mirror of
https://github.com/torvalds/linux.git
synced 2024-11-13 23:51:39 +00:00
aeac4ec8f4
On embedded systems with little memory and no relevant
security concerns, it is beneficial to reduce the size
of the table.
Reducing the size from 2^16 to 2^8 saves 255 KiB
of kernel RAM.
Makes the table size configurable as an expert option.
The size was previously increased from 2^8 to 2^16
in commit 4c2c8f03a5
("tcp: increase source port perturb table to
2^16").
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
754 lines
26 KiB
Plaintext
754 lines
26 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0-only
|
|
#
|
|
# IP configuration
|
|
#
|
|
config IP_MULTICAST
|
|
bool "IP: multicasting"
|
|
help
|
|
This is code for addressing several networked computers at once,
|
|
enlarging your kernel by about 2 KB. You need multicasting if you
|
|
intend to participate in the MBONE, a high bandwidth network on top
|
|
of the Internet which carries audio and video broadcasts. More
|
|
information about the MBONE is on the WWW at
|
|
<https://www.savetz.com/mbone/>. For most people, it's safe to say N.
|
|
|
|
config IP_ADVANCED_ROUTER
|
|
bool "IP: advanced router"
|
|
help
|
|
If you intend to run your Linux box mostly as a router, i.e. as a
|
|
computer that forwards and redistributes network packets, say Y; you
|
|
will then be presented with several options that allow more precise
|
|
control about the routing process.
|
|
|
|
The answer to this question won't directly affect the kernel:
|
|
answering N will just cause the configurator to skip all the
|
|
questions about advanced routing.
|
|
|
|
Note that your box can only act as a router if you enable IP
|
|
forwarding in your kernel; you can do that by saying Y to "/proc
|
|
file system support" and "Sysctl support" below and executing the
|
|
line
|
|
|
|
echo "1" > /proc/sys/net/ipv4/ip_forward
|
|
|
|
at boot time after the /proc file system has been mounted.
|
|
|
|
If you turn on IP forwarding, you should consider the rp_filter, which
|
|
automatically rejects incoming packets if the routing table entry
|
|
for their source address doesn't match the network interface they're
|
|
arriving on. This has security advantages because it prevents the
|
|
so-called IP spoofing, however it can pose problems if you use
|
|
asymmetric routing (packets from you to a host take a different path
|
|
than packets from that host to you) or if you operate a non-routing
|
|
host which has several IP addresses on different interfaces. To turn
|
|
rp_filter on use:
|
|
|
|
echo 1 > /proc/sys/net/ipv4/conf/<device>/rp_filter
|
|
or
|
|
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
|
|
|
|
Note that some distributions enable it in startup scripts.
|
|
For details about rp_filter strict and loose mode read
|
|
<file:Documentation/networking/ip-sysctl.rst>.
|
|
|
|
If unsure, say N here.
|
|
|
|
config IP_FIB_TRIE_STATS
|
|
bool "FIB TRIE statistics"
|
|
depends on IP_ADVANCED_ROUTER
|
|
help
|
|
Keep track of statistics on structure of FIB TRIE table.
|
|
Useful for testing and measuring TRIE performance.
|
|
|
|
config IP_MULTIPLE_TABLES
|
|
bool "IP: policy routing"
|
|
depends on IP_ADVANCED_ROUTER
|
|
select FIB_RULES
|
|
help
|
|
Normally, a router decides what to do with a received packet based
|
|
solely on the packet's final destination address. If you say Y here,
|
|
the Linux router will also be able to take the packet's source
|
|
address into account. Furthermore, the TOS (Type-Of-Service) field
|
|
of the packet can be used for routing decisions as well.
|
|
|
|
If you need more information, see the Linux Advanced
|
|
Routing and Traffic Control documentation at
|
|
<https://lartc.org/howto/lartc.rpdb.html>
|
|
|
|
If unsure, say N.
|
|
|
|
config IP_ROUTE_MULTIPATH
|
|
bool "IP: equal cost multipath"
|
|
depends on IP_ADVANCED_ROUTER
|
|
help
|
|
Normally, the routing tables specify a single action to be taken in
|
|
a deterministic manner for a given packet. If you say Y here
|
|
however, it becomes possible to attach several actions to a packet
|
|
pattern, in effect specifying several alternative paths to travel
|
|
for those packets. The router considers all these paths to be of
|
|
equal "cost" and chooses one of them in a non-deterministic fashion
|
|
if a matching packet arrives.
