Loading...
1# SPDX-License-Identifier: GPL-2.0-only
2#
3# IPv6 configuration
4#
5
6# IPv6 as module will cause a CRASH if you try to unload it
7menuconfig IPV6
8 tristate "The IPv6 protocol"
9 default y
10 help
11 Support for IP version 6 (IPv6).
12
13 For general information about IPv6, see
14 <https://en.wikipedia.org/wiki/IPv6>.
15 For specific information about IPv6 under Linux, see
16 Documentation/networking/ipv6.rst and read the HOWTO at
17 <https://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/>
18
19 To compile this protocol support as a module, choose M here: the
20 module will be called ipv6.
21
22if IPV6
23
24config IPV6_ROUTER_PREF
25 bool "IPv6: Router Preference (RFC 4191) support"
26 help
27 Router Preference is an optional extension to the Router
28 Advertisement message which improves the ability of hosts
29 to pick an appropriate router, especially when the hosts
30 are placed in a multi-homed network.
31
32 If unsure, say N.
33
34config IPV6_ROUTE_INFO
35 bool "IPv6: Route Information (RFC 4191) support"
36 depends on IPV6_ROUTER_PREF
37 help
38 Support of Route Information.
39
40 If unsure, say N.
41
42config IPV6_OPTIMISTIC_DAD
43 bool "IPv6: Enable RFC 4429 Optimistic DAD"
44 help
45 Support for optimistic Duplicate Address Detection. It allows for
46 autoconfigured addresses to be used more quickly.
47
48 If unsure, say N.
49
50config INET6_AH
51 tristate "IPv6: AH transformation"
52 select XFRM_AH
53 help
54 Support for IPsec AH (Authentication Header).
55
56 AH can be used with various authentication algorithms. Besides
57 enabling AH support itself, this option enables the generic
58 implementations of the algorithms that RFC 8221 lists as MUST be
59 implemented. If you need any other algorithms, you'll need to enable
60 them in the crypto API. You should also enable accelerated
61 implementations of any needed algorithms when available.
62
63 If unsure, say Y.
64
65config INET6_ESP
66 tristate "IPv6: ESP transformation"
67 select XFRM_ESP
68 help
69 Support for IPsec ESP (Encapsulating Security Payload).
70
71 ESP can be used with various encryption and authentication algorithms.
72 Besides enabling ESP support itself, this option enables the generic
73 implementations of the algorithms that RFC 8221 lists as MUST be
74 implemented. If you need any other algorithms, you'll need to enable
75 them in the crypto API. You should also enable accelerated
76 implementations of any needed algorithms when available.
77
78 If unsure, say Y.
79
80config INET6_ESP_OFFLOAD
81 tristate "IPv6: ESP transformation offload"
82 depends on INET6_ESP
83 select XFRM_OFFLOAD
84 default n
85 help
86 Support for ESP transformation offload. This makes sense
87 only if this system really does IPsec and want to do it
88 with high throughput. A typical desktop system does not
89 need it, even if it does IPsec.
90
91 If unsure, say N.
92
93config INET6_ESPINTCP
94 bool "IPv6: ESP in TCP encapsulation (RFC 8229)"
95 depends on XFRM && INET6_ESP
96 select STREAM_PARSER
97 select NET_SOCK_MSG
98 select XFRM_ESPINTCP
99 help
100 Support for RFC 8229 encapsulation of ESP and IKE over
101 TCP/IPv6 sockets.
102
103 If unsure, say N.
104
105config INET6_IPCOMP
106 tristate "IPv6: IPComp transformation"
107 select INET6_XFRM_TUNNEL
108 select XFRM_IPCOMP
109 help
110 Support for IP Payload Compression Protocol (IPComp) (RFC3173),
111 typically needed for IPsec.
112
113 If unsure, say Y.
114
115config IPV6_MIP6
116 tristate "IPv6: Mobility"
117 select XFRM
118 help
119 Support for IPv6 Mobility described in RFC 3775.
120
121 If unsure, say N.
122
123config IPV6_ILA
124 tristate "IPv6: Identifier Locator Addressing (ILA)"
125 depends on NETFILTER
126 select DST_CACHE
127 select LWTUNNEL
128 help
129 Support for IPv6 Identifier Locator Addressing (ILA).
130
131 ILA is a mechanism to do network virtualization without
132 encapsulation. The basic concept of ILA is that we split an
133 IPv6 address into a 64 bit locator and 64 bit identifier. The
134 identifier is the identity of an entity in communication
135 ("who") and the locator expresses the location of the
136 entity ("where").
