1ec8f24b7SThomas Gleixner# SPDX-License-Identifier: GPL-2.0-only 21da177e4SLinus Torvalds# 31da177e4SLinus Torvalds# IPv6 configuration 41da177e4SLinus Torvalds# 56a2e9b73SSam Ravnborg 66a2e9b73SSam Ravnborg# IPv6 as module will cause a CRASH if you try to unload it 70b18542bSJan Engelhardtmenuconfig IPV6 86a2e9b73SSam Ravnborg tristate "The IPv6 protocol" 9de551f2eSTom Herbert default y 106a2e9b73SSam Ravnborg ---help--- 11de551f2eSTom Herbert Support for IP version 6 (IPv6). 126a2e9b73SSam Ravnborg 136a2e9b73SSam Ravnborg For general information about IPv6, see 14242260fbSChristian Kujau <https://en.wikipedia.org/wiki/IPv6>. 15de551f2eSTom Herbert For specific information about IPv6 under Linux, see 16de551f2eSTom Herbert Documentation/networking/ipv6.txt and read the HOWTO at 17de551f2eSTom Herbert <http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/> 186a2e9b73SSam Ravnborg 196a2e9b73SSam Ravnborg To compile this protocol support as a module, choose M here: the 206a2e9b73SSam Ravnborg module will be called ipv6. 216a2e9b73SSam Ravnborg 220b18542bSJan Engelhardtif IPV6 230b18542bSJan Engelhardt 24ebacaaa0SYOSHIFUJI Hideakiconfig IPV6_ROUTER_PREF 25ebacaaa0SYOSHIFUJI Hideaki bool "IPv6: Router Preference (RFC 4191) support" 26ebacaaa0SYOSHIFUJI Hideaki ---help--- 27ebacaaa0SYOSHIFUJI Hideaki Router Preference is an optional extension to the Router 28692105b8SMatt LaPlante Advertisement message which improves the ability of hosts 29692105b8SMatt LaPlante to pick an appropriate router, especially when the hosts 30692105b8SMatt LaPlante are placed in a multi-homed network. 31ebacaaa0SYOSHIFUJI Hideaki 32ebacaaa0SYOSHIFUJI Hideaki If unsure, say N. 33ebacaaa0SYOSHIFUJI Hideaki 3470ceb4f5SYOSHIFUJI Hideakiconfig IPV6_ROUTE_INFO 35f9ceb16eSKees Cook bool "IPv6: Route Information (RFC 4191) support" 36f9ceb16eSKees Cook depends on IPV6_ROUTER_PREF 3770ceb4f5SYOSHIFUJI Hideaki ---help--- 38a9f71d0dSGeorg Hofmann Support of Route Information. 3970ceb4f5SYOSHIFUJI Hideaki 4070ceb4f5SYOSHIFUJI Hideaki If unsure, say N. 4170ceb4f5SYOSHIFUJI Hideaki 4295c385b4SNeil Hormanconfig IPV6_OPTIMISTIC_DAD 43f9ceb16eSKees Cook bool "IPv6: Enable RFC 4429 Optimistic DAD" 4495c385b4SNeil Horman ---help--- 45a9f71d0dSGeorg Hofmann Support for optimistic Duplicate Address Detection. It allows for 46a9f71d0dSGeorg Hofmann autoconfigured addresses to be used more quickly. 4795c385b4SNeil Horman 4895c385b4SNeil Horman If unsure, say N. 4995c385b4SNeil Horman 501da177e4SLinus Torvaldsconfig INET6_AH 511da177e4SLinus Torvalds tristate "IPv6: AH transformation" 527e152524SJan Beulich select XFRM_ALGO 531da177e4SLinus Torvalds select CRYPTO 541da177e4SLinus Torvalds select CRYPTO_HMAC 551da177e4SLinus Torvalds select CRYPTO_MD5 561da177e4SLinus Torvalds select CRYPTO_SHA1 571da177e4SLinus Torvalds ---help--- 581da177e4SLinus Torvalds Support for IPsec AH. 591da177e4SLinus