Loading...
1# SPDX-License-Identifier: GPL-2.0-only
2#
3# IPv6 configuration
4#
5
6# IPv6 as module will cause a CRASH if you try to unload it
7menuconfig IPV6
8 tristate "The IPv6 protocol"
9 default y
10 select CRYPTO_LIB_SHA1
11 help
12 Support for IP version 6 (IPv6).
13
14 For general information about IPv6, see
15 <https://en.wikipedia.org/wiki/IPv6>.
16 For specific information about IPv6 under Linux, see
17 Documentation/networking/ipv6.rst and read the HOWTO at
18 <https://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/>
19
20 To compile this protocol support as a module, choose M here: the
21 module will be called ipv6.
22
23if IPV6
24
25config IPV6_ROUTER_PREF
26 bool "IPv6: Router Preference (RFC 4191) support"
27 help
28 Router Preference is an optional extension to the Router
29 Advertisement message which improves the ability of hosts
30 to pick an appropriate router, especially when the hosts
31 are placed in a multi-homed network.
32
33 If unsure, say N.
34
35config IPV6_ROUTE_INFO
36 bool "IPv6: Route Information (RFC 4191) support"
37 depends on IPV6_ROUTER_PREF
38 help
39 Support of Route Information.
40
41 If unsure, say N.
42
43config IPV6_OPTIMISTIC_DAD
44 bool "IPv6: Enable RFC 4429 Optimistic DAD"
45 help
46 Support for optimistic Duplicate Address Detection. It allows for
47 autoconfigured addresses to be used more quickly.
48
49 If unsure, say N.
50
51config INET6_AH
52 tristate "IPv6: AH transformation"
53 select XFRM_AH
54 help
55 Support for IPsec AH (Authentication Header).
56
57 AH can be used with various authentication algorithms. Besides
58 enabling AH support itself, this option enables the generic
59 implementations of the algorithms that RFC 8221 lists as MUST be
60 implemented. If you need any other algorithms, you'll need to enable
61 them in the crypto API. You should also enable accelerated
62 implementations of any needed algorithms when available.
63
64 If unsure, say Y.
65
66config INET6_ESP
67 tristate "IPv6: ESP transformation"
68 select XFRM_ESP
69 help
70 Support for IPsec ESP (Encapsulating Security Payload).
71
72 ESP can be used with various encryption and authentication algorithms.
73 Besides enabling ESP support itself, this option enables the generic
74 implementations of the algorithms that RFC 8221 lists as MUST be
75 implemented. If you need any other algorithms, you'll need to enable
76 them in the crypto API. You should also enable accelerated
77 implementations of any needed algorithms when available.
78
79 If unsure, say Y.
80
81config INET6_ESP_OFFLOAD
82 tristate "IPv6: ESP transformation offload"
83 depends on INET6_ESP
84 select XFRM_OFFLOAD
85 default n
86 help
87 Support for ESP transformation offload. This makes sense
88 only if this system really does IPsec and want to do it
89 with high throughput. A typical desktop system does not
90 need it, even if it does IPsec.
91
92 If unsure, say N.
93
94config INET6_ESPINTCP
95 bool "IPv6: ESP in TCP encapsulation (RFC 8229)"
96 depends on XFRM && INET6_ESP
97 select STREAM_PARSER
98 select NET_SOCK_MSG
99 select XFRM_ESPINTCP
100 help
101 Support for RFC 8229 encapsulation of ESP and IKE over
102 TCP/IPv6 sockets.
103
104 If unsure, say N.
105
106config INET6_IPCOMP
107 tristate "IPv6: IPComp transformation"
108 select INET6_XFRM_TUNNEL
109 select XFRM_IPCOMP
110 help
111 Support for IP Payload Compression Protocol (IPComp) (RFC3173),
112 typically needed for IPsec.
113
114 If unsure, say Y.
115
116config IPV6_MIP6
117 tristate "IPv6: Mobility"
118 select XFRM
119 help
120 Support for IPv6 Mobility described in RFC 3775.
121
122 If unsure, say N.
123
124config IPV6_ILA
125 tristate "IPv6: Identifier Locator Addressing (ILA)"
126 depends on NETFILTER
127 select DST_CACHE
128 select LWTUNNEL
129 help
130 Support for IPv6 Identifier Locator Addressing (ILA).
131
132 ILA is a mechanism to do network virtualization without
133 encapsulation. The basic concept of ILA is that we split an
134 IPv6 address into a 64 bit locator and 64 bit identifier. The
135 identifier is the identity of an entity in communication
136 ("who") and the locator expresses the location of the
137 entity ("where").
