP Veno is a sender-side only enhancement of TCP to obtain better throughput over wireless networks. TCP Veno makes use of state distinguishing to circumvent the difficult judgment of the packet loss type. TCP Veno cuts down less congestion window in response to random loss packets. See <http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=1177186> config TCP_CONG_YEAH tristate "YeAH TCP" select TCP_CONG_VEGAS default n ---help--- YeAH-TCP is a sender-side high-speed enabled TCP congestion control algorithm, which uses a mixed loss/delay approach to compute the congestion window. It's design goals target high efficiency, internal, RTT and Reno fairness, resilience to link loss while keeping network elements load as low as possible. For further details look here: http://wil.cs.caltech.edu/pfldnet2007/paper/YeAH_TCP.pdf config TCP_CONG_ILLINOIS tristate "TCP Illinois" default n ---help--- TCP-Illinois is a sender-side modification of TCP Reno for high speed long delay links. It uses round-trip-time to adjust the alpha and beta parameters to achieve a higher average throughput and maintain fairness. For further details see: http://www.ews.uiuc.edu/~shaoliu/tcpillinois/index.html config TCP_CONG_DCTCP tristate "DataCenter TCP (DCTCP)" default n ---help--- DCTCP leverages Explicit Congestion Notification (ECN) in the network to provide multi-bit feedback to the end hosts. It is designed to provide: - High burst tolerance (incast due to partition/aggregate), - Low latency (short flows, queries), - High throughput (continuous data updates, large file transfers) with commodity, shallow-buffered switches. All switches in the data center network running DCTCP must support ECN marking and be configured for marking when reaching defined switch buffer thresholds. The default ECN marking threshold heuristic for DCTCP on switches is 20 packets (30KB) at 1Gbps, and 65 packets (~100KB) at 10Gbps, but might need further careful tweaking. For further details see: http://simula.stanford.edu/~alizade/Site/DCTCP_files/dctcp-final.pdf config TCP_CONG_CDG tristate "CAIA Delay-Gradient (CDG)" default n ---help--- CAIA Delay-Gradient (CDG) is a TCP congestion control that modifies the TCP sender in order to: o Use the delay gradient as a congestion signal. o Back off with an average probability that is independent of the RTT. o Coexist with flows that use loss-based congestion control. o Tolerate packet loss unrelated to congestion. For further details see: D.A. Hayes and G. Armitage. "Revisiting TCP congestion control using delay gradients." In Networking 2011. Preprint: http://goo.gl/No3vdg config TCP_CONG_BBR tristate "BBR TCP" default n ---help--- BBR (Bottleneck Bandwidth and RTT) TCP congestion control aims to maximize network utilization and minimize queues. It builds an explicit model of the the bottleneck delivery rate and path round-trip propagation delay. It tolerates packet loss and delay unrelated to congestion. It can operate over LAN, WAN, cellular, wifi, or cable modem links. It can coexist with flows that use loss-based congestion control, and can operate with shallow buffers, deep buffers, bufferbloat, policers, or AQM schemes that do not provide a delay signal. It requires the fq ("Fair Queue") pacing packet scheduler. choice prompt "Default TCP congestion control" default DEFAULT_CUBIC help Select the TCP congestion control that will be used by default for all connections. config DEFAULT_BIC bool "Bic" if TCP_CONG_BIC=y config DEFAULT_CUBIC bool "Cubic" if TCP_CONG_CUBIC=y config DEFAULT_HTCP bool "Htcp" if TCP_CONG_HTCP=y config DEFAULT_HYBLA bool "Hybla" if TCP_CONG_HYBLA=y config DEFAULT_VEGAS bool "Vegas" if TCP_CONG_VEGAS=y config DEFAULT_VENO bool "Veno" if TCP_CONG_VENO=y config DEFAULT_WESTWOOD bool "Westwood" if TCP_CONG_WESTWOOD=y config DEFAULT_DCTCP bool "DCTCP" if TCP_CONG_DCTCP=y config DEFAULT_CDG bool "CDG" if TCP_CONG_CDG=y config DEFAULT_BBR bool "BBR" if TCP_CONG_BBR=y config DEFAULT_RENO bool "Reno" endchoice endif config TCP_CONG_CUBIC tristate depends on !TCP_CONG_ADVANCED default y config DEFAULT_TCP_CONG string default "bic" if DEFAULT_BIC default "cubic" if DEFAULT_CUBIC default "htcp" if DEFAULT_HTCP default "hybla" if DEFAULT_HYBLA default "vegas" if DEFAULT_VEGAS default "westwood" if DEFAULT_WESTWOOD default "veno" if DEFAULT_VENO default "reno" if DEFAULT_RENO default "dctcp" if DEFAULT_DCTCP default "cdg" if DEFAULT_CDG default "bbr" if DEFAULT_BBR default "cubic" config TCP_MD5SIG bool "TCP: MD5 Signature Option support (RFC2385)" select CRYPTO select CRYPTO_MD5 ---help--- RFC2385 specifies a method of giving MD5 protection to TCP sessions. Its main (only?) use is to protect BGP sessions between core routers on the Internet. If unsure, say N. ��ipv4/bpfilter/Makefile��0000644��00000000114�14722053255�0010676 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only obj-$(CONFIG_BPFILTER) += sockopt.o ��ipv4/Makefile��0000644��00000005172�14722053255�0007100 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for the Linux TCP/IP (INET) layer. # obj-y := route.o inetpeer.o protocol.o \ ip_input.o ip_fragment.o ip_forward.o ip_options.o \ ip_output.o ip_sockglue.o inet_hashtables.o \ inet_timewait_sock.o inet_connection_sock.o \ tcp.o tcp_input.o tcp_output.o tcp_timer.o tcp_ipv4.o \ tcp_minisocks.o tcp_cong.o tcp_metrics.o tcp_fastopen.o \ tcp_rate.o tcp_recovery.o tcp_ulp.o \ tcp_offload.o datagram.o raw.o udp.o udplite.o \ udp_offload.o arp.o icmp.o devinet.o af_inet.o igmp.o \ fib_frontend.o fib_semantics.o fib_trie.o fib_notifier.o \ inet_fragment.o ping.o ip_tunnel_core.o gre_offload.o \ metrics.o netlink.o nexthop.o obj-$(CONFIG_BPFILTER) += bpfilter/ obj-$(CONFIG_NET_IP_TUNNEL) += ip_tunnel.o obj-$(CONFIG_SYSCTL) += sysctl_net_ipv4.o obj-$(CONFIG_PROC_FS) += proc.o obj-$(CONFIG_IP_MULTIPLE_TABLES) += fib_rules.o obj-$(CONFIG_IP_MROUTE) += ipmr.o obj-$(CONFIG_IP_MROUTE_COMMON) += ipmr_base.o obj-$(CONFIG_NET_IPIP) += ipip.o gre-y := gre_demux.o obj-$(CONFIG_NET_FOU) += fou.o obj-$(CONFIG_NET_IPGRE_DEMUX) += gre.o obj-$(CONFIG_NET_IPGRE) += ip_gre.o obj-$(CONFIG_NET_UDP_TUNNEL) += udp_tunnel.o obj-$(CONFIG_NET_IPVTI) += ip_vti.o obj-$(CONFIG_SYN_COOKIES) += syncookies.o obj-$(CONFIG_INET_AH) += ah4.o obj-$(CONFIG_INET_ESP) += esp4.o obj-$(CONFIG_INET_ESP_OFFLOAD) += esp4_offload.o obj-$(CONFIG_INET_IPCOMP) += ipcomp.o obj-$(CONFIG_INET_XFRM_TUNNEL) += xfrm4_tunnel.o obj-$(CONFIG_INET_TUNNEL) += tunnel4.o obj-$(CONFIG_IP_PNP) += ipconfig.o obj-$(CONFIG_NETFILTER) += netfilter.o netfilter/ obj-$(CONFIG_INET_DIAG) += inet_diag.o obj-$(CONFIG_INET_TCP_DIAG) += tcp_diag.o obj-$(CONFIG_INET_UDP_DIAG) += udp_diag.o obj-$(CONFIG_INET_RAW_DIAG) += raw_diag.o obj-$(CONFIG_TCP_CONG_BBR) += tcp_bbr.o obj-$(CONFIG_TCP_CONG_BIC) += tcp_bic.o obj-$(CONFIG_TCP_CONG_CDG) += tcp_cdg.o obj-$(CONFIG_TCP_CONG_CUBIC) += tcp_cubic.o obj-$(CONFIG_TCP_CONG_DCTCP) += tcp_dctcp.o obj-$(CONFIG_TCP_CONG_WESTWOOD) += tcp_westwood.o obj-$(CONFIG_TCP_CONG_HSTCP) += tcp_highspeed.o obj-$(CONFIG_TCP_CONG_HYBLA) += tcp_hybla.o obj-$(CONFIG_TCP_CONG_HTCP) += tcp_htcp.o obj-$(CONFIG_TCP_CONG_VEGAS) += tcp_vegas.o obj-$(CONFIG_TCP_CONG_NV) += tcp_nv.o obj-$(CONFIG_TCP_CONG_VENO) += tcp_veno.o obj-$(CONFIG_TCP_CONG_SCALABLE) += tcp_scalable.o obj-$(CONFIG_TCP_CONG_LP) += tcp_lp.o obj-$(CONFIG_TCP_CONG_YEAH) += tcp_yeah.o obj-$(CONFIG_TCP_CONG_ILLINOIS) += tcp_illinois.o obj-$(CONFIG_NET_SOCK_MSG) += tcp_bpf.o obj-$(CONFIG_NETLABEL) += cipso_ipv4.o obj-$(CONFIG_XFRM) += xfrm4_policy.o xfrm4_state.o xfrm4_input.o \ xfrm4_output.o xfrm4_protocol.o ��ipv4/netfilter/Kconfig��0000644��00000024236�14722053255�0010741 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # IP netfilter configuration # menu "IP: Netfilter Configuration" depends on INET && NETFILTER config NF_DEFRAG_IPV4 tristate default n config NF_SOCKET_IPV4 tristate "IPv4 socket lookup support" help This option enables the IPv4 socket lookup infrastructure. This is is required by the {ip,nf}tables socket match. config NF_TPROXY_IPV4 tristate "IPv4 tproxy support" if NF_TABLES config NF_TABLES_IPV4 bool "IPv4 nf_tables support" help This option enables the IPv4 support for nf_tables. if NF_TABLES_IPV4 config NFT_REJECT_IPV4 select NF_REJECT_IPV4 default NFT_REJECT tristate config NFT_DUP_IPV4 tristate "IPv4 nf_tables packet duplication support" depends on !NF_CONNTRACK \|\| NF_CONNTRACK select NF_DUP_IPV4 help This module enables IPv4 packet duplication support for nf_tables. config NFT_FIB_IPV4 select NFT_FIB tristate "nf_tables fib / ip route lookup support" help This module enables IPv4 FIB lookups, e.g. for reverse path filtering. It also allows query of the FIB for the route type, e.g. local, unicast, multicast or blackhole. endif # NF_TABLES_IPV4 config NF_TABLES_ARP bool "ARP nf_tables support" select NETFILTER_FAMILY_ARP help This option enables the ARP support for nf_tables. endif # NF_TABLES config NF_FLOW_TABLE_IPV4 tristate "Netfilter flow table IPv4 module" depends on NF_FLOW_TABLE help This option adds the flow table IPv4 support. To compile it as a module, choose M here. config NF_DUP_IPV4 tristate "Netfilter IPv4 packet duplication to alternate destination" depends on !NF_CONNTRACK \|\| NF_CONNTRACK help This option enables the nf_dup_ipv4 core, which duplicates an IPv4 packet to be rerouted to another destination. config NF_LOG_ARP tristate "ARP packet logging" default m if NETFILTER_ADVANCED=n select NF_LOG_COMMON config NF_LOG_IPV4 tristate "IPv4 packet logging" default m if NETFILTER_ADVANCED=n select NF_LOG_COMMON config NF_REJECT_IPV4 tristate "IPv4 packet rejection" default m if NETFILTER_ADVANCED=n if NF_NAT config NF_NAT_SNMP_BASIC tristate "Basic SNMP-ALG support" depends on NF_CONNTRACK_SNMP depends on NETFILTER_ADVANCED default NF_NAT && NF_CONNTRACK_SNMP select ASN1 ---help--- This module implements an Application Layer Gateway (ALG) for SNMP payloads. In conjunction with NAT, it allows a network management system to access multiple private networks with conflicting addresses. It works by modifying IP addresses inside SNMP payloads to match IP-layer NAT mapping. This is the "basic" form of SNMP-ALG, as described in RFC 2962 To compile it as a module, choose M here. If unsure, say N. config NF_NAT_PPTP tristate depends on NF_CONNTRACK default NF_CONNTRACK_PPTP config NF_NAT_H323 tristate depends on NF_CONNTRACK default NF_CONNTRACK_H323 endif # NF_NAT config IP_NF_IPTABLES tristate "IP tables support (required for filtering/masq/NAT)" default m if NETFILTER_ADVANCED=n select NETFILTER_XTABLES help iptables is a general, extensible packet identification framework. The packet filtering and full NAT (masquerading, port forwarding, etc) subsystems now use this: say `Y' or `M' here if you want to use either of those. To compile it as a module, choose M here. If unsure, say N. if IP_NF_IPTABLES # The matches. config IP_NF_MATCH_AH tristate '"ah" match support' depends on NETFILTER_ADVANCED help This match extension allows you to match a range of SPIs inside AH header of IPSec packets. To compile it as a module, choose M here. If unsure, say N. config IP_NF_MATCH_ECN tristate '"ecn" match support' depends on NETFILTER_ADVANCED select NETFILTER_XT_MATCH_ECN ---help--- This is a backwards-compat option for the user's convenience (e.g. when running oldconfig). It selects CONFIG_NETFILTER_XT_MATCH_ECN. config IP_NF_MATCH_RPFILTER tristate '"rpfilter" reverse path filter match support' depends on NETFILTER_ADVANCED depends on IP_NF_MANGLE \|\| IP_NF_RAW ---help--- This option allows you to match packets whose replies would go out via the interface the packet came in. To compile it as a module, choose M here. If unsure, say N. The module will be called ipt_rpfilter. config IP_NF_MATCH_TTL tristate '"ttl" match support' depends on NETFILTER_ADVANCED select NETFILTER_XT_MATCH_HL ---help--- This is a backwards-compat option for the user's convenience (e.g. when running oldconfig). It selects CONFIG_NETFILTER_XT_MATCH_HL. # `filter', generic and specific targets config IP_NF_FILTER tristate "Packet filtering" default m if NETFILTER_ADVANCED=n help Packet filtering defines a table `filter', which has a series of rules for simple packet filtering at local input, forwarding and local output. See the man page for iptables(8). To compile it as a module, choose M here. If unsure, say N. config IP_NF_TARGET_REJECT tristate "REJECT target support" depends on IP_NF_FILTER select NF_REJECT_IPV4 default m if NETFILTER_ADVANCED=n help The REJECT target allows a filtering rule to specify that an ICMP error should be issued in response to an incoming packet, rather than silently being dropped. To compile it as a module, choose M here. If unsure, say N. config IP_NF_TARGET_SYNPROXY tristate "SYNPROXY target support" depends on NF_CONNTRACK && NETFILTER_ADVANCED select NETFILTER_SYNPROXY select SYN_COOKIES help The SYNPROXY target allows you to intercept TCP connections and establish them using syncookies before they are passed on to the server. This allows to avoid conntrack and server resource usage during SYN-flood attacks. To compile it as a module, choose M here. If unsure, say N. # NAT + specific targets: nf_conntrack config IP_NF_NAT tristate "iptables NAT support" depends on NF_CONNTRACK default m if NETFILTER_ADVANCED=n select NF_NAT select NETFILTER_XT_NAT help This enables the `nat' table in iptables. This allows masquerading, port forwarding and other forms of full Network Address Port Translation. To compile it as a module, choose M here. If unsure, say N. if IP_NF_NAT config IP_NF_TARGET_MASQUERADE tristate "MASQUERADE target support" select NETFILTER_XT_TARGET_MASQUERADE help This is a backwards-compat option for the user's convenience (e.g. when running oldconfig). It selects NETFILTER_XT_TARGET_MASQUERADE. config IP_NF_TARGET_NETMAP tristate "NETMAP target support" depends on NETFILTER_ADVANCED select NETFILTER_XT_TARGET_NETMAP ---help--- This is a backwards-compat option for the user's convenience (e.g. when running oldconfig). It selects CONFIG_NETFILTER_XT_TARGET_NETMAP. config IP_NF_TARGET_REDIRECT tristate "REDIRECT target support" depends on NETFILTER_ADVANCED select NETFILTER_XT_TARGET_REDIRECT ---help--- This is a backwards-compat option for the user's convenience (e.g. when running oldconfig). It selects CONFIG_NETFILTER_XT_TARGET_REDIRECT. endif # IP_NF_NAT # mangle + specific targets config IP_NF_MANGLE tristate "Packet mangling" default m if NETFILTER_ADVANCED=n help This option adds a `mangle' table to iptables: see the man page for iptables(8). This table is used for various packet alterations which can effect how the packet is routed. To compile it as a module, choose M here. If unsure, say N. config IP_NF_TARGET_CLUSTERIP tristate "CLUSTERIP target support" depends on IP_NF_MANGLE depends on NF_CONNTRACK depends on NETFILTER_ADVANCED select NF_CONNTRACK_MARK select NETFILTER_FAMILY_ARP help The CLUSTERIP target allows you to build load-balancing clusters of network servers without having a dedicated load-balancing router/server/switch. To compile it as a module, choose M here. If unsure, say N. config IP_NF_TARGET_ECN tristate "ECN target support" depends on IP_NF_MANGLE depends on NETFILTER_ADVANCED ---help--- This option adds a `ECN' target, which can be used in the iptables mangle table. You can use this target to remove the ECN bits from the IPv4 header of an IP packet. This is particularly useful, if you need to work around existing ECN blackholes on the internet, but don't want to disable ECN support in general. To compile it as a module, choose M here. If unsure, say N. config IP_NF_TARGET_TTL tristate '"TTL" target support' depends on NETFILTER_ADVANCED && IP_NF_MANGLE select NETFILTER_XT_TARGET_HL ---help--- This is a backwards-compatible option for the user's convenience (e.g. when running oldconfig). It selects CONFIG_NETFILTER_XT_TARGET_HL. # raw + specific targets config IP_NF_RAW tristate 'raw table support (required for NOTRACK/TRACE)' help This option adds a `raw' table to iptables. This table is the very first in the netfilter framework and hooks in at the PREROUTING and OUTPUT chains. If you want to compile it as a module, say M here and read <file:Documentation/kbuild/modules.rst>. If unsure, say `N'. # security table for MAC policy config IP_NF_SECURITY tristate "Security table" depends on SECURITY depends on NETFILTER_ADVANCED help This option adds a `security' table to iptables, for use with Mandatory Access Control (MAC) policy. If unsure, say N. endif # IP_NF_IPTABLES # ARP tables config IP_NF_ARPTABLES tristate "ARP tables support" select NETFILTER_XTABLES select NETFILTER_FAMILY_ARP depends on NETFILTER_ADVANCED help arptables is a general, extensible packet identification framework. The ARP packet filtering and mangling (manipulation)subsystems use this: say Y or M here if you want to use either of those. To compile it as a module, choose M here. If unsure, say N. if IP_NF_ARPTABLES config IP_NF_ARPFILTER tristate "ARP packet filtering" help ARP packet filtering defines a table `filter', which has a series of rules for simple ARP packet filtering at local input and local output. On a bridge, you can also specify filtering rules for forwarded ARP packets. See the man page for arptables(8). To compile it as a module, choose M here. If unsure, say N. config IP_NF_ARP_MANGLE tristate "ARP payload mangling" help Allows altering the ARP packet payload: source and destination hardware and network addresses. endif # IP_NF_ARPTABLES endmenu ��ipv4/netfilter/Makefile��0000644��00000003463�14722053255�0011075 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for the netfilter modules on top of IPv4. # # defrag obj-$(CONFIG_NF_DEFRAG_IPV4) += nf_defrag_ipv4.o obj-$(CONFIG_NF_SOCKET_IPV4) += nf_socket_ipv4.o obj-$(CONFIG_NF_TPROXY_IPV4) += nf_tproxy_ipv4.o # logging obj-$(CONFIG_NF_LOG_ARP) += nf_log_arp.o obj-$(CONFIG_NF_LOG_IPV4) += nf_log_ipv4.o # reject obj-$(CONFIG_NF_REJECT_IPV4) += nf_reject_ipv4.o # NAT helpers (nf_conntrack) obj-$(CONFIG_NF_NAT_H323) += nf_nat_h323.o obj-$(CONFIG_NF_NAT_PPTP) += nf_nat_pptp.o nf_nat_snmp_basic-y := nf_nat_snmp_basic.asn1.o nf_nat_snmp_basic_main.o $(obj)/nf_nat_snmp_basic_main.o: $(obj)/nf_nat_snmp_basic.asn1.h obj-$(CONFIG_NF_NAT_SNMP_BASIC) += nf_nat_snmp_basic.o obj-$(CONFIG_NFT_REJECT_IPV4) += nft_reject_ipv4.o obj-$(CONFIG_NFT_FIB_IPV4) += nft_fib_ipv4.o obj-$(CONFIG_NFT_DUP_IPV4) += nft_dup_ipv4.o # flow table support obj-$(CONFIG_NF_FLOW_TABLE_IPV4) += nf_flow_table_ipv4.o # generic IP tables obj-$(CONFIG_IP_NF_IPTABLES) += ip_tables.o # the three instances of ip_tables obj-$(CONFIG_IP_NF_FILTER) += iptable_filter.o obj-$(CONFIG_IP_NF_MANGLE) += iptable_mangle.o obj-$(CONFIG_IP_NF_NAT) += iptable_nat.o obj-$(CONFIG_IP_NF_RAW) += iptable_raw.o obj-$(CONFIG_IP_NF_SECURITY) += iptable_security.o # matches obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o obj-$(CONFIG_IP_NF_MATCH_RPFILTER) += ipt_rpfilter.o # targets obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o obj-$(CONFIG_IP_NF_TARGET_SYNPROXY) += ipt_SYNPROXY.o # generic ARP tables obj-$(CONFIG_IP_NF_ARPTABLES) += arp_tables.o obj-$(CONFIG_IP_NF_ARP_MANGLE) += arpt_mangle.o # just filtering instance of ARP tables for now obj-$(CONFIG_IP_NF_ARPFILTER) += arptable_filter.o obj-$(CONFIG_NF_DUP_IPV4) += nf_dup_ipv4.o ��mac802154/Kconfig��0000644��00000001322�14722053255�0007276 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only config MAC802154 tristate "Generic IEEE 802.15.4 Soft Networking Stack (mac802154)" depends on IEEE802154 select CRC_CCITT select CRYPTO select CRYPTO_AUTHENC select CRYPTO_CCM select CRYPTO_CTR select CRYPTO_AES ---help--- This option enables the hardware independent IEEE 802.15.4 networking stack for SoftMAC devices (the ones implementing only PHY level of IEEE 802.15.4 standard). Note: this implementation is neither certified, nor feature complete! Compatibility with other implementations hasn't been tested yet! If you plan to use HardMAC IEEE 802.15.4 devices, you can say N here. Alternatively you can say M to compile it as module. ��mac802154/Makefile��0000644��00000000314�14722053255�0007433 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only obj-$(CONFIG_MAC802154) += mac802154.o mac802154-objs := main.o rx.o tx.o mac_cmd.o mib.o \ iface.o llsec.o util.o cfg.o trace.o CFLAGS_trace.o := -I$(src) ��wireless/Kconfig��0000644��00000017066�14722053255�0007723 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only config WIRELESS_EXT bool config WEXT_CORE def_bool y depends on CFG80211_WEXT \|\| WIRELESS_EXT config WEXT_PROC def_bool y depends on PROC_FS depends on WEXT_CORE config WEXT_SPY bool config WEXT_PRIV bool config CFG80211 tristate "cfg80211 - wireless configuration API" depends on RFKILL \|\| !RFKILL select FW_LOADER # may need to update this when certificates are changed and are # using a different algorithm, though right now they shouldn't # (this is here rather than below to allow it to be a module) select CRYPTO_SHA256 if CFG80211_USE_KERNEL_REGDB_KEYS ---help--- cfg80211 is the Linux wireless LAN (802.11) configuration API. Enable this if you have a wireless device. For more information refer to documentation on the wireless wiki: http://wireless.kernel.org/en/developers/Documentation/cfg80211 When built as a module it will be called cfg80211. if CFG80211 config NL80211_TESTMODE bool "nl80211 testmode