Torvalds 601da177e4SLinus Torvalds If unsure, say Y. 611da177e4SLinus Torvalds 621da177e4SLinus Torvaldsconfig INET6_ESP 631da177e4SLinus Torvalds tristate "IPv6: ESP transformation" 647e152524SJan Beulich select XFRM_ALGO 651da177e4SLinus Torvalds select CRYPTO 66ed58dd41SHerbert Xu select CRYPTO_AUTHENC 671da177e4SLinus Torvalds select CRYPTO_HMAC 681da177e4SLinus Torvalds select CRYPTO_MD5 696b7326c8SHerbert Xu select CRYPTO_CBC 701da177e4SLinus Torvalds select CRYPTO_SHA1 711da177e4SLinus Torvalds select CRYPTO_DES 7232b6170cSThomas Egerer select CRYPTO_ECHAINIV 731da177e4SLinus Torvalds ---help--- 741da177e4SLinus Torvalds Support for IPsec ESP. 751da177e4SLinus Torvalds 761da177e4SLinus Torvalds If unsure, say Y. 771da177e4SLinus Torvalds 787785bba2SSteffen Klassertconfig INET6_ESP_OFFLOAD 797785bba2SSteffen Klassert tristate "IPv6: ESP transformation offload" 807785bba2SSteffen Klassert depends on INET6_ESP 817785bba2SSteffen Klassert select XFRM_OFFLOAD 827785bba2SSteffen Klassert default n 837785bba2SSteffen Klassert ---help--- 847785bba2SSteffen Klassert Support for ESP transformation offload. This makes sense 857785bba2SSteffen Klassert only if this system really does IPsec and want to do it 867785bba2SSteffen Klassert with high throughput. A typical desktop system does not 877785bba2SSteffen Klassert need it, even if it does IPsec. 887785bba2SSteffen Klassert 897785bba2SSteffen Klassert If unsure, say N. 907785bba2SSteffen Klassert 91*26333c37SSabrina Dubrocaconfig INET6_ESPINTCP 92*26333c37SSabrina Dubroca bool "IPv6: ESP in TCP encapsulation (RFC 8229)" 93*26333c37SSabrina Dubroca depends on XFRM && INET6_ESP 94*26333c37SSabrina Dubroca select STREAM_PARSER 95*26333c37SSabrina Dubroca select NET_SOCK_MSG 96*26333c37SSabrina Dubroca select XFRM_ESPINTCP 97*26333c37SSabrina Dubroca help 98*26333c37SSabrina Dubroca Support for RFC 8229 encapsulation of ESP and IKE over 99*26333c37SSabrina Dubroca TCP/IPv6 sockets. 100*26333c37SSabrina Dubroca 101*26333c37SSabrina Dubroca If unsure, say N. 102*26333c37SSabrina Dubroca 1031da177e4SLinus Torvaldsconfig INET6_IPCOMP 1041da177e4SLinus Torvalds tristate "IPv6: IPComp transformation" 105d2acc347SHerbert Xu select INET6_XFRM_TUNNEL 1066fccab67SHerbert Xu select XFRM_IPCOMP 1071da177e4SLinus Torvalds ---help--- 1081da177e4SLinus Torvalds Support for IP Payload Compression Protocol (IPComp) (RFC3173), 1091da177e4SLinus Torvalds typically needed for IPsec. 1101da177e4SLinus Torvalds 1111da177e4SLinus Torvalds If unsure, say Y. 1121da177e4SLinus Torvalds 113ee538268SMasahide NAKAMURAconfig IPV6_MIP6 114f9ceb16eSKees Cook tristate "IPv6: Mobility" 115ee538268SMasahide NAKAMURA select XFRM 116ee538268SMasahide NAKAMURA ---help--- 117ee538268SMasahide NAKAMURA Support for IPv6 Mobility described in RFC 3775. 