|
|
|
|
config IP_ROUTE_VERBOSE
|
|
bool "IP: verbose route monitoring"
|
|
depends on IP_ADVANCED_ROUTER
|
|
help
|
|
If you say Y here, which is recommended, then the kernel will print
|
|
verbose messages regarding the routing, for example warnings about
|
|
received packets which look strange and could be evidence of an
|
|
attack or a misconfigured system somewhere. The information is
|
|
handled by the klogd daemon which is responsible for kernel messages
|
|
("man klogd").
|
|
|
|
config IP_ROUTE_CLASSID
|
|
bool
|
|
|
|
config IP_PNP
|
|
bool "IP: kernel level autoconfiguration"
|
|
help
|
|
This enables automatic configuration of IP addresses of devices and
|
|
of the routing table during kernel boot, based on either information
|
|
supplied on the kernel command line or by BOOTP or RARP protocols.
|
|
You need to say Y only for diskless machines requiring network
|
|
access to boot (in which case you want to say Y to "Root file system
|
|
on NFS" as well), because all other machines configure the network
|
|
in their startup scripts.
|
|
|
|
config IP_PNP_DHCP
|
|
bool "IP: DHCP support"
|
|
depends on IP_PNP
|
|
help
|
|
If you want your Linux box to mount its whole root file system (the
|
|
one containing the directory /) from some other computer over the
|
|
net via NFS and you want the IP address of your computer to be
|
|
discovered automatically at boot time using the DHCP protocol (a
|
|
special protocol designed for doing this job), say Y here. In case
|
|
the boot ROM of your network card was designed for booting Linux and
|
|
does DHCP itself, providing all necessary information on the kernel
|
|
command line, you can say N here.
|
|
|
|
If unsure, say Y. Note that if you want to use DHCP, a DHCP server
|
|
must be operating on your network. Read
|
|
<file:Documentation/admin-guide/nfs/nfsroot.rst> for details.
|
|
|
|
config IP_PNP_BOOTP
|
|
bool "IP: BOOTP support"
|
|
depends on IP_PNP
|
|
help
|
|
If you want your Linux box to mount its whole root file system (the
|
|
one containing the directory /) from some other computer over the
|
|
net via NFS and you want the IP address of your computer to be
|
|
discovered automatically at boot time using the BOOTP protocol (a
|
|
special protocol designed for doing this job), say Y here. In case
|
|
the boot ROM of your network card was designed for booting Linux and
|
|
does BOOTP itself, providing all necessary information on the kernel
|
|
command line, you can say N here. If unsure, say Y. Note that if you
|
|
want to use BOOTP, a BOOTP server must be operating on your network.
|
|
Read <file:Documentation/admin-guide/nfs/nfsroot.rst> for details.
|
|
|
|
config IP_PNP_RARP
|
|
bool "IP: RARP support"
|
|
depends on IP_PNP
|
|
help
|
|
If you want your Linux box to mount its whole root file system (the
|
|
one containing the directory /) from some other computer over the
|
|
net via NFS and you want the IP address of your computer to be
|
|
discovered automatically at boot time using the RARP protocol (an
|
|
older protocol which is being obsoleted by BOOTP and DHCP), say Y
|
|
here. Note that if you want to use RARP, a RARP server must be
|
|
operating on your network. Read
|
|
<file:Documentation/admin-guide/nfs/nfsroot.rst> for details.
|
|
|
|
config NET_IPIP
|
|
tristate "IP: tunneling"
|
|
select INET_TUNNEL
|
|
select NET_IP_TUNNEL
|
|
help
|
|
Tunneling means encapsulating data of one protocol type within
|
|
another protocol and sending it over a channel that understands the
|
|
encapsulating protocol. This particular tunneling driver implements
|
|
encapsulation of IP within IP, which sounds kind of pointless, but
|
|
can be useful if you want to make your (or some other) machine
|
|
appear on a different network than it physically is, or to use
|
|
mobile-IP facilities (allowing laptops to seamlessly move between
|
|
networks without changing their IP addresses).
