Loading...
1# SPDX-License-Identifier: GPL-2.0-only
2#
3# IPv6 configuration
4#
5
6# IPv6 as module will cause a CRASH if you try to unload it
7menuconfig IPV6
8 tristate "The IPv6 protocol"
9 default y
10 select CRYPTO_LIB_SHA1
11 help
12 Support for IP version 6 (IPv6).
13
14 For general information about IPv6, see
15 <https://en.wikipedia.org/wiki/IPv6>.
16 For specific information about IPv6 under Linux, see
17 Documentation/networking/ipv6.rst and read the HOWTO at
18 <https://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/>
19
20 To compile this protocol support as a module, choose M here: the
21 module will be called ipv6.
22
23if IPV6
24
25config IPV6_ROUTER_PREF
26 bool "IPv6: Router Preference (RFC 4191) support"
27 help
28 Router Preference is an optional extension to the Router
29 Advertisement message which improves the ability of hosts
30 to pick an appropriate router, especially when the hosts
31 are placed in a multi-homed network.
32
33 If unsure, say N.
34
35config IPV6_ROUTE_INFO
36 bool "IPv6: Route Information (RFC 4191) support"
37 depends on IPV6_ROUTER_PREF
38 help
39 Support of Route Information.
40
41 If unsure, say N.
42
43config IPV6_OPTIMISTIC_DAD
44 bool "IPv6: Enable RFC 4429 Optimistic DAD"
45 help
46 Support for optimistic Duplicate Address Detection. It allows for
47 autoconfigured addresses to be used more quickly.
48
49 If unsure, say N.
50
51config INET6_AH
52 tristate "IPv6: AH transformation"
53 select XFRM_AH
54 help
55 Support for IPsec AH (Authentication Header).
56
57 AH can be used with various authentication algorithms. Besides
58 enabling AH support itself, this option enables the generic
59 implementations of the algorithms that RFC 8221 lists as MUST be
60 implemented. If you need any other algorithms, you'll need to enable
61 them in the crypto API. You should also enable accelerated
62 implementations of any needed algorithms when available.
63
64 If unsure, say Y.
65
66config INET6_ESP
67 tristate "IPv6: ESP transformation"
68 select XFRM_ESP
69 help
70 Support for IPsec ESP (Encapsulating Security Payload).
71
72 ESP can be used with various encryption and authentication algorithms.
73 Besides enabling ESP support itself, this option enables the generic
74 implementations of the algorithms that RFC 8221 lists as MUST be
75 implemented. If you need any other algorithms, you'll need to enable
76 them in the crypto API. You should also enable accelerated
77 implementations of any needed algorithms when available.
78
79 If unsure, say Y.
80
81config INET6_ESP_OFFLOAD
82 tristate "IPv6: ESP transformation offload"
83 depends on INET6_ESP
84 select XFRM_OFFLOAD
85 default n
86 help
87 Support for ESP transformation offload. This makes sense
88 only if this system really does IPsec and want to do it
89 with high throughput. A typical desktop system does not
90 need it, even if it does IPsec.
91
92 If unsure, say N.
93
94config INET6_ESPINTCP
95 bool "IPv6: ESP in TCP encapsulation (RFC 8229)"
96 depends on XFRM && INET6_ESP
97 select STREAM_PARSER
98 select NET_SOCK_MSG
99 select XFRM_ESPINTCP
100 help
101 Support for RFC 8229 encapsulation of ESP and IKE over
102 TCP/IPv6 sockets.
103
104 If unsure, say N.
105
106config INET6_IPCOMP
107 tristate "IPv6: IPComp transformation"
108 select INET6_XFRM_TUNNEL
109 select XFRM_IPCOMP
110 help
111 Support for IP Payload Compression Protocol (IPComp) (RFC3173),
112 typically needed for IPsec.
