2019-05-19 19:07:45 +07:00
|
|
|
# SPDX-License-Identifier: GPL-2.0-only
|
2005-04-17 05:20:36 +07:00
|
|
|
#
|
|
|
|
# Network device configuration
|
|
|
|
#
|
|
|
|
|
2007-06-14 02:48:53 +07:00
|
|
|
menuconfig NETDEVICES
|
2006-01-19 08:42:59 +07:00
|
|
|
default y if UML
|
2007-07-22 09:11:35 +07:00
|
|
|
depends on NET
|
2005-04-17 05:20:36 +07:00
|
|
|
bool "Network device support"
|
|
|
|
---help---
|
|
|
|
You can say N here if you don't intend to connect your Linux box to
|
|
|
|
any other computer at all.
|
|
|
|
|
|
|
|
You'll have to say Y if your computer contains a network card that
|
|
|
|
you want to use under Linux. If you are going to run SLIP or PPP over
|
|
|
|
telephone line or null modem cable you need say Y here. Connecting
|
|
|
|
two machines with parallel ports using PLIP needs this, as well as
|
|
|
|
AX.25/KISS for sending Internet traffic over amateur radio links.
|
|
|
|
|
|
|
|
See also "The Linux Network Administrator's Guide" by Olaf Kirch and
|
|
|
|
Terry Dawson. Available at <http://www.tldp.org/guides.html>.
|
|
|
|
|
|
|
|
If unsure, say Y.
|
|
|
|
|
2006-09-26 13:11:21 +07:00
|
|
|
# All the following symbols are dependent on NETDEVICES - do not repeat
|
|
|
|
# that for each of the symbols.
|
|
|
|
if NETDEVICES
|
2005-07-28 03:04:35 +07:00
|
|
|
|
2013-06-18 09:24:51 +07:00
|
|
|
config MII
|
|
|
|
tristate
|
|
|
|
|
2011-08-23 14:42:10 +07:00
|
|
|
config NET_CORE
|
|
|
|
default y
|
|
|
|
bool "Network core driver support"
|
2006-01-09 13:34:25 +07:00
|
|
|
---help---
|
2011-08-23 14:42:10 +07:00
|
|
|
You can say N here if you do not intend to use any of the
|
|
|
|
networking core drivers (i.e. VLAN, bridging, bonding, etc.)
|
|
|
|
|
|
|
|
if NET_CORE
|
|
|
|
|
|
|
|
config BONDING
|
|
|
|
tristate "Bonding driver support"
|
|
|
|
depends on INET
|
|
|
|
depends on IPV6 || IPV6=n
|
|
|
|
---help---
|
|
|
|
Say 'Y' or 'M' if you wish to be able to 'bond' multiple Ethernet
|
|
|
|
Channels together. This is called 'Etherchannel' by Cisco,
|
|
|
|
'Trunking' by Sun, 802.3ad by the IEEE, and 'Bonding' in Linux.
|
|
|
|
|
|
|
|
The driver supports multiple bonding modes to allow for both high
|
|
|
|
performance and high availability operation.
|
|
|
|
|
2020-04-28 05:01:24 +07:00
|
|
|
Refer to <file:Documentation/networking/bonding.rst> for more
|
2011-08-23 14:42:10 +07:00
|
|
|
information.
|
|
|
|
|
2006-01-09 13:34:25 +07:00
|
|
|
To compile this driver as a module, choose M here: the module
|
2011-08-23 14:42:10 +07:00
|
|
|
will be called bonding.
|
2006-01-09 13:34:25 +07:00
|
|
|
|
2005-04-17 05:20:36 +07:00
|
|
|
config DUMMY
|
|
|
|
tristate "Dummy net driver support"
|
|
|
|
---help---
|
|
|
|
This is essentially a bit-bucket device (i.e. traffic you send to
|
|
|
|
this device is consigned into oblivion) with a configurable IP
|
|
|
|
address. It is most commonly used in order to make your currently
|
|
|
|
inactive SLIP address seem like a real address for local programs.
|
2016-04-23 19:58:03 +07:00
|
|
|
If you use SLIP or PPP, you might want to say Y here. It won't
|
|
|
|
enlarge your kernel. What a deal. Read about it in the Network
|
2005-04-17 05:20:36 +07:00
|
|
|
Administrator's Guide, available from
|
|
|
|
<http://www.tldp.org/docs.html#guide>.
|
|
|
|
|
|
|
|
To compile this driver as a module, choose M here: the module
|
2012-05-14 10:57:31 +07:00
|
|
|
will be called dummy.
|
2005-04-17 05:20:36 +07:00
|
|
|
|
net: WireGuard secure network tunnel
WireGuard is a layer 3 secure networking tunnel made specifically for
the kernel, that aims to be much simpler and easier to audit than IPsec.
Extensive documentation and description of the protocol and
considerations, along with formal proofs of the cryptography, are
available at:
* https://www.wireguard.com/
* https://www.wireguard.com/papers/wireguard.pdf
This commit implements WireGuard as a simple network device driver,
accessible in the usual RTNL way used by virtual network drivers. It
makes use of the udp_tunnel APIs, GRO, GSO, NAPI, and the usual set of
networking subsystem APIs. It has a somewhat novel multicore queueing
system designed for maximum throughput and minimal latency of encryption
operations, but it is implemented modestly using workqueues and NAPI.
Configuration is done via generic Netlink, and following a review from
the Netlink maintainer a year ago, several high profile userspace tools
have already implemented the API.
This commit also comes with several different tests, both in-kernel
tests and out-of-kernel tests based on network namespaces, taking profit
of the fact that sockets used by WireGuard intentionally stay in the
namespace the WireGuard interface was originally created, exactly like
the semantics of userspace tun devices. See wireguard.com/netns/ for
pictures and examples.
