Loading...
1# SPDX-License-Identifier: GPL-2.0-only
2#
3# IPv6 configuration
4#
5
6# IPv6 as module will cause a CRASH if you try to unload it
7menuconfig IPV6
8 tristate "The IPv6 protocol"
9 default y
10 help
11 Support for IP version 6 (IPv6).
12
13 For general information about IPv6, see
14 <https://en.wikipedia.org/wiki/IPv6>.
15 For specific information about IPv6 under Linux, see
16 Documentation/networking/ipv6.rst and read the HOWTO at
17 <https://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/>
18
19 To compile this protocol support as a module, choose M here: the
20 module will be called ipv6.
21
22if IPV6
23
24config IPV6_ROUTER_PREF
25 bool "IPv6: Router Preference (RFC 4191) support"
26 help
27 Router Preference is an optional extension to the Router
28 Advertisement message which improves the ability of hosts
29 to pick an appropriate router, especially when the hosts
30 are placed in a multi-homed network.
31
32 If unsure, say N.
33
34config IPV6_ROUTE_INFO
35 bool "IPv6: Route Information (RFC 4191) support"
36 depends on IPV6_ROUTER_PREF
37 help
38 Support of Route Information.
39
40 If unsure, say N.
41
42config IPV6_OPTIMISTIC_DAD
43 bool "IPv6: Enable RFC 4429 Optimistic DAD"
44 help
45 Support for optimistic Duplicate Address Detection. It allows for
46 autoconfigured addresses to be used more quickly.
47
48 If unsure, say N.
49
50config INET6_AH
51 tristate "IPv6: AH transformation"
52 select XFRM_AH
53 help
54 Support for IPsec AH (Authentication Header).
55
56 AH can be used with various authentication algorithms. Besides
57 enabling AH support itself, this option enables the generic
58 implementations of the algorithms that RFC 8221 lists as MUST be
59 implemented. If you need any other algorithms, you'll need to enable
60 them in the crypto API. You should also enable accelerated
61 implementations of any needed algorithms when available.
62
63 If unsure, say Y.
64
65config INET6_ESP
66 tristate "IPv6: ESP transformation"
67 select XFRM_ESP
68 help
69 Support for IPsec ESP (Encapsulating Security Payload).
70
71 ESP can be used with various encryption and authentication algorithms.
72 Besides enabling ESP support itself, this option enables the generic
73 implementations of the algorithms that RFC 8221 lists as MUST be
74 implemented. If you need any other algorithms, you'll need to enable
75 them in the crypto API. You should also enable accelerated
76 implementations of any needed algorithms when available.
77
78 If unsure, say Y.
79
80config INET6_ESP_OFFLOAD
81 tristate "IPv6: ESP transformation offload"
82 depends on INET6_ESP
83 select XFRM_OFFLOAD
84 default n
85 help
86 Support for ESP transformation offload. This makes sense
87 only if this system really does IPsec and want to do it
88 with high throughput. A typical desktop system does not
89 need it, even if it does IPsec.
90
91 If unsure, say N.
92
93config INET6_ESPINTCP
94 bool "IPv6: ESP in TCP encapsulation (RFC 8229)"
95 depends on XFRM && INET6_ESP
96 select STREAM_PARSER
97 select NET_SOCK_MSG
98 select XFRM_ESPINTCP
99 help
100 Support for RFC 8229 encapsulation of ESP and IKE over
101 TCP/IPv6 sockets.
102
103 If unsure, say N.
104
105config INET6_IPCOMP
106 tristate "IPv6: IPComp transformation"
107 select INET6_XFRM_TUNNEL
108 select XFRM_IPCOMP
109 help
110 Support for IP Payload Compression Protocol (IPComp) (RFC3173),
111 typically needed for IPsec.
112
113 If unsure, say Y.
114
115config IPV6_MIP6
116 tristate "IPv6: Mobility"
117 select XFRM
118 help
119 Support for IPv6 Mobility described in RFC 3775.
120
121 If unsure, say N.
122
123config IPV6_ILA
124 tristate "IPv6: Identifier Locator Addressing (ILA)"
125 depends on NETFILTER
126 select DST_CACHE
127 select LWTUNNEL
128 help
129 Support for IPv6 Identifier Locator Addressing (ILA).
130
131 ILA is a mechanism to do network virtualization without
132 encapsulation. The basic concept of ILA is that we split an
133 IPv6 address into a 64 bit locator and 64 bit identifier. The
134 identifier is the identity of an entity in communication
135 ("who") and the locator expresses the location of the
136 entity ("where").