137
138 ILA can be configured using the "encap ila" option with
139 "ip -6 route" command. ILA is described in
140 https://tools.ietf.org/html/draft-herbert-nvo3-ila-00.
141
142 If unsure, say N.
143
144config INET6_XFRM_TUNNEL
145 tristate
146 select INET6_TUNNEL
147 default n
148
149config INET6_TUNNEL
150 tristate
151 default n
152
153config IPV6_VTI
154tristate "Virtual (secure) IPv6: tunneling"
155 select IPV6_TUNNEL
156 select NET_IP_TUNNEL
157 select XFRM
158 help
159 Tunneling means encapsulating data of one protocol type within
160 another protocol and sending it over a channel that understands the
161 encapsulating protocol. This can be used with xfrm mode tunnel to give
162 the notion of a secure tunnel for IPSEC and then use routing protocol
163 on top.
164
165config IPV6_SIT
166 tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
167 select INET_TUNNEL
168 select NET_IP_TUNNEL
169 select IPV6_NDISC_NODETYPE
170 default y
171 help
172 Tunneling means encapsulating data of one protocol type within
173 another protocol and sending it over a channel that understands the
174 encapsulating protocol. This driver implements encapsulation of IPv6
175 into IPv4 packets. This is useful if you want to connect two IPv6
176 networks over an IPv4-only path.
177
178 Saying M here will produce a module called sit. If unsure, say Y.
179
180config IPV6_SIT_6RD
181 bool "IPv6: IPv6 Rapid Deployment (6RD)"
182 depends on IPV6_SIT
183 default n
184 help
185 IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon
186 mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly
187 deploy IPv6 unicast service to IPv4 sites to which it provides
188 customer premise equipment. Like 6to4, it utilizes stateless IPv6 in
189 IPv4 encapsulation in order to transit IPv4-only network
190 infrastructure. Unlike 6to4, a 6rd service provider uses an IPv6
191 prefix of its own in place of the fixed 6to4 prefix.
192
193 With this option enabled, the SIT driver offers 6rd functionality by
194 providing additional ioctl API to configure the IPv6 Prefix for in
195 stead of static 2002::/16 for 6to4.
196
197 If unsure, say N.
198
199config IPV6_NDISC_NODETYPE
200 bool
201
202config IPV6_TUNNEL
203 tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)"
204 select INET6_TUNNEL
205 select DST_CACHE
206 select GRO_CELLS
207 help
208 Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in
209 RFC 2473.
210
211 If unsure, say N.
212
213config IPV6_GRE
214 tristate "IPv6: GRE tunnel"
215 select IPV6_TUNNEL
216 select NET_IP_TUNNEL
217 depends on NET_IPGRE_DEMUX
218 help
219 Tunneling means encapsulating data of one protocol type within
220 another protocol and sending it over a channel that understands the
221 encapsulating protocol. This particular tunneling driver implements
222 GRE (Generic Routing Encapsulation) and at this time allows
223 encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure.
224 This driver is useful if the other endpoint is a Cisco router: Cisco
225 likes GRE much better than the other Linux tunneling driver ("IP
226 tunneling" above). In addition, GRE allows multicast redistribution
227 through the tunnel.
228
229 Saying M here will produce a module called ip6_gre. If unsure, say N.
230
231config IPV6_FOU
232 tristate
233 default NET_FOU && IPV6
234
235config IPV6_FOU_TUNNEL
236 tristate
237 default NET_FOU_IP_TUNNELS && IPV6_FOU
238 select IPV6_TUNNEL
239
240config IPV6_MULTIPLE_TABLES
241 bool "IPv6: Multiple Routing Tables"
242 select FIB_RULES
243 help
244 Support multiple routing tables.
245
246config IPV6_SUBTREES
247 bool "IPv6: source address based routing"
248 depends on IPV6_MULTIPLE_TABLES
249 help
250 Enable routing by source address or prefix.
251
252 The destination address is still the primary routing key, so mixing
253 normal and source prefix specific routes in the same routing table
254 may sometimes lead to unintended routing behavior. This can be
255 avoided by defining different routing tables for the normal and
256 source prefix specific routes.
257
258 If unsure, say N.
259
260config IPV6_MROUTE
261 bool "IPv6: multicast routing"
262 depends on IPV6
263 select IP_MROUTE_COMMON
264 help
265 Support for IPv6 multicast forwarding.
266 If unsure, say N.
267
268config IPV6_MROUTE_MULTIPLE_TABLES
269 bool "IPv6: multicast policy routing"
270 depends on IPV6_MROUTE
271 select FIB_RULES
272 help
273 Normally, a multicast router runs a userspace daemon and decides
274 what to do with a multicast packet based on the source and
275 destination addresses. If you say Y here, the multicast router
276 will also be able to take interfaces and packet marks into
277 account and run multiple instances of userspace daemons
278 simultaneously, each one handling a single table.
