Параметры ядра Linux:Networking

Материал из Wiki Open book
Перейти к: навигация, поиск

Параметры ядра Linux

Содержание

Networking --->

--- Networking support
Unless you really know what you are doing, you should say Y here. The reason is that some programs need kernel networking support even when running on a stand-alone machine that isn't connected to any other computer.

If you are upgrading from an older kernel, you should consider updating your networking tools too because changes in the kernel and the tools often go hand in hand. The tools are contained in the package net-tools, the location and version number of which are given in <file:Documentation/Changes>.

For a general introduction to Linux networking, it is highly recommended to read the NET-HOWTO, available from <http://www.tldp.org/docs.html#howto>.

Русский флаг
Поддержка сети

Выбирайте Y если не знаете точно что делать. Поддержка сети в ядре необходима некоторым утилитам, даже если они запущены на изолированной машине, не подключенной к другим компьютерам.

Если вы обновляете старое ядро, вы должны так же предусмотреть обновление ваших сетевых утилит, так как изменения в ядре и в утилитах часто идут рука об руку. Утилиты содержатся в пакете net-tools и их расположение и номер версии вы можете посмотреть в <file:Documentation/Changes>.

Для общего ознакомления с поддержкой сетей в Linux настоятельно рекомендуется прочитать документ NET-HOWTO, доступный по адресу <http://www.tldp.org/docs.html#howto>.

Networking options --->

Network packet debugging
You can say Y here if you want to get additional messages useful in debugging bad packets, but can overwhelm logs under denial of service attacks.
Русский флаг
Packet socket
The Packet protocol is used by applications which communicate directly with network devices without an intermediate network protocol implemented in the kernel, e.g. tcpdump. If you want them to work, choose Y.

To compile this driver as a module, choose M here: the module will be called af_packet.

If unsure, say Y.

Русский флаг
Протокол Packet используется приложениями, которые общаются непосредственно с сетевыми устройствами без сетевого протокола, встроенного в ядро, такими как tcpdump. Если Вы хотите, чтобы они работали, выберите Y.

Для компиляции этого драйвера в виде модуля, выберите М: модуль будет называться af_packet.

Если Вы не уверены, выбирайте Y.

  Packet socket: mmapped IO
  If you say Y here, the Packet protocol driver will use an IO mechanism that results in faster communication.

If unsure, say N.

 
Русский флаг

Еслы вы выберите Y, драйвер протокола Packet будет использовать механизм ввода-вывода который увеличит скорость обмена.

Unix domain sockets
If you say Y here, you will include support for Unix domain sockets; sockets are the standard Unix mechanism for establishing and accessing network connections. Many commonly used programs such as the X Window system and syslog use these sockets even if your machine is not connected to any network. Unless you are working on an embedded system or something similar, you therefore definitely want to say Y here.

To compile this driver as a module, choose M here: the module will be called unix. Note that several important services won't work correctly if you say M here and then neglect to load the module.

Say Y unless you know what you are doing.

Русский флаг
Поддержка сокетов домена Unix

Если вы выберите Y,то включите поддержку сокетов домена Unix. Сокеты - это стандартный механизм в Unix для установления и использования сетевых соединений. Многие рядовые программы, такие как X Window system и syslog, используют сокеты даже если машина не подключена к сети. Если вы собираете ядро не для встроенной системы или чего-то подобного, то вы определенно должны выбрать Y.

Для того что бы откомпилировать этот драйвер как модуль, выберите M: модуль будет называться unix. Обратите внимание на то, что не все сервисы будут корректно работать если вы выберите M и пренебрежительно отнесетесь к загрузке модуля.

Выберите Y если не знаете что нужно делать.

Transformation user configuration interface
Support for Transformation(XFRM) user configuration interface like IPsec used by native Linux tools.

If unsure, say Y.

Русский флаг
Transformation sub policy support
Support sub policy for developers. By using sub policy with main one, two policies can be applied to the same packet at once. Policy which lives shorter time in kernel should be a sub.

If unsure, say N.

Русский флаг
PF_KEY sockets
PF_KEYv2 socket family, compatible to KAME ones. They are required if you are going to use IPsec tools ported from KAME.

Say Y unless you know what you are doing.

Русский флаг
Семейство соккетов PF_KEYv2, совместимых с KAME. Требуется если вы собираетесь использовать утилиты IPsec, портированные из KAME.

Выберите Y если не знаете что делать.

TCP/IP networking

Вынесено на отдельную страницу Параметры ядра Linux:Networking:TCP

  TCP: MD5 Signature Option support (RFC2385)
  RFC 2385 specifices a method of giving MD5 protection to TCP sessions. Its main (only?) use is to protect BGP sessions between core routers on the Internet.

If unsure, say N.

 
Русский флаг

RFC 2385 определяет метод используемый для защиты TCP сессий при помощи MD5. Его основное назначение - защита BGP сессий между коре роутерами в Интернет.

Если не уверны, выбирайие N.

TCP: advanced congestion control --->

TCP: advanced congestion control
Support for selection of various TCP congestion control modules.