118ee538268SMasahide NAKAMURA 119ee538268SMasahide NAKAMURA If unsure, say N. 120ee538268SMasahide NAKAMURA 12165d7ab8dSTom Herbertconfig IPV6_ILA 12265d7ab8dSTom Herbert tristate "IPv6: Identifier Locator Addressing (ILA)" 1238cb964daSArnd Bergmann depends on NETFILTER 12483ed7d1fSArnd Bergmann select DST_CACHE 12565d7ab8dSTom Herbert select LWTUNNEL 12665d7ab8dSTom Herbert ---help--- 12765d7ab8dSTom Herbert Support for IPv6 Identifier Locator Addressing (ILA). 12865d7ab8dSTom Herbert 12965d7ab8dSTom Herbert ILA is a mechanism to do network virtualization without 13065d7ab8dSTom Herbert encapsulation. The basic concept of ILA is that we split an 13165d7ab8dSTom Herbert IPv6 address into a 64 bit locator and 64 bit identifier. The 13265d7ab8dSTom Herbert identifier is the identity of an entity in communication 13365d7ab8dSTom Herbert ("who") and the locator expresses the location of the 13465d7ab8dSTom Herbert entity ("where"). 13565d7ab8dSTom Herbert 13665d7ab8dSTom Herbert ILA can be configured using the "encap ila" option with 13765d7ab8dSTom Herbert "ip -6 route" command. ILA is described in 13865d7ab8dSTom Herbert https://tools.ietf.org/html/draft-herbert-nvo3-ila-00. 13965d7ab8dSTom Herbert 14065d7ab8dSTom Herbert If unsure, say N. 14165d7ab8dSTom Herbert 142d2acc347SHerbert Xuconfig INET6_XFRM_TUNNEL 143d2acc347SHerbert Xu tristate 144d2acc347SHerbert Xu select INET6_TUNNEL 145d2acc347SHerbert Xu default n 1461da177e4SLinus Torvalds 147d2acc347SHerbert Xuconfig INET6_TUNNEL 148d2acc347SHerbert Xu tristate 149d2acc347SHerbert Xu default n 1501da177e4SLinus Torvalds 151ed1efb2aSSteffen Klassertconfig IPV6_VTI 152ed1efb2aSSteffen Klasserttristate "Virtual (secure) IPv6: tunneling" 153ed1efb2aSSteffen Klassert select IPV6_TUNNEL 154876fc03aSSteffen Klassert select NET_IP_TUNNEL 1554c145dceSFlorian Westphal select XFRM 156ed1efb2aSSteffen Klassert ---help--- 157ed1efb2aSSteffen Klassert Tunneling means encapsulating data of one protocol type within 158ed1efb2aSSteffen Klassert another protocol and sending it over a channel that understands the 159ed1efb2aSSteffen Klassert encapsulating protocol. This can be used with xfrm mode tunnel to give 160ed1efb2aSSteffen Klassert the notion of a secure tunnel for IPSEC and then use routing protocol 161ed1efb2aSSteffen Klassert on top. 162ed1efb2aSSteffen Klassert 163989e5b96SJoerg Roedelconfig IPV6_SIT 164989e5b96SJoerg Roedel tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" 165c73cb5a2SKazunori MIYAZAWA select INET_TUNNEL 166f61dd388SPravin B Shelar select NET_IP_TUNNEL 167de357cc0SYOSHIFUJI Hideaki select IPV6_NDISC_NODETYPE 168989e5b96SJoerg Roedel default y 169989e5b96SJoerg Roedel ---help--- 170989e5b96SJoerg Roedel Tunneling means encapsulating data of one protocol type within 171989e5b96SJoerg Roedel another protocol and sending it over a channel that understands the 172989e5b96SJoerg Roedel encapsulating protocol. This driver implements encapsulation of IPv6 1735c5d6dabSDavid S. Miller