279
280 If unsure, say N.
281
282config IPV6_PIMSM_V2
283 bool "IPv6: PIM-SM version 2 support"
284 depends on IPV6_MROUTE
285 help
286 Support for IPv6 PIM multicast routing protocol PIM-SMv2.
287 If unsure, say N.
288
289config IPV6_SEG6_LWTUNNEL
290 bool "IPv6: Segment Routing Header encapsulation support"
291 depends on IPV6
292 select LWTUNNEL
293 select DST_CACHE
294 select IPV6_MULTIPLE_TABLES
295 help
296 Support for encapsulation of packets within an outer IPv6
297 header and a Segment Routing Header using the lightweight
298 tunnels mechanism. Also enable support for advanced local
299 processing of SRv6 packets based on their active segment.
300
301 If unsure, say N.
302
303config IPV6_SEG6_HMAC
304 bool "IPv6: Segment Routing HMAC support"
305 depends on IPV6
306 select CRYPTO
307 select CRYPTO_HMAC
308 select CRYPTO_SHA1
309 select CRYPTO_SHA256
310 help
311 Support for HMAC signature generation and verification
312 of SR-enabled packets.
313
314 If unsure, say N.
315
316config IPV6_SEG6_BPF
317 def_bool y
318 depends on IPV6_SEG6_LWTUNNEL
319 depends on IPV6 = y
320
321config IPV6_RPL_LWTUNNEL
322 bool "IPv6: RPL Source Routing Header support"
323 depends on IPV6
324 select LWTUNNEL
325 help
326 Support for RFC6554 RPL Source Routing Header using the lightweight
327 tunnels mechanism.
328
329 If unsure, say N.
330
331endif # IPV6
1# SPDX-License-Identifier: GPL-2.0-only
2#
3# IPv6 configuration
4#
5
6# IPv6 as module will cause a CRASH if you try to unload it
7menuconfig IPV6
8 tristate "The IPv6 protocol"
9 default y
10 select CRYPTO_LIB_SHA1
11 help
12 Support for IP version 6 (IPv6).
13
14 For general information about IPv6, see
15 <https://en.wikipedia.org/wiki/IPv6>.
16 For specific information about IPv6 under Linux, see
17 Documentation/networking/ipv6.rst and read the HOWTO at
18 <https://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/>
19
20 To compile this protocol support as a module, choose M here: the
21 module will be called ipv6.
22
23if IPV6
24
25config IPV6_ROUTER_PREF
26 bool "IPv6: Router Preference (RFC 4191) support"
27 help
28 Router Preference is an optional extension to the Router
29 Advertisement message which improves the ability of hosts
30 to pick an appropriate router, especially when the hosts
31 are placed in a multi-homed network.
32
33 If unsure, say N.
34
35config IPV6_ROUTE_INFO
36 bool "IPv6: Route Information (RFC 4191) support"
37 depends on IPV6_ROUTER_PREF
38 help
39 Support of Route Information.
40
41 If unsure, say N.
42
43config IPV6_OPTIMISTIC_DAD
44 bool "IPv6: Enable RFC 4429 Optimistic DAD"
45 help
46 Support for optimistic Duplicate Address Detection. It allows for
47 autoconfigured addresses to be used more quickly.
48
49 If unsure, say N.
50
51config INET6_AH
52 tristate "IPv6: AH transformation"
53 select XFRM_AH
54 help
55 Support for IPsec AH (Authentication Header).
56
57 AH can be used with various authentication algorithms. Besides
58 enabling AH support itself, this option enables the generic
59 implementations of the algorithms that RFC 8221 lists as MUST be
60 implemented. If you need any other algorithms, you'll need to enable
61 them in the crypto API. You should also enable accelerated
62 implementations of any needed algorithms when available.
63
64 If unsure, say Y.
65
66config INET6_ESP
67 tristate "IPv6: ESP transformation"
68 select XFRM_ESP
69 help
70 Support for IPsec ESP (Encapsulating Security Payload).
71
72 ESP can be used with various encryption and authentication algorithms.
73 Besides enabling ESP support itself, this option enables the generic
74 implementations of the algorithms that RFC 8221 lists as MUST be
75 implemented. If you need any other algorithms, you'll need to enable
76 them in the crypto API. You should also enable accelerated
77 implementations of any needed algorithms when available.
