2019-05-19 13:07:45 +01:00
# SPDX-License-Identifier: GPL-2.0-only
2005-04-16 15:20:36 -07:00
#
# Network device configuration
#
2007-06-13 12:48:53 -07:00
menuconfig NETDEVICES
2006-01-18 17:42:59 -08:00
default y if UML
2007-07-21 19:11:35 -07:00
depends on NET
2005-04-16 15:20:36 -07:00
bool "Network device support"
2020-06-14 01:50:22 +09:00
help
2005-04-16 15:20:36 -07:00
You can say N here if you don't intend to connect your Linux box to
any other computer at all.
You'll have to say Y if your computer contains a network card that
you want to use under Linux. If you are going to run SLIP or PPP over
telephone line or null modem cable you need say Y here. Connecting
two machines with parallel ports using PLIP needs this, as well as
AX.25/KISS for sending Internet traffic over amateur radio links.
See also "The Linux Network Administrator's Guide" by Olaf Kirch and
Terry Dawson. Available at <http://www.tldp.org/guides.html>.
If unsure, say Y.
2006-09-25 23:11:21 -07:00
# All the following symbols are dependent on NETDEVICES - do not repeat
# that for each of the symbols.
if NETDEVICES
2005-07-27 13:04:35 -07:00
2013-06-18 03:24:51 +01:00
config MII
tristate
2011-08-23 00:42:10 -07:00
config NET_CORE
default y
bool "Network core driver support"
2020-06-14 01:50:22 +09:00
help
2011-08-23 00:42:10 -07:00
You can say N here if you do not intend to use any of the
networking core drivers (i.e. VLAN, bridging, bonding, etc.)
if NET_CORE
config BONDING
tristate "Bonding driver support"
depends on INET
depends on IPV6 || IPV6=n
2021-01-25 12:31:59 +01:00
depends on TLS || TLS_DEVICE=n
2020-06-14 01:50:22 +09:00
help
2011-08-23 00:42:10 -07:00
Say 'Y' or 'M' if you wish to be able to 'bond' multiple Ethernet
Channels together. This is called 'Etherchannel' by Cisco,
'Trunking' by Sun, 802.3ad by the IEEE, and 'Bonding' in Linux.
The driver supports multiple bonding modes to allow for both high
performance and high availability operation.
2020-04-28 00:01:24 +02:00
Refer to <file:Documentation/networking/bonding.rst> for more
2011-08-23 00:42:10 -07:00
information.
2006-01-08 22:34:25 -08:00
To compile this driver as a module, choose M here: the module
2011-08-23 00:42:10 -07:00
will be called bonding.
2006-01-08 22:34:25 -08:00
2005-04-16 15:20:36 -07:00
config DUMMY
tristate "Dummy net driver support"
2020-06-14 01:50:22 +09:00
help
2005-04-16 15:20:36 -07:00
This is essentially a bit-bucket device (i.e. traffic you send to
this device is consigned into oblivion) with a configurable IP
address. It is most commonly used in order to make your currently
inactive SLIP address seem like a real address for local programs.
2016-04-23 12:58:03 +00:00
If you use SLIP or PPP, you might want to say Y here. It won't
enlarge your kernel. What a deal. Read about it in the Network
2005-04-16 15:20:36 -07:00
Administrator's Guide, available from
<http://www.tldp.org/docs.html#guide>.
To compile this driver as a module, choose M here: the module
2012-05-14 03:57:31 +00:00
will be called dummy.
2005-04-16 15:20:36 -07:00
net: WireGuard secure network tunnel
WireGuard is a layer 3 secure networking tunnel made specifically for
the kernel, that aims to be much simpler and easier to audit than IPsec.
Extensive documentation and description of the protocol and
considerations, along with formal proofs of the cryptography, are
available at:
* https://www.wireguard.com/
* https://www.wireguard.com/papers/wireguard.pdf
This commit implements WireGuard as a simple network device driver,
accessible in the usual RTNL way used by virtual network drivers. It
makes use of the udp_tunnel APIs, GRO, GSO, NAPI, and the usual set of
networking subsystem APIs. It has a somewhat novel multicore queueing
system designed for maximum throughput and minimal latency of encryption
operations, but it is implemented modestly using workqueues and NAPI.
Configuration is done via generic Netlink, and following a review from
the Netlink maintainer a year ago, several high profile userspace tools
have already implemented the API.
This commit also comes with several different tests, both in-kernel
tests and out-of-kernel tests based on network namespaces, taking profit
of the fact that sockets used by WireGuard intentionally stay in the
namespace the WireGuard interface was originally created, exactly like
the semantics of userspace tun devices. See wireguard.com/netns/ for
pictures and examples.
The source code is fairly short, but rather than combining everything
into a single file, WireGuard is developed as cleanly separable files,
making auditing and comprehension easier. Things are laid out as
follows:
* noise.[ch], cookie.[ch], messages.h: These implement the bulk of the
cryptographic aspects of the protocol, and are mostly data-only in
nature, taking in buffers of bytes and spitting out buffers of
bytes. They also handle reference counting for their various shared
pieces of data, like keys and key lists.
* ratelimiter.[ch]: Used as an integral part of cookie.[ch] for
ratelimiting certain types of cryptographic operations in accordance
with particular WireGuard semantics.
* allowedips.[ch], peerlookup.[ch]: The main lookup structures of
WireGuard, the former being trie-like with particular semantics, an
integral part of the design of the protocol, and the latter just
being nice helper functions around the various hashtables we use.
* device.[ch]: Implementation of functions for the netdevice and for
rtnl, responsible for maintaining the life of a given interface and
wiring it up to the rest of WireGuard.
* peer.[ch]: Each interface has a list of peers, with helper functions
available here for creation, destruction, and reference counting.
* socket.[ch]: Implementation of functions related to udp_socket and
the general set of kernel socket APIs, for sending and receiving
ciphertext UDP packets, and taking care of WireGuard-specific sticky
socket routing semantics for the automatic roaming.
