Creation of Cybook 2416 (actually Gen4) repository
This commit is contained in:
mlt
232
net/Kconfig
Normal file
232
net/Kconfig
Normal file
@@ -0,0 +1,232 @@
|
||||
#
|
||||
# Network configuration
|
||||
#
|
||||
|
||||
menu "Networking"
|
||||
|
||||
config NET
|
||||
bool "Networking support"
|
||||
---help---
|
||||
Unless you really know what you are doing, you should say Y here.
|
||||
The reason is that some programs need kernel networking support even
|
||||
when running on a stand-alone machine that isn't connected to any
|
||||
other computer.
|
||||
|
||||
If you are upgrading from an older kernel, you
|
||||
should consider updating your networking tools too because changes
|
||||
in the kernel and the tools often go hand in hand. The tools are
|
||||
contained in the package net-tools, the location and version number
|
||||
of which are given in <file:Documentation/Changes>.
|
||||
|
||||
For a general introduction to Linux networking, it is highly
|
||||
recommended to read the NET-HOWTO, available from
|
||||
<http://www.tldp.org/docs.html#howto>.
|
||||
|
||||
# Make sure that all config symbols are dependent on NET
|
||||
if NET
|
||||
|
||||
menu "Networking options"
|
||||
|
||||
config NETDEBUG
|
||||
bool "Network packet debugging"
|
||||
help
|
||||
You can say Y here if you want to get additional messages useful in
|
||||
debugging bad packets, but can overwhelm logs under denial of service
|
||||
attacks.
|
||||
|
||||
source "net/packet/Kconfig"
|
||||
source "net/unix/Kconfig"
|
||||
source "net/xfrm/Kconfig"
|
||||
source "net/iucv/Kconfig"
|
||||
|
||||
config INET
|
||||
bool "TCP/IP networking"
|
||||
---help---
|
||||
These are the protocols used on the Internet and on most local
|
||||
Ethernets. It is highly recommended to say Y here (this will enlarge
|
||||
your kernel by about 144 KB), since some programs (e.g. the X window
|
||||
system) use TCP/IP even if your machine is not connected to any
|
||||
other computer. You will get the so-called loopback device which
|
||||
allows you to ping yourself (great fun, that!).
|
||||
|
||||
For an excellent introduction to Linux networking, please read the
|
||||
Linux Networking HOWTO, available from
|
||||
<http://www.tldp.org/docs.html#howto>.
|
||||
|
||||
If you say Y here and also to "/proc file system support" and
|
||||
"Sysctl support" below, you can change various aspects of the
|
||||
behavior of the TCP/IP code by writing to the (virtual) files in
|
||||
/proc/sys/net/ipv4/*; the options are explained in the file
|
||||
<file:Documentation/networking/ip-sysctl.txt>.
|
||||
|
||||
Short answer: say Y.
|
||||
|
||||
if INET
|
||||
source "net/ipv4/Kconfig"
|
||||
source "net/ipv6/Kconfig"
|
||||
source "net/netlabel/Kconfig"
|
||||
|
||||
endif # if INET
|
||||
|
||||
config NETWORK_SECMARK
|
||||
bool "Security Marking"
|
||||
help
|
||||
This enables security marking of network packets, similar
|
||||
to nfmark, but designated for security purposes.
|
||||
If you are unsure how to answer this question, answer N.
|
||||
|
||||
menuconfig NETFILTER
|
||||
bool "Network packet filtering framework (Netfilter)"
|
||||
---help---
|
||||
Netfilter is a framework for filtering and mangling network packets
|
||||
that pass through your Linux box.
|
||||
|
||||
The most common use of packet filtering is to run your Linux box as
|
||||
a firewall protecting a local network from the Internet. The type of
|
||||
firewall provided by this kernel support is called a "packet
|
||||
filter", which means that it can reject individual network packets
|
||||
based on type, source, destination etc. The other kind of firewall,
|
||||
a "proxy-based" one, is more secure but more intrusive and more
|
||||
bothersome to set up; it inspects the network traffic much more
|
||||
closely, modifies it and has knowledge about the higher level
|
||||
protocols, which a packet filter lacks. Moreover, proxy-based
|
||||
firewalls often require changes to the programs running on the local
|
||||
clients. Proxy-based firewalls don't need support by the kernel, but
|
||||
they are often combined with a packet filter, which only works if
|
||||
you say Y here.
|
||||
|
||||
You should also say Y here if you intend to use your Linux box as
|
||||
the gateway to the Internet for a local network of machines without
|
||||
globally valid IP addresses. This is called "masquerading": if one
|
||||
of the computers on your local network wants to send something to
|
||||
the outside, your box can "masquerade" as that computer, i.e. it
|
||||
forwards the traffic to the intended outside destination, but
|
||||
modifies the packets to make it look like they came from the
|
||||
firewall box itself. It works both ways: if the outside host
|
||||
replies, the Linux box will silently forward the traffic to the
|
||||
correct local computer. This way, the computers on your local net
|
||||
are completely invisible to the outside world, even though they can
|
||||
reach the outside and can receive replies. It is even possible to
|
||||
run globally visible servers from within a masqueraded local network
|
||||
using a mechanism called portforwarding. Masquerading is also often
|
||||
called NAT (Network Address Translation).
