File: CONFIG.linux22

package info (click to toggle)
kernel-patch-usagi 0.0.20020401-1
  • links: PTS
  • area: main
  • in suites: woody
  • size: 2,144 kB
  • ctags: 1
  • sloc: makefile: 36
file content (178 lines) | stat: -rw-r--r-- 6,507 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
 
==============================================================
How to Configure Linux-2.2.X USAGI kernel

$USAGI: CONFIG.linux22,v 1.4 2001/12/26 15:59:47 mk Exp $
==============================================================

  **CAUTION**

   On most linux distributions, the maintainers apply many unofficial
   patches against the original linux kernel for their products. 
   USAGI patches don't include such the patches. It includes only our
   improvements, so you may get some troubles if you build a kernel
   applying only the usagi patch.

   To eliminate this (possible) issue, we provide binary packges basen on 
   our stable releases. If you want to build your kernel from original
   kernel source, you have better to apply distribution-oriented patches
   before applying the USAGI patch. 

   The binary packages are found at 
   <ftp://ftp.linux-ipv6.org/pub/usagi/stable/package/>.


---------------------------------------------------
Customizing the linux-2.2 kernerl with USAGI patch
---------------------------------------------------
We reccomend to configure kernel options as follows.

  Code maturity level options  ---> 
   [*] Prompt for development and/or incomplete code/drivers  

	+ Enabling the option, you can use experimental features
	  including IPv6. Say Y.

  
  Networking options  --->
   [*]   Moderate SO_REUSEADDR behavior
     *CONFIG_NET_MODERATE_REUSE

	+ With this option, kernel restrict effect of SO_REUSEADDR to prevent 
	  other users from performing 'binding closer' type attacks like NFS 
	  theft.  Say Y.

   <*>   The IPv6 protocol (EXPERIMENTAL)
     *CONFIG_IPV6

	+ Say Y. In order to avoid some troubles, we recommend to build
	  IPv6 protocol stack as a build-in function. Of course you can
	  build it as a module. It's up to you.

   [ ]     IPv6: Verbose debugging messages
     *CONFIG_IPV6_DEBUG

	+ Debugging option. It makes a lot of debug messages. It's only
	  for debugging purpose. If you want to track some behaviours of
	  IPv6 protocol stack, you can enable the option, otherwise
	  say N.

   [ ]    IPv6: sin6_scope_id support
     *CONFIG_IPV6_SCOPE_ID

	+ RFC2553 introduced a new member into ipv6 socket address
	  structure sockaddr_in6{}.  Because old linux kernels and
	  glibc do not have this member and its size is smaller than
	  new one, thie option may breaks binaries which blindly 
	  uses socket address size from kernel (via getsockname(2) 
	  or recvfrom(2) etc.), from kernel (via getsockname(2) or 
	  recvfrom(2) etc.).  If unsure, say N.

   [*]     IPv6: Loose scope_id
     *CONFIG_IPV6_LOOSE_SCOPE_ID

	+ Enabling the option, the kernel checks the size of struct
	  sockaddr_in6 loosely (and act as before if it is not included /
	  or it is set to zero);  otherwise, kernel will complain
	  if you pass a sockaddr_in6{} without scope-id (or with zero'ed
	  scope-id) for link-scope addressed.  Though we don't recommend 
	  you to set this option enabled (so say N), in fact, there're  
	  many applications which do not set scope-id properly.
	  If you're using glibc-2.1.x, you may want to try this option
	  enabled.

   [*]     IPv6: drop packets with fake ipv4-mapped address(es)  
     *CONFIG_IPV6_DROP_FAKE_V4MAPPED

	+ We reccomend to enable the option from security point of
	  view. Enabling the option, the linux kernel drops the
	  IPv6 packets which destination or source addresses are
	  IPv4-mapped IPv6 addresses. Say Y.

   [*]	   IPv6: Moderate double binding behavior
     *CONFIG_IPV6_MODERATE_DOUBLE_BIND

	+ With this option, kernel will not allow other users to do double 
	  binding.  Say Y.

   [ ]	   IPv6: 6to4-address in nexthop support
     *CONFIG_IPV6_6TO4_NEXTHOP

	+ Say N.

   [ ]     IPv6: Privacy Extensions (RFC 3041) Support
     *CONFIG_IPV6_PRIVACY

	+ Privacy Extensions for Stateless Address Autoconfiguration in IPv6
	  support.  With this option, additional periodically-alter 
	  pseudo-random global-scope unicast address(es) will assigned to
	  your interface(s).  At this moment, automatic source address
	  selection won't choose temporary address, so this option is 
	  only for testing purposes.

   [ ]     IPv6: Neighbor Discovery debugging       
     *CONFIG_IPV6_NDISC_DEBUG

	+ Debugging option, the kernel outputs verbose debugging
	  messages regarding Neighbour Discovery Protocol. Say N.

   [ ]     IPv6: Address Autoconfigration debugging
     *CONFIG_IPV6_ACONF_DEBUG

	+ Debugging option. the kernel outputs verbose debugging
	  messages regarding Stateless Auto Address Configuration.
	  Say N.

   [ ]     IPv6: Debug on source address selection
     *CONFIG_IPV6_ACONF_DEBUG_SADDR

	+  Verbose kernel message to debug IPv6 source address selection.
	   Say N.

   [ ]     IPv6: Routing Informtation debugging
     *CONFIG_IPV6_RT6_DEBUG

	+ Debugging option. the kernel outputs verbose debugging
	  messages regarding IPv6 Routing Informations. Say N.

   [*]     IPv6: allow default route when forwarding is enabled
     *CONFIG_IPV6_EN_DFLT

	+ The original linux kernel purges IPv6 default route when IPv6
	  forwarding is enabled. Enabling the option, the kernel doesn't
	  purge the default route. Say Y, if unsure say N.

   [ ]     IPv6: Multicast Listener Discovery debugging
     *CONFIG_IPV6_MLD6_DEBUG

	+ Debugging option. the kernel outputs verbose debugging
	  messages regarding Multicast Listener Discovery messages.
	  Say N.

   [ ]     IPv6: Do not suppress MLD6 Done message
     *CONFIG_IPV6_MLD6_NO_SUPPRESS_DONE

	+ Enabling the option, the kernel sends MLD6(Multicast Listener
	  Discovery Protocol, defined in RFC2710) done message when
	  your linux box leaves a multicast group. Say N.

   [ ]     IPv6: enable Node Information Queries
     *CONFIG_IPV6_NODEINFO

	+ Enabling the ICMP name lookup feature which described in
	  <draft-ietf-ipngwg-icmp-name-lookups-07>. Enabling the option,
	  your linux box answers its host name or its ipv6/4 address(es)
	  in reply to Node Information Query.  These information is
	  useful for administration, but it may also cause information
	  flaws.  if unsure, say N.

   [ ]       IPv6: Node Information Queries debugging
     *CONFIG_IPV6_NODEINFO_DEBUG

	+ Debugging option. The kernel outputs verbose debugging messages
	  regarding ICMPv6 node-info queries. Say N.

   [ ]       IPv6: regard NIS domain as DNS domain
     *CONFIG_IPV6_NODEINFO_USE_UTS_DOMAIN

	+ The kernel replies a NIS domain name as a domain name of
	  ICMP name reply. If unsure, say N.