* netlink.[ch]: Userspace API entry point for configuring WireGuard
peers and devices. The API has been implemented by several userspace
tools and network management utility, and the WireGuard project
distributes the basic wg(8) tool.
* queueing.[ch]: Shared function on the rx and tx path for handling
the various queues used in the multicore algorithms.
* send.c: Handles encrypting outgoing packets in parallel on
multiple cores, before sending them in order on a single core, via
workqueues and ring buffers. Also handles sending handshake and cookie
messages as part of the protocol, in parallel.
* receive.c: Handles decrypting incoming packets in parallel on
multiple cores, before passing them off in order to be ingested via
the rest of the networking subsystem with GRO via the typical NAPI
poll function. Also handles receiving handshake and cookie messages
as part of the protocol, in parallel.
* timers.[ch]: Uses the timer wheel to implement protocol particular
event timeouts, and gives a set of very simple event-driven entry
point functions for callers.
* main.c, version.h: Initialization and deinitialization of the module.
* selftest/*.h: Runtime unit tests for some of the most security
sensitive functions.
* tools/testing/selftests/wireguard/netns.sh: Aforementioned testing
script using network namespaces.
This commit aims to be as self-contained as possible, implementing
WireGuard as a standalone module not needing much special handling or
coordination from the network subsystem. I expect for future
optimizations to the network stack to positively improve WireGuard, and
vice-versa, but for the time being, this exists as intentionally
standalone.
We introduce a menu option for CONFIG_WIREGUARD, as well as providing a
verbose debug log and self-tests via CONFIG_WIREGUARD_DEBUG.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: David Miller <davem@davemloft.net>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: netdev@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-09 00:27:34 +01:00
config WIREGUARD
tristate "WireGuard secure network tunnel"
depends on NET && INET
depends on IPV6 || !IPV6
select NET_UDP_TUNNEL
select DST_CACHE
select CRYPTO
select CRYPTO_LIB_CURVE25519
select CRYPTO_LIB_CHACHA20POLY1305
select CRYPTO_LIB_BLAKE2S
select CRYPTO_CHACHA20_X86_64 if X86 && 64BIT
select CRYPTO_POLY1305_X86_64 if X86 && 64BIT
select CRYPTO_BLAKE2S_X86 if X86 && 64BIT
select CRYPTO_CURVE25519_X86 if X86 && 64BIT
2019-12-15 22:08:01 +01:00
select ARM_CRYPTO if ARM
select ARM64_CRYPTO if ARM64
2021-02-22 17:25:49 +01:00
select CRYPTO_CHACHA20_NEON if ARM || (ARM64 && KERNEL_MODE_NEON)
net: WireGuard secure network tunnel
WireGuard is a layer 3 secure networking tunnel made specifically for
the kernel, that aims to be much simpler and easier to audit than IPsec.
Extensive documentation and description of the protocol and
considerations, along with formal proofs of the cryptography, are
available at:
* https://www.wireguard.com/
* https://www.wireguard.com/papers/wireguard.pdf
This commit implements WireGuard as a simple network device driver,
accessible in the usual RTNL way used by virtual network drivers. It
makes use of the udp_tunnel APIs, GRO, GSO, NAPI, and the usual set of
networking subsystem APIs. It has a somewhat novel multicore queueing
system designed for maximum throughput and minimal latency of encryption
operations, but it is implemented modestly using workqueues and NAPI.
Configuration is done via generic Netlink, and following a review from
the Netlink maintainer a year ago, several high profile userspace tools
have already implemented the API.
This commit also comes with several different tests, both in-kernel
tests and out-of-kernel tests based on network namespaces, taking profit
of the fact that sockets used by WireGuard intentionally stay in the
namespace the WireGuard interface was originally created, exactly like
the semantics of userspace tun devices. See wireguard.com/netns/ for
pictures and examples.
The source code is fairly short, but rather than combining everything
into a single file, WireGuard is developed as cleanly separable files,
making auditing and comprehension easier. Things are laid out as
follows:
* noise.[ch], cookie.[ch], messages.h: These implement the bulk of the
cryptographic aspects of the protocol, and are mostly data-only in
nature, taking in buffers of bytes and spitting out buffers of
bytes. They also handle reference counting for their various shared
pieces of data, like keys and key lists.
* ratelimiter.[ch]: Used as an integral part of cookie.[ch] for
ratelimiting certain types of cryptographic operations in accordance
with particular WireGuard semantics.
* allowedips.[ch], peerlookup.[ch]: The main lookup structures of
WireGuard, the former being trie-like with particular semantics, an
integral part of the design of the protocol, and the latter just
being nice helper functions around the various hashtables we use.
* device.[ch]: Implementation of functions for the netdevice and for
rtnl, responsible for maintaining the life of a given interface and
wiring it up to the rest of WireGuard.
* peer.[ch]: Each interface has a list of peers, with helper functions
available here for creation, destruction, and reference counting.
* socket.[ch]: Implementation of functions related to udp_socket and
the general set of kernel socket APIs, for sending and receiving
ciphertext UDP packets, and taking care of WireGuard-specific sticky
socket routing semantics for the automatic roaming.
* netlink.[ch]: Userspace API entry point for configuring WireGuard
peers and devices. The API has been implemented by several userspace
tools and network management utility, and the WireGuard project
distributes the basic wg(8) tool.
* queueing.[ch]: Shared function on the rx and tx path for handling
the various queues used in the multicore algorithms.
* send.c: Handles encrypting outgoing packets in parallel on
multiple cores, before sending them in order on a single core, via
workqueues and ring buffers. Also handles sending handshake and cookie
messages as part of the protocol, in parallel.
* receive.c: Handles decrypting incoming packets in parallel on
multiple cores, before passing them off in order to be ingested via
the rest of the networking subsystem with GRO via the typical NAPI
poll function. Also handles receiving handshake and cookie messages
as part of the protocol, in parallel.
