home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  

TCP/IP Network Administration

TCP/IP Network AdministrationSearch this book
Previous: 5.1 Kernel Configuration Chapter 5
Basic Configuration 		Next: 5.3 The BSD Kernel Configuration File
 

5.2 Linux Kernel Configuration

The Linux kernel is a C program compiled and installed by make . The make config command customizes the kernel configuration and generates the files (including the Makefile) needed to compile and link the kernel. On Linux systems, the kernel source directory is /usr/src/linux . To start the configuration process, change to the source directory and run make config :

# cd /usr/src/linux
# make config

The make config command asks many questions about your system configuration. Some of these are directly related to network configuration. The first network configuration question is:

Networking support (CONFIG_NET) [Y/n/?]

Answer "yes" (y), which is the default. Networking support is necessary for all of the TCP/IP networking features that we will request later in the configuration. Even if you don't run TCP/IP, you should answer "yes" to this question. Basic network support is essential to many services.

The make config command asks several more general configuration questions before returning to the topic of networking. When it does, it has many networking questions to ask. The example below is an excerpt from the actual configuration of the Linux 2.0 kernel on a Slackware 96 system. [2]

[2] The configuration questions change with every new kernel. Refer to your system's documentation for the latest information.

Network firewalls (CONFIG_FIREWALL) [N/y/?] 
Network aliasing (CONFIG_NET_ALIAS) [N/y/?] 
TCP/IP networking (CONFIG_INET) [Y/n/?] 
IP: forwarding/gatewaying (CONFIG_IP_FORWARD) [N/y/?] 
IP: multicasting (CONFIG_IP_MULTICAST) [N/y/?] 
IP: accounting (CONFIG_IP_ACCT) [N/y/?] 
IP: PC/TCP compatibility mode (CONFIG_INET_PCTCP) [N/y/?] 
IP: Reverse ARP (CONFIG_INET_RARP) [N/y/m/?] 
IP: Disable Path MTU Discovery (normally enabled)
     (CONFIG_NO_PATH_MTU_DISCOVERY) [N/y/?] 
IP: Drop source routed frames (CONFIG_IP_NOSR) [Y/n/?] 
IP: Allow large windows (not recommended if <16Mb of memory)
     (CONFIG_SKB_LARGE) [Y/n/?] 
Network device support (CONFIG_NETDEVICES) [Y/n/?] 
Dummy net driver support (CONFIG_DUMMY) [N/y/m/?] 
EQL (serial line load balancing) support (CONFIG_EQUALIZER) [N/y/m/?] 
PLIP (parallel port) support (CONFIG_PLIP) [N/y/m/?] 
PPP (point-to-point) support (CONFIG_PPP) [Y/m/n/?] 
SLIP (serial line) support (CONFIG_SLIP) [Y/m/n/?] 
 CSLIP compressed headers (CONFIG_SLIP_COMPRESSED) [Y/n/?] 
 Keepalive and linefill (CONFIG_SLIP_SMART) [N/y/?] 
 Six bit SLIP encapsulation (CONFIG_SLIP_MODE_SLIP6) [N/y/?] 
Radio network interfaces (CONFIG_NET_RADIO) [N/y/?] 
Ethernet (10 or 100Mbit) (CONFIG_NET_ETHERNET) [Y/n/?] 
3COM cards (CONFIG_NET_VENDOR_3COM) [Y/n/?] 
3c501 support (CONFIG_EL1) [N/y/m/?] 
3c503 support (CONFIG_EL2) [N/y/m/?] 
3c509/3c579 support (CONFIG_EL3) [Y/m/n/?] 
3c590 series (592/595/597) "Vortex" support (CONFIG_VORTEX) [N/y/m/?] 
AMD LANCE and PCnet (AT1500 and NE2100) support (CONFIG_LANCE) [N/y/?] 
Western Digital/SMC cards (CONFIG_NET_VENDOR_SMC) [N/y/?] 
Other ISA cards (CONFIG_NET_ISA) [N/y/?] 
EISA, VLB, PCI and on board controllers (CONFIG_NET_EISA) [N/y/?] 
Pocket and portable adaptors (CONFIG_NET_POCKET) [N/y/?] 
Token Ring driver support (CONFIG_TR) [N/y/?] 
ARCnet support (CONFIG_ARCNET) [N/y/m/?] 
ISDN support (CONFIG_ISDN) [N/y/m/?]