The source code is fairly short, but rather than combining everything
into a single file, WireGuard is developed as cleanly separable files,
making auditing and comprehension easier. Things are laid out as
follows:
* noise.[ch], cookie.[ch], messages.h: These implement the bulk of the
cryptographic aspects of the protocol, and are mostly data-only in
nature, taking in buffers of bytes and spitting out buffers of
bytes. They also handle reference counting for their various shared
pieces of data, like keys and key lists.
* ratelimiter.[ch]: Used as an integral part of cookie.[ch] for
ratelimiting certain types of cryptographic operations in accordance
with particular WireGuard semantics.
* allowedips.[ch], peerlookup.[ch]: The main lookup structures of
WireGuard, the former being trie-like with particular semantics, an
integral part of the design of the protocol, and the latter just
being nice helper functions around the various hashtables we use.
* device.[ch]: Implementation of functions for the netdevice and for
rtnl, responsible for maintaining the life of a given interface and
wiring it up to the rest of WireGuard.
* peer.[ch]: Each interface has a list of peers, with helper functions
available here for creation, destruction, and reference counting.
* socket.[ch]: Implementation of functions related to udp_socket and
the general set of kernel socket APIs, for sending and receiving
ciphertext UDP packets, and taking care of WireGuard-specific sticky
socket routing semantics for the automatic roaming.
* netlink.[ch]: Userspace API entry point for configuring WireGuard
peers and devices. The API has been implemented by several userspace
tools and network management utility, and the WireGuard project
distributes the basic wg(8) tool.
* queueing.[ch]: Shared function on the rx and tx path for handling
the various queues used in the multicore algorithms.
* send.c: Handles encrypting outgoing packets in parallel on
multiple cores, before sending them in order on a single core, via
workqueues and ring buffers. Also handles sending handshake and cookie
messages as part of the protocol, in parallel.
* receive.c: Handles decrypting incoming packets in parallel on
multiple cores, before passing them off in order to be ingested via
the rest of the networking subsystem with GRO via the typical NAPI
poll function. Also handles receiving handshake and cookie messages
as part of the protocol, in parallel.
* timers.[ch]: Uses the timer wheel to implement protocol particular
event timeouts, and gives a set of very simple event-driven entry
point functions for callers.
* main.c, version.h: Initialization and deinitialization of the module.
* selftest/*.h: Runtime unit tests for some of the most security
sensitive functions.
* tools/testing/selftests/wireguard/netns.sh: Aforementioned testing
script using network namespaces.
This commit aims to be as self-contained as possible, implementing
WireGuard as a standalone module not needing much special handling or
coordination from the network subsystem. I expect for future
optimizations to the network stack to positively improve WireGuard, and
vice-versa, but for the time being, this exists as intentionally
standalone.
We introduce a menu option for CONFIG_WIREGUARD, as well as providing a
verbose debug log and self-tests via CONFIG_WIREGUARD_DEBUG.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: David Miller <davem@davemloft.net>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: netdev@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-09 06:27:34 +07:00
|
|
|
config WIREGUARD
|
|
|
|
tristate "WireGuard secure network tunnel"
|
|
|
|
depends on NET && INET
|
|
|
|
depends on IPV6 || !IPV6
|
|
|
|
select NET_UDP_TUNNEL
|
|
|
|
select DST_CACHE
|
|
|
|
select CRYPTO
|
|
|
|
select CRYPTO_LIB_CURVE25519
|
|
|
|
select CRYPTO_LIB_CHACHA20POLY1305
|
|
|
|
select CRYPTO_LIB_BLAKE2S
|
|
|
|
select CRYPTO_CHACHA20_X86_64 if X86 && 64BIT
|
|
|
|
select CRYPTO_POLY1305_X86_64 if X86 && 64BIT
|
|
|
|
select CRYPTO_BLAKE2S_X86 if X86 && 64BIT
|
|
|
|
select CRYPTO_CURVE25519_X86 if X86 && 64BIT
|
2019-12-16 04:08:01 +07:00
|
|
|
select ARM_CRYPTO if ARM
|
|
|
|
select ARM64_CRYPTO if ARM64
|
net: WireGuard secure network tunnel
WireGuard is a layer 3 secure networking tunnel made specifically for
the kernel, that aims to be much simpler and easier to audit than IPsec.
Extensive documentation and description of the protocol and
considerations, along with formal proofs of the cryptography, are
available at:
* https://www.wireguard.com/
* https://www.wireguard.com/papers/wireguard.pdf
This commit implements WireGuard as a simple network device driver,
accessible in the usual RTNL way used by virtual network drivers. It
makes use of the udp_tunnel APIs, GRO, GSO, NAPI, and the usual set of
networking subsystem APIs. It has a somewhat novel multicore queueing
system designed for maximum throughput and minimal latency of encryption
operations, but it is implemented modestly using workqueues and NAPI.
Configuration is done via generic Netlink, and following a review from
the Netlink maintainer a year ago, several high profile userspace tools
have already implemented the API.
This commit also comes with several different tests, both in-kernel
tests and out-of-kernel tests based on network namespaces, taking profit
of the fact that sockets used by WireGuard intentionally stay in the
namespace the WireGuard interface was originally created, exactly like
the semantics of userspace tun devices. See wireguard.com/netns/ for
pictures and examples.
The source code is fairly short, but rather than combining everything
into a single file, WireGuard is developed as cleanly separable files,
making auditing and comprehension easier. Things are laid out as
follows:
* noise.[ch], cookie.[ch], messages.h: These implement the bulk of the
cryptographic aspects of the protocol, and are mostly data-only in
nature, taking in buffers of bytes and spitting out buffers of
bytes. They also handle reference counting for their various shared
pieces of data, like keys and key lists.
* ratelimiter.[ch]: Used as an integral part of cookie.[ch] for
ratelimiting certain types of cryptographic operations in accordance
with particular WireGuard semantics.
* allowedips.[ch], peerlookup.[ch]: The main lookup structures of
WireGuard, the former being trie-like with particular semantics, an
integral part of the design of the protocol, and the latter just
being nice helper functions around the various hashtables we use.
