1# SPDX-License-Identifier: GPL-2.0-only 2# 3# IPv6 configuration 4# 5 6# IPv6 as module will cause a CRASH if you try to unload it 7menuconfig IPV6 8 tristate "The IPv6 protocol" 9 default y 10 help 11 Support for IP version 6 (IPv6). 12 13 For general information about IPv6, see 14 <https://en.wikipedia.org/wiki/IPv6>. 15 For specific information about IPv6 under Linux, see 16 Documentation/networking/ipv6.rst and read the HOWTO at 17 <https://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/> 18 19 To compile this protocol support as a module, choose M here: the 20 module will be called ipv6. 21 22if IPV6 23 24config IPV6_ROUTER_PREF 25 bool "IPv6: Router Preference (RFC 4191) support" 26 help 27 Router Preference is an optional extension to the Router 28 Advertisement message which improves the ability of hosts 29 to pick an appropriate router, especially when the hosts 30 are placed in a multi-homed network. 31 32 If unsure, say N. 33 34config IPV6_ROUTE_INFO 35 bool "IPv6: Route Information (RFC 4191) support" 36 depends on IPV6_ROUTER_PREF 37 help 38 Support of Route Information. 39 40 If unsure, say N. 41 42config IPV6_OPTIMISTIC_DAD 43 bool "IPv6: Enable RFC 4429 Optimistic DAD" 44 help 45 Support for optimistic Duplicate Address Detection. It allows for 46 autoconfigured addresses to be used more quickly. 47 48 If unsure, say N. 49 50config INET6_AH 51 tristate "IPv6: AH transformation" 52 select XFRM_AH 53 help 54 Support for IPsec AH (Authentication Header). 55 56 AH can be used with various authentication algorithms. Besides 57 enabling AH support itself, this option enables the generic 58 implementations of the algorithms that RFC 8221 lists as MUST be 59 implemented. If you need any other algorithms, you'll need to enable 60 them in the crypto API. You should also enable accelerated 61 implementations of any needed algorithms when available. 62 63 If unsure, say Y. 64 65config INET6_ESP 66 tristate "IPv6: ESP transformation" 67 select XFRM_ESP 68 help 69 Support for IPsec ESP (Encapsulating Security Payload). 70 71 ESP can be used with various encryption and authentication algorithms. 72 Besides enabling ESP support itself, this option enables the generic 73 implementations of the algorithms that RFC 8221 lists as MUST be 74 implemented. If you need any other algorithms, you'll need to enable 75 them in the crypto API. You should also enable accelerated 76 implementations of any needed algorithms when available. 77 78 If unsure, say Y. 79 80config INET6_ESP_OFFLOAD 81 tristate "IPv6: ESP transformation offload" 82 depends on INET6_ESP 83 select XFRM_OFFLOAD 84 default n 85 help 86 Support for ESP transformation offload. This makes sense 87 only if this system really does IPsec and want to do it 88 with high throughput. A typical desktop system does not 89 need it, even if it does IPsec. 90 91 If unsure, say N. 92 93config INET6_ESPINTCP 94 bool "IPv6: ESP in TCP encapsulation (RFC 8229)" 95 depends on XFRM && INET6_ESP 96 select STREAM_PARSER 97 select NET_SOCK_MSG 98 select XFRM_ESPINTCP 99 help 100 Support for RFC 8229 encapsulation of ESP and IKE over 101 TCP/IPv6 sockets. 102 103 If unsure, say N. 104 105config INET6_IPCOMP 106 tristate "IPv6: IPComp transformation" 107 select INET6_XFRM_TUNNEL 108 select XFRM_IPCOMP 109 help 110 Support for IP Payload Compression Protocol (IPComp) (RFC3173), 111 typically needed for IPsec. 112 113 If unsure, say Y. 114 115config IPV6_MIP6 116 tristate "IPv6: Mobility" 117 select XFRM 118 help 119 Support for IPv6 Mobility described in RFC 3775. 120 121 If unsure, say N. 122 123config IPV6_ILA 124 tristate "IPv6: Identifier Locator Addressing (ILA)" 125 depends on NETFILTER 126 select DST_CACHE 127 select LWTUNNEL 128 help 129 Support for IPv6 Identifier Locator Addressing (ILA). 130 131 ILA is a mechanism to do network virtualization without 132 encapsulation. The basic concept of ILA is that we split an 133 IPv6 address into a 64 bit locator and 64 bit identifier. The 134 identifier is the identity of an entity in communication 135 ("who") and the locator expresses the location of the 136 entity ("where"). 137 138 ILA can be configured using the "encap ila" option with 139 "ip -6 route" command. ILA is described in 140 https://tools.ietf.org/html/draft-herbert-nvo3-ila-00. 141 142 If unsure, say N. 143 144config INET6_XFRM_TUNNEL 145 tristate 146 select INET6_TUNNEL 147 default n 148 149config INET6_TUNNEL 150 tristate 151 default n 152 153config IPV6_VTI 154tristate "Virtual (secure) IPv6: tunneling" 155 select IPV6_TUNNEL 156 select NET_IP_TUNNEL 157 select XFRM 158 help 159 Tunneling means encapsulating data of one protocol type within 160 another protocol and sending it over a channel that understands the 161 encapsulating protocol. This can be used with xfrm mode tunnel to give 162 the notion of a secure tunnel for IPSEC and then use routing protocol 163 on top. 164 165config IPV6_SIT 166 tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" 167 select INET_TUNNEL 168 select NET_IP_TUNNEL 169 select IPV6_NDISC_NODETYPE 170 default y 171 help 172 Tunneling means encapsulating