1 files changed, 29 insertions, 23 deletions
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
index 691268f3a359..b2cf91e4ccaa 100644
--- a/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@ -35,7 +35,7 @@ config IP_ADVANCED_ROUTER
          at boot time after the /proc file system has been mounted.
-          If you turn on IP forwarding, you will also get the rp_filter, which
+          If you turn on IP forwarding, you should consider the rp_filter, which
          automatically rejects incoming packets if the routing table entry
          for their source address doesn't match the network interface they're
          arriving on. This has security advantages because it prevents the
@@ -46,12 +46,16 @@ config IP_ADVANCED_ROUTER
          rp_filter on use:
          echo 1 > /proc/sys/net/ipv4/conf/<device>/rp_filter
-          or
+           and
          echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
+          Note that some distributions enable it in startup scripts.
+          For details about rp_filter strict and loose mode read
+          <file:Documentation/networking/ip-sysctl.txt>.
          If unsure, say N here.
-choice 
+choice
        prompt "Choose IP: FIB lookup algorithm (choose FIB_HASH if unsure)"
        depends on IP_ADVANCED_ROUTER
        default ASK_IP_FIB_HASH
@@ -59,27 +63,29 @@ choice
 config ASK_IP_FIB_HASH
        bool "FIB_HASH"
        ---help---
-        Current FIB is very proven and good enough for most users.
+          Current FIB is very proven and good enough for most users.
 config IP_FIB_TRIE
        bool "FIB_TRIE"
        ---help---
-        Use new experimental LC-trie as FIB lookup algorithm. 
+          Use new experimental LC-trie as FIB lookup algorithm.
-        This improves lookup performance if you have a large
+          This improves lookup performance if you have a large
-        number of routes.
+          number of routes.
-        LC-trie is a longest matching prefix lookup algorithm which
+          LC-trie is a longest matching prefix lookup algorithm which
-        performs better than FIB_HASH for large routing tables.
+          performs better than FIB_HASH for large routing tables.
-        But, it consumes more memory and is more complex.
+          But, it consumes more memory and is more complex.
-        
-        LC-trie is described in:
+          LC-trie is described in:
-        
-        IP-address lookup using LC-tries. Stefan Nilsson and Gunnar Karlsson
+          IP-address lookup using LC-tries. Stefan Nilsson and Gunnar Karlsson
-        IEEE Journal on Selected Areas in Communications, 17(6):1083-1092, June 1999
+          IEEE Journal on Selected Areas in Communications, 17(6):1083-1092,
-        An experimental study of compression methods for dynamic tries
+          June 1999
-        Stefan Nilsson and Matti Tikkanen. Algorithmica, 33(1):19-33, 2002.
-        http://www.nada.kth.se/~snilsson/public/papers/dyntrie2/
+          An experimental study of compression methods for dynamic tries
-       
+          Stefan Nilsson and Matti Tikkanen. Algorithmica, 33(1):19-33, 2002.
+          http://www.nada.kth.se/~snilsson/public/papers/dyntrie2/
 endchoice
 config IP_FIB_HASH
@@ -191,7 +197,7 @@ config IP_PNP_RARP
          <file:Documentation/filesystems/nfsroot.txt> for details.
 # not yet ready..
-#   bool '    IP: ARP support' CONFIG_IP_PNP_ARP                
+#   bool '    IP: ARP support' CONFIG_IP_PNP_ARP
 config NET_IPIP
        tristate "IP: tunneling"
        select INET_TUNNEL
@@ -361,7 +367,7 @@ config INET_IPCOMP
        ---help---
          Support for IP Payload Compression Protocol (IPComp) (RFC3173),
          typically needed for IPsec.
-          
          If unsure, say Y.
 config INET_XFRM_TUNNEL
@@ -415,7 +421,7 @@ config INET_DIAG
          Support for INET (TCP, DCCP, etc) socket monitoring interface used by
          native Linux tools such as ss. ss is included in iproute2, currently
          downloadable at <http://linux-net.osdl.org/index.php/Iproute2>.
-          
          If unsure, say Y.
 config INET_TCP_DIAG

diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig index 691268f3a359..b2cf91e4ccaa 100644 --- a/net/ipv4/Kconfig +++ b/net/ipv4/Kconfig
@@ -35,7 +35,7 @@ config IP_ADVANCED_ROUTER
35		35
36	at boot time after the /proc file system has been mounted.	36	at boot time after the /proc file system has been mounted.
37		37
38	If you turn on IP forwarding, you will also get the rp_filter, which	38	If you turn on IP forwarding, you should consider the rp_filter, which
39	automatically rejects incoming packets if the routing table entry	39	automatically rejects incoming packets if the routing table entry
40	for their source address doesn't match the network interface they're	40	for their source address doesn't match the network interface they're
41	arriving on. This has security advantages because it prevents the	41	arriving on. This has security advantages because it prevents the
@@ -46,12 +46,16 @@ config IP_ADVANCED_ROUTER
46	rp_filter on use:	46	rp_filter on use:
47		47
48	echo 1 > /proc/sys/net/ipv4/conf/<device>/rp_filter	48	echo 1 > /proc/sys/net/ipv4/conf/<device>/rp_filter
49	or	49	and
50	echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter	50	echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
51		51
		52	Note that some distributions enable it in startup scripts.
		53	For details about rp_filter strict and loose mode read
		54	<file:Documentation/networking/ip-sysctl.txt>.