|
|
|
|
Saying Y to this option will produce two modules ( = code which can
|
|
be inserted in and removed from the running kernel whenever you
|
|
want). Most people won't need this and can say N.
|
|
|
|
config NET_IPGRE_DEMUX
|
|
tristate "IP: GRE demultiplexer"
|
|
help
|
|
This is helper module to demultiplex GRE packets on GRE version field criteria.
|
|
Required by ip_gre and pptp modules.
|
|
|
|
config NET_IP_TUNNEL
|
|
tristate
|
|
select DST_CACHE
|
|
select GRO_CELLS
|
|
default n
|
|
|
|
config NET_IPGRE
|
|
tristate "IP: GRE tunnels over IP"
|
|
depends on (IPV6 || IPV6=n) && NET_IPGRE_DEMUX
|
|
select NET_IP_TUNNEL
|
|
help
|
|
Tunneling means encapsulating data of one protocol type within
|
|
another protocol and sending it over a channel that understands the
|
|
encapsulating protocol. This particular tunneling driver implements
|
|
GRE (Generic Routing Encapsulation) and at this time allows
|
|
encapsulating of IPv4 or IPv6 over existing IPv4 infrastructure.
|
|
This driver is useful if the other endpoint is a Cisco router: Cisco
|
|
likes GRE much better than the other Linux tunneling driver ("IP
|
|
tunneling" above). In addition, GRE allows multicast redistribution
|
|
through the tunnel.
|
|
|
|
config NET_IPGRE_BROADCAST
|
|
bool "IP: broadcast GRE over IP"
|
|
depends on IP_MULTICAST && NET_IPGRE
|
|
help
|
|
One application of GRE/IP is to construct a broadcast WAN (Wide Area
|
|
Network), which looks like a normal Ethernet LAN (Local Area
|
|
Network), but can be distributed all over the Internet. If you want
|
|
to do that, say Y here and to "IP multicast routing" below.
|
|
|
|
config IP_MROUTE_COMMON
|
|
bool
|
|
depends on IP_MROUTE || IPV6_MROUTE
|
|
|
|
config IP_MROUTE
|
|
bool "IP: multicast routing"
|
|
depends on IP_MULTICAST
|
|
select IP_MROUTE_COMMON
|
|
help
|
|
This is used if you want your machine to act as a router for IP
|
|
packets that have several destination addresses. It is needed on the
|
|
MBONE, a high bandwidth network on top of the Internet which carries
|
|
audio and video broadcasts. In order to do that, you would most
|
|
likely run the program mrouted. If you haven't heard about it, you
|
|
don't need it.
|
|
|
|
config IP_MROUTE_MULTIPLE_TABLES
|
|
bool "IP: multicast policy routing"
|
|
depends on IP_MROUTE && IP_ADVANCED_ROUTER
|
|
select FIB_RULES
|
|
help
|
|
Normally, a multicast router runs a userspace daemon and decides
|
|
what to do with a multicast packet based on the source and
|
|
destination addresses. If you say Y here, the multicast router
|
|
will also be able to take interfaces and packet marks into
|
|
account and run multiple instances of userspace daemons
|
|
simultaneously, each one handling a single table.
|
|
|
|
If unsure, say N.
|
|
|
|
config IP_PIMSM_V1
|
|
bool "IP: PIM-SM version 1 support"
|
|
depends on IP_MROUTE
|
|
help
|
|
Kernel side support for Sparse Mode PIM (Protocol Independent
|
|
Multicast) version 1. This multicast routing protocol is used widely
|
|
because Cisco supports it. You need special software to use it
|
|
(pimd-v1). Please see <http://netweb.usc.edu/pim/> for more
|
|
information about PIM.
|
|
|
|
Say Y if you want to use PIM-SM v1. Note that you can say N here if
|
|
you just want to use Dense Mode PIM.
|
|
|
|
config IP_PIMSM_V2
|
|
bool "IP: PIM-SM version 2 support"
|
|
depends on IP_MROUTE
|
|
help
|
|
Kernel side support for Sparse Mode PIM version 2. In order to use
|
|
this, you need an experimental routing daemon supporting it (pimd or
|
|
gated-5). This routing protocol is not used widely, so say N unless
|
|
you want to play with it.