* timers.[ch]: Uses the timer wheel to implement protocol particular
event timeouts, and gives a set of very simple event-driven entry
point functions for callers.
* main.c, version.h: Initialization and deinitialization of the module.
* selftest/*.h: Runtime unit tests for some of the most security
sensitive functions.
* tools/testing/selftests/wireguard/netns.sh: Aforementioned testing
script using network namespaces.
This commit aims to be as self-contained as possible, implementing
WireGuard as a standalone module not needing much special handling or
coordination from the network subsystem. I expect for future
optimizations to the network stack to positively improve WireGuard, and
vice-versa, but for the time being, this exists as intentionally
standalone.
We introduce a menu option for CONFIG_WIREGUARD, as well as providing a
verbose debug log and self-tests via CONFIG_WIREGUARD_DEBUG.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: David Miller <davem@davemloft.net>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: netdev@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-09 00:27:34 +01:00
select CRYPTO_POLY1305_NEON if ARM64 && KERNEL_MODE_NEON
select CRYPTO_POLY1305_ARM if ARM
2020-12-23 00:10:00 -08:00
select CRYPTO_BLAKE2S_ARM if ARM
net: WireGuard secure network tunnel
WireGuard is a layer 3 secure networking tunnel made specifically for
the kernel, that aims to be much simpler and easier to audit than IPsec.
Extensive documentation and description of the protocol and
considerations, along with formal proofs of the cryptography, are
available at:
* https://www.wireguard.com/
* https://www.wireguard.com/papers/wireguard.pdf
This commit implements WireGuard as a simple network device driver,
accessible in the usual RTNL way used by virtual network drivers. It
makes use of the udp_tunnel APIs, GRO, GSO, NAPI, and the usual set of
networking subsystem APIs. It has a somewhat novel multicore queueing
system designed for maximum throughput and minimal latency of encryption
operations, but it is implemented modestly using workqueues and NAPI.
Configuration is done via generic Netlink, and following a review from
the Netlink maintainer a year ago, several high profile userspace tools
have already implemented the API.
This commit also comes with several different tests, both in-kernel
tests and out-of-kernel tests based on network namespaces, taking profit
of the fact that sockets used by WireGuard intentionally stay in the
namespace the WireGuard interface was originally created, exactly like
the semantics of userspace tun devices. See wireguard.com/netns/ for
pictures and examples.
The source code is fairly short, but rather than combining everything
into a single file, WireGuard is developed as cleanly separable files,
making auditing and comprehension easier. Things are laid out as
follows:
* noise.[ch], cookie.[ch], messages.h: These implement the bulk of the
cryptographic aspects of the protocol, and are mostly data-only in
nature, taking in buffers of bytes and spitting out buffers of
bytes. They also handle reference counting for their various shared
pieces of data, like keys and key lists.
* ratelimiter.[ch]: Used as an integral part of cookie.[ch] for
ratelimiting certain types of cryptographic operations in accordance
with particular WireGuard semantics.
* allowedips.[ch], peerlookup.[ch]: The main lookup structures of
WireGuard, the former being trie-like with particular semantics, an
integral part of the design of the protocol, and the latter just
being nice helper functions around the various hashtables we use.
* device.[ch]: Implementation of functions for the netdevice and for
rtnl, responsible for maintaining the life of a given interface and
wiring it up to the rest of WireGuard.
* peer.[ch]: Each interface has a list of peers, with helper functions
available here for creation, destruction, and reference counting.
* socket.[ch]: Implementation of functions related to udp_socket and
the general set of kernel socket APIs, for sending and receiving
ciphertext UDP packets, and taking care of WireGuard-specific sticky
socket routing semantics for the automatic roaming.
* netlink.[ch]: Userspace API entry point for configuring WireGuard
peers and devices. The API has been implemented by several userspace
tools and network management utility, and the WireGuard project
distributes the basic wg(8) tool.
* queueing.[ch]: Shared function on the rx and tx path for handling
the various queues used in the multicore algorithms.
* send.c: Handles encrypting outgoing packets in parallel on
multiple cores, before sending them in order on a single core, via
workqueues and ring buffers. Also handles sending handshake and cookie
messages as part of the protocol, in parallel.
* receive.c: Handles decrypting incoming packets in parallel on
multiple cores, before passing them off in order to be ingested via
the rest of the networking subsystem with GRO via the typical NAPI
poll function. Also handles receiving handshake and cookie messages
as part of the protocol, in parallel.
* timers.[ch]: Uses the timer wheel to implement protocol particular
event timeouts, and gives a set of very simple event-driven entry
point functions for callers.
* main.c, version.h: Initialization and deinitialization of the module.
* selftest/*.h: Runtime unit tests for some of the most security
sensitive functions.
* tools/testing/selftests/wireguard/netns.sh: Aforementioned testing
script using network namespaces.
This commit aims to be as self-contained as possible, implementing
WireGuard as a standalone module not needing much special handling or
coordination from the network subsystem. I expect for future
optimizations to the network stack to positively improve WireGuard, and
vice-versa, but for the time being, this exists as intentionally
standalone.
We introduce a menu option for CONFIG_WIREGUARD, as well as providing a
verbose debug log and self-tests via CONFIG_WIREGUARD_DEBUG.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: David Miller <davem@davemloft.net>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: netdev@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-09 00:27:34 +01:00
select CRYPTO_CURVE25519_NEON if ARM && KERNEL_MODE_NEON
select CRYPTO_CHACHA_MIPS if CPU_MIPS32_R2
2021-03-03 02:16:04 +01:00
select CRYPTO_POLY1305_MIPS if MIPS
net: WireGuard secure network tunnel
WireGuard is a layer 3 secure networking tunnel made specifically for
the kernel, that aims to be much simpler and easier to audit than IPsec.