command" help The nl80211 testmode command helps implementing things like factory calibration or validation tools for wireless chips. Select this option ONLY for kernels that are specifically built for such purposes. Debugging tools that are supposed to end up in the hands of users should better be implemented with debugfs. Say N. config CFG80211_DEVELOPER_WARNINGS bool "enable developer warnings" default n help This option enables some additional warnings that help cfg80211 developers and driver developers, but beware that they can also trigger due to races with userspace. For example, when a driver reports that it was disconnected from the AP, but the user disconnects manually at the same time, the warning might trigger spuriously due to races. Say Y only if you are developing cfg80211 or a driver based on it (or mac80211). config CFG80211_CERTIFICATION_ONUS bool "cfg80211 certification onus" depends on EXPERT default n ---help--- You should disable this option unless you are both capable and willing to ensure your system will remain regulatory compliant with the features available under this option. Some options may still be under heavy development and for whatever reason regulatory compliance has not or cannot yet be verified. Regulatory verification may at times only be possible until you have the final system in place. This option should only be enabled by system integrators or distributions that have done work necessary to ensure regulatory certification on the system with the enabled features. Alternatively you can enable this option if you are a wireless researcher and are working in a controlled and approved environment by your local regulatory agency. config CFG80211_REQUIRE_SIGNED_REGDB bool "require regdb signature" if CFG80211_CERTIFICATION_ONUS default y select SYSTEM_DATA_VERIFICATION help Require that in addition to the "regulatory.db" file a "regulatory.db.p7s" can be loaded with a valid PKCS#7 signature for the regulatory.db file made by one of the keys in the certs/ directory. config CFG80211_USE_KERNEL_REGDB_KEYS bool "allow regdb keys shipped with the kernel" if CFG80211_CERTIFICATION_ONUS default y depends on CFG80211_REQUIRE_SIGNED_REGDB help Allow the regulatory database to be signed by one of the keys for which certificates are part of the kernel sources (in net/wireless/certs/). This is currently only Seth Forshee's key, who is the regulatory database maintainer. config CFG80211_EXTRA_REGDB_KEYDIR string "additional regdb key directory" if CFG80211_CERTIFICATION_ONUS depends on CFG80211_REQUIRE_SIGNED_REGDB help If selected, point to a directory with DER-encoded X.509 certificates like in the kernel sources (net/wireless/certs/) that shall be accepted for a signed regulatory database. Note that you need to also select the correct CRYPTO_<hash> modules for your certificates, and if cfg80211 is built-in they also must be. config CFG80211_REG_CELLULAR_HINTS bool "cfg80211 regulatory support for cellular base station hints" depends on CFG80211_CERTIFICATION_ONUS ---help--- This option enables support for parsing regulatory hints from cellular base stations. If enabled and at least one driver claims support for parsing cellular base station hints the regulatory core will allow and parse these regulatory hints. The regulatory core will only apply these regulatory hints on drivers that support this feature. You should only enable this feature if you have tested and validated this feature on your systems. config CFG80211_REG_RELAX_NO_IR bool "cfg80211 support for NO_IR relaxation" depends on CFG80211_CERTIFICATION_ONUS ---help--- This option enables support for relaxation of the NO_IR flag for situations that certain regulatory bodies have provided clarifications on how relaxation can occur. This feature has an inherent dependency on userspace features which must have been properly tested and as such is not enabled by default. A relaxation feature example is allowing the operation of a P2P group owner (GO) on channels marked with NO_IR if there is an additional BSS interface which associated to an AP which userspace assumes or confirms to be an authorized master, i.e., with radar detection support and DFS capabilities. However, note that in order to not create daisy chain scenarios, this relaxation is not allowed in cases where the BSS client is associated to P2P GO and in addition the P2P GO instantiated on a channel due to this relaxation should not allow connection from non P2P clients. The regulatory core will apply these relaxations only for drivers that support this feature by declaring the appropriate channel flags and capabilities in their registration flow. config CFG80211_DEFAULT_PS bool "enable powersave by default" default y help This option enables powersave mode by default. If this causes your applications to misbehave you should fix your applications instead -- they need to register their network latency requirement, see Documentation/power/pm_qos_interface.rst. config CFG80211_DEBUGFS bool "cfg80211 DebugFS entries" depends on DEBUG_FS ---help--- You can enable this if you want debugfs entries for cfg80211. If unsure, say N. config CFG80211_CRDA_SUPPORT bool "support CRDA" if EXPERT default y help You should enable this option unless you know for sure you have no need for it, for example when using internal regdb (above) or the database loaded as a firmware file. If unsure, say Y. config CFG80211_WEXT bool "cfg80211 wireless extensions compatibility" if !CFG80211_WEXT_EXPORT select WEXT_CORE default y if CFG80211_WEXT_EXPORT help Enable this option if you need old userspace for wireless extensions with cfg80211-based drivers. config CFG80211_WEXT_EXPORT bool help Drivers should select this option if they require cfg80211's wext compatibility symbols to be exported. endif # CFG80211 config LIB80211 tristate default n help This options enables a library of common routines used by IEEE802.11 wireless LAN drivers. Drivers should select this themselves if needed. config LIB80211_CRYPT_WEP tristate select CRYPTO_LIB_ARC4 config LIB80211_CRYPT_CCMP tristate select CRYPTO select CRYPTO_AES select CRYPTO_CCM config LIB80211_CRYPT_TKIP tristate select CRYPTO_LIB_ARC4 config LIB80211_DEBUG bool "lib80211 debugging messages" depends on LIB80211 default n ---help--- You can enable this if you want verbose debugging messages from lib80211. If unsure, say N. ��wireless/Makefile��0000644��00000004127�14722053255�0010052 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 obj-$(CONFIG_CFG80211) += cfg80211.o obj-$(CONFIG_LIB80211) += lib80211.o obj-$(CONFIG_LIB80211_CRYPT_WEP) += lib80211_crypt_wep.o obj-$(CONFIG_LIB80211_CRYPT_CCMP) += lib80211_crypt_ccmp.o obj-$(CONFIG_LIB80211_CRYPT_TKIP) += lib80211_crypt_tkip.o obj-$(CONFIG_WEXT_CORE) += wext-core.o obj-$(CONFIG_WEXT_PROC) += wext-proc.o obj-$(CONFIG_WEXT_SPY) += wext-spy.o obj-$(CONFIG_WEXT_PRIV) += wext-priv.o cfg80211-y += core.o sysfs.o radiotap.o util.o reg.o scan.o nl80211.o cfg80211-y += mlme.o ibss.o sme.o chan.o ethtool.o mesh.o ap.o trace.o ocb.o cfg80211-y += pmsr.o cfg80211-$(CONFIG_OF) += of.o cfg80211-$(CONFIG_CFG80211_DEBUGFS) += debugfs.o cfg80211-$(CONFIG_CFG80211_WEXT) += wext-compat.o wext-sme.o CFLAGS_trace.o := -I$(src) cfg80211-$(CONFIG_CFG80211_USE_KERNEL_REGDB_KEYS) += shipped-certs.o ifneq ($(CONFIG_CFG80211_EXTRA_REGDB_KEYDIR),) cfg80211-y += extra-certs.o endif $(obj)/shipped-certs.c: $(wildcard $(srctree)/$(src)/certs/.hex) @$(kecho) " GEN $@" @(echo '#include "reg.h"'; \ echo 'const u8 shipped_regdb_certs[] = {'; \ echo \| cat - $^ ; \ echo '};'; \ echo 'unsigned int shipped_regdb_certs_len = sizeof(shipped_regdb_certs);'; \ ) > $@ $(obj)/extra-certs.c: $(CONFIG_CFG80211_EXTRA_REGDB_KEYDIR:"%"=%) \ $(wildcard $(CONFIG_CFG80211_EXTRA_REGDB_KEYDIR:"%"=%)/.x509) @$(kecho) " GEN $@" @(set -e; \ allf=""; \ for f in $^ ; do \ test -f $$f \|\| continue;\ # similar to hexdump -v -e '1/1 "0x%.2x," "\n"' \ thisf=$$(od -An -v -tx1 < $$f \| \ sed -e 's/ /\n/g' \| \ sed -e 's/^[0-9a-f]\+$$/\0/;t;d' \| \ sed -e 's/^/0x/;s/$$/,/'); \ # file should not be empty - maybe command substitution failed? \ test ! -z "$$thisf";\ allf=$$allf$$thisf;\ done; \ ( \ echo '#include "reg.h"'; \ echo 'const u8 extra_regdb_certs[] = {'; \ echo "$$allf"; \ echo '};'; \ echo 'unsigned int extra_regdb_certs_len = sizeof(extra_regdb_certs);'; \ ) > $@) clean-files += shipped-certs.c extra-certs.c ��dcb/Kconfig��0000644��00000001714�14722053255�0006607 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only config DCB bool "Data Center Bridging support" default n ---help--- This enables support for configuring Data Center Bridging (DCB) features on DCB capable Ethernet adapters via rtnetlink. Say 'Y' if you have a DCB capable Ethernet adapter which supports this interface and you are connected to a DCB capable switch. DCB is a collection of Ethernet enhancements which allow DCB capable NICs and switches to support network traffic with differing requirements (highly reliable, no drops vs. best effort vs. low latency) to co-exist on Ethernet. DCB features include: Enhanced Transmission Selection (aka Priority Grouping) - provides a framework for assigning bandwidth guarantees to traffic classes. Priority-based Flow Control (PFC) - a MAC control pause frame which works at the granularity of the 802.1p priority instead of the link (802.3x). If unsure, say N. ��dcb/Makefile��0000644��00000000120�14722053255�0006732 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only obj-$(CONFIG_DCB) += dcbnl.o dcbevent.o ��tls/Kconfig��0000644��00000001134�14722053255�0006655 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # TLS configuration # config TLS tristate "Transport Layer Security support" depends on INET select CRYPTO select CRYPTO_AES select CRYPTO_GCM select STREAM_PARSER select NET_SOCK_MSG default n ---help--- Enable kernel support for TLS protocol. This allows symmetric encryption handling of the TLS protocol to be done in-kernel. If unsure, say N. config TLS_DEVICE bool "Transport Layer Security HW offload" depends on TLS select SOCK_VALIDATE_XMIT default n help Enable kernel support for HW offload of the TLS protocol. If unsure, say N. ��tls/Makefile��0000644��00000000310�14722053255�0007005 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Makefile for the TLS subsystem. # obj-$(CONFIG_TLS) += tls.o tls-y := tls_main.o tls_sw.o tls-$(CONFIG_TLS_DEVICE) += tls_device.o tls_device_fallback.o ��dns_resolver/Kconfig��0000644��00000001672�14722053255�0010567 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Configuration for DNS Resolver # config DNS_RESOLVER tristate "DNS Resolver support" depends on NET && KEYS help Saying Y here will include support for the DNS Resolver key type which can be used to make upcalls to perform DNS lookups in userspace. DNS Resolver is used to query DNS server for information. Examples being resolving a UNC hostname element to an IP address for CIFS or performing a DNS query for AFSDB records so that AFS can locate a cell's volume location database servers. DNS Resolver is used by the CIFS and AFS modules, and would support SMB2 later. DNS Resolver is supported by the userspace upcall helper "/sbin/dns.resolver" via /etc/request-key.conf. See <file:Documentation/networking/dns_resolver.txt> for further information. To compile this as a module, choose M here: the module will be called dnsresolver. If unsure, say N. ��dns_resolver/Makefile��0000644��00000000253�14722053255�0010716 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Makefile for the Linux DNS Resolver. # obj-$(CONFIG_DNS_RESOLVER) += dns_resolver.o dns_resolver-y := dns_key.o dns_query.o ��bridge/Kconfig��0000644��00000004074�14722053255�0007315 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # 802.1d Ethernet Bridging # config BRIDGE tristate "802.1d Ethernet Bridging" select LLC select STP depends on IPV6 \|\| IPV6=n ---help--- If you say Y here, then your Linux box will be able to act as an Ethernet bridge, which means that the different Ethernet segments it is connected to will appear as one Ethernet to the participants. Several such bridges can work together to create even larger networks of Ethernets using the IEEE 802.1 spanning tree algorithm. As this is a standard, Linux bridges will cooperate properly with other third party bridge products. In order to use the Ethernet bridge, you'll need the bridge configuration tools; see <file:Documentation/networking/bridge.rst> for location. Please read the Bridge mini-HOWTO for more information. If you enable iptables support along with the bridge support then you turn your bridge into a bridging IP firewall. iptables will then see the IP packets being bridged, so you need to take this into account when setting up your firewall rules. Enabling arptables support when bridging will let arptables see bridged ARP traffic in the arptables FORWARD chain. To compile this code as a module, choose M here: the module will be called bridge. If unsure, say N. config BRIDGE_IGMP_SNOOPING bool "IGMP/MLD snooping" depends on BRIDGE depends on INET default y ---help--- If you say Y here, then the Ethernet bridge will be able selectively forward multicast traffic based on IGMP/MLD traffic received from each port. Say N to exclude this support and reduce the binary size. If unsure, say Y. config BRIDGE_VLAN_FILTERING bool "VLAN filtering" depends on BRIDGE depends on VLAN_8021Q default n ---help--- If you say Y here, then the Ethernet bridge will be able selectively receive and forward traffic based on VLAN information in the packet any VLAN information configured on the bridge port or bridge device. Say N to exclude this support and reduce the binary size. If unsure, say Y. ��bridge/Makefile��0000644��00000001470�14722053255�0007447 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for the IEEE 802.1d ethernet bridging layer. # obj-$(CONFIG_BRIDGE) += bridge.o bridge-y := br.o br_device.o br_fdb.o br_forward.o br_if.o br_input.o \ br_ioctl.o br_stp.o br_stp_bpdu.o \ br_stp_if.o br_stp_timer.o br_netlink.o \ br_netlink_tunnel.o br_arp_nd_proxy.o bridge-$(CONFIG_SYSFS) += br_sysfs_if.o br_sysfs_br.o bridge-$(subst m,y,$(CONFIG_BRIDGE_NETFILTER)) += br_nf_core.o br_netfilter-y := br_netfilter_hooks.o br_netfilter-$(subst m,y,$(CONFIG_IPV6)) += br_netfilter_ipv6.o obj-$(CONFIG_BRIDGE_NETFILTER) += br_netfilter.o bridge-$(CONFIG_BRIDGE_IGMP_SNOOPING) += br_multicast.o br_mdb.o bridge-$(CONFIG_BRIDGE_VLAN_FILTERING) += br_vlan.o br_vlan_tunnel.o bridge-$(CONFIG_NET_SWITCHDEV) += br_switchdev.o obj-$(CONFIG_NETFILTER) += netfilter/ ��bridge/netfilter/Kconfig��0000644��00000016507�14722053255�0011315 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Bridge netfilter configuration # # menuconfig NF_TABLES_BRIDGE depends on BRIDGE && NETFILTER && NF_TABLES select NETFILTER_FAMILY_BRIDGE tristate "Ethernet Bridge nf_tables support" if NF_TABLES_BRIDGE config NFT_BRIDGE_META tristate "Netfilter nf_table bridge meta support" help Add support for bridge dedicated meta key. config NFT_BRIDGE_REJECT tristate "Netfilter nf_tables bridge reject support" depends on NFT_REJECT && NFT_REJECT_IPV4 && NFT_REJECT_IPV6 help Add support to reject packets. config NF_LOG_BRIDGE tristate "Bridge packet logging" select NF_LOG_COMMON endif # NF_TABLES_BRIDGE config NF_CONNTRACK_BRIDGE tristate "IPv4/IPV6 bridge connection tracking support" depends on NF_CONNTRACK default n help Connection tracking keeps a record of what packets have passed through your machine, in order to figure out how they are related into connections. This is used to enhance packet filtering via stateful policies. Enable this if you want native tracking from the bridge. This provides a replacement for the `br_netfilter' infrastructure. To compile it as a module, choose M here. If unsure, say N. menuconfig BRIDGE_NF_EBTABLES tristate "Ethernet Bridge tables (ebtables) support" depends on BRIDGE && NETFILTER && NETFILTER_XTABLES select NETFILTER_FAMILY_BRIDGE help ebtables is a general, extensible frame/packet identification framework. Say 'Y' or 'M' here if you want to do Ethernet filtering/NAT/brouting on the Ethernet bridge. if BRIDGE_NF_EBTABLES # # tables # config BRIDGE_EBT_BROUTE tristate "ebt: broute table support" help The ebtables broute table is used to define rules that decide between bridging and routing frames, giving Linux the functionality of a brouter. See the man page for ebtables(8) and examples on the ebtables website. To compile it as a module, choose M here. If unsure, say N. config BRIDGE_EBT_T_FILTER tristate "ebt: filter table support" help The ebtables filter table is used to define frame filtering rules at local input, forwarding and local output. See the man page for ebtables(8). To compile it as a module, choose M here. If unsure, say N. config BRIDGE_EBT_T_NAT tristate "ebt: nat table support" help The ebtables nat table is used to define rules that alter the MAC source address (MAC SNAT) or the MAC destination address (MAC DNAT). See the man page for ebtables(8). To compile it as a module, choose M here. If unsure, say N. # # matches # config BRIDGE_EBT_802_3 tristate "ebt: 802.3 filter support" help This option adds matching support for 802.3 Ethernet frames. To compile it as a module, choose M here. If unsure, say N. config BRIDGE_EBT_AMONG tristate "ebt: among filter support" help This option adds the among match, which allows matching the MAC source and/or destination address on a list of addresses. Optionally, MAC/IP address pairs can be matched, f.e. for anti-spoofing rules. To compile it as a module, choose M here. If unsure, say N. config BRIDGE_EBT_ARP tristate "ebt: ARP filter support" help This option adds the ARP match, which allows ARP and RARP header field filtering. To compile it as a module, choose M here. If unsure, say N. config BRIDGE_EBT_IP tristate "ebt: IP filter support" help This option adds the IP match, which allows basic IP header field filtering. To compile it as a module, choose M here. If unsure, say N. config BRIDGE_EBT_IP6 tristate "ebt: IP6 filter support" depends on BRIDGE_NF_EBTABLES && IPV6 help This option adds the IP6 match, which allows basic IPV6 header field filtering. To compile it as a module, choose M here. If unsure, say N. config BRIDGE_EBT_LIMIT tristate "ebt: limit match support" help This option adds the limit match, which allows you to control the rate at which a rule can be matched. This match is the equivalent of the iptables limit match. If you want to compile it as a module, say M here and read <file:Documentation/kbuild/modules.rst>. If unsure, say `N'. config BRIDGE_EBT_MARK tristate "ebt: mark filter support" help This option adds the mark match, which allows matching frames based on the 'nfmark' value in the frame. This can be set by the mark target. This value is the same as the one used in the iptables mark match and target. To compile it as a module, choose M here. If unsure, say N. config BRIDGE_EBT_PKTTYPE tristate "ebt: packet type filter support" help This option adds the packet type match, which allows matching on the type of packet based on its Ethernet "class" (as determined by the generic networking code): broadcast, multicast, for this host alone or for another host. To compile it as a module, choose M here. If unsure, say N. config BRIDGE_EBT_STP tristate "ebt: STP filter support" help This option adds the Spanning Tree Protocol match, which allows STP header field filtering. To compile it as a module, choose M here. If unsure, say N. config BRIDGE_EBT_VLAN tristate "ebt: 802.1Q VLAN filter support" help This option adds the 802.1Q vlan match, which allows the filtering of 802.1Q vlan fields. To compile it as a module, choose M here. If unsure, say N. # # targets # config BRIDGE_EBT_ARPREPLY tristate "ebt: arp reply target support" depends on BRIDGE_NF_EBTABLES && INET help This option adds the arp reply target, which allows automatically sending arp replies to arp requests. To compile it as a module, choose M here. If unsure, say N. config BRIDGE_EBT_DNAT tristate "ebt: dnat target support" help This option adds the MAC DNAT target, which allows altering the MAC destination address of frames. To compile it as a module, choose M here. If unsure, say N. config BRIDGE_EBT_MARK_T tristate "ebt: mark target support" help This option adds the mark target, which allows marking frames by setting the 'nfmark' value in the frame. This value is the same as the one used in the iptables mark match and target. To compile it as a module, choose M here. If unsure, say N. config BRIDGE_EBT_REDIRECT tristate "ebt: redirect target support" help This option adds the MAC redirect target, which allows altering the MAC destination address of a frame to that of the device it arrived on. To compile it as a module, choose M here. If unsure, say N. config BRIDGE_EBT_SNAT tristate "ebt: snat target support" help This option adds the MAC SNAT target, which allows altering the MAC source address of frames. To compile it as a module, choose M here. If unsure, say N. # # watchers # config BRIDGE_EBT_LOG tristate "ebt: log support" help This option adds the log watcher, that you can use in any rule in any ebtables table. It records info about the frame header to the syslog. To compile it as a module, choose M here. If unsure, say N. config BRIDGE_EBT_NFLOG tristate "ebt: nflog support" help This option enables the nflog watcher, which allows