into IPv4 packets. This is useful if you want to connect two IPv6 174989e5b96SJoerg Roedel networks over an IPv4-only path. 175989e5b96SJoerg Roedel 1764737f097SPavel Machek Saying M here will produce a module called sit. If unsure, say Y. 177989e5b96SJoerg Roedel 178fa857afcSYOSHIFUJI Hideaki / 吉藤英明config IPV6_SIT_6RD 179f9ceb16eSKees Cook bool "IPv6: IPv6 Rapid Deployment (6RD)" 180f9ceb16eSKees Cook depends on IPV6_SIT 181fa857afcSYOSHIFUJI Hideaki / 吉藤英明 default n 182fa857afcSYOSHIFUJI Hideaki / 吉藤英明 ---help--- 183fa857afcSYOSHIFUJI Hideaki / 吉藤英明 IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon 184fa857afcSYOSHIFUJI Hideaki / 吉藤英明 mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly 185fa857afcSYOSHIFUJI Hideaki / 吉藤英明 deploy IPv6 unicast service to IPv4 sites to which it provides 186fa857afcSYOSHIFUJI Hideaki / 吉藤英明 customer premise equipment. Like 6to4, it utilizes stateless IPv6 in 187fa857afcSYOSHIFUJI Hideaki / 吉藤英明 IPv4 encapsulation in order to transit IPv4-only network 188fa857afcSYOSHIFUJI Hideaki / 吉藤英明 infrastructure. Unlike 6to4, a 6rd service provider uses an IPv6 189fa857afcSYOSHIFUJI Hideaki / 吉藤英明 prefix of its own in place of the fixed 6to4 prefix. 190fa857afcSYOSHIFUJI Hideaki / 吉藤英明 191fa857afcSYOSHIFUJI Hideaki / 吉藤英明 With this option enabled, the SIT driver offers 6rd functionality by 192fa857afcSYOSHIFUJI Hideaki / 吉藤英明 providing additional ioctl API to configure the IPv6 Prefix for in 193fa857afcSYOSHIFUJI Hideaki / 吉藤英明 stead of static 2002::/16 for 6to4. 194fa857afcSYOSHIFUJI Hideaki / 吉藤英明 195fa857afcSYOSHIFUJI Hideaki / 吉藤英明 If unsure, say N. 196fa857afcSYOSHIFUJI Hideaki / 吉藤英明 197de357cc0SYOSHIFUJI Hideakiconfig IPV6_NDISC_NODETYPE 198de357cc0SYOSHIFUJI Hideaki bool 199de357cc0SYOSHIFUJI Hideaki 2001da177e4SLinus Torvaldsconfig IPV6_TUNNEL 20138fe999eSYOSHIFUJI Hideaki tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)" 202d2acc347SHerbert Xu select INET6_TUNNEL 203607f725fSPaolo Abeni select DST_CACHE 20497e219b7SEric Dumazet select GRO_CELLS 2051da177e4SLinus Torvalds ---help--- 20638fe999eSYOSHIFUJI Hideaki Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in 20738fe999eSYOSHIFUJI Hideaki RFC 2473. 2081da177e4SLinus Torvalds 2091da177e4SLinus Torvalds If unsure, say N. 2101da177e4SLinus Torvalds 211c12b395aSxeb@mail.ruconfig IPV6_GRE 212c12b395aSxeb@mail.ru tristate "IPv6: GRE tunnel" 213c12b395aSxeb@mail.ru select IPV6_TUNNEL 214f61dd388SPravin B Shelar select NET_IP_TUNNEL 2158bf42e9eSArnd Bergmann depends on NET_IPGRE_DEMUX 216c12b395aSxeb@mail.ru ---help--- 217c12b395aSxeb@mail.ru Tunneling means encapsulating data of one protocol type within 218c12b395aSxeb@mail.ru another protocol and sending it over a channel that understands the 219c12b395aSxeb@mail.ru encapsulating protocol. This particular tunneling driver implements 220c12b395aSxeb@mail.ru GRE (Generic Routing Encapsulation) and at this time allows 221c12b395aSxeb@mail.ru encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure. 222c12b395aSxeb@mail.ru This driver is useful if the other endpoint is a Cisco router: Cisco 223c12b395aSxeb@mail.ru likes GRE much better than the other Linux tunneling driver ("IP 224c12b395aSxeb@mail.ru tunneling" above). In addition, GRE allows multicast redistribution 225c12b395aSxeb@mail.ru through the tunnel. 