1 # SPDX-License-Identifier: GPL-2.0-only 2 # 3 # IPv6 configuration 4 # 5 6 # IPv6 as module will cause a CRASH if you try to unload it 7 menuconfig IPV6 8 tristate "The IPv6 protocol" 9 default y 10 select CRYPTO_LIB_SHA1 11 help 12 Support for IP version 6 (IPv6). 13 14 For general information about IPv6, see 15 <https://en.wikipedia.org/wiki/IPv6>. 16 For specific information about IPv6 under Linux, see 17 Documentation/networking/ipv6.rst and read the HOWTO at 18 <https://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/> 19 20 To compile this protocol support as a module, choose M here: the 21 module will be called ipv6. 22 23 if IPV6 24 25 config IPV6_ROUTER_PREF 26 bool "IPv6: Router Preference (RFC 4191) support" 27 help 28 Router Preference is an optional extension to the Router 29 Advertisement message which improves the ability of hosts 30 to pick an appropriate router, especially when the hosts 31 are placed in a multi-homed network. 32 33 If unsure, say N. 34 35 config IPV6_ROUTE_INFO 36 bool "IPv6: Route Information (RFC 4191) support" 37 depends on IPV6_ROUTER_PREF 38 help 39 Support of Route Information. 40 41 If unsure, say N. 42 43 config IPV6_OPTIMISTIC_DAD 44 bool "IPv6: Enable RFC 4429 Optimistic DAD" 45 help 46 Support for optimistic Duplicate Address Detection. It allows for 47 autoconfigured addresses to be used more quickly. 48 49 If unsure, say N. 50 51 config INET6_AH 52 tristate "IPv6: AH transformation" 53 select XFRM_AH 54 help 55 Support for IPsec AH (Authentication Header). 56 57 AH can be used with various authentication algorithms. Besides 58 enabling AH support itself, this option enables the generic 59 implementations of the algorithms that RFC 8221 lists as MUST be 60 implemented. If you need any other algorithms, you'll need to enable 61 them in the crypto API. You should also enable accelerated 62 implementations of any needed algorithms when available. 63 64 If unsure, say Y. 65 66 config INET6_ESP 67 tristate "IPv6: ESP transformation" 68 select XFRM_ESP 69 help 70 Support for IPsec ESP (Encapsulating Security Payload). 71 72 ESP can be used with various encryption and authentication algorithms. 73 Besides enabling ESP support itself, this option enables the generic 74 implementations of the algorithms that RFC 8221 lists as MUST be 75 implemented. If you need any other algorithms, you'll need to enable 76 them in the crypto API. You should also enable accelerated 77 implementations of any needed algorithms when available. 78 79 If unsure, say Y. 80 81 config INET6_ESP_OFFLOAD 82 tristate "IPv6: ESP transformation offload" 83 depends on INET6_ESP 84 select XFRM_OFFLOAD 85 default n 86 help 87 Support for ESP transformation offload. This makes sense 88 only if this system really does IPsec and want to do it 89 with high throughput. A typical desktop system does not 90 need it, even if it does IPsec. 91 92 If unsure, say N. 93 94 config INET6_ESPINTCP 95 bool "IPv6: ESP in TCP encapsulation (RFC 8229)" 96 depends on XFRM && INET6_ESP 97 select STREAM_PARSER 98 select NET_SOCK_MSG 99 select XFRM_ESPINTCP 100 help 101 Support for RFC 8229 encapsulation of ESP and IKE over 102 TCP/IPv6 sockets. 103 104 If unsure, say N. 105 106 config INET6_IPCOMP 107 tristate "IPv6: IPComp transformation" 108 select INET6_XFRM_TUNNEL 109 select XFRM_IPCOMP 110 help 111 Support for IP Payload Compression Protocol (IPComp) (RFC3173), 112 typically needed for IPsec. 113 114 If unsure, say Y. 115 116 config IPV6_MIP6 117 tristate "IPv6: Mobility" 118 select XFRM 119 help 120 Support for IPv6 Mobility described in RFC 3775. 