to LOG messages through the netfilter logging API, which can use either the old LOG target, the old ULOG target or nfnetlink_log as backend. This option adds the nflog watcher, that you can use in any rule in any ebtables table. To compile it as a module, choose M here. If unsure, say N. endif # BRIDGE_NF_EBTABLES ��bridge/netfilter/Makefile��0000644��00000002551�14722053255�0011444 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for the netfilter modules for Link Layer filtering on a bridge. # obj-$(CONFIG_NFT_BRIDGE_META) += nft_meta_bridge.o obj-$(CONFIG_NFT_BRIDGE_REJECT) += nft_reject_bridge.o # connection tracking obj-$(CONFIG_NF_CONNTRACK_BRIDGE) += nf_conntrack_bridge.o # packet logging obj-$(CONFIG_NF_LOG_BRIDGE) += nf_log_bridge.o obj-$(CONFIG_BRIDGE_NF_EBTABLES) += ebtables.o # tables obj-$(CONFIG_BRIDGE_EBT_BROUTE) += ebtable_broute.o obj-$(CONFIG_BRIDGE_EBT_T_FILTER) += ebtable_filter.o obj-$(CONFIG_BRIDGE_EBT_T_NAT) += ebtable_nat.o #matches obj-$(CONFIG_BRIDGE_EBT_802_3) += ebt_802_3.o obj-$(CONFIG_BRIDGE_EBT_AMONG) += ebt_among.o obj-$(CONFIG_BRIDGE_EBT_ARP) += ebt_arp.o obj-$(CONFIG_BRIDGE_EBT_IP) += ebt_ip.o obj-$(CONFIG_BRIDGE_EBT_IP6) += ebt_ip6.o obj-$(CONFIG_BRIDGE_EBT_LIMIT) += ebt_limit.o obj-$(CONFIG_BRIDGE_EBT_MARK) += ebt_mark_m.o obj-$(CONFIG_BRIDGE_EBT_PKTTYPE) += ebt_pkttype.o obj-$(CONFIG_BRIDGE_EBT_STP) += ebt_stp.o obj-$(CONFIG_BRIDGE_EBT_VLAN) += ebt_vlan.o # targets obj-$(CONFIG_BRIDGE_EBT_ARPREPLY) += ebt_arpreply.o obj-$(CONFIG_BRIDGE_EBT_MARK_T) += ebt_mark.o obj-$(CONFIG_BRIDGE_EBT_DNAT) += ebt_dnat.o obj-$(CONFIG_BRIDGE_EBT_REDIRECT) += ebt_redirect.o obj-$(CONFIG_BRIDGE_EBT_SNAT) += ebt_snat.o # watchers obj-$(CONFIG_BRIDGE_EBT_LOG) += ebt_log.o obj-$(CONFIG_BRIDGE_EBT_NFLOG) += ebt_nflog.o ��bluetooth/hidp/Kconfig��0000644��00000000607�14722053255�0011010 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only config BT_HIDP tristate "HIDP protocol support" depends on BT_BREDR && INPUT select HID help HIDP (Human Interface Device Protocol) is a transport layer for HID reports. HIDP is required for the Bluetooth Human Interface Device Profile. Say Y here to compile HIDP support into the kernel or say M to compile it as module (hidp). ��bluetooth/hidp/Makefile��0000644��00000000227�14722053255�0011143 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Makefile for the Linux Bluetooth HIDP layer # obj-$(CONFIG_BT_HIDP) += hidp.o hidp-objs := core.o sock.o ��bluetooth/Kconfig��0000644��00000007574�14722053255�0010076 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Bluetooth subsystem configuration # menuconfig BT tristate "Bluetooth subsystem support" depends on NET && !S390 depends on RFKILL \|\| !RFKILL select CRC16 select CRYPTO select CRYPTO_BLKCIPHER select CRYPTO_LIB_AES imply CRYPTO_AES select CRYPTO_CMAC select CRYPTO_ECB select CRYPTO_SHA256 select CRYPTO_ECDH help Bluetooth is low-cost, low-power, short-range wireless technology. It was designed as a replacement for cables and other short-range technologies like IrDA. Bluetooth operates in personal area range that typically extends up to 10 meters. More information about Bluetooth can be found at <http://www.bluetooth.com/>. Linux Bluetooth subsystem consist of several layers: Bluetooth Core HCI device and connection manager, scheduler SCO audio links L2CAP (Logical Link Control and Adaptation Protocol) SMP (Security Manager Protocol) on LE (Low Energy) links HCI Device drivers (Interface to the hardware) RFCOMM Module (RFCOMM Protocol) BNEP Module (Bluetooth Network Encapsulation Protocol) CMTP Module (CAPI Message Transport Protocol) HIDP Module (Human Interface Device Protocol) Say Y here to compile Bluetooth support into the kernel or say M to compile it as module (bluetooth). To use Linux Bluetooth subsystem, you will need several user-space utilities like hciconfig and bluetoothd. These utilities and updates to Bluetooth kernel modules are provided in the BlueZ packages. For more information, see <http://www.bluez.org/>. config BT_BREDR bool "Bluetooth Classic (BR/EDR) features" depends on BT default y help Bluetooth Classic includes support for Basic Rate (BR) available with Bluetooth version 1.0b or later and support for Enhanced Data Rate (EDR) available with Bluetooth version 2.0 or later. source "net/bluetooth/rfcomm/Kconfig" source "net/bluetooth/bnep/Kconfig" source "net/bluetooth/cmtp/Kconfig" source "net/bluetooth/hidp/Kconfig" config BT_HS bool "Bluetooth High Speed (HS) features" depends on BT_BREDR help Bluetooth High Speed includes support for off-loading Bluetooth connections via 802.11 (wifi) physical layer available with Bluetooth version 3.0 or later. config BT_LE bool "Bluetooth Low Energy (LE) features" depends on BT default y help Bluetooth Low Energy includes support low-energy physical layer available with Bluetooth version 4.0 or later. config BT_6LOWPAN tristate "Bluetooth 6LoWPAN support" depends on BT_LE && 6LOWPAN help IPv6 compression over Bluetooth Low Energy. config BT_LEDS bool "Enable LED triggers" depends on BT depends on LEDS_CLASS select LEDS_TRIGGERS help This option selects a few LED triggers for different Bluetooth events. config BT_SELFTEST bool "Bluetooth self testing support" depends on BT && DEBUG_KERNEL help Run self tests when initializing the Bluetooth subsystem. This is a developer option and can cause significant delay when booting the system. When the Bluetooth subsystem is built as module, then the test cases are run first thing at module load time. When the Bluetooth subsystem is compiled into the kernel image, then the test cases are run late in the initcall hierarchy. config BT_SELFTEST_ECDH bool "ECDH test cases" depends on BT_LE && BT_SELFTEST help Run test cases for ECDH cryptographic functionality used by the Bluetooth Low Energy Secure Connections feature. config BT_SELFTEST_SMP bool "SMP test cases" depends on BT_LE && BT_SELFTEST help Run test cases for SMP cryptographic functionality, including both legacy SMP as well as the Secure Connections features. config BT_DEBUGFS bool "Export Bluetooth internals in debugfs" depends on BT && DEBUG_FS default y help Provide extensive information about internal Bluetooth states in debugfs. source "drivers/bluetooth/Kconfig" ��bluetooth/rfcomm/Kconfig��0000644��00000001030�14722053255�0011336 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only config BT_RFCOMM tristate "RFCOMM protocol support" depends on BT_BREDR help RFCOMM provides connection oriented stream transport. RFCOMM support is required for Dialup Networking, OBEX and other Bluetooth applications. Say Y here to compile RFCOMM support into the kernel or say M to compile it as module (rfcomm). config BT_RFCOMM_TTY bool "RFCOMM TTY support" depends on BT_RFCOMM depends on TTY help This option enables TTY emulation support for RFCOMM channels. ��bluetooth/rfcomm/Makefile��0000644��00000000307�14722053255�0011501 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Makefile for the Linux Bluetooth RFCOMM layer. # obj-$(CONFIG_BT_RFCOMM) += rfcomm.o rfcomm-y := core.o sock.o rfcomm-$(CONFIG_BT_RFCOMM_TTY) += tty.o ��bluetooth/bnep/Kconfig��0000644��00000001264�14722053255�0011010 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only config BT_BNEP tristate "BNEP protocol support" depends on BT_BREDR select CRC32 help BNEP (Bluetooth Network Encapsulation Protocol) is Ethernet emulation layer on top of Bluetooth. BNEP is required for Bluetooth PAN (Personal Area Network). Say Y here to compile BNEP support into the kernel or say M to compile it as module (bnep). config BT_BNEP_MC_FILTER bool "Multicast filter support" depends on BT_BNEP help This option enables the multicast filter support for BNEP. config BT_BNEP_PROTO_FILTER bool "Protocol filter support" depends on BT_BNEP help This option enables the protocol filter support for BNEP. ��bluetooth/bnep/Makefile��0000644��00000000241�14722053255�0011137 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Makefile for the Linux Bluetooth BNEP layer. # obj-$(CONFIG_BT_BNEP) += bnep.o bnep-objs := core.o sock.o netdev.o ��bluetooth/Makefile��0000644��00000001320�14722053255�0010212 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for the Linux Bluetooth subsystem. # obj-$(CONFIG_BT) += bluetooth.o obj-$(CONFIG_BT_RFCOMM) += rfcomm/ obj-$(CONFIG_BT_BNEP) += bnep/ obj-$(CONFIG_BT_CMTP) += cmtp/ obj-$(CONFIG_BT_HIDP) += hidp/ obj-$(CONFIG_BT_6LOWPAN) += bluetooth_6lowpan.o bluetooth_6lowpan-y := 6lowpan.o bluetooth-y := af_bluetooth.o hci_core.o hci_conn.o hci_event.o mgmt.o \ hci_sock.o hci_sysfs.o l2cap_core.o l2cap_sock.o smp.o lib.o \ ecdh_helper.o hci_request.o mgmt_util.o bluetooth-$(CONFIG_BT_BREDR) += sco.o bluetooth-$(CONFIG_BT_HS) += a2mp.o amp.o bluetooth-$(CONFIG_BT_LEDS) += leds.o bluetooth-$(CONFIG_BT_DEBUGFS) += hci_debugfs.o bluetooth-$(CONFIG_BT_SELFTEST) += selftest.o ��bluetooth/cmtp/Kconfig��0000644��00000000575�14722053255�0011033 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only config BT_CMTP tristate "CMTP protocol support" depends on BT_BREDR && ISDN_CAPI help CMTP (CAPI Message Transport Protocol) is a transport layer for CAPI messages. CMTP is required for the Bluetooth Common ISDN Access Profile. Say Y here to compile CMTP support into the kernel or say M to compile it as module (cmtp). ��bluetooth/cmtp/Makefile��0000644��00000000236�14722053255�0011162 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Makefile for the Linux Bluetooth CMTP layer # obj-$(CONFIG_BT_CMTP) += cmtp.o cmtp-objs := core.o sock.o capi.o ��wimax/Kconfig��0000644��00000002030�14722053255�0007174 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # WiMAX LAN device configuration # menuconfig WIMAX tristate "WiMAX Wireless Broadband support" depends on RFKILL \|\| !RFKILL help Select to configure support for devices that provide wireless broadband connectivity using the WiMAX protocol (IEEE 802.16). Please note that most of these devices require signing up for a service plan with a provider. The different WiMAX drivers can be enabled in the menu entry Device Drivers > Network device support > WiMAX Wireless Broadband devices If unsure, it is safe to select M (module). config WIMAX_DEBUG_LEVEL int "WiMAX debug level" depends on WIMAX default 8 help Select the maximum debug verbosity level to be compiled into the WiMAX stack code. By default, debug messages are disabled at runtime and can be selectively enabled for different parts of the code using the sysfs debug-levels file. If set at zero, this will compile out all the debug code. It is recommended that it is left at 8. ��wimax/Makefile��0000644��00000000314�14722053255�0007334 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 obj-$(CONFIG_WIMAX) += wimax.o wimax-y := \ id-table.o \ op-msg.o \ op-reset.o \ op-rfkill.o \ op-state-get.o \ stack.o wimax-$(CONFIG_DEBUG_FS) += debugfs.o ��ceph/Kconfig��0000644��00000002222�14722053255�0006771 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only config CEPH_LIB tristate "Ceph core library" depends on INET select LIBCRC32C select CRYPTO_AES select CRYPTO_CBC select CRYPTO select KEYS default n help Choose Y or M here to include cephlib, which provides the common functionality to both the Ceph filesystem and to the rados block device (rbd). More information at http://ceph.newdream.net/. If unsure, say N. config CEPH_LIB_PRETTYDEBUG bool "Include file:line in ceph debug output" depends on CEPH_LIB default n help If you say Y here, debug output will include a filename and line to aid debugging. This increases kernel size and slows execution slightly when debug call sites are enabled (e.g., via CONFIG_DYNAMIC_DEBUG). If unsure, say N. config CEPH_LIB_USE_DNS_RESOLVER bool "Use in-kernel support for DNS lookup" depends on CEPH_LIB select DNS_RESOLVER default n help If you say Y here, hostnames (e.g. monitor addresses) will be resolved using the CONFIG_DNS_RESOLVER facility. For information on how to use CONFIG_DNS_RESOLVER consult Documentation/networking/dns_resolver.txt If unsure, say N. ��ceph/Makefile��0000644��00000000701�14722053255�0007126 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for CEPH filesystem. # obj-$(CONFIG_CEPH_LIB) += libceph.o libceph-y := ceph_common.o messenger.o msgpool.o buffer.o pagelist.o \ mon_client.o decode.o \ cls_lock_client.o \ osd_client.o osdmap.o crush/crush.o crush/mapper.o crush/hash.o \ striper.o \ debugfs.o \ auth.o auth_none.o \ crypto.o armor.o \ auth_x.o \ ceph_fs.o ceph_strings.o ceph_hash.o \ pagevec.o snapshot.o string_table.o ��rose/Makefile��0000644��00000000446�14722053255�0007165 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Makefile for the Linux Rose (X.25 PLP) layer. # obj-$(CONFIG_ROSE) += rose.o rose-y := af_rose.o rose_dev.o rose_in.o rose_link.o rose_loopback.o \ rose_out.o rose_route.o rose_subr.o rose_timer.o rose-$(CONFIG_SYSCTL) += sysctl_net_rose.o ��lapb/Kconfig��0000644��00000001605�14722053255�0006774 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # LAPB Data Link Drive # config LAPB tristate "LAPB Data Link Driver" ---help--- Link Access Procedure, Balanced (LAPB) is the data link layer (i.e. the lower) part of the X.25 protocol. It offers a reliable connection service to exchange data frames with one other host, and it is used to transport higher level protocols (mostly X.25 Packet Layer, the higher part of X.25, but others are possible as well). Usually, LAPB is used with specialized X.21 network cards, but Linux currently supports LAPB only over Ethernet connections. If you want to use LAPB connections over Ethernet, say Y here and to "LAPB over Ethernet driver" below. Read <file:Documentation/networking/lapb-module.txt> for technical details. To compile this driver as a module, choose M here: the module will be called lapb. If unsure, say N. ��lapb/Makefile��0000644��00000000265�14722053255�0007132 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Makefile for the Linux LAPB layer. # obj-$(CONFIG_LAPB) += lapb.o lapb-y := lapb_in.o lapb_out.o lapb_subr.o lapb_timer.o lapb_iface.o ��xfrm/Kconfig��0000644��00000005052�14722053255�0007032 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # XFRM configuration # config XFRM bool depends on INET select GRO_CELLS select SKB_EXTENSIONS config XFRM_OFFLOAD bool config XFRM_ALGO tristate select XFRM select CRYPTO select CRYPTO_HASH select CRYPTO_BLKCIPHER if INET config XFRM_USER tristate "Transformation user configuration interface" select XFRM_ALGO ---help--- Support for Transformation(XFRM) user configuration interface like IPsec used by native Linux tools. If unsure, say Y. config XFRM_INTERFACE tristate "Transformation virtual interface" depends on XFRM && IPV6 ---help--- This provides a virtual interface to route IPsec traffic. If unsure, say N. config XFRM_SUB_POLICY bool "Transformation sub policy support" depends on XFRM ---help--- Support sub policy for developers. By using sub policy with main one, two policies can be applied to the same packet at once. Policy which lives shorter time in kernel should be a sub. If unsure, say N. config XFRM_MIGRATE bool "Transformation migrate database" depends on XFRM ---help--- A feature to update locator(s) of a given IPsec security association dynamically. This feature is required, for instance, in a Mobile IPv6 environment with IPsec configuration where mobile nodes change their attachment point to the Internet. If unsure, say N. config XFRM_STATISTICS bool "Transformation statistics" depends on XFRM && PROC_FS ---help--- This statistics is not a SNMP/MIB specification but shows statistics about transformation error (or almost error) factor at packet processing for developer. If unsure, say N. config XFRM_IPCOMP tristate select XFRM_ALGO select CRYPTO select CRYPTO_DEFLATE config NET_KEY tristate "PF_KEY sockets" select XFRM_ALGO ---help--- PF_KEYv2 socket family, compatible to KAME ones. They are required if you are going to use IPsec tools ported from KAME. Say Y unless you know what you are doing. config NET_KEY_MIGRATE bool "PF_KEY MIGRATE" depends on NET_KEY select XFRM_MIGRATE ---help--- Add a PF_KEY MIGRATE message to PF_KEYv2 socket family. The PF_KEY MIGRATE message is used to dynamically update locator(s) of a given IPsec security association. This feature is required, for instance, in a Mobile IPv6 environment with IPsec configuration where mobile nodes change their attachment point to the Internet. Detail information can be found in the internet-draft <draft-sugimoto-mip6-pfkey-migrate>. If unsure, say N. endif # INET ��xfrm/Makefile��0000644��00000000772�14722053255�0007173 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for the XFRM subsystem. # xfrm_interface-$(CONFIG_XFRM_INTERFACE) += xfrm_interface_core.o obj-$(CONFIG_XFRM) := xfrm_policy.o xfrm_state.o xfrm_hash.o \ xfrm_input.o xfrm_output.o \ xfrm_sysctl.o xfrm_replay.o xfrm_device.o obj-$(CONFIG_XFRM_STATISTICS) += xfrm_proc.o obj-$(CONFIG_XFRM_ALGO) += xfrm_algo.o obj-$(CONFIG_XFRM_USER) += xfrm_user.o obj-$(CONFIG_XFRM_IPCOMP) += xfrm_ipcomp.o obj-$(CONFIG_XFRM_INTERFACE) += xfrm_interface.o ��nfc/Kconfig��0000644��00000001515�14722053255�0006624 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # NFC sybsystem configuration # menuconfig NFC depends on NET depends on RFKILL \|\| !RFKILL tristate "NFC subsystem support" default n help Say Y here if you want to build support for NFC (Near field communication) devices. To compile this support as a module, choose M here: the module will be called nfc. config NFC_DIGITAL depends on NFC select CRC_CCITT select CRC_ITU_T tristate "NFC Digital Protocol stack support" default n help Say Y if you want to build NFC digital protocol stack support. This is needed by NFC chipsets whose firmware only implement the NFC analog layer. To compile this support as a module, choose M here: the module will be called nfc_digital. source "net/nfc/nci/Kconfig" source "net/nfc/hci/Kconfig" source "drivers/nfc/Kconfig" ��nfc/hci/Kconfig��0000644��00000001052�14722053255�0007363 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only config NFC_HCI depends on NFC tristate "NFC HCI implementation" default n help Say Y here if you want to build support for a kernel NFC HCI implementation. This is mostly needed for devices that only process HCI frames, like for example the NXP pn544. config NFC_SHDLC depends on NFC_HCI select CRC_CCITT bool "SHDLC link layer for HCI based NFC drivers" default n ---help--- Say yes if you use an NFC HCI driver that requires SHDLC link layer. If unsure, say N here. ��nfc/hci/Makefile��0000644��00000000316�14722053255�0007522 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Makefile for the Linux NFC HCI layer. # obj-$(CONFIG_NFC_HCI) += hci.o hci-y := core.o hcp.o command.o llc.o llc_nop.o hci-$(CONFIG_NFC_SHDLC) += llc_shdlc.o ��nfc/nci/Kconfig��0000644��00000001474�14722053255�0007401 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only config NFC_NCI depends on NFC tristate "NCI protocol support" default n help NCI (NFC Controller Interface) is a communication protocol between an NFC Controller (NFCC) and a Device Host (DH). Say Y here to compile NCI support into the kernel or say M to compile it as module (nci). config NFC_NCI_SPI depends on NFC_NCI && SPI select CRC_CCITT tristate "NCI over SPI protocol support" default n help NCI (NFC Controller Interface) is a communication protocol between an NFC Controller (NFCC) and a Device Host (DH). Say yes if you use an NCI driver that requires SPI link layer. config NFC_NCI_UART depends on NFC_NCI && TTY tristate "NCI over UART protocol support" default n help Say yes if you use an NCI driver that requires UART link layer. ��nfc/nci/Makefile��0000644��00000000434�14722053255�0007531 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for the Linux NFC NCI layer. # obj-$(CONFIG_NFC_NCI) += nci.o nci-objs := core.o data.o lib.o ntf.o rsp.o hci.o nci_spi-y += spi.o obj-$(CONFIG_NFC_NCI_SPI) += nci_spi.o nci_uart-y += uart.o obj-$(CONFIG_NFC_NCI_UART) += nci_uart.o ��nfc/Makefile��0000644��00000000566�14722053255�0006766 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for the Linux NFC subsystem. # obj-$(CONFIG_NFC) += nfc.o obj-$(CONFIG_NFC_NCI) += nci/ obj-$(CONFIG_NFC_HCI) += hci/ obj-$(CONFIG_NFC_DIGITAL) += nfc_digital.o nfc-objs := core.o netlink.o af_nfc.o rawsock.o llcp_core.o llcp_commands.o \ llcp_sock.o nfc_digital-objs := digital_core.o digital_technology.o digital_dep.o ��packet/Kconfig��0000644��00000001233�14722053255�0007322 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Packet configuration # config PACKET tristate "Packet socket" ---help--- The Packet protocol is used by applications which communicate directly with network devices without an intermediate network protocol implemented in the kernel, e.g. tcpdump. If you want them to work, choose Y. To compile this driver as a module, choose M here: the module will be called af_packet. If unsure, say Y. config PACKET_DIAG tristate "Packet: sockets monitoring interface" depends on PACKET default n ---help--- Support for PF_PACKET sockets monitoring interface used by the ss tool. If unsure, say Y. ��packet/Makefile��0000644��00000000270�14722053255�0007457 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Makefile for the packet AF. # obj-$(CONFIG_PACKET) += af_packet.o obj-$(CONFIG_PACKET_DIAG) += af_packet_diag.o af_packet_diag-y += diag.o ��l3mdev/Kconfig��0000644��00000000460�14722053255�0007246 