xref: /openbmc/linux/net/ipv6/Kconfig (revision ef9303fd) 
1# SPDX-License-Identifier: GPL-2.0-only
2#
3# IPv6 configuration
4#
5
6#   IPv6 as module will cause a CRASH if you try to unload it
7menuconfig IPV6
8	tristate "The IPv6 protocol"
9	default y
10	help
11	  Support for IP version 6 (IPv6).
12
13	  For general information about IPv6, see
14	  <https://en.wikipedia.org/wiki/IPv6>.
15	  For specific information about IPv6 under Linux, see
16	  Documentation/networking/ipv6.rst and read the HOWTO at
17	  <http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/>
18
19	  To compile this protocol support as a module, choose M here: the
20	  module will be called ipv6.
21
22if IPV6
23
24config IPV6_ROUTER_PREF
25	bool "IPv6: Router Preference (RFC 4191) support"
26	help
27	  Router Preference is an optional extension to the Router
28	  Advertisement message which improves the ability of hosts
29	  to pick an appropriate router, especially when the hosts
30	  are placed in a multi-homed network.
31
32	  If unsure, say N.
33
34config IPV6_ROUTE_INFO
35	bool "IPv6: Route Information (RFC 4191) support"
36	depends on IPV6_ROUTER_PREF
37	help
38	  Support of Route Information.
39
40	  If unsure, say N.
41
42config IPV6_OPTIMISTIC_DAD
43	bool "IPv6: Enable RFC 4429 Optimistic DAD"
44	help
45	  Support for optimistic Duplicate Address Detection. It allows for
46	  autoconfigured addresses to be used more quickly.
47
48	  If unsure, say N.
49
50config INET6_AH
51	tristate "IPv6: AH transformation"
52	select XFRM_ALGO
53	select CRYPTO
54	select CRYPTO_HMAC
55	select CRYPTO_MD5
56	select CRYPTO_SHA1
57	help
58	  Support for IPsec AH.
59
60	  If unsure, say Y.
61
62config INET6_ESP
63	tristate "IPv6: ESP transformation"
64	select XFRM_ALGO
65	select CRYPTO
66	select CRYPTO_AUTHENC
67	select CRYPTO_HMAC
68	select CRYPTO_MD5
69	select CRYPTO_CBC
70	select CRYPTO_SHA1
71	select CRYPTO_DES
72	select CRYPTO_ECHAINIV
73	help
74	  Support for IPsec ESP.
75
76	  If unsure, say Y.
77
78config INET6_ESP_OFFLOAD
79	tristate "IPv6: ESP transformation offload"
80	depends on INET6_ESP
81	select XFRM_OFFLOAD
82	default n
83	help
84	  Support for ESP transformation offload. This makes sense
85	  only if this system really does IPsec and want to do it
86	  with high throughput. A typical desktop system does not
87	  need it, even if it does IPsec.
88
89	  If unsure, say N.
90
91config INET6_ESPINTCP
92	bool "IPv6: ESP in TCP encapsulation (RFC 8229)"
93	depends on XFRM && INET6_ESP
94	select STREAM_PARSER
95	select NET_SOCK_MSG
96	select XFRM_ESPINTCP
97	help
98	  Support for RFC 8229 encapsulation of ESP and IKE over
99	  TCP/IPv6 sockets.
100
101	  If unsure, say N.
102
103config INET6_IPCOMP
104	tristate "IPv6: IPComp transformation"
105	select INET6_XFRM_TUNNEL
106	select XFRM_IPCOMP
107	help
108	  Support for IP Payload Compression Protocol (IPComp) (RFC3173),
109	  typically needed for IPsec.
110
111	  If unsure, say Y.
112
113config IPV6_MIP6
114	tristate "IPv6: Mobility"
115	select XFRM
116	help
117	  Support for IPv6 Mobility described in RFC 3775.
118
119	  If unsure, say N.
120
121config IPV6_ILA
122	tristate "IPv6: Identifier Locator Addressing (ILA)"
123	depends on NETFILTER
124	select DST_CACHE
125	select LWTUNNEL
126	help
127	  Support for IPv6 Identifier Locator Addressing (ILA).
128
129	  ILA is a mechanism to do network virtualization without
130	  encapsulation. The basic concept of ILA is that we split an
131	  IPv6 address into a 64 bit locator and 64 bit identifier. The
132	  identifier is the identity of an entity in communication
133	  ("who") and the locator expresses the location of the
134	  entity ("where").
135
136	  ILA can be configured using the "encap ila" option with
137	  "ip -6 route" command. ILA is described in
138	  https://tools.ietf.org/html/draft-herbert-nvo3-ila-00.
139
140	  If unsure, say N.
141
142config INET6_XFRM_TUNNEL
143	tristate
144	select INET6_TUNNEL
145	default n
146
147config INET6_TUNNEL
148	tristate
149	default n
150
151config IPV6_VTI
152tristate "Virtual (secure) IPv6: tunneling"
153	select IPV6_TUNNEL
154	select NET_IP_TUNNEL
155	select XFRM
156	help
157	Tunneling means encapsulating data of one protocol type within
158	another protocol and sending it over a channel that understands the
159	encapsulating protocol. This can be used with xfrm mode tunnel to give
160	the notion of a secure tunnel for IPSEC and then use routing protocol
161	on top.
162
163config IPV6_SIT
164	tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
165	select INET_TUNNEL
166	select NET_IP_TUNNEL
167	select IPV6_NDISC_NODETYPE
168	default y
169	help
170	  Tunneling means encapsulating data of one protocol type within
171	  another protocol and sending it over a channel that understands the
172	  encapsulating protocol. This driver implements encapsulation of IPv6
173	  into IPv4 packets. This is useful if you want to connect two IPv6
174	  networks over an IPv4-only path.