121 122 If unsure, say N. 123 124 config IPV6_ILA 125 tristate "IPv6: Identifier Locator Addressing (ILA)" 126 depends on NETFILTER 127 select DST_CACHE 128 select LWTUNNEL 129 help 130 Support for IPv6 Identifier Locator Addressing (ILA). 131 132 ILA is a mechanism to do network virtualization without 133 encapsulation. The basic concept of ILA is that we split an 134 IPv6 address into a 64 bit locator and 64 bit identifier. The 135 identifier is the identity of an entity in communication 136 ("who") and the locator expresses the location of the 137 entity ("where"). 138 139 ILA can be configured using the "encap ila" option with 140 "ip -6 route" command. ILA is described in 141 https://tools.ietf.org/html/draft-herbert-nvo3-ila-00. 142 143 If unsure, say N. 144 145 config INET6_XFRM_TUNNEL 146 tristate 147 select INET6_TUNNEL 148 default n 149 150 config INET6_TUNNEL 151 tristate 152 default n 153 154 config IPV6_VTI 155 tristate "Virtual (secure) IPv6: tunneling" 156 select IPV6_TUNNEL 157 select NET_IP_TUNNEL 158 select XFRM 159 help 160 Tunneling means encapsulating data of one protocol type within 161 another protocol and sending it over a channel that understands the 162 encapsulating protocol. This can be used with xfrm mode tunnel to give 163 the notion of a secure tunnel for IPSEC and then use routing protocol 164 on top. 165 166 config IPV6_SIT 167 tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" 168 select INET_TUNNEL 169 select NET_IP_TUNNEL 170 select IPV6_NDISC_NODETYPE 171 default y 172 help 173 Tunneling means encapsulating data of one protocol type within 174 another protocol and sending it over a channel that understands the 175 encapsulating protocol. This driver implements encapsulation of IPv6 176 into IPv4 packets. This is useful if you want to connect two IPv6 177 networks over an IPv4-only path. 178 179 Saying M here will produce a module called sit. If unsure, say Y. 180 181 config IPV6_SIT_6RD 182 bool "IPv6: IPv6 Rapid Deployment (6RD)" 183 depends on IPV6_SIT 184 default n 185 help 186 IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon 187 mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly 188 deploy IPv6 unicast service to IPv4 sites to which it provides 189 customer premise equipment. Like 6to4, it utilizes stateless IPv6 in 190 IPv4 encapsulation in order to transit IPv4-only network 191 infrastructure. Unlike 6to4, a 6rd service provider uses an IPv6 192 prefix of its own in place of the fixed 6to4 prefix. 193 194 With this option enabled, the SIT driver offers 6rd functionality by 195 providing additional ioctl API to configure the IPv6 Prefix for in 196 stead of static 2002::/16 for 6to4. 197 198 If unsure, say N. 199 200 config IPV6_NDISC_NODETYPE 201 bool 202 203 config IPV6_TUNNEL 204 tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)" 205 select INET6_TUNNEL 206 select DST_CACHE 207 select GRO_CELLS 208 help 209 Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in 210 RFC 2473. 211 212 If unsure, say N. 213 214 config IPV6_GRE 215 tristate "IPv6: GRE tunnel" 216 select IPV6_TUNNEL 217 select NET_IP_TUNNEL 218 depends on NET_IPGRE_DEMUX 219 help 220 Tunneling means encapsulating data of one protocol type within 221 another protocol and sending it over a channel that understands the 222 encapsulating protocol. This particular tunneling driver implements 223 GRE (Generic Routing Encapsulation) and at this time allows 224 encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure. 225 This driver is useful if the other endpoint is a Cisco router: Cisco 226 likes GRE much better than the other Linux tunneling driver ("IP 227 tunneling" above). In addition, GRE allows multicast redistribution 228 through the tunnel. 