Nearly all users can safely say no here, and a safe default selection will be made (CUBIC with new Reno as a fallback).

If unsure, say N.

Русский флаг
  Binary Increase Congestion (BIC) control (NEW)
  BIC-TCP is a sender-side only change that ensures a linear RTT fairness under large windows while offering both scalability and bounded TCP-friendliness. The protocol combines two schemes called additive increase and binary search increase. When the congestion window is large, additive increase with a large increment ensures linear RTT fairness as well as good scalability. Under small congestion windows, binary search increase provides TCP friendliness. See http://www.csc.ncsu.edu/faculty/rhee/export/bitcp/
 
Русский флаг
Русский перевод
  CUBIC TCP
  This is version 2.0 of BIC-TCP which uses a cubic growth function among other techniques. See http://www.csc.ncsu.edu/faculty/rhee/export/bitcp/cubic-paper.pdf
 
Русский флаг
  TCP Westwood+
  TCP Westwood+ is a sender-side only modification of the TCP Reno protocol stack that optimizes the performance of TCP congestion control. It is based on end-to-end bandwidth estimation to set congestion window and slow start threshold after a congestion episode. Using this estimation, TCP Westwood+ adaptively sets a slow start threshold and a congestion window which takes into account the bandwidth used at the time congestion is experienced. TCP Westwood+ significantly increases fairness wrt TCP Reno in wired networks and throughput over wireless links.
 
Русский флаг
Русский перевод
  H-TCP
  H-TCP is a send-side only modifications of the TCP Reno protocol stack that optimizes the performance of TCP congestion control for high speed network links. It uses a modeswitch to change the alpha and beta parameters of TCP Reno based on network conditions and in a way so as to be fair with other Reno and H-TCP flows.
 
Русский флаг
Русский перевод
  High Speed TCP
  Sally Floyd's High Speed TCP (RFC 3649) congestion control. A modification to TCP's congestion control mechanism for use with large congestion windows. A table indicates how much to increase the congestion window by when an ACK is received. For more detail see http://www.icir.org/floyd/hstcp.html
 
Русский флаг
Русский перевод
  TCP-Hybla conqestion control algoritm
  TCP-Hybla is a sender-side only change that eliminates penalization of long-RTT, large-bandwidth connections, like when satellite legs are involved, expecially when sharing a common bottleneck with normal terrestrial connections.
 
Русский флаг
Русский перевод
  TCP Vegas
  TCP Vegas is a sender-side only change to TCP that anticipates the onset of congestion by estimating the bandwidth. TCP Vegas adjusts the sending rate by modifying the congestion window. TCP Vegas should provide less packet loss, but it is not as aggressive as TCP Reno.
 
Русский флаг
Русский перевод
  Scalable TCP
  Scalable TCP is a sender-side only change to TCP which uses a MIMD congestion control algorithm which has some nice scaling properties, though is known to have fairness issues. See http://www-lce.eng.cam.ac.uk/~ctk21/scalable/
 
Русский флаг
Русский перевод
  TCP Low Priority
  TCP Low Priority (TCP-LP), a distributed algorithm whose goal is to utilize only the excess network bandwidth as compared to the fair share of bandwidth as targeted by TCP. See http://www-ece.rice.edu/networks/TCP-LP/
 
Русский флаг
  TCP Veno
  TCP Veno is a sender-side only enhancement of TCP to obtain better throughput over wireless networks. TCP Veno makes use of state distinguishing to circumvent the difficult judgment of the packet loss type. TCP Veno cuts down less congestion window in response to random loss packets. See http://www.ntu.edu.sg/home5/ZHOU0022/papers/CPFu03a.pdf
 
Русский флаг
  Default TCP congestion control
 
  • Cubic
  • Reno
 
Русский флаг

IP: Virtual Server Configuration --->

IP Virtual server support (EXPERIMENTAL)
IP Virtual Server support will let you build a high-performance virtual server based on cluster of two or more real servers. This option must be enabled for at least one of the clustered computers that will take care of intercepting incoming connections to a single IP address and scheduling them to real servers.

Three request dispatching techniques are implemented, they are virtual server via NAT, virtual server via tunneling and virtual server via direct routing. The several scheduling algorithms can be used to choose which server the connection is directed to, thus load balancing can be achieved among the servers. For more information and its administration program, please visit the following URL: <http://www.linuxvirtualserver.org/>.

If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N.

Русский флаг
Позволяет создавать высокопроизводительные виртуальные сервера основанные на кластере, состоящем из двух и более реальных серверов.
  IP virtual server debugging
  Say Y here if you want to get additional messages useful in debugging the IP virtual server code. You can change the debug level in /proc/sys/net/ipv4/vs/debug_level
 
Русский флаг
Русский перевод
  (12) IPVS connection table size (the Nth power of 2)
  The IPVS connection hash table uses the chaining scheme to handle hash collisions. Using a big IPVS connection hash table will greatly reduce conflicts when there are hundreds of thousands of connections in the hash table.