Each configuration option is either enabled by entering a "y" for "yes", or disabled with an "n" for "no". "m" for "module" is an alternative method for enabling some features. Features that are available as dynamically loadable modules list "m" as a possible response. If "m" is selected, the dynamically loadable module is loaded the first time a call is made to the kernel that requires the module. If "y" is selected for a feature, the code that supports that feature is compiled directly into the kernel. The default setting of each option is indicated by the uppercase letter in the square brackets at the end of the option line. For example, [Y,n] indicates an option that is enabled by default. Here, we list each option and its purpose:

CONFIG_FIREWALL

Adds the kernel support necessary to make this system a firewall. Enable this only if the Linux system will be your firewall. The full firewall installation requires additional software outside the kernel. See Chapter 12, Network Security , for a discussion of firewalls. [3]

[3] Building a firewall is beyond the scope of this book. See Building Internet Firewalls , by Brent Chapman and Elizabeth Zwicky (O'Reilly & Associates), for a full treatment of the subject.

CONFIG_NET_ALIAS

Adds the kernel support necessary for address translation. Use this feature only if you have a private internal network number and a different network address for external communications. If you do, internal addresses must be translated to valid external addresses whenever connections are made to the outside world, but it is likely that the translation will be done by your router or firewall. You should select "yes" only in the rare circumstance that the Linux box must do the translation; otherwise, select "no". See Chapter 4, Getting Started , for a discussion of private network numbers and address translation.

CONFIG_INET

Adds TCP/IP networking to the kernel. This is an absolute must!

CONFIG_IP_FORWARD

Determines whether or not the system forwards IP datagrams. This feature must be enabled if the Linux system is an IP router. On Linux host systems, this feature is disabled, which is the default. Select "no" unless this box is a router.

CONFIG_IP_MULTICAST

Adds multicast support to the kernel. Enable this to use multicast applications such as MBONE or Internet Talk Radio. Not sure if you need multicasting? Select "yes". You never know what applications you will add later.

CONFIG_IP_ACCT

Adds code to count the bytes in incoming and outgoing traffic on a per-port/pre-address basis. This could be useful for monitoring system usage, particularly in a commercial environment where usage is billed back to the originator. Additional application software would be needed to make this useful. Select "no" unless you plan to keep close tabs on usage.

CONFIG_INET_PCTCP

Handles an incompatibility problem with older versions of FTP software's PC/TCP. Use if you have clients who run the old PC/TCP software on PCs.

CONFIG_INET_RARP

Adds support for Reverse Address Resolution Protocol (RARP) to the kernel. Enable this if you plan to use RARP on your network. Not sure? Use "m" to select the loadable module that can be used when your system needs it. See Chapter 3, Network Services , for a description of RARP and Chapter 9, Configuring Network Servers for information on configuring a RARP server.

CONFIG_NO_PATH_MTU_DISCOVERY

Removes path MTU discovery code from the kernel. (Beware of the double negative! A "y" [yes] disables MTU discovery and an "n" [no] enables it.) Select "no". Path MTU discovery is a technique that attempts to determine the smallest maximum transmission unit (MTU) along the entire path from a source to a destination. That MTU is then used for subsequent transmissions to avoid datagram fragmentation. See Chapter 1, Overview of TCP/IP , for a description of fragmentation.

CONFIG_IP_NOSR

Determines whether the system accepts source-routed datagrams. Source routing allows the source of the datagram to specify the routers that are used to deliver the packet. Source routes are used to force packets to travel over a specific path; for example, to test the routers in a path or to avoid a high-cost link. However, the problem with source routes is that they are used by spoofers . Spoofers are network intruders who pretend to be a system they are not. For example, a spoofer might pretend to be a computer on one of your enterprise subnets. By using source routing, the spoofer could cause your system to route packets off of your enterprise net that you thought were going to a local system. Enabling CONFIG_IP_NOSR makes it impossible for a spoofer to use source routes against you. Select "yes" unless you are positive that you must use source routes.

CONFIG_SKB_LARGE

Sets whether or not the system will use a large transmission window size. Large windows improve network performance at the cost of additional buffer space. Large windows can be disabled to save memory on systems with less than 16MB of RAM. See Chapter 1 for a description of the TCP transmission window.

