Loading...
1#
2# IPv6 configuration
3#
4
5# IPv6 as module will cause a CRASH if you try to unload it
6menuconfig IPV6
7 tristate "The IPv6 protocol"
8 default m
9 ---help---
10 This is complemental support for the IP version 6.
11 You will still be able to do traditional IPv4 networking as well.
12
13 For general information about IPv6, see
14 <http://playground.sun.com/pub/ipng/html/ipng-main.html>.
15 For Linux IPv6 development information, see <http://www.linux-ipv6.org>.
16 For specific information about IPv6 under Linux, read the HOWTO at
17 <http://www.bieringer.de/linux/IPv6/>.
18
19 To compile this protocol support as a module, choose M here: the
20 module will be called ipv6.
21
22if IPV6
23
24config IPV6_PRIVACY
25 bool "IPv6: Privacy Extensions (RFC 3041) support"
26 ---help---
27 Privacy Extensions for Stateless Address Autoconfiguration in IPv6
28 support. With this option, additional periodically-altered
29 pseudo-random global-scope unicast address(es) will be assigned to
30 your interface(s).
31
32 We use our standard pseudo-random algorithm to generate the
33 randomized interface identifier, instead of one described in RFC 3041.
34
35 By default the kernel does not generate temporary addresses.
36 To use temporary addresses, do
37
38 echo 2 >/proc/sys/net/ipv6/conf/all/use_tempaddr
39
40 See <file:Documentation/networking/ip-sysctl.txt> for details.
41
42config IPV6_ROUTER_PREF
43 bool "IPv6: Router Preference (RFC 4191) support"
44 ---help---
45 Router Preference is an optional extension to the Router
46 Advertisement message which improves the ability of hosts
47 to pick an appropriate router, especially when the hosts
48 are placed in a multi-homed network.
49
50 If unsure, say N.
51
52config IPV6_ROUTE_INFO
53 bool "IPv6: Route Information (RFC 4191) support (EXPERIMENTAL)"
54 depends on IPV6_ROUTER_PREF && EXPERIMENTAL
55 ---help---
56 This is experimental support of Route Information.
57
58 If unsure, say N.
59
60config IPV6_OPTIMISTIC_DAD
61 bool "IPv6: Enable RFC 4429 Optimistic DAD (EXPERIMENTAL)"
62 depends on EXPERIMENTAL
63 ---help---
64 This is experimental support for optimistic Duplicate
65 Address Detection. It allows for autoconfigured addresses
66 to be used more quickly.
67
68 If unsure, say N.
69
70config INET6_AH
71 tristate "IPv6: AH transformation"
72 select XFRM
73 select CRYPTO
74 select CRYPTO_HMAC
75 select CRYPTO_MD5
76 select CRYPTO_SHA1
77 ---help---
78 Support for IPsec AH.
79
80 If unsure, say Y.
81
82config INET6_ESP
83 tristate "IPv6: ESP transformation"
84 select XFRM
85 select CRYPTO
86 select CRYPTO_AUTHENC
87 select CRYPTO_HMAC
88 select CRYPTO_MD5
89 select CRYPTO_CBC
90 select CRYPTO_SHA1
91 select CRYPTO_DES
92 ---help---
93 Support for IPsec ESP.
94
95 If unsure, say Y.
96
97config INET6_IPCOMP
98 tristate "IPv6: IPComp transformation"
99 select INET6_XFRM_TUNNEL
100 select XFRM_IPCOMP
101 ---help---
102 Support for IP Payload Compression Protocol (IPComp) (RFC3173),
103 typically needed for IPsec.