Note the table size must be power of 2. The table size will be the value of 2 to the your input number power. The number to choose is from 8 to 20, the default number is 12, which means the table size is 4096. Don't input the number too small, otherwise you will lose performance on it. You can adapt the table size yourself, according to your virtual server application. It is good to set the table size not far less than the number of connections per second multiplying average lasting time of connection in the table. For example, your virtual server gets 200 connections per second, the connection lasts for 200 seconds in average in the connection table, the table size should be not far less than 200x200, it is good to set the table size 32768 (2**15).

Another note that each connection occupies 128 bytes effectively and each hash entry uses 8 bytes, so you can estimate how much memory is needed for your box.

 
Русский флаг
Русский перевод

--- IPVS transport protocol loaad balancing support

  TCP load balansing support
  This option enables support for load balancing TCP transport protocol. Say Y if unsure.
 
Русский флаг
Русский перевод
  UDP load balansing support
  This option enables support for load balancing UDP transport protocol. Say Y if unsure.
 
Русский флаг
Русский перевод
  ESP load balansing support
  This option enables support for load balancing ESP (Encapsultion Security Payload) transport protocol. Say Y if unsure.
 
Русский флаг
Русский перевод
  AH load balansing support
  This option enables support for load balancing AH (Authentication Header) transport protocol. Say Y if unsure.
 
Русский флаг
Русский перевод

--- IPVS scheduler

  round-robin scheduling
  The robin-robin scheduling algorithm simply directs network connections to different real servers in a round-robin manner.

If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N.

 
Русский флаг
Русский перевод
  weighted round-robin scheduling
  The weighted robin-robin scheduling algorithm directs network connections to different real servers based on server weights in a round-robin manner. Servers with higher weights receive new connections first than those with less weights, and servers with higher weights get more connections than those with less weights and servers with equal weights get equal connections.

If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N.

 
Русский флаг
Русский перевод
  least-connection scheduling
  The least-connection scheduling algorithm directs network connections to the server with the least number of active connections.

If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N.

 
Русский флаг
Русский перевод
  weighted least-connection scheduling
  The weighted least-connection scheduling algorithm directs network connections to the server with the least active connections normalized by the server weight.

If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N.

 
Русский флаг
Русский перевод
  locality-based least-connection scheduling
  The locality-based least-connection scheduling algorithm is for destination IP load balancing. It is usually used in cache cluster. This algorithm usually directs packet destined for an IP address to its server if the server is alive and under load. If the server is overloaded (its active connection numbers is larger than its weight) and there is a server in its half load, then allocate the weighted least-connection server to this IP address.

If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N.

 
Русский флаг
Русский перевод
  locality-based least-connection with replication scheduling
  The locality-based least-connection with replication scheduling algorithm is also for destination IP load balancing. It is usually used in cache cluster. It differs from the LBLC scheduling as follows: the load balancer maintains mappings from a target to a set of server nodes that can serve the target. Requests for a target are assigned to the least-connection node in the target's server set. If all the node in the server set are over loaded, it picks up a least-connection node in the cluster and adds it in the sever set for the target. If the server set has not been modified for the specified time, the most loaded node is removed from the server set, in order to avoid high degree of replication.

If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N.

 
Русский флаг
Русский перевод
  destination hashing scheduling
  The destination hashing scheduling algorithm assigns network connections to the servers through looking up a statically assigned hash table by their destination IP addresses.

If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N.

 
Русский флаг
Русский перевод
  source hashing scheduling
  The source hashing scheduling algorithm assigns network connections to the servers through looking up a statically assigned hash table by their source IP addresses.

If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N.

 
Русский флаг
Русский перевод
  shortest expected delay scheduling
  The shortest expected delay scheduling algorithm assigns network connections to the server with the shortest expected delay. The expected delay that the job will experience is (Ci + 1) / Ui if sent to the ith server, in which Ci is the number of connections on the the ith server and Ui is the fixed service rate (weight) of the ith server.

If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N.

 
Русский флаг
Русский перевод
  never queue scheduling
  The never queue scheduling algorithm adopts a two-speed model. When there is an idle server available, the job will be sent to the idle server, instead of waiting for a fast one. When there is no idle server available, the job will be sent to the server that minimize its expected delay (The Shortest Expected Delay scheduling algorithm).

If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N.

 
Русский флаг
Русский перевод

--- IPVS application helper

  FTP protocol helper
  FTP is a protocol that transfers IP address and/or port number in the payload. In the virtual server via Network Address Translation, the IP address and port number of real servers cannot be sent to clients in ftp connections directly, so FTP protocol helper is required for tracking the connection and mangling it back to that of virtual service.

If you want to compile it in kernel, say Y. To compile it as a module, choose M here. If unsure, say N.

 
Русский флаг
Русский перевод



IPv6

  The IPv6 protocol
  This is complemental support for the IP version 6. You will still be able to do traditional IPv4 networking as well.

For general information about IPv6, see <http://playground.sun.com/pub/ipng/html/ipng-main.html>. For Linux IPv6 development information, see <http://www.linux-ipv6.org>. For specific information about IPv6 under Linux, read the HOWTO at <http://www.bieringer.de/linux/IPv6/>.

