Loading...
1# SPDX-License-Identifier: GPL-2.0-only
2#
3# IPv6 configuration
4#
5
6# IPv6 as module will cause a CRASH if you try to unload it
7menuconfig IPV6
8 tristate "The IPv6 protocol"
9 default y
10 help
11 Support for IP version 6 (IPv6).
12
13 For general information about IPv6, see
14 <https://en.wikipedia.org/wiki/IPv6>.
15 For specific information about IPv6 under Linux, see
16 Documentation/networking/ipv6.rst and read the HOWTO at
17 <https://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/>
18
19 To compile this protocol support as a module, choose M here: the
20 module will be called ipv6.
21
22if IPV6
23
24config IPV6_ROUTER_PREF
25 bool "IPv6: Router Preference (RFC 4191) support"
26 help
27 Router Preference is an optional extension to the Router
28 Advertisement message which improves the ability of hosts
29 to pick an appropriate router, especially when the hosts
30 are placed in a multi-homed network.
31
32 If unsure, say N.
33
34config IPV6_ROUTE_INFO
35 bool "IPv6: Route Information (RFC 4191) support"
36 depends on IPV6_ROUTER_PREF
37 help
38 Support of Route Information.
39
40 If unsure, say N.
41
42config IPV6_OPTIMISTIC_DAD
43 bool "IPv6: Enable RFC 4429 Optimistic DAD"
44 help
45 Support for optimistic Duplicate Address Detection. It allows for
46 autoconfigured addresses to be used more quickly.
47
48 If unsure, say N.
49
50config INET6_AH
51 tristate "IPv6: AH transformation"
52 select XFRM_AH
53 help
54 Support for IPsec AH (Authentication Header).
55
56 AH can be used with various authentication algorithms. Besides
57 enabling AH support itself, this option enables the generic
58 implementations of the algorithms that RFC 8221 lists as MUST be
59 implemented. If you need any other algorithms, you'll need to enable
60 them in the crypto API. You should also enable accelerated
61 implementations of any needed algorithms when available.
62
63 If unsure, say Y.
64
65config INET6_ESP
66 tristate "IPv6: ESP transformation"
67 select XFRM_ESP
68 help
69 Support for IPsec ESP (Encapsulating Security Payload).
70
71 ESP can be used with various encryption and authentication algorithms.
72 Besides enabling ESP support itself, this option enables the generic
73 implementations of the algorithms that RFC 8221 lists as MUST be
74 implemented. If you need any other algorithms, you'll need to enable
75 them in the crypto API. You should also enable accelerated
76 implementations of any needed algorithms when available.
77
78 If unsure, say Y.
79
80config INET6_ESP_OFFLOAD
81 tristate "IPv6: ESP transformation offload"
82 depends on INET6_ESP
83 select XFRM_OFFLOAD
84 default n
85 help
86 Support for ESP transformation offload. This makes sense
87 only if this system really does IPsec and want to do it
88 with high throughput. A typical desktop system does not
89 need it, even if it does IPsec.
90
91 If unsure, say N.
92
93config INET6_ESPINTCP
94 bool "IPv6: ESP in TCP encapsulation (RFC 8229)"
95 depends on XFRM && INET6_ESP
96 select STREAM_PARSER
97 select NET_SOCK_MSG
98 select XFRM_ESPINTCP
99 help
100 Support for RFC 8229 encapsulation of ESP and IKE over
101 TCP/IPv6 sockets.
102
103 If unsure, say N.
104
105config INET6_IPCOMP
106 tristate "IPv6: IPComp transformation"
107 select INET6_XFRM_TUNNEL
108 select XFRM_IPCOMP
109 help
110 Support for IP Payload Compression Protocol (IPComp) (RFC3173),
111 typically needed for IPsec.
112
113 If unsure, say Y.
114
115config IPV6_MIP6
116 tristate "IPv6: Mobility"
117 select XFRM
118 help
119 Support for IPv6 Mobility described in RFC 3775.
120
121 If unsure, say N.
122
123config IPV6_ILA
124 tristate "IPv6: Identifier Locator Addressing (ILA)"
125 depends on NETFILTER
126 select DST_CACHE
127 select LWTUNNEL
128 help
129 Support for IPv6 Identifier Locator Addressing (ILA).
130
131 ILA is a mechanism to do network virtualization without
132 encapsulation. The basic concept of ILA is that we split an
133 IPv6 address into a 64 bit locator and 64 bit identifier. The
134 identifier is the identity of an entity in communication
135 ("who") and the locator expresses the location of the
136 entity ("where").