104
105 If unsure, say Y.
106
107config IPV6_MIP6
108 tristate "IPv6: Mobility (EXPERIMENTAL)"
109 depends on EXPERIMENTAL
110 select XFRM
111 ---help---
112 Support for IPv6 Mobility described in RFC 3775.
113
114 If unsure, say N.
115
116config INET6_XFRM_TUNNEL
117 tristate
118 select INET6_TUNNEL
119 default n
120
121config INET6_TUNNEL
122 tristate
123 default n
124
125config INET6_XFRM_MODE_TRANSPORT
126 tristate "IPv6: IPsec transport mode"
127 default IPV6
128 select XFRM
129 ---help---
130 Support for IPsec transport mode.
131
132 If unsure, say Y.
133
134config INET6_XFRM_MODE_TUNNEL
135 tristate "IPv6: IPsec tunnel mode"
136 default IPV6
137 select XFRM
138 ---help---
139 Support for IPsec tunnel mode.
140
141 If unsure, say Y.
142
143config INET6_XFRM_MODE_BEET
144 tristate "IPv6: IPsec BEET mode"
145 default IPV6
146 select XFRM
147 ---help---
148 Support for IPsec BEET mode.
149
150 If unsure, say Y.
151
152config INET6_XFRM_MODE_ROUTEOPTIMIZATION
153 tristate "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)"
154 depends on EXPERIMENTAL
155 select XFRM
156 ---help---
157 Support for MIPv6 route optimization mode.
158
159config IPV6_SIT
160 tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
161 select INET_TUNNEL
162 select IPV6_NDISC_NODETYPE
163 default y
164 ---help---
165 Tunneling means encapsulating data of one protocol type within
166 another protocol and sending it over a channel that understands the
167 encapsulating protocol. This driver implements encapsulation of IPv6
168 into IPv4 packets. This is useful if you want to connect two IPv6
169 networks over an IPv4-only path.
170
171 Saying M here will produce a module called sit. If unsure, say Y.
172
173config IPV6_SIT_6RD
174 bool "IPv6: IPv6 Rapid Deployment (6RD) (EXPERIMENTAL)"
175 depends on IPV6_SIT && EXPERIMENTAL
176 default n
177 ---help---
178 IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon
179 mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly
180 deploy IPv6 unicast service to IPv4 sites to which it provides
181 customer premise equipment. Like 6to4, it utilizes stateless IPv6 in
182 IPv4 encapsulation in order to transit IPv4-only network
183 infrastructure. Unlike 6to4, a 6rd service provider uses an IPv6
184 prefix of its own in place of the fixed 6to4 prefix.
185
186 With this option enabled, the SIT driver offers 6rd functionality by
187 providing additional ioctl API to configure the IPv6 Prefix for in
188 stead of static 2002::/16 for 6to4.
189
190 If unsure, say N.
191
192config IPV6_NDISC_NODETYPE
193 bool
194
195config IPV6_TUNNEL
196 tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)"
197 select INET6_TUNNEL
198 ---help---
199 Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in
200 RFC 2473.
201
202 If unsure, say N.
203
204config IPV6_MULTIPLE_TABLES
205 bool "IPv6: Multiple Routing Tables"
206 depends on EXPERIMENTAL
207 select FIB_RULES
208 ---help---
209 Support multiple routing tables.
210
211config IPV6_SUBTREES
212 bool "IPv6: source address based routing"
213 depends on IPV6_MULTIPLE_TABLES
214 ---help---
215 Enable routing by source address or prefix.
216
217 The destination address is still the primary routing key, so mixing
218 normal and source prefix specific routes in the same routing table
219 may sometimes lead to unintended routing behavior. This can be
220 avoided by defining different routing tables for the normal and
221 source prefix specific routes.
222
223 If unsure, say N.
224
225config IPV6_MROUTE
226 bool "IPv6: multicast routing (EXPERIMENTAL)"
227 depends on IPV6 && EXPERIMENTAL
228 ---help---
229 Experimental support for IPv6 multicast forwarding.
230 If unsure, say N.
231
232config IPV6_MROUTE_MULTIPLE_TABLES
233 bool "IPv6: multicast policy routing"
234 depends on IPV6_MROUTE
235 select FIB_RULES
236 help
237 Normally, a multicast router runs a userspace daemon and decides
238 what to do with a multicast packet based on the source and
239 destination addresses. If you say Y here, the multicast router
240 will also be able to take interfaces and packet marks into
241 account and run multiple instances of userspace daemons
242 simultaneously, each one handling a single table.
