1 # SPDX-License-Identifier: GPL-2.0-only 1 # SPDX-License-Identifier: GPL-2.0-only 2 # 2 # 3 # IPv6 configuration 3 # IPv6 configuration 4 # 4 # 5 5 6 # IPv6 as module will cause a CRASH if you t 6 # IPv6 as module will cause a CRASH if you try to unload it 7 menuconfig IPV6 7 menuconfig IPV6 8 tristate "The IPv6 protocol" 8 tristate "The IPv6 protocol" 9 default y 9 default y 10 select CRYPTO_LIB_SHA1 << 11 help 10 help 12 Support for IP version 6 (IPv6). 11 Support for IP version 6 (IPv6). 13 12 14 For general information about IPv6, 13 For general information about IPv6, see 15 <https://en.wikipedia.org/wiki/IPv6> 14 <https://en.wikipedia.org/wiki/IPv6>. 16 For specific information about IPv6 15 For specific information about IPv6 under Linux, see 17 Documentation/networking/ipv6.rst an 16 Documentation/networking/ipv6.rst and read the HOWTO at 18 <https://www.tldp.org/HOWTO/Linux+IP 17 <https://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/> 19 18 20 To compile this protocol support as 19 To compile this protocol support as a module, choose M here: the 21 module will be called ipv6. 20 module will be called ipv6. 22 21 23 if IPV6 22 if IPV6 24 23 25 config IPV6_ROUTER_PREF 24 config IPV6_ROUTER_PREF 26 bool "IPv6: Router Preference (RFC 419 25 bool "IPv6: Router Preference (RFC 4191) support" 27 help 26 help 28 Router Preference is an optional ext 27 Router Preference is an optional extension to the Router 29 Advertisement message which improves 28 Advertisement message which improves the ability of hosts 30 to pick an appropriate router, espec 29 to pick an appropriate router, especially when the hosts 31 are placed in a multi-homed network. 30 are placed in a multi-homed network. 32 31 33 If unsure, say N. 32 If unsure, say N. 34 33 35 config IPV6_ROUTE_INFO 34 config IPV6_ROUTE_INFO 36 bool "IPv6: Route Information (RFC 419 35 bool "IPv6: Route Information (RFC 4191) support" 37 depends on IPV6_ROUTER_PREF 36 depends on IPV6_ROUTER_PREF 38 help 37 help 39 Support of Route Information. 38 Support of Route Information. 40 39 41 If unsure, say N. 40 If unsure, say N. 42 41 43 config IPV6_OPTIMISTIC_DAD 42 config IPV6_OPTIMISTIC_DAD 44 bool "IPv6: Enable RFC 4429 Optimistic 43 bool "IPv6: Enable RFC 4429 Optimistic DAD" 45 help 44 help 46 Support for optimistic Duplicate Add 45 Support for optimistic Duplicate Address Detection. It allows for 47 autoconfigured addresses to be used 46 autoconfigured addresses to be used more quickly. 48 47 49 If unsure, say N. 48 If unsure, say N. 50 49 51 config INET6_AH 50 config INET6_AH 52 tristate "IPv6: AH transformation" 51 tristate "IPv6: AH transformation" 53 select XFRM_AH 52 select XFRM_AH 54 help 53 help 55 Support for IPsec AH (Authentication 54 Support for IPsec AH (Authentication Header). 56 55 57 AH can be used with various authenti 56 AH can be used with various authentication algorithms. Besides 58 enabling AH support itself, this opt 57 enabling AH support itself, this option enables the generic 59 implementations of the algorithms th 58 implementations of the algorithms that RFC 8221 lists as MUST be 60 implemented. If you need any other 59 implemented. If you need any other algorithms, you'll need to enable 61 them in the crypto API. You should 60 them in the crypto API. You should also enable accelerated 62 implementations of any needed algori 61 implementations of any needed algorithms when available. 63 62 64 If unsure, say Y. 63 If unsure, say Y. 65 64 66 config INET6_ESP 65 config INET6_ESP 67 tristate "IPv6: ESP transformation" 66 tristate "IPv6: ESP transformation" 68 select XFRM_ESP 67 select XFRM_ESP 69 help 68 help 70 Support for IPsec ESP (Encapsulating 69 Support for IPsec ESP (Encapsulating Security Payload). 