1 files changed, 44 insertions, 47 deletions
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
index 691268f3a359..70491d9035eb 100644
--- a/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@ -35,7 +35,7 @@ config IP_ADVANCED_ROUTER
          at boot time after the /proc file system has been mounted.
-          If you turn on IP forwarding, you will also get the rp_filter, which
+          If you turn on IP forwarding, you should consider the rp_filter, which
          automatically rejects incoming packets if the routing table entry
          for their source address doesn't match the network interface they're
          arriving on. This has security advantages because it prevents the
@@ -46,12 +46,16 @@ config IP_ADVANCED_ROUTER
          rp_filter on use:
          echo 1 > /proc/sys/net/ipv4/conf/<device>/rp_filter
-          or
+           and
          echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
+          Note that some distributions enable it in startup scripts.
+          For details about rp_filter strict and loose mode read
+          <file:Documentation/networking/ip-sysctl.txt>.
          If unsure, say N here.
-choice 
+choice
        prompt "Choose IP: FIB lookup algorithm (choose FIB_HASH if unsure)"
        depends on IP_ADVANCED_ROUTER
        default ASK_IP_FIB_HASH
@@ -59,27 +63,29 @@ choice
 config ASK_IP_FIB_HASH
        bool "FIB_HASH"
        ---help---
-        Current FIB is very proven and good enough for most users.
+          Current FIB is very proven and good enough for most users.
 config IP_FIB_TRIE
        bool "FIB_TRIE"
        ---help---
-        Use new experimental LC-trie as FIB lookup algorithm. 
+          Use new experimental LC-trie as FIB lookup algorithm.
-        This improves lookup performance if you have a large
+          This improves lookup performance if you have a large
-        number of routes.
+          number of routes.
-        LC-trie is a longest matching prefix lookup algorithm which
+          LC-trie is a longest matching prefix lookup algorithm which
-        performs better than FIB_HASH for large routing tables.
+          performs better than FIB_HASH for large routing tables.
-        But, it consumes more memory and is more complex.
+          But, it consumes more memory and is more complex.
-        
-        LC-trie is described in:
+          LC-trie is described in:
-        
-        IP-address lookup using LC-tries. Stefan Nilsson and Gunnar Karlsson
+          IP-address lookup using LC-tries. Stefan Nilsson and Gunnar Karlsson
-        IEEE Journal on Selected Areas in Communications, 17(6):1083-1092, June 1999
+          IEEE Journal on Selected Areas in Communications, 17(6):1083-1092,
-        An experimental study of compression methods for dynamic tries
+          June 1999
-        Stefan Nilsson and Matti Tikkanen. Algorithmica, 33(1):19-33, 2002.
-        http://www.nada.kth.se/~snilsson/public/papers/dyntrie2/
+          An experimental study of compression methods for dynamic tries
-       
+          Stefan Nilsson and Matti Tikkanen. Algorithmica, 33(1):19-33, 2002.
+          http://www.nada.kth.se/~snilsson/public/papers/dyntrie2/
 endchoice
 config IP_FIB_HASH
@@ -191,7 +197,7 @@ config IP_PNP_RARP
          <file:Documentation/filesystems/nfsroot.txt> for details.
 # not yet ready..
-#   bool '    IP: ARP support' CONFIG_IP_PNP_ARP                
+#   bool '    IP: ARP support' CONFIG_IP_PNP_ARP
 config NET_IPIP
        tristate "IP: tunneling"
        select INET_TUNNEL
@@ -267,29 +273,20 @@ config IP_PIMSM_V2
          you want to play with it.
 config ARPD
-        bool "IP: ARP daemon support (EXPERIMENTAL)"
+        bool "IP: ARP daemon support"
-        depends on EXPERIMENTAL
        ---help---
-          Normally, the kernel maintains an internal cache which maps IP
+          The kernel maintains an internal cache which maps IP addresses to
-          addresses to hardware addresses on the local network, so that
+          hardware addresses on the local network, so that Ethernet/Token Ring/
-          Ethernet/Token Ring/ etc. frames are sent to the proper address on
+          etc. frames are sent to the proper address on the physical networking
-          the physical networking layer. For small networks having a few
+          layer. Normally, kernel uses the ARP protocol to resolve these
-          hundred directly connected hosts or less, keeping this address
+          mappings.
-          resolution (ARP) cache inside the kernel works well. However,
-          maintaining an internal ARP cache does not work well for very large
+          Saying Y here adds support to have an user space daemon to do this
-          switched networks, and will use a lot of kernel memory if TCP/IP
+          resolution instead. This is useful for implementing an alternate
-          connections are made to many machines on the network.
+          address resolution protocol (e.g. NHRP on mGRE tunnels) and also for
+          testing purposes.
-          If you say Y here, the kernel's internal ARP cache will never grow
-          to more than 256 entries (the oldest entries are expired in a LIFO
+          If unsure, say N.