113
114 If unsure, say Y.
115
116config IPV6_MIP6
117 tristate "IPv6: Mobility"
118 select XFRM
119 help
120 Support for IPv6 Mobility described in RFC 3775.
121
122 If unsure, say N.
123
124config IPV6_ILA
125 tristate "IPv6: Identifier Locator Addressing (ILA)"
126 depends on NETFILTER
127 select DST_CACHE
128 select LWTUNNEL
129 help
130 Support for IPv6 Identifier Locator Addressing (ILA).
131
132 ILA is a mechanism to do network virtualization without
133 encapsulation. The basic concept of ILA is that we split an
134 IPv6 address into a 64 bit locator and 64 bit identifier. The
135 identifier is the identity of an entity in communication
136 ("who") and the locator expresses the location of the
137 entity ("where").
138
139 ILA can be configured using the "encap ila" option with
140 "ip -6 route" command. ILA is described in
141 https://tools.ietf.org/html/draft-herbert-nvo3-ila-00.
142
143 If unsure, say N.
144
145config INET6_XFRM_TUNNEL
146 tristate
147 select INET6_TUNNEL
148 default n
149
150config INET6_TUNNEL
151 tristate
152 default n
153
154config IPV6_VTI
155 tristate "Virtual (secure) IPv6: tunneling"
156 select IPV6_TUNNEL
157 select NET_IP_TUNNEL
158 select XFRM
159 help
160 Tunneling means encapsulating data of one protocol type within
161 another protocol and sending it over a channel that understands the
162 encapsulating protocol. This can be used with xfrm mode tunnel to give
163 the notion of a secure tunnel for IPSEC and then use routing protocol
164 on top.
165
166config IPV6_SIT
167 tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
168 select INET_TUNNEL
169 select NET_IP_TUNNEL
170 select IPV6_NDISC_NODETYPE
171 default y
172 help
173 Tunneling means encapsulating data of one protocol type within
174 another protocol and sending it over a channel that understands the
175 encapsulating protocol. This driver implements encapsulation of IPv6
176 into IPv4 packets. This is useful if you want to connect two IPv6
177 networks over an IPv4-only path.
178
179 Saying M here will produce a module called sit. If unsure, say Y.
180
181config IPV6_SIT_6RD
182 bool "IPv6: IPv6 Rapid Deployment (6RD)"
183 depends on IPV6_SIT
184 default n
185 help
186 IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon
187 mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly
188 deploy IPv6 unicast service to IPv4 sites to which it provides
189 customer premise equipment. Like 6to4, it utilizes stateless IPv6 in
190 IPv4 encapsulation in order to transit IPv4-only network
191 infrastructure. Unlike 6to4, a 6rd service provider uses an IPv6
192 prefix of its own in place of the fixed 6to4 prefix.
193
194 With this option enabled, the SIT driver offers 6rd functionality by
195 providing additional ioctl API to configure the IPv6 Prefix for in
196 stead of static 2002::/16 for 6to4.
197
198 If unsure, say N.
199
200config IPV6_NDISC_NODETYPE
201 bool
202
203config IPV6_TUNNEL
204 tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)"
205 select INET6_TUNNEL
206 select DST_CACHE
207 select GRO_CELLS
208 help
209 Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in
210 RFC 2473.
211
212 If unsure, say N.
213
214config IPV6_GRE
215 tristate "IPv6: GRE tunnel"
216 select IPV6_TUNNEL
217 select NET_IP_TUNNEL
218 depends on NET_IPGRE_DEMUX
219 help
220 Tunneling means encapsulating data of one protocol type within
221 another protocol and sending it over a channel that understands the
222 encapsulating protocol. This particular tunneling driver implements
223 GRE (Generic Routing Encapsulation) and at this time allows
224 encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure.
225 This driver is useful if the other endpoint is a Cisco router: Cisco
226 likes GRE much better than the other Linux tunneling driver ("IP
227 tunneling" above). In addition, GRE allows multicast redistribution
228 through the tunnel.
229
230 Saying M here will produce a module called ip6_gre. If unsure, say N.
231
232config IPV6_FOU
233 tristate
234 default NET_FOU && IPV6
235
236config IPV6_FOU_TUNNEL
237 tristate
238 default NET_FOU_IP_TUNNELS && IPV6_FOU
239 select IPV6_TUNNEL
240
241config IPV6_MULTIPLE_TABLES
242 bool "IPv6: Multiple Routing Tables"
243 select FIB_RULES
244 help
245 Support multiple routing tables.
246
247config IPV6_SUBTREES
248 bool "IPv6: source address based routing"
249 depends on IPV6_MULTIPLE_TABLES
250 help
251 Enable routing by source address or prefix.
252
253 The destination address is still the primary routing key, so mixing
254 normal and source prefix specific routes in the same routing table
255 may sometimes lead to unintended routing behavior. This can be
256 avoided by defining different routing tables for the normal and
257 source prefix specific routes.