226c12b395aSxeb@mail.ru 227c12b395aSxeb@mail.ru Saying M here will produce a module called ip6_gre. If unsure, say N. 228c12b395aSxeb@mail.ru 229fabb13dbSArnd Bergmannconfig IPV6_FOU 230fabb13dbSArnd Bergmann tristate 231fabb13dbSArnd Bergmann default NET_FOU && IPV6 232fabb13dbSArnd Bergmann 233fabb13dbSArnd Bergmannconfig IPV6_FOU_TUNNEL 234fabb13dbSArnd Bergmann tristate 235fabb13dbSArnd Bergmann default NET_FOU_IP_TUNNELS && IPV6_FOU 23695e4daa8SArnd Bergmann select IPV6_TUNNEL 237fabb13dbSArnd Bergmann 238264e91b6SVille Nuorvalaconfig IPV6_MULTIPLE_TABLES 239264e91b6SVille Nuorvala bool "IPv6: Multiple Routing Tables" 240264e91b6SVille Nuorvala select FIB_RULES 241264e91b6SVille Nuorvala ---help--- 242264e91b6SVille Nuorvala Support multiple routing tables. 243264e91b6SVille Nuorvala 2444e96c2b4SYOSHIFUJI Hideakiconfig IPV6_SUBTREES 2454e96c2b4SYOSHIFUJI Hideaki bool "IPv6: source address based routing" 246264e91b6SVille Nuorvala depends on IPV6_MULTIPLE_TABLES 2474e96c2b4SYOSHIFUJI Hideaki ---help--- 2484e96c2b4SYOSHIFUJI Hideaki Enable routing by source address or prefix. 2494e96c2b4SYOSHIFUJI Hideaki 2504e96c2b4SYOSHIFUJI Hideaki The destination address is still the primary routing key, so mixing 2514e96c2b4SYOSHIFUJI Hideaki normal and source prefix specific routes in the same routing table 2524e96c2b4SYOSHIFUJI Hideaki may sometimes lead to unintended routing behavior. This can be 2534e96c2b4SYOSHIFUJI Hideaki avoided by defining different routing tables for the normal and 2544e96c2b4SYOSHIFUJI Hideaki source prefix specific routes. 2554e96c2b4SYOSHIFUJI Hideaki 2564e96c2b4SYOSHIFUJI Hideaki If unsure, say N. 2574e96c2b4SYOSHIFUJI Hideaki 2587bc570c8SYOSHIFUJI Hideakiconfig IPV6_MROUTE 259f9ceb16eSKees Cook bool "IPv6: multicast routing" 260f9ceb16eSKees Cook depends on IPV6 2616853f21fSYuval Mintz select IP_MROUTE_COMMON 2627bc570c8SYOSHIFUJI Hideaki ---help--- 263a9f71d0dSGeorg Hofmann Support for IPv6 multicast forwarding. 2647bc570c8SYOSHIFUJI Hideaki If unsure, say N. 2657bc570c8SYOSHIFUJI Hideaki 266d1db275dSPatrick McHardyconfig IPV6_MROUTE_MULTIPLE_TABLES 267d1db275dSPatrick McHardy bool "IPv6: multicast policy routing" 268d1db275dSPatrick McHardy depends on IPV6_MROUTE 269d1db275dSPatrick McHardy select FIB_RULES 270d1db275dSPatrick McHardy help 271d1db275dSPatrick McHardy Normally, a multicast router runs a userspace daemon and decides 272d1db275dSPatrick McHardy what to do with a multicast packet based on the source and 273d1db275dSPatrick McHardy destination addresses. If you say Y here, the multicast router 274d1db275dSPatrick McHardy will also be able to take interfaces and packet marks into 275d1db275dSPatrick McHardy account and run multiple instances of userspace daemons 276d1db275dSPatrick McHardy simultaneously, each one handling a single table. 