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Configuration for L3 master device support # config NET_L3_MASTER_DEV bool "L3 Master device support" depends on INET \|\| IPV6 ---help--- This module provides glue between core networking code and device drivers to support L3 master devices like VRF. ��l3mdev/Makefile��0000644��00000000172�14722053255�0007403 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Makefile for the L3 device API # obj-$(CONFIG_NET_L3_MASTER_DEV) += l3mdev.o ��qrtr/Kconfig��0000644��00000001651�14722053255�0007047 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # Qualcomm IPC Router configuration # config QRTR tristate "Qualcomm IPC Router support" depends on ARCH_QCOM \|\| COMPILE_TEST ---help--- Say Y if you intend to use Qualcomm IPC router protocol. The protocol is used to communicate with services provided by other hardware blocks in the system. In order to do service lookups, a userspace daemon is required to maintain a service listing. if QRTR config QRTR_SMD tristate "SMD IPC Router channels" depends on RPMSG \|\| (COMPILE_TEST && RPMSG=n) ---help--- Say Y here to support SMD based ipcrouter channels. SMD is the most common transport for IPC Router. config QRTR_TUN tristate "TUN device for Qualcomm IPC Router" ---help--- Say Y here to expose a character device that allows user space to implement endpoints of QRTR, for purpose of tunneling data to other hosts or testing purposes. endif # QRTR ��qrtr/Makefile��0000644��00000000270�14722053255�0007200 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only obj-$(CONFIG_QRTR) := qrtr.o obj-$(CONFIG_QRTR_SMD) += qrtr-smd.o qrtr-smd-y := smd.o obj-$(CONFIG_QRTR_TUN) += qrtr-tun.o qrtr-tun-y := tun.o ��Makefile��0000644��00000004744�14722053255�0006222 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for the linux networking. # # 2 Sep 2000, Christoph Hellwig <hch@infradead.org> # Rewritten to use lists instead of if-statements. # obj-$(CONFIG_NET) := socket.o core/ tmp-$(CONFIG_COMPAT) := compat.o obj-$(CONFIG_NET) += $(tmp-y) # LLC has to be linked before the files in net/802/ obj-$(CONFIG_LLC) += llc/ obj-$(CONFIG_NET) += ethernet/ 802/ sched/ netlink/ bpf/ obj-$(CONFIG_NETFILTER) += netfilter/ obj-$(CONFIG_INET) += ipv4/ obj-$(CONFIG_TLS) += tls/ obj-$(CONFIG_XFRM) += xfrm/ obj-$(CONFIG_UNIX_SCM) += unix/ obj-$(CONFIG_NET) += ipv6/ obj-$(CONFIG_BPFILTER) += bpfilter/ obj-$(CONFIG_PACKET) += packet/ obj-$(CONFIG_NET_KEY) += key/ obj-$(CONFIG_BRIDGE) += bridge/ obj-$(CONFIG_NET_DSA) += dsa/ obj-$(CONFIG_ATALK) += appletalk/ obj-$(CONFIG_X25) += x25/ obj-$(CONFIG_LAPB) += lapb/ obj-$(CONFIG_NETROM) += netrom/ obj-$(CONFIG_ROSE) += rose/ obj-$(CONFIG_AX25) += ax25/ obj-$(CONFIG_CAN) += can/ obj-$(CONFIG_BT) += bluetooth/ obj-$(CONFIG_SUNRPC) += sunrpc/ obj-$(CONFIG_AF_RXRPC) += rxrpc/ obj-$(CONFIG_AF_KCM) += kcm/ obj-$(CONFIG_STREAM_PARSER) += strparser/ obj-$(CONFIG_ATM) += atm/ obj-$(CONFIG_L2TP) += l2tp/ obj-$(CONFIG_PHONET) += phonet/ ifneq ($(CONFIG_VLAN_8021Q),) obj-y += 8021q/ endif obj-$(CONFIG_IP_DCCP) += dccp/ obj-$(CONFIG_IP_SCTP) += sctp/ obj-$(CONFIG_RDS) += rds/ obj-$(CONFIG_WIRELESS) += wireless/ obj-$(CONFIG_MAC80211) += mac80211/ obj-$(CONFIG_TIPC) += tipc/ obj-$(CONFIG_NETLABEL) += netlabel/ obj-$(CONFIG_IUCV) += iucv/ obj-$(CONFIG_SMC) += smc/ obj-$(CONFIG_RFKILL) += rfkill/ obj-$(CONFIG_NET_9P) += 9p/ obj-$(CONFIG_CAIF) += caif/ ifneq ($(CONFIG_DCB),) obj-y += dcb/ endif obj-$(CONFIG_6LOWPAN) += 6lowpan/ obj-$(CONFIG_IEEE802154) += ieee802154/ obj-$(CONFIG_MAC802154) += mac802154/ ifeq ($(CONFIG_NET),y) obj-$(CONFIG_SYSCTL) += sysctl_net.o endif obj-$(CONFIG_WIMAX) += wimax/ obj-$(CONFIG_DNS_RESOLVER) += dns_resolver/ obj-$(CONFIG_CEPH_LIB) += ceph/ obj-$(CONFIG_BATMAN_ADV) += batman-adv/ obj-$(CONFIG_NFC) += nfc/ obj-$(CONFIG_PSAMPLE) += psample/ obj-$(CONFIG_NET_IFE) += ife/ obj-$(CONFIG_OPENVSWITCH) += openvswitch/ obj-$(CONFIG_VSOCKETS) += vmw_vsock/ obj-$(CONFIG_MPLS) += mpls/ obj-$(CONFIG_NET_NSH) += nsh/ obj-$(CONFIG_HSR) += hsr/ ifneq ($(CONFIG_NET_SWITCHDEV),) obj-y += switchdev/ endif ifneq ($(CONFIG_NET_L3_MASTER_DEV),) obj-y += l3mdev/ endif obj-$(CONFIG_QRTR) += qrtr/ obj-$(CONFIG_NET_NCSI) += ncsi/ obj-$(CONFIG_XDP_SOCKETS) += xdp/ ��can/Kconfig��0000644��00000004547�14722053255�0006627 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Controller Area Network (CAN) network layer core configuration # menuconfig CAN depends on NET tristate "CAN bus subsystem support" ---help--- Controller Area Network (CAN) is a slow (up to 1Mbit/s) serial communications protocol. Development of the CAN bus started in 1983 at Robert Bosch GmbH, and the protocol was officially released in 1986. The CAN bus was originally mainly for automotive, but is now widely used in marine (NMEA2000), industrial, and medical applications. More information on the CAN network protocol family PF_CAN is contained in <Documentation/networking/can.rst>. If you want CAN support you should say Y here and also to the specific driver for your controller(s) below. if CAN config CAN_RAW tristate "Raw CAN Protocol (raw access with CAN-ID filtering)" default y ---help--- The raw CAN protocol option offers access to the CAN bus via the BSD socket API. You probably want to use the raw socket in most cases where no higher level protocol is being used. The raw socket has several filter options e.g. ID masking / error frames. To receive/send raw CAN messages, use AF_CAN with protocol CAN_RAW. config CAN_BCM tristate "Broadcast Manager CAN Protocol (with content filtering)" default y ---help--- The Broadcast Manager offers content filtering, timeout monitoring, sending of RTR frames, and cyclic CAN messages without permanent user interaction. The BCM can be 'programmed' via the BSD socket API and informs you on demand e.g. only on content updates / timeouts. You probably want to use the bcm socket in most cases where cyclic CAN messages are used on the bus (e.g. in automotive environments). To use the Broadcast Manager, use AF_CAN with protocol CAN_BCM. config CAN_GW tristate "CAN Gateway/Router (with netlink configuration)" default y ---help--- The CAN Gateway/Router is used to route (and modify) CAN frames. It is based on the PF_CAN core infrastructure for msg filtering and msg sending and can optionally modify routed CAN frames on the fly. CAN frames can be routed between CAN network interfaces (one hop). They can be modified with AND/OR/XOR/SET operations as configured by the netlink configuration interface known e.g. from iptables. source "net/can/j1939/Kconfig" source "drivers/net/can/Kconfig" endif ��can/j1939/Kconfig��0000644��00000000612�14722053255�0007373 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # SAE J1939 network layer core configuration # config CAN_J1939 tristate "SAE J1939" depends on CAN help SAE J1939 Say Y to have in-kernel support for j1939 socket type. This allows communication according to SAE j1939. The relevant parts in kernel are SAE j1939-21 (datalink & transport protocol) & SAE j1939-81 (network management). ��can/j1939/Makefile��0000644��00000000237�14722053255�0007533 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 obj-$(CONFIG_CAN_J1939) += can-j1939.o can-j1939-objs := \ address-claim.o \ bus.o \ main.o \ socket.o \ transport.o ��can/Makefile��0000644��00000000566�14722053255�0006761 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for the Linux Controller Area Network core. # obj-$(CONFIG_CAN) += can.o can-y := af_can.o can-$(CONFIG_PROC_FS) += proc.o obj-$(CONFIG_CAN_RAW) += can-raw.o can-raw-y := raw.o obj-$(CONFIG_CAN_BCM) += can-bcm.o can-bcm-y := bcm.o obj-$(CONFIG_CAN_GW) += can-gw.o can-gw-y := gw.o obj-$(CONFIG_CAN_J1939) += j1939/ ��dsa/Kconfig��0000644��00000006751�14722053255�0006634 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only config HAVE_NET_DSA def_bool y depends on INET && NETDEVICES && !S390 # Drivers must select NET_DSA and the appropriate tagging format menuconfig NET_DSA tristate "Distributed Switch Architecture" depends on HAVE_NET_DSA depends on BRIDGE \|\| BRIDGE=n select GRO_CELLS select NET_SWITCHDEV select PHYLINK select NET_DEVLINK ---help--- Say Y if you want to enable support for the hardware switches supported by the Distributed Switch Architecture. if NET_DSA # tagging formats config NET_DSA_TAG_8021Q tristate "Tag driver for switches using custom 802.1Q VLAN headers" select VLAN_8021Q help Unlike the other tagging protocols, the 802.1Q config option simply provides helpers for other tagging implementations that might rely on VLAN in one way or another. It is not a complete solution. Drivers which use these helpers should select this as dependency. config NET_DSA_TAG_BRCM_COMMON tristate default n config NET_DSA_TAG_BRCM tristate "Tag driver for Broadcom switches using in-frame headers" select NET_DSA_TAG_BRCM_COMMON help Say Y if you want to enable support for tagging frames for the Broadcom switches which place the tag after the MAC source address. config NET_DSA_TAG_BRCM_PREPEND tristate "Tag driver for Broadcom switches using prepended headers" select NET_DSA_TAG_BRCM_COMMON help Say Y if you want to enable support for tagging frames for the Broadcom switches which places the tag before the Ethernet header (prepended). config NET_DSA_TAG_GSWIP tristate "Tag driver for Lantiq / Intel GSWIP switches" help Say Y or M if you want to enable support for tagging frames for the Lantiq / Intel GSWIP switches. config NET_DSA_TAG_DSA tristate "Tag driver for Marvell switches using DSA headers" help Say Y or M if you want to enable support for tagging frames for the Marvell switches which use DSA headers. config NET_DSA_TAG_EDSA tristate "Tag driver for Marvell switches using EtherType DSA headers" help Say Y or M if you want to enable support for tagging frames for the Marvell switches which use EtherType DSA headers. config NET_DSA_TAG_MTK tristate "Tag driver for Mediatek switches" help Say Y or M if you want to enable support for tagging frames for Mediatek switches. config NET_DSA_TAG_KSZ tristate "Tag driver for Microchip 8795/9477/9893 families of switches" help Say Y if you want to enable support for tagging frames for the Microchip 8795/9477/9893 families of switches. config NET_DSA_TAG_QCA tristate "Tag driver for Qualcomm Atheros QCA8K switches" help Say Y or M if you want to enable support for tagging frames for the Qualcomm Atheros QCA8K switches. config NET_DSA_TAG_LAN9303 tristate "Tag driver for SMSC/Microchip LAN9303 family of switches" help Say Y or M if you want to enable support for tagging frames for the SMSC/Microchip LAN9303 family of switches. config NET_DSA_TAG_SJA1105 tristate "Tag driver for NXP SJA1105 switches" select NET_DSA_TAG_8021Q select PACKING help Say Y or M if you want to enable support for tagging frames with the NXP SJA1105 switch family. Both the native tagging protocol (which is only for link-local traffic) as well as non-native tagging (based on a custom 802.1Q VLAN header) are available. config NET_DSA_TAG_TRAILER tristate "Tag driver for switches using a trailer tag" help Say Y or M if you want to enable support for tagging frames at with a trailed. e.g. Marvell 88E6060. endif ��dsa/Makefile��0000644��00000001245�14722053255�0006762 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # the core obj-$(CONFIG_NET_DSA) += dsa_core.o dsa_core-y += dsa.o dsa2.o master.o port.o slave.o switch.o # tagging formats obj-$(CONFIG_NET_DSA_TAG_8021Q) += tag_8021q.o obj-$(CONFIG_NET_DSA_TAG_BRCM_COMMON) += tag_brcm.o obj-$(CONFIG_NET_DSA_TAG_DSA) += tag_dsa.o obj-$(CONFIG_NET_DSA_TAG_EDSA) += tag_edsa.o obj-$(CONFIG_NET_DSA_TAG_GSWIP) += tag_gswip.o obj-$(CONFIG_NET_DSA_TAG_KSZ) += tag_ksz.o obj-$(CONFIG_NET_DSA_TAG_LAN9303) += tag_lan9303.o obj-$(CONFIG_NET_DSA_TAG_MTK) += tag_mtk.o obj-$(CONFIG_NET_DSA_TAG_QCA) += tag_qca.o obj-$(CONFIG_NET_DSA_TAG_SJA1105) += tag_sja1105.o obj-$(CONFIG_NET_DSA_TAG_TRAILER) += tag_trailer.o ��netrom/Makefile��0000644��00000000417�14722053255�0007517 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Makefile for the Linux NET/ROM layer. # obj-$(CONFIG_NETROM) += netrom.o netrom-y := af_netrom.o nr_dev.o nr_in.o nr_loopback.o \ nr_out.o nr_route.o nr_subr.o nr_timer.o netrom-$(CONFIG_SYSCTL) += sysctl_net_netrom.o ��unix/Kconfig��0000644��00000002040�14722053255�0007033 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Unix Domain Sockets # config UNIX tristate "Unix domain sockets" ---help--- If you say Y here, you will include support for Unix domain sockets; sockets are the standard Unix mechanism for establishing and accessing network connections. Many commonly used programs such as the X Window system and syslog use these sockets even if your machine is not connected to any network. Unless you are working on an embedded system or something similar, you therefore definitely want to say Y here. To compile this driver as a module, choose M here: the module will be called unix. Note that several important services won't work correctly if you say M here and then neglect to load the module. Say Y unless you know what you are doing. config UNIX_SCM bool depends on UNIX default y config UNIX_DIAG tristate "UNIX: socket monitoring interface" depends on UNIX default n ---help--- Support for UNIX socket monitoring interface used by the ss tool. If unsure, say Y. ��unix/Makefile��0000644��00000000444�14722053255�0007176 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for the Linux unix domain socket layer. # obj-$(CONFIG_UNIX) += unix.o unix-y := af_unix.o garbage.o unix-$(CONFIG_SYSCTL) += sysctl_net_unix.o obj-$(CONFIG_UNIX_DIAG) += unix_diag.o unix_diag-y := diag.o obj-$(CONFIG_UNIX_SCM) += scm.o ��rfkill/Kconfig��0000644��00000001456�14722053255�0007345 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # RF switch subsystem configuration # menuconfig RFKILL tristate "RF switch subsystem support" help Say Y here if you want to have control over RF switches found on many WiFi and Bluetooth cards. To compile this driver as a module, choose M here: the module will be called rfkill. # LED trigger support config RFKILL_LEDS bool depends on RFKILL depends on LEDS_TRIGGERS = y \|\| RFKILL = LEDS_TRIGGERS default y config RFKILL_INPUT bool "RF switch input support" if EXPERT depends on RFKILL depends on INPUT = y \|\| RFKILL = INPUT default y if !EXPERT config RFKILL_GPIO tristate "GPIO RFKILL driver" depends on RFKILL depends on GPIOLIB \|\| COMPILE_TEST default n help If you say yes here you get support of a generic gpio RFKILL driver. ��rfkill/Makefile��0000644��00000000340�14722053255�0007471 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Makefile for the RF switch subsystem. # rfkill-y += core.o rfkill-$(CONFIG_RFKILL_INPUT) += input.o obj-$(CONFIG_RFKILL) += rfkill.o obj-$(CONFIG_RFKILL_GPIO) += rfkill-gpio.o ��netfilter/Kconfig��0000644��00000150516�14722053255�0010060 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only menu "Core Netfilter Configuration" depends on NET && INET && NETFILTER config NETFILTER_INGRESS bool "Netfilter ingress support" default y select NET_INGRESS help This allows you to classify packets from ingress using the Netfilter infrastructure. config NETFILTER_NETLINK tristate config NETFILTER_FAMILY_BRIDGE bool config NETFILTER_FAMILY_ARP bool config NETFILTER_NETLINK_ACCT tristate "Netfilter NFACCT over NFNETLINK interface" depends on NETFILTER_ADVANCED select NETFILTER_NETLINK help If this option is enabled, the kernel will include support for extended accounting via NFNETLINK. config NETFILTER_NETLINK_QUEUE tristate "Netfilter NFQUEUE over NFNETLINK interface" depends on NETFILTER_ADVANCED select NETFILTER_NETLINK help If this option is enabled, the kernel will include support for queueing packets via NFNETLINK. config NETFILTER_NETLINK_LOG tristate "Netfilter LOG over NFNETLINK interface" default m if NETFILTER_ADVANCED=n select NETFILTER_NETLINK help If this option is enabled, the kernel will include support for logging packets via NFNETLINK. This obsoletes the existing ipt_ULOG and ebg_ulog mechanisms, and is also scheduled to replace the old syslog-based ipt_LOG and ip6t_LOG modules. config NETFILTER_NETLINK_OSF tristate "Netfilter OSF over NFNETLINK interface" depends on NETFILTER_ADVANCED select NETFILTER_NETLINK help If this option is enabled, the kernel will include support for passive OS fingerprint via NFNETLINK. config NF_CONNTRACK tristate "Netfilter connection tracking support" default m if NETFILTER_ADVANCED=n select NF_DEFRAG_IPV4 select NF_DEFRAG_IPV6 if IPV6 != n help Connection tracking keeps a record of what packets have passed through your machine, in order to figure out how they are related into connections. This is required to do Masquerading or other kinds of Network Address Translation. It can also be used to enhance packet filtering (see `Connection state match support' below). To compile it as a module, choose M here. If unsure, say N. config NF_LOG_COMMON tristate config NF_LOG_NETDEV tristate "Netdev packet logging" select NF_LOG_COMMON if NF_CONNTRACK config NETFILTER_CONNCOUNT tristate config NF_CONNTRACK_MARK bool 'Connection mark tracking support' depends on NETFILTER_ADVANCED help This option enables support for connection marks, used by the `CONNMARK' target and `connmark' match. Similar to the mark value of packets, but this mark value is kept in the conntrack session instead of the individual packets. config NF_CONNTRACK_SECMARK bool 'Connection tracking security mark support' depends on NETWORK_SECMARK default y if NETFILTER_ADVANCED=n help This option enables security markings to be applied to connections. Typically they are copied to connections from packets using the CONNSECMARK target and copied back from connections to packets with the same target, with the packets being originally labeled via SECMARK. If unsure, say 'N'. config NF_CONNTRACK_ZONES bool 'Connection tracking zones' depends on NETFILTER_ADVANCED help This option enables support for connection tracking zones. Normally, each connection needs to have a unique system wide identity. Connection tracking zones allow to have multiple connections using the same identity, as long as they are contained in different zones. If unsure, say `N'. config NF_CONNTRACK_PROCFS bool "Supply CT list in procfs (OBSOLETE)" depends on PROC_FS ---help--- This option enables for the list of known conntrack entries to be shown in procfs under net/netfilter/nf_conntrack. This is considered obsolete in favor of using the conntrack(8) tool which uses Netlink. config NF_CONNTRACK_EVENTS bool "Connection tracking events" depends on NETFILTER_ADVANCED help If this option is enabled, the connection tracking code will provide a notifier chain that can be used by other kernel code to get notified about changes in the connection tracking state. If unsure, say `N'. config NF_CONNTRACK_TIMEOUT bool 'Connection tracking timeout' depends on NETFILTER_ADVANCED help This option enables support for connection tracking timeout extension. This allows you to attach timeout policies to flow via the CT target. If unsure, say `N'. config NF_CONNTRACK_TIMESTAMP bool 'Connection tracking timestamping' depends on NETFILTER_ADVANCED help This option enables support for connection tracking timestamping. This allows you to store the flow start-time and to obtain the flow-stop time (once it has been destroyed) via Connection tracking events. If unsure, say `N'. config NF_CONNTRACK_LABELS bool "Connection tracking labels" help This option enables support for assigning user-defined flag bits to connection tracking entries. It can be used with xtables connlabel match and the nftables ct expression. config NF_CT_PROTO_DCCP bool 'DCCP protocol connection tracking support' depends on NETFILTER_ADVANCED default y help With this option enabled, the layer 3 independent connection tracking code will be able to do state tracking on DCCP connections. If unsure, say Y. config NF_CT_PROTO_GRE bool config NF_CT_PROTO_SCTP bool 'SCTP protocol connection tracking support' depends on NETFILTER_ADVANCED default y select LIBCRC32C help With this option enabled, the layer 3 independent connection tracking code will be able to do state tracking on SCTP connections. If unsure, say Y. config NF_CT_PROTO_UDPLITE bool 'UDP-Lite protocol connection tracking support' depends on NETFILTER_ADVANCED default y help With this option enabled, the layer 3 independent connection tracking code will be able to do state tracking on UDP-Lite connections. If unsure, say Y. config NF_CONNTRACK_AMANDA tristate "Amanda backup protocol support" depends on NETFILTER_ADVANCED select TEXTSEARCH select TEXTSEARCH_KMP help If you are running the Amanda backup package <http://www.amanda.org/> on this machine or machines that will be MASQUERADED through this machine, then you may want to enable this feature. This allows the connection tracking and natting code to allow the sub-channels that Amanda requires for communication of the backup data, messages and index. To compile it as a module, choose M here. If unsure, say N. config NF_CONNTRACK_FTP tristate "FTP protocol support" default m if NETFILTER_ADVANCED=n help Tracking FTP connections is problematic: special helpers are required for tracking them, and doing masquerading and other forms of Network Address Translation on them. This is FTP support on Layer 3 independent connection tracking. To compile it as a module, choose M