137
138 ILA can be configured using the "encap ila" option with
139 "ip -6 route" command. ILA is described in
140 https://tools.ietf.org/html/draft-herbert-nvo3-ila-00.
141
142 If unsure, say N.
143
144config INET6_XFRM_TUNNEL
145 tristate
146 select INET6_TUNNEL
147 default n
148
149config INET6_TUNNEL
150 tristate
151 default n
152
153config IPV6_VTI
154tristate "Virtual (secure) IPv6: tunneling"
155 select IPV6_TUNNEL
156 select NET_IP_TUNNEL
157 select XFRM
158 help
159 Tunneling means encapsulating data of one protocol type within
160 another protocol and sending it over a channel that understands the
161 encapsulating protocol. This can be used with xfrm mode tunnel to give
162 the notion of a secure tunnel for IPSEC and then use routing protocol
163 on top.
164
165config IPV6_SIT
166 tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
167 select INET_TUNNEL
168 select NET_IP_TUNNEL
169 select IPV6_NDISC_NODETYPE
170 default y
171 help
172 Tunneling means encapsulating data of one protocol type within
173 another protocol and sending it over a channel that understands the
174 encapsulating protocol. This driver implements encapsulation of IPv6
175 into IPv4 packets. This is useful if you want to connect two IPv6
176 networks over an IPv4-only path.
177
178 Saying M here will produce a module called sit. If unsure, say Y.
179
180config IPV6_SIT_6RD
181 bool "IPv6: IPv6 Rapid Deployment (6RD)"
182 depends on IPV6_SIT
183 default n
184 help
185 IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon
186 mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly
187 deploy IPv6 unicast service to IPv4 sites to which it provides
188 customer premise equipment. Like 6to4, it utilizes stateless IPv6 in
189 IPv4 encapsulation in order to transit IPv4-only network
190 infrastructure. Unlike 6to4, a 6rd service provider uses an IPv6
191 prefix of its own in place of the fixed 6to4 prefix.
192
193 With this option enabled, the SIT driver offers 6rd functionality by
194 providing additional ioctl API to configure the IPv6 Prefix for in
195 stead of static 2002::/16 for 6to4.
196
197 If unsure, say N.
198
199config IPV6_NDISC_NODETYPE
200 bool
201
202config IPV6_TUNNEL
203 tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)"
204 select INET6_TUNNEL
205 select DST_CACHE
206 select GRO_CELLS
207 help
208 Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in
209 RFC 2473.
210
211 If unsure, say N.
212
213config IPV6_GRE
214 tristate "IPv6: GRE tunnel"
215 select IPV6_TUNNEL
216 select NET_IP_TUNNEL
217 depends on NET_IPGRE_DEMUX
218 help
219 Tunneling means encapsulating data of one protocol type within
220 another protocol and sending it over a channel that understands the
221 encapsulating protocol. This particular tunneling driver implements
222 GRE (Generic Routing Encapsulation) and at this time allows
223 encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure.
224 This driver is useful if the other endpoint is a Cisco router: Cisco
225 likes GRE much better than the other Linux tunneling driver ("IP
226 tunneling" above). In addition, GRE allows multicast redistribution
227 through the tunnel.
228
229 Saying M here will produce a module called ip6_gre. If unsure, say N.
230
231config IPV6_FOU
232 tristate
233 default NET_FOU && IPV6
234
235config IPV6_FOU_TUNNEL
236 tristate
237 default NET_FOU_IP_TUNNELS && IPV6_FOU
238 select IPV6_TUNNEL
239
240config IPV6_MULTIPLE_TABLES
241 bool "IPv6: Multiple Routing Tables"
242 select FIB_RULES
243 help
244 Support multiple routing tables.
245
246config IPV6_SUBTREES
247 bool "IPv6: source address based routing"
248 depends on IPV6_MULTIPLE_TABLES
249 help
250 Enable routing by source address or prefix.
251
252 The destination address is still the primary routing key, so mixing
253 normal and source prefix specific routes in the same routing table
254 may sometimes lead to unintended routing behavior. This can be
255 avoided by defining different routing tables for the normal and
256 source prefix specific routes.
