Most Linux distributions are supplied with boot disks that work for
all common types of PC hardware. Generally, the supplied kernel is
highly modularized and includes nearly every possible driver. This is
a great idea for boot disks, but is probably not what you'd want for
long-term use. There isn't much point in having drivers cluttering up
your disk that you will never use. Therefore, you will generally roll
your own kernel and include only those drivers you actually need or
want; that way you save a little disk space and reduce the time it
takes to compile a new kernel.
In any case, when running a Linux system, you should be familiar with
building a kernel. Think of it as a right of passage, an affirmation of
the one thing that makes free software as powerful as it is—you have
the source. It isn't a case of, “I have to compile a kernel,”
rather it's a case of, “I can compile a
kernel.” The basics of compiling a Linux kernel are explained in Matt
Welsh's book, Running Linux (O'Reilly). Therefore, we
will discuss only configuration options that affect networking in this
section.
One important point that does bear
repeating here is the way the kernel version numbering scheme
works. Linux kernels are numbered in the following format:
2.2.14. The first digit indicates the
major version number. This digit changes when
there are large and significant changes to the kernel design. For
example, the kernel changed from major 1 to 2 when the kernel obtained
support for machines other than Intel machines. The second number is
the minor version number. In many respects, this
number is the most important number to look at. The Linux development
community has adopted a standard at which even minor
version numbers indicate production, or
stable, kernels and odd
minor version numbers indicate development, or
unstable, kernels. The stable kernels are what
you should use on a machine that is important to you, as they have
been more thoroughly tested. The development kernels are what you
should use if you are interested in experimenting with the newest
features of Linux, but they may have problems that haven't yet been
found and fixed. The third number is simply incremented for each
release of a minor version.[1]
When running make menuconfig, you are presented with
a text-based menu that offers lists of configuration questions, such as
whether you want kernel math emulation. One of these queries asks you
whether you want TCP/IP networking support. You must answer this with
y to get a kernel capable of networking.
After the general option section is complete, the configuration will
go on to ask whether you want to include support for various features,
such as SCSI drivers or sound cards. The prompt will indicate what
options are available. You can press ? to obtain a
description of what the option is actually offering. You'll always
have the option of yes (y) to statically include the
component in the kernel, or no (n) to exclude the
component completely. You'll also see the module (m)
option for those components that may be compiled as a run-time
loadable module. Modules need to be loaded before they can be used,
and are useful for drivers of components that you use infrequently.
The subsequent list of questions deal with networking support.
The exact set of configuration options is in constant flux due to ongoing
development. A typical list of options offered by most kernel versions
around 2.0 and 2.1 looks like this:
*
* Network device support
*
Network device support (CONFIG_NETDEVICES) [Y/n/?]
You must answer this question with y if you want to
use any type of networking devices, whether
they are Ethernet, SLIP, PPP, or whatever. When you answer the
question with y, support for Ethernet-type devices
is enabled automatically. You must answer additional questions if
you want to enable support for other types of network drivers:
PLIP (parallel port) support (CONFIG_PLIP) [N/y/m/?] y
PPP (point-to-point) support (CONFIG_PPP) [N/y/m/?] y
*
* CCP compressors for PPP are only built as modules.
*
SLIP (serial line) support (CONFIG_SLIP) [N/y/m/?] m
CSLIP compressed headers (CONFIG_SLIP_COMPRESSED) [N/y/?] (NEW) y
Keepalive and linefill (CONFIG_SLIP_SMART) [N/y/?] (NEW) y
Six bit SLIP encapsulation (CONFIG_SLIP_MODE_SLIP6) [N/y/?] (NEW) y
These questions concern the various link layer protocols that Linux
supports. Both PPP and SLIP allow you to transport IP datagrams
across serial lines. PPP is actually a suite of protocols used to
send network traffic across serial lines. Some of the protocols that
form PPP manage the way that you authenticate yourself to the dial-in
server, while others manage the way certain protocols are carried
across the link—PPP is not limited to carrying TCP/IP datagrams;
it may also carry other protocol such as IPX.
If you answer y or m to SLIP
support, you will be prompted to answer the three questions that appear
below it. The compressed header option provides support for CSLIP, a
technique that compresses TCP/IP headers to as little as three bytes. Note
that this kernel option does not turn on CSLIP automatically; it merely
provides the necessary kernel functions for it. The Keepalive and
linefill option causes the SLIP support to periodically generate
activity on the SLIP line to avoid it being dropped by an inactivity timer. The
Six bit SLIP encapsulation option allows you to run
SLIP over lines and circuits that are not capable of transmitting the
whole 8-bit data set cleanly. This is similar to the uuencoding or binhex
technique used to send binary files by electronic mail.
PLIP provides a way to send IP datagrams across a parallel port connection.
It is mostly used to communicate with PCs running DOS. On typical PC hardware,
PLIP can be faster than PPP or SLIP, but it requires much more CPU overhead to
perform, so while the transfer rate might be good, other tasks on the machine
may be slow.