|
|
|
|
config SYN_COOKIES
|
|
bool "IP: TCP syncookie support"
|
|
help
|
|
Normal TCP/IP networking is open to an attack known as "SYN
|
|
flooding". This denial-of-service attack prevents legitimate remote
|
|
users from being able to connect to your computer during an ongoing
|
|
attack and requires very little work from the attacker, who can
|
|
operate from anywhere on the Internet.
|
|
|
|
SYN cookies provide protection against this type of attack. If you
|
|
say Y here, the TCP/IP stack will use a cryptographic challenge
|
|
protocol known as "SYN cookies" to enable legitimate users to
|
|
continue to connect, even when your machine is under attack. There
|
|
is no need for the legitimate users to change their TCP/IP software;
|
|
SYN cookies work transparently to them. For technical information
|
|
about SYN cookies, check out <https://cr.yp.to/syncookies.html>.
|
|
|
|
If you are SYN flooded, the source address reported by the kernel is
|
|
likely to have been forged by the attacker; it is only reported as
|
|
an aid in tracing the packets to their actual source and should not
|
|
be taken as absolute truth.
|
|
|
|
SYN cookies may prevent correct error reporting on clients when the
|
|
server is really overloaded. If this happens frequently better turn
|
|
them off.
|
|
|
|
If you say Y here, you can disable SYN cookies at run time by
|
|
saying Y to "/proc file system support" and
|
|
"Sysctl support" below and executing the command
|
|
|
|
echo 0 > /proc/sys/net/ipv4/tcp_syncookies
|
|
|
|
after the /proc file system has been mounted.
|
|
|
|
If unsure, say N.
|
|
|
|
config NET_IPVTI
|
|
tristate "Virtual (secure) IP: tunneling"
|
|
depends on IPV6 || IPV6=n
|
|
select INET_TUNNEL
|
|
select NET_IP_TUNNEL
|
|
select XFRM
|
|
help
|
|
Tunneling means encapsulating data of one protocol type within
|
|
another protocol and sending it over a channel that understands the
|
|
encapsulating protocol. This can be used with xfrm mode tunnel to give
|
|
the notion of a secure tunnel for IPSEC and then use routing protocol
|
|
on top.
|
|
|
|
config NET_UDP_TUNNEL
|
|
tristate
|
|
select NET_IP_TUNNEL
|
|
default n
|
|
|
|
config NET_FOU
|
|
tristate "IP: Foo (IP protocols) over UDP"
|
|
select NET_UDP_TUNNEL
|
|
help
|
|
Foo over UDP allows any IP protocol to be directly encapsulated
|
|
over UDP include tunnels (IPIP, GRE, SIT). By encapsulating in UDP
|
|
network mechanisms and optimizations for UDP (such as ECMP
|
|
and RSS) can be leveraged to provide better service.
|
|
|
|
config NET_FOU_IP_TUNNELS
|
|
bool "IP: FOU encapsulation of IP tunnels"
|
|
depends on NET_IPIP || NET_IPGRE || IPV6_SIT
|
|
select NET_FOU
|
|
help
|
|
Allow configuration of FOU or GUE encapsulation for IP tunnels.
|
|
When this option is enabled IP tunnels can be configured to use
|
|
FOU or GUE encapsulation.
|
|
|
|
config INET_AH
|
|
tristate "IP: AH transformation"
|
|
select XFRM_AH
|
|
help
|
|
Support for IPsec AH (Authentication Header).
|
|
|
|
AH can be used with various authentication algorithms. Besides
|
|
enabling AH support itself, this option enables the generic
|
|
implementations of the algorithms that RFC 8221 lists as MUST be
|
|
implemented. If you need any other algorithms, you'll need to enable
|
|
them in the crypto API. You should also enable accelerated
|
|
implementations of any needed algorithms when available.
|
|
|
|
If unsure, say Y.
|
|
|
|
config INET_ESP
|
|
tristate "IP: ESP transformation"
|
|
select XFRM_ESP
|
|
help
|
|
Support for IPsec ESP (Encapsulating Security Payload).