78
79 If unsure, say Y.
80
81config INET6_ESP_OFFLOAD
82 tristate "IPv6: ESP transformation offload"
83 depends on INET6_ESP
84 select XFRM_OFFLOAD
85 default n
86 help
87 Support for ESP transformation offload. This makes sense
88 only if this system really does IPsec and want to do it
89 with high throughput. A typical desktop system does not
90 need it, even if it does IPsec.
91
92 If unsure, say N.
93
94config INET6_ESPINTCP
95 bool "IPv6: ESP in TCP encapsulation (RFC 8229)"
96 depends on XFRM && INET6_ESP
97 select STREAM_PARSER
98 select NET_SOCK_MSG
99 select XFRM_ESPINTCP
100 help
101 Support for RFC 8229 encapsulation of ESP and IKE over
102 TCP/IPv6 sockets.
103
104 If unsure, say N.
105
106config INET6_IPCOMP
107 tristate "IPv6: IPComp transformation"
108 select INET6_XFRM_TUNNEL
109 select XFRM_IPCOMP
110 help
111 Support for IP Payload Compression Protocol (IPComp) (RFC3173),
112 typically needed for IPsec.
113
114 If unsure, say Y.
115
116config IPV6_MIP6
117 tristate "IPv6: Mobility"
118 select XFRM
119 help
120 Support for IPv6 Mobility described in RFC 3775.
121
122 If unsure, say N.
123
124config IPV6_ILA
125 tristate "IPv6: Identifier Locator Addressing (ILA)"
126 depends on NETFILTER
127 select DST_CACHE
128 select LWTUNNEL
129 help
130 Support for IPv6 Identifier Locator Addressing (ILA).
131
132 ILA is a mechanism to do network virtualization without
133 encapsulation. The basic concept of ILA is that we split an
134 IPv6 address into a 64 bit locator and 64 bit identifier. The
135 identifier is the identity of an entity in communication
136 ("who") and the locator expresses the location of the
137 entity ("where").
138
139 ILA can be configured using the "encap ila" option with
140 "ip -6 route" command. ILA is described in
141 https://tools.ietf.org/html/draft-herbert-nvo3-ila-00.
142
143 If unsure, say N.
144
145config INET6_XFRM_TUNNEL
146 tristate
147 select INET6_TUNNEL
148 default n
149
150config INET6_TUNNEL
151 tristate
152 default n
153
154config IPV6_VTI
155 tristate "Virtual (secure) IPv6: tunneling"
156 select IPV6_TUNNEL
157 select NET_IP_TUNNEL
158 select XFRM
159 help
160 Tunneling means encapsulating data of one protocol type within
161 another protocol and sending it over a channel that understands the
162 encapsulating protocol. This can be used with xfrm mode tunnel to give
163 the notion of a secure tunnel for IPSEC and then use routing protocol
164 on top.
165
166config IPV6_SIT
167 tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
168 select INET_TUNNEL
169 select NET_IP_TUNNEL
170 select IPV6_NDISC_NODETYPE
171 default y
172 help
173 Tunneling means encapsulating data of one protocol type within
174 another protocol and sending it over a channel that understands the
175 encapsulating protocol. This driver implements encapsulation of IPv6
176 into IPv4 packets. This is useful if you want to connect two IPv6
177 networks over an IPv4-only path.
178
179 Saying M here will produce a module called sit. If unsure, say Y.
180
181config IPV6_SIT_6RD
182 bool "IPv6: IPv6 Rapid Deployment (6RD)"
183 depends on IPV6_SIT
184 default n
185 help
186 IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon
187 mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly
188 deploy IPv6 unicast service to IPv4 sites to which it provides
189 customer premise equipment. Like 6to4, it utilizes stateless IPv6 in
190 IPv4 encapsulation in order to transit IPv4-only network
191 infrastructure. Unlike 6to4, a 6rd service provider uses an IPv6
192 prefix of its own in place of the fixed 6to4 prefix.
193
194 With this option enabled, the SIT driver offers 6rd functionality by
195 providing additional ioctl API to configure the IPv6 Prefix for in
196 stead of static 2002::/16 for 6to4.