Extensive documentation and description of the protocol and
considerations, along with formal proofs of the cryptography, are
available at:
* https://www.wireguard.com/
* https://www.wireguard.com/papers/wireguard.pdf
This commit implements WireGuard as a simple network device driver,
accessible in the usual RTNL way used by virtual network drivers. It
makes use of the udp_tunnel APIs, GRO, GSO, NAPI, and the usual set of
networking subsystem APIs. It has a somewhat novel multicore queueing
system designed for maximum throughput and minimal latency of encryption
operations, but it is implemented modestly using workqueues and NAPI.
Configuration is done via generic Netlink, and following a review from
the Netlink maintainer a year ago, several high profile userspace tools
have already implemented the API.
This commit also comes with several different tests, both in-kernel
tests and out-of-kernel tests based on network namespaces, taking profit
of the fact that sockets used by WireGuard intentionally stay in the
namespace the WireGuard interface was originally created, exactly like
the semantics of userspace tun devices. See wireguard.com/netns/ for
pictures and examples.
The source code is fairly short, but rather than combining everything
into a single file, WireGuard is developed as cleanly separable files,
making auditing and comprehension easier. Things are laid out as
follows:
* noise.[ch], cookie.[ch], messages.h: These implement the bulk of the
cryptographic aspects of the protocol, and are mostly data-only in
nature, taking in buffers of bytes and spitting out buffers of
bytes. They also handle reference counting for their various shared
pieces of data, like keys and key lists.
* ratelimiter.[ch]: Used as an integral part of cookie.[ch] for
ratelimiting certain types of cryptographic operations in accordance
with particular WireGuard semantics.
* allowedips.[ch], peerlookup.[ch]: The main lookup structures of
WireGuard, the former being trie-like with particular semantics, an
integral part of the design of the protocol, and the latter just
being nice helper functions around the various hashtables we use.
* device.[ch]: Implementation of functions for the netdevice and for
rtnl, responsible for maintaining the life of a given interface and
wiring it up to the rest of WireGuard.
* peer.[ch]: Each interface has a list of peers, with helper functions
available here for creation, destruction, and reference counting.
* socket.[ch]: Implementation of functions related to udp_socket and
the general set of kernel socket APIs, for sending and receiving
ciphertext UDP packets, and taking care of WireGuard-specific sticky
socket routing semantics for the automatic roaming.
* netlink.[ch]: Userspace API entry point for configuring WireGuard
peers and devices. The API has been implemented by several userspace
tools and network management utility, and the WireGuard project
distributes the basic wg(8) tool.
* queueing.[ch]: Shared function on the rx and tx path for handling
the various queues used in the multicore algorithms.
* send.c: Handles encrypting outgoing packets in parallel on
multiple cores, before sending them in order on a single core, via
workqueues and ring buffers. Also handles sending handshake and cookie
messages as part of the protocol, in parallel.
* receive.c: Handles decrypting incoming packets in parallel on
multiple cores, before passing them off in order to be ingested via
the rest of the networking subsystem with GRO via the typical NAPI
poll function. Also handles receiving handshake and cookie messages
as part of the protocol, in parallel.
* timers.[ch]: Uses the timer wheel to implement protocol particular
event timeouts, and gives a set of very simple event-driven entry
point functions for callers.
* main.c, version.h: Initialization and deinitialization of the module.
* selftest/*.h: Runtime unit tests for some of the most security
sensitive functions.
* tools/testing/selftests/wireguard/netns.sh: Aforementioned testing
script using network namespaces.
This commit aims to be as self-contained as possible, implementing
WireGuard as a standalone module not needing much special handling or
coordination from the network subsystem. I expect for future
optimizations to the network stack to positively improve WireGuard, and
vice-versa, but for the time being, this exists as intentionally
standalone.
We introduce a menu option for CONFIG_WIREGUARD, as well as providing a
verbose debug log and self-tests via CONFIG_WIREGUARD_DEBUG.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: David Miller <davem@davemloft.net>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: netdev@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-09 00:27:34 +01:00
help
WireGuard is a secure, fast, and easy to use replacement for IPSec
that uses modern cryptography and clever networking tricks. It's
designed to be fairly general purpose and abstract enough to fit most
use cases, while at the same time remaining extremely simple to
configure. See www.wireguard.com for more info.
It's safe to say Y or M here, as the driver is very lightweight and
is only in use when an administrator chooses to add an interface.
config WIREGUARD_DEBUG
bool "Debugging checks and verbose messages"
depends on WIREGUARD
help
This will write log messages for handshake and other events
that occur for a WireGuard interface. It will also perform some
extra validation checks and unit tests at various points. This is
only useful for debugging.
Say N here unless you know what you're doing.
2011-08-23 00:42:10 -07:00
config EQUALIZER
tristate "EQL (serial line load balancing) support"
2020-06-14 01:50:22 +09:00
help
2011-08-23 00:42:10 -07:00
If you have two serial connections to some other computer (this
usually requires two modems and two telephone lines) and you use
SLIP (the protocol for sending Internet traffic over telephone
lines) or PPP (a better SLIP) on them, you can make them behave like
one double speed connection using this driver. Naturally, this has
to be supported at the other end as well, either with a similar EQL
Linux driver or with a Livingston Portmaster 2e.
2005-04-16 15:20:36 -07:00
2011-08-23 00:42:10 -07:00
Say Y if you want this and read
2020-04-28 00:01:34 +02:00
<file:Documentation/networking/eql.rst>. You may also want to read
2011-08-23 00:42:10 -07:00
section 6.2 of the NET-3-HOWTO, available from
<http://www.tldp.org/docs.html#howto>.
2005-04-16 15:20:36 -07:00
2011-08-23 00:42:10 -07:00
To compile this driver as a module, choose M here: the module
will be called eql. If unsure, say N.
config NET_FC
bool "Fibre Channel driver support"
depends on SCSI && PCI
help
Fibre Channel is a high speed serial protocol mainly used to connect
large storage devices to the computer; it is compatible with and
intended to replace SCSI.
