Loading...
1#
2# IPv6 configuration
3#
4
5# IPv6 as module will cause a CRASH if you try to unload it
6menuconfig IPV6
7 tristate "The IPv6 protocol"
8 default m
9 ---help---
10 This is complemental support for the IP version 6.
11 You will still be able to do traditional IPv4 networking as well.
12
13 For general information about IPv6, see
14 <http://playground.sun.com/pub/ipng/html/ipng-main.html>.
15 For Linux IPv6 development information, see <http://www.linux-ipv6.org>.
16 For specific information about IPv6 under Linux, read the HOWTO at
17 <http://www.bieringer.de/linux/IPv6/>.
18
19 To compile this protocol support as a module, choose M here: the
20 module will be called ipv6.
21
22if IPV6
23
24config IPV6_PRIVACY
25 bool "IPv6: Privacy Extensions (RFC 3041) support"
26 ---help---
27 Privacy Extensions for Stateless Address Autoconfiguration in IPv6
28 support. With this option, additional periodically-altered
29 pseudo-random global-scope unicast address(es) will be assigned to
30 your interface(s).
31
32 We use our standard pseudo-random algorithm to generate the
33 randomized interface identifier, instead of one described in RFC 3041.
34
35 By default the kernel does not generate temporary addresses.
36 To use temporary addresses, do
37
38 echo 2 >/proc/sys/net/ipv6/conf/all/use_tempaddr
39
40 See <file:Documentation/networking/ip-sysctl.txt> for details.
41
42config IPV6_ROUTER_PREF
43 bool "IPv6: Router Preference (RFC 4191) support"
44 ---help---
45 Router Preference is an optional extension to the Router
46 Advertisement message which improves the ability of hosts
47 to pick an appropriate router, especially when the hosts
48 are placed in a multi-homed network.
49
50 If unsure, say N.
51
52config IPV6_ROUTE_INFO
53 bool "IPv6: Route Information (RFC 4191) support (EXPERIMENTAL)"
54 depends on IPV6_ROUTER_PREF && EXPERIMENTAL
55 ---help---
56 This is experimental support of Route Information.
57
58 If unsure, say N.
59
60config IPV6_OPTIMISTIC_DAD
61 bool "IPv6: Enable RFC 4429 Optimistic DAD (EXPERIMENTAL)"
62 depends on EXPERIMENTAL
63 ---help---
64 This is experimental support for optimistic Duplicate
65 Address Detection. It allows for autoconfigured addresses
66 to be used more quickly.
67
68 If unsure, say N.
69
70config INET6_AH
71 tristate "IPv6: AH transformation"
72 select XFRM
73 select CRYPTO
74 select CRYPTO_HMAC
75 select CRYPTO_MD5
76 select CRYPTO_SHA1
77 ---help---
78 Support for IPsec AH.
79
80 If unsure, say Y.
81
82config INET6_ESP
83 tristate "IPv6: ESP transformation"
84 select XFRM
85 select CRYPTO
86 select CRYPTO_AUTHENC
87 select CRYPTO_HMAC
88 select CRYPTO_MD5
89 select CRYPTO_CBC
90 select CRYPTO_SHA1
91 select CRYPTO_DES
92 ---help---
93 Support for IPsec ESP.
94
95 If unsure, say Y.
96
97config INET6_IPCOMP
98 tristate "IPv6: IPComp transformation"
99 select INET6_XFRM_TUNNEL
100 select XFRM_IPCOMP
101 ---help---
102 Support for IP Payload Compression Protocol (IPComp) (RFC3173),
103 typically needed for IPsec.
104
105 If unsure, say Y.
106
107config IPV6_MIP6
108 tristate "IPv6: Mobility (EXPERIMENTAL)"
109 depends on EXPERIMENTAL
110 select XFRM
111 ---help---
112 Support for IPv6 Mobility described in RFC 3775.
113
114 If unsure, say N.
115
116config INET6_XFRM_TUNNEL
117 tristate
118 select INET6_TUNNEL
119 default n
120
121config INET6_TUNNEL
122 tristate
123 default n
124
125config INET6_XFRM_MODE_TRANSPORT
126 tristate "IPv6: IPsec transport mode"
127 default IPV6
128 select XFRM
129 ---help---
130 Support for IPsec transport mode.
131
132 If unsure, say Y.
133
134config INET6_XFRM_MODE_TUNNEL
135 tristate "IPv6: IPsec tunnel mode"
136 default IPV6
137 select XFRM
138 ---help---
139 Support for IPsec tunnel mode.
140
141 If unsure, say Y.
142
143config INET6_XFRM_MODE_BEET
144 tristate "IPv6: IPsec BEET mode"
145 default IPV6
146 select XFRM
147 ---help---
148 Support for IPsec BEET mode.
149
150 If unsure, say Y.
151
152config INET6_XFRM_MODE_ROUTEOPTIMIZATION
153 tristate "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)"
154 depends on EXPERIMENTAL
155 select XFRM
156 ---help---
157 Support for MIPv6 route optimization mode.
158
159config IPV6_SIT
160 tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
161 select INET_TUNNEL
162 select IPV6_NDISC_NODETYPE
163 default y
164 ---help---
165 Tunneling means encapsulating data of one protocol type within
166 another protocol and sending it over a channel that understands the
167 encapsulating protocol. This driver implements encapsulation of IPv6
168 into IPv4 packets. This is useful if you want to connect two IPv6
169 networks over an IPv4-only path.
170
171 Saying M here will produce a module called sit. If unsure, say Y.
172
173config IPV6_SIT_6RD
174 bool "IPv6: IPv6 Rapid Deployment (6RD) (EXPERIMENTAL)"
175 depends on IPV6_SIT && EXPERIMENTAL
176 default n
177 ---help---
178 IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon
179 mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly
180 deploy IPv6 unicast service to IPv4 sites to which it provides
181 customer premise equipment. Like 6to4, it utilizes stateless IPv6 in
182 IPv4 encapsulation in order to transit IPv4-only network
183 infrastructure. Unlike 6to4, a 6rd service provider uses an IPv6
184 prefix of its own in place of the fixed 6to4 prefix.
185
186 With this option enabled, the SIT driver offers 6rd functionality by
187 providing additional ioctl API to configure the IPv6 Prefix for in
188 stead of static 2002::/16 for 6to4.
189
190 If unsure, say N.
191
192config IPV6_NDISC_NODETYPE
193 bool
194
195config IPV6_TUNNEL
196 tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)"
197 select INET6_TUNNEL
198 ---help---
199 Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in
200 RFC 2473.
201
202 If unsure, say N.
203
204config IPV6_MULTIPLE_TABLES
205 bool "IPv6: Multiple Routing Tables"
206 depends on EXPERIMENTAL
207 select FIB_RULES
208 ---help---
209 Support multiple routing tables.
210
211config IPV6_SUBTREES
212 bool "IPv6: source address based routing"
213 depends on IPV6_MULTIPLE_TABLES
214 ---help---
215 Enable routing by source address or prefix.
216
217 The destination address is still the primary routing key, so mixing
218 normal and source prefix specific routes in the same routing table
219 may sometimes lead to unintended routing behavior. This can be
220 avoided by defining different routing tables for the normal and
221 source prefix specific routes.
222
223 If unsure, say N.
224
225config IPV6_MROUTE
226 bool "IPv6: multicast routing (EXPERIMENTAL)"
227 depends on IPV6 && EXPERIMENTAL
228 ---help---
229 Experimental support for IPv6 multicast forwarding.
230 If unsure, say N.
231
232config IPV6_MROUTE_MULTIPLE_TABLES
233 bool "IPv6: multicast policy routing"
234 depends on IPV6_MROUTE
235 select FIB_RULES
236 help
237 Normally, a multicast router runs a userspace daemon and decides
238 what to do with a multicast packet based on the source and
239 destination addresses. If you say Y here, the multicast router
240 will also be able to take interfaces and packet marks into
241 account and run multiple instances of userspace daemons
242 simultaneously, each one handling a single table.