243
244 If unsure, say N.
245
246config IPV6_PIMSM_V2
247 bool "IPv6: PIM-SM version 2 support (EXPERIMENTAL)"
248 depends on IPV6_MROUTE
249 ---help---
250 Support for IPv6 PIM multicast routing protocol PIM-SMv2.
251 If unsure, say N.
252
253endif # IPV6
1# SPDX-License-Identifier: GPL-2.0-only
2#
3# IPv6 configuration
4#
5
6# IPv6 as module will cause a CRASH if you try to unload it
7menuconfig IPV6
8 tristate "The IPv6 protocol"
9 default y
10 select CRYPTO_LIB_SHA1
11 help
12 Support for IP version 6 (IPv6).
13
14 For general information about IPv6, see
15 <https://en.wikipedia.org/wiki/IPv6>.
16 For specific information about IPv6 under Linux, see
17 Documentation/networking/ipv6.rst and read the HOWTO at
18 <https://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/>
19
20 To compile this protocol support as a module, choose M here: the
21 module will be called ipv6.
22
23if IPV6
24
25config IPV6_ROUTER_PREF
26 bool "IPv6: Router Preference (RFC 4191) support"
27 help
28 Router Preference is an optional extension to the Router
29 Advertisement message which improves the ability of hosts
30 to pick an appropriate router, especially when the hosts
31 are placed in a multi-homed network.
32
33 If unsure, say N.
34
35config IPV6_ROUTE_INFO
36 bool "IPv6: Route Information (RFC 4191) support"
37 depends on IPV6_ROUTER_PREF
38 help
39 Support of Route Information.
40
41 If unsure, say N.
42
43config IPV6_OPTIMISTIC_DAD
44 bool "IPv6: Enable RFC 4429 Optimistic DAD"
45 help
46 Support for optimistic Duplicate Address Detection. It allows for
47 autoconfigured addresses to be used more quickly.
48
49 If unsure, say N.
50
51config INET6_AH
52 tristate "IPv6: AH transformation"
53 select XFRM_AH
54 help
55 Support for IPsec AH (Authentication Header).
56
57 AH can be used with various authentication algorithms. Besides
58 enabling AH support itself, this option enables the generic
59 implementations of the algorithms that RFC 8221 lists as MUST be
60 implemented. If you need any other algorithms, you'll need to enable
61 them in the crypto API. You should also enable accelerated
62 implementations of any needed algorithms when available.
63
64 If unsure, say Y.
65
66config INET6_ESP
67 tristate "IPv6: ESP transformation"
68 select XFRM_ESP
69 help
70 Support for IPsec ESP (Encapsulating Security Payload).
71
72 ESP can be used with various encryption and authentication algorithms.
73 Besides enabling ESP support itself, this option enables the generic
74 implementations of the algorithms that RFC 8221 lists as MUST be
75 implemented. If you need any other algorithms, you'll need to enable
76 them in the crypto API. You should also enable accelerated
77 implementations of any needed algorithms when available.
78
79 If unsure, say Y.
80
81config INET6_ESP_OFFLOAD
82 tristate "IPv6: ESP transformation offload"
83 depends on INET6_ESP
84 select XFRM_OFFLOAD
85 default n
86 help
87 Support for ESP transformation offload. This makes sense
88 only if this system really does IPsec and want to do it
89 with high throughput. A typical desktop system does not
90 need it, even if it does IPsec.
91
92 If unsure, say N.
93
94config INET6_ESPINTCP
95 bool "IPv6: ESP in TCP encapsulation (RFC 8229)"
96 depends on XFRM && INET6_ESP
97 select STREAM_PARSER
98 select NET_SOCK_MSG
99 select XFRM_ESPINTCP
100 help
101 Support for RFC 8229 encapsulation of ESP and IKE over
102 TCP/IPv6 sockets.
103
104 If unsure, say N.
105
106config INET6_IPCOMP
107 tristate "IPv6: IPComp transformation"
108 select INET6_XFRM_TUNNEL
109 select XFRM_IPCOMP
110 help
111 Support for IP Payload Compression Protocol (IPComp) (RFC3173),
112 typically needed for IPsec.