To compile this protocol support as a module, choose M here: the module will be called ipv6.

 
Русский флаг
Поддержка протокола IPv6

Опция включает поддержку протокола IPv6. Включение поддержки IPv6 не конфликтует с поддержкой IPv4, так что у вас останется возможность работать в традиционной сети, основанной на IPv4.

Для получения общей информации о IPv6 смотрите <http://playground.sun.com/pub/ipng/html/ipng-main.html>. Информацию для разработчика подсистемы IPv6 можно почерпнуть с сайта <http://www.linux-ipv6.org>. Особенности работы с IPv6 под Linux описаны в HOWTO: <http://www.bieringer.de/linux/IPv6/>.

Что бы скомпилировать поддержку протокола IPv6 в виде модуля ядра, выбирайте M: модуль будет называться ipv6.

    IPv6: Privacy Extension (RFC 3041) support
    Privacy Extensions for Stateless Address Autoconfiguration in IPv6 support. With this option, additional periodically-alter pseudo-random global-scope unicast address(es) will assigned to your interface(s).

By default, kernel do not generate temporary addresses. To use temporary addresses, do

echo 2 >/proc/sys/net/ipv6/conf/all/use_tempaddr

See <file:Documentation/networking/ip-sysctl.txt> for details.

   
Русский флаг
Русский перевод
    AH transformation
    Support for IPsec AH.

If unsure, say Y.

   
Русский флаг
Русский перевод
    IPv6: ESP transformation
    Support for IPsec ESP.

If unsure, say Y.

   
Русский флаг
Русский перевод
    IPv6: IPComp transformation
    Support for IP Payload Compression Protocol (IPComp) (RFC3173), typically needed for IPsec.

If unsure, say Y.

   
Русский флаг
Русский перевод
    IPv6: tunnel transformation
    Support for generic IPv6-in-IPv6 tunnel transformation, which is required by the IPv6-in-IPv6 tunneling module as well as tunnel mode IPComp.

If unsure, say Y.

   
Русский флаг
Русский перевод
    IPv6: IPv6-in-IPv6 tunnel
    Support for IPv6-in-IPv6 tunnels described in RFC 2473.

If unsure, say N.

   
Русский флаг
Русский перевод

Network packet filterning (replaces ipchains) --->

Параметры netfilter вынесены на отдельную страницу

DCCP Configuration (EXPERIMENTAL) --->

The DCCP Protocol (EXPERIMENTAL)
Datagram Congestion Control Protocol From draft-ietf-dccp-spec-11 <http://www.icir.org/kohler/dcp/draft-ietf-dccp-spe

The Datagram Congestion Control Protocol (DCCP) is a transport protocol that implements bidirectional, unicast connections of congestion-controlled, unreliable datagrams. It should be suitable for use by applications such as streaming media, Internet telephony, and on-line games

To compile this protocol support as a module, choose M here: the module will be called dccp.

If in doubt, say N.

Русский флаг
Русский перевод

DCCP CCIDs Configure (EXPERIMENTAL) --->

CCID3 (TFRC) (EXPERIMENTAL)
CCID 3 denotes TCP-Friendly Rate Control (TFRC), an equation-based rate-controlled congestion control mechanism. TFRC is designed to be reasonably fair when competing for bandwidth with TCP-like flows, where a flow is "reasonably fair" if its sending rate is generally within a factor of two of the sending rate of a TCP flow under the same conditions. However, TFRC has a much lower variation of throughput over time compared with TCP, which makes CCID 3 more suitable than CCID 2 for applications such streaming media where a relatively smooth sending rate is of importance.

CCID 3 is further described in [CCID 3 PROFILE]. The TFRC congestion control algorithms were initially described in RFC 3448. This text was extracted from draft-ietf-dccp-spec-11.txt.

If in doubt, say M.

Русский флаг
Русский перевод

SCTP Configuration (EXPERIMENTAL) --->

The SCTP Protocol (EXPERIMENTAL)
Stream Control Transmission Protocol

From RFC 2960 <http://www.ietf.org/rfc/rfc2960.txt>.

"SCTP is a reliable transport protocol operating on top of a connectionless packet network such as IP. It offers the following services to its users:

  • acknowledged error-free non-duplicated transfer of user data,
  • data fragmentation to conform to discovered path MTU size,
  • sequenced delivery of user messages within multiple streams, with an option for order-of-arrival delivery of individual user messages,
  • optional bundling of multiple user messages into a single SCTP packet, and* network-level fault tolerance through supporting of multi-homing at either or both ends of an association.

To compile this protocol support as a module, choose M here: the module will be called sctp.

If in doubt, say N.

Русский флаг
Русский перевод
  SCTP: Debug message
  If you say Y, this will enable verbose debugging messages.