|
|
|
|
ESP can be used with various encryption and authentication algorithms.
|
|
Besides enabling ESP support itself, this option enables the generic
|
|
implementations of the algorithms that RFC 8221 lists as MUST be
|
|
implemented. If you need any other algorithms, you'll need to enable
|
|
them in the crypto API. You should also enable accelerated
|
|
implementations of any needed algorithms when available.
|
|
|
|
If unsure, say Y.
|
|
|
|
config INET_ESP_OFFLOAD
|
|
tristate "IP: ESP transformation offload"
|
|
depends on INET_ESP
|
|
select XFRM_OFFLOAD
|
|
default n
|
|
help
|
|
Support for ESP transformation offload. This makes sense
|
|
only if this system really does IPsec and want to do it
|
|
with high throughput. A typical desktop system does not
|
|
need it, even if it does IPsec.
|
|
|
|
If unsure, say N.
|
|
|
|
config INET_ESPINTCP
|
|
bool "IP: ESP in TCP encapsulation (RFC 8229)"
|
|
depends on XFRM && INET_ESP
|
|
select STREAM_PARSER
|
|
select NET_SOCK_MSG
|
|
select XFRM_ESPINTCP
|
|
help
|
|
Support for RFC 8229 encapsulation of ESP and IKE over
|
|
TCP/IPv4 sockets.
|
|
|
|
If unsure, say N.
|
|
|
|
config INET_IPCOMP
|
|
tristate "IP: IPComp transformation"
|
|
select INET_XFRM_TUNNEL
|
|
select XFRM_IPCOMP
|
|
help
|
|
Support for IP Payload Compression Protocol (IPComp) (RFC3173),
|
|
typically needed for IPsec.
|
|
|
|
If unsure, say Y.
|
|
|
|
config INET_TABLE_PERTURB_ORDER
|
|
int "INET: Source port perturbation table size (as power of 2)" if EXPERT
|
|
default 16
|
|
help
|
|
Source port perturbation table size (as power of 2) for
|
|
RFC 6056 3.3.4. Algorithm 4: Double-Hash Port Selection Algorithm.
|
|
|
|
The default is almost always what you want.
|
|
Only change this if you know what you are doing.
|
|
|
|
config INET_XFRM_TUNNEL
|
|
tristate
|
|
select INET_TUNNEL
|
|
default n
|
|
|
|
config INET_TUNNEL
|
|
tristate
|
|
default n
|
|
|
|
config INET_DIAG
|
|
tristate "INET: socket monitoring interface"
|
|
default y
|
|
help
|
|
Support for INET (TCP, DCCP, etc) socket monitoring interface used by
|
|
native Linux tools such as ss. ss is included in iproute2, currently
|
|
downloadable at:
|
|
|
|
http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2
|
|
|
|
If unsure, say Y.
|
|
|
|
config INET_TCP_DIAG
|
|
depends on INET_DIAG
|
|
def_tristate INET_DIAG
|
|
|
|
config INET_UDP_DIAG
|
|
tristate "UDP: socket monitoring interface"
|
|
depends on INET_DIAG && (IPV6 || IPV6=n)
|
|
default n
|
|
help
|
|
Support for UDP socket monitoring interface used by the ss tool.
|
|
If unsure, say Y.
|
|
|
|
config INET_RAW_DIAG
|
|
tristate "RAW: socket monitoring interface"
|
|
depends on INET_DIAG && (IPV6 || IPV6=n)
|
|
default n
|
|
help
|
|
Support for RAW socket monitoring interface used by the ss tool.
|
|
If unsure, say Y.
|
|
|
|
config INET_DIAG_DESTROY
|
|
bool "INET: allow privileged process to administratively close sockets"
|
|
depends on INET_DIAG
|
|
default n
|
|
help
|
|
Provides a SOCK_DESTROY operation that allows privileged processes
|
|
(e.g., a connection manager or a network administration tool such as
|
|
ss) to close sockets opened by other processes. Closing a socket in
|
|
this way interrupts any blocking read/write/connect operations on
|
|
the socket and causes future socket calls to behave as if the socket
|
|
had been disconnected.
|
|
If unsure, say N.