		55
52	If unsure, say N here.	56	If unsure, say N here.
53		57
54	choice	58	choice
55	prompt "Choose IP: FIB lookup algorithm (choose FIB_HASH if unsure)"	59	prompt "Choose IP: FIB lookup algorithm (choose FIB_HASH if unsure)"
56	depends on IP_ADVANCED_ROUTER	60	depends on IP_ADVANCED_ROUTER
57	default ASK_IP_FIB_HASH	61	default ASK_IP_FIB_HASH
@@ -59,27 +63,29 @@ choice
59	config ASK_IP_FIB_HASH	63	config ASK_IP_FIB_HASH
60	bool "FIB_HASH"	64	bool "FIB_HASH"
61	---help---	65	---help---
62	Current FIB is very proven and good enough for most users.	66	Current FIB is very proven and good enough for most users.
63		67
64	config IP_FIB_TRIE	68	config IP_FIB_TRIE
65	bool "FIB_TRIE"	69	bool "FIB_TRIE"
66	---help---	70	---help---
67	Use new experimental LC-trie as FIB lookup algorithm.	71	Use new experimental LC-trie as FIB lookup algorithm.
68	This improves lookup performance if you have a large	72	This improves lookup performance if you have a large
69	number of routes.	73	number of routes.
70		74
71	LC-trie is a longest matching prefix lookup algorithm which	75	LC-trie is a longest matching prefix lookup algorithm which
72	performs better than FIB_HASH for large routing tables.	76	performs better than FIB_HASH for large routing tables.
73	But, it consumes more memory and is more complex.	77	But, it consumes more memory and is more complex.
74		78
75	LC-trie is described in:	79	LC-trie is described in:
76		80
77	IP-address lookup using LC-tries. Stefan Nilsson and Gunnar Karlsson	81	IP-address lookup using LC-tries. Stefan Nilsson and Gunnar Karlsson
78	IEEE Journal on Selected Areas in Communications, 17(6):1083-1092, June 1999	82	IEEE Journal on Selected Areas in Communications, 17(6):1083-1092,
79	An experimental study of compression methods for dynamic tries	83	June 1999
80	Stefan Nilsson and Matti Tikkanen. Algorithmica, 33(1):19-33, 2002.	84
81	http://www.nada.kth.se/~snilsson/public/papers/dyntrie2/	85	An experimental study of compression methods for dynamic tries
82		86	Stefan Nilsson and Matti Tikkanen. Algorithmica, 33(1):19-33, 2002.
		87	http://www.nada.kth.se/~snilsson/public/papers/dyntrie2/
		88
83	endchoice	89	endchoice
84		90
85	config IP_FIB_HASH	91	config IP_FIB_HASH
@@ -191,7 +197,7 @@ config IP_PNP_RARP
191	<file:Documentation/filesystems/nfsroot.txt> for details.	197	<file:Documentation/filesystems/nfsroot.txt> for details.
192		198
193	# not yet ready..	199	# not yet ready..
194	# bool ' IP: ARP support' CONFIG_IP_PNP_ARP	200	# bool ' IP: ARP support' CONFIG_IP_PNP_ARP
195	config NET_IPIP	201	config NET_IPIP
196	tristate "IP: tunneling"	202	tristate "IP: tunneling"
197	select INET_TUNNEL	203	select INET_TUNNEL
@@ -361,7 +367,7 @@ config INET_IPCOMP
361	---help---	367	---help---
362	Support for IP Payload Compression Protocol (IPComp) (RFC3173),	368	Support for IP Payload Compression Protocol (IPComp) (RFC3173),
363	typically needed for IPsec.	369	typically needed for IPsec.
364		370
365	If unsure, say Y.	371	If unsure, say Y.
366		372
367	config INET_XFRM_TUNNEL	373	config INET_XFRM_TUNNEL
@@ -415,7 +421,7 @@ config INET_DIAG
415	Support for INET (TCP, DCCP, etc) socket monitoring interface used by	421	Support for INET (TCP, DCCP, etc) socket monitoring interface used by
416	native Linux tools such as ss. ss is included in iproute2, currently	422	native Linux tools such as ss. ss is included in iproute2, currently
417	downloadable at <http://linux-net.osdl.org/index.php/Iproute2>.	423	downloadable at <http://linux-net.osdl.org/index.php/Iproute2>.
418		424
419	If unsure, say Y.	425	If unsure, say Y.
420		426
421	config INET_TCP_DIAG	427	config INET_TCP_DIAG