258
259 If unsure, say N.
260
261config IPV6_MROUTE
262 bool "IPv6: multicast routing"
263 depends on IPV6
264 select IP_MROUTE_COMMON
265 help
266 Support for IPv6 multicast forwarding.
267 If unsure, say N.
268
269config IPV6_MROUTE_MULTIPLE_TABLES
270 bool "IPv6: multicast policy routing"
271 depends on IPV6_MROUTE
272 select FIB_RULES
273 help
274 Normally, a multicast router runs a userspace daemon and decides
275 what to do with a multicast packet based on the source and
276 destination addresses. If you say Y here, the multicast router
277 will also be able to take interfaces and packet marks into
278 account and run multiple instances of userspace daemons
279 simultaneously, each one handling a single table.
280
281 If unsure, say N.
282
283config IPV6_PIMSM_V2
284 bool "IPv6: PIM-SM version 2 support"
285 depends on IPV6_MROUTE
286 help
287 Support for IPv6 PIM multicast routing protocol PIM-SMv2.
288 If unsure, say N.
289
290config IPV6_SEG6_LWTUNNEL
291 bool "IPv6: Segment Routing Header encapsulation support"
292 depends on IPV6
293 select LWTUNNEL
294 select DST_CACHE
295 select IPV6_MULTIPLE_TABLES
296 help
297 Support for encapsulation of packets within an outer IPv6
298 header and a Segment Routing Header using the lightweight
299 tunnels mechanism. Also enable support for advanced local
300 processing of SRv6 packets based on their active segment.
301
302 If unsure, say N.
303
304config IPV6_SEG6_HMAC
305 bool "IPv6: Segment Routing HMAC support"
306 depends on IPV6
307 select CRYPTO
308 select CRYPTO_HMAC
309 select CRYPTO_SHA1
310 select CRYPTO_SHA256
311 help
312 Support for HMAC signature generation and verification
313 of SR-enabled packets.
314
315 If unsure, say N.
316
317config IPV6_SEG6_BPF
318 def_bool y
319 depends on IPV6_SEG6_LWTUNNEL
320 depends on IPV6 = y
321
322config IPV6_RPL_LWTUNNEL
323 bool "IPv6: RPL Source Routing Header support"
324 depends on IPV6
325 select LWTUNNEL
326 select DST_CACHE
327 help
328 Support for RFC6554 RPL Source Routing Header using the lightweight
329 tunnels mechanism.
330
331 If unsure, say N.
332
333config IPV6_IOAM6_LWTUNNEL
334 bool "IPv6: IOAM Pre-allocated Trace insertion support"
335 depends on IPV6
336 select LWTUNNEL
337 select DST_CACHE
338 help
339 Support for the insertion of IOAM Pre-allocated Trace
340 Header using the lightweight tunnels mechanism.
341
342 If unsure, say N.
343
344endif # IPV6
1#
2# IPv6 configuration
3#
4
5# IPv6 as module will cause a CRASH if you try to unload it
6menuconfig IPV6
7 tristate "The IPv6 protocol"
8 default y
9 ---help---
10 Support for IP version 6 (IPv6).
11
12 For general information about IPv6, see
13 <https://en.wikipedia.org/wiki/IPv6>.
14 For specific information about IPv6 under Linux, see
15 Documentation/networking/ipv6.txt and read the HOWTO at
16 <http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/>
17
18 To compile this protocol support as a module, choose M here: the
19 module will be called ipv6.
20
21if IPV6
22
23config IPV6_ROUTER_PREF
24 bool "IPv6: Router Preference (RFC 4191) support"
25 ---help---
26 Router Preference is an optional extension to the Router
27 Advertisement message which improves the ability of hosts
28 to pick an appropriate router, especially when the hosts
29 are placed in a multi-homed network.