|
|
|
|
menuconfig TCP_CONG_ADVANCED
|
|
bool "TCP: advanced congestion control"
|
|
help
|
|
Support for selection of various TCP congestion control
|
|
modules.
|
|
|
|
Nearly all users can safely say no here, and a safe default
|
|
selection will be made (CUBIC with new Reno as a fallback).
|
|
|
|
If unsure, say N.
|
|
|
|
if TCP_CONG_ADVANCED
|
|
|
|
config TCP_CONG_BIC
|
|
tristate "Binary Increase Congestion (BIC) control"
|
|
default m
|
|
help
|
|
BIC-TCP is a sender-side only change that ensures a linear RTT
|
|
fairness under large windows while offering both scalability and
|
|
bounded TCP-friendliness. The protocol combines two schemes
|
|
called additive increase and binary search increase. When the
|
|
congestion window is large, additive increase with a large
|
|
increment ensures linear RTT fairness as well as good
|
|
scalability. Under small congestion windows, binary search
|
|
increase provides TCP friendliness.
|
|
See http://www.csc.ncsu.edu/faculty/rhee/export/bitcp/
|
|
|
|
config TCP_CONG_CUBIC
|
|
tristate "CUBIC TCP"
|
|
default y
|
|
help
|
|
This is version 2.0 of BIC-TCP which uses a cubic growth function
|
|
among other techniques.
|
|
See http://www.csc.ncsu.edu/faculty/rhee/export/bitcp/cubic-paper.pdf
|
|
|
|
config TCP_CONG_WESTWOOD
|
|
tristate "TCP Westwood+"
|
|
default m
|
|
help
|
|
TCP Westwood+ is a sender-side only modification of the TCP Reno
|
|
protocol stack that optimizes the performance of TCP congestion
|
|
control. It is based on end-to-end bandwidth estimation to set
|
|
congestion window and slow start threshold after a congestion
|
|
episode. Using this estimation, TCP Westwood+ adaptively sets a
|
|
slow start threshold and a congestion window which takes into
|
|
account the bandwidth used at the time congestion is experienced.
|
|
TCP Westwood+ significantly increases fairness wrt TCP Reno in
|
|
wired networks and throughput over wireless links.
|
|
|
|
config TCP_CONG_HTCP
|
|
tristate "H-TCP"
|
|
default m
|
|
help
|
|
H-TCP is a send-side only modifications of the TCP Reno
|
|
protocol stack that optimizes the performance of TCP
|
|
congestion control for high speed network links. It uses a
|
|
modeswitch to change the alpha and beta parameters of TCP Reno
|
|
based on network conditions and in a way so as to be fair with
|
|
other Reno and H-TCP flows.
|
|
|
|
config TCP_CONG_HSTCP
|
|
tristate "High Speed TCP"
|
|
default n
|
|
help
|
|
Sally Floyd's High Speed TCP (RFC 3649) congestion control.
|
|
A modification to TCP's congestion control mechanism for use
|
|
with large congestion windows. A table indicates how much to
|
|
increase the congestion window by when an ACK is received.
|
|
For more detail see https://www.icir.org/floyd/hstcp.html
|
|
|
|
config TCP_CONG_HYBLA
|
|
tristate "TCP-Hybla congestion control algorithm"
|
|
default n
|
|
help
|
|
TCP-Hybla is a sender-side only change that eliminates penalization of
|
|
long-RTT, large-bandwidth connections, like when satellite legs are
|
|
involved, especially when sharing a common bottleneck with normal
|
|
terrestrial connections.
|
|
|
|
config TCP_CONG_VEGAS
|
|
tristate "TCP Vegas"
|
|
default n
|
|
help
|
|
TCP Vegas is a sender-side only change to TCP that anticipates
|
|
the onset of congestion by estimating the bandwidth. TCP Vegas
|
|
adjusts the sending rate by modifying the congestion
|
|
window. TCP Vegas should provide less packet loss, but it is
|
|
not as aggressive as TCP Reno.
|
|
|
|
config TCP_CONG_NV
|
|
tristate "TCP NV"
|
|
default n
|
|
help
|
|
TCP NV is a follow up to TCP Vegas. It has been modified to deal with
|
|
10G networks, measurement noise introduced by LRO, GRO and interrupt
|
|
coalescence. In addition, it will decrease its cwnd multiplicatively
|
|
instead of linearly.