* device.[ch]: Implementation of functions for the netdevice and for
rtnl, responsible for maintaining the life of a given interface and
wiring it up to the rest of WireGuard.
* peer.[ch]: Each interface has a list of peers, with helper functions
available here for creation, destruction, and reference counting.
* socket.[ch]: Implementation of functions related to udp_socket and
the general set of kernel socket APIs, for sending and receiving
ciphertext UDP packets, and taking care of WireGuard-specific sticky
socket routing semantics for the automatic roaming.
* netlink.[ch]: Userspace API entry point for configuring WireGuard
peers and devices. The API has been implemented by several userspace
tools and network management utility, and the WireGuard project
distributes the basic wg(8) tool.
* queueing.[ch]: Shared function on the rx and tx path for handling
the various queues used in the multicore algorithms.
* send.c: Handles encrypting outgoing packets in parallel on
multiple cores, before sending them in order on a single core, via
workqueues and ring buffers. Also handles sending handshake and cookie
messages as part of the protocol, in parallel.
* receive.c: Handles decrypting incoming packets in parallel on
multiple cores, before passing them off in order to be ingested via
the rest of the networking subsystem with GRO via the typical NAPI
poll function. Also handles receiving handshake and cookie messages
as part of the protocol, in parallel.
* timers.[ch]: Uses the timer wheel to implement protocol particular
event timeouts, and gives a set of very simple event-driven entry
point functions for callers.
* main.c, version.h: Initialization and deinitialization of the module.
* selftest/*.h: Runtime unit tests for some of the most security
sensitive functions.
* tools/testing/selftests/wireguard/netns.sh: Aforementioned testing
script using network namespaces.
This commit aims to be as self-contained as possible, implementing
WireGuard as a standalone module not needing much special handling or
coordination from the network subsystem. I expect for future
optimizations to the network stack to positively improve WireGuard, and
vice-versa, but for the time being, this exists as intentionally
standalone.
We introduce a menu option for CONFIG_WIREGUARD, as well as providing a
verbose debug log and self-tests via CONFIG_WIREGUARD_DEBUG.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: David Miller <davem@davemloft.net>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: netdev@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-09 06:27:34 +07:00
|
|
|
select CRYPTO_CHACHA20_NEON if (ARM || ARM64) && KERNEL_MODE_NEON
|
|
|
|
select CRYPTO_POLY1305_NEON if ARM64 && KERNEL_MODE_NEON
|
|
|
|
select CRYPTO_POLY1305_ARM if ARM
|
|
|
|
select CRYPTO_CURVE25519_NEON if ARM && KERNEL_MODE_NEON
|
|
|
|
select CRYPTO_CHACHA_MIPS if CPU_MIPS32_R2
|
|
|
|
select CRYPTO_POLY1305_MIPS if CPU_MIPS32 || (CPU_MIPS64 && 64BIT)
|
|
|
|
help
|
|
|
|
WireGuard is a secure, fast, and easy to use replacement for IPSec
|
|
|
|
that uses modern cryptography and clever networking tricks. It's
|
|
|
|
designed to be fairly general purpose and abstract enough to fit most
|
|
|
|
use cases, while at the same time remaining extremely simple to
|
|
|
|
configure. See www.wireguard.com for more info.
|
|
|
|
|
|
|
|
It's safe to say Y or M here, as the driver is very lightweight and
|
|
|
|
is only in use when an administrator chooses to add an interface.
|
|
|
|
|
|
|
|
config WIREGUARD_DEBUG
|
|
|
|
bool "Debugging checks and verbose messages"
|
|
|
|
depends on WIREGUARD
|
|
|
|
help
|
|
|
|
This will write log messages for handshake and other events
|
|
|
|
that occur for a WireGuard interface. It will also perform some
|
|
|
|
extra validation checks and unit tests at various points. This is
|
|
|
|
only useful for debugging.
|
|
|
|
|
|
|
|
Say N here unless you know what you're doing.
|
|
|
|
|
2011-08-23 14:42:10 +07:00
|
|
|
config EQUALIZER
|
|
|
|
tristate "EQL (serial line load balancing) support"
|
2005-04-17 05:20:36 +07:00
|
|
|
---help---
|
2011-08-23 14:42:10 +07:00
|
|
|
If you have two serial connections to some other computer (this
|
|
|
|
usually requires two modems and two telephone lines) and you use
|
|
|
|
SLIP (the protocol for sending Internet traffic over telephone
|
|
|
|
lines) or PPP (a better SLIP) on them, you can make them behave like
|
|
|
|
one double speed connection using this driver. Naturally, this has
|
|
|
|
to be supported at the other end as well, either with a similar EQL
|
|
|
|
Linux driver or with a Livingston Portmaster 2e.
|
2005-04-17 05:20:36 +07:00
|
|
|
|
2011-08-23 14:42:10 +07:00
|
|
|
Say Y if you want this and read
|
|
|
|
<file:Documentation/networking/eql.txt>. You may also want to read
|
|
|
|
section 6.2 of the NET-3-HOWTO, available from
|
|
|
|
<http://www.tldp.org/docs.html#howto>.
|
2005-04-17 05:20:36 +07:00
|
|
|
|
2011-08-23 14:42:10 +07:00
|
|
|
To compile this driver as a module, choose M here: the module
|
|
|
|
will be called eql. If unsure, say N.
|
|
|
|
|
|
|
|
config NET_FC
|
|
|
|
bool "Fibre Channel driver support"
|
|
|
|
depends on SCSI && PCI
|
|
|
|
help
|
|
|
|
Fibre Channel is a high speed serial protocol mainly used to connect
|
|
|
|
large storage devices to the computer; it is compatible with and
|
|
|
|
intended to replace SCSI.
|
|
|
|
|
|
|
|
If you intend to use Fibre Channel, you need to have a Fibre channel
|
|
|
|
adaptor card in your computer; say Y here and to the driver for your
|
|
|
|
adaptor below. You also should have said Y to "SCSI support" and
|
|
|
|
"SCSI generic support".