197
198 If unsure, say N.
199
200config IPV6_NDISC_NODETYPE
201 bool
202
203config IPV6_TUNNEL
204 tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)"
205 select INET6_TUNNEL
206 select DST_CACHE
207 select GRO_CELLS
208 help
209 Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in
210 RFC 2473.
211
212 If unsure, say N.
213
214config IPV6_GRE
215 tristate "IPv6: GRE tunnel"
216 select IPV6_TUNNEL
217 select NET_IP_TUNNEL
218 depends on NET_IPGRE_DEMUX
219 help
220 Tunneling means encapsulating data of one protocol type within
221 another protocol and sending it over a channel that understands the
222 encapsulating protocol. This particular tunneling driver implements
223 GRE (Generic Routing Encapsulation) and at this time allows
224 encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure.
225 This driver is useful if the other endpoint is a Cisco router: Cisco
226 likes GRE much better than the other Linux tunneling driver ("IP
227 tunneling" above). In addition, GRE allows multicast redistribution
228 through the tunnel.
229
230 Saying M here will produce a module called ip6_gre. If unsure, say N.
231
232config IPV6_FOU
233 tristate
234 default NET_FOU && IPV6
235
236config IPV6_FOU_TUNNEL
237 tristate
238 default NET_FOU_IP_TUNNELS && IPV6_FOU
239 select IPV6_TUNNEL
240
241config IPV6_MULTIPLE_TABLES
242 bool "IPv6: Multiple Routing Tables"
243 select FIB_RULES
244 help
245 Support multiple routing tables.
246
247config IPV6_SUBTREES
248 bool "IPv6: source address based routing"
249 depends on IPV6_MULTIPLE_TABLES
250 help
251 Enable routing by source address or prefix.
252
253 The destination address is still the primary routing key, so mixing
254 normal and source prefix specific routes in the same routing table
255 may sometimes lead to unintended routing behavior. This can be
256 avoided by defining different routing tables for the normal and
257 source prefix specific routes.
258
259 If unsure, say N.
260
261config IPV6_MROUTE
262 bool "IPv6: multicast routing"
263 depends on IPV6
264 select IP_MROUTE_COMMON
265 help
266 Support for IPv6 multicast forwarding.
267 If unsure, say N.
268
269config IPV6_MROUTE_MULTIPLE_TABLES
270 bool "IPv6: multicast policy routing"
271 depends on IPV6_MROUTE
272 select FIB_RULES
273 help
274 Normally, a multicast router runs a userspace daemon and decides
275 what to do with a multicast packet based on the source and
276 destination addresses. If you say Y here, the multicast router
277 will also be able to take interfaces and packet marks into
278 account and run multiple instances of userspace daemons
279 simultaneously, each one handling a single table.
280
281 If unsure, say N.
282
283config IPV6_PIMSM_V2
284 bool "IPv6: PIM-SM version 2 support"
285 depends on IPV6_MROUTE
286 help
287 Support for IPv6 PIM multicast routing protocol PIM-SMv2.
288 If unsure, say N.
289
290config IPV6_SEG6_LWTUNNEL
291 bool "IPv6: Segment Routing Header encapsulation support"
292 depends on IPV6
293 select LWTUNNEL
294 select DST_CACHE
295 select IPV6_MULTIPLE_TABLES
296 help
297 Support for encapsulation of packets within an outer IPv6
298 header and a Segment Routing Header using the lightweight
299 tunnels mechanism. Also enable support for advanced local
300 processing of SRv6 packets based on their active segment.
301
302 If unsure, say N.
303
304config IPV6_SEG6_HMAC
305 bool "IPv6: Segment Routing HMAC support"
306 depends on IPV6
307 select CRYPTO
308 select CRYPTO_HMAC
309 select CRYPTO_SHA1
310 select CRYPTO_SHA256
311 help
312 Support for HMAC signature generation and verification
313 of SR-enabled packets.
314
315 If unsure, say N.
316
317config IPV6_SEG6_BPF
318 def_bool y
319 depends on IPV6_SEG6_LWTUNNEL
320 depends on IPV6 = y
321
322config IPV6_RPL_LWTUNNEL
323 bool "IPv6: RPL Source Routing Header support"
324 depends on IPV6
325 select LWTUNNEL
326 select DST_CACHE
327 help
328 Support for RFC6554 RPL Source Routing Header using the lightweight
329 tunnels mechanism.
330
331 If unsure, say N.
332
333config IPV6_IOAM6_LWTUNNEL
334 bool "IPv6: IOAM Pre-allocated Trace insertion support"
335 depends on IPV6
336 select LWTUNNEL
337 select DST_CACHE
338 help
339 Support for the insertion of IOAM Pre-allocated Trace
340 Header using the lightweight tunnels mechanism.
341
342 If unsure, say N.
343
344endif # IPV6