138
139 ILA can be configured using the "encap ila" option with
140 "ip -6 route" command. ILA is described in
141 https://tools.ietf.org/html/draft-herbert-nvo3-ila-00.
142
143 If unsure, say N.
144
145config INET6_XFRM_TUNNEL
146 tristate
147 select INET6_TUNNEL
148 default n
149
150config INET6_TUNNEL
151 tristate
152 default n
153
154config IPV6_VTI
155 tristate "Virtual (secure) IPv6: tunneling"
156 select IPV6_TUNNEL
157 select NET_IP_TUNNEL
158 select XFRM
159 help
160 Tunneling means encapsulating data of one protocol type within
161 another protocol and sending it over a channel that understands the
162 encapsulating protocol. This can be used with xfrm mode tunnel to give
163 the notion of a secure tunnel for IPSEC and then use routing protocol
164 on top.
165
166config IPV6_SIT
167 tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
168 select INET_TUNNEL
169 select NET_IP_TUNNEL
170 select IPV6_NDISC_NODETYPE
171 default y
172 help
173 Tunneling means encapsulating data of one protocol type within
174 another protocol and sending it over a channel that understands the
175 encapsulating protocol. This driver implements encapsulation of IPv6
176 into IPv4 packets. This is useful if you want to connect two IPv6
177 networks over an IPv4-only path.
178
179 Saying M here will produce a module called sit. If unsure, say Y.
180
181config IPV6_SIT_6RD
182 bool "IPv6: IPv6 Rapid Deployment (6RD)"
183 depends on IPV6_SIT
184 default n
185 help
186 IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon
187 mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly
188 deploy IPv6 unicast service to IPv4 sites to which it provides
189 customer premise equipment. Like 6to4, it utilizes stateless IPv6 in
190 IPv4 encapsulation in order to transit IPv4-only network
191 infrastructure. Unlike 6to4, a 6rd service provider uses an IPv6
192 prefix of its own in place of the fixed 6to4 prefix.
193
194 With this option enabled, the SIT driver offers 6rd functionality by
195 providing additional ioctl API to configure the IPv6 Prefix for in
196 stead of static 2002::/16 for 6to4.
197
198 If unsure, say N.
199
200config IPV6_NDISC_NODETYPE
201 bool
202
203config IPV6_TUNNEL
204 tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)"
205 select INET6_TUNNEL
206 select DST_CACHE
207 select GRO_CELLS
208 help
209 Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in
210 RFC 2473.
211
212 If unsure, say N.
213
214config IPV6_GRE
215 tristate "IPv6: GRE tunnel"
216 select IPV6_TUNNEL
217 select NET_IP_TUNNEL
218 depends on NET_IPGRE_DEMUX
219 help
220 Tunneling means encapsulating data of one protocol type within
221 another protocol and sending it over a channel that understands the
222 encapsulating protocol. This particular tunneling driver implements
223 GRE (Generic Routing Encapsulation) and at this time allows
224 encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure.
225 This driver is useful if the other endpoint is a Cisco router: Cisco
226 likes GRE much better than the other Linux tunneling driver ("IP
227 tunneling" above). In addition, GRE allows multicast redistribution
228 through the tunnel.
229
230 Saying M here will produce a module called ip6_gre. If unsure, say N.
231
232config IPV6_FOU
233 tristate
234 default NET_FOU && IPV6
235
236config IPV6_FOU_TUNNEL
237 tristate
238 default NET_FOU_IP_TUNNELS && IPV6_FOU
239 select IPV6_TUNNEL
240
241config IPV6_MULTIPLE_TABLES
242 bool "IPv6: Multiple Routing Tables"
243 select FIB_RULES
244 help
245 Support multiple routing tables.
246
247config IPV6_SUBTREES
248 bool "IPv6: source address based routing"
249 depends on IPV6_MULTIPLE_TABLES
250 help
251 Enable routing by source address or prefix.
252
253 The destination address is still the primary routing key, so mixing
254 normal and source prefix specific routes in the same routing table
255 may sometimes lead to unintended routing behavior. This can be
256 avoided by defining different routing tables for the normal and
257 source prefix specific routes.
258
259 If unsure, say N.
260
261config IPV6_MROUTE
262 bool "IPv6: multicast routing"
263 depends on IPV6
264 select IP_MROUTE_COMMON
265 help
266 Support for IPv6 multicast forwarding.
267 If unsure, say N.
268
269config IPV6_MROUTE_MULTIPLE_TABLES
270 bool "IPv6: multicast policy routing"
271 depends on IPV6_MROUTE
272 select FIB_RULES
273 help
274 Normally, a multicast router runs a userspace daemon and decides
275 what to do with a multicast packet based on the source and
276 destination addresses. If you say Y here, the multicast router
277 will also be able to take interfaces and packet marks into
278 account and run multiple instances of userspace daemons
279 simultaneously, each one handling a single table.