here. If unsure, say N. config NF_CONNTRACK_H323 tristate "H.323 protocol support" depends on IPV6 \|\| IPV6=n depends on NETFILTER_ADVANCED help H.323 is a VoIP signalling protocol from ITU-T. As one of the most important VoIP protocols, it is widely used by voice hardware and software including voice gateways, IP phones, Netmeeting, OpenPhone, Gnomemeeting, etc. With this module you can support H.323 on a connection tracking/NAT firewall. This module supports RAS, Fast Start, H.245 Tunnelling, Call Forwarding, RTP/RTCP and T.120 based audio, video, fax, chat, whiteboard, file transfer, etc. For more information, please visit http://nath323.sourceforge.net/. To compile it as a module, choose M here. If unsure, say N. config NF_CONNTRACK_IRC tristate "IRC protocol support" default m if NETFILTER_ADVANCED=n help There is a commonly-used extension to IRC called Direct Client-to-Client Protocol (DCC). This enables users to send files to each other, and also chat to each other without the need of a server. DCC Sending is used anywhere you send files over IRC, and DCC Chat is most commonly used by Eggdrop bots. If you are using NAT, this extension will enable you to send files and initiate chats. Note that you do NOT need this extension to get files or have others initiate chats, or everything else in IRC. To compile it as a module, choose M here. If unsure, say N. config NF_CONNTRACK_BROADCAST tristate config NF_CONNTRACK_NETBIOS_NS tristate "NetBIOS name service protocol support" select NF_CONNTRACK_BROADCAST help NetBIOS name service requests are sent as broadcast messages from an unprivileged port and responded to with unicast messages to the same port. This make them hard to firewall properly because connection tracking doesn't deal with broadcasts. This helper tracks locally originating NetBIOS name service requests and the corresponding responses. It relies on correct IP address configuration, specifically netmask and broadcast address. When properly configured, the output of "ip address show" should look similar to this: $ ip -4 address show eth0 4: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 inet 172.16.2.252/24 brd 172.16.2.255 scope global eth0 To compile it as a module, choose M here. If unsure, say N. config NF_CONNTRACK_SNMP tristate "SNMP service protocol support" depends on NETFILTER_ADVANCED select NF_CONNTRACK_BROADCAST help SNMP service requests are sent as broadcast messages from an unprivileged port and responded to with unicast messages to the same port. This make them hard to firewall properly because connection tracking doesn't deal with broadcasts. This helper tracks locally originating SNMP service requests and the corresponding responses. It relies on correct IP address configuration, specifically netmask and broadcast address. To compile it as a module, choose M here. If unsure, say N. config NF_CONNTRACK_PPTP tristate "PPtP protocol support" depends on NETFILTER_ADVANCED select NF_CT_PROTO_GRE help This module adds support for PPTP (Point to Point Tunnelling Protocol, RFC2637) connection tracking and NAT. If you are running PPTP sessions over a stateful firewall or NAT box, you may want to enable this feature. Please note that not all PPTP modes of operation are supported yet. Specifically these limitations exist: - Blindly assumes that control connections are always established in PNS->PAC direction. This is a violation of RFC2637. - Only supports a single call within each session To compile it as a module, choose M here. If unsure, say N. config NF_CONNTRACK_SANE tristate "SANE protocol support" depends on NETFILTER_ADVANCED help SANE is a protocol for remote access to scanners as implemented by the 'saned' daemon. Like FTP, it uses separate control and data connections. With this module you can support SANE on a connection tracking firewall. To compile it as a module, choose M here. If unsure, say N. config NF_CONNTRACK_SIP tristate "SIP protocol support" default m if NETFILTER_ADVANCED=n help SIP is an application-layer control protocol that can establish, modify, and terminate multimedia sessions (conferences) such as Internet telephony calls. With the nf_conntrack_sip and the nf_nat_sip modules you can support the protocol on a connection tracking/NATing firewall. To compile it as a module, choose M here. If unsure, say N. config NF_CONNTRACK_TFTP tristate "TFTP protocol support" depends on NETFILTER_ADVANCED help TFTP connection tracking helper, this is required depending on how restrictive your ruleset is. If you are using a tftp client behind -j SNAT or -j MASQUERADING you will need this. To compile it as a module, choose M here. If unsure, say N. config NF_CT_NETLINK tristate 'Connection tracking netlink interface' select NETFILTER_NETLINK default m if NETFILTER_ADVANCED=n help This option enables support for a netlink-based userspace interface config NF_CT_NETLINK_TIMEOUT tristate 'Connection tracking timeout tuning via Netlink' select NETFILTER_NETLINK depends on NETFILTER_ADVANCED depends on NF_CONNTRACK_TIMEOUT help This option enables support for connection tracking timeout fine-grain tuning. This allows you to attach specific timeout policies to flows, instead of using the global timeout policy. If unsure, say `N'. config NF_CT_NETLINK_HELPER tristate 'Connection tracking helpers in user-space via Netlink' select NETFILTER_NETLINK depends on NF_CT_NETLINK depends on NETFILTER_NETLINK_QUEUE depends on NETFILTER_NETLINK_GLUE_CT depends on NETFILTER_ADVANCED help This option enables the user-space connection tracking helpers infrastructure. If unsure, say `N'. config NETFILTER_NETLINK_GLUE_CT bool "NFQUEUE and NFLOG integration with Connection Tracking" default n depends on (NETFILTER_NETLINK_QUEUE \|\| NETFILTER_NETLINK_LOG) && NF_CT_NETLINK help If this option is enabled, NFQUEUE and NFLOG can include Connection Tracking information together with the packet is the enqueued via NFNETLINK. config NF_NAT tristate "Network Address Translation support" depends on NF_CONNTRACK default m if NETFILTER_ADVANCED=n help The NAT option allows masquerading, port forwarding and other forms of full Network Address Port Translation. This can be controlled by iptables, ip6tables or nft. config NF_NAT_AMANDA tristate depends on NF_CONNTRACK && NF_NAT default NF_NAT && NF_CONNTRACK_AMANDA config NF_NAT_FTP tristate depends on NF_CONNTRACK && NF_NAT default NF_NAT && NF_CONNTRACK_FTP config NF_NAT_IRC tristate depends on NF_CONNTRACK && NF_NAT default NF_NAT && NF_CONNTRACK_IRC config NF_NAT_SIP tristate depends on NF_CONNTRACK && NF_NAT default NF_NAT && NF_CONNTRACK_SIP config NF_NAT_TFTP tristate depends on NF_CONNTRACK && NF_NAT default NF_NAT && NF_CONNTRACK_TFTP config NF_NAT_REDIRECT bool config NF_NAT_MASQUERADE bool config NETFILTER_SYNPROXY tristate endif # NF_CONNTRACK config NF_TABLES select NETFILTER_NETLINK tristate "Netfilter nf_tables support" help nftables is the new packet classification framework that intends to replace the existing {ip,ip6,arp,eb}_tables infrastructure. It provides a pseudo-state machine with an extensible instruction-set (also known as expressions) that the userspace 'nft' utility (http://www.netfilter.org/projects/nftables) uses to build the rule-set. It also comes with the generic set infrastructure that allows you to construct mappings between matchings and actions for performance lookups. To compile it as a module, choose M here. if NF_TABLES config NF_TABLES_SET tristate "Netfilter nf_tables set infrastructure" help This option enables the nf_tables set infrastructure that allows to look up for elements in a set and to build one-way mappings between matchings and actions. config NF_TABLES_INET depends on IPV6 select NF_TABLES_IPV4 select NF_TABLES_IPV6 bool "Netfilter nf_tables mixed IPv4/IPv6 tables support" help This option enables support for a mixed IPv4/IPv6 "inet" table. config NF_TABLES_NETDEV bool "Netfilter nf_tables netdev tables support" help This option enables support for the "netdev" table. config NFT_NUMGEN tristate "Netfilter nf_tables number generator module" help This option adds the number generator expression used to perform incremental counting and random numbers bound to a upper limit. config NFT_CT depends on NF_CONNTRACK tristate "Netfilter nf_tables conntrack module" help This option adds the "ct" expression that you can use to match connection tracking information such as the flow state. config NFT_FLOW_OFFLOAD depends on NF_CONNTRACK && NF_FLOW_TABLE tristate "Netfilter nf_tables hardware flow offload module" help This option adds the "flow_offload" expression that you can use to choose what flows are placed into the hardware. config NFT_COUNTER tristate "Netfilter nf_tables counter module" help This option adds the "counter" expression that you can use to include packet and byte counters in a rule. config NFT_CONNLIMIT tristate "Netfilter nf_tables connlimit module" depends on NF_CONNTRACK depends on NETFILTER_ADVANCED select NETFILTER_CONNCOUNT help This option adds the "connlimit" expression that you can use to ratelimit rule matchings per connections. config NFT_LOG tristate "Netfilter nf_tables log module" help This option adds the "log" expression that you can use to log packets matching some criteria. config NFT_LIMIT tristate "Netfilter nf_tables limit module" help This option adds the "limit" expression that you can use to ratelimit rule matchings. config NFT_MASQ depends on NF_CONNTRACK depends on NF_NAT select NF_NAT_MASQUERADE tristate "Netfilter nf_tables masquerade support" help This option adds the "masquerade" expression that you can use to perform NAT in the masquerade flavour. config NFT_REDIR depends on NF_CONNTRACK depends on NF_NAT tristate "Netfilter nf_tables redirect support" select NF_NAT_REDIRECT help This options adds the "redirect" expression that you can use to perform NAT in the redirect flavour. config NFT_NAT depends on NF_CONNTRACK select NF_NAT depends on NF_TABLES_IPV4 \|\| NF_TABLES_IPV6 tristate "Netfilter nf_tables nat module" help This option adds the "nat" expression that you can use to perform typical Network Address Translation (NAT) packet transformations. config NFT_TUNNEL tristate "Netfilter nf_tables tunnel module" help This option adds the "tunnel" expression that you can use to set tunneling policies. config NFT_OBJREF tristate "Netfilter nf_tables stateful object reference module" help This option adds the "objref" expression that allows you to refer to stateful objects, such as counters and quotas. config NFT_QUEUE depends on NETFILTER_NETLINK_QUEUE tristate "Netfilter nf_tables queue module" help This is required if you intend to use the userspace queueing infrastructure (also known as NFQUEUE) from nftables. config NFT_QUOTA tristate "Netfilter nf_tables quota module" help This option adds the "quota" expression that you can use to match enforce bytes quotas. config NFT_REJECT default m if NETFILTER_ADVANCED=n tristate "Netfilter nf_tables reject support" depends on !NF_TABLES_INET \|\| (IPV6!=m \|\| m) help This option adds the "reject" expression that you can use to explicitly deny and notify via TCP reset/ICMP informational errors unallowed traffic. config NFT_REJECT_INET depends on NF_TABLES_INET default NFT_REJECT tristate config NFT_COMPAT depends on NETFILTER_XTABLES tristate "Netfilter x_tables over nf_tables module" help This is required if you intend to use any of existing x_tables match/target extensions over the nf_tables framework. config NFT_HASH tristate "Netfilter nf_tables hash module" help This option adds the "hash" expression that you can use to perform a hash operation on registers. config NFT_FIB tristate config NFT_FIB_INET depends on NF_TABLES_INET depends on NFT_FIB_IPV4 depends on NFT_FIB_IPV6 tristate "Netfilter nf_tables fib inet support" help This option allows using the FIB expression from the inet table. The lookup will be delegated to the IPv4 or IPv6 FIB depending on the protocol of the packet. config NFT_XFRM tristate "Netfilter nf_tables xfrm/IPSec security association matching" depends on XFRM help This option adds an expression that you can use to extract properties of a packets security association. config NFT_SOCKET tristate "Netfilter nf_tables socket match support" depends on IPV6 \|\| IPV6=n select NF_SOCKET_IPV4 select NF_SOCKET_IPV6 if NF_TABLES_IPV6 help This option allows matching for the presence or absence of a corresponding socket and its attributes. config NFT_OSF tristate "Netfilter nf_tables passive OS fingerprint support" depends on NETFILTER_ADVANCED select NETFILTER_NETLINK_OSF help This option allows matching packets from an specific OS. config NFT_TPROXY tristate "Netfilter nf_tables tproxy support" depends on IPV6 \|\| IPV6=n select NF_DEFRAG_IPV4 select NF_DEFRAG_IPV6 if NF_TABLES_IPV6 select NF_TPROXY_IPV4 select NF_TPROXY_IPV6 if NF_TABLES_IPV6 help This makes transparent proxy support available in nftables. config NFT_SYNPROXY tristate "Netfilter nf_tables SYNPROXY expression support" depends on NF_CONNTRACK && NETFILTER_ADVANCED select NETFILTER_SYNPROXY select SYN_COOKIES help The SYNPROXY expression allows you to intercept TCP connections and establish them using syncookies before they are passed on to the server. This allows to avoid conntrack and server resource usage during SYN-flood attacks. if NF_TABLES_NETDEV config NF_DUP_NETDEV tristate "Netfilter packet duplication support" help This option enables the generic packet duplication infrastructure for Netfilter. config NFT_DUP_NETDEV tristate "Netfilter nf_tables netdev packet duplication support" select NF_DUP_NETDEV help This option enables packet duplication for the "netdev" family. config NFT_FWD_NETDEV tristate "Netfilter nf_tables netdev packet forwarding support" select NF_DUP_NETDEV help This option enables packet forwarding for the "netdev" family. config NFT_FIB_NETDEV depends on NFT_FIB_IPV4 depends on NFT_FIB_IPV6 tristate "Netfilter nf_tables netdev fib lookups support" help This option allows using the FIB expression from the netdev table. The lookup will be delegated to the IPv4 or IPv6 FIB depending on the protocol of the packet. endif # NF_TABLES_NETDEV endif # NF_TABLES config NF_FLOW_TABLE_INET tristate "Netfilter flow table mixed IPv4/IPv6 module" depends on NF_FLOW_TABLE help This option adds the flow table mixed IPv4/IPv6 support. To compile it as a module, choose M here. config NF_FLOW_TABLE tristate "Netfilter flow table module" depends on NETFILTER_INGRESS depends on NF_CONNTRACK depends on NF_TABLES help This option adds the flow table core infrastructure. To compile it as a module, choose M here. config NETFILTER_XTABLES tristate "Netfilter Xtables support (required for ip_tables)" default m if NETFILTER_ADVANCED=n help This is required if you intend to use any of ip_tables, ip6_tables or arp_tables. if NETFILTER_XTABLES comment "Xtables combined modules" config NETFILTER_XT_MARK tristate 'nfmark target and match support' default m if NETFILTER_ADVANCED=n ---help--- This option adds the "MARK" target and "mark" match. Netfilter mark matching allows you to match packets based on the "nfmark" value in the packet. The target allows you to create rules in the "mangle" table which alter the netfilter mark (nfmark) field associated with the packet. Prior to routing, the nfmark can influence the routing method and can also be used by other subsystems to change their behavior. config NETFILTER_XT_CONNMARK tristate 'ctmark target and match support' depends on NF_CONNTRACK depends on NETFILTER_ADVANCED select NF_CONNTRACK_MARK ---help--- This option adds the "CONNMARK" target and "connmark" match. Netfilter allows you to store a mark value per connection (a.k.a. ctmark), similarly to the packet mark (nfmark). Using this target and match, you can set and match on this mark. config NETFILTER_XT_SET tristate 'set target and match support' depends on IP_SET depends on NETFILTER_ADVANCED help This option adds the "SET" target and "set" match. Using this target and match, you can add/delete and match elements in the sets created by ipset(8). To compile it as a module, choose M here. If unsure, say N. # alphabetically ordered list of targets comment "Xtables targets" config NETFILTER_XT_TARGET_AUDIT tristate "AUDIT target support" depends on AUDIT depends on NETFILTER_ADVANCED ---help--- This option adds a 'AUDIT' target, which can be used to create audit records for packets dropped/accepted. To compileit as a module, choose M here. If unsure, say N. config NETFILTER_XT_TARGET_CHECKSUM tristate "CHECKSUM target support" depends on IP_NF_MANGLE \|\| IP6_NF_MANGLE depends on NETFILTER_ADVANCED ---help--- This option adds a `CHECKSUM' target, which can be used in the iptables mangle table to work around buggy DHCP clients in virtualized environments. Some old DHCP clients drop packets because they are not aware that the checksum would normally be offloaded to hardware and thus should be considered valid. This target can be used to fill in the checksum using iptables when such packets are sent via a virtual network device. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_TARGET_CLASSIFY tristate '"CLASSIFY" target support' depends on NETFILTER_ADVANCED help This option adds a `CLASSIFY' target, which enables the user to set the priority of a packet. Some qdiscs can use this value for classification, among these are: atm, cbq, dsmark, pfifo_fast, htb, prio To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_TARGET_CONNMARK tristate '"CONNMARK" target support' depends on NF_CONNTRACK depends on NETFILTER_ADVANCED select NETFILTER_XT_CONNMARK ---help--- This is a backwards-compat option for the user's convenience (e.g. when running oldconfig). It selects CONFIG_NETFILTER_XT_CONNMARK (combined connmark/CONNMARK module). config NETFILTER_XT_TARGET_CONNSECMARK tristate '"CONNSECMARK" target support' depends on NF_CONNTRACK && NF_CONNTRACK_SECMARK default m if NETFILTER_ADVANCED=n help The CONNSECMARK target copies security markings from packets to connections, and restores security markings from connections to packets (if the packets are not already marked). This would normally be used in conjunction with the SECMARK target. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_TARGET_CT tristate '"CT" target support' depends on NF_CONNTRACK depends on IP_NF_RAW \|\| IP6_NF_RAW depends on NETFILTER_ADVANCED help This options adds a `CT' target, which allows to specify initial connection tracking parameters like events to be delivered and the helper to be used. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_TARGET_DSCP tristate '"DSCP" and "TOS" target support' depends on IP_NF_MANGLE \|\| IP6_NF_MANGLE depends on NETFILTER_ADVANCED help This option adds a `DSCP' target, which allows you to manipulate the IPv4/IPv6 header DSCP field (differentiated services codepoint). The DSCP field can have any value between 0x0 and 0x3f inclusive. It also adds the "TOS" target, which allows you to create rules in the "mangle" table which alter the Type Of Service field of an IPv4 or the Priority field of an IPv6 packet, prior to routing. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_TARGET_HL tristate '"HL" hoplimit target support' depends on IP_NF_MANGLE \|\| IP6_NF_MANGLE depends on NETFILTER_ADVANCED ---help--- This option adds the "HL" (for IPv6) and "TTL" (for IPv4) targets, which enable the user to change the hoplimit/time-to-live value of the IP header. While it is safe to decrement the hoplimit/TTL value, the modules also allow to increment and set the hoplimit value of the header to arbitrary values. This is EXTREMELY DANGEROUS since you can easily create immortal packets that loop forever on the network. config NETFILTER_XT_TARGET_HMARK tristate '"HMARK" target support' depends on IP6_NF_IPTABLES \|\| IP6_NF_IPTABLES=n depends on NETFILTER_ADVANCED ---help--- This option adds the "HMARK" target. The target allows you to create rules in the "raw" and "mangle" tables which set the skbuff mark by means of hash calculation within a given range. The nfmark can influence the routing method and can also be used by other subsystems to change their behaviour. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_TARGET_IDLETIMER tristate "IDLETIMER target support" depends on NETFILTER_ADVANCED help This option adds the `IDLETIMER' target. Each matching packet resets the timer associated with label specified when the rule is added. When the timer expires, it triggers a sysfs notification. The remaining time for expiration can be read via sysfs. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_TARGET_LED tristate '"LED" target support' depends on LEDS_CLASS && LEDS_TRIGGERS depends on NETFILTER_ADVANCED help This option adds a `LED' target, which allows you to blink LEDs in response to particular packets passing through your machine. This can be used to turn a spare LED into a network activity LED, which only flashes in response to FTP transfers, for example. Or you could have an LED which lights up for a minute or two every time somebody connects to your machine via SSH. You will need support for the "led" class to make this work. To create an LED trigger for incoming SSH traffic: iptables -A INPUT -p tcp --dport 22 -j LED --led-trigger-id ssh --led-delay 1000 Then attach the new trigger to an LED on your system: echo netfilter-ssh > /sys/class/leds/<ledname>/trigger For more information on the LEDs available on your system, see Documentation/leds/leds-class.rst config NETFILTER_XT_TARGET_LOG tristate "LOG target support" select NF_LOG_COMMON select NF_LOG_IPV4 select NF_LOG_IPV6 if IP6_NF_IPTABLES default m if NETFILTER_ADVANCED=n help This option adds a `LOG' target, which allows you to create rules in any iptables table which records the packet header to the syslog. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_TARGET_MARK tristate '"MARK" target support' depends on NETFILTER_ADVANCED select NETFILTER_XT_MARK ---help--- This is a backwards-compat option for the user's convenience (e.g. when running oldconfig). It selects CONFIG_NETFILTER_XT_MARK (combined mark/MARK module). config NETFILTER_XT_NAT tristate '"SNAT and DNAT" targets support' depends on NF_NAT ---help--- This option enables the SNAT and DNAT targets. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_TARGET_NETMAP tristate '"NETMAP" target support' depends on NF_NAT ---help--- NETMAP is an implementation of static 1:1 NAT mapping of network addresses. It maps the network address part, while keeping the host address part intact. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_TARGET_NFLOG tristate '"NFLOG" target support' default m if NETFILTER_ADVANCED=n select NETFILTER_NETLINK_LOG help This option enables the NFLOG target, which allows to LOG messages through nfnetlink_log. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_TARGET_NFQUEUE tristate '"NFQUEUE" target Support' depends on NETFILTER_ADVANCED select NETFILTER_NETLINK_QUEUE help This target replaced the old obsolete QUEUE target. As opposed to QUEUE, it supports 65535 different queues, not just one. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_TARGET_NOTRACK tristate '"NOTRACK" target support (DEPRECATED)' depends on NF_CONNTRACK depends on IP_NF_RAW \|\| IP6_NF_RAW depends on NETFILTER_ADVANCED select NETFILTER_XT_TARGET_CT config NETFILTER_XT_TARGET_RATEEST tristate '"RATEEST" target support' depends on NETFILTER_ADVANCED help This option adds a `RATEEST' target, which allows to measure rates similar to TC estimators. The `rateest' match can be used to match on the measured rates. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_TARGET_REDIRECT tristate "REDIRECT target support" depends on NF_NAT select NF_NAT_REDIRECT ---help--- REDIRECT is a special case of NAT: all incoming connections are mapped onto the incoming interface's address, causing the packets to come to the local machine instead of passing through. This is useful for transparent proxies. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_TARGET_MASQUERADE tristate "MASQUERADE target support" depends on NF_NAT default m if NETFILTER_ADVANCED=n select NF_NAT_MASQUERADE help Masquerading is a special case of NAT: all outgoing connections are changed to seem to come from a particular interface's address, and if the interface goes down, those connections are lost. This is only useful for dialup accounts with dynamic IP address (ie. your IP address will be different on next dialup). To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_TARGET_TEE tristate '"TEE" - packet cloning to alternate destination' depends on NETFILTER_ADVANCED depends on IPV6 \|\| IPV6=n depends on !NF_CONNTRACK \|\| NF_CONNTRACK depends on IP6_NF_IPTABLES \|\| !IP6_NF_IPTABLES select NF_DUP_IPV4 select NF_DUP_IPV6 if IP6_NF_IPTABLES ---help--- This option adds a "TEE" target with which a packet can be cloned and this clone be rerouted to another nexthop. config NETFILTER_XT_TARGET_TPROXY tristate '"TPROXY" target transparent proxying support' depends on NETFILTER_XTABLES depends on NETFILTER_ADVANCED depends on IPV6 \|\| IPV6=n depends on IP6_NF_IPTABLES \|\| IP6_NF_IPTABLES=n depends on IP_NF_MANGLE select NF_DEFRAG_IPV4 select NF_DEFRAG_IPV6 if IP6_NF_IPTABLES != n select NF_TPROXY_IPV4 select NF_TPROXY_IPV6 if IP6_NF_IPTABLES help This option adds a `TPROXY' target, which is somewhat similar to REDIRECT. It can only be used in the mangle table and is useful to redirect traffic to a transparent proxy. It does _not_ depend on Netfilter connection tracking and NAT, unlike REDIRECT. For it to work you will have to configure certain iptables rules and use policy routing. For more information on how to set it up see Documentation/networking/tproxy.txt. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_TARGET_TRACE tristate '"TRACE" target support' depends on IP_NF_RAW \|\| IP6_NF_RAW depends on NETFILTER_ADVANCED help The TRACE target allows you to mark packets so that the kernel will log every rule which match the packets as those traverse the tables, chains, rules. If you want to compile it as a module, say M here and read <file:Documentation/kbuild/modules.rst>. If unsure, say `N'. config NETFILTER_XT_TARGET_SECMARK tristate '"SECMARK" target support' depends on NETWORK_SECMARK default m if NETFILTER_ADVANCED=n help The SECMARK target allows security marking of network packets, for use with security subsystems. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_TARGET_TCPMSS tristate '"TCPMSS" target support' depends on IPV6 \|\| IPV6=n default m if NETFILTER_ADVANCED=n ---help--- This option adds a `TCPMSS' target, which allows you to alter the MSS value of TCP SYN packets, to control the maximum size for that connection (usually limiting it to your outgoing interface's MTU minus 40). This is used to overcome criminally braindead ISPs or servers which block ICMP Fragmentation Needed packets. The symptoms of this problem are that everything works fine from your Linux firewall/router, but machines behind it can never exchange large packets: 1) Web browsers connect, then hang with no data received. 2) Small mail works fine, but large emails hang. 3) ssh works fine, but scp hangs after initial handshaking. Workaround: activate this option and add a rule to your firewall configuration like: iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \ -j TCPMSS --clamp-mss-to-pmtu To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_TARGET_TCPOPTSTRIP tristate '"TCPOPTSTRIP" target support' depends on IP_NF_MANGLE \|\| IP6_NF_MANGLE depends on NETFILTER_ADVANCED help This option adds a "TCPOPTSTRIP" target, which allows you to strip TCP options from TCP packets. # alphabetically ordered list of matches comment "Xtables matches" config NETFILTER_XT_MATCH_ADDRTYPE tristate '"addrtype" address type match support' default m if NETFILTER_ADVANCED=n ---help--- This option allows you to match what routing thinks of an address, eg. UNICAST, LOCAL, BROADCAST, ... If you want to compile it as a module, say M here and read <file:Documentation/kbuild/modules.rst>. If unsure, say `N'. config NETFILTER_XT_MATCH_BPF tristate '"bpf" match support' depends on NETFILTER_ADVANCED help BPF matching applies a linux socket filter to each packet and accepts those for which the filter returns non-zero. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_MATCH_CGROUP tristate '"control group" match support' depends on NETFILTER_ADVANCED depends on CGROUPS select CGROUP_NET_CLASSID ---help--- Socket/process control group matching allows you to match locally generated packets based on which net_cls control group processes belong to. config NETFILTER_XT_MATCH_CLUSTER tristate '"cluster" match support' depends on NF_CONNTRACK depends on NETFILTER_ADVANCED ---help--- This option allows you to build work-load-sharing clusters of network servers/stateful firewalls without having a dedicated load-balancing router/server/switch. Basically, this match returns true when the packet must be handled by this cluster node. Thus, all nodes see all packets and this match decides which node handles what packets. The work-load sharing algorithm is based on source address hashing. If you say Y or M here, try `iptables -m cluster --help` for more information. config NETFILTER_XT_MATCH_COMMENT tristate '"comment" match support' depends on NETFILTER_ADVANCED help This option adds a `comment' dummy-match, which allows you to put comments in your iptables ruleset. If you want to compile it as a module, say M here and read <file:Documentation/kbuild/modules.rst>. If unsure, say `N'. config NETFILTER_XT_MATCH_CONNBYTES tristate '"connbytes" per-connection counter match support' depends on NF_CONNTRACK depends on NETFILTER_ADVANCED help This option adds a `connbytes' match, which allows you to match the number of bytes and/or packets for each direction within a connection. If you want to compile it as a module, say M here and read <file:Documentation/kbuild/modules.rst>. If unsure, say `N'. config NETFILTER_XT_MATCH_CONNLABEL tristate '"connlabel" match support' select NF_CONNTRACK_LABELS depends on NF_CONNTRACK depends on NETFILTER_ADVANCED ---help--- This match allows you to test and assign userspace-defined labels names to a connection. The kernel only stores bit values - mapping names to bits is done by userspace. Unlike connmark, more than 32 flag bits may be assigned to a connection simultaneously. config NETFILTER_XT_MATCH_CONNLIMIT tristate '"connlimit" match support' depends on NF_CONNTRACK depends on NETFILTER_ADVANCED select NETFILTER_CONNCOUNT ---help--- This match allows you to match against the number of parallel connections to a server per client IP address (or address block). config NETFILTER_XT_MATCH_CONNMARK tristate '"connmark" connection mark match support' depends on NF_CONNTRACK depends on NETFILTER_ADVANCED select NETFILTER_XT_CONNMARK ---help--- This is a backwards-compat option for the user's convenience (e.g. when running oldconfig). It selects CONFIG_NETFILTER_XT_CONNMARK (combined connmark/CONNMARK module). config NETFILTER_XT_MATCH_CONNTRACK tristate '"conntrack" connection tracking match support' depends on NF_CONNTRACK default m if NETFILTER_ADVANCED=n help This is a general conntrack match module, a superset of the state match. It allows matching on additional conntrack information, which is useful in complex configurations, such as NAT gateways with multiple internet links or tunnels. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_MATCH_CPU tristate '"cpu" match support' depends on NETFILTER_ADVANCED help CPU matching allows you to match packets based on the CPU currently handling the packet. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_MATCH_DCCP tristate '"dccp" protocol match support' depends on NETFILTER_ADVANCED default IP_DCCP help With this option enabled, you will be able to use the iptables `dccp' match in order to match on DCCP source/destination ports and DCCP flags. If you want to compile it as a module, say M here and read <file:Documentation/kbuild/modules.rst>. If unsure, say `N'. config NETFILTER_XT_MATCH_DEVGROUP tristate '"devgroup" match support' depends on NETFILTER_ADVANCED help This options adds a `devgroup' match, which allows to match on the device group a network device is assigned to. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_MATCH_DSCP tristate '"dscp" and "tos" match support' depends on NETFILTER_ADVANCED help This option adds a `DSCP' match, which allows you to match against the IPv4/IPv6 header DSCP field (differentiated services codepoint). The DSCP field can have any value between 0x0 and 0x3f inclusive. It will also add a "tos" match, which allows you to match packets based on the Type Of Service fields of the IPv4 packet (which share the same bits as DSCP). To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_MATCH_ECN tristate '"ecn" match support' depends on NETFILTER_ADVANCED ---help--- This option adds an "ECN" match, which allows you to match against the IPv4 and TCP header ECN fields. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_MATCH_ESP tristate '"esp" match support' depends on NETFILTER_ADVANCED help This match extension allows you to match a range of SPIs inside ESP header of IPSec packets. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_MATCH_HASHLIMIT tristate '"hashlimit" match support' depends on IP6_NF_IPTABLES \|\| IP6_NF_IPTABLES=n depends on NETFILTER_ADVANCED help This option adds a `hashlimit' match. As opposed to `limit', this match dynamically creates a hash table of limit buckets, based on your selection of source/destination addresses and/or ports. It enables you to express policies like `10kpps for any given destination address' or `500pps from any given source address' with a single rule. config NETFILTER_XT_MATCH_HELPER tristate '"helper" match support' depends on NF_CONNTRACK depends on NETFILTER_ADVANCED help Helper matching allows you to match packets in dynamic connections tracked by a conntrack-helper, ie. nf_conntrack_ftp To compile it as a module, choose M here. If unsure, say Y. config NETFILTER_XT_MATCH_HL tristate '"hl" hoplimit/TTL match support' depends on NETFILTER_ADVANCED ---help--- HL matching allows you to match packets based on the hoplimit in the IPv6 header, or the time-to-live field in the IPv4 header of the packet. config NETFILTER_XT_MATCH_IPCOMP tristate '"ipcomp" match support' depends on NETFILTER_ADVANCED help This match extension allows you to match a range of CPIs(16 bits) inside IPComp header of IPSec packets. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_MATCH_IPRANGE tristate '"iprange" address range match support' depends on NETFILTER_ADVANCED ---help--- This option adds a "iprange" match, which allows you to match based on an IP address range. (Normal iptables only matches on single addresses with an optional mask.) If unsure, say M. config NETFILTER_XT_MATCH_IPVS tristate '"ipvs" match support' depends on IP_VS depends on NETFILTER_ADVANCED depends on NF_CONNTRACK help This option allows you to match against IPVS properties of a packet. If unsure, say N. config NETFILTER_XT_MATCH_L2TP tristate '"l2tp" match support' depends on NETFILTER_ADVANCED default L2TP ---help--- This option adds an "L2TP" match, which allows you to match against L2TP protocol header fields. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_MATCH_LENGTH tristate '"length" match support' depends on NETFILTER_ADVANCED help This option allows you to match the length of a packet against a specific value or range of values. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_MATCH_LIMIT tristate '"limit" match support' depends on NETFILTER_ADVANCED help limit matching allows you to control the rate at which a rule can be matched: mainly useful in combination with the LOG target ("LOG target support", below) and to avoid some Denial of Service attacks. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_MATCH_MAC tristate '"mac" address match support' depends on NETFILTER_ADVANCED help MAC matching allows you to match packets based on the source Ethernet address of the packet. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_MATCH_MARK tristate '"mark" match support' depends on NETFILTER_ADVANCED select NETFILTER_XT_MARK ---help--- This is a backwards-compat option for the user's convenience (e.g. when running oldconfig). It selects CONFIG_NETFILTER_XT_MARK (combined mark/MARK module). config NETFILTER_XT_MATCH_MULTIPORT tristate '"multiport" Multiple port match support' depends on NETFILTER_ADVANCED help Multiport matching allows you to match TCP or UDP packets based on a series of source or destination ports: normally a rule can only match a single range of ports. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_MATCH_NFACCT tristate '"nfacct" match support' depends on NETFILTER_ADVANCED select NETFILTER_NETLINK_ACCT help This option allows you to use the extended accounting through nfnetlink_acct. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_MATCH_OSF tristate '"osf" Passive OS fingerprint match' depends on NETFILTER_ADVANCED select NETFILTER_NETLINK_OSF help This option selects the Passive OS Fingerprinting match module that allows to passively match the remote operating system by analyzing incoming TCP SYN packets. Rules and loading software can be downloaded from http://www.ioremap.net/projects/osf To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_MATCH_OWNER tristate '"owner" match support' depends on NETFILTER_ADVANCED ---help--- Socket owner matching allows you to match locally-generated packets based on who created the socket: the user or group. It is also possible to check whether a socket actually exists. config NETFILTER_XT_MATCH_POLICY tristate 'IPsec "policy" match support' depends on XFRM default m if NETFILTER_ADVANCED=n help Policy matching allows you to match packets based on the IPsec policy that was used during decapsulation/will be used during encapsulation. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_MATCH_PHYSDEV tristate '"physdev" match support' depends on BRIDGE && BRIDGE_NETFILTER depends on NETFILTER_ADVANCED help Physdev packet matching matches against the physical bridge ports the IP packet arrived on or will leave by. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_MATCH_PKTTYPE tristate '"pkttype" packet type match support' depends on NETFILTER_ADVANCED help Packet type matching allows you to match a packet by its "class", eg. BROADCAST, MULTICAST, ... Typical usage: iptables -A INPUT -m pkttype --pkt-type broadcast -j LOG To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_MATCH_QUOTA tristate '"quota" match support' depends on NETFILTER_ADVANCED help This option adds a `quota' match, which allows to match on a byte counter. If you want to compile it as a module, say M here and read <file:Documentation/kbuild/modules.rst>. If unsure, say `N'. config NETFILTER_XT_MATCH_RATEEST tristate '"rateest" match support' depends on NETFILTER_ADVANCED select NETFILTER_XT_TARGET_RATEEST help This option adds a `rateest' match, which allows to match on the rate estimated by the RATEEST target. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_MATCH_REALM tristate '"realm" match support' depends on NETFILTER_ADVANCED select IP_ROUTE_CLASSID help This option adds a `realm' match, which allows you to use the realm key from the routing subsystem inside iptables. This match pretty much resembles the CONFIG_NET_CLS_ROUTE4 option in tc world. If you want to compile it as a module, say M here and read <file:Documentation/kbuild/modules.rst>. If unsure, say `N'. config NETFILTER_XT_MATCH_RECENT tristate '"recent" match support' depends on NETFILTER_ADVANCED ---help--- This match is used for creating one or many lists of recently used addresses and then matching against that/those list(s). Short options are available by using 'iptables -m recent -h' Official Website: <http://snowman.net/projects/ipt_recent/> config NETFILTER_XT_MATCH_SCTP tristate '"sctp" protocol match support' depends on NETFILTER_ADVANCED default IP_SCTP help With this option enabled, you will be able to use the `sctp' match in order to match on SCTP source/destination ports and SCTP chunk types. If you want to compile it as a module, say M here and read <file:Documentation/kbuild/modules.rst>. If unsure, say `N'. config NETFILTER_XT_MATCH_SOCKET tristate '"socket" match support' depends on NETFILTER_XTABLES depends on NETFILTER_ADVANCED depends on IPV6 \|\| IPV6=n depends on IP6_NF_IPTABLES \|\| IP6_NF_IPTABLES=n select NF_SOCKET_IPV4 select NF_SOCKET_IPV6 if IP6_NF_IPTABLES select NF_DEFRAG_IPV4 select NF_DEFRAG_IPV6 if IP6_NF_IPTABLES != n help This option adds a `socket' match, which can be used to match packets for which a TCP or UDP socket lookup finds a valid socket. It can be used in combination with the MARK target and policy routing to implement full featured non-locally bound sockets. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_MATCH_STATE tristate '"state" match support' depends on NF_CONNTRACK default m if NETFILTER_ADVANCED=n help Connection state matching allows you to match packets based on their relationship to a tracked connection (ie. previous packets). This is a powerful tool for packet classification. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_MATCH_STATISTIC tristate '"statistic" match support' depends on NETFILTER_ADVANCED help This option adds a `statistic' match, which allows you to match on packets periodically or randomly with a given percentage. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_MATCH_STRING tristate '"string" match support' depends on NETFILTER_ADVANCED select TEXTSEARCH select TEXTSEARCH_KMP select TEXTSEARCH_BM select TEXTSEARCH_FSM help This option adds a `string' match, which allows you to look for pattern matchings in packets. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_MATCH_TCPMSS tristate '"tcpmss" match support' depends on NETFILTER_ADVANCED help This option adds a `tcpmss' match, which allows you to examine the MSS value of TCP SYN packets, which control the maximum packet size for that connection. To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_MATCH_TIME tristate '"time" match support' depends on NETFILTER_ADVANCED ---help--- This option adds a "time" match, which allows you to match based on the packet arrival time (at the machine which netfilter is running) on) or departure time/date (for locally generated packets). If you say Y here, try `iptables -m time --help` for more information. If you want to compile it as a module, say M here. If unsure, say N. config NETFILTER_XT_MATCH_U32 tristate '"u32" match support' depends on NETFILTER_ADVANCED ---help--- u32 allows you to extract quantities of up to 4 bytes from a packet, AND them with specified masks, shift them by specified amounts and test whether the results are in any of a set of specified ranges. The specification of what to extract is general enough to skip over headers with lengths stored in the packet, as in IP or TCP header lengths. Details and examples are in the kernel module source. endif # NETFILTER_XTABLES endmenu source "net/netfilter/ipset/Kconfig" source "net/netfilter/ipvs/Kconfig" ��netfilter/ipset/Kconfig��0000644��00000012513�14722053255�0011176 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only menuconfig IP_SET tristate "IP set support" depends on INET && NETFILTER select NETFILTER_NETLINK help This option adds IP set support to the kernel. In order to define and use the sets, you need the userspace utility ipset(8). You can use the sets in netfilter via the "set" match and "SET" target. To compile it as a module, choose M here. If unsure, say N. if IP_SET config IP_SET_MAX int "Maximum number of IP sets" default 256 range 2 65534 depends on IP_SET help You can define here default value of the maximum number of IP sets for the kernel. The value can be overridden by the 'max_sets' module parameter of the 'ip_set' module. config IP_SET_BITMAP_IP tristate "bitmap:ip set support" depends on IP_SET help This option adds the bitmap:ip set type support, by which one can store IPv4 addresses (or network addresse) from a range. To compile it as a module, choose M here. If unsure, say N. config IP_SET_BITMAP_IPMAC tristate "bitmap:ip,mac set support" depends on IP_SET help This option adds the bitmap:ip,mac set type support, by which one can store IPv4 address and (source) MAC address pairs from a range. To compile it as a module, choose M here. If unsure, say N. config IP_SET_BITMAP_PORT tristate "bitmap:port set support" depends on IP_SET help This option adds the bitmap:port set type support, by which one can store TCP/UDP port numbers from a range. To compile it as a module, choose M here. If unsure, say N. config IP_SET_HASH_IP tristate "hash:ip set support" depends on IP_SET help This option adds the hash:ip set type support, by which one can store arbitrary IPv4 or IPv6 addresses (or network addresses) in a set. To compile it as a module, choose M here. If unsure, say N. config IP_SET_HASH_IPMARK tristate "hash:ip,mark set support" depends on IP_SET help This option adds the hash:ip,mark set type support, by which one can store IPv4/IPv6 address and mark pairs. To compile it as a module, choose M here. If unsure, say N. config IP_SET_HASH_IPPORT tristate "hash:ip,port set support" depends on IP_SET help This option adds the hash:ip,port set type support, by which one can store IPv4/IPv6 address and protocol/port pairs. To compile it as a module, choose M here. If unsure, say N. config IP_SET_HASH_IPPORTIP tristate "hash:ip,port,ip set support" depends on IP_SET help This option adds the hash:ip,port,ip set type support, by which one can store IPv4/IPv6 address, protocol/port, and IPv4/IPv6 address triples in a set. To compile it as a module, choose M here. If unsure, say N. config IP_SET_HASH_IPPORTNET tristate "hash:ip,port,net set support" depends on IP_SET help This option adds the hash:ip,port,net set type support, by which one can store IPv4/IPv6 address, protocol/port, and IPv4/IPv6 network address/prefix triples in a set. To compile it as a module, choose M here. If unsure, say N. config IP_SET_HASH_IPMAC tristate "hash:ip,mac set support" depends on IP_SET help This option adds the hash:ip,mac set type support, by which one can store IPv4/IPv6 address and MAC (ethernet address) pairs in a set. To compile it as a module, choose M here. If unsure, say N. config IP_SET_HASH_MAC tristate "hash:mac set support" depends on IP_SET help This option adds the hash:mac set type support, by which one can store MAC (ethernet address) elements in a set. To compile it as a module, choose M here. If unsure, say N. config IP_SET_HASH_NETPORTNET tristate "hash:net,port,net set support" depends on IP_SET help This option adds the hash:net,port,net set type support, by which one can store two IPv4/IPv6 subnets, and a protocol/port in a set. To compile it as a module, choose M here. If unsure, say N. config IP_SET_HASH_NET tristate "hash:net set support" depends on IP_SET help This option adds the hash:net set type support, by which one can store IPv4/IPv6 network address/prefix elements in a set. To compile it as a module, choose M here. If unsure, say N. config IP_SET_HASH_NETNET tristate "hash:net,net set support" depends on IP_SET help This option adds the hash:net,net set type support, by which one can store IPv4/IPv6 network address/prefix pairs in a set. To compile it as a module, choose M here. If unsure, say N. config IP_SET_HASH_NETPORT tristate "hash:net,port set support" depends on IP_SET help This option adds the hash:net,port set type support, by which one can store IPv4/IPv6 network address/prefix and protocol/port pairs as elements in a set. To compile it as a module, choose M here. If unsure, say N. config IP_SET_HASH_NETIFACE tristate "hash:net,iface set support" depends on IP_SET help This option adds the hash:net,iface set type support, by which one can store IPv4/IPv6 network address/prefix and interface name pairs as elements in a set. To compile it as a module, choose M here. If unsure, say N. config IP_SET_LIST_SET tristate "list:set set support" depends on IP_SET help This option adds the list:set set type support. In this kind of set one can store the name of other sets and it forms an ordered union of the member sets. To compile it as a module, choose M here. If unsure, say N. endif # IP_SET ��netfilter/ipset/Makefile��0000644��00000002142�14722053255�0011330 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for the ipset modules # ip_set-y := ip_set_core.o ip_set_getport.o pfxlen.o # ipset core obj-$(CONFIG_IP_SET) += ip_set.o # bitmap types obj-$(CONFIG_IP_SET_BITMAP_IP) += ip_set_bitmap_ip.o obj-$(CONFIG_IP_SET_BITMAP_IPMAC) += ip_set_bitmap_ipmac.o obj-$(CONFIG_IP_SET_BITMAP_PORT) += ip_set_bitmap_port.o # hash types obj-$(CONFIG_IP_SET_HASH_IP) += ip_set_hash_ip.o obj-$(CONFIG_IP_SET_HASH_IPMAC) += ip_set_hash_ipmac.o obj-$(CONFIG_IP_SET_HASH_IPMARK) += ip_set_hash_ipmark.o obj-$(CONFIG_IP_SET_HASH_IPPORT) += ip_set_hash_ipport.o obj-$(CONFIG_IP_SET_HASH_IPPORTIP) += ip_set_hash_ipportip.o obj-$(CONFIG_IP_SET_HASH_IPPORTNET) += ip_set_hash_ipportnet.o obj-$(CONFIG_IP_SET_HASH_MAC) += ip_set_hash_mac.o obj-$(CONFIG_IP_SET_HASH_NET) += ip_set_hash_net.o obj-$(CONFIG_IP_SET_HASH_NETPORT) += ip_set_hash_netport.o obj-$(CONFIG_IP_SET_HASH_NETIFACE) += ip_set_hash_netiface.o obj-$(CONFIG_IP_SET_HASH_NETNET) += ip_set_hash_netnet.o obj-$(CONFIG_IP_SET_HASH_NETPORTNET) += ip_set_hash_netportnet.o # list types obj-$(CONFIG_IP_SET_LIST_SET) += ip_set_list_set.o ��netfilter/ipvs/Kconfig��0000644��00000031545�14722053255�0011041 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # IP Virtual Server configuration # menuconfig IP_VS tristate "IP virtual server support" depends on NET && INET && NETFILTER depends on (NF_CONNTRACK \|\| NF_CONNTRACK=n) ---help--- IP Virtual Server support will let you build a high-performance virtual server based on cluster of two or more real servers. This option must be enabled for at least one of the clustered computers that will take care of intercepting incoming connections to a single IP address and scheduling them to real servers. Three request dispatching techniques are implemented, they are virtual server via NAT, virtual server via tunneling and virtual server via direct routing. The several scheduling algorithms can be used to choose which server the connection is directed to, thus load balancing can be achieved among the servers. For more information and its administration program, please visit the following URL: <http://www.linuxvirtualserver.org/>. If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N. if IP_VS config IP_VS_IPV6 bool "IPv6 support for IPVS" depends on IPV6 = y \|\| IP_VS = IPV6 select IP6_NF_IPTABLES select NF_DEFRAG_IPV6 ---help--- Add IPv6 support to IPVS. Say Y if unsure. config IP_VS_DEBUG bool "IP virtual server debugging" ---help--- Say Y here if you want to get additional messages useful in debugging the IP virtual server code. You can change the debug level in /proc/sys/net/ipv4/vs/debug_level config IP_VS_TAB_BITS int "IPVS connection table size (the Nth power of 2)" range 8 20 default 12 ---help--- The IPVS connection hash table uses the chaining scheme to handle hash collisions. Using a big IPVS connection hash table will greatly reduce conflicts when there are hundreds of thousands of connections in the hash table. Note the table size must be power of 2. The table size will be the value of 2 to the your input number power. The number to choose is from 8 to 20, the default number is 12, which means the table size is 4096. Don't input the number too small, otherwise you will lose performance on it. You can adapt the table size yourself, according to your virtual server application. It is good to set the table size not far less than the number of connections per second multiplying average lasting time of connection in the table. For example, your virtual server gets 200 connections per second, the connection lasts for 200 seconds in average in the connection table, the table size should be not far less than 200x200, it is good to set the table size 32768 (2*15). Another note that each connection occupies 128 bytes effectively and each hash entry uses 8 bytes, so you can estimate how much memory is needed for your box. You can overwrite this number setting conn_tab_bits module parameter or by appending ip_vs.conn_tab_bits=? to the kernel command line if IP VS was compiled built-in. comment "IPVS transport protocol load balancing support" config IP_VS_PROTO_TCP bool "TCP load balancing support" ---help--- This option enables support for load balancing TCP transport protocol. Say Y if unsure. config IP_VS_PROTO_UDP bool "UDP load balancing support" ---help--- This option enables support for load balancing UDP transport protocol. Say Y if unsure. config IP_VS_PROTO_AH_ESP def_bool IP_VS_PROTO_ESP \|\| IP_VS_PROTO_AH config IP_VS_PROTO_ESP bool "ESP load balancing support" ---help--- This option enables support for load balancing ESP (Encapsulation Security Payload) transport protocol. Say Y if unsure. config IP_VS_PROTO_AH bool "AH load balancing support" ---help--- This option enables support for load balancing AH (Authentication Header) transport protocol. Say Y if unsure. config IP_VS_PROTO_SCTP bool "SCTP load balancing support" select LIBCRC32C ---help--- This option enables support for load balancing SCTP transport protocol. Say Y if unsure. comment "IPVS scheduler" config IP_VS_RR tristate "round-robin scheduling" ---help--- The robin-robin scheduling algorithm simply directs network connections to different real servers in a round-robin manner. If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N. config IP_VS_WRR tristate "weighted round-robin scheduling" ---help--- The weighted robin-robin scheduling algorithm directs network connections to different real servers based on server weights in a round-robin manner. Servers with higher weights receive new connections first than those with less weights, and servers with higher weights get more connections than those with less weights and servers with equal weights get equal connections. If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N. config IP_VS_LC tristate "least-connection scheduling" ---help--- The least-connection scheduling algorithm directs network connections to the server with the least number of active connections. If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N. config IP_VS_WLC tristate "weighted least-connection scheduling" ---help--- The weighted least-connection scheduling algorithm directs network connections to the server with the least active connections normalized by the server weight. If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N. config IP_VS_FO tristate "weighted failover scheduling" ---help--- The weighted failover scheduling algorithm directs network connections to the server with the highest weight that is currently available. If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N. config IP_VS_OVF tristate "weighted overflow scheduling" ---help--- The weighted overflow scheduling algorithm directs network connections to the server with the highest weight that is currently available and overflows to the next when active connections exceed the node's weight. If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N. config IP_VS_LBLC tristate "locality-based least-connection scheduling" ---help--- The locality-based least-connection scheduling algorithm is for destination IP load balancing. It is usually used in cache cluster. This algorithm usually directs packet destined for an IP address to its server if the server is alive and under load. If the server is overloaded (its active connection numbers is larger than its weight) and there is a server in its half load, then allocate the weighted least-connection server to this IP address. If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N. config IP_VS_LBLCR tristate "locality-based least-connection with replication scheduling" ---help--- The locality-based least-connection with replication scheduling algorithm is also for destination IP load balancing. It is usually used in cache cluster. It differs from the LBLC scheduling as follows: the load balancer maintains mappings from a target to a set of server nodes that can serve the target. Requests for a target are assigned to the least-connection node in the target's server set. If all the node in the server set are over loaded, it picks up a least-connection node in the cluster and adds it in the sever set for the target. If the server set has not been modified for the specified time, the most loaded node is removed from the server set, in order to avoid high degree of replication. If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N. config IP_VS_DH tristate "destination hashing scheduling" ---help--- The destination hashing scheduling algorithm assigns network connections to the servers through looking up a statically assigned hash table by their destination IP addresses. If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N. config IP_VS_SH tristate "source hashing scheduling" ---help--- The source hashing scheduling algorithm assigns network connections to the servers through looking up a statically assigned hash table by their source IP addresses. If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N. config IP_VS_MH tristate "maglev hashing scheduling" ---help--- The maglev consistent hashing scheduling algorithm provides the Google's Maglev hashing algorithm as a IPVS scheduler. It assigns network connections to the servers through looking up a statically assigned special hash table called the lookup table. Maglev hashing is to assign a preference list of all the lookup table positions to each destination. Through this operation, The maglev hashing gives an almost equal share of the lookup table to each of the destinations and provides minimal disruption by using the lookup table. When the set of destinations changes, a connection will likely be sent to the same destination as it was before. If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N. config IP_VS_SED tristate "shortest expected delay scheduling" ---help--- The shortest expected delay scheduling algorithm assigns network connections to the server with the shortest expected delay. The expected delay that the job will experience is (Ci + 1) / Ui if sent to the ith server, in which Ci is the number of connections on the ith server and Ui is the fixed service rate (weight) of the ith server. If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N. config IP_VS_NQ tristate "never queue scheduling" ---help--- The never queue scheduling algorithm adopts a two-speed model. When there is an idle server available, the job will be sent to the idle server, instead of waiting for a fast one. When there is no idle server available, the job will be sent to the server that minimize its expected delay (The Shortest Expected Delay scheduling algorithm). If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N. comment 'IPVS SH scheduler' config IP_VS_SH_TAB_BITS int "IPVS source hashing table size (the Nth power of 2)" range 4 20 default 8 ---help--- The source hashing scheduler maps source IPs to destinations stored in a hash table. This table is tiled by each destination until all slots in the table are filled. When using weights to allow destinations to receive more connections, the table is tiled an amount proportional to the weights specified. The table needs to be large enough to effectively fit all the destinations multiplied by their respective weights. comment 'IPVS MH scheduler' config IP_VS_MH_TAB_INDEX int "IPVS maglev hashing table index of size (the prime numbers)" range 8 17 default 12 ---help--- The maglev hashing scheduler maps source IPs to destinations stored in a hash table. This table is assigned by a preference list of the positions to each destination until all slots in the table are filled. The index determines the prime for size of the table as 251, 509, 1021, 2039, 4093, 8191, 16381, 32749, 65521 or 131071. When using weights to allow destinations to receive more connections, the table is assigned an amount proportional to the weights specified. The table needs to be large enough to effectively fit all the destinations multiplied by their respective weights. comment 'IPVS application helper' config IP_VS_FTP tristate "FTP protocol helper" depends on IP_VS_PROTO_TCP && NF_CONNTRACK && NF_NAT && \ NF_CONNTRACK_FTP select IP_VS_NFCT ---help--- FTP is a protocol that transfers IP address and/or port number in the payload. In the virtual server via Network Address Translation, the IP address and port number of real servers cannot be sent to clients in ftp connections directly, so FTP protocol helper is required for tracking the connection and mangling it back to that of virtual service. If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N. config IP_VS_NFCT bool "Netfilter connection tracking" depends on NF_CONNTRACK ---help--- The Netfilter connection tracking support allows the IPVS connection state to be exported to the Netfilter framework for filtering purposes. config IP_VS_PE_SIP tristate "SIP persistence engine" depends on IP_VS_PROTO_UDP depends on NF_CONNTRACK_SIP ---help--- Allow persistence based on the SIP Call-ID endif # IP_VS ��netfilter/ipvs/Makefile��0000644��00000002624�14722053255�0011172 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for the IPVS modules on top of IPv4. # # IPVS transport protocol load balancing support ip_vs_proto-objs-y := ip_vs_proto-objs-$(CONFIG_IP_VS_PROTO_TCP) += ip_vs_proto_tcp.o ip_vs_proto-objs-$(CONFIG_IP_VS_PROTO_UDP) += ip_vs_proto_udp.o ip_vs_proto-objs-$(CONFIG_IP_VS_PROTO_AH_ESP) += ip_vs_proto_ah_esp.o ip_vs_proto-objs-$(CONFIG_IP_VS_PROTO_SCTP) += ip_vs_proto_sctp.o ip_vs-extra_objs-y := ip_vs-extra_objs-$(CONFIG_IP_VS_NFCT) += ip_vs_nfct.o ip_vs-objs := ip_vs_conn.o ip_vs_core.o ip_vs_ctl.o ip_vs_sched.o \ ip_vs_xmit.o ip_vs_app.o ip_vs_sync.o \ ip_vs_est.o ip_vs_proto.o ip_vs_pe.o \ $(ip_vs_proto-objs-y) $(ip_vs-extra_objs-y) # IPVS core obj-$(CONFIG_IP_VS) += ip_vs.o # IPVS schedulers obj-$(CONFIG_IP_VS_RR) += ip_vs_rr.o obj-$(CONFIG_IP_VS_WRR) += ip_vs_wrr.o obj-$(CONFIG_IP_VS_LC) += ip_vs_lc.o obj-$(CONFIG_IP_VS_WLC) += ip_vs_wlc.o obj-$(CONFIG_IP_VS_FO) += ip_vs_fo.o obj-$(CONFIG_IP_VS_OVF) += ip_vs_ovf.o obj-$(CONFIG_IP_VS_LBLC) += ip_vs_lblc.o obj-$(CONFIG_IP_VS_LBLCR) += ip_vs_lblcr.o obj-$(CONFIG_IP_VS_DH) += ip_vs_dh.o obj-$(CONFIG_IP_VS_SH) += ip_vs_sh.o obj-$(CONFIG_IP_VS_MH) += ip_vs_mh.o obj-$(CONFIG_IP_VS_SED) += ip_vs_sed.o obj-$(CONFIG_IP_VS_NQ) += ip_vs_nq.o # IPVS application helpers obj-$(CONFIG_IP_VS_FTP) += ip_vs_ftp.o # IPVS connection template retrievers obj-$(CONFIG_IP_VS_PE_SIP) += ip_vs_pe_sip.o ��netfilter/Makefile��0000644��00000021622�14722053255�0010210 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 netfilter-objs := core.o nf_log.o nf_queue.o nf_sockopt.o utils.o nf_conntrack-y := nf_conntrack_core.o nf_conntrack_standalone.o nf_conntrack_expect.o nf_conntrack_helper.o \ nf_conntrack_proto.o nf_conntrack_proto_generic.o nf_conntrack_proto_tcp.o nf_conntrack_proto_udp.o \ nf_conntrack_proto_icmp.o \ nf_conntrack_extend.o nf_conntrack_acct.o nf_conntrack_seqadj.o nf_conntrack-$(subst m,y,$(CONFIG_IPV6)) += nf_conntrack_proto_icmpv6.o nf_conntrack-$(CONFIG_NF_CONNTRACK_TIMEOUT) += nf_conntrack_timeout.o nf_conntrack-$(CONFIG_NF_CONNTRACK_TIMESTAMP) += nf_conntrack_timestamp.o nf_conntrack-$(CONFIG_NF_CONNTRACK_EVENTS) += nf_conntrack_ecache.o nf_conntrack-$(CONFIG_NF_CONNTRACK_LABELS) += nf_conntrack_labels.o nf_conntrack-$(CONFIG_NF_CT_PROTO_DCCP) += nf_conntrack_proto_dccp.o nf_conntrack-$(CONFIG_NF_CT_PROTO_SCTP) += nf_conntrack_proto_sctp.o nf_conntrack-$(CONFIG_NF_CT_PROTO_GRE) += nf_conntrack_proto_gre.o obj-$(CONFIG_NETFILTER) = netfilter.o obj-$(CONFIG_NETFILTER_NETLINK) += nfnetlink.o obj-$(CONFIG_NETFILTER_NETLINK_ACCT) += nfnetlink_acct.o obj-$(CONFIG_NETFILTER_NETLINK_QUEUE) += nfnetlink_queue.o obj-$(CONFIG_NETFILTER_NETLINK_LOG) += nfnetlink_log.o