If unsure, say N. However, if you are running into problems, use this option to gather detailed trace information

 
Русский флаг
Русский перевод
  SCTP: Debug object counts
  If you say Y, this will enable debugging support for counting the type of objects that are currently allocated. This is useful for identifying memory leaks. If the /proc filesystem is enabled this debug information can be viewed by
cat /proc/net/sctp/sctp_dbg_objcnt

If unsure, say N

 
Русский флаг
Русский перевод

SCTP: Cookie HMAC Algorithm (HMAC-MD5) --->

None
Choosing this disables the use of an HMAC during association establishment. It is advised to use either HMAC-MD5 or HMAC-SHA1.
Русский флаг
Русский перевод
HMAC-SHA1
Enable the use of HMAC-SHA1 during association establishment. It is advised to use either HMAC-MD5 or HMAC-SHA1.
Русский флаг
Русский перевод
HMAC-MD5
Enable the use of HMAC-MD5 during association establishment. It is advised to use either HMAC-MD5 or HMAC-SHA1.
Русский флаг
Русский перевод

Asynchronous Transfer Mode (ATM)

Asynchronous Transfer Mode (ATM)
ATM is a high-speed networking technology for Local Area Networks and Wide Area Networks. It uses a fixed packet size and is connection oriented, allowing for the negotiation of minimum bandwidth requirements.

In order to participate in an ATM network, your Linux box needs an ATM networking card. If you have that, say Y here and to the driver of your ATM card below.

Note that you need a set of user-space programs to actually make use of ATM. See the file <file:Documentation/networking/atm.txt> for further details.

Русский флаг
Русский перевод
  Classical IP over ATM
  Classical IP over ATM for PVCs and SVCs, supporting InARP and ATMARP. If you want to communication with other IP hosts on your ATM network, you will typically either say Y here or to "LAN Emulation (LANE)" below.
 
Русский флаг
Русский перевод
    Do NOT send ICMP if no neighbour
    Normally, an "ICMP host unreachable" message is sent if a neighbour cannot be reached because there is no VC to it in the kernel's ATMARP table. This may cause problems when ATMARP table entries are briefly removed during revalidation. If you say Y here, packets to such neighbours are silently discarded instead.
   
Русский флаг
Русский перевод
  LAN Emulation (LANE) support
  LAN Emulation emulates services of existing LANs across an ATM network. Besides operating as a normal ATM end station client, Linux LANE client can also act as an proxy client bridging packets between ELAN and Ethernet segments. You need LANE if you want to try MPOA.
 
Русский флаг
Русский перевод
    Multi-Protocol Over ATM (MPOA) support
    Multi-Protocol Over ATM allows ATM edge devices such as routers, bridges and ATM attached hosts establish direct ATM VCs across subnetwork boundaries. These shortcut connections bypass routers enhancing overall network performance.
   
Русский флаг
Русский перевод
  RFC1483/2684 Bridged protocols
  ATM PVCs can carry ethernet PDUs according to RFC2684 (formerly 1483) This device will act like an ethernet from the kernels point of view, with the traffic being carried by ATM PVCs (currently 1 PVC/device). This is sometimes used over DSL lines. If in doubt, say N.
 
Русский флаг
Русский перевод
    Per-VC IP filter kludge
    This is an experimental mechanism for users who need to terminate a large number of IP-only vcc's. Do not enable this unless you are sure you know what you are doing.
   
Русский флаг
Русский перевод
802.1d Ethernet Bridging
If you say Y here, then your Linux box will be able to act as an Ethernet bridge, which means that the different Ethernet segments it is connected to will appear as one Ethernet to the participants. Several such bridges can work together to create even larger networks of Ethernets using the IEEE 802.1 spanning tree algorithm. As this is a standard, Linux bridges will cooperate properly with other third party bridge products.

In order to use the Ethernet bridge, you'll need the bridge configuration tools; see <file:Documentation/networking/bridge.txt> for location. Please read the Bridge mini-HOWTO for more information.

If you enable iptables support along with the bridge support then you turn your bridge into a bridging IP firewall. iptables will then see the IP packets being bridged, so you need to take this into account when setting up your firewall rules. Enabling arptables support when bridging will let arptables see bridged ARP traffic in the arptables FORWARD chain.

To compile this code as a module, choose M here: the module will be called bridge.

If unsure, say N.

Русский флаг
Русский перевод
802.1Q VLAN Support
Select this and you will be able to create 802.1Q VLAN interfaces on your ethernet interfaces. 802.1Q VLAN supports almost everything a regular ethernet interface does, including firewalling, bridging, and of course IP traffic. You will need the 'vconfig' tool from the VLAN project in order to effectively use VLANs. See the VLAN web page for more information: <http://www.candelatech.com/~greear/vlan.html>

To compile this code as a module, choose M here: the module will be called 8021q.

If unsure, say N.

Русский флаг
Русский перевод
DECnet Support
The DECnet networking protocol was used in many products made by Digital (now Compaq). It provides reliable stream and sequenced packet communications over which run a variety of services similar to those which run over TCP/IP.

To find some tools to use with the kernel layer support, please look at Patrick Caulfield's web site: <http://linux-decnet.sourceforge.net/>.