-          manner) and communication will be attempted with the user space ARP
-          daemon arpd. Arpd then answers the address resolution request either
-          from its own cache or by asking the net.
-          This code is experimental and also obsolete. If you want to use it,
-          you need to find a version of the daemon arpd on the net somewhere,
-          and you should also say Y to "Kernel/User network link driver",
-          below. If unsure, say N.
 config SYN_COOKIES
        bool "IP: TCP syncookie support (disabled per default)"
@@ -361,7 +358,7 @@ config INET_IPCOMP
        ---help---
          Support for IP Payload Compression Protocol (IPComp) (RFC3173),
          typically needed for IPsec.
-          
          If unsure, say Y.
 config INET_XFRM_TUNNEL
@@ -401,8 +398,8 @@ config INET_XFRM_MODE_BEET
          If unsure, say Y.
 config INET_LRO
-        tristate "Large Receive Offload (ipv4/tcp)"
+        bool "Large Receive Offload (ipv4/tcp)"
+        default y
        ---help---
          Support for Large Receive Offload (ipv4/tcp).
@@ -415,7 +412,7 @@ config INET_DIAG
          Support for INET (TCP, DCCP, etc) socket monitoring interface used by
          native Linux tools such as ss. ss is included in iproute2, currently
          downloadable at <http://linux-net.osdl.org/index.php/Iproute2>.
-          
          If unsure, say Y.
 config INET_TCP_DIAG

diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig index 691268f3a359..70491d9035eb 100644 --- a/net/ipv4/Kconfig +++ b/net/ipv4/Kconfig
@@ -35,7 +35,7 @@ config IP_ADVANCED_ROUTER
35		35
36	at boot time after the /proc file system has been mounted.	36	at boot time after the /proc file system has been mounted.
37		37
38	If you turn on IP forwarding, you will also get the rp_filter, which	38	If you turn on IP forwarding, you should consider the rp_filter, which
39	automatically rejects incoming packets if the routing table entry	39	automatically rejects incoming packets if the routing table entry
40	for their source address doesn't match the network interface they're	40	for their source address doesn't match the network interface they're
41	arriving on. This has security advantages because it prevents the	41	arriving on. This has security advantages because it prevents the
@@ -46,12 +46,16 @@ config IP_ADVANCED_ROUTER
46	rp_filter on use:	46	rp_filter on use:
47		47
48	echo 1 > /proc/sys/net/ipv4/conf/<device>/rp_filter	48	echo 1 > /proc/sys/net/ipv4/conf/<device>/rp_filter
49	or	49	and
50	echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter	50	echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
51		51
		52	Note that some distributions enable it in startup scripts.
		53	For details about rp_filter strict and loose mode read
		54	<file:Documentation/networking/ip-sysctl.txt>.
		55
52	If unsure, say N here.	56	If unsure, say N here.
53		57
54	choice	58	choice
55	prompt "Choose IP: FIB lookup algorithm (choose FIB_HASH if unsure)"	59	prompt "Choose IP: FIB lookup algorithm (choose FIB_HASH if unsure)"
56	depends on IP_ADVANCED_ROUTER	60	depends on IP_ADVANCED_ROUTER
57	default ASK_IP_FIB_HASH	61	default ASK_IP_FIB_HASH
@@ -59,27 +63,29 @@ choice
59	config ASK_IP_FIB_HASH	63	config ASK_IP_FIB_HASH
60	bool "FIB_HASH"	64	bool "FIB_HASH"
61	---help---	65	---help---
62	Current FIB is very proven and good enough for most users.	66	Current FIB is very proven and good enough for most users.
63		67
64	config IP_FIB_TRIE	68	config IP_FIB_TRIE
65	bool "FIB_TRIE"	69	bool "FIB_TRIE"
66	---help---	70	---help---
67	Use new experimental LC-trie as FIB lookup algorithm.	71	Use new experimental LC-trie as FIB lookup algorithm.
68	This improves lookup performance if you have a large	72	This improves lookup performance if you have a large
69	number of routes.	73	number of routes.
70		74
71	LC-trie is a longest matching prefix lookup algorithm which	75	LC-trie is a longest matching prefix lookup algorithm which
72	performs better than FIB_HASH for large routing tables.	76	performs better than FIB_HASH for large routing tables.
73	But, it consumes more memory and is more complex.	77	But, it consumes more memory and is more complex.
74		78
75	LC-trie is described in:	79	LC-trie is described in:
76		80
77	IP-address lookup using LC-tries. Stefan Nilsson and Gunnar Karlsson	81	IP-address lookup using LC-tries. Stefan Nilsson and Gunnar Karlsson
78	IEEE Journal on Selected Areas in Communications, 17(6):1083-1092, June 1999	82	IEEE Journal on Selected Areas in Communications, 17(6):1083-1092,
79	An experimental study of compression methods for dynamic tries	83	June 1999
80	Stefan Nilsson and Matti Tikkanen. Algorithmica, 33(1):19-33, 2002.	84
81	http://www.nada.kth.se/~snilsson/public/papers/dyntrie2/	85	An experimental study of compression methods for dynamic tries
82		86	Stefan Nilsson and Matti Tikkanen. Algorithmica, 33(1):19-33, 2002.