257
258 If unsure, say N.
259
260config IPV6_MROUTE
261 bool "IPv6: multicast routing"
262 depends on IPV6
263 select IP_MROUTE_COMMON
264 help
265 Support for IPv6 multicast forwarding.
266 If unsure, say N.
267
268config IPV6_MROUTE_MULTIPLE_TABLES
269 bool "IPv6: multicast policy routing"
270 depends on IPV6_MROUTE
271 select FIB_RULES
272 help
273 Normally, a multicast router runs a userspace daemon and decides
274 what to do with a multicast packet based on the source and
275 destination addresses. If you say Y here, the multicast router
276 will also be able to take interfaces and packet marks into
277 account and run multiple instances of userspace daemons
278 simultaneously, each one handling a single table.
279
280 If unsure, say N.
281
282config IPV6_PIMSM_V2
283 bool "IPv6: PIM-SM version 2 support"
284 depends on IPV6_MROUTE
285 help
286 Support for IPv6 PIM multicast routing protocol PIM-SMv2.
287 If unsure, say N.
288
289config IPV6_SEG6_LWTUNNEL
290 bool "IPv6: Segment Routing Header encapsulation support"
291 depends on IPV6
292 select LWTUNNEL
293 select DST_CACHE
294 select IPV6_MULTIPLE_TABLES
295 help
296 Support for encapsulation of packets within an outer IPv6
297 header and a Segment Routing Header using the lightweight
298 tunnels mechanism. Also enable support for advanced local
299 processing of SRv6 packets based on their active segment.
300
301 If unsure, say N.
302
303config IPV6_SEG6_HMAC
304 bool "IPv6: Segment Routing HMAC support"
305 depends on IPV6
306 select CRYPTO
307 select CRYPTO_HMAC
308 select CRYPTO_SHA1
309 select CRYPTO_SHA256
310 help
311 Support for HMAC signature generation and verification
312 of SR-enabled packets.
313
314 If unsure, say N.
315
316config IPV6_SEG6_BPF
317 def_bool y
318 depends on IPV6_SEG6_LWTUNNEL
319 depends on IPV6 = y
320
321config IPV6_RPL_LWTUNNEL
322 bool "IPv6: RPL Source Routing Header support"
323 depends on IPV6
324 select LWTUNNEL
325 help
326 Support for RFC6554 RPL Source Routing Header using the lightweight
327 tunnels mechanism.
328
329 If unsure, say N.
330
331endif # IPV6
1#
2# IPv6 configuration
3#
4
5# IPv6 as module will cause a CRASH if you try to unload it
6menuconfig IPV6
7 tristate "The IPv6 protocol"
8 default y
9 ---help---
10 Support for IP version 6 (IPv6).
11
12 For general information about IPv6, see
13 <https://en.wikipedia.org/wiki/IPv6>.
14 For specific information about IPv6 under Linux, see
15 Documentation/networking/ipv6.txt and read the HOWTO at
16 <http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/>
17
18 To compile this protocol support as a module, choose M here: the
19 module will be called ipv6.
20
21if IPV6
22
23config IPV6_ROUTER_PREF
24 bool "IPv6: Router Preference (RFC 4191) support"
25 ---help---
26 Router Preference is an optional extension to the Router
27 Advertisement message which improves the ability of hosts
28 to pick an appropriate router, especially when the hosts
29 are placed in a multi-homed network.
30
31 If unsure, say N.
32
33config IPV6_ROUTE_INFO
34 bool "IPv6: Route Information (RFC 4191) support"
35 depends on IPV6_ROUTER_PREF
36 ---help---
37 This is experimental support of Route Information.
38
39 If unsure, say N.
40
41config IPV6_OPTIMISTIC_DAD
42 bool "IPv6: Enable RFC 4429 Optimistic DAD"
43 ---help---
44 This is experimental support for optimistic Duplicate
45 Address Detection. It allows for autoconfigured addresses
46 to be used more quickly.
47
48 If unsure, say N.
49
50config INET6_AH
51 tristate "IPv6: AH transformation"
52 select XFRM_ALGO
53 select CRYPTO
54 select CRYPTO_HMAC
55 select CRYPTO_MD5
56 select CRYPTO_SHA1
57 ---help---
58 Support for IPsec AH.
59
60 If unsure, say Y.
61
62config INET6_ESP
63 tristate "IPv6: ESP transformation"
64 select XFRM_ALGO
65 select CRYPTO
66 select CRYPTO_AUTHENC
67 select CRYPTO_HMAC
68 select CRYPTO_MD5
69 select CRYPTO_CBC
70 select CRYPTO_SHA1
71 select CRYPTO_DES
72 select CRYPTO_ECHAINIV
73 ---help---
74 Support for IPsec ESP.
75
76 If unsure, say Y.
77
78config INET6_IPCOMP
79 tristate "IPv6: IPComp transformation"
80 select INET6_XFRM_TUNNEL
81 select XFRM_IPCOMP
82 ---help---
83 Support for IP Payload Compression Protocol (IPComp) (RFC3173),
84 typically needed for IPsec.