More detailed documentation is available in <file:Documentation/networking/decnet.txt>.

Be sure to say Y to "/proc file system support" and "Sysctl support" below when using DECnet, since you will need sysctl support to aid in configuration at run time.

The DECnet code is also available as a module ( = code which can be inserted in and removed from the running kernel whenever you want). The module is called decnet.

Русский флаг
Русский перевод
  DECnet: router support
  Add support for turning your DECnet Endnode into a level 1 or 2 router. This is an experimental, but functional option. If you do say Y here, then make sure that you also say Y to "Kernel/User network link driver", "Routing messages" and "Network packet filtering". The first two are required to allow configuration via rtnetlink (you will need Alexey Kuznetsov's iproute2 package from <ftp://ftp.tux.org/pub/net/ip-routing/>). The "Network packet filtering" option will be required for the forthcoming routing daemon to work.

See <file:Documentation/networking/decnet.txt> for more information.

 
Русский флаг
Русский перевод
    DECnet: use FWMARK value as routing key
    If you say Y here, you will be able to specify different routes for packets with different FWMARK ("firewalling mark") values (see ipchains(8), "-m" argument).
   
Русский флаг
Русский перевод
ANSI/IEEE 802.2 LLC type 2 Support
This is a Logical Link Layer type 2, connection oriented support. Select this if you want to have support for PF_LLC sockets.
Русский флаг
Русский перевод

The IPX protocol

The IPX protocol
This is support for the Novell networking protocol, IPX, commonly used for local networks of Windows machines. You need it if you want to access Novell NetWare file or print servers using the Linux Novell client ncpfs (available from <ftp://platan.vc.cvut.cz/pub/linux/ncpfs/>) or from within the Linux DOS emulator DOSEMU (read the DOSEMU-HOWTO, available from <http://www.tldp.org/docs.html#howto>). In order to do the former, you'll also have to say Y to "NCP file system support", below.

IPX is similar in scope to IP, while SPX, which runs on top of IPX, is similar to TCP. There is also experimental support for SPX in Linux (see "SPX networking", below).

Русский флаг
Русский перевод
  IPX: Full internal IPX network
  Every IPX network has an address that identifies it. Sometimes it is useful to give an IPX "network" address to your Linux box as well (for example if your box is acting as a file server for different IPX networks: it will then be accessible from everywhere using the same address). The way this is done is to create a virtual internal "network" inside your box and to assign an IPX address to this network. Say Y here if you want to do this; read the IPX-HOWTO at <http://www.tldp.org/docs.html#howto> for details.

The full internal IPX network enables you to allocate sockets on different virtual nodes of the internal network. This is done by evaluating the field sipx_node of the socket address given to the bind call. So applications should always initialize the node field to 0 when binding a socket on the primary network. In this case the socket is assigned the default node that has been given to the kernel when the internal network was created. By enabling the full internal IPX network the cross-forwarding of packets targeted at 'special' sockets to sockets listening on the primary network is disabled. This might break existing applications, especially RIP/SAP daemons. A RIP/SAP daemon that works well with the full internal net can be found on <ftp://ftp.gwdg.de/pub/linux/misc/ncpfs/>.

If you don't know what you are doing, say N.

 
Русский флаг
Русский перевод

Appeletalk protocol support

Appeletalk protocol support
AppleTalk is the protocol that Apple computers can use to communicate on a network. If your Linux box is connected to such a network and you wish to connect to it, say Y. You will need to use the netatalk package so that your Linux box can act as a print and file server for Macs as well as access AppleTalk printers. Check out <http://www.zettabyte.net/netatalk/> on the WWW for details. EtherTalk is the name used for AppleTalk over Ethernet and the cheaper and slower LocalTalk is AppleTalk over a proprietary Apple network using serial links. EtherTalk and LocalTalk are fully supported by Linux.

General information about how to connect Linux, Windows machines and Macs is on the WWW at <http://www.eats.com/linux_mac_win.html>. The NET-3-HOWTO, available from <http://www.tldp.org/docs.html#howto>, contains valuable information as well.

To compile this driver as a module, choose M here: the module will be called appletalk. You almost certainly want to compile it as a module so you can restart your AppleTalk stack without rebooting your machine. I hear that the GNU boycott of Apple is over, so even politically correct people are allowed to say Y here.

Русский флаг
Русский перевод
  Appletalk interface support
  AppleTalk is the protocol that Apple computers can use to communicate on a network. If your Linux box is connected to such a network, and wish to do IP over it, or you have a LocalTalk card and wish to use it to connect to the AppleTalk network, say Y.
 
Русский флаг
Русский перевод
    Apple/Farallon LocalTalk PC support
    This allows you to use the AppleTalk PC card to connect to LocalTalk networks. The card is also known as the Farallon PhoneNet PC card. If you are in doubt, this card is the one with the 65C02 chip on it. You also need version 1.3.3 or later of the netatalk package. This driver is experimental, which means that it may not work. See the file <file:Documentation/networking/ltpc.txt>.
   