113
114 If unsure, say Y.
115
116config IPV6_MIP6
117 tristate "IPv6: Mobility"
118 select XFRM
119 help
120 Support for IPv6 Mobility described in RFC 3775.
121
122 If unsure, say N.
123
124config IPV6_ILA
125 tristate "IPv6: Identifier Locator Addressing (ILA)"
126 depends on NETFILTER
127 select DST_CACHE
128 select LWTUNNEL
129 help
130 Support for IPv6 Identifier Locator Addressing (ILA).
131
132 ILA is a mechanism to do network virtualization without
133 encapsulation. The basic concept of ILA is that we split an
134 IPv6 address into a 64 bit locator and 64 bit identifier. The
135 identifier is the identity of an entity in communication
136 ("who") and the locator expresses the location of the
137 entity ("where").
138
139 ILA can be configured using the "encap ila" option with
140 "ip -6 route" command. ILA is described in
141 https://tools.ietf.org/html/draft-herbert-nvo3-ila-00.
142
143 If unsure, say N.
144
145config INET6_XFRM_TUNNEL
146 tristate
147 select INET6_TUNNEL
148 default n
149
150config INET6_TUNNEL
151 tristate
152 default n
153
154config IPV6_VTI
155 tristate "Virtual (secure) IPv6: tunneling"
156 select IPV6_TUNNEL
157 select NET_IP_TUNNEL
158 select XFRM
159 help
160 Tunneling means encapsulating data of one protocol type within
161 another protocol and sending it over a channel that understands the
162 encapsulating protocol. This can be used with xfrm mode tunnel to give
163 the notion of a secure tunnel for IPSEC and then use routing protocol
164 on top.
165
166config IPV6_SIT
167 tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
168 select INET_TUNNEL
169 select NET_IP_TUNNEL
170 select IPV6_NDISC_NODETYPE
171 default y
172 help
173 Tunneling means encapsulating data of one protocol type within
174 another protocol and sending it over a channel that understands the
175 encapsulating protocol. This driver implements encapsulation of IPv6
176 into IPv4 packets. This is useful if you want to connect two IPv6
177 networks over an IPv4-only path.
178
179 Saying M here will produce a module called sit. If unsure, say Y.
180
181config IPV6_SIT_6RD
182 bool "IPv6: IPv6 Rapid Deployment (6RD)"
183 depends on IPV6_SIT
184 default n
185 help
186 IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon
187 mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly
188 deploy IPv6 unicast service to IPv4 sites to which it provides
189 customer premise equipment. Like 6to4, it utilizes stateless IPv6 in
190 IPv4 encapsulation in order to transit IPv4-only network
191 infrastructure. Unlike 6to4, a 6rd service provider uses an IPv6
192 prefix of its own in place of the fixed 6to4 prefix.
193
194 With this option enabled, the SIT driver offers 6rd functionality by
195 providing additional ioctl API to configure the IPv6 Prefix for in
196 stead of static 2002::/16 for 6to4.
197
198 If unsure, say N.
199
200config IPV6_NDISC_NODETYPE
201 bool
202
203config IPV6_TUNNEL
204 tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)"
205 select INET6_TUNNEL
206 select DST_CACHE
207 select GRO_CELLS
208 help
209 Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in
210 RFC 2473.
211
212 If unsure, say N.
213
214config IPV6_GRE
215 tristate "IPv6: GRE tunnel"
216 select IPV6_TUNNEL
217 select NET_IP_TUNNEL
218 depends on NET_IPGRE_DEMUX
219 help
220 Tunneling means encapsulating data of one protocol type within
221 another protocol and sending it over a channel that understands the
222 encapsulating protocol. This particular tunneling driver implements
223 GRE (Generic Routing Encapsulation) and at this time allows
224 encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure.