280
281 If unsure, say N.
282
283config IPV6_PIMSM_V2
284 bool "IPv6: PIM-SM version 2 support"
285 depends on IPV6_MROUTE
286 help
287 Support for IPv6 PIM multicast routing protocol PIM-SMv2.
288 If unsure, say N.
289
290config IPV6_SEG6_LWTUNNEL
291 bool "IPv6: Segment Routing Header encapsulation support"
292 depends on IPV6
293 select LWTUNNEL
294 select DST_CACHE
295 select IPV6_MULTIPLE_TABLES
296 help
297 Support for encapsulation of packets within an outer IPv6
298 header and a Segment Routing Header using the lightweight
299 tunnels mechanism. Also enable support for advanced local
300 processing of SRv6 packets based on their active segment.
301
302 If unsure, say N.
303
304config IPV6_SEG6_HMAC
305 bool "IPv6: Segment Routing HMAC support"
306 depends on IPV6
307 select CRYPTO
308 select CRYPTO_HMAC
309 select CRYPTO_SHA1
310 select CRYPTO_SHA256
311 help
312 Support for HMAC signature generation and verification
313 of SR-enabled packets.
314
315 If unsure, say N.
316
317config IPV6_SEG6_BPF
318 def_bool y
319 depends on IPV6_SEG6_LWTUNNEL
320 depends on IPV6 = y
321
322config IPV6_RPL_LWTUNNEL
323 bool "IPv6: RPL Source Routing Header support"
324 depends on IPV6
325 select LWTUNNEL
326 help
327 Support for RFC6554 RPL Source Routing Header using the lightweight
328 tunnels mechanism.
329
330 If unsure, say N.
331
332config IPV6_IOAM6_LWTUNNEL
333 bool "IPv6: IOAM Pre-allocated Trace insertion support"
334 depends on IPV6
335 select LWTUNNEL
336 select DST_CACHE
337 help
338 Support for the insertion of IOAM Pre-allocated Trace
339 Header using the lightweight tunnels mechanism.
340
341 If unsure, say N.
342
343endif # IPV6
1# SPDX-License-Identifier: GPL-2.0-only
2#
3# IPv6 configuration
4#
5
6# IPv6 as module will cause a CRASH if you try to unload it
7menuconfig IPV6
8 tristate "The IPv6 protocol"
9 default y
10 select CRYPTO_LIB_SHA1
11 help
12 Support for IP version 6 (IPv6).
13
14 For general information about IPv6, see
15 <https://en.wikipedia.org/wiki/IPv6>.
16 For specific information about IPv6 under Linux, see
17 Documentation/networking/ipv6.rst and read the HOWTO at
18 <https://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/>
19
20 To compile this protocol support as a module, choose M here: the
21 module will be called ipv6.
22
23if IPV6
24
25config IPV6_ROUTER_PREF
26 bool "IPv6: Router Preference (RFC 4191) support"
27 help
28 Router Preference is an optional extension to the Router
29 Advertisement message which improves the ability of hosts
30 to pick an appropriate router, especially when the hosts
31 are placed in a multi-homed network.
32
33 If unsure, say N.
34
35config IPV6_ROUTE_INFO
36 bool "IPv6: Route Information (RFC 4191) support"
37 depends on IPV6_ROUTER_PREF
38 help
39 Support of Route Information.
40
41 If unsure, say N.
42
43config IPV6_OPTIMISTIC_DAD
44 bool "IPv6: Enable RFC 4429 Optimistic DAD"
45 help
46 Support for optimistic Duplicate Address Detection. It allows for
47 autoconfigured addresses to be used more quickly.
48
49 If unsure, say N.
50
51config INET6_AH
52 tristate "IPv6: AH transformation"
53 select XFRM_AH
54 help
55 Support for IPsec AH (Authentication Header).
56
57 AH can be used with various authentication algorithms. Besides
58 enabling AH support itself, this option enables the generic
59 implementations of the algorithms that RFC 8221 lists as MUST be
60 implemented. If you need any other algorithms, you'll need to enable
61 them in the crypto API. You should also enable accelerated
62 implementations of any needed algorithms when available.