137
138 ILA can be configured using the "encap ila" option with
139 "ip -6 route" command. ILA is described in
140 https://tools.ietf.org/html/draft-herbert-nvo3-ila-00.
141
142 If unsure, say N.
143
144config INET6_XFRM_TUNNEL
145 tristate
146 select INET6_TUNNEL
147 default n
148
149config INET6_TUNNEL
150 tristate
151 default n
152
153config IPV6_VTI
154tristate "Virtual (secure) IPv6: tunneling"
155 select IPV6_TUNNEL
156 select NET_IP_TUNNEL
157 select XFRM
158 help
159 Tunneling means encapsulating data of one protocol type within
160 another protocol and sending it over a channel that understands the
161 encapsulating protocol. This can be used with xfrm mode tunnel to give
162 the notion of a secure tunnel for IPSEC and then use routing protocol
163 on top.
164
165config IPV6_SIT
166 tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
167 select INET_TUNNEL
168 select NET_IP_TUNNEL
169 select IPV6_NDISC_NODETYPE
170 default y
171 help
172 Tunneling means encapsulating data of one protocol type within
173 another protocol and sending it over a channel that understands the
174 encapsulating protocol. This driver implements encapsulation of IPv6
175 into IPv4 packets. This is useful if you want to connect two IPv6
176 networks over an IPv4-only path.
177
178 Saying M here will produce a module called sit. If unsure, say Y.
179
180config IPV6_SIT_6RD
181 bool "IPv6: IPv6 Rapid Deployment (6RD)"
182 depends on IPV6_SIT
183 default n
184 help
185 IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon
186 mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly
187 deploy IPv6 unicast service to IPv4 sites to which it provides
188 customer premise equipment. Like 6to4, it utilizes stateless IPv6 in
189 IPv4 encapsulation in order to transit IPv4-only network
190 infrastructure. Unlike 6to4, a 6rd service provider uses an IPv6
191 prefix of its own in place of the fixed 6to4 prefix.
192
193 With this option enabled, the SIT driver offers 6rd functionality by
194 providing additional ioctl API to configure the IPv6 Prefix for in
195 stead of static 2002::/16 for 6to4.
196
197 If unsure, say N.
198
199config IPV6_NDISC_NODETYPE
200 bool
201
202config IPV6_TUNNEL
203 tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)"
204 select INET6_TUNNEL
205 select DST_CACHE
206 select GRO_CELLS
207 help
208 Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in
209 RFC 2473.
210
211 If unsure, say N.
212
213config IPV6_GRE
214 tristate "IPv6: GRE tunnel"
215 select IPV6_TUNNEL
216 select NET_IP_TUNNEL
217 depends on NET_IPGRE_DEMUX
218 help
219 Tunneling means encapsulating data of one protocol type within
220 another protocol and sending it over a channel that understands the
221 encapsulating protocol. This particular tunneling driver implements
222 GRE (Generic Routing Encapsulation) and at this time allows
223 encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure.
224 This driver is useful if the other endpoint is a Cisco router: Cisco
225 likes GRE much better than the other Linux tunneling driver ("IP
226 tunneling" above). In addition, GRE allows multicast redistribution
227 through the tunnel.
228
229 Saying M here will produce a module called ip6_gre. If unsure, say N.
230
231config IPV6_FOU
232 tristate
233 default NET_FOU && IPV6
234
235config IPV6_FOU_TUNNEL
236 tristate
237 default NET_FOU_IP_TUNNELS && IPV6_FOU
238 select IPV6_TUNNEL
239
240config IPV6_MULTIPLE_TABLES
241 bool "IPv6: Multiple Routing Tables"
242 select FIB_RULES
243 help
244 Support multiple routing tables.
245
246config IPV6_SUBTREES
247 bool "IPv6: source address based routing"
248 depends on IPV6_MULTIPLE_TABLES
249 help
250 Enable routing by source address or prefix.
251
252 The destination address is still the primary routing key, so mixing
253 normal and source prefix specific routes in the same routing table
254 may sometimes lead to unintended routing behavior. This can be
255 avoided by defining different routing tables for the normal and
256 source prefix specific routes.