225 This driver is useful if the other endpoint is a Cisco router: Cisco
226 likes GRE much better than the other Linux tunneling driver ("IP
227 tunneling" above). In addition, GRE allows multicast redistribution
228 through the tunnel.
229
230 Saying M here will produce a module called ip6_gre. If unsure, say N.
231
232config IPV6_FOU
233 tristate
234 default NET_FOU && IPV6
235
236config IPV6_FOU_TUNNEL
237 tristate
238 default NET_FOU_IP_TUNNELS && IPV6_FOU
239 select IPV6_TUNNEL
240
241config IPV6_MULTIPLE_TABLES
242 bool "IPv6: Multiple Routing Tables"
243 select FIB_RULES
244 help
245 Support multiple routing tables.
246
247config IPV6_SUBTREES
248 bool "IPv6: source address based routing"
249 depends on IPV6_MULTIPLE_TABLES
250 help
251 Enable routing by source address or prefix.
252
253 The destination address is still the primary routing key, so mixing
254 normal and source prefix specific routes in the same routing table
255 may sometimes lead to unintended routing behavior. This can be
256 avoided by defining different routing tables for the normal and
257 source prefix specific routes.
258
259 If unsure, say N.
260
261config IPV6_MROUTE
262 bool "IPv6: multicast routing"
263 depends on IPV6
264 select IP_MROUTE_COMMON
265 help
266 Support for IPv6 multicast forwarding.
267 If unsure, say N.
268
269config IPV6_MROUTE_MULTIPLE_TABLES
270 bool "IPv6: multicast policy routing"
271 depends on IPV6_MROUTE
272 select FIB_RULES
273 help
274 Normally, a multicast router runs a userspace daemon and decides
275 what to do with a multicast packet based on the source and
276 destination addresses. If you say Y here, the multicast router
277 will also be able to take interfaces and packet marks into
278 account and run multiple instances of userspace daemons
279 simultaneously, each one handling a single table.
280
281 If unsure, say N.
282
283config IPV6_PIMSM_V2
284 bool "IPv6: PIM-SM version 2 support"
285 depends on IPV6_MROUTE
286 help
287 Support for IPv6 PIM multicast routing protocol PIM-SMv2.
288 If unsure, say N.
289
290config IPV6_SEG6_LWTUNNEL
291 bool "IPv6: Segment Routing Header encapsulation support"
292 depends on IPV6
293 select LWTUNNEL
294 select DST_CACHE
295 select IPV6_MULTIPLE_TABLES
296 help
297 Support for encapsulation of packets within an outer IPv6
298 header and a Segment Routing Header using the lightweight
299 tunnels mechanism. Also enable support for advanced local
300 processing of SRv6 packets based on their active segment.
301
302 If unsure, say N.
303
304config IPV6_SEG6_HMAC
305 bool "IPv6: Segment Routing HMAC support"
306 depends on IPV6
307 select CRYPTO
308 select CRYPTO_HMAC
309 select CRYPTO_SHA1
310 select CRYPTO_SHA256
311 help
312 Support for HMAC signature generation and verification
313 of SR-enabled packets.
314
315 If unsure, say N.
316
317config IPV6_SEG6_BPF
318 def_bool y
319 depends on IPV6_SEG6_LWTUNNEL
320 depends on IPV6 = y
321
322config IPV6_RPL_LWTUNNEL
323 bool "IPv6: RPL Source Routing Header support"
324 depends on IPV6
325 select LWTUNNEL
326 help
327 Support for RFC6554 RPL Source Routing Header using the lightweight
328 tunnels mechanism.
329
330 If unsure, say N.
331
332config IPV6_IOAM6_LWTUNNEL
333 bool "IPv6: IOAM Pre-allocated Trace insertion support"
334 depends on IPV6
335 select LWTUNNEL
336 select DST_CACHE
337 help
338 Support for the insertion of IOAM Pre-allocated Trace
339 Header using the lightweight tunnels mechanism.
340
341 If unsure, say N.
342
343endif # IPV6