243
244 If unsure, say N.
245
246config IPV6_PIMSM_V2
247 bool "IPv6: PIM-SM version 2 support (EXPERIMENTAL)"
248 depends on IPV6_MROUTE
249 ---help---
250 Support for IPv6 PIM multicast routing protocol PIM-SMv2.
251 If unsure, say N.
252
253endif # IPV6
1# SPDX-License-Identifier: GPL-2.0-only
2#
3# IPv6 configuration
4#
5
6# IPv6 as module will cause a CRASH if you try to unload it
7menuconfig IPV6
8 tristate "The IPv6 protocol"
9 default y
10 help
11 Support for IP version 6 (IPv6).
12
13 For general information about IPv6, see
14 <https://en.wikipedia.org/wiki/IPv6>.
15 For specific information about IPv6 under Linux, see
16 Documentation/networking/ipv6.rst and read the HOWTO at
17 <https://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/>
18
19 To compile this protocol support as a module, choose M here: the
20 module will be called ipv6.
21
22if IPV6
23
24config IPV6_ROUTER_PREF
25 bool "IPv6: Router Preference (RFC 4191) support"
26 help
27 Router Preference is an optional extension to the Router
28 Advertisement message which improves the ability of hosts
29 to pick an appropriate router, especially when the hosts
30 are placed in a multi-homed network.
31
32 If unsure, say N.
33
34config IPV6_ROUTE_INFO
35 bool "IPv6: Route Information (RFC 4191) support"
36 depends on IPV6_ROUTER_PREF
37 help
38 Support of Route Information.
39
40 If unsure, say N.
41
42config IPV6_OPTIMISTIC_DAD
43 bool "IPv6: Enable RFC 4429 Optimistic DAD"
44 help
45 Support for optimistic Duplicate Address Detection. It allows for
46 autoconfigured addresses to be used more quickly.
47
48 If unsure, say N.
49
50config INET6_AH
51 tristate "IPv6: AH transformation"
52 select XFRM_AH
53 help
54 Support for IPsec AH (Authentication Header).
55
56 AH can be used with various authentication algorithms. Besides
57 enabling AH support itself, this option enables the generic
58 implementations of the algorithms that RFC 8221 lists as MUST be
59 implemented. If you need any other algorithms, you'll need to enable
60 them in the crypto API. You should also enable accelerated
61 implementations of any needed algorithms when available.
62
63 If unsure, say Y.
64
65config INET6_ESP
66 tristate "IPv6: ESP transformation"
67 select XFRM_ESP
68 help
69 Support for IPsec ESP (Encapsulating Security Payload).
70
71 ESP can be used with various encryption and authentication algorithms.
72 Besides enabling ESP support itself, this option enables the generic
73 implementations of the algorithms that RFC 8221 lists as MUST be
74 implemented. If you need any other algorithms, you'll need to enable
75 them in the crypto API. You should also enable accelerated
76 implementations of any needed algorithms when available.
77
78 If unsure, say Y.
79
80config INET6_ESP_OFFLOAD
81 tristate "IPv6: ESP transformation offload"
82 depends on INET6_ESP
83 select XFRM_OFFLOAD
84 default n
85 help
86 Support for ESP transformation offload. This makes sense
87 only if this system really does IPsec and want to do it
88 with high throughput. A typical desktop system does not
89 need it, even if it does IPsec.