85
86 If unsure, say Y.
87
88config IPV6_MIP6
89 tristate "IPv6: Mobility"
90 select XFRM
91 ---help---
92 Support for IPv6 Mobility described in RFC 3775.
93
94 If unsure, say N.
95
96config IPV6_ILA
97 tristate "IPv6: Identifier Locator Addressing (ILA)"
98 depends on NETFILTER
99 select LWTUNNEL
100 ---help---
101 Support for IPv6 Identifier Locator Addressing (ILA).
102
103 ILA is a mechanism to do network virtualization without
104 encapsulation. The basic concept of ILA is that we split an
105 IPv6 address into a 64 bit locator and 64 bit identifier. The
106 identifier is the identity of an entity in communication
107 ("who") and the locator expresses the location of the
108 entity ("where").
109
110 ILA can be configured using the "encap ila" option with
111 "ip -6 route" command. ILA is described in
112 https://tools.ietf.org/html/draft-herbert-nvo3-ila-00.
113
114 If unsure, say N.
115
116config INET6_XFRM_TUNNEL
117 tristate
118 select INET6_TUNNEL
119 default n
120
121config INET6_TUNNEL
122 tristate
123 default n
124
125config INET6_XFRM_MODE_TRANSPORT
126 tristate "IPv6: IPsec transport mode"
127 default IPV6
128 select XFRM
129 ---help---
130 Support for IPsec transport mode.
131
132 If unsure, say Y.
133
134config INET6_XFRM_MODE_TUNNEL
135 tristate "IPv6: IPsec tunnel mode"
136 default IPV6
137 select XFRM
138 ---help---
139 Support for IPsec tunnel mode.
140
141 If unsure, say Y.
142
143config INET6_XFRM_MODE_BEET
144 tristate "IPv6: IPsec BEET mode"
145 default IPV6
146 select XFRM
147 ---help---
148 Support for IPsec BEET mode.
149
150 If unsure, say Y.
151
152config INET6_XFRM_MODE_ROUTEOPTIMIZATION
153 tristate "IPv6: MIPv6 route optimization mode"
154 select XFRM
155 ---help---
156 Support for MIPv6 route optimization mode.
157
158config IPV6_VTI
159tristate "Virtual (secure) IPv6: tunneling"
160 select IPV6_TUNNEL
161 select NET_IP_TUNNEL
162 depends on INET6_XFRM_MODE_TUNNEL
163 ---help---
164 Tunneling means encapsulating data of one protocol type within
165 another protocol and sending it over a channel that understands the
166 encapsulating protocol. This can be used with xfrm mode tunnel to give
167 the notion of a secure tunnel for IPSEC and then use routing protocol
168 on top.
169
170config IPV6_SIT
171 tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
172 select INET_TUNNEL
173 select NET_IP_TUNNEL
174 select IPV6_NDISC_NODETYPE
175 default y
176 ---help---
177 Tunneling means encapsulating data of one protocol type within
178 another protocol and sending it over a channel that understands the
179 encapsulating protocol. This driver implements encapsulation of IPv6
180 into IPv4 packets. This is useful if you want to connect two IPv6
181 networks over an IPv4-only path.
182
183 Saying M here will produce a module called sit. If unsure, say Y.
184
185config IPV6_SIT_6RD
186 bool "IPv6: IPv6 Rapid Deployment (6RD)"
187 depends on IPV6_SIT
188 default n
189 ---help---
190 IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon
191 mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly
192 deploy IPv6 unicast service to IPv4 sites to which it provides
193 customer premise equipment. Like 6to4, it utilizes stateless IPv6 in
194 IPv4 encapsulation in order to transit IPv4-only network
195 infrastructure. Unlike 6to4, a 6rd service provider uses an IPv6
196 prefix of its own in place of the fixed 6to4 prefix.