obj-$(CONFIG_NETFILTER_NETLINK_OSF) += nfnetlink_osf.o # connection tracking obj-$(CONFIG_NF_CONNTRACK) += nf_conntrack.o # netlink interface for nf_conntrack obj-$(CONFIG_NF_CT_NETLINK) += nf_conntrack_netlink.o obj-$(CONFIG_NF_CT_NETLINK_TIMEOUT) += nfnetlink_cttimeout.o obj-$(CONFIG_NF_CT_NETLINK_HELPER) += nfnetlink_cthelper.o # connection tracking helpers nf_conntrack_h323-objs := nf_conntrack_h323_main.o nf_conntrack_h323_asn1.o obj-$(CONFIG_NF_CONNTRACK_AMANDA) += nf_conntrack_amanda.o obj-$(CONFIG_NF_CONNTRACK_FTP) += nf_conntrack_ftp.o obj-$(CONFIG_NF_CONNTRACK_H323) += nf_conntrack_h323.o obj-$(CONFIG_NF_CONNTRACK_IRC) += nf_conntrack_irc.o obj-$(CONFIG_NF_CONNTRACK_BROADCAST) += nf_conntrack_broadcast.o obj-$(CONFIG_NF_CONNTRACK_NETBIOS_NS) += nf_conntrack_netbios_ns.o obj-$(CONFIG_NF_CONNTRACK_SNMP) += nf_conntrack_snmp.o obj-$(CONFIG_NF_CONNTRACK_PPTP) += nf_conntrack_pptp.o obj-$(CONFIG_NF_CONNTRACK_SANE) += nf_conntrack_sane.o obj-$(CONFIG_NF_CONNTRACK_SIP) += nf_conntrack_sip.o obj-$(CONFIG_NF_CONNTRACK_TFTP) += nf_conntrack_tftp.o nf_nat-y := nf_nat_core.o nf_nat_proto.o nf_nat_helper.o # generic transport layer logging obj-$(CONFIG_NF_LOG_COMMON) += nf_log_common.o # packet logging for netdev family obj-$(CONFIG_NF_LOG_NETDEV) += nf_log_netdev.o obj-$(CONFIG_NF_NAT) += nf_nat.o nf_nat-$(CONFIG_NF_NAT_REDIRECT) += nf_nat_redirect.o nf_nat-$(CONFIG_NF_NAT_MASQUERADE) += nf_nat_masquerade.o # NAT helpers obj-$(CONFIG_NF_NAT_AMANDA) += nf_nat_amanda.o obj-$(CONFIG_NF_NAT_FTP) += nf_nat_ftp.o obj-$(CONFIG_NF_NAT_IRC) += nf_nat_irc.o obj-$(CONFIG_NF_NAT_SIP) += nf_nat_sip.o obj-$(CONFIG_NF_NAT_TFTP) += nf_nat_tftp.o # SYNPROXY obj-$(CONFIG_NETFILTER_SYNPROXY) += nf_synproxy_core.o obj-$(CONFIG_NETFILTER_CONNCOUNT) += nf_conncount.o # generic packet duplication from netdev family obj-$(CONFIG_NF_DUP_NETDEV) += nf_dup_netdev.o # nf_tables nf_tables-objs := nf_tables_core.o nf_tables_api.o nft_chain_filter.o \ nf_tables_trace.o nft_immediate.o nft_cmp.o nft_range.o \ nft_bitwise.o nft_byteorder.o nft_payload.o nft_lookup.o \ nft_dynset.o nft_meta.o nft_rt.o nft_exthdr.o \ nft_chain_route.o nf_tables_offload.o nf_tables_set-objs := nf_tables_set_core.o \ nft_set_hash.o nft_set_bitmap.o nft_set_rbtree.o obj-$(CONFIG_NF_TABLES) += nf_tables.o obj-$(CONFIG_NF_TABLES_SET) += nf_tables_set.o obj-$(CONFIG_NFT_COMPAT) += nft_compat.o obj-$(CONFIG_NFT_CONNLIMIT) += nft_connlimit.o obj-$(CONFIG_NFT_NUMGEN) += nft_numgen.o obj-$(CONFIG_NFT_CT) += nft_ct.o obj-$(CONFIG_NFT_FLOW_OFFLOAD) += nft_flow_offload.o obj-$(CONFIG_NFT_LIMIT) += nft_limit.o obj-$(CONFIG_NFT_NAT) += nft_nat.o obj-$(CONFIG_NFT_OBJREF) += nft_objref.o obj-$(CONFIG_NFT_QUEUE) += nft_queue.o obj-$(CONFIG_NFT_QUOTA) += nft_quota.o obj-$(CONFIG_NFT_REJECT) += nft_reject.o obj-$(CONFIG_NFT_REJECT_INET) += nft_reject_inet.o obj-$(CONFIG_NFT_TUNNEL) += nft_tunnel.o obj-$(CONFIG_NFT_COUNTER) += nft_counter.o obj-$(CONFIG_NFT_LOG) += nft_log.o obj-$(CONFIG_NFT_MASQ) += nft_masq.o obj-$(CONFIG_NFT_REDIR) += nft_redir.o obj-$(CONFIG_NFT_HASH) += nft_hash.o obj-$(CONFIG_NFT_FIB) += nft_fib.o obj-$(CONFIG_NFT_FIB_INET) += nft_fib_inet.o obj-$(CONFIG_NFT_FIB_NETDEV) += nft_fib_netdev.o obj-$(CONFIG_NFT_SOCKET) += nft_socket.o obj-$(CONFIG_NFT_OSF) += nft_osf.o obj-$(CONFIG_NFT_TPROXY) += nft_tproxy.o obj-$(CONFIG_NFT_XFRM) += nft_xfrm.o obj-$(CONFIG_NFT_SYNPROXY) += nft_synproxy.o obj-$(CONFIG_NFT_NAT) += nft_chain_nat.o # nf_tables netdev obj-$(CONFIG_NFT_DUP_NETDEV) += nft_dup_netdev.o obj-$(CONFIG_NFT_FWD_NETDEV) += nft_fwd_netdev.o # flow table infrastructure obj-$(CONFIG_NF_FLOW_TABLE) += nf_flow_table.o nf_flow_table-objs := nf_flow_table_core.o nf_flow_table_ip.o obj-$(CONFIG_NF_FLOW_TABLE_INET) += nf_flow_table_inet.o # generic X tables obj-$(CONFIG_NETFILTER_XTABLES) += x_tables.o xt_tcpudp.o # combos obj-$(CONFIG_NETFILTER_XT_MARK) += xt_mark.o obj-$(CONFIG_NETFILTER_XT_CONNMARK) += xt_connmark.o obj-$(CONFIG_NETFILTER_XT_SET) += xt_set.o obj-$(CONFIG_NETFILTER_XT_NAT) += xt_nat.o # targets obj-$(CONFIG_NETFILTER_XT_TARGET_AUDIT) += xt_AUDIT.o obj-$(CONFIG_NETFILTER_XT_TARGET_CHECKSUM) += xt_CHECKSUM.o obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIFY) += xt_CLASSIFY.o obj-$(CONFIG_NETFILTER_XT_TARGET_CONNSECMARK) += xt_CONNSECMARK.o obj-$(CONFIG_NETFILTER_XT_TARGET_CT) += xt_CT.o obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o obj-$(CONFIG_NETFILTER_XT_TARGET_HL) += xt_HL.o obj-$(CONFIG_NETFILTER_XT_TARGET_HMARK) += xt_HMARK.o obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o obj-$(CONFIG_NETFILTER_XT_TARGET_LOG) += xt_LOG.o obj-$(CONFIG_NETFILTER_XT_TARGET_NETMAP) += xt_NETMAP.o obj-$(CONFIG_NETFILTER_XT_TARGET_NFLOG) += xt_NFLOG.o obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE) += xt_NFQUEUE.o obj-$(CONFIG_NETFILTER_XT_TARGET_RATEEST) += xt_RATEEST.o obj-$(CONFIG_NETFILTER_XT_TARGET_REDIRECT) += xt_REDIRECT.o obj-$(CONFIG_NETFILTER_XT_TARGET_MASQUERADE) += xt_MASQUERADE.o obj-$(CONFIG_NETFILTER_XT_TARGET_SECMARK) += xt_SECMARK.o obj-$(CONFIG_NETFILTER_XT_TARGET_TPROXY) += xt_TPROXY.o obj-$(CONFIG_NETFILTER_XT_TARGET_TCPMSS) += xt_TCPMSS.o obj-$(CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP) += xt_TCPOPTSTRIP.o obj-$(CONFIG_NETFILTER_XT_TARGET_TEE) += xt_TEE.o obj-$(CONFIG_NETFILTER_XT_TARGET_TRACE) += xt_TRACE.o obj-$(CONFIG_NETFILTER_XT_TARGET_IDLETIMER) += xt_IDLETIMER.o # matches obj-$(CONFIG_NETFILTER_XT_MATCH_ADDRTYPE) += xt_addrtype.o obj-$(CONFIG_NETFILTER_XT_MATCH_BPF) += xt_bpf.o obj-$(CONFIG_NETFILTER_XT_MATCH_CLUSTER) += xt_cluster.o obj-$(CONFIG_NETFILTER_XT_MATCH_COMMENT) += xt_comment.o obj-$(CONFIG_NETFILTER_XT_MATCH_CONNBYTES) += xt_connbytes.o obj-$(CONFIG_NETFILTER_XT_MATCH_CONNLABEL) += xt_connlabel.o obj-$(CONFIG_NETFILTER_XT_MATCH_CONNLIMIT) += xt_connlimit.o obj-$(CONFIG_NETFILTER_XT_MATCH_CONNTRACK) += xt_conntrack.o obj-$(CONFIG_NETFILTER_XT_MATCH_CPU) += xt_cpu.o obj-$(CONFIG_NETFILTER_XT_MATCH_DCCP) += xt_dccp.o obj-$(CONFIG_NETFILTER_XT_MATCH_DEVGROUP) += xt_devgroup.o obj-$(CONFIG_NETFILTER_XT_MATCH_DSCP) += xt_dscp.o obj-$(CONFIG_NETFILTER_XT_MATCH_ECN) += xt_ecn.o obj-$(CONFIG_NETFILTER_XT_MATCH_ESP) += xt_esp.o obj-$(CONFIG_NETFILTER_XT_MATCH_HASHLIMIT) += xt_hashlimit.o obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o obj-$(CONFIG_NETFILTER_XT_MATCH_HL) += xt_hl.o obj-$(CONFIG_NETFILTER_XT_MATCH_IPCOMP) += xt_ipcomp.o obj-$(CONFIG_NETFILTER_XT_MATCH_IPRANGE) += xt_iprange.o obj-$(CONFIG_NETFILTER_XT_MATCH_IPVS) += xt_ipvs.o obj-$(CONFIG_NETFILTER_XT_MATCH_L2TP) += xt_l2tp.o obj-$(CONFIG_NETFILTER_XT_MATCH_LENGTH) += xt_length.o obj-$(CONFIG_NETFILTER_XT_MATCH_LIMIT) += xt_limit.o obj-$(CONFIG_NETFILTER_XT_MATCH_MAC) += xt_mac.o obj-$(CONFIG_NETFILTER_XT_MATCH_MULTIPORT) += xt_multiport.o obj-$(CONFIG_NETFILTER_XT_MATCH_NFACCT) += xt_nfacct.o obj-$(CONFIG_NETFILTER_XT_MATCH_OSF) += xt_osf.o obj-$(CONFIG_NETFILTER_XT_MATCH_OWNER) += xt_owner.o obj-$(CONFIG_NETFILTER_XT_MATCH_CGROUP) += xt_cgroup.o obj-$(CONFIG_NETFILTER_XT_MATCH_PHYSDEV) += xt_physdev.o obj-$(CONFIG_NETFILTER_XT_MATCH_PKTTYPE) += xt_pkttype.o obj-$(CONFIG_NETFILTER_XT_MATCH_POLICY) += xt_policy.o obj-$(CONFIG_NETFILTER_XT_MATCH_QUOTA) += xt_quota.o obj-$(CONFIG_NETFILTER_XT_MATCH_RATEEST) += xt_rateest.o obj-$(CONFIG_NETFILTER_XT_MATCH_REALM) += xt_realm.o obj-$(CONFIG_NETFILTER_XT_MATCH_RECENT) += xt_recent.o obj-$(CONFIG_NETFILTER_XT_MATCH_SCTP) += xt_sctp.o obj-$(CONFIG_NETFILTER_XT_MATCH_SOCKET) += xt_socket.o obj-$(CONFIG_NETFILTER_XT_MATCH_STATE) += xt_state.o obj-$(CONFIG_NETFILTER_XT_MATCH_STATISTIC) += xt_statistic.o obj-$(CONFIG_NETFILTER_XT_MATCH_STRING) += xt_string.o obj-$(CONFIG_NETFILTER_XT_MATCH_TCPMSS) += xt_tcpmss.o obj-$(CONFIG_NETFILTER_XT_MATCH_TIME) += xt_time.o obj-$(CONFIG_NETFILTER_XT_MATCH_U32) += xt_u32.o # ipset obj-$(CONFIG_IP_SET) += ipset/ # IPVS obj-$(CONFIG_IP_VS) += ipvs/ ��appletalk/Makefile��0000644��00000000374�14722053255�0010172 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Makefile for the Linux AppleTalk layer. # obj-$(CONFIG_ATALK) += appletalk.o appletalk-y := aarp.o ddp.o dev.o appletalk-$(CONFIG_PROC_FS) += atalk_proc.o appletalk-$(CONFIG_SYSCTL) += sysctl_net_atalk.o ��llc/Kconfig��0000644��00000000437�14722053255�0006632 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only config LLC tristate depends on NET config LLC2 tristate "ANSI/IEEE 802.2 LLC type 2 Support" select LLC help This is a Logical Link Layer type 2, connection oriented support. Select this if you want to have support for PF_LLC sockets. ��llc/Makefile��0000644��00000001737�14722053255�0006773 0��ustar�00��########################################################################### # Makefile for the Linux 802.2 LLC (fully-functional) layer. # # Copyright (c) 1997 by Procom Technology,Inc. # 2001-2003 by Arnaldo Carvalho de Melo <acme@conectiva.com.br> # # This program can be redistributed or modified under the terms of the # GNU General Public License as published by the Free Software Foundation. # This program is distributed without any warranty or implied warranty # of merchantability or fitness for a particular purpose. # # See the GNU General Public License for more details. ########################################################################### obj-$(CONFIG_LLC) += llc.o llc-y := llc_core.o llc_input.o llc_output.o obj-$(CONFIG_LLC2) += llc2.o llc2-y := llc_if.o llc_c_ev.o llc_c_ac.o llc_conn.o llc_c_st.o llc_pdu.o \ llc_sap.o llc_s_ac.o llc_s_ev.o llc_s_st.o af_llc.o llc_station.o llc2-$(CONFIG_PROC_FS) += llc_proc.o llc2-$(CONFIG_SYSCTL) += sysctl_net_llc.o ��l2tp/Kconfig��0000644��00000007215�14722053255�0006742 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Layer Two Tunneling Protocol (L2TP) # menuconfig L2TP tristate "Layer Two Tunneling Protocol (L2TP)" depends on (IPV6 \|\| IPV6=n) depends on INET select NET_UDP_TUNNEL ---help--- Layer Two Tunneling Protocol From RFC 2661 <http://www.ietf.org/rfc/rfc2661.txt>. L2TP facilitates the tunneling of packets across an intervening network in a way that is as transparent as possible to both end-users and applications. L2TP is often used to tunnel PPP traffic over IP tunnels. One IP tunnel may carry thousands of individual PPP connections. L2TP is also used as a VPN protocol, popular with home workers to connect to their offices. L2TPv3 allows other protocols as well as PPP to be carried over L2TP tunnels. L2TPv3 is defined in RFC 3931 <http://www.ietf.org/rfc/rfc3931.txt>. The kernel component handles only L2TP data packets: a userland daemon handles L2TP the control protocol (tunnel and session setup). One such daemon is OpenL2TP (http://openl2tp.org/). If you don't need L2TP, say N. To compile all L2TP code as modules, choose M here. config L2TP_DEBUGFS tristate "L2TP debugfs support" depends on L2TP && DEBUG_FS help Support for l2tp directory in debugfs filesystem. This may be used to dump internal state of the l2tp drivers for problem analysis. If unsure, say 'Y'. To compile this driver as a module, choose M here. The module will be called l2tp_debugfs. config L2TP_V3 bool "L2TPv3 support" depends on L2TP help Layer Two Tunneling Protocol Version 3 From RFC 3931 <http://www.ietf.org/rfc/rfc3931.txt>. The Layer Two Tunneling Protocol (L2TP) provides a dynamic mechanism for tunneling Layer 2 (L2) "circuits" across a packet-oriented data network (e.g., over IP). L2TP, as originally defined in RFC 2661, is a standard method for tunneling Point-to-Point Protocol (PPP) [RFC1661] sessions. L2TP has since been adopted for tunneling a number of other L2 protocols, including ATM, Frame Relay, HDLC and even raw ethernet frames. If you are connecting to L2TPv3 equipment, or you want to tunnel raw ethernet frames using L2TP, say Y here. If unsure, say N. config L2TP_IP tristate "L2TP IP encapsulation for L2TPv3" depends on L2TP_V3 help Support for L2TP-over-IP socket family. The L2TPv3 protocol defines two possible encapsulations for L2TP frames, namely UDP and plain IP (without UDP). This driver provides a new L2TPIP socket family with which userspace L2TPv3 daemons may create L2TP/IP tunnel sockets when UDP encapsulation is not required. When L2TP is carried in IP packets, it used IP protocol number 115, so this port must be enabled in firewalls. To compile this driver as a module, choose M here. The module will be called l2tp_ip. config L2TP_ETH tristate "L2TP ethernet pseudowire support for L2TPv3" depends on L2TP_V3 help Support for carrying raw ethernet frames over L2TPv3. From RFC 4719 <http://www.ietf.org/rfc/rfc4719.txt>. The Layer 2 Tunneling Protocol, Version 3 (L2TPv3) can be used as a control protocol and for data encapsulation to set up Pseudowires for transporting layer 2 Packet Data Units across an IP network [RFC3931]. This driver provides an ethernet virtual interface for each L2TP ethernet pseudowire instance. Standard Linux tools may be used to assign an IP address to the local virtual interface, or add the interface to a bridge. If you are using L2TPv3, you will almost certainly want to enable this option. To compile this driver as a module, choose M here. The module will be called l2tp_eth. ��l2tp/Makefile��0000644��00000001051�14722053255�0007067 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 # # Makefile for the L2TP. # obj-$(CONFIG_L2TP) += l2tp_core.o # Build l2tp as modules if L2TP is M obj-$(subst y,$(CONFIG_L2TP),$(CONFIG_PPPOL2TP)) += l2tp_ppp.o obj-$(subst y,$(CONFIG_L2TP),$(CONFIG_L2TP_IP)) += l2tp_ip.o obj-$(subst y,$(CONFIG_L2TP),$(CONFIG_L2TP_V3)) += l2tp_netlink.o obj-$(subst y,$(CONFIG_L2TP),$(CONFIG_L2TP_ETH)) += l2tp_eth.o obj-$(subst y,$(CONFIG_L2TP),$(CONFIG_L2TP_DEBUGFS)) += l2tp_debugfs.o ifneq ($(CONFIG_IPV6),) obj-$(subst y,$(CONFIG_L2TP),$(CONFIG_L2TP_IP)) += l2tp_ip6.o endif ��caif/Kconfig��0000644��00000003074�14722053255�0006762 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # CAIF net configurations # menuconfig CAIF tristate "CAIF support" select CRC_CCITT default n ---help--- The "Communication CPU to Application CPU Interface" (CAIF) is a packet based connection-oriented MUX protocol developed by ST-Ericsson for use with its modems. It is accessed from user space as sockets (PF_CAIF). Say Y (or M) here if you build for a phone product (e.g. Android or MeeGo ) that uses CAIF as transport, if unsure say N. If you select to build it as module then CAIF_NETDEV also needs to be built as modules. You will also need to say yes to any CAIF physical devices that your platform requires. See Documentation/networking/caif for a further explanation on how to use and configure CAIF. config CAIF_DEBUG bool "Enable Debug" depends on CAIF default n ---help--- Enable the inclusion of debug code in the CAIF stack. Be aware that doing this will impact performance. If unsure say N. config CAIF_NETDEV tristate "CAIF GPRS Network device" depends on CAIF default CAIF ---help--- Say Y if you will be using a CAIF based GPRS network device. This can be either built-in or a loadable module, If you select to build it as a built-in then the main CAIF device must also be a built-in. If unsure say Y. config CAIF_USB tristate "CAIF USB support" depends on CAIF default n ---help--- Say Y if you are using CAIF over USB CDC NCM. This can be either built-in or a loadable module, If you select to build it as a built-in then the main CAIF device must also be a built-in. If unsure say N. ��caif/Makefile��0000644��00000000631�14722053255�0007113 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 ccflags-$(CONFIG_CAIF_DEBUG) := -DDEBUG caif-y := caif_dev.o \ cfcnfg.o cfmuxl.o cfctrl.o \ cffrml.o cfveil.o cfdbgl.o\ cfserl.o cfdgml.o \ cfrfml.o cfvidl.o cfutill.o \ cfsrvl.o cfpkt_skbuff.o obj-$(CONFIG_CAIF) += caif.o obj-$(CONFIG_CAIF_NETDEV) += chnl_net.o obj-$(CONFIG_CAIF) += caif_socket.o obj-$(CONFIG_CAIF_USB) += caif_usb.o export-y := caif.o ��ife/Kconfig��0000644��00000000763�14722053255�0006625 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # IFE subsystem configuration # menuconfig NET_IFE depends on NET tristate "Inter-FE based on IETF ForCES InterFE LFB" default n help Say Y here to add support of IFE encapsulation protocol For details refer to netdev01 paper: "Distributing Linux Traffic Control Classifier-Action Subsystem" Authors: Jamal Hadi Salim and Damascene M. Joachimpillai To compile this support as a module, choose M here: the module will be called ife. ��ife/Makefile��0000644��00000000172�14722053255�0006754 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only # # Makefile for the IFE encapsulation protocol # obj-$(CONFIG_NET_IFE) += ife.o ��dccp/Kconfig��0000644��00000002162�14722053255�0006766 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only menuconfig IP_DCCP tristate "The DCCP Protocol" depends on INET ---help--- Datagram Congestion Control Protocol (RFC 4340) From http://www.ietf.org/rfc/rfc4340.txt: The Datagram Congestion Control Protocol (DCCP) is a transport protocol that implements bidirectional, unicast connections of congestion-controlled, unreliable datagrams. It should be suitable for use by applications such as streaming media, Internet telephony, and on-line games. To compile this protocol support as a module, choose M here: the module will be called dccp. If in doubt, say N. if IP_DCCP config INET_DCCP_DIAG depends on INET_DIAG def_tristate y if (IP_DCCP = y && INET_DIAG = y) def_tristate m source "net/dccp/ccids/Kconfig" menu "DCCP Kernel Hacking" depends on DEBUG_KERNEL=y config IP_DCCP_DEBUG bool "DCCP debug messages" ---help--- Only use this if you're hacking DCCP. When compiling DCCP as a module, this debugging output can be toggled by setting the parameter dccp_debug of the `dccp' module to 0 or 1. Just say N. endmenu endif # IP_DDCP ��dccp/ccids/Kconfig��0000644��00000003266�14722053255�0010061 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only menu "DCCP CCIDs Configuration" config IP_DCCP_CCID2_DEBUG bool "CCID-2 debugging messages" ---help--- Enable CCID-2 specific debugging messages. The debugging output can additionally be toggled by setting the ccid2_debug parameter to 0 or 1. If in doubt, say N. config IP_DCCP_CCID3 bool "CCID-3 (TCP-Friendly)" def_bool y if (IP_DCCP = y \|\| IP_DCCP = m) ---help--- CCID-3 denotes TCP-Friendly Rate Control (TFRC), an equation-based rate-controlled congestion control mechanism. TFRC is designed to be reasonably fair when competing for bandwidth with TCP-like flows, where a flow is "reasonably fair" if its sending rate is generally within a factor of two of the sending rate of a TCP flow under the same conditions. However, TFRC has a much lower variation of throughput over time compared with TCP, which makes CCID-3 more suitable than CCID-2 for applications such streaming media where a relatively smooth sending rate is of importance. CCID-3 is further described in RFC 4342, http://www.ietf.org/rfc/rfc4342.txt The TFRC congestion control algorithms were initially described in RFC 5348. This text was extracted from RFC 4340 (sec. 10.2), http://www.ietf.org/rfc/rfc4340.txt If in doubt, say N. config IP_DCCP_CCID3_DEBUG bool "CCID-3 debugging messages" depends on IP_DCCP_CCID3 ---help--- Enable CCID-3 specific debugging messages. The debugging output can additionally be toggled by setting the ccid3_debug parameter to 0 or 1. If in doubt, say N. config IP_DCCP_TFRC_LIB def_bool y if IP_DCCP_CCID3 config IP_DCCP_TFRC_DEBUG def_bool y if IP_DCCP_CCID3_DEBUG endmenu ��dccp/Makefile��0000644��00000001556�14722053255�0007131 0��ustar�00��# SPDX-License-Identifier: GPL-2.0 obj-$(CONFIG_IP_DCCP) += dccp.o dccp_ipv4.o dccp-y := ccid.o feat.o input.o minisocks.o options.o output.o proto.o timer.o \ qpolicy.o # # CCID algorithms to be used by dccp.ko # # CCID-2 is default (RFC 4340, p. 77) and has Ack Vectors as dependency dccp-y += ccids/ccid2.o ackvec.o dccp-$(CONFIG_IP_DCCP_CCID3) += ccids/ccid3.o dccp-$(CONFIG_IP_DCCP_TFRC_LIB) += ccids/lib/tfrc.o \ ccids/lib/tfrc_equation.o \ ccids/lib/packet_history.o \ ccids/lib/loss_interval.o dccp_ipv4-y := ipv4.o # build dccp_ipv6 as module whenever either IPv6 or DCCP is a module obj-$(subst y,$(CONFIG_IP_DCCP),$(CONFIG_IPV6)) += dccp_ipv6.o dccp_ipv6-y := ipv6.o obj-$(CONFIG_INET_DCCP_DIAG) += dccp_diag.o dccp-$(CONFIG_SYSCTL) += sysctl.o dccp_diag-y := diag.o # build with local directory for trace.h CFLAGS_proto.o := -I$(src) ��smc/Kconfig��0000644��00000001216�14722053255�0006636 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only config SMC tristate "SMC socket protocol family" depends on INET && INFINIBAND ---help--- SMC-R provides a "sockets over RDMA" solution making use of RDMA over Converged Ethernet (RoCE) technology to upgrade AF_INET TCP connections transparently. The Linux implementation of the SMC-R solution is designed as a separate socket family SMC. Select this option if you want to run SMC socket applications config SMC_DIAG tristate "SMC: socket monitoring interface" depends on SMC ---help--- Support for SMC socket monitoring interface used by tools such as smcss. if unsure, say Y. ��smc/Makefile��0000644��00000000361�14722053255�0006773 0��ustar�00��# SPDX-License-Identifier: GPL-2.0-only obj-$(CONFIG_SMC) += smc.o obj-$(CONFIG_SMC_DIAG) += smc_diag.o smc-y := af_smc.o smc_pnet.o smc_ib.o smc_clc.o smc_core.o smc_wr.o smc_llc.o smc-y += smc_cdc.o smc_tx.o smc_rx.o smc_close.o smc_ism.o ��

| ver. 1.4 | Github | . | PHP 7.4.3-4ubuntu2.24 | Генерация страницы: 0.07 | proxy | phpinfo | Настройка