277d1db275dSPatrick McHardy 278d1db275dSPatrick McHardy If unsure, say N. 279d1db275dSPatrick McHardy 28014fb64e1SYOSHIFUJI Hideakiconfig IPV6_PIMSM_V2 281f9ceb16eSKees Cook bool "IPv6: PIM-SM version 2 support" 28214fb64e1SYOSHIFUJI Hideaki depends on IPV6_MROUTE 28314fb64e1SYOSHIFUJI Hideaki ---help--- 28414fb64e1SYOSHIFUJI Hideaki Support for IPv6 PIM multicast routing protocol PIM-SMv2. 28514fb64e1SYOSHIFUJI Hideaki If unsure, say N. 28614fb64e1SYOSHIFUJI Hideaki 28746738b13SDavid Lebrunconfig IPV6_SEG6_LWTUNNEL 28846738b13SDavid Lebrun bool "IPv6: Segment Routing Header encapsulation support" 28946738b13SDavid Lebrun depends on IPV6 29046738b13SDavid Lebrun select LWTUNNEL 291402a5bc4SDavid Lebrun select DST_CACHE 292d7a669ddSDavid Lebrun select IPV6_MULTIPLE_TABLES 29346738b13SDavid Lebrun ---help--- 29446738b13SDavid Lebrun Support for encapsulation of packets within an outer IPv6 29546738b13SDavid Lebrun header and a Segment Routing Header using the lightweight 296d1df6fd8SDavid Lebrun tunnels mechanism. Also enable support for advanced local 297d1df6fd8SDavid Lebrun processing of SRv6 packets based on their active segment. 29846738b13SDavid Lebrun 29946738b13SDavid Lebrun If unsure, say N. 30046738b13SDavid Lebrun 301bf355b8dSDavid Lebrunconfig IPV6_SEG6_HMAC 302bf355b8dSDavid Lebrun bool "IPv6: Segment Routing HMAC support" 303bf355b8dSDavid Lebrun depends on IPV6 304bf355b8dSDavid Lebrun select CRYPTO_HMAC 305bf355b8dSDavid Lebrun select CRYPTO_SHA1 306bf355b8dSDavid Lebrun select CRYPTO_SHA256 307bf355b8dSDavid Lebrun ---help--- 308bf355b8dSDavid Lebrun Support for HMAC signature generation and verification 309bf355b8dSDavid Lebrun of SR-enabled packets. 310bf355b8dSDavid Lebrun 311bf355b8dSDavid Lebrun If unsure, say N. 312bf355b8dSDavid Lebrun 313fe94cc29SMathieu Xhonneuxconfig IPV6_SEG6_BPF 314fe94cc29SMathieu Xhonneux def_bool y 315fe94cc29SMathieu Xhonneux depends on IPV6_SEG6_LWTUNNEL 316fe94cc29SMathieu Xhonneux depends on IPV6 = y 317fe94cc29SMathieu Xhonneux 318a7a29f9cSAlexander Aringconfig IPV6_RPL_LWTUNNEL 319a7a29f9cSAlexander Aring bool "IPv6: RPL Source Routing Header support" 320a7a29f9cSAlexander Aring depends on IPV6 321a7a29f9cSAlexander Aring select LWTUNNEL 322a7a29f9cSAlexander Aring ---help--- 323a7a29f9cSAlexander Aring Support for RFC6554 RPL Source Routing Header using the lightweight 324a7a29f9cSAlexander Aring tunnels mechanism. 325a7a29f9cSAlexander Aring 326a7a29f9cSAlexander Aring If unsure, say N. 327a7a29f9cSAlexander Aring 3280b18542bSJan Engelhardtendif # IPV6 329