data of one protocol type within 173 another protocol and sending it over a channel that understands the 174 encapsulating protocol. This driver implements encapsulation of IPv6 175 into IPv4 packets. This is useful if you want to connect two IPv6 176 networks over an IPv4-only path. 177 178 Saying M here will produce a module called sit. If unsure, say Y. 179 180config IPV6_SIT_6RD 181 bool "IPv6: IPv6 Rapid Deployment (6RD)" 182 depends on IPV6_SIT 183 default n 184 help 185 IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon 186 mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly 187 deploy IPv6 unicast service to IPv4 sites to which it provides 188 customer premise equipment. Like 6to4, it utilizes stateless IPv6 in 189 IPv4 encapsulation in order to transit IPv4-only network 190 infrastructure. Unlike 6to4, a 6rd service provider uses an IPv6 191 prefix of its own in place of the fixed 6to4 prefix. 192 193 With this option enabled, the SIT driver offers 6rd functionality by 194 providing additional ioctl API to configure the IPv6 Prefix for in 195 stead of static 2002::/16 for 6to4. 196 197 If unsure, say N. 198 199config IPV6_NDISC_NODETYPE 200 bool 201 202config IPV6_TUNNEL 203 tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)" 204 select INET6_TUNNEL 205 select DST_CACHE 206 select GRO_CELLS 207 help 208 Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in 209 RFC 2473. 210 211 If unsure, say N. 212 213config IPV6_GRE 214 tristate "IPv6: GRE tunnel" 215 select IPV6_TUNNEL 216 select NET_IP_TUNNEL 217 depends on NET_IPGRE_DEMUX 218 help 219 Tunneling means encapsulating data of one protocol type within 220 another protocol and sending it over a channel that understands the 221 encapsulating protocol. This particular tunneling driver implements 222 GRE (Generic Routing Encapsulation) and at this time allows 223 encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure. 224 This driver is useful if the other endpoint is a Cisco router: Cisco 225 likes GRE much better than the other Linux tunneling driver ("IP 226 tunneling" above). In addition, GRE allows multicast redistribution 227 through the tunnel. 228 229 Saying M here will produce a module called ip6_gre. If unsure, say N. 230 231config IPV6_FOU 232 tristate 233 default NET_FOU && IPV6 234 235config IPV6_FOU_TUNNEL 236 tristate 237 default NET_FOU_IP_TUNNELS && IPV6_FOU 238 select IPV6_TUNNEL 239 240config IPV6_MULTIPLE_TABLES 241 bool "IPv6: Multiple Routing Tables" 242 select FIB_RULES 243 help 244 Support multiple routing tables. 245 246config IPV6_SUBTREES 247 bool "IPv6: source address based routing" 248 depends on IPV6_MULTIPLE_TABLES 249 help 250 Enable routing by source address or prefix. 251 252 The destination address is still the primary routing key, so mixing 253 normal and source prefix specific routes in the same routing table 254 may sometimes lead to unintended routing behavior. This can be 255 avoided by defining different routing tables for the normal and 256 source prefix specific routes. 257 258 If unsure, say N. 259 260config IPV6_MROUTE 261 bool "IPv6: multicast routing" 262 depends on IPV6 263 select IP_MROUTE_COMMON 264 help 265 Support for IPv6 multicast forwarding. 266 If unsure, say N. 267 268config IPV6_MROUTE_MULTIPLE_TABLES 269 bool "IPv6: multicast policy routing" 270 depends on IPV6_MROUTE 271 select FIB_RULES 272 help 273 Normally, a multicast router runs a userspace daemon and decides 274 what to do with a multicast packet based on the source and 275 destination addresses. If you say Y here, the multicast router 276 will also be able to take interfaces and packet marks into 277 account and run multiple instances of userspace daemons 278 simultaneously, each one handling a single table. 279 280 If unsure, say N. 281 282config IPV6_PIMSM_V2 283 bool "IPv6: PIM-SM version 2 support" 284 depends on IPV6_MROUTE 285 help 286 Support for IPv6 PIM multicast routing protocol PIM-SMv2. 287 If unsure, say N. 288 289config IPV6_SEG6_LWTUNNEL 290 bool "IPv6: Segment Routing Header encapsulation support" 291 depends on IPV6 292 select LWTUNNEL 293 select DST_CACHE 294 select IPV6_MULTIPLE_TABLES 295 help 296 Support for encapsulation of packets within an outer IPv6 297 header and a Segment Routing Header using the lightweight 298 tunnels mechanism. Also enable support for advanced local 299 processing of SRv6 packets based on their active segment. 300 301 If unsure, say N. 302 303config IPV6_SEG6_HMAC 304 bool "IPv6: Segment Routing HMAC support" 305 depends on IPV6 306 select CRYPTO 307 select CRYPTO_HMAC 308 select CRYPTO_SHA1 309 select CRYPTO_SHA256 310 help 311 Support for HMAC signature generation and verification 312 of SR-enabled packets. 313 314 If unsure, say N. 315 316config IPV6_SEG6_BPF 317 def_bool y 318 depends on IPV6_SEG6_LWTUNNEL 319 depends on IPV6 = y 320 321config IPV6_RPL_LWTUNNEL 322 bool "IPv6: RPL Source Routing Header support" 323 depends on IPV6 324 select LWTUNNEL 325 help 326 Support for RFC6554 RPL Source Routing Header using the lightweight 327 tunnels mechanism. 328 329 If unsure, say N. 330 331endif # IPV6 332