197
198 With this option enabled, the SIT driver offers 6rd functionality by
199 providing additional ioctl API to configure the IPv6 Prefix for in
200 stead of static 2002::/16 for 6to4.
201
202 If unsure, say N.
203
204config IPV6_NDISC_NODETYPE
205 bool
206
207config IPV6_TUNNEL
208 tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)"
209 select INET6_TUNNEL
210 select DST_CACHE
211 ---help---
212 Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in
213 RFC 2473.
214
215 If unsure, say N.
216
217config IPV6_GRE
218 tristate "IPv6: GRE tunnel"
219 select IPV6_TUNNEL
220 select NET_IP_TUNNEL
221 depends on NET_IPGRE_DEMUX
222 ---help---
223 Tunneling means encapsulating data of one protocol type within
224 another protocol and sending it over a channel that understands the
225 encapsulating protocol. This particular tunneling driver implements
226 GRE (Generic Routing Encapsulation) and at this time allows
227 encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure.
228 This driver is useful if the other endpoint is a Cisco router: Cisco
229 likes GRE much better than the other Linux tunneling driver ("IP
230 tunneling" above). In addition, GRE allows multicast redistribution
231 through the tunnel.
232
233 Saying M here will produce a module called ip6_gre. If unsure, say N.
234
235config IPV6_FOU
236 tristate
237 default NET_FOU && IPV6
238
239config IPV6_FOU_TUNNEL
240 tristate
241 default NET_FOU_IP_TUNNELS && IPV6_FOU
242 select IPV6_TUNNEL
243
244config IPV6_MULTIPLE_TABLES
245 bool "IPv6: Multiple Routing Tables"
246 select FIB_RULES
247 ---help---
248 Support multiple routing tables.
249
250config IPV6_SUBTREES
251 bool "IPv6: source address based routing"
252 depends on IPV6_MULTIPLE_TABLES
253 ---help---
254 Enable routing by source address or prefix.
255
256 The destination address is still the primary routing key, so mixing
257 normal and source prefix specific routes in the same routing table
258 may sometimes lead to unintended routing behavior. This can be
259 avoided by defining different routing tables for the normal and
260 source prefix specific routes.
261
262 If unsure, say N.
263
264config IPV6_MROUTE
265 bool "IPv6: multicast routing"
266 depends on IPV6
267 ---help---
268 Experimental support for IPv6 multicast forwarding.
269 If unsure, say N.
270
271config IPV6_MROUTE_MULTIPLE_TABLES
272 bool "IPv6: multicast policy routing"
273 depends on IPV6_MROUTE
274 select FIB_RULES
275 help
276 Normally, a multicast router runs a userspace daemon and decides
277 what to do with a multicast packet based on the source and
278 destination addresses. If you say Y here, the multicast router
279 will also be able to take interfaces and packet marks into
280 account and run multiple instances of userspace daemons
281 simultaneously, each one handling a single table.
282
283 If unsure, say N.
284
285config IPV6_PIMSM_V2
286 bool "IPv6: PIM-SM version 2 support"
287 depends on IPV6_MROUTE
288 ---help---
289 Support for IPv6 PIM multicast routing protocol PIM-SMv2.
290 If unsure, say N.
291
292config IPV6_SEG6_LWTUNNEL
293 bool "IPv6: Segment Routing Header encapsulation support"
294 depends on IPV6
295 select LWTUNNEL
296 ---help---
297 Support for encapsulation of packets within an outer IPv6
298 header and a Segment Routing Header using the lightweight
299 tunnels mechanism.
300
301 If unsure, say N.
302
303config IPV6_SEG6_INLINE
304 bool "IPv6: direct Segment Routing Header insertion "
305 depends on IPV6_SEG6_LWTUNNEL
306 ---help---
307 Support for direct insertion of the Segment Routing Header,
308 also known as inline mode. Be aware that direct insertion of
309 extension headers (as opposed to encapsulation) may break
310 multiple mechanisms such as PMTUD or IPSec AH. Use this feature
311 only if you know exactly what you are doing.
312
313 If unsure, say N.
314
315config IPV6_SEG6_HMAC
316 bool "IPv6: Segment Routing HMAC support"
317 depends on IPV6
318 select CRYPTO_HMAC
319 select CRYPTO_SHA1
320 select CRYPTO_SHA256
321 ---help---
322 Support for HMAC signature generation and verification
323 of SR-enabled packets.
324
325 If unsure, say N.
326
327endif # IPV6