90
91 If unsure, say N.
92
93config INET6_ESPINTCP
94 bool "IPv6: ESP in TCP encapsulation (RFC 8229)"
95 depends on XFRM && INET6_ESP
96 select STREAM_PARSER
97 select NET_SOCK_MSG
98 select XFRM_ESPINTCP
99 help
100 Support for RFC 8229 encapsulation of ESP and IKE over
101 TCP/IPv6 sockets.
102
103 If unsure, say N.
104
105config INET6_IPCOMP
106 tristate "IPv6: IPComp transformation"
107 select INET6_XFRM_TUNNEL
108 select XFRM_IPCOMP
109 help
110 Support for IP Payload Compression Protocol (IPComp) (RFC3173),
111 typically needed for IPsec.
112
113 If unsure, say Y.
114
115config IPV6_MIP6
116 tristate "IPv6: Mobility"
117 select XFRM
118 help
119 Support for IPv6 Mobility described in RFC 3775.
120
121 If unsure, say N.
122
123config IPV6_ILA
124 tristate "IPv6: Identifier Locator Addressing (ILA)"
125 depends on NETFILTER
126 select DST_CACHE
127 select LWTUNNEL
128 help
129 Support for IPv6 Identifier Locator Addressing (ILA).
130
131 ILA is a mechanism to do network virtualization without
132 encapsulation. The basic concept of ILA is that we split an
133 IPv6 address into a 64 bit locator and 64 bit identifier. The
134 identifier is the identity of an entity in communication
135 ("who") and the locator expresses the location of the
136 entity ("where").
137
138 ILA can be configured using the "encap ila" option with
139 "ip -6 route" command. ILA is described in
140 https://tools.ietf.org/html/draft-herbert-nvo3-ila-00.
141
142 If unsure, say N.
143
144config INET6_XFRM_TUNNEL
145 tristate
146 select INET6_TUNNEL
147 default n
148
149config INET6_TUNNEL
150 tristate
151 default n
152
153config IPV6_VTI
154tristate "Virtual (secure) IPv6: tunneling"
155 select IPV6_TUNNEL
156 select NET_IP_TUNNEL
157 select XFRM
158 help
159 Tunneling means encapsulating data of one protocol type within
160 another protocol and sending it over a channel that understands the
161 encapsulating protocol. This can be used with xfrm mode tunnel to give
162 the notion of a secure tunnel for IPSEC and then use routing protocol
163 on top.
164
165config IPV6_SIT
166 tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
167 select INET_TUNNEL
168 select NET_IP_TUNNEL
169 select IPV6_NDISC_NODETYPE
170 default y
171 help
172 Tunneling means encapsulating data of one protocol type within
173 another protocol and sending it over a channel that understands the
174 encapsulating protocol. This driver implements encapsulation of IPv6
175 into IPv4 packets. This is useful if you want to connect two IPv6
176 networks over an IPv4-only path.
177
178 Saying M here will produce a module called sit. If unsure, say Y.
179
180config IPV6_SIT_6RD
181 bool "IPv6: IPv6 Rapid Deployment (6RD)"
182 depends on IPV6_SIT
183 default n
184 help
185 IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon
186 mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly
187 deploy IPv6 unicast service to IPv4 sites to which it provides
188 customer premise equipment. Like 6to4, it utilizes stateless IPv6 in
189 IPv4 encapsulation in order to transit IPv4-only network
190 infrastructure. Unlike 6to4, a 6rd service provider uses an IPv6
191 prefix of its own in place of the fixed 6to4 prefix.
192
193 With this option enabled, the SIT driver offers 6rd functionality by
194 providing additional ioctl API to configure the IPv6 Prefix for in
195 stead of static 2002::/16 for 6to4.
196
197 If unsure, say N.
198
199config IPV6_NDISC_NODETYPE
200 bool
201
202config IPV6_TUNNEL
203 tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)"
204 select INET6_TUNNEL
205 select DST_CACHE
206 select GRO_CELLS
207 help
208 Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in
209 RFC 2473.
210
211 If unsure, say N.
212
213config IPV6_GRE
214 tristate "IPv6: GRE tunnel"
215 select IPV6_TUNNEL
216 select NET_IP_TUNNEL
217 depends on NET_IPGRE_DEMUX
218 help
219 Tunneling means encapsulating data of one protocol type within
220 another protocol and sending it over a channel that understands the
221 encapsulating protocol. This particular tunneling driver implements
222 GRE (Generic Routing Encapsulation) and at this time allows
223 encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure.