30
31 If unsure, say N.
32
33config IPV6_ROUTE_INFO
34 bool "IPv6: Route Information (RFC 4191) support"
35 depends on IPV6_ROUTER_PREF
36 ---help---
37 This is experimental support of Route Information.
38
39 If unsure, say N.
40
41config IPV6_OPTIMISTIC_DAD
42 bool "IPv6: Enable RFC 4429 Optimistic DAD"
43 ---help---
44 This is experimental support for optimistic Duplicate
45 Address Detection. It allows for autoconfigured addresses
46 to be used more quickly.
47
48 If unsure, say N.
49
50config INET6_AH
51 tristate "IPv6: AH transformation"
52 select XFRM_ALGO
53 select CRYPTO
54 select CRYPTO_HMAC
55 select CRYPTO_MD5
56 select CRYPTO_SHA1
57 ---help---
58 Support for IPsec AH.
59
60 If unsure, say Y.
61
62config INET6_ESP
63 tristate "IPv6: ESP transformation"
64 select XFRM_ALGO
65 select CRYPTO
66 select CRYPTO_AUTHENC
67 select CRYPTO_HMAC
68 select CRYPTO_MD5
69 select CRYPTO_CBC
70 select CRYPTO_SHA1
71 select CRYPTO_DES
72 select CRYPTO_ECHAINIV
73 ---help---
74 Support for IPsec ESP.
75
76 If unsure, say Y.
77
78config INET6_IPCOMP
79 tristate "IPv6: IPComp transformation"
80 select INET6_XFRM_TUNNEL
81 select XFRM_IPCOMP
82 ---help---
83 Support for IP Payload Compression Protocol (IPComp) (RFC3173),
84 typically needed for IPsec.
85
86 If unsure, say Y.
87
88config IPV6_MIP6
89 tristate "IPv6: Mobility"
90 select XFRM
91 ---help---
92 Support for IPv6 Mobility described in RFC 3775.
93
94 If unsure, say N.
95
96config IPV6_ILA
97 tristate "IPv6: Identifier Locator Addressing (ILA)"
98 depends on NETFILTER
99 select LWTUNNEL
100 ---help---
101 Support for IPv6 Identifier Locator Addressing (ILA).
102
103 ILA is a mechanism to do network virtualization without
104 encapsulation. The basic concept of ILA is that we split an
105 IPv6 address into a 64 bit locator and 64 bit identifier. The
106 identifier is the identity of an entity in communication
107 ("who") and the locator expresses the location of the
108 entity ("where").
109
110 ILA can be configured using the "encap ila" option with
111 "ip -6 route" command. ILA is described in
112 https://tools.ietf.org/html/draft-herbert-nvo3-ila-00.
113
114 If unsure, say N.
115
116config INET6_XFRM_TUNNEL
117 tristate
118 select INET6_TUNNEL
119 default n
120
121config INET6_TUNNEL
122 tristate
123 default n
124
125config INET6_XFRM_MODE_TRANSPORT
126 tristate "IPv6: IPsec transport mode"
127 default IPV6
128 select XFRM
129 ---help---
130 Support for IPsec transport mode.
131
132 If unsure, say Y.
133
134config INET6_XFRM_MODE_TUNNEL
135 tristate "IPv6: IPsec tunnel mode"
136 default IPV6
137 select XFRM
138 ---help---
139 Support for IPsec tunnel mode.
140
141 If unsure, say Y.
142
143config INET6_XFRM_MODE_BEET
144 tristate "IPv6: IPsec BEET mode"
145 default IPV6
146 select XFRM
147 ---help---
148 Support for IPsec BEET mode.
149
150 If unsure, say Y.
151
152config INET6_XFRM_MODE_ROUTEOPTIMIZATION
153 tristate "IPv6: MIPv6 route optimization mode"
154 select XFRM
155 ---help---
156 Support for MIPv6 route optimization mode.
157
158config IPV6_VTI
159tristate "Virtual (secure) IPv6: tunneling"
160 select IPV6_TUNNEL
161 select NET_IP_TUNNEL
162 depends on INET6_XFRM_MODE_TUNNEL
163 ---help---
164 Tunneling means encapsulating data of one protocol type within
165 another protocol and sending it over a channel that understands the
166 encapsulating protocol. This can be used with xfrm mode tunnel to give
167 the notion of a secure tunnel for IPSEC and then use routing protocol
168 on top.