229 230 Saying M here will produce a module called ip6_gre. If unsure, say N. 231 232 config IPV6_FOU 233 tristate 234 default NET_FOU && IPV6 235 236 config IPV6_FOU_TUNNEL 237 tristate 238 default NET_FOU_IP_TUNNELS && IPV6_FOU 239 select IPV6_TUNNEL 240 241 config IPV6_MULTIPLE_TABLES 242 bool "IPv6: Multiple Routing Tables" 243 select FIB_RULES 244 help 245 Support multiple routing tables. 246 247 config IPV6_SUBTREES 248 bool "IPv6: source address based routing" 249 depends on IPV6_MULTIPLE_TABLES 250 help 251 Enable routing by source address or prefix. 252 253 The destination address is still the primary routing key, so mixing 254 normal and source prefix specific routes in the same routing table 255 may sometimes lead to unintended routing behavior. This can be 256 avoided by defining different routing tables for the normal and 257 source prefix specific routes. 258 259 If unsure, say N. 260 261 config IPV6_MROUTE 262 bool "IPv6: multicast routing" 263 depends on IPV6 264 select IP_MROUTE_COMMON 265 help 266 Support for IPv6 multicast forwarding. 267 If unsure, say N. 268 269 config IPV6_MROUTE_MULTIPLE_TABLES 270 bool "IPv6: multicast policy routing" 271 depends on IPV6_MROUTE 272 select FIB_RULES 273 help 274 Normally, a multicast router runs a userspace daemon and decides 275 what to do with a multicast packet based on the source and 276 destination addresses. If you say Y here, the multicast router 277 will also be able to take interfaces and packet marks into 278 account and run multiple instances of userspace daemons 279 simultaneously, each one handling a single table. 280 281 If unsure, say N. 282 283 config IPV6_PIMSM_V2 284 bool "IPv6: PIM-SM version 2 support" 285 depends on IPV6_MROUTE 286 help 287 Support for IPv6 PIM multicast routing protocol PIM-SMv2. 288 If unsure, say N. 289 290 config IPV6_SEG6_LWTUNNEL 291 bool "IPv6: Segment Routing Header encapsulation support" 292 depends on IPV6 293 select LWTUNNEL 294 select DST_CACHE 295 select IPV6_MULTIPLE_TABLES 296 help 297 Support for encapsulation of packets within an outer IPv6 298 header and a Segment Routing Header using the lightweight 299 tunnels mechanism. Also enable support for advanced local 300 processing of SRv6 packets based on their active segment. 301 302 If unsure, say N. 303 304 config IPV6_SEG6_HMAC 305 bool "IPv6: Segment Routing HMAC support" 306 depends on IPV6 307 select CRYPTO 308 select CRYPTO_HMAC 309 select CRYPTO_SHA1 310 select CRYPTO_SHA256 311 help 312 Support for HMAC signature generation and verification 313 of SR-enabled packets. 314 315 If unsure, say N. 316 317 config IPV6_SEG6_BPF 318 def_bool y 319 depends on IPV6_SEG6_LWTUNNEL 320 depends on IPV6 = y 321 322 config IPV6_RPL_LWTUNNEL 323 bool "IPv6: RPL Source Routing Header support" 324 depends on IPV6 325 select LWTUNNEL 326 select DST_CACHE 327 help 328 Support for RFC6554 RPL Source Routing Header using the lightweight 329 tunnels mechanism. 330 331 If unsure, say N. 332 333 config IPV6_IOAM6_LWTUNNEL 334 bool "IPv6: IOAM Pre-allocated Trace insertion support" 335 depends on IPV6 336 select LWTUNNEL 337 select DST_CACHE 338 help 339 Support for the insertion of IOAM Pre-allocated Trace 340 Header using the lightweight tunnels mechanism. 341 342 If unsure, say N. 343 344 endif # IPV6 345