71 70 72 ESP can be used with various encrypt 71 ESP can be used with various encryption and authentication algorithms. 73 Besides enabling ESP support itself, 72 Besides enabling ESP support itself, this option enables the generic 74 implementations of the algorithms th 73 implementations of the algorithms that RFC 8221 lists as MUST be 75 implemented. If you need any other 74 implemented. If you need any other algorithms, you'll need to enable 76 them in the crypto API. You should 75 them in the crypto API. You should also enable accelerated 77 implementations of any needed algori 76 implementations of any needed algorithms when available. 78 77 79 If unsure, say Y. 78 If unsure, say Y. 80 79 81 config INET6_ESP_OFFLOAD 80 config INET6_ESP_OFFLOAD 82 tristate "IPv6: ESP transformation off 81 tristate "IPv6: ESP transformation offload" 83 depends on INET6_ESP 82 depends on INET6_ESP 84 select XFRM_OFFLOAD 83 select XFRM_OFFLOAD 85 default n 84 default n 86 help 85 help 87 Support for ESP transformation offlo 86 Support for ESP transformation offload. This makes sense 88 only if this system really does IPse 87 only if this system really does IPsec and want to do it 89 with high throughput. A typical desk 88 with high throughput. A typical desktop system does not 90 need it, even if it does IPsec. 89 need it, even if it does IPsec. 91 90 92 If unsure, say N. 91 If unsure, say N. 93 92 94 config INET6_ESPINTCP 93 config INET6_ESPINTCP 95 bool "IPv6: ESP in TCP encapsulation ( 94 bool "IPv6: ESP in TCP encapsulation (RFC 8229)" 96 depends on XFRM && INET6_ESP 95 depends on XFRM && INET6_ESP 97 select STREAM_PARSER 96 select STREAM_PARSER 98 select NET_SOCK_MSG 97 select NET_SOCK_MSG 99 select XFRM_ESPINTCP 98 select XFRM_ESPINTCP 100 help 99 help 101 Support for RFC 8229 encapsulation o 100 Support for RFC 8229 encapsulation of ESP and IKE over 102 TCP/IPv6 sockets. 101 TCP/IPv6 sockets. 103 102 104 If unsure, say N. 103 If unsure, say N. 105 104 106 config INET6_IPCOMP 105 config INET6_IPCOMP 107 tristate "IPv6: IPComp transformation" 106 tristate "IPv6: IPComp transformation" 108 select INET6_XFRM_TUNNEL 107 select INET6_XFRM_TUNNEL 109 select XFRM_IPCOMP 108 select XFRM_IPCOMP 110 help 109 help 111 Support for IP Payload Compression P 110 Support for IP Payload Compression Protocol (IPComp) (RFC3173), 112 typically needed for IPsec. 111 typically needed for IPsec. 113 112 114 If unsure, say Y. 113 If unsure, say Y. 115 114 116 config IPV6_MIP6 115 config IPV6_MIP6 117 tristate "IPv6: Mobility" 116 tristate "IPv6: Mobility" 118 select XFRM 117 select XFRM 119 help 118 help 120 Support for IPv6 Mobility described 119 Support for IPv6 Mobility described in RFC 3775. 121 120 122 If unsure, say N. 121 If unsure, say N. 123 122 124 config IPV6_ILA 123 config IPV6_ILA 125 tristate "IPv6: Identifier Locator Add 124 tristate "IPv6: Identifier Locator Addressing (ILA)" 126 depends on NETFILTER 125 depends on NETFILTER 127 select DST_CACHE 126 select DST_CACHE 128 select LWTUNNEL 127 select LWTUNNEL 129 help 128 help 130 Support for IPv6 Identifier Locator 129 Support for IPv6 Identifier Locator Addressing (ILA). 131 130 132 ILA is a mechanism to do network vir 131 ILA is a mechanism to do network virtualization without 133 encapsulation. The basic concept of 132 encapsulation. The basic concept of ILA is that we split an 134 IPv6 address into a 64 bit locator a 133 IPv6 address into a 64 bit locator and 64 bit identifier. The 135 identifier is the identity of an ent 134 identifier is the identity of an entity in communication 136 ("who") and the locator expresses th 135 ("who") and the locator expresses the location of the 137 entity ("where"). 136 entity ("where"). 138 137 139 ILA can be configured using the "enc 138 ILA can be configured using the "encap ila" option with 140 "ip -6 route" command. ILA is descri 139 "ip -6 route" command. ILA is described in 141 https://tools.ietf.org/html/draft-he 140 https://tools.ietf.org/html/draft-herbert-nvo3-ila-00. 142 141 143 If unsure, say N. 142 If unsure, say N. 144 143 145 config INET6_XFRM_TUNNEL 144 config INET6_XFRM_TUNNEL 146 tristate 145 tristate 147 select INET6_TUNNEL 146 select INET6_TUNNEL 148 default n 147 default n 149 148 150 config INET6_TUNNEL 149 config INET6_TUNNEL 151 tristate 150 tristate 152 default n 151 default n 153 152 154 config IPV6_VTI 153 config IPV6_VTI 155 tristate "Virtual (secure) IPv6: tunne !! 154 tristate "Virtual (secure) IPv6: tunneling" 156 select IPV6_TUNNEL 155 select IPV6_TUNNEL 157 select NET_IP_TUNNEL 156 select NET_IP_TUNNEL 158 select XFRM 157 select XFRM 159 help 158 help 160 Tunneling means encapsulating data of 159 Tunneling means encapsulating data of one protocol type within 161 another protocol and sending it over a 160 another protocol and sending it over a channel that understands the 162 encapsulating protocol. This can be us 161 encapsulating protocol. This can be used with xfrm mode tunnel to give 163 the notion of a secure tunnel for IPSE 162 the notion of a secure tunnel for IPSEC and then use routing protocol 164 on top. 163 on top. 165 164 166 config IPV6_SIT 165 config IPV6_SIT 167 tristate "IPv6: IPv6-in-IPv4 tunnel (S 166 tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" 168 select INET_TUNNEL 167 select INET_TUNNEL 169 select NET_IP_TUNNEL 168 select NET_IP_TUNNEL 170 select IPV6_NDISC_NODETYPE 169 select IPV6_NDISC_NODETYPE 171 default y 170 default y 172 help 171 help 173 Tunneling means encapsulating data o 172 Tunneling means encapsulating data of one protocol type within 174 another protocol and sending it over 173 another protocol and sending it over a channel that understands the 175 encapsulating protocol. This driver 174 encapsulating protocol. This driver implements encapsulation of IPv6 176 into IPv4 packets. This is useful if 175 into IPv4 packets. This is useful if you want to connect two IPv6 177 networks over an IPv4-only path. 176 networks over an IPv4-only path. 178 177 179 Saying M here will produce a module 178 Saying M here will produce a module called sit. If unsure, say Y. 180 179 181 config IPV6_SIT_6RD 180 config IPV6_SIT_6RD 182 bool "IPv6: IPv6 Rapid Deployment (6RD 181 bool "IPv6: IPv6 Rapid Deployment (6RD)" 183 depends on IPV6_SIT 182 depends on IPV6_SIT 184 default n 183 default n 185 help 184 help 186 IPv6 Rapid Deployment (6rd; draft-ie 185 IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon 187 mechanisms of 6to4 (RFC3056) to enab 186 mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly 188 deploy IPv6 unicast service to IPv4 187 deploy IPv6 unicast service to IPv4 sites to which it provides 189 customer premise equipment. Like 6t 188 customer premise equipment. Like 6to4, it utilizes stateless IPv6 in 190 IPv4 encapsulation in order to trans 189 IPv4 encapsulation in order to transit IPv4-only network 191 infrastructure. Unlike 6to4, a 6rd 190 infrastructure. Unlike 6to4, a 6rd service provider uses an IPv6 192 prefix of its own in place of the fi 191 prefix of its own in place of the fixed 6to4 prefix. 193 192 194 With this option enabled, the SIT dr 193 With this option enabled, the SIT driver offers 6rd functionality by 195 providing additional ioctl API to co 194 providing additional ioctl API to configure the IPv6 Prefix for in 196 stead of static 2002::/16 for 6to4. 195 stead of static 2002::/16 for 6to4. 197 196 198 If unsure, say N. 197 If unsure, say N. 199 198 200 config IPV6_NDISC_NODETYPE 199 config IPV6_NDISC_NODETYPE 201 bool 200 bool 202 201 203 config IPV6_TUNNEL 202 config IPV6_TUNNEL 204 tristate "IPv6: IP-in-IPv6 tunnel (RFC 203 tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)" 205 select INET6_TUNNEL 204 select INET6_TUNNEL 206 select DST_CACHE 205 select DST_CACHE 207 select GRO_CELLS 206 select GRO_CELLS 208 help 207 help 209 Support for IPv6-in-IPv6 and IPv4-in 208 Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in 210 RFC 2473. 209 RFC 2473. 211 210 212 If unsure, say N. 211 If unsure, say N. 213 212 214 config IPV6_GRE 213 config IPV6_GRE 215 tristate "IPv6: GRE tunnel" 214 tristate "IPv6: GRE tunnel" 216 select IPV6_TUNNEL 215 select IPV6_TUNNEL 217 select NET_IP_TUNNEL 216 select NET_IP_TUNNEL 218 depends on NET_IPGRE_DEMUX 217 depends on NET_IPGRE_DEMUX 219 help 218 help 220 Tunneling means encapsulating data o 219 Tunneling means encapsulating data of one protocol type within 221 another protocol and sending it over 220 another protocol and sending it over a channel that understands the 222 encapsulating protocol. This particu 221 encapsulating protocol. This particular tunneling driver implements 223 GRE (Generic Routing Encapsulation) 222 GRE (Generic Routing Encapsulation) and at this time allows 224 encapsulating of IPv4 or IPv6 over e 223 encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure. 225 This driver is useful if the other e 224 This driver is useful if the other endpoint is a Cisco router: Cisco 226 likes GRE much better than the other 225 likes GRE much better than the other Linux tunneling driver ("IP 227 tunneling" above). In addition, GRE 226 tunneling" above). In addition, GRE allows multicast redistribution 228 through the tunnel. 227 through the tunnel. 229 228 230 Saying M here will produce a module 229 Saying M here will produce a module called ip6_gre. If unsure, say N. 231 230 232 config IPV6_FOU 231 config IPV6_FOU 233 tristate 232 tristate 234 default NET_FOU && IPV6 233 default NET_FOU && IPV6 235 234 236 config IPV6_FOU_TUNNEL 235 config IPV6_FOU_TUNNEL 237 tristate 236 tristate 238 default NET_FOU_IP_TUNNELS && IPV6_FOU 237 default NET_FOU_IP_TUNNELS && IPV6_FOU 239 select IPV6_TUNNEL 238 select IPV6_TUNNEL 240 239 241 config IPV6_MULTIPLE_TABLES 240 config IPV6_MULTIPLE_TABLES 242 bool "IPv6: Multiple Routing Tables" 241 bool "IPv6: Multiple Routing Tables" 243 select FIB_RULES 242 select FIB_RULES 244 help 243 help 245 Support multiple routing tables. 244 Support multiple routing tables. 246 245 247 config IPV6_SUBTREES 246 config IPV6_SUBTREES 248 bool "IPv6: source address based routi 247 bool "IPv6: source address based routing" 249 depends on IPV6_MULTIPLE_TABLES 248 depends on IPV6_MULTIPLE_TABLES 250 help 249 help 251 Enable routing by source address or 250 Enable routing by source address or prefix. 252 251 253 The destination address is still the 252 The destination address is still the primary routing key, so mixing 254 normal and source prefix specific ro 253 normal and source prefix specific routes in the same routing table 255 may sometimes lead to unintended rou 254 may sometimes lead to unintended routing behavior. This can be 256 avoided by defining different routin 255 avoided by defining different routing tables for the normal and 257 source prefix specific routes. 256 source prefix specific routes. 258 257 259 If unsure, say N. 258 If unsure, say N. 260 259 261 config IPV6_MROUTE 260 config IPV6_MROUTE 262 bool "IPv6: multicast routing" 261 bool "IPv6: multicast routing" 263 depends on IPV6 262 depends on IPV6 264 select IP_MROUTE_COMMON 263 select IP_MROUTE_COMMON 265 help 264 help 266 Support for IPv6 multicast forwardin 265 Support for IPv6 multicast forwarding. 267 If unsure, say N. 266 If unsure, say N. 268 267 269 config IPV6_MROUTE_MULTIPLE_TABLES 268 config IPV6_MROUTE_MULTIPLE_TABLES 270 bool "IPv6: multicast policy routing" 269 bool "IPv6: multicast policy routing" 271 depends on IPV6_MROUTE 270 depends on IPV6_MROUTE 272 select FIB_RULES 271 select FIB_RULES 273 help 272 help 274 Normally, a multicast router runs a 273 Normally, a multicast router runs a userspace daemon and decides 275 what to do with a multicast packet b 274 what to do with a multicast packet based on the source and 276 destination addresses. If you say Y 275 destination addresses. If you say Y here, the multicast router 277 will also be able to take interfaces 276 will also be able to take interfaces and packet marks into 278 account and run multiple instances o 277 account and run multiple instances of userspace daemons 279 simultaneously, each one handling a 278 simultaneously, each one handling a single table. 280 279 281 If unsure, say N. 280 If unsure, say N. 282 281 283 config IPV6_PIMSM_V2 282 config IPV6_PIMSM_V2 284 bool "IPv6: PIM-SM version 2 support" 283 bool "IPv6: PIM-SM version 2 support" 285 depends on IPV6_MROUTE 284 depends on IPV6_MROUTE 286 help 285 help 287 Support for IPv6 PIM multicast routi 286 Support for IPv6 PIM multicast routing protocol PIM-SMv2. 288 If unsure, say N. 287 If unsure, say N. 289 288 290 config IPV6_SEG6_LWTUNNEL 289 config IPV6_SEG6_LWTUNNEL 291 bool "IPv6: Segment Routing Header enc 290 bool "IPv6: Segment Routing Header encapsulation support" 292 depends on IPV6 291 depends on IPV6 293 select LWTUNNEL 292 select LWTUNNEL 294 select DST_CACHE 293 select DST_CACHE 295 select IPV6_MULTIPLE_TABLES 294 select IPV6_MULTIPLE_TABLES 296 help 295 help 297 Support for encapsulation of packets 296 Support for encapsulation of packets within an outer IPv6 298 header and a Segment Routing Header 297 header and a Segment Routing Header using the lightweight 299 tunnels mechanism. Also enable suppo 298 tunnels mechanism. Also enable support for advanced local 300 processing of SRv6 packets based on 299 processing of SRv6 packets based on their active segment. 301 300 302 If unsure, say N. 301 If unsure, say N. 303 302 304 config IPV6_SEG6_HMAC 303 config IPV6_SEG6_HMAC 305 bool "IPv6: Segment Routing HMAC suppo 304 bool "IPv6: Segment Routing HMAC support" 306 depends on IPV6 305 depends on IPV6 307 select CRYPTO 306 select CRYPTO 308 select CRYPTO_HMAC 307 select CRYPTO_HMAC 309 select CRYPTO_SHA1 308 select CRYPTO_SHA1 310 select CRYPTO_SHA256 309 select CRYPTO_SHA256 311 help 310 help 312 Support for HMAC signature generatio 311 Support for HMAC signature generation and verification 313 of SR-enabled packets. 312 of SR-enabled packets. 314 313 315 If unsure, say N. 314 If unsure, say N. 316 315 317 config IPV6_SEG6_BPF 316 config IPV6_SEG6_BPF 318 def_bool y 317 def_bool y 319 depends on IPV6_SEG6_LWTUNNEL 318 depends on IPV6_SEG6_LWTUNNEL 320 depends on IPV6 = y 319 depends on IPV6 = y 321 320 322 config IPV6_RPL_LWTUNNEL 321 config IPV6_RPL_LWTUNNEL 323 bool "IPv6: RPL Source Routing Header 322 bool "IPv6: RPL Source Routing Header support" 324 depends on IPV6 323 depends on IPV6 325 select LWTUNNEL 324 select LWTUNNEL 326 select DST_CACHE 325 select DST_CACHE 327 help 326 help 328 Support for RFC6554 RPL Source Routi 327 Support for RFC6554 RPL Source Routing Header using the lightweight 329 tunnels mechanism. 328 tunnels mechanism. 330 << 331 If unsure, say N. << 332 << 333 config IPV6_IOAM6_LWTUNNEL << 334 bool "IPv6: IOAM Pre-allocated Trace i << 335 depends on IPV6 << 336 select LWTUNNEL << 337 select DST_CACHE << 338 help << 339 Support for the insertion of IOAM Pr << 340 Header using the lightweight tunnels << 341 329 342 If unsure, say N. 330 If unsure, say N. 343 331 344 endif # IPV6 332 endif # IPV6
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.