The following questions address network cards from various vendors.
As more drivers are being developed, you are likely to see questions added
to this section. If you want to build a kernel you can use on a number of
different machines, or if your machine has more than one type of network
card installed, you can enable more than one driver:
.
.
Ethernet (10 or 100Mbit) (CONFIG_NET_ETHERNET) [Y/n/?]
3COM cards (CONFIG_NET_VENDOR_3COM) [Y/n/?]
3c501 support (CONFIG_EL1) [N/y/m/?]
3c503 support (CONFIG_EL2) [N/y/m/?]
3c509/3c579 support (CONFIG_EL3) [Y/m/n/?]
3c590/3c900 series (592/595/597/900/905) "Vortex/Boomerang" support/
(CONFIG_VORTEX) [N/y/m/?]
AMD LANCE and PCnet (AT1500 and NE2100) support (CONFIG_LANCE) [N/y/?]
AMD PCInet32 (VLB and PCI) support (CONFIG_LANCE32) [N/y/?] (NEW)
Western Digital/SMC cards (CONFIG_NET_VENDOR_SMC) [N/y/?]
WD80*3 support (CONFIG_WD80x3) [N/y/m/?] (NEW)
SMC Ultra support (CONFIG_ULTRA) [N/y/m/?] (NEW)
SMC Ultra32 support (CONFIG_ULTRA32) [N/y/m/?] (NEW)
SMC 9194 support (CONFIG_SMC9194) [N/y/m/?] (NEW)
Other ISA cards (CONFIG_NET_ISA) [N/y/?]
Cabletron E21xx support (CONFIG_E2100) [N/y/m/?] (NEW)
DEPCA, DE10x, DE200, DE201, DE202, DE422 support (CONFIG_DEPCA) [N/y/m/?]/
(NEW)
EtherWORKS 3 (DE203, DE204, DE205) support (CONFIG_EWRK3) [N/y/m/?] (NEW)
EtherExpress 16 support (CONFIG_EEXPRESS) [N/y/m/?] (NEW)
HP PCLAN+ (27247B and 27252A) support (CONFIG_HPLAN_PLUS) [N/y/m/?] (NEW)
HP PCLAN (27245 and other 27xxx series) support (CONFIG_HPLAN) [N/y/m/?]/
(NEW)
HP 10/100VG PCLAN (ISA, EISA, PCI) support (CONFIG_HP100) [N/y/m/?] (NEW)
NE2000/NE1000 support (CONFIG_NE2000) [N/y/m/?] (NEW)
SK_G16 support (CONFIG_SK_G16) [N/y/?] (NEW)
EISA, VLB, PCI and on card controllers (CONFIG_NET_EISA) [N/y/?]
Apricot Xen-II on card ethernet (CONFIG_APRICOT) [N/y/m/?] (NEW)
Intel EtherExpress/Pro 100B support (CONFIG_EEXPRESS_PRO100B) [N/y/m/?]/
(NEW)
DE425, DE434, DE435, DE450, DE500 support (CONFIG_DE4X5) [N/y/m/?] (NEW)
DECchip Tulip (dc21x4x) PCI support (CONFIG_DEC_ELCP) [N/y/m/?] (NEW)
Digi Intl. RightSwitch SE-X support (CONFIG_DGRS) [N/y/m/?] (NEW)
Pocket and portable adaptors (CONFIG_NET_POCKET) [N/y/?]
AT-LAN-TEC/RealTek pocket adaptor support (CONFIG_ATP) [N/y/?] (NEW)
D-Link DE600 pocket adaptor support (CONFIG_DE600) [N/y/m/?] (NEW)
D-Link DE620 pocket adaptor support (CONFIG_DE620) [N/y/m/?] (NEW)
Token Ring driver support (CONFIG_TR) [N/y/?]
IBM Tropic chipset based adaptor support (CONFIG_IBMTR) [N/y/m/?] (NEW)
FDDI driver support (CONFIG_FDDI) [N/y/?]
Digital DEFEA and DEFPA adapter support (CONFIG_DEFXX) [N/y/?] (NEW)
ARCnet support (CONFIG_ARCNET) [N/y/m/?]
Enable arc0e (ARCnet "Ether-Encap" packet format) (CONFIG_ARCNET_ETH)/
[N/y/?] (NEW)
Enable arc0s (ARCnet RFC1051 packet format) (CONFIG_ARCNET_1051)/
[N/y/?] (NEW)
.
.