Русский флаг
Русский перевод
    COPS LocalTalk PC support
    This allows you to use COPS AppleTalk cards to connect to LocalTalk networks. You also need version 1.3.3 or later of the netatalk package. This driver is experimental, which means that it may not work. This driver will only work if you choose "AppleTalk DDP" networking support, above. Please read the file <file:Documentation/networking/cops.txt>.
   
Русский флаг
Русский перевод
      Dayna firmware support
      Support COPS compatible cards with Dayna style firmware (Dayna DL2000/ Daynatalk/PC (half length), COPS LT-95, Farallon PhoneNET PC III, Farallon PhoneNET PC II).
     
Русский флаг
Русский перевод
      Tangent firmware support
      Support COPS compatible cards with Tangent style firmware (Tangent ATB_II, Novell NL-1000, Daystar Digital LT-200.
     
Русский флаг
Русский перевод
    Appletalk-IP driver support
    This allows IP networking for users who only have AppleTalk networking available. This feature is experimental. With this driver, you can encapsulate IP inside AppleTalk (e.g. if your Linux box is stuck on an AppleTalk only network) or decapsulate (e.g. if you want your Linux box to act as an Internet gateway for a zoo of AppleTalk connected Macs). Please see the file <file:Documentation/networking/ipddp.txt> for more information.

If you say Y here, the AppleTalk-IP support will be compiled into the kernel. In this case, you can either use encapsulation or decapsulation, but not both. With the following two questions, you decide which one you want.

To compile the AppleTalk-IP support as a module, choose M here: the module will be called ipddp. In this case, you will be able to use both encapsulation and decapsulation simultaneously, by loading two copies of the module and specifying different values for the module option ipddp_mode.

   
Русский флаг
Русский перевод
      IP to Appletalk-IP Encapsulation support
      If you say Y here, the AppleTalk-IP code will be able to encapsulate IP packets inside AppleTalk frames; this is useful if your Linux box is stuck on an AppleTalk network (which hopefully contains a decapsulator somewhere). Please see <file:Documentation/networking/ipddp.txt> for more information. If you said Y to "AppleTalk-IP driver support" above and you say Y here, then you cannot say Y to "AppleTalk-IP to IP Decapsulation support", below.
     
Русский флаг
Русский перевод
      Appletalk-IP to IP Decapsulation support
      If you say Y here, the AppleTalk-IP code will be able to decapsulate AppleTalk-IP frames to IP packets; this is useful if you want your Linux box to act as an Internet gateway for an AppleTalk network. Please see <file:Documentation/networking/ipddp.txt> for more information. If you said Y to "AppleTalk-IP driver support" above and you say Y here, then you cannot say Y to "IP to AppleTalk-IP Encapsulation support", above.
     
Русский флаг
Русский перевод
CCITT X.25 Packet Layer
X.25 is a set of standardized network protocols, similar in scope to frame relay; the one physical line from your box to the X.25 network entry point can carry several logical point-to-point connections (called "virtual circuits") to other computers connected to the X.25 network. Governments, banks, and other organizations tend to use it to connect to each other or to form Wide Area Networks (WANs). Many countries have public X.25 networks. X.25 consists of two protocols: the higher level Packet Layer Protocol (PLP) (say Y here if you want that) and the lower level data link layer protocol LAPB (say Y to "LAPB Data Link Driver" below if you want that).

You can read more about X.25 at <http://www.sangoma.com/x25.htm> and <http://www.cisco.com/univercd/cc/td/doc/product/software/ios11/cbook/cx25.htm>. Information about X.25 for Linux is contained in the files <file:Documentation/networking/x25.txt> and <file:Documentation/networking/x25-iface.txt>.

One connects to an X.25 network either with a dedicated network card using the X.21 protocol (not yet supported by Linux) or one can do X.25 over a standard telephone line using an ordinary modem (say Y to "X.25 async driver" below) or over Ethernet using an ordinary Ethernet card and the LAPB over Ethernet (say Y to "LAPB Data Link Driver" and "LAPB over Ethernet driver" below).

To compile this driver as a module, choose M here: the module will be called x25. If unsure, say N.

Русский флаг
Русский перевод
LAPB Data Link Driver (EXPERIMENTAL)
Link Access Procedure, Balanced (LAPB) is the data link layer (i.e. the lower) part of the X.25 protocol. It offers a reliable connection service to exchange data frames with one other host, and it is used to transport higher level protocols (mostly X.25 Packet Layer, the higher part of X.25, but others are possible as well). Usually, LAPB is used with specialized X.21 network cards, but Linux currently supports LAPB only over Ethernet connections. If you want to use LAPB connections over Ethernet, say Y here and to "LAPB over Ethernet driver" below. Read <file:Documentation/networking/lapb-module.txt> for technical details.

To compile this driver as a module, choose M here: the module will be called lapb. If unsure, say N.

Русский флаг
Русский перевод
Frame Diverter
The Frame Diverter allows you to divert packets from the network, that are not aimed at the interface receiving it (in promisc. mode). Typically, a Linux box setup as an Ethernet bridge with the Frames Diverter on, can do some *really* transparent www caching using a Squid proxy for example.