|
2005-04-17 05:20:36 +07:00
|
|
|
|
2011-08-23 14:42:10 +07:00
|
|
|
config IFB
|
|
|
|
tristate "Intermediate Functional Block support"
|
|
|
|
depends on NET_CLS_ACT
|
2020-03-25 19:47:18 +07:00
|
|
|
select NET_REDIRECT
|
2011-08-23 14:42:10 +07:00
|
|
|
---help---
|
|
|
|
This is an intermediate driver that allows sharing of
|
|
|
|
resources.
|
2005-04-17 05:20:36 +07:00
|
|
|
To compile this driver as a module, choose M here: the module
|
2011-08-23 14:42:10 +07:00
|
|
|
will be called ifb. If you want to use more than one ifb
|
|
|
|
device at a time, you need to compile this driver as a module.
|
|
|
|
Instead of 'ifb', the devices will then be called 'ifb0',
|
|
|
|
'ifb1' etc.
|
|
|
|
Look at the iproute2 documentation directory for usage etc
|
2005-04-17 05:20:36 +07:00
|
|
|
|
2011-11-12 05:16:48 +07:00
|
|
|
source "drivers/net/team/Kconfig"
|
|
|
|
|
2007-07-15 08:55:06 +07:00
|
|
|
config MACVLAN
|
2012-10-03 01:17:55 +07:00
|
|
|
tristate "MAC-VLAN support"
|
2007-07-15 08:55:06 +07:00
|
|
|
---help---
|
|
|
|
This allows one to create virtual interfaces that map packets to
|
|
|
|
or from specific MAC addresses to a particular interface.
|
|
|
|
|
2008-02-27 08:52:05 +07:00
|
|
|
Macvlan devices can be added using the "ip" command from the
|
|
|
|
iproute2 package starting with the iproute2-2.6.23 release:
|
|
|
|
|
|
|
|
"ip link add link <real dev> [ address MAC ] [ NAME ] type macvlan"
|
|
|
|
|
2007-07-15 08:55:06 +07:00
|
|
|
To compile this driver as a module, choose M here: the module
|
|
|
|
will be called macvlan.
|
|
|
|
|
2010-01-30 19:24:26 +07:00
|
|
|
config MACVTAP
|
2012-10-03 01:17:55 +07:00
|
|
|
tristate "MAC-VLAN based tap driver"
|
2010-01-30 19:24:26 +07:00
|
|
|
depends on MACVLAN
|
2014-10-31 10:10:31 +07:00
|
|
|
depends on INET
|
2017-02-11 07:03:51 +07:00
|
|
|
select TAP
|
2010-01-30 19:24:26 +07:00
|
|
|
help
|
|
|
|
This adds a specialized tap character device driver that is based
|
|
|
|
on the MAC-VLAN network interface, called macvtap. A macvtap device
|
|
|
|
can be added in the same way as a macvlan device, using 'type
|
2014-02-11 03:40:51 +07:00
|
|
|
macvtap', and then be accessed through the tap user space interface.
|
2010-01-30 19:24:26 +07:00
|
|
|
|
|
|
|
To compile this driver as a module, choose M here: the module
|
|
|
|
will be called macvtap.
|
|
|
|
|
2019-02-08 19:55:31 +07:00
|
|
|
config IPVLAN_L3S
|
|
|
|
depends on NETFILTER
|
2019-02-13 23:55:02 +07:00
|
|
|
depends on IPVLAN
|
2019-02-08 19:55:31 +07:00
|
|
|
def_bool y
|
|
|
|
select NET_L3_MASTER_DEV
|
2014-11-24 14:07:46 +07:00
|
|
|
|
|
|
|
config IPVLAN
|
2019-11-21 20:28:28 +07:00
|
|
|
tristate "IP-VLAN support"
|
|
|
|
depends on INET
|
|
|
|
depends on IPV6 || !IPV6
|
|
|
|
---help---
|
|
|
|
This allows one to create virtual devices off of a main interface
|
|
|
|
and packets will be delivered based on the dest L3 (IPv6/IPv4 addr)
|
|
|
|
on packets. All interfaces (including the main interface) share L2
|
|
|
|
making it transparent to the connected L2 switch.
|
2014-11-24 14:07:46 +07:00
|
|
|
|
2019-11-21 20:28:28 +07:00
|
|
|
Ipvlan devices can be added using the "ip" command from the
|
|
|
|
iproute2 package starting with the iproute2-3.19 release:
|
2014-11-24 14:07:46 +07:00
|
|
|
|
2019-11-21 20:28:28 +07:00
|
|
|
"ip link add link <main-dev> [ NAME ] type ipvlan"
|
2014-11-24 14:07:46 +07:00
|
|
|
|
2019-11-21 20:28:28 +07:00
|
|
|
To compile this driver as a module, choose M here: the module
|
|
|
|
will be called ipvlan.
|
2014-11-24 14:07:46 +07:00
|
|
|
|
2017-02-11 07:03:52 +07:00
|
|
|
config IPVTAP
|
|
|
|
tristate "IP-VLAN based tap driver"
|
|
|
|
depends on IPVLAN
|
|
|
|
depends on INET
|
|
|
|
select TAP
|
|
|
|
---help---
|
|
|
|
This adds a specialized tap character device driver that is based
|
|
|
|
on the IP-VLAN network interface, called ipvtap. An ipvtap device
|
|
|
|
can be added in the same way as a ipvlan device, using 'type
|
|
|
|
ipvtap', and then be accessed through the tap user space interface.
|
|
|
|
|
|
|
|
To compile this driver as a module, choose M here: the module
|
|
|
|
will be called ipvtap.