		87	http://www.nada.kth.se/~snilsson/public/papers/dyntrie2/
		88
83	endchoice	89	endchoice
84		90
85	config IP_FIB_HASH	91	config IP_FIB_HASH
@@ -191,7 +197,7 @@ config IP_PNP_RARP
191	<file:Documentation/filesystems/nfsroot.txt> for details.	197	<file:Documentation/filesystems/nfsroot.txt> for details.
192		198
193	# not yet ready..	199	# not yet ready..
194	# bool ' IP: ARP support' CONFIG_IP_PNP_ARP	200	# bool ' IP: ARP support' CONFIG_IP_PNP_ARP
195	config NET_IPIP	201	config NET_IPIP
196	tristate "IP: tunneling"	202	tristate "IP: tunneling"
197	select INET_TUNNEL	203	select INET_TUNNEL
@@ -267,29 +273,20 @@ config IP_PIMSM_V2
267	you want to play with it.	273	you want to play with it.
268		274
269	config ARPD	275	config ARPD
270	bool "IP: ARP daemon support (EXPERIMENTAL)"	276	bool "IP: ARP daemon support"
271	depends on EXPERIMENTAL
272	---help---	277	---help---
273	Normally, the kernel maintains an internal cache which maps IP	278	The kernel maintains an internal cache which maps IP addresses to
274	addresses to hardware addresses on the local network, so that	279	hardware addresses on the local network, so that Ethernet/Token Ring/
275	Ethernet/Token Ring/ etc. frames are sent to the proper address on	280	etc. frames are sent to the proper address on the physical networking
276	the physical networking layer. For small networks having a few	281	layer. Normally, kernel uses the ARP protocol to resolve these
277	hundred directly connected hosts or less, keeping this address	282	mappings.
278	resolution (ARP) cache inside the kernel works well. However,	283
279	maintaining an internal ARP cache does not work well for very large	284	Saying Y here adds support to have an user space daemon to do this
280	switched networks, and will use a lot of kernel memory if TCP/IP	285	resolution instead. This is useful for implementing an alternate
281	connections are made to many machines on the network.	286	address resolution protocol (e.g. NHRP on mGRE tunnels) and also for
282		287	testing purposes.
283	If you say Y here, the kernel's internal ARP cache will never grow	288
284	to more than 256 entries (the oldest entries are expired in a LIFO	289	If unsure, say N.
285	manner) and communication will be attempted with the user space ARP
286	daemon arpd. Arpd then answers the address resolution request either
287	from its own cache or by asking the net.
288
289	This code is experimental and also obsolete. If you want to use it,
290	you need to find a version of the daemon arpd on the net somewhere,
291	and you should also say Y to "Kernel/User network link driver",
292	below. If unsure, say N.
293		290
294	config SYN_COOKIES	291	config SYN_COOKIES
295	bool "IP: TCP syncookie support (disabled per default)"	292	bool "IP: TCP syncookie support (disabled per default)"
@@ -361,7 +358,7 @@ config INET_IPCOMP
361	---help---	358	---help---
362	Support for IP Payload Compression Protocol (IPComp) (RFC3173),	359	Support for IP Payload Compression Protocol (IPComp) (RFC3173),
363	typically needed for IPsec.	360	typically needed for IPsec.
364		361
365	If unsure, say Y.	362	If unsure, say Y.
366		363
367	config INET_XFRM_TUNNEL	364	config INET_XFRM_TUNNEL
@@ -401,8 +398,8 @@ config INET_XFRM_MODE_BEET
401	If unsure, say Y.	398	If unsure, say Y.
402		399
403	config INET_LRO	400	config INET_LRO
404	tristate "Large Receive Offload (ipv4/tcp)"	401	bool "Large Receive Offload (ipv4/tcp)"
405		402	default y
406	---help---	403	---help---
407	Support for Large Receive Offload (ipv4/tcp).	404	Support for Large Receive Offload (ipv4/tcp).
408		405
@@ -415,7 +412,7 @@ config INET_DIAG
415	Support for INET (TCP, DCCP, etc) socket monitoring interface used by	412	Support for INET (TCP, DCCP, etc) socket monitoring interface used by
416	native Linux tools such as ss. ss is included in iproute2, currently	413	native Linux tools such as ss. ss is included in iproute2, currently
417	downloadable at <http://linux-net.osdl.org/index.php/Iproute2>.	414	downloadable at <http://linux-net.osdl.org/index.php/Iproute2>.
418		415
419	If unsure, say Y.	416	If unsure, say Y.
420		417
421	config INET_TCP_DIAG	418	config INET_TCP_DIAG