This is very useful when you don't want to change your router's config (or if you simply don't have access to it).

The other possible usages of diverting Ethernet Frames are numberous:

  • reroute smtp traffic to another interface
  • traffic-shape certain network streams
  • transparently proxy smtp connections
  • etc...

For more informations, please refer to: <http://diverter.sourceforge.net/> <http://perso.wanadoo.fr/magpie/EtherDivert.html>

If unsure, say N.

Русский флаг
Русский перевод
Acorn Econet/AUN Protocol
Econet is a fairly old and slow networking protocol mainly used by Acorn computers to access file and print servers. It uses native Econet network cards. AUN is an implementation of the higher level parts of Econet that runs over ordinary Ethernet connections, on top of the UDP packet protocol, which in turn runs on top of the Internet protocol IP.

If you say Y here, you can choose with the next two options whether to send Econet/AUN traffic over a UDP Ethernet connection or over a native Econet network card.

To compile this driver as a module, choose M here: the module will be called econet.

Русский флаг
Русский перевод
  AUN over UDP
  Say Y here if you want to send Econet/AUN traffic over a UDP connection (UDP is a packet based protocol that runs on top of the Internet protocol IP) using an ordinary Ethernet network card.
 
Русский флаг
Русский перевод
  Native Econet
  Say Y here if you have a native Econet network card installed in your computer.
 
Русский флаг
Русский перевод
WAN router
Wide Area Networks (WANs), such as X.25, frame relay and leased lines, are used to interconnect Local Area Networks (LANs) over vast distances with data transfer rates significantly higher than those achievable with commonly used asynchronous modem connections. Usually, a quite expensive external device called a `WAN router' is needed to connect to a WAN.

As an alternative, WAN routing can be built into the Linux kernel. With relatively inexpensive WAN interface cards available on the market, a perfectly usable router can be built for less than half the price of an external router. If you have one of those cards and wish to use your Linux box as a WAN router, say Y here and also to the WAN driver for your card, below. You will then need the wan-tools package which is available from <ftp://ftp.sangoma.com/>. Read <file:Documentation/networking/wan-router.txt> for more information.

To compile WAN routing support as a module, choose M here: the module will be called wanrouter.

If unsure, say N.

Русский флаг
Русский перевод

QoS and/or fair queueing --->

(Вынесено на отдельную страницу: Параметры ядра Linux:Networking:QoS)

Network testing --->

Packet Generator (USE WITH CAUTION)
This module will inject preconfigured packets, at a configurable rate, out of a given interface. It is used for network interface stress testing and performance analysis. If you don't understand what was just said, you don't need it: say N.

Documentation on how to use the packet generator can be found at <file:Documentation/networking/pktgen.txt>.

To compile this code as a module, choose M here: the module will be called pktgen.

Русский флаг
Русский перевод

Amateur Radiosupport --->

(Вынесено на отдельную страницу: Параметры ядра Linux:Networking:AmateurRadio)

IrDA (infarared) subsystem support --->

(Вынесено на отдельную страницу: Параметры ядра Linux:Networking:IrDA)

Bluetooth subsystem support --->

(Вынесено на отдельную страницу: Параметры ядра Linux:Networking:Bluetooth)

    Generic IEEE 802.11 Networking Stack
    This option enables the hardware independent IEEE 802.11 networking stack.
   
Русский флаг
Этот параметр включает независимый от железа стек IEEE 802.11
      Enable full debugging output
      This option will enable debug tracing output for the ieee80211 network stack.

This will result in the kernel module being ~70k larger. You can control which debug output is sent to the kernel log by setting the value in

/proc/net/ieee80211/debug_level

For example:

% echo 0x00000FFO > /proc/net/ieee80211/debug_level

For a list of values you can assign to debug_level, you can look at the bit mask values in <net/ieee80211.h>

If you are not trying to debug or develop the ieee80211 subsystem, you most likely want to say N here.

     
Русский флаг
Русский перевод
      IEEE 802.11 WEP encryption (802.1x)
      Include software based cipher suites in support of IEEE 802.11's WEP. This is needed for WEP as well as 802.1x.

This can be compiled as a modules and it will be called "ieee80211_crypt_wep".

     
Русский флаг
Русский перевод
      IEEE 802.11i CCMP support
      Include software based cipher suites in support of IEEE 802.11i (aka TGi, WPA, WPA2, WPA-PSK, etc.) for use with CCMP enabled networks.

This can be compiled as a modules and it will be called "ieee80211_crypt_ccmp".

     
Русский флаг
Русский перевод
      IEEE 802.11i TKIP encryption
      Include software based cipher suites in support of IEEE 802.11i (aka TGi, WPA, WPA2, WPA-PSK, etc.) for use with TKIP enabled networks.

This can be compiled as a modules and it will be called "ieee80211_crypt_tkip".

     
Русский флаг
Русский перевод


Параметры ядра Linux

Инструменты
    
Личные инструменты