|
2014-11-24 14:07:46 +07:00
|
|
|
|
2012-10-01 19:32:35 +07:00
|
|
|
config VXLAN
|
2019-11-21 20:28:28 +07:00
|
|
|
tristate "Virtual eXtensible Local Area Network (VXLAN)"
|
|
|
|
depends on INET
|
|
|
|
select NET_UDP_TUNNEL
|
|
|
|
select GRO_CELLS
|
|
|
|
---help---
|
2012-10-01 19:32:35 +07:00
|
|
|
This allows one to create vxlan virtual interfaces that provide
|
|
|
|
Layer 2 Networks over Layer 3 Networks. VXLAN is often used
|
|
|
|
to tunnel virtual network infrastructure in virtualized environments.
|
|
|
|
For more information see:
|
|
|
|
http://tools.ietf.org/html/draft-mahalingam-dutt-dcops-vxlan-02
|
|
|
|
|
|
|
|
To compile this driver as a module, choose M here: the module
|
|
|
|
will be called vxlan.
|
|
|
|
|
2015-05-13 23:57:30 +07:00
|
|
|
config GENEVE
|
2019-11-21 20:28:28 +07:00
|
|
|
tristate "Generic Network Virtualization Encapsulation"
|
|
|
|
depends on INET
|
|
|
|
depends on IPV6 || !IPV6
|
|
|
|
select NET_UDP_TUNNEL
|
|
|
|
select GRO_CELLS
|
|
|
|
---help---
|
2015-05-13 23:57:30 +07:00
|
|
|
This allows one to create geneve virtual interfaces that provide
|
|
|
|
Layer 2 Networks over Layer 3 Networks. GENEVE is often used
|
|
|
|
to tunnel virtual network infrastructure in virtualized environments.
|
|
|
|
For more information see:
|
|
|
|
http://tools.ietf.org/html/draft-gross-geneve-02
|
|
|
|
|
|
|
|
To compile this driver as a module, choose M here: the module
|
|
|
|
will be called geneve.
|
|
|
|
|
2020-02-24 12:27:50 +07:00
|
|
|
config BAREUDP
|
|
|
|
tristate "Bare UDP Encapsulation"
|
|
|
|
depends on INET
|
|
|
|
depends on IPV6 || !IPV6
|
|
|
|
select NET_UDP_TUNNEL
|
|
|
|
select GRO_CELLS
|
|
|
|
help
|
|
|
|
This adds a bare UDP tunnel module for tunnelling different
|
|
|
|
kinds of traffic like MPLS, IP, etc. inside a UDP tunnel.
|
|
|
|
|
|
|
|
To compile this driver as a module, choose M here: the module
|
|
|
|
will be called bareudp.
|
|
|
|
|
2016-05-09 05:55:48 +07:00
|
|
|
config GTP
|
|
|
|
tristate "GPRS Tunneling Protocol datapath (GTP-U)"
|
2019-03-16 07:00:50 +07:00
|
|
|
depends on INET
|
|
|
|
select NET_UDP_TUNNEL
|
2016-05-09 05:55:48 +07:00
|
|
|
---help---
|
|
|
|
This allows one to create gtp virtual interfaces that provide
|
|
|
|
the GPRS Tunneling Protocol datapath (GTP-U). This tunneling protocol
|
|
|
|
is used to prevent subscribers from accessing mobile carrier core
|
|
|
|
network infrastructure. This driver requires a userspace software that
|
|
|
|
implements the signaling protocol (GTP-C) to update its PDP context
|
|
|
|
base, such as OpenGGSN <http://git.osmocom.org/openggsn/). This
|
|
|
|
tunneling protocol is implemented according to the GSM TS 09.60 and
|
|
|
|
3GPP TS 29.060 standards.
|
|
|
|
|
|
|
|
To compile this drivers as a module, choose M here: the module
|
|
|
|
wil be called gtp.
|
|
|
|
|
2016-03-12 00:07:33 +07:00
|
|
|
config MACSEC
|
|
|
|
tristate "IEEE 802.1AE MAC-level encryption (MACsec)"
|
2016-04-17 16:19:55 +07:00
|
|
|
select CRYPTO
|
2016-03-12 00:07:33 +07:00
|
|
|
select CRYPTO_AES
|
|
|
|
select CRYPTO_GCM
|
2017-02-08 06:37:15 +07:00
|
|
|
select GRO_CELLS
|
2016-03-12 00:07:33 +07:00
|
|
|
---help---
|
|
|
|
MACsec is an encryption standard for Ethernet.
|
|
|
|
|
2011-08-23 14:42:10 +07:00
|
|
|
config NETCONSOLE
|
|
|
|
tristate "Network console logging support"
|
2005-04-17 05:20:36 +07:00
|
|
|
---help---
|
2019-11-21 20:28:28 +07:00
|
|
|
If you want to log kernel messages over the network, enable this.
|
|
|
|
See <file:Documentation/networking/netconsole.txt> for details.
|
2005-04-17 05:20:36 +07:00
|
|
|
|
2011-08-23 14:42:10 +07:00
|
|
|
config NETCONSOLE_DYNAMIC
|
|
|
|
bool "Dynamic reconfiguration of logging targets"
|
|
|
|
depends on NETCONSOLE && SYSFS && CONFIGFS_FS && \
|
|
|
|
!(NETCONSOLE=y && CONFIGFS_FS=m)
|
|
|
|
help
|
|
|
|
This option enables the ability to dynamically reconfigure target
|
|
|
|
parameters (interface, IP addresses, port numbers, MAC addresses)
|
|
|
|
at runtime through a userspace interface exported using configfs.
|
|
|
|
See <file:Documentation/networking/netconsole.txt> for details.