63
64 If unsure, say Y.
65
66config INET6_ESP
67 tristate "IPv6: ESP transformation"
68 select XFRM_ESP
69 help
70 Support for IPsec ESP (Encapsulating Security Payload).
71
72 ESP can be used with various encryption and authentication algorithms.
73 Besides enabling ESP support itself, this option enables the generic
74 implementations of the algorithms that RFC 8221 lists as MUST be
75 implemented. If you need any other algorithms, you'll need to enable
76 them in the crypto API. You should also enable accelerated
77 implementations of any needed algorithms when available.
78
79 If unsure, say Y.
80
81config INET6_ESP_OFFLOAD
82 tristate "IPv6: ESP transformation offload"
83 depends on INET6_ESP
84 select XFRM_OFFLOAD
85 default n
86 help
87 Support for ESP transformation offload. This makes sense
88 only if this system really does IPsec and want to do it
89 with high throughput. A typical desktop system does not
90 need it, even if it does IPsec.
91
92 If unsure, say N.
93
94config INET6_ESPINTCP
95 bool "IPv6: ESP in TCP encapsulation (RFC 8229)"
96 depends on XFRM && INET6_ESP
97 select STREAM_PARSER
98 select NET_SOCK_MSG
99 select XFRM_ESPINTCP
100 help
101 Support for RFC 8229 encapsulation of ESP and IKE over
102 TCP/IPv6 sockets.
103
104 If unsure, say N.
105
106config INET6_IPCOMP
107 tristate "IPv6: IPComp transformation"
108 select INET6_XFRM_TUNNEL
109 select XFRM_IPCOMP
110 help
111 Support for IP Payload Compression Protocol (IPComp) (RFC3173),
112 typically needed for IPsec.
113
114 If unsure, say Y.
115
116config IPV6_MIP6
117 tristate "IPv6: Mobility"
118 select XFRM
119 help
120 Support for IPv6 Mobility described in RFC 3775.
121
122 If unsure, say N.
123
124config IPV6_ILA
125 tristate "IPv6: Identifier Locator Addressing (ILA)"
126 depends on NETFILTER
127 select DST_CACHE
128 select LWTUNNEL
129 help
130 Support for IPv6 Identifier Locator Addressing (ILA).
131
132 ILA is a mechanism to do network virtualization without
133 encapsulation. The basic concept of ILA is that we split an
134 IPv6 address into a 64 bit locator and 64 bit identifier. The
135 identifier is the identity of an entity in communication
136 ("who") and the locator expresses the location of the
137 entity ("where").
138
139 ILA can be configured using the "encap ila" option with
140 "ip -6 route" command. ILA is described in
141 https://tools.ietf.org/html/draft-herbert-nvo3-ila-00.
142
143 If unsure, say N.
144
145config INET6_XFRM_TUNNEL
146 tristate
147 select INET6_TUNNEL
148 default n
149
150config INET6_TUNNEL
151 tristate
152 default n
153
154config IPV6_VTI
155 tristate "Virtual (secure) IPv6: tunneling"
156 select IPV6_TUNNEL
157 select NET_IP_TUNNEL
158 select XFRM
159 help
160 Tunneling means encapsulating data of one protocol type within
161 another protocol and sending it over a channel that understands the
162 encapsulating protocol. This can be used with xfrm mode tunnel to give
163 the notion of a secure tunnel for IPSEC and then use routing protocol
164 on top.
165
166config IPV6_SIT
167 tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
168 select INET_TUNNEL
169 select NET_IP_TUNNEL
170 select IPV6_NDISC_NODETYPE
171 default y
172 help
173 Tunneling means encapsulating data of one protocol type within
174 another protocol and sending it over a channel that understands the
175 encapsulating protocol. This driver implements encapsulation of IPv6
176 into IPv4 packets. This is useful if you want to connect two IPv6
177 networks over an IPv4-only path.
178
179 Saying M here will produce a module called sit. If unsure, say Y.
180
181config IPV6_SIT_6RD
182 bool "IPv6: IPv6 Rapid Deployment (6RD)"
183 depends on IPV6_SIT
184 default n
185 help
186 IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon
187 mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly
188 deploy IPv6 unicast service to IPv4 sites to which it provides
189 customer premise equipment. Like 6to4, it utilizes stateless IPv6 in
190 IPv4 encapsulation in order to transit IPv4-only network
191 infrastructure. Unlike 6to4, a 6rd service provider uses an IPv6
192 prefix of its own in place of the fixed 6to4 prefix.
193
194 With this option enabled, the SIT driver offers 6rd functionality by
195 providing additional ioctl API to configure the IPv6 Prefix for in
196 stead of static 2002::/16 for 6to4.