169
170config IPV6_SIT
171 tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
172 select INET_TUNNEL
173 select NET_IP_TUNNEL
174 select IPV6_NDISC_NODETYPE
175 default y
176 ---help---
177 Tunneling means encapsulating data of one protocol type within
178 another protocol and sending it over a channel that understands the
179 encapsulating protocol. This driver implements encapsulation of IPv6
180 into IPv4 packets. This is useful if you want to connect two IPv6
181 networks over an IPv4-only path.
182
183 Saying M here will produce a module called sit. If unsure, say Y.
184
185config IPV6_SIT_6RD
186 bool "IPv6: IPv6 Rapid Deployment (6RD)"
187 depends on IPV6_SIT
188 default n
189 ---help---
190 IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon
191 mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly
192 deploy IPv6 unicast service to IPv4 sites to which it provides
193 customer premise equipment. Like 6to4, it utilizes stateless IPv6 in
194 IPv4 encapsulation in order to transit IPv4-only network
195 infrastructure. Unlike 6to4, a 6rd service provider uses an IPv6
196 prefix of its own in place of the fixed 6to4 prefix.
197
198 With this option enabled, the SIT driver offers 6rd functionality by
199 providing additional ioctl API to configure the IPv6 Prefix for in
200 stead of static 2002::/16 for 6to4.
201
202 If unsure, say N.
203
204config IPV6_NDISC_NODETYPE
205 bool
206
207config IPV6_TUNNEL
208 tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)"
209 select INET6_TUNNEL
210 select DST_CACHE
211 ---help---
212 Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in
213 RFC 2473.
214
215 If unsure, say N.
216
217config IPV6_GRE
218 tristate "IPv6: GRE tunnel"
219 select IPV6_TUNNEL
220 select NET_IP_TUNNEL
221 ---help---
222 Tunneling means encapsulating data of one protocol type within
223 another protocol and sending it over a channel that understands the
224 encapsulating protocol. This particular tunneling driver implements
225 GRE (Generic Routing Encapsulation) and at this time allows
226 encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure.
227 This driver is useful if the other endpoint is a Cisco router: Cisco
228 likes GRE much better than the other Linux tunneling driver ("IP
229 tunneling" above). In addition, GRE allows multicast redistribution
230 through the tunnel.
231
232 Saying M here will produce a module called ip6_gre. If unsure, say N.
233
234config IPV6_MULTIPLE_TABLES
235 bool "IPv6: Multiple Routing Tables"
236 select FIB_RULES
237 ---help---
238 Support multiple routing tables.
239
240config IPV6_SUBTREES
241 bool "IPv6: source address based routing"
242 depends on IPV6_MULTIPLE_TABLES
243 ---help---
244 Enable routing by source address or prefix.
245
246 The destination address is still the primary routing key, so mixing
247 normal and source prefix specific routes in the same routing table
248 may sometimes lead to unintended routing behavior. This can be
249 avoided by defining different routing tables for the normal and
250 source prefix specific routes.
251
252 If unsure, say N.
253
254config IPV6_MROUTE
255 bool "IPv6: multicast routing"
256 depends on IPV6
257 ---help---
258 Experimental support for IPv6 multicast forwarding.
259 If unsure, say N.
260
261config IPV6_MROUTE_MULTIPLE_TABLES
262 bool "IPv6: multicast policy routing"
263 depends on IPV6_MROUTE
264 select FIB_RULES
265 help
266 Normally, a multicast router runs a userspace daemon and decides
267 what to do with a multicast packet based on the source and
268 destination addresses. If you say Y here, the multicast router
269 will also be able to take interfaces and packet marks into
270 account and run multiple instances of userspace daemons
271 simultaneously, each one handling a single table.
272
273 If unsure, say N.
274
275config IPV6_PIMSM_V2
276 bool "IPv6: PIM-SM version 2 support"
277 depends on IPV6_MROUTE
278 ---help---
279 Support for IPv6 PIM multicast routing protocol PIM-SMv2.
280 If unsure, say N.
281
282endif # IPV6