|
|
|
|
Note that in general congestion avoidance (cwnd decreased when # packets
|
|
queued grows) cannot coexist with congestion control (cwnd decreased only
|
|
when there is packet loss) due to fairness issues. One scenario when they
|
|
can coexist safely is when the CA flows have RTTs << CC flows RTTs.
|
|
|
|
For further details see http://www.brakmo.org/networking/tcp-nv/
|
|
|
|
config TCP_CONG_SCALABLE
|
|
tristate "Scalable TCP"
|
|
default n
|
|
help
|
|
Scalable TCP is a sender-side only change to TCP which uses a
|
|
MIMD congestion control algorithm which has some nice scaling
|
|
properties, though is known to have fairness issues.
|
|
See http://www.deneholme.net/tom/scalable/
|
|
|
|
config TCP_CONG_LP
|
|
tristate "TCP Low Priority"
|
|
default n
|
|
help
|
|
TCP Low Priority (TCP-LP), a distributed algorithm whose goal is
|
|
to utilize only the excess network bandwidth as compared to the
|
|
``fair share`` of bandwidth as targeted by TCP.
|
|
See http://www-ece.rice.edu/networks/TCP-LP/
|
|
|
|
config TCP_CONG_VENO
|
|
tristate "TCP Veno"
|
|
default n
|
|
help
|
|
TCP Veno is a sender-side only enhancement of TCP to obtain better
|
|
throughput over wireless networks. TCP Veno makes use of state
|
|
distinguishing to circumvent the difficult judgment of the packet loss
|
|
type. TCP Veno cuts down less congestion window in response to random
|
|
loss packets.
|
|
See <http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=1177186>
|
|
|
|
config TCP_CONG_YEAH
|
|
tristate "YeAH TCP"
|
|
select TCP_CONG_VEGAS
|
|
default n
|
|
help
|
|
YeAH-TCP is a sender-side high-speed enabled TCP congestion control
|
|
algorithm, which uses a mixed loss/delay approach to compute the
|
|
congestion window. It's design goals target high efficiency,
|
|
internal, RTT and Reno fairness, resilience to link loss while
|
|
keeping network elements load as low as possible.
|
|
|
|
For further details look here:
|
|
http://wil.cs.caltech.edu/pfldnet2007/paper/YeAH_TCP.pdf
|
|
|
|
config TCP_CONG_ILLINOIS
|
|
tristate "TCP Illinois"
|
|
default n
|
|
help
|
|
TCP-Illinois is a sender-side modification of TCP Reno for
|
|
high speed long delay links. It uses round-trip-time to
|
|
adjust the alpha and beta parameters to achieve a higher average
|
|
throughput and maintain fairness.
|
|
|
|
For further details see:
|
|
http://www.ews.uiuc.edu/~shaoliu/tcpillinois/index.html
|
|
|
|
config TCP_CONG_DCTCP
|
|
tristate "DataCenter TCP (DCTCP)"
|
|
default n
|
|
help
|
|
DCTCP leverages Explicit Congestion Notification (ECN) in the network to
|
|
provide multi-bit feedback to the end hosts. It is designed to provide:
|
|
|
|
- High burst tolerance (incast due to partition/aggregate),
|
|
- Low latency (short flows, queries),
|
|
- High throughput (continuous data updates, large file transfers) with
|
|
commodity, shallow-buffered switches.
|
|
|
|
All switches in the data center network running DCTCP must support
|
|
ECN marking and be configured for marking when reaching defined switch
|
|
buffer thresholds. The default ECN marking threshold heuristic for
|
|
DCTCP on switches is 20 packets (30KB) at 1Gbps, and 65 packets
|
|
(~100KB) at 10Gbps, but might need further careful tweaking.
|
|
|
|
For further details see:
|
|
http://simula.stanford.edu/~alizade/Site/DCTCP_files/dctcp-final.pdf
|
|
|
|
config TCP_CONG_CDG
|
|
tristate "CAIA Delay-Gradient (CDG)"
|
|
default n
|
|
help
|
|
CAIA Delay-Gradient (CDG) is a TCP congestion control that modifies
|
|
the TCP sender in order to:
|
|
|
|
o Use the delay gradient as a congestion signal.