If you intend to use Fibre Channel, you need to have a Fibre channel
adaptor card in your computer; say Y here and to the driver for your
adaptor below. You also should have said Y to "SCSI support" and
"SCSI generic support".
2005-04-16 15:20:36 -07:00
2011-08-23 00:42:10 -07:00
config IFB
tristate "Intermediate Functional Block support"
depends on NET_CLS_ACT
2020-03-25 13:47:18 +01:00
select NET_REDIRECT
2020-06-14 01:50:22 +09:00
help
2011-08-23 00:42:10 -07:00
This is an intermediate driver that allows sharing of
resources.
2005-04-16 15:20:36 -07:00
To compile this driver as a module, choose M here: the module
2011-08-23 00:42:10 -07:00
will be called ifb. If you want to use more than one ifb
device at a time, you need to compile this driver as a module.
Instead of 'ifb', the devices will then be called 'ifb0',
'ifb1' etc.
Look at the iproute2 documentation directory for usage etc
2005-04-16 15:20:36 -07:00
2011-11-11 22:16:48 +00:00
source "drivers/net/team/Kconfig"
2007-07-14 18:55:06 -07:00
config MACVLAN
2012-10-02 11:17:55 -07:00
tristate "MAC-VLAN support"
2020-06-14 01:50:22 +09:00
help
2007-07-14 18:55:06 -07:00
This allows one to create virtual interfaces that map packets to
or from specific MAC addresses to a particular interface.
2008-02-26 17:52:05 -08:00
Macvlan devices can be added using the "ip" command from the
iproute2 package starting with the iproute2-2.6.23 release:
"ip link add link <real dev> [ address MAC ] [ NAME ] type macvlan"
2007-07-14 18:55:06 -07:00
To compile this driver as a module, choose M here: the module
will be called macvlan.
2010-01-30 12:24:26 +00:00
config MACVTAP
2012-10-02 11:17:55 -07:00
tristate "MAC-VLAN based tap driver"
2010-01-30 12:24:26 +00:00
depends on MACVLAN
2014-10-31 03:10:31 +00:00
depends on INET
2017-02-10 16:03:51 -08:00
select TAP
2010-01-30 12:24:26 +00:00
help
This adds a specialized tap character device driver that is based
on the MAC-VLAN network interface, called macvtap. A macvtap device
can be added in the same way as a macvlan device, using 'type
2014-02-10 21:40:51 +01:00
macvtap', and then be accessed through the tap user space interface.
2010-01-30 12:24:26 +00:00
To compile this driver as a module, choose M here: the module
will be called macvtap.
2019-02-08 13:55:31 +01:00
config IPVLAN_L3S
depends on NETFILTER
2019-02-13 08:55:02 -08:00
depends on IPVLAN
2019-02-08 13:55:31 +01:00
def_bool y
select NET_L3_MASTER_DEV
2014-11-23 23:07:46 -08:00
config IPVLAN
2019-11-21 21:28:28 +08:00
tristate "IP-VLAN support"
depends on INET
depends on IPV6 || !IPV6
2020-06-14 01:50:22 +09:00
help
2019-11-21 21:28:28 +08:00
This allows one to create virtual devices off of a main interface
and packets will be delivered based on the dest L3 (IPv6/IPv4 addr)
on packets. All interfaces (including the main interface) share L2
making it transparent to the connected L2 switch.
2014-11-23 23:07:46 -08:00
2019-11-21 21:28:28 +08:00
Ipvlan devices can be added using the "ip" command from the
iproute2 package starting with the iproute2-3.19 release:
2014-11-23 23:07:46 -08:00
2019-11-21 21:28:28 +08:00
"ip link add link <main-dev> [ NAME ] type ipvlan"
2014-11-23 23:07:46 -08:00
2019-11-21 21:28:28 +08:00
To compile this driver as a module, choose M here: the module
will be called ipvlan.
2014-11-23 23:07:46 -08:00
2017-02-10 16:03:52 -08:00
config IPVTAP
tristate "IP-VLAN based tap driver"
depends on IPVLAN
depends on INET
select TAP
2020-06-14 01:50:22 +09:00
help
2017-02-10 16:03:52 -08:00
This adds a specialized tap character device driver that is based
on the IP-VLAN network interface, called ipvtap. An ipvtap device
can be added in the same way as a ipvlan device, using 'type
ipvtap', and then be accessed through the tap user space interface.
To compile this driver as a module, choose M here: the module
will be called ipvtap.
2014-11-23 23:07:46 -08:00
2012-10-01 12:32:35 +00:00
config VXLAN
2019-11-21 21:28:28 +08:00
tristate "Virtual eXtensible Local Area Network (VXLAN)"
depends on INET
select NET_UDP_TUNNEL
select GRO_CELLS
2020-06-14 01:50:22 +09:00
help
2012-10-01 12:32:35 +00:00
This allows one to create vxlan virtual interfaces that provide
Layer 2 Networks over Layer 3 Networks. VXLAN is often used
to tunnel virtual network infrastructure in virtualized environments.
For more information see:
http://tools.ietf.org/html/draft-mahalingam-dutt-dcops-vxlan-02
To compile this driver as a module, choose M here: the module
will be called vxlan.
2015-05-13 12:57:30 -04:00
config GENEVE
2019-11-21 21:28:28 +08:00
tristate "Generic Network Virtualization Encapsulation"
depends on INET
depends on IPV6 || !IPV6
select NET_UDP_TUNNEL
select GRO_CELLS
2020-06-14 01:50:22 +09:00
help
2015-05-13 12:57:30 -04:00
This allows one to create geneve virtual interfaces that provide
Layer 2 Networks over Layer 3 Networks. GENEVE is often used
to tunnel virtual network infrastructure in virtualized environments.
For more information see:
http://tools.ietf.org/html/draft-gross-geneve-02
To compile this driver as a module, choose M here: the module
will be called geneve.