197
198 If unsure, say N.
199
200config IPV6_NDISC_NODETYPE
201 bool
202
203config IPV6_TUNNEL
204 tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)"
205 select INET6_TUNNEL
206 select DST_CACHE
207 select GRO_CELLS
208 help
209 Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in
210 RFC 2473.
211
212 If unsure, say N.
213
214config IPV6_GRE
215 tristate "IPv6: GRE tunnel"
216 select IPV6_TUNNEL
217 select NET_IP_TUNNEL
218 depends on NET_IPGRE_DEMUX
219 help
220 Tunneling means encapsulating data of one protocol type within
221 another protocol and sending it over a channel that understands the
222 encapsulating protocol. This particular tunneling driver implements
223 GRE (Generic Routing Encapsulation) and at this time allows
224 encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure.
225 This driver is useful if the other endpoint is a Cisco router: Cisco
226 likes GRE much better than the other Linux tunneling driver ("IP
227 tunneling" above). In addition, GRE allows multicast redistribution
228 through the tunnel.
229
230 Saying M here will produce a module called ip6_gre. If unsure, say N.
231
232config IPV6_FOU
233 tristate
234 default NET_FOU && IPV6
235
236config IPV6_FOU_TUNNEL
237 tristate
238 default NET_FOU_IP_TUNNELS && IPV6_FOU
239 select IPV6_TUNNEL
240
241config IPV6_MULTIPLE_TABLES
242 bool "IPv6: Multiple Routing Tables"
243 select FIB_RULES
244 help
245 Support multiple routing tables.
246
247config IPV6_SUBTREES
248 bool "IPv6: source address based routing"
249 depends on IPV6_MULTIPLE_TABLES
250 help
251 Enable routing by source address or prefix.
252
253 The destination address is still the primary routing key, so mixing
254 normal and source prefix specific routes in the same routing table
255 may sometimes lead to unintended routing behavior. This can be
256 avoided by defining different routing tables for the normal and
257 source prefix specific routes.
258
259 If unsure, say N.
260
261config IPV6_MROUTE
262 bool "IPv6: multicast routing"
263 depends on IPV6
264 select IP_MROUTE_COMMON
265 help
266 Support for IPv6 multicast forwarding.
267 If unsure, say N.
268
269config IPV6_MROUTE_MULTIPLE_TABLES
270 bool "IPv6: multicast policy routing"
271 depends on IPV6_MROUTE
272 select FIB_RULES
273 help
274 Normally, a multicast router runs a userspace daemon and decides
275 what to do with a multicast packet based on the source and
276 destination addresses. If you say Y here, the multicast router
277 will also be able to take interfaces and packet marks into
278 account and run multiple instances of userspace daemons
279 simultaneously, each one handling a single table.
280
281 If unsure, say N.
282
283config IPV6_PIMSM_V2
284 bool "IPv6: PIM-SM version 2 support"
285 depends on IPV6_MROUTE
286 help
287 Support for IPv6 PIM multicast routing protocol PIM-SMv2.
288 If unsure, say N.
289
290config IPV6_SEG6_LWTUNNEL
291 bool "IPv6: Segment Routing Header encapsulation support"
292 depends on IPV6
293 select LWTUNNEL
294 select DST_CACHE
295 select IPV6_MULTIPLE_TABLES
296 help
297 Support for encapsulation of packets within an outer IPv6
298 header and a Segment Routing Header using the lightweight
299 tunnels mechanism. Also enable support for advanced local
300 processing of SRv6 packets based on their active segment.
301
302 If unsure, say N.
303
304config IPV6_SEG6_HMAC
305 bool "IPv6: Segment Routing HMAC support"
306 depends on IPV6
307 select CRYPTO
308 select CRYPTO_HMAC
309 select CRYPTO_SHA1
310 select CRYPTO_SHA256
311 help
312 Support for HMAC signature generation and verification
313 of SR-enabled packets.
314
315 If unsure, say N.
316
317config IPV6_SEG6_BPF
318 def_bool y
319 depends on IPV6_SEG6_LWTUNNEL
320 depends on IPV6 = y
321
322config IPV6_RPL_LWTUNNEL
323 bool "IPv6: RPL Source Routing Header support"
324 depends on IPV6
325 select LWTUNNEL
326 select DST_CACHE
327 help
328 Support for RFC6554 RPL Source Routing Header using the lightweight
329 tunnels mechanism.
330
331 If unsure, say N.
332
333config IPV6_IOAM6_LWTUNNEL
334 bool "IPv6: IOAM Pre-allocated Trace insertion support"
335 depends on IPV6
336 select LWTUNNEL
337 select DST_CACHE
338 help
339 Support for the insertion of IOAM Pre-allocated Trace
340 Header using the lightweight tunnels mechanism.
341
342 If unsure, say N.
343
344endif # IPV6