224 This driver is useful if the other endpoint is a Cisco router: Cisco
225 likes GRE much better than the other Linux tunneling driver ("IP
226 tunneling" above). In addition, GRE allows multicast redistribution
227 through the tunnel.
228
229 Saying M here will produce a module called ip6_gre. If unsure, say N.
230
231config IPV6_FOU
232 tristate
233 default NET_FOU && IPV6
234
235config IPV6_FOU_TUNNEL
236 tristate
237 default NET_FOU_IP_TUNNELS && IPV6_FOU
238 select IPV6_TUNNEL
239
240config IPV6_MULTIPLE_TABLES
241 bool "IPv6: Multiple Routing Tables"
242 select FIB_RULES
243 help
244 Support multiple routing tables.
245
246config IPV6_SUBTREES
247 bool "IPv6: source address based routing"
248 depends on IPV6_MULTIPLE_TABLES
249 help
250 Enable routing by source address or prefix.
251
252 The destination address is still the primary routing key, so mixing
253 normal and source prefix specific routes in the same routing table
254 may sometimes lead to unintended routing behavior. This can be
255 avoided by defining different routing tables for the normal and
256 source prefix specific routes.
257
258 If unsure, say N.
259
260config IPV6_MROUTE
261 bool "IPv6: multicast routing"
262 depends on IPV6
263 select IP_MROUTE_COMMON
264 help
265 Support for IPv6 multicast forwarding.
266 If unsure, say N.
267
268config IPV6_MROUTE_MULTIPLE_TABLES
269 bool "IPv6: multicast policy routing"
270 depends on IPV6_MROUTE
271 select FIB_RULES
272 help
273 Normally, a multicast router runs a userspace daemon and decides
274 what to do with a multicast packet based on the source and
275 destination addresses. If you say Y here, the multicast router
276 will also be able to take interfaces and packet marks into
277 account and run multiple instances of userspace daemons
278 simultaneously, each one handling a single table.
279
280 If unsure, say N.
281
282config IPV6_PIMSM_V2
283 bool "IPv6: PIM-SM version 2 support"
284 depends on IPV6_MROUTE
285 help
286 Support for IPv6 PIM multicast routing protocol PIM-SMv2.
287 If unsure, say N.
288
289config IPV6_SEG6_LWTUNNEL
290 bool "IPv6: Segment Routing Header encapsulation support"
291 depends on IPV6
292 select LWTUNNEL
293 select DST_CACHE
294 select IPV6_MULTIPLE_TABLES
295 help
296 Support for encapsulation of packets within an outer IPv6
297 header and a Segment Routing Header using the lightweight
298 tunnels mechanism. Also enable support for advanced local
299 processing of SRv6 packets based on their active segment.
300
301 If unsure, say N.
302
303config IPV6_SEG6_HMAC
304 bool "IPv6: Segment Routing HMAC support"
305 depends on IPV6
306 select CRYPTO
307 select CRYPTO_HMAC
308 select CRYPTO_SHA1
309 select CRYPTO_SHA256
310 help
311 Support for HMAC signature generation and verification
312 of SR-enabled packets.
313
314 If unsure, say N.
315
316config IPV6_SEG6_BPF
317 def_bool y
318 depends on IPV6_SEG6_LWTUNNEL
319 depends on IPV6 = y
320
321config IPV6_RPL_LWTUNNEL
322 bool "IPv6: RPL Source Routing Header support"
323 depends on IPV6
324 select LWTUNNEL
325 help
326 Support for RFC6554 RPL Source Routing Header using the lightweight
327 tunnels mechanism.
328
329 If unsure, say N.
330
331endif # IPV6