257
258 If unsure, say N.
259
260config IPV6_MROUTE
261 bool "IPv6: multicast routing"
262 depends on IPV6
263 select IP_MROUTE_COMMON
264 help
265 Support for IPv6 multicast forwarding.
266 If unsure, say N.
267
268config IPV6_MROUTE_MULTIPLE_TABLES
269 bool "IPv6: multicast policy routing"
270 depends on IPV6_MROUTE
271 select FIB_RULES
272 help
273 Normally, a multicast router runs a userspace daemon and decides
274 what to do with a multicast packet based on the source and
275 destination addresses. If you say Y here, the multicast router
276 will also be able to take interfaces and packet marks into
277 account and run multiple instances of userspace daemons
278 simultaneously, each one handling a single table.
279
280 If unsure, say N.
281
282config IPV6_PIMSM_V2
283 bool "IPv6: PIM-SM version 2 support"
284 depends on IPV6_MROUTE
285 help
286 Support for IPv6 PIM multicast routing protocol PIM-SMv2.
287 If unsure, say N.
288
289config IPV6_SEG6_LWTUNNEL
290 bool "IPv6: Segment Routing Header encapsulation support"
291 depends on IPV6
292 select LWTUNNEL
293 select DST_CACHE
294 select IPV6_MULTIPLE_TABLES
295 help
296 Support for encapsulation of packets within an outer IPv6
297 header and a Segment Routing Header using the lightweight
298 tunnels mechanism. Also enable support for advanced local
299 processing of SRv6 packets based on their active segment.
300
301 If unsure, say N.
302
303config IPV6_SEG6_HMAC
304 bool "IPv6: Segment Routing HMAC support"
305 depends on IPV6
306 select CRYPTO
307 select CRYPTO_HMAC
308 select CRYPTO_SHA1
309 select CRYPTO_SHA256
310 help
311 Support for HMAC signature generation and verification
312 of SR-enabled packets.
313
314 If unsure, say N.
315
316config IPV6_SEG6_BPF
317 def_bool y
318 depends on IPV6_SEG6_LWTUNNEL
319 depends on IPV6 = y
320
321config IPV6_RPL_LWTUNNEL
322 bool "IPv6: RPL Source Routing Header support"
323 depends on IPV6
324 select LWTUNNEL
325 help
326 Support for RFC6554 RPL Source Routing Header using the lightweight
327 tunnels mechanism.
328
329 If unsure, say N.
330
331endif # IPV6
1# SPDX-License-Identifier: GPL-2.0-only
2#
3# IPv6 configuration
4#
5
6# IPv6 as module will cause a CRASH if you try to unload it
7menuconfig IPV6
8 tristate "The IPv6 protocol"
9 default y
10 ---help---
11 Support for IP version 6 (IPv6).
12
13 For general information about IPv6, see
14 <https://en.wikipedia.org/wiki/IPv6>.
15 For specific information about IPv6 under Linux, see
16 Documentation/networking/ipv6.txt and read the HOWTO at
17 <http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/>
18
19 To compile this protocol support as a module, choose M here: the
20 module will be called ipv6.
21
22if IPV6
23
24config IPV6_ROUTER_PREF
25 bool "IPv6: Router Preference (RFC 4191) support"
26 ---help---
27 Router Preference is an optional extension to the Router
28 Advertisement message which improves the ability of hosts
29 to pick an appropriate router, especially when the hosts
30 are placed in a multi-homed network.
31
32 If unsure, say N.
33
34config IPV6_ROUTE_INFO
35 bool "IPv6: Route Information (RFC 4191) support"
36 depends on IPV6_ROUTER_PREF
37 ---help---
38 Support of Route Information.
39
40 If unsure, say N.
41
42config IPV6_OPTIMISTIC_DAD
43 bool "IPv6: Enable RFC 4429 Optimistic DAD"
44 ---help---
45 Support for optimistic Duplicate Address Detection. It allows for
46 autoconfigured addresses to be used more quickly.