|
|
o Back off with an average probability that is independent of the RTT.
|
|
o Coexist with flows that use loss-based congestion control.
|
|
o Tolerate packet loss unrelated to congestion.
|
|
|
|
For further details see:
|
|
D.A. Hayes and G. Armitage. "Revisiting TCP congestion control using
|
|
delay gradients." In Networking 2011. Preprint: http://goo.gl/No3vdg
|
|
|
|
config TCP_CONG_BBR
|
|
tristate "BBR TCP"
|
|
default n
|
|
help
|
|
|
|
BBR (Bottleneck Bandwidth and RTT) TCP congestion control aims to
|
|
maximize network utilization and minimize queues. It builds an explicit
|
|
model of the bottleneck delivery rate and path round-trip propagation
|
|
delay. It tolerates packet loss and delay unrelated to congestion. It
|
|
can operate over LAN, WAN, cellular, wifi, or cable modem links. It can
|
|
coexist with flows that use loss-based congestion control, and can
|
|
operate with shallow buffers, deep buffers, bufferbloat, policers, or
|
|
AQM schemes that do not provide a delay signal. It requires the fq
|
|
("Fair Queue") pacing packet scheduler.
|
|
|
|
choice
|
|
prompt "Default TCP congestion control"
|
|
default DEFAULT_CUBIC
|
|
help
|
|
Select the TCP congestion control that will be used by default
|
|
for all connections.
|
|
|
|
config DEFAULT_BIC
|
|
bool "Bic" if TCP_CONG_BIC=y
|
|
|
|
config DEFAULT_CUBIC
|
|
bool "Cubic" if TCP_CONG_CUBIC=y
|
|
|
|
config DEFAULT_HTCP
|
|
bool "Htcp" if TCP_CONG_HTCP=y
|
|
|
|
config DEFAULT_HYBLA
|
|
bool "Hybla" if TCP_CONG_HYBLA=y
|
|
|
|
config DEFAULT_VEGAS
|
|
bool "Vegas" if TCP_CONG_VEGAS=y
|
|
|
|
config DEFAULT_VENO
|
|
bool "Veno" if TCP_CONG_VENO=y
|
|
|
|
config DEFAULT_WESTWOOD
|
|
bool "Westwood" if TCP_CONG_WESTWOOD=y
|
|
|
|
config DEFAULT_DCTCP
|
|
bool "DCTCP" if TCP_CONG_DCTCP=y
|
|
|
|
config DEFAULT_CDG
|
|
bool "CDG" if TCP_CONG_CDG=y
|
|
|
|
config DEFAULT_BBR
|
|
bool "BBR" if TCP_CONG_BBR=y
|
|
|
|
config DEFAULT_RENO
|
|
bool "Reno"
|
|
endchoice
|
|
|
|
endif
|
|
|
|
config TCP_CONG_CUBIC
|
|
tristate
|
|
depends on !TCP_CONG_ADVANCED
|
|
default y
|
|
|
|
config DEFAULT_TCP_CONG
|
|
string
|
|
default "bic" if DEFAULT_BIC
|
|
default "cubic" if DEFAULT_CUBIC
|
|
default "htcp" if DEFAULT_HTCP
|
|
default "hybla" if DEFAULT_HYBLA
|
|
default "vegas" if DEFAULT_VEGAS
|
|
default "westwood" if DEFAULT_WESTWOOD
|
|
default "veno" if DEFAULT_VENO
|
|
default "reno" if DEFAULT_RENO
|
|
default "dctcp" if DEFAULT_DCTCP
|
|
default "cdg" if DEFAULT_CDG
|
|
default "bbr" if DEFAULT_BBR
|
|
default "cubic"
|
|
|
|
config TCP_MD5SIG
|
|
bool "TCP: MD5 Signature Option support (RFC2385)"
|
|
select CRYPTO
|
|
select CRYPTO_MD5
|
|
help
|
|
RFC2385 specifies a method of giving MD5 protection to TCP sessions.
|
|
Its main (only?) use is to protect BGP sessions between core routers
|
|
on the Internet.
|
|
|
|
If unsure, say N.
|