175
176	  Saying M here will produce a module called sit. If unsure, say Y.
177
178config IPV6_SIT_6RD
179	bool "IPv6: IPv6 Rapid Deployment (6RD)"
180	depends on IPV6_SIT
181	default n
182	help
183	  IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon
184	  mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly
185	  deploy IPv6 unicast service to IPv4 sites to which it provides
186	  customer premise equipment.  Like 6to4, it utilizes stateless IPv6 in
187	  IPv4 encapsulation in order to transit IPv4-only network
188	  infrastructure.  Unlike 6to4, a 6rd service provider uses an IPv6
189	  prefix of its own in place of the fixed 6to4 prefix.
190
191	  With this option enabled, the SIT driver offers 6rd functionality by
192	  providing additional ioctl API to configure the IPv6 Prefix for in
193	  stead of static 2002::/16 for 6to4.
194
195	  If unsure, say N.
196
197config IPV6_NDISC_NODETYPE
198	bool
199
200config IPV6_TUNNEL
201	tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)"
202	select INET6_TUNNEL
203	select DST_CACHE
204	select GRO_CELLS
205	help
206	  Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in
207	  RFC 2473.
208
209	  If unsure, say N.
210
211config IPV6_GRE
212	tristate "IPv6: GRE tunnel"
213	select IPV6_TUNNEL
214	select NET_IP_TUNNEL
215	depends on NET_IPGRE_DEMUX
216	help
217	  Tunneling means encapsulating data of one protocol type within
218	  another protocol and sending it over a channel that understands the
219	  encapsulating protocol. This particular tunneling driver implements
220	  GRE (Generic Routing Encapsulation) and at this time allows
221	  encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure.
222	  This driver is useful if the other endpoint is a Cisco router: Cisco
223	  likes GRE much better than the other Linux tunneling driver ("IP
224	  tunneling" above). In addition, GRE allows multicast redistribution
225	  through the tunnel.
226
227	  Saying M here will produce a module called ip6_gre. If unsure, say N.
228
229config IPV6_FOU
230	tristate
231	default NET_FOU && IPV6
232
233config IPV6_FOU_TUNNEL
234	tristate
235	default NET_FOU_IP_TUNNELS && IPV6_FOU
236	select IPV6_TUNNEL
237
238config IPV6_MULTIPLE_TABLES
239	bool "IPv6: Multiple Routing Tables"
240	select FIB_RULES
241	help
242	  Support multiple routing tables.
243
244config IPV6_SUBTREES
245	bool "IPv6: source address based routing"
246	depends on IPV6_MULTIPLE_TABLES
247	help
248	  Enable routing by source address or prefix.
249
250	  The destination address is still the primary routing key, so mixing
251	  normal and source prefix specific routes in the same routing table
252	  may sometimes lead to unintended routing behavior.  This can be
253	  avoided by defining different routing tables for the normal and
254	  source prefix specific routes.
255
256	  If unsure, say N.
257
258config IPV6_MROUTE
259	bool "IPv6: multicast routing"
260	depends on IPV6
261	select IP_MROUTE_COMMON
262	help
263	  Support for IPv6 multicast forwarding.
264	  If unsure, say N.
265
266config IPV6_MROUTE_MULTIPLE_TABLES
267	bool "IPv6: multicast policy routing"
268	depends on IPV6_MROUTE
269	select FIB_RULES
270	help
271	  Normally, a multicast router runs a userspace daemon and decides
272	  what to do with a multicast packet based on the source and
273	  destination addresses. If you say Y here, the multicast router
274	  will also be able to take interfaces and packet marks into
275	  account and run multiple instances of userspace daemons
276	  simultaneously, each one handling a single table.
277
278	  If unsure, say N.
279
280config IPV6_PIMSM_V2
281	bool "IPv6: PIM-SM version 2 support"
282	depends on IPV6_MROUTE
283	help
284	  Support for IPv6 PIM multicast routing protocol PIM-SMv2.
285	  If unsure, say N.
286
287config IPV6_SEG6_LWTUNNEL
288	bool "IPv6: Segment Routing Header encapsulation support"
289	depends on IPV6
290	select LWTUNNEL
291	select DST_CACHE
292	select IPV6_MULTIPLE_TABLES
293	help
294	  Support for encapsulation of packets within an outer IPv6
295	  header and a Segment Routing Header using the lightweight
296	  tunnels mechanism. Also enable support for advanced local
297	  processing of SRv6 packets based on their active segment.
298
299	  If unsure, say N.
300
301config IPV6_SEG6_HMAC
302	bool "IPv6: Segment Routing HMAC support"
303	depends on IPV6
304	select CRYPTO_HMAC
305	select CRYPTO_SHA1
306	select CRYPTO_SHA256
307	help
308	  Support for HMAC signature generation and verification
309	  of SR-enabled packets.
310
311	  If unsure, say N.
312
313config IPV6_SEG6_BPF
314	def_bool y
315	depends on IPV6_SEG6_LWTUNNEL
316	depends on IPV6 = y
317
318config IPV6_RPL_LWTUNNEL
319	bool "IPv6: RPL Source Routing Header support"
320	depends on IPV6
321	select LWTUNNEL
322	help
323	  Support for RFC6554 RPL Source Routing Header using the lightweight
324	  tunnels mechanism.
325
326	  If unsure, say N.
327
328endif # IPV6
329