|
||||
|
||||
Another use of Netfilter is in transparent proxying: if a machine on
|
||||
the local network tries to connect to an outside host, your Linux
|
||||
box can transparently forward the traffic to a local server,
|
||||
typically a caching proxy server.
|
||||
|
||||
Yet another use of Netfilter is building a bridging firewall. Using
|
||||
a bridge with Network packet filtering enabled makes iptables "see"
|
||||
the bridged traffic. For filtering on the lower network and Ethernet
|
||||
protocols over the bridge, use ebtables (under bridge netfilter
|
||||
configuration).
|
||||
|
||||
Various modules exist for netfilter which replace the previous
|
||||
masquerading (ipmasqadm), packet filtering (ipchains), transparent
|
||||
proxying, and portforwarding mechanisms. Please see
|
||||
<file:Documentation/Changes> under "iptables" for the location of
|
||||
these packages.
|
||||
|
||||
Make sure to say N to "Fast switching" below if you intend to say Y
|
||||
here, as Fast switching currently bypasses netfilter.
|
||||
|
||||
Chances are that you should say Y here if you compile a kernel which
|
||||
will run as a router and N for regular hosts. If unsure, say N.
|
||||
|
||||
if NETFILTER
|
||||
|
||||
config NETFILTER_DEBUG
|
||||
bool "Network packet filtering debugging"
|
||||
depends on NETFILTER
|
||||
help
|
||||
You can say Y here if you want to get additional messages useful in
|
||||
debugging the netfilter code.
|
||||
|
||||
config BRIDGE_NETFILTER
|
||||
bool "Bridged IP/ARP packets filtering"
|
||||
depends on BRIDGE && NETFILTER && INET
|
||||
default y
|
||||
---help---
|
||||
Enabling this option will let arptables resp. iptables see bridged
|
||||
ARP resp. IP traffic. If you want a bridging firewall, you probably
|
||||
want this option enabled.
|
||||
Enabling or disabling this option doesn't enable or disable
|
||||
ebtables.
|
||||
|
||||
If unsure, say N.
|
||||
|
||||
source "net/netfilter/Kconfig"
|
||||
source "net/ipv4/netfilter/Kconfig"
|
||||
source "net/ipv6/netfilter/Kconfig"
|
||||
source "net/decnet/netfilter/Kconfig"
|
||||
source "net/bridge/netfilter/Kconfig"
|
||||
|
||||
endif
|
||||
|
||||
source "net/dccp/Kconfig"
|
||||
source "net/sctp/Kconfig"
|
||||
source "net/tipc/Kconfig"
|
||||
source "net/atm/Kconfig"
|
||||
source "net/bridge/Kconfig"
|
||||
source "net/8021q/Kconfig"
|
||||
source "net/decnet/Kconfig"
|
||||
source "net/llc/Kconfig"
|
||||
source "net/ipx/Kconfig"
|
||||
source "drivers/net/appletalk/Kconfig"
|
||||
source "net/x25/Kconfig"
|
||||
source "net/lapb/Kconfig"
|
||||
source "net/econet/Kconfig"
|
||||
source "net/wanrouter/Kconfig"
|
||||
source "net/sched/Kconfig"
|
||||
|
||||
menu "Network testing"
|
||||
|
||||
config NET_PKTGEN
|
||||
tristate "Packet Generator (USE WITH CAUTION)"
|
||||
depends on PROC_FS
|
||||
---help---
|
||||
This module will inject preconfigured packets, at a configurable
|
||||
rate, out of a given interface. It is used for network interface
|
||||
stress testing and performance analysis. If you don't understand
|
||||
what was just said, you don't need it: say N.
|
||||
|
||||
Documentation on how to use the packet generator can be found
|
||||
at <file:Documentation/networking/pktgen.txt>.
|
||||
|
||||
To compile this code as a module, choose M here: the
|
||||
module will be called pktgen.
|
||||
|
||||
config NET_TCPPROBE
|
||||
tristate "TCP connection probing"
|
||||
depends on INET && EXPERIMENTAL && PROC_FS && KPROBES
|
||||
---help---
|
||||
This module allows for capturing the changes to TCP connection
|
||||
state in response to incoming packets. It is used for debugging
|
||||
TCP congestion avoidance modules. If you don't understand
|
||||
what was just said, you don't need it: say N.
|
||||
|
||||
Documentation on how to use TCP connection probing can be found
|
||||
at http://linux-net.osdl.org/index.php/TcpProbe
|
||||
|
||||
To compile this code as a module, choose M here: the
|
||||
module will be called tcp_probe.
|
||||
|
||||
endmenu
|
||||
|
||||
endmenu
|
||||
|
||||
source "net/ax25/Kconfig"
|
||||
source "net/irda/Kconfig"
|
||||
source "net/bluetooth/Kconfig"
|
||||
source "net/ieee80211/Kconfig"
|
||||
|
||||
config WIRELESS_EXT
|
||||
bool
|
||||
|
||||
config FIB_RULES
|
||||
bool
|
||||
|
||||
endif # if NET
|
||||
endmenu # Networking
|
||||
|
||||
Reference in New Issue
Block a user