2020-02-24 10:57:50 +05:30
config BAREUDP
tristate "Bare UDP Encapsulation"
depends on INET
depends on IPV6 || !IPV6
select NET_UDP_TUNNEL
select GRO_CELLS
help
This adds a bare UDP tunnel module for tunnelling different
kinds of traffic like MPLS, IP, etc. inside a UDP tunnel.
To compile this driver as a module, choose M here: the module
will be called bareudp.
2016-05-09 00:55:48 +02:00
config GTP
tristate "GPRS Tunneling Protocol datapath (GTP-U)"
2019-03-16 01:00:50 +01:00
depends on INET
select NET_UDP_TUNNEL
2020-06-14 01:50:22 +09:00
help
2016-05-09 00:55:48 +02:00
This allows one to create gtp virtual interfaces that provide
the GPRS Tunneling Protocol datapath (GTP-U). This tunneling protocol
is used to prevent subscribers from accessing mobile carrier core
network infrastructure. This driver requires a userspace software that
implements the signaling protocol (GTP-C) to update its PDP context
base, such as OpenGGSN <http://git.osmocom.org/openggsn/). This
tunneling protocol is implemented according to the GSM TS 09.60 and
3GPP TS 29.060 standards.
To compile this drivers as a module, choose M here: the module
2020-12-04 19:45:49 +00:00
will be called gtp.
2016-05-09 00:55:48 +02:00
2016-03-11 18:07:33 +01:00
config MACSEC
tristate "IEEE 802.1AE MAC-level encryption (MACsec)"
2016-04-17 11:19:55 +02:00
select CRYPTO
2016-03-11 18:07:33 +01:00
select CRYPTO_AES
select CRYPTO_GCM
2017-02-07 15:37:15 -08:00
select GRO_CELLS
2020-06-14 01:50:22 +09:00
help
2016-03-11 18:07:33 +01:00
MACsec is an encryption standard for Ethernet.
2011-08-23 00:42:10 -07:00
config NETCONSOLE
tristate "Network console logging support"
2020-06-14 01:50:22 +09:00
help
2019-11-21 21:28:28 +08:00
If you want to log kernel messages over the network, enable this.
2020-04-30 18:04:02 +02:00
See <file:Documentation/networking/netconsole.rst> for details.
2005-04-16 15:20:36 -07:00
2011-08-23 00:42:10 -07:00
config NETCONSOLE_DYNAMIC
bool "Dynamic reconfiguration of logging targets"
depends on NETCONSOLE && SYSFS && CONFIGFS_FS && \
!(NETCONSOLE=y && CONFIGFS_FS=m)
help
This option enables the ability to dynamically reconfigure target
parameters (interface, IP addresses, port numbers, MAC addresses)
at runtime through a userspace interface exported using configfs.
2020-04-30 18:04:02 +02:00
See <file:Documentation/networking/netconsole.rst> for details.
2005-04-16 15:20:36 -07:00
2011-08-23 00:42:10 -07:00
config NETPOLL
def_bool NETCONSOLE
2014-12-05 11:24:45 -05:00
select SRCU
2011-08-23 00:42:10 -07:00
config NET_POLL_CONTROLLER
def_bool NETPOLL
2012-11-16 19:27:13 -07:00
config NTB_NETDEV
2015-05-07 06:45:21 -04:00
tristate "Virtual Ethernet over NTB Transport"
depends on NTB_TRANSPORT
2012-11-16 19:27:13 -07:00
2011-08-23 00:42:10 -07:00
config RIONET
tristate "RapidIO Ethernet over messaging driver support"
depends on RAPIDIO
config RIONET_TX_SIZE
int "Number of outbound queue entries"
depends on RIONET
default "128"
config RIONET_RX_SIZE
int "Number of inbound queue entries"
depends on RIONET
default "128"
2005-04-16 15:20:36 -07:00
config TUN
tristate "Universal TUN/TAP device driver support"
2014-10-31 03:10:31 +00:00
depends on INET
2005-04-16 15:20:36 -07:00
select CRC32
2020-06-14 01:50:22 +09:00
help
2005-04-16 15:20:36 -07:00
TUN/TAP provides packet reception and transmission for user space
programs. It can be viewed as a simple Point-to-Point or Ethernet
device, which instead of receiving packets from a physical media,
receives them from user space program and instead of sending packets
via physical media writes them to the user space program.
When a program opens /dev/net/tun, driver creates and registers
corresponding net device tunX or tapX. After a program closed above
devices, driver will automatically delete tunXX or tapXX device and
all routes corresponding to it.
2020-05-01 16:44:23 +02:00
Please read <file:Documentation/networking/tuntap.rst> for more
2005-04-16 15:20:36 -07:00
information.
To compile this driver as a module, choose M here: the module
will be called tun.
If you don't know what to use this for, you don't need it.
2017-02-10 16:03:51 -08:00
config TAP
tristate
2020-06-14 01:50:22 +09:00
help
2017-02-10 16:03:51 -08:00
This option is selected by any driver implementing tap user space
interface for a virtual interface to re-use core tap functionality.
2015-04-24 14:50:36 +02:00
config TUN_VNET_CROSS_LE
bool "Support for cross-endian vnet headers on little-endian kernels"
default n
2020-06-14 01:50:22 +09:00
help
2015-04-24 14:50:36 +02:00
This option allows TUN/TAP and MACVTAP device drivers in a
little-endian kernel to parse vnet headers that come from a
big-endian legacy virtio device.
Userspace programs can control the feature using the TUNSETVNETBE
and TUNGETVNETBE ioctls.
Unless you have a little-endian system hosting a big-endian virtual
machine with a legacy virtio NIC, you should say N.
2007-09-25 16:14:46 -07:00
config VETH
2007-11-06 20:35:55 -08:00
tristate "Virtual ethernet pair device"
2020-06-14 01:50:22 +09:00
help
2007-11-06 20:35:55 -08:00
This device is a local ethernet tunnel. Devices are created in pairs.
When one end receives the packet it appears on its pair and vice
versa.