Finally, in the file system section, the configuration script will ask you
whether you want support for NFS, the networking file system. NFS lets you
export file systems to several hosts, which makes the files appear as if they
were on an ordinary hard disk attached to the host:
Linux 2.0.0 marked a significant change in Linux Networking. Many
features were made a standard part of the Kernel, such as support
for IPX. A number of options were also added and made
configurable. Many of these options are used only in very special
circumstances and we won't cover them in detail. The Networking HOWTO
probably addresses what is not covered here. We'll list a number of
useful options in this section, and explain when you'd want to use
each one:
Basics
To use TCP/IP networking, you must answer this question with
y. If you answer with n, however, you
will still be able to compile the kernel with IPX support:
Networking options --->
[*] TCP/IP networking
Gateways
You
have to enable this option if your system acts as a gateway between
two networks or between a LAN and a SLIP link, etc. It
doesn't hurt to enable this by default, but you may want to disable it to
configure a host as a so-called
firewall. Firewalls are hosts that are connected
to two or more networks, but don't route traffic between them. They're
commonly used to provide users with Internet access at minimal
risk to the internal network. Users are allowed to log in to the
firewall and use Internet services, but the company's machines are
protected from outside attacks because incoming connections can't
cross the firewall (firewalls are covered in detail in
Chapter 9 ):
[*] IP: forwarding/gatewaying
Virtual hosting
These options together allow to you
configure more than one IP address onto an interface. This is
sometimes useful if you want to do “virtual hosting,”
through which a single machine can be configured to look and act as
though it were actually many separate machines, each with its own
network personality. We'll talk more about IP aliasing in a moment:
[*] Network aliasing
<*> IP: aliasing support
Accounting
This option enables you to collect data on the volume of IP traffic leaving
and arriving at your machine (we cover this is detail in
Chapter 10 ):
[*] IP: accounting
PC hug
This option works around an incompatibility with some versions of PC/TCP, a
commercial TCP/IP implementation for DOS-based PCs. If you enable this option,
you will still be able to communicate with normal Unix machines, but
performance may be hurt over slow links:
--- (it is safe to leave these untouched)
[*] IP: PC/TCP compatibility mode
Diskless booting
This function enables Reverse Address Resolution
Protocol (RARP). RARP is used by diskless clients and X terminals to
request their IP address when booting. You should enable RARP if you plan to
serve this sort of client. A small program called rarp,
included with the standard networking utilities, is used to add entries
to the kernel RARP table:
<*> IP: Reverse ARP
MTU
When sending data over TCP, the kernel has to break up the stream into blocks
of data to pass to IP. The size of the block is called the Maximum
Transmission Unit, or MTU. For hosts that can be reached over a
local network such as an
Ethernet, it is typical to use an MTU as large as the maximum length of an
Ethernet packet—1,500 bytes. When routing IP over a Wide Area Network
like the Internet, it is preferable to use smaller-sized datagrams to ensure
that they don't need to be further broken down along the route through a
process called IP fragmentation.[2] The kernel is
able to automatically determine the smallest MTU of an IP route and to
automatically configure a TCP connection to use it. This behavior is on by
default. If you answer y to this option this feature
will be disabled.
If you do want to use smaller packet sizes for data sent to specific hosts
(because, for example, the data goes through a SLIP link), you can do so using
the mss option of the route command,
which is briefly discussed at the end of this chapter:
[ ] IP: Disable Path MTU Discovery (normally enabled)
Security feature
The IP protocol supports a feature called Source
Routing. Source routing allows you to specify the route a
datagram should follow by coding the route into the datagram
itself. This was once probably useful before routing protocols such as
RIP and OSPF became commonplace. But today it's considered a security
threat because it can provide clever attackers with a way of
circumventing certain types of firewall protection by bypassing the
routing table of a router. You would normally want to filter out
source routed datagrams, so this option is normally enabled:
[*] IP: Drop source routed frames
Novell support
This option enables support for IPX, the transport protocol Novell
Networking uses. Linux will function quite happily as an IPX router
and this support is useful in environments where you have Novell
fileservers. The NCP filesystem also requires IPX support enabled in
your kernel; if you wish to attach to and mount your Novell
filesystems you must have this option enabled (we'll dicuss IPX and
the NCP filesystem in Chapter 15):
<*> The IPX protocol
Amateur radio
These three options select support for the three Amateur Radio protocols
supported by Linux: AX.25, NetRom and Rose (we don't describe them in this
book, but they are covered in detail in the AX25 HOWTO):
<*> Amateur Radio AX.25 Level 2
<*> Amateur Radio NET/ROM
<*> Amateur Radio X.25 PLP (Rose)
Linux supports another driver type: the dummy driver. The following
question appears toward the start of the device-driver section:
<*> Dummy net driver support
The dummy driver doesn't really do much, but it is quite useful on standalone
or PPP/SLIP hosts. It is basically a masqueraded loopback interface. On
hosts that offer PPP/SLIP but have no
other network interface, you want to have an interface that bears your IP
address all the time. This is discussed in a little more detail in
Section 5.7.7" in
Chapter 5. Note that today you can achieve the same
result by using the IP alias feature and configuring your IP address as an
alias on the loopback interface.
People should use development kernels and report bugs if they are
found; this is a very useful thing to do if you have a machine you can use
as a test machine. Instructions on how to report bugs are detailed in
/usr/src/linux/REPORTING-BUGS in the Linux kernel
source.
Remember, the IP protocol can be carried over many different types of
network, and not all network types will support packet sizes as large
as Ethernet.