|
2005-04-17 05:20:36 +07:00
|
|
|
|
2011-08-23 14:42:10 +07:00
|
|
|
config NETPOLL
|
|
|
|
def_bool NETCONSOLE
|
2014-12-05 23:24:45 +07:00
|
|
|
select SRCU
|
2011-08-23 14:42:10 +07:00
|
|
|
|
|
|
|
config NET_POLL_CONTROLLER
|
|
|
|
def_bool NETPOLL
|
|
|
|
|
2012-11-17 09:27:13 +07:00
|
|
|
config NTB_NETDEV
|
2015-05-07 17:45:21 +07:00
|
|
|
tristate "Virtual Ethernet over NTB Transport"
|
|
|
|
depends on NTB_TRANSPORT
|
2012-11-17 09:27:13 +07:00
|
|
|
|
2011-08-23 14:42:10 +07:00
|
|
|
config RIONET
|
|
|
|
tristate "RapidIO Ethernet over messaging driver support"
|
|
|
|
depends on RAPIDIO
|
|
|
|
|
|
|
|
config RIONET_TX_SIZE
|
|
|
|
int "Number of outbound queue entries"
|
|
|
|
depends on RIONET
|
|
|
|
default "128"
|
|
|
|
|
|
|
|
config RIONET_RX_SIZE
|
|
|
|
int "Number of inbound queue entries"
|
|
|
|
depends on RIONET
|
|
|
|
default "128"
|
2005-04-17 05:20:36 +07:00
|
|
|
|
|
|
|
config TUN
|
|
|
|
tristate "Universal TUN/TAP device driver support"
|
2014-10-31 10:10:31 +07:00
|
|
|
depends on INET
|
2005-04-17 05:20:36 +07:00
|
|
|
select CRC32
|
|
|
|
---help---
|
|
|
|
TUN/TAP provides packet reception and transmission for user space
|
|
|
|
programs. It can be viewed as a simple Point-to-Point or Ethernet
|
|
|
|
device, which instead of receiving packets from a physical media,
|
|
|
|
receives them from user space program and instead of sending packets
|
|
|
|
via physical media writes them to the user space program.
|
|
|
|
|
|
|
|
When a program opens /dev/net/tun, driver creates and registers
|
|
|
|
corresponding net device tunX or tapX. After a program closed above
|
|
|
|
devices, driver will automatically delete tunXX or tapXX device and
|
|
|
|
all routes corresponding to it.
|
|
|
|
|
|
|
|
Please read <file:Documentation/networking/tuntap.txt> for more
|
|
|
|
information.
|
|
|
|
|
|
|
|
To compile this driver as a module, choose M here: the module
|
|
|
|
will be called tun.
|
|
|
|
|
|
|
|
If you don't know what to use this for, you don't need it.
|
|
|
|
|
2017-02-11 07:03:51 +07:00
|
|
|
config TAP
|
|
|
|
tristate
|
|
|
|
---help---
|
|
|
|
This option is selected by any driver implementing tap user space
|
|
|
|
interface for a virtual interface to re-use core tap functionality.
|
|
|
|
|
2015-04-24 19:50:36 +07:00
|
|
|
config TUN_VNET_CROSS_LE
|
|
|
|
bool "Support for cross-endian vnet headers on little-endian kernels"
|
|
|
|
default n
|
|
|
|
---help---
|
|
|
|
This option allows TUN/TAP and MACVTAP device drivers in a
|
|
|
|
little-endian kernel to parse vnet headers that come from a
|
|
|
|
big-endian legacy virtio device.
|
|
|
|
|
|
|
|
Userspace programs can control the feature using the TUNSETVNETBE
|
|
|
|
and TUNGETVNETBE ioctls.
|
|
|
|
|
|
|
|
Unless you have a little-endian system hosting a big-endian virtual
|
|
|
|
machine with a legacy virtio NIC, you should say N.
|
|
|
|
|
2007-09-26 06:14:46 +07:00
|
|
|
config VETH
|
2007-11-07 11:35:55 +07:00
|
|
|
tristate "Virtual ethernet pair device"
|
2007-09-26 06:14:46 +07:00
|
|
|
---help---
|
2007-11-07 11:35:55 +07:00
|
|
|
This device is a local ethernet tunnel. Devices are created in pairs.
|
|
|
|
When one end receives the packet it appears on its pair and vice
|
|
|
|
versa.
|
2007-09-26 06:14:46 +07:00
|
|
|
|
2011-08-23 14:42:10 +07:00
|
|
|
config VIRTIO_NET
|
2012-10-03 01:17:55 +07:00
|
|
|
tristate "Virtio network driver"
|
|
|
|
depends on VIRTIO
|
2018-05-24 23:55:17 +07:00
|
|
|
select NET_FAILOVER
|
2011-08-23 14:42:10 +07:00
|
|
|
---help---
|
|
|
|
This is the virtual network driver for virtio. It can be used with
|
2017-08-17 00:31:57 +07:00
|
|
|
QEMU based VMMs (like KVM or Xen). Say Y or M.
|
2011-08-23 14:42:10 +07:00
|
|
|
|
packet: nlmon: virtual netlink monitoring device for packet sockets
Currently, there is no good possibility to debug netlink traffic that
is being exchanged between kernel and user space. Therefore, this patch
implements a netlink virtual device, so that netlink messages will be
made visible to PF_PACKET sockets. Once there was an approach with a
similar idea [1], but it got forgotten somehow.
I think it makes most sense to accept the "overhead" of an extra netlink
net device over implementing the same functionality from PF_PACKET
sockets once again into netlink sockets. We have BPF filters that can
already be easily applied which even have netlink extensions, we have
RX_RING zero-copy between kernel- and user space that can be reused,
and much more features. So instead of re-implementing all of this, we
simply pass the skb to a given PF_PACKET socket for further analysis.
Another nice benefit that comes from that is that no code needs to be
changed in user space packet analyzers (maybe adding a dissector, but
not more), thus out of the box, we can already capture pcap files of
netlink traffic to debug/troubleshoot netlink problems.
Also thanks goes to Thomas Graf, Flavio Leitner, Jesper Dangaard Brouer.