2007-09-25 16:14:46 -07:00
2011-08-23 00:42:10 -07:00
config VIRTIO_NET
2012-10-02 11:17:55 -07:00
tristate "Virtio network driver"
depends on VIRTIO
2018-05-24 09:55:17 -07:00
select NET_FAILOVER
2020-06-14 01:50:22 +09:00
help
2011-08-23 00:42:10 -07:00
This is the virtual network driver for virtio. It can be used with
2017-08-16 19:31:57 +02:00
QEMU based VMMs (like KVM or Xen). Say Y or M.
2011-08-23 00:42:10 -07:00
packet: nlmon: virtual netlink monitoring device for packet sockets
Currently, there is no good possibility to debug netlink traffic that
is being exchanged between kernel and user space. Therefore, this patch
implements a netlink virtual device, so that netlink messages will be
made visible to PF_PACKET sockets. Once there was an approach with a
similar idea [1], but it got forgotten somehow.
I think it makes most sense to accept the "overhead" of an extra netlink
net device over implementing the same functionality from PF_PACKET
sockets once again into netlink sockets. We have BPF filters that can
already be easily applied which even have netlink extensions, we have
RX_RING zero-copy between kernel- and user space that can be reused,
and much more features. So instead of re-implementing all of this, we
simply pass the skb to a given PF_PACKET socket for further analysis.
Another nice benefit that comes from that is that no code needs to be
changed in user space packet analyzers (maybe adding a dissector, but
not more), thus out of the box, we can already capture pcap files of
netlink traffic to debug/troubleshoot netlink problems.
Also thanks goes to Thomas Graf, Flavio Leitner, Jesper Dangaard Brouer.
[1] http://marc.info/?l=linux-netdev&m=113813401516110
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-06-21 19:38:08 +02:00
config NLMON
tristate "Virtual netlink monitoring device"
2020-06-14 01:50:22 +09:00
help
packet: nlmon: virtual netlink monitoring device for packet sockets
Currently, there is no good possibility to debug netlink traffic that
is being exchanged between kernel and user space. Therefore, this patch
implements a netlink virtual device, so that netlink messages will be
made visible to PF_PACKET sockets. Once there was an approach with a
similar idea [1], but it got forgotten somehow.
I think it makes most sense to accept the "overhead" of an extra netlink
net device over implementing the same functionality from PF_PACKET
sockets once again into netlink sockets. We have BPF filters that can
already be easily applied which even have netlink extensions, we have
RX_RING zero-copy between kernel- and user space that can be reused,
and much more features. So instead of re-implementing all of this, we
simply pass the skb to a given PF_PACKET socket for further analysis.
Another nice benefit that comes from that is that no code needs to be
changed in user space packet analyzers (maybe adding a dissector, but
not more), thus out of the box, we can already capture pcap files of
netlink traffic to debug/troubleshoot netlink problems.
Also thanks goes to Thomas Graf, Flavio Leitner, Jesper Dangaard Brouer.
[1] http://marc.info/?l=linux-netdev&m=113813401516110
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-06-21 19:38:08 +02:00
This option enables a monitoring net device for netlink skbs. The
purpose of this is to analyze netlink messages with packet sockets.
Thus applications like tcpdump will be able to see local netlink
messages if they tap into the netlink device, record pcaps for further
diagnostics, etc. This is mostly intended for developers or support
to debug netlink issues. If unsure, say N.
2015-08-13 14:59:10 -06:00
config NET_VRF
tristate "Virtual Routing and Forwarding (Lite)"
2015-10-12 11:47:09 -07:00
depends on IP_MULTIPLE_TABLES
2015-09-29 20:07:12 -07:00
depends on NET_L3_MASTER_DEV
2015-10-12 11:47:09 -07:00
depends on IPV6 || IPV6=n
depends on IPV6_MULTIPLE_TABLES || IPV6=n
2020-06-14 01:50:22 +09:00
help
2015-08-13 14:59:10 -06:00
This option enables the support for mapping interfaces into VRF's. The
support enables VRF devices.
2017-04-21 10:10:45 +01:00
config VSOCKMON
2019-11-21 21:28:28 +08:00
tristate "Virtual vsock monitoring device"
depends on VHOST_VSOCK
2020-06-14 01:50:22 +09:00
help
2019-11-21 21:28:28 +08:00
This option enables a monitoring net device for vsock sockets. It is
mostly intended for developers or support to debug vsock issues. If
unsure, say N.
2017-04-21 10:10:45 +01:00
2020-11-03 18:23:54 +01:00
config MHI_NET
tristate "MHI network driver"
depends on MHI_BUS
help
This is the network driver for MHI bus. It can be used with
QCOM based WWAN modems (like SDX55). Say Y or M.
2011-08-23 00:42:10 -07:00
endif # NET_CORE
config SUNGEM_PHY
tristate
source "drivers/net/arcnet/Kconfig"
source "drivers/atm/Kconfig"
source "drivers/net/caif/Kconfig"
2011-11-27 17:08:33 +00:00
source "drivers/net/dsa/Kconfig"
2011-08-23 00:42:10 -07:00
source "drivers/net/ethernet/Kconfig"
source "drivers/net/fddi/Kconfig"
2011-11-08 10:31:10 +00:00
source "drivers/net/hippi/Kconfig"
2020-03-05 22:28:29 -06:00
source "drivers/net/ipa/Kconfig"
2005-04-16 15:20:36 -07:00
config NET_SB1000
tristate "General Instruments Surfboard 1000"
2005-07-27 13:04:35 -07:00
depends on PNP
2020-06-14 01:50:22 +09:00
help
2005-04-16 15:20:36 -07:00
This is a driver for the General Instrument (also known as
NextLevel) SURFboard 1000 internal
cable modem. This is an ISA card which is used by a number of cable
TV companies to provide cable modem access. It's a one-way
downstream-only cable modem, meaning that your upstream net link is
provided by your regular phone modem.