47
48 If unsure, say N.
49
50config INET6_AH
51 tristate "IPv6: AH transformation"
52 select XFRM_ALGO
53 select CRYPTO
54 select CRYPTO_HMAC
55 select CRYPTO_MD5
56 select CRYPTO_SHA1
57 ---help---
58 Support for IPsec AH.
59
60 If unsure, say Y.
61
62config INET6_ESP
63 tristate "IPv6: ESP transformation"
64 select XFRM_ALGO
65 select CRYPTO
66 select CRYPTO_AUTHENC
67 select CRYPTO_HMAC
68 select CRYPTO_MD5
69 select CRYPTO_CBC
70 select CRYPTO_SHA1
71 select CRYPTO_DES
72 select CRYPTO_ECHAINIV
73 ---help---
74 Support for IPsec ESP.
75
76 If unsure, say Y.
77
78config INET6_ESP_OFFLOAD
79 tristate "IPv6: ESP transformation offload"
80 depends on INET6_ESP
81 select XFRM_OFFLOAD
82 default n
83 ---help---
84 Support for ESP transformation offload. This makes sense
85 only if this system really does IPsec and want to do it
86 with high throughput. A typical desktop system does not
87 need it, even if it does IPsec.
88
89 If unsure, say N.
90
91config INET6_IPCOMP
92 tristate "IPv6: IPComp transformation"
93 select INET6_XFRM_TUNNEL
94 select XFRM_IPCOMP
95 ---help---
96 Support for IP Payload Compression Protocol (IPComp) (RFC3173),
97 typically needed for IPsec.
98
99 If unsure, say Y.
100
101config IPV6_MIP6
102 tristate "IPv6: Mobility"
103 select XFRM
104 ---help---
105 Support for IPv6 Mobility described in RFC 3775.
106
107 If unsure, say N.
108
109config IPV6_ILA
110 tristate "IPv6: Identifier Locator Addressing (ILA)"
111 depends on NETFILTER
112 select DST_CACHE
113 select LWTUNNEL
114 ---help---
115 Support for IPv6 Identifier Locator Addressing (ILA).
116
117 ILA is a mechanism to do network virtualization without
118 encapsulation. The basic concept of ILA is that we split an
119 IPv6 address into a 64 bit locator and 64 bit identifier. The
120 identifier is the identity of an entity in communication
121 ("who") and the locator expresses the location of the
122 entity ("where").
123
124 ILA can be configured using the "encap ila" option with
125 "ip -6 route" command. ILA is described in
126 https://tools.ietf.org/html/draft-herbert-nvo3-ila-00.
127
128 If unsure, say N.
129
130config INET6_XFRM_TUNNEL
131 tristate
132 select INET6_TUNNEL
133 default n
134
135config INET6_TUNNEL
136 tristate
137 default n
138
139config IPV6_VTI
140tristate "Virtual (secure) IPv6: tunneling"
141 select IPV6_TUNNEL
142 select NET_IP_TUNNEL
143 select XFRM
144 ---help---
145 Tunneling means encapsulating data of one protocol type within
146 another protocol and sending it over a channel that understands the
147 encapsulating protocol. This can be used with xfrm mode tunnel to give
148 the notion of a secure tunnel for IPSEC and then use routing protocol
149 on top.
150
151config IPV6_SIT
152 tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
153 select INET_TUNNEL
154 select NET_IP_TUNNEL
155 select IPV6_NDISC_NODETYPE
156 default y
157 ---help---
158 Tunneling means encapsulating data of one protocol type within
159 another protocol and sending it over a channel that understands the
160 encapsulating protocol. This driver implements encapsulation of IPv6
161 into IPv4 packets. This is useful if you want to connect two IPv6
162 networks over an IPv4-only path.
163
164 Saying M here will produce a module called sit. If unsure, say Y.
165
166config IPV6_SIT_6RD
167 bool "IPv6: IPv6 Rapid Deployment (6RD)"
168 depends on IPV6_SIT
169 default n
170 ---help---
171 IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon
172 mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly
173 deploy IPv6 unicast service to IPv4 sites to which it provides
174 customer premise equipment. Like 6to4, it utilizes stateless IPv6 in
175 IPv4 encapsulation in order to transit IPv4-only network
176 infrastructure. Unlike 6to4, a 6rd service provider uses an IPv6
177 prefix of its own in place of the fixed 6to4 prefix.