[1] http://marc.info/?l=linux-netdev&m=113813401516110
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-06-22 00:38:08 +07:00
|
|
|
config NLMON
|
|
|
|
tristate "Virtual netlink monitoring device"
|
|
|
|
---help---
|
|
|
|
This option enables a monitoring net device for netlink skbs. The
|
|
|
|
purpose of this is to analyze netlink messages with packet sockets.
|
|
|
|
Thus applications like tcpdump will be able to see local netlink
|
|
|
|
messages if they tap into the netlink device, record pcaps for further
|
|
|
|
diagnostics, etc. This is mostly intended for developers or support
|
|
|
|
to debug netlink issues. If unsure, say N.
|
|
|
|
|
2015-08-14 03:59:10 +07:00
|
|
|
config NET_VRF
|
|
|
|
tristate "Virtual Routing and Forwarding (Lite)"
|
2015-10-13 01:47:09 +07:00
|
|
|
depends on IP_MULTIPLE_TABLES
|
2015-09-30 10:07:12 +07:00
|
|
|
depends on NET_L3_MASTER_DEV
|
2015-10-13 01:47:09 +07:00
|
|
|
depends on IPV6 || IPV6=n
|
|
|
|
depends on IPV6_MULTIPLE_TABLES || IPV6=n
|
2015-08-14 03:59:10 +07:00
|
|
|
---help---
|
|
|
|
This option enables the support for mapping interfaces into VRF's. The
|
|
|
|
support enables VRF devices.
|
|
|
|
|
2017-04-21 16:10:45 +07:00
|
|
|
config VSOCKMON
|
2019-11-21 20:28:28 +07:00
|
|
|
tristate "Virtual vsock monitoring device"
|
|
|
|
depends on VHOST_VSOCK
|
|
|
|
---help---
|
|
|
|
This option enables a monitoring net device for vsock sockets. It is
|
|
|
|
mostly intended for developers or support to debug vsock issues. If
|
|
|
|
unsure, say N.
|
2017-04-21 16:10:45 +07:00
|
|
|
|
2011-08-23 14:42:10 +07:00
|
|
|
endif # NET_CORE
|
|
|
|
|
|
|
|
config SUNGEM_PHY
|
|
|
|
tristate
|
|
|
|
|
|
|
|
source "drivers/net/arcnet/Kconfig"
|
|
|
|
|
|
|
|
source "drivers/atm/Kconfig"
|
|
|
|
|
|
|
|
source "drivers/net/caif/Kconfig"
|
|
|
|
|
2011-11-28 00:08:33 +07:00
|
|
|
source "drivers/net/dsa/Kconfig"
|
|
|
|
|
2011-08-23 14:42:10 +07:00
|
|
|
source "drivers/net/ethernet/Kconfig"
|
|
|
|
|
|
|
|
source "drivers/net/fddi/Kconfig"
|
|
|
|
|
2011-11-08 17:31:10 +07:00
|
|
|
source "drivers/net/hippi/Kconfig"
|
|
|
|
|
2020-03-06 11:28:29 +07:00
|
|
|
source "drivers/net/ipa/Kconfig"
|
|
|
|
|
2005-04-17 05:20:36 +07:00
|
|
|
config NET_SB1000
|
|
|
|
tristate "General Instruments Surfboard 1000"
|
2005-07-28 03:04:35 +07:00
|
|
|
depends on PNP
|
2005-04-17 05:20:36 +07:00
|
|
|
---help---
|
|
|
|
This is a driver for the General Instrument (also known as
|
|
|
|
NextLevel) SURFboard 1000 internal
|
|
|
|
cable modem. This is an ISA card which is used by a number of cable
|
|
|
|
TV companies to provide cable modem access. It's a one-way
|
|
|
|
downstream-only cable modem, meaning that your upstream net link is
|
|
|
|
provided by your regular phone modem.
|
|
|
|
|
|
|
|
At present this driver only compiles as a module, so say M here if
|
|
|
|
you have this card. The module will be called sb1000. Then read
|
2018-12-04 08:43:28 +07:00
|
|
|
<file:Documentation/networking/device_drivers/sb1000.txt> for
|
|
|
|
information on how to use this module, as it needs special ppp
|
|
|
|
scripts for establishing a connection. Further documentation
|
|
|
|
and the necessary scripts can be found at:
|
2005-04-17 05:20:36 +07:00
|
|
|
|
|
|
|
<http://www.jacksonville.net/~fventuri/>
|
|
|
|
<http://home.adelphia.net/~siglercm/sb1000.html>
|
|
|
|
<http://linuxpower.cx/~cable/>
|
|
|
|
|
|
|
|
If you don't have this card, of course say N.
|
|
|
|
|
2005-07-31 06:31:23 +07:00
|
|
|
source "drivers/net/phy/Kconfig"
|
|
|
|
|
2011-08-03 17:01:58 +07:00
|
|
|
source "drivers/net/plip/Kconfig"
|
|
|
|
|
2011-08-23 14:42:10 +07:00
|
|
|
source "drivers/net/ppp/Kconfig"
|
|
|
|
|
2011-08-03 17:17:13 +07:00
|
|
|
source "drivers/net/slip/Kconfig"
|
|
|
|
|
2011-08-23 14:42:10 +07:00
|
|
|
source "drivers/s390/net/Kconfig"
|
|
|
|
|
|
|
|
source "drivers/net/usb/Kconfig"
|
|
|
|
|
2005-04-17 05:20:36 +07:00
|
|
|
source "drivers/net/wireless/Kconfig"
|
|
|
|
|
2008-12-24 07:18:48 +07:00
|
|
|
source "drivers/net/wimax/Kconfig"
|
|
|
|
|
2005-04-17 05:20:36 +07:00
|
|
|
source "drivers/net/wan/Kconfig"
|
|
|
|
|
2012-08-26 12:10:11 +07:00
|
|
|
source "drivers/net/ieee802154/Kconfig"
|
|
|
|
|
2007-07-18 08:37:06 +07:00
|
|
|
config XEN_NETDEV_FRONTEND
|
|
|
|
tristate "Xen network device frontend driver"
|
|
|
|
depends on XEN
|
2009-03-28 06:28:34 +07:00
|
|
|
select XEN_XENBUS_FRONTEND
|
2007-07-18 08:37:06 +07:00
|
|
|
default y
|
|
|
|
help
|
2011-03-15 07:06:18 +07:00
|
|
|
This driver provides support for Xen paravirtual network
|
|
|
|
devices exported by a Xen network driver domain (often
|
|
|
|
domain 0).
|
|
|
|
|
|
|
|
The corresponding Linux backend driver is enabled by the
|
|
|
|
CONFIG_XEN_NETDEV_BACKEND option.
|
|
|
|
|
|
|
|
If you are compiling a kernel for use as Xen guest, you
|
|
|
|
should say Y here. To compile this driver as a module, chose
|
|
|
|
M here: the module will be called xen-netfront.
|
|
|
|
|
|
|
|
config XEN_NETDEV_BACKEND
|
|
|
|
tristate "Xen backend network device"
|
|
|
|
depends on XEN_BACKEND
|
|
|
|
help
|
|
|
|
This driver allows the kernel to act as a Xen network driver
|
|
|
|
domain which exports paravirtual network devices to other
|
|
|
|
Xen domains. These devices can be accessed by any operating
|
|
|
|
system that implements a compatible front end.
|
|
|
|
|
|
|
|
The corresponding Linux frontend driver is enabled by the
|
|
|
|
CONFIG_XEN_NETDEV_FRONTEND configuration option.
|
|
|
|
|
|
|
|
The backend driver presents a standard network device
|
|
|
|
endpoint for each paravirtual network device to the driver
|
|
|
|
domain network stack. These can then be bridged or routed
|
|
|
|
etc in order to provide full network connectivity.
|
|
|
|
|
|
|
|
If you are compiling a kernel to run in a Xen network driver
|
|
|
|
domain (often this is domain 0) you should say Y here. To
|
|
|
|
compile this driver as a module, chose M here: the module
|
|
|
|
will be called xen-netback.
|
2007-07-18 08:37:06 +07:00
|
|
|
|
2009-10-13 14:15:51 +07:00
|
|
|
config VMXNET3
|
2010-11-11 19:31:21 +07:00
|
|
|
tristate "VMware VMXNET3 ethernet driver"
|
|
|
|
depends on PCI && INET
|
2017-02-17 22:08:30 +07:00
|
|
|
depends on !(PAGE_SIZE_64KB || ARM64_64K_PAGES || \
|
|
|
|
IA64_PAGE_SIZE_64KB || MICROBLAZE_64K_PAGES || \
|
|
|
|
PARISC_PAGE_SIZE_64KB || PPC_64K_PAGES)
|
2010-11-11 19:31:21 +07:00
|
|
|
help
|
|
|
|
This driver supports VMware's vmxnet3 virtual ethernet NIC.
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
|
|
module will be called vmxnet3.
|
2009-10-13 14:15:51 +07:00
|
|
|
|
2015-08-21 15:29:17 +07:00
|
|
|
config FUJITSU_ES
|
|
|
|
tristate "FUJITSU Extended Socket Network Device driver"
|
|
|
|
depends on ACPI
|
|
|
|
help
|
|
|
|
This driver provides support for Extended Socket network device
|
2019-09-23 22:52:43 +07:00
|
|
|
on Extended Partitioning of FUJITSU PRIMEQUEST 2000 E2 series.
|
2015-08-21 15:29:17 +07:00
|
|
|
|
2019-12-17 19:33:41 +07:00
|
|
|
config USB4_NET
|
|
|
|
tristate "Networking over USB4 and Thunderbolt cables"
|
|
|
|
depends on USB4 && INET
|
2017-10-02 17:38:45 +07:00
|
|
|
help
|
2019-12-17 19:33:41 +07:00
|
|
|
Select this if you want to create network between two computers
|
|
|
|
over a USB4 and Thunderbolt cables. The driver supports Apple
|
2017-10-02 17:38:45 +07:00
|
|
|
ThunderboltIP protocol and allows communication with any host
|
|
|
|
supporting the same protocol including Windows and macOS.
|
|
|
|
|
|
|
|
To compile this driver a module, choose M here. The module will be
|
|
|
|
called thunderbolt-net.
|
|
|
|
|
2011-11-29 04:35:35 +07:00
|
|
|
source "drivers/net/hyperv/Kconfig"
|
|
|
|
|
2017-12-02 06:08:58 +07:00
|
|
|
config NETDEVSIM
|
|
|
|
tristate "Simulated networking device"
|
|
|
|
depends on DEBUG_FS
|
2020-01-16 20:14:04 +07:00
|
|
|
depends on INET
|
2020-01-14 18:23:15 +07:00
|
|
|
depends on IPV6 || IPV6=n
|
2019-03-24 17:14:38 +07:00
|
|
|
select NET_DEVLINK
|
2017-12-02 06:08:58 +07:00
|
|
|
help
|
|
|
|
This driver is a developer testing tool and software model that can
|
|
|
|
be used to test various control path networking APIs, especially
|
|
|
|
HW-offload related.
|
|
|
|
|
|
|
|
To compile this driver as a module, choose M here: the module
|
|
|
|
will be called netdevsim.
|
|
|
|
|
2018-05-24 23:55:15 +07:00
|
|
|
config NET_FAILOVER
|
|
|
|
tristate "Failover driver"
|
|
|
|
select FAILOVER
|
|
|
|
help
|
|
|
|
This provides an automated failover mechanism via APIs to create
|
|
|
|
and destroy a failover master netdev and manages a primary and
|
|
|
|
standby slave netdevs that get registered via the generic failover
|
|
|
|
infrastructure. This can be used by paravirtual drivers to enable
|
2019-01-18 00:02:18 +07:00
|
|
|
an alternate low latency datapath. It also enables live migration of
|
2018-05-24 23:55:15 +07:00
|
|
|
a VM with direct attached VF by failing over to the paravirtual
|
|
|
|
datapath when the VF is unplugged.
|
|
|
|
|
2007-06-14 02:48:53 +07:00
|
|
|
endif # NETDEVICES
|