At present this driver only compiles as a module, so say M here if
you have this card. The module will be called sb1000. Then read
2020-06-26 10:27:24 -07:00
<file:Documentation/networking/device_drivers/cable/sb1000.rst> for
2018-12-03 17:43:28 -08:00
information on how to use this module, as it needs special ppp
scripts for establishing a connection. Further documentation
and the necessary scripts can be found at:
2005-04-16 15:20:36 -07:00
<http://www.jacksonville.net/~fventuri/>
<http://home.adelphia.net/~siglercm/sb1000.html>
<http://linuxpower.cx/~cable/>
If you don't have this card, of course say N.
2005-07-30 19:31:23 -04:00
source "drivers/net/phy/Kconfig"
2020-08-27 04:00:31 +02:00
source "drivers/net/mdio/Kconfig"
2020-08-27 04:00:28 +02:00
source "drivers/net/pcs/Kconfig"
2011-08-03 03:01:58 -07:00
source "drivers/net/plip/Kconfig"
2011-08-23 00:42:10 -07:00
source "drivers/net/ppp/Kconfig"
2011-08-03 03:17:13 -07:00
source "drivers/net/slip/Kconfig"
2011-08-23 00:42:10 -07:00
source "drivers/s390/net/Kconfig"
source "drivers/net/usb/Kconfig"
2005-04-16 15:20:36 -07:00
source "drivers/net/wireless/Kconfig"
source "drivers/net/wan/Kconfig"
2012-08-26 05:10:11 +00:00
source "drivers/net/ieee802154/Kconfig"
2007-07-17 18:37:06 -07:00
config XEN_NETDEV_FRONTEND
tristate "Xen network device frontend driver"
depends on XEN
2009-03-27 16:28:34 -07:00
select XEN_XENBUS_FRONTEND
2020-06-29 16:13:28 +03:00
select PAGE_POOL
2007-07-17 18:37:06 -07:00
default y
help
2011-03-15 00:06:18 +00:00
This driver provides support for Xen paravirtual network
devices exported by a Xen network driver domain (often
domain 0).
The corresponding Linux backend driver is enabled by the
CONFIG_XEN_NETDEV_BACKEND option.
If you are compiling a kernel for use as Xen guest, you
should say Y here. To compile this driver as a module, chose
M here: the module will be called xen-netfront.
config XEN_NETDEV_BACKEND
tristate "Xen backend network device"
depends on XEN_BACKEND
help
This driver allows the kernel to act as a Xen network driver
domain which exports paravirtual network devices to other
Xen domains. These devices can be accessed by any operating
system that implements a compatible front end.
The corresponding Linux frontend driver is enabled by the
CONFIG_XEN_NETDEV_FRONTEND configuration option.
The backend driver presents a standard network device
endpoint for each paravirtual network device to the driver
domain network stack. These can then be bridged or routed
etc in order to provide full network connectivity.
If you are compiling a kernel to run in a Xen network driver
domain (often this is domain 0) you should say Y here. To
compile this driver as a module, chose M here: the module
will be called xen-netback.
2007-07-17 18:37:06 -07:00
2009-10-13 00:15:51 -07:00
config VMXNET3
2010-11-11 12:31:21 +00:00
tristate "VMware VMXNET3 ethernet driver"
depends on PCI && INET
2017-02-17 16:08:30 +01:00
depends on !(PAGE_SIZE_64KB || ARM64_64K_PAGES || \
IA64_PAGE_SIZE_64KB || MICROBLAZE_64K_PAGES || \
PARISC_PAGE_SIZE_64KB || PPC_64K_PAGES)
2010-11-11 12:31:21 +00:00
help
This driver supports VMware's vmxnet3 virtual ethernet NIC.
To compile this driver as a module, choose M here: the
module will be called vmxnet3.
2009-10-13 00:15:51 -07:00
2015-08-21 17:29:17 +09:00
config FUJITSU_ES
tristate "FUJITSU Extended Socket Network Device driver"
depends on ACPI
help
This driver provides support for Extended Socket network device
2019-09-23 17:52:43 +02:00
on Extended Partitioning of FUJITSU PRIMEQUEST 2000 E2 series.
2015-08-21 17:29:17 +09:00
2019-12-17 15:33:41 +03:00
config USB4_NET
tristate "Networking over USB4 and Thunderbolt cables"
depends on USB4 && INET
2017-10-02 13:38:45 +03:00
help
2019-12-17 15:33:41 +03:00
Select this if you want to create network between two computers
over a USB4 and Thunderbolt cables. The driver supports Apple
2017-10-02 13:38:45 +03:00
ThunderboltIP protocol and allows communication with any host
supporting the same protocol including Windows and macOS.
To compile this driver a module, choose M here. The module will be
called thunderbolt-net.
2011-11-28 13:35:35 -08:00
source "drivers/net/hyperv/Kconfig"
2017-12-01 15:08:58 -08:00
config NETDEVSIM
tristate "Simulated networking device"
depends on DEBUG_FS
2020-01-16 21:14:04 +08:00
depends on INET
2020-01-14 13:23:15 +02:00
depends on IPV6 || IPV6=n
2019-03-24 11:14:38 +01:00
select NET_DEVLINK
2017-12-01 15:08:58 -08:00
help
This driver is a developer testing tool and software model that can
be used to test various control path networking APIs, especially
HW-offload related.
To compile this driver as a module, choose M here: the module
will be called netdevsim.
2018-05-24 09:55:15 -07:00
config NET_FAILOVER
tristate "Failover driver"
select FAILOVER
help
This provides an automated failover mechanism via APIs to create
and destroy a failover master netdev and manages a primary and
standby slave netdevs that get registered via the generic failover
infrastructure. This can be used by paravirtual drivers to enable
2019-01-17 18:02:18 +01:00
an alternate low latency datapath. It also enables live migration of
2018-05-24 09:55:15 -07:00
a VM with direct attached VF by failing over to the paravirtual
datapath when the VF is unplugged.
2007-06-13 12:48:53 -07:00
endif # NETDEVICES