178
179 With this option enabled, the SIT driver offers 6rd functionality by
180 providing additional ioctl API to configure the IPv6 Prefix for in
181 stead of static 2002::/16 for 6to4.
182
183 If unsure, say N.
184
185config IPV6_NDISC_NODETYPE
186 bool
187
188config IPV6_TUNNEL
189 tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)"
190 select INET6_TUNNEL
191 select DST_CACHE
192 select GRO_CELLS
193 ---help---
194 Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in
195 RFC 2473.
196
197 If unsure, say N.
198
199config IPV6_GRE
200 tristate "IPv6: GRE tunnel"
201 select IPV6_TUNNEL
202 select NET_IP_TUNNEL
203 depends on NET_IPGRE_DEMUX
204 ---help---
205 Tunneling means encapsulating data of one protocol type within
206 another protocol and sending it over a channel that understands the
207 encapsulating protocol. This particular tunneling driver implements
208 GRE (Generic Routing Encapsulation) and at this time allows
209 encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure.
210 This driver is useful if the other endpoint is a Cisco router: Cisco
211 likes GRE much better than the other Linux tunneling driver ("IP
212 tunneling" above). In addition, GRE allows multicast redistribution
213 through the tunnel.
214
215 Saying M here will produce a module called ip6_gre. If unsure, say N.
216
217config IPV6_FOU
218 tristate
219 default NET_FOU && IPV6
220
221config IPV6_FOU_TUNNEL
222 tristate
223 default NET_FOU_IP_TUNNELS && IPV6_FOU
224 select IPV6_TUNNEL
225
226config IPV6_MULTIPLE_TABLES
227 bool "IPv6: Multiple Routing Tables"
228 select FIB_RULES
229 ---help---
230 Support multiple routing tables.
231
232config IPV6_SUBTREES
233 bool "IPv6: source address based routing"
234 depends on IPV6_MULTIPLE_TABLES
235 ---help---
236 Enable routing by source address or prefix.
237
238 The destination address is still the primary routing key, so mixing
239 normal and source prefix specific routes in the same routing table
240 may sometimes lead to unintended routing behavior. This can be
241 avoided by defining different routing tables for the normal and
242 source prefix specific routes.
243
244 If unsure, say N.
245
246config IPV6_MROUTE
247 bool "IPv6: multicast routing"
248 depends on IPV6
249 select IP_MROUTE_COMMON
250 ---help---
251 Support for IPv6 multicast forwarding.
252 If unsure, say N.
253
254config IPV6_MROUTE_MULTIPLE_TABLES
255 bool "IPv6: multicast policy routing"
256 depends on IPV6_MROUTE
257 select FIB_RULES
258 help
259 Normally, a multicast router runs a userspace daemon and decides
260 what to do with a multicast packet based on the source and
261 destination addresses. If you say Y here, the multicast router
262 will also be able to take interfaces and packet marks into
263 account and run multiple instances of userspace daemons
264 simultaneously, each one handling a single table.
265
266 If unsure, say N.
267
268config IPV6_PIMSM_V2
269 bool "IPv6: PIM-SM version 2 support"
270 depends on IPV6_MROUTE
271 ---help---
272 Support for IPv6 PIM multicast routing protocol PIM-SMv2.
273 If unsure, say N.
274
275config IPV6_SEG6_LWTUNNEL
276 bool "IPv6: Segment Routing Header encapsulation support"
277 depends on IPV6
278 select LWTUNNEL
279 select DST_CACHE
280 select IPV6_MULTIPLE_TABLES
281 ---help---
282 Support for encapsulation of packets within an outer IPv6
283 header and a Segment Routing Header using the lightweight
284 tunnels mechanism. Also enable support for advanced local
285 processing of SRv6 packets based on their active segment.
286
287 If unsure, say N.
288
289config IPV6_SEG6_HMAC
290 bool "IPv6: Segment Routing HMAC support"
291 depends on IPV6
292 select CRYPTO_HMAC
293 select CRYPTO_SHA1
294 select CRYPTO_SHA256
295 ---help---
296 Support for HMAC signature generation and verification
297 of SR-enabled packets.
298
299 If unsure, say N.
300
301config IPV6_SEG6_BPF
302 def_bool y
303 depends on IPV6_SEG6_LWTUNNEL
304 depends on IPV6 = y
305
306endif # IPV6