CONFIG_NETDEVICES

Adds the general support required for network hardware devices. Always answer "yes", which is the default, to this question. It is required before configuring your Ethernet card.

CONFIG_DUMMY

Enables support for a dummy interface. An IP address can be assigned to the dummy interface even if the system has no network interface hardware. This is sometimes used by people who want to work on TCP/IP configuration even though they don't have a network connection. If you have a network, select "no".

CONFIG_EQUALIZER

Adds support for using multiple serial lines simultaneously. Using this feature, it is possible to have more than one physical PPP link established between the local host and the remote server. The system load balances between the links and attempts to treat them as a single logical network connection. This is a technique for increasing the bandwidth simply by adding additional modems and phone lines. The systems at both ends must support serial line load balancing and they must do so in exactly the same way. This option is used only when both systems are Linux systems connected by multiple serial lines. Otherwise, select "no".

CONFIG_PLIP

Adds Parallel Line IP to the kernel. PLIP is a version of SLIP that runs over the parallel printer port using a special crossover cable. This protocol is intended for transferring data between two co-located PCs, as the cable should be only 1 or 2 meters long. This has very limited applicability.

CONFIG_PPP

Adds the Point-to-Point Protocol (PPP) to the kernel. PPP is the TCP/IP standard protocol for communicating over serial lines. Select "yes" if your system will use a modem connection for TCP/IP. Chapter 6, Configuring the Interface , covers the configuration of this important protocol in detail.

CONFIG_SLIP

Adds the Serial Line IP (SLIP) to the kernel. SLIP is an older TCP/IP protocol once widely used for communicating over serial lines. Chapter 6 covers SLIP configuration in detail.

CONFIG_SLIP_COMPRESSED

Adds support for Van Jacobsen header compression to the kernel. Packet headers add a large amount of overhead when communicating over low-speed serial lines. Header compression greatly reduces this overhead. The systems at both ends of the serial link must use header compression for it to work. Most systems that run SLIP do use header compression.

CONFIG_SLIP_SMART

Adds support for keepalives to the kernel. Some servers drop a connection or timeout a route if the route or connection appears unused. Use is determined by whether or not traffic is coming in over the link. Keepalives are periodic transmissions sent for the explicit purpose of generating traffic on a link so that it is not dropped as an inactive line. The use of keepalives is discouraged. Most networks are busy enough as it is!

CONFIG_SLIP_MODE_SLIP6

Adds support for running SLIP over 6-bit serial lines. Normally a modem and line are configured for 8-bit, no-parity to run SLIP or PPP. This feature allows SLIP to be run in an environment that can not support 8-bit transmissions. This is non-standard and rarely used. The systems at both ends of the link must support this protocol for it to work.

CONFIG_NET_ETHERNET

Adds support for Ethernet hardware to the kernel. You need this for your Ethernet LAN.

The remaining questions allow you to select your network hardware. A large number of Ethernet cards are supported by Linux. In the sample, we selected the 3COM 3C509 card. The make config command also allows us to select ARCnet, token ring, or ISDN interfaces. Some hosts use no specific network hardware. Instead, they run SLIP or PPP over a serial port as their sole network connection. Select the hardware appropriate for your system.

After make config asks questions about the network configuration, it goes on to ask about several other aspects of the system configuration. Next, it tells you to do a make dep; make clean to build the dependencies and clean up the odds and ends. When the makes are complete, you are ready to compile the kernel. The make zImage command builds a compressed kernel and puts it in the /usr/src/linux/i386/boot directory. [4] Simply copy the new kernel file, zImage , to /vmlinuz and you're ready to run.

[4] Most Linux systems use a compressed kernel that is automatically decompressed during the system boot.

Linux's list of network configuration options is as long lists for UNIX kernel configuration. Linux is yin to the Solaris yang. Linux permits the system administrator to configure everything, while Solaris configures everything for the administrator. BSD kernel configuration lies somewhere between these two extremes.

Previous: 5.1 Kernel Configuration TCP/IP Network Administration Next: 5.3 The BSD Kernel Configuration File
5.1 Kernel Configuration Book Index 5.3 The BSD Kernel Configuration File

[ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ]