| # SPDX-License-Identifier: GPL-2.0-only |
| # |
| # IPv6 configuration |
| # |
| |
| # IPv6 as module will cause a CRASH if you try to unload it |
| menuconfig IPV6 |
| tristate "The IPv6 protocol" |
| default y |
| help |
| Support for IP version 6 (IPv6). |
| |
| For general information about IPv6, see |
| <https://en.wikipedia.org/wiki/IPv6>. |
| For specific information about IPv6 under Linux, see |
| Documentation/networking/ipv6.rst and read the HOWTO at |
| <http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/> |
| |
| To compile this protocol support as a module, choose M here: the |
| module will be called ipv6. |
| |
| if IPV6 |
| |
| config IPV6_ROUTER_PREF |
| bool "IPv6: Router Preference (RFC 4191) support" |
| help |
| Router Preference is an optional extension to the Router |
| Advertisement message which improves the ability of hosts |
| to pick an appropriate router, especially when the hosts |
| are placed in a multi-homed network. |
| |
| If unsure, say N. |
| |
| config IPV6_ROUTE_INFO |
| bool "IPv6: Route Information (RFC 4191) support" |
| depends on IPV6_ROUTER_PREF |
| help |
| Support of Route Information. |
| |
| If unsure, say N. |
| |
| config IPV6_OPTIMISTIC_DAD |
| bool "IPv6: Enable RFC 4429 Optimistic DAD" |
| help |
| Support for optimistic Duplicate Address Detection. It allows for |
| autoconfigured addresses to be used more quickly. |
| |
| If unsure, say N. |
| |
| config INET6_AH |
| tristate "IPv6: AH transformation" |
| select XFRM_ALGO |
| select CRYPTO |
| select CRYPTO_HMAC |
| select CRYPTO_MD5 |
| select CRYPTO_SHA1 |
| help |
| Support for IPsec AH. |
| |
| If unsure, say Y. |
| |
| config INET6_ESP |
| tristate "IPv6: ESP transformation" |
| select XFRM_ALGO |
| select CRYPTO |
| select CRYPTO_AUTHENC |
| select CRYPTO_HMAC |
| select CRYPTO_MD5 |
| select CRYPTO_CBC |
| select CRYPTO_SHA1 |
| select CRYPTO_DES |
| select CRYPTO_ECHAINIV |
| help |
| Support for IPsec ESP. |
| |
| If unsure, say Y. |
| |
| config INET6_ESP_OFFLOAD |
| tristate "IPv6: ESP transformation offload" |
| depends on INET6_ESP |
| select XFRM_OFFLOAD |
| default n |
| help |
| Support for ESP transformation offload. This makes sense |
| only if this system really does IPsec and want to do it |
| with high throughput. A typical desktop system does not |
| need it, even if it does IPsec. |
| |
| If unsure, say N. |
| |
| config INET6_ESPINTCP |
| bool "IPv6: ESP in TCP encapsulation (RFC 8229)" |
| depends on XFRM && INET6_ESP |
| select STREAM_PARSER |
| select NET_SOCK_MSG |
| select XFRM_ESPINTCP |
| help |
| Support for RFC 8229 encapsulation of ESP and IKE over |
| TCP/IPv6 sockets. |
| |
| If unsure, say N. |
| |
| config INET6_IPCOMP |
| tristate "IPv6: IPComp transformation" |
| select INET6_XFRM_TUNNEL |
| select XFRM_IPCOMP |
| help |
| Support for IP Payload Compression Protocol (IPComp) (RFC3173), |
| typically needed for IPsec. |
| |
| If unsure, say Y. |
| |
| config IPV6_MIP6 |
| tristate "IPv6: Mobility" |
| select XFRM |
| help |
| Support for IPv6 Mobility described in RFC 3775. |
| |
| If unsure, say N. |
| |
| config IPV6_ILA |
| tristate "IPv6: Identifier Locator Addressing (ILA)" |
| depends on NETFILTER |
| select DST_CACHE |
| select LWTUNNEL |
| help |
| Support for IPv6 Identifier Locator Addressing (ILA). |
| |
| ILA is a mechanism to do network virtualization without |
| encapsulation. The basic concept of ILA is that we split an |
| IPv6 address into a 64 bit locator and 64 bit identifier. The |
| identifier is the identity of an entity in communication |
| ("who") and the locator expresses the location of the |
| entity ("where"). |
| |
| ILA can be configured using the "encap ila" option with |
| "ip -6 route" command. ILA is described in |
| https://tools.ietf.org/html/draft-herbert-nvo3-ila-00. |
| |
| If unsure, say N. |
| |
| config INET6_XFRM_TUNNEL |
| tristate |
| select INET6_TUNNEL |
| default n |
| |
| config INET6_TUNNEL |
| tristate |
| default n |
| |
| config IPV6_VTI |
| tristate "Virtual (secure) IPv6: tunneling" |
| select IPV6_TUNNEL |
| select NET_IP_TUNNEL |
| select XFRM |
| help |
| Tunneling means encapsulating data of one protocol type within |
| another protocol and sending it over a channel that understands the |
| encapsulating protocol. This can be used with xfrm mode tunnel to give |
| the notion of a secure tunnel for IPSEC and then use routing protocol |
| on top. |
| |
| config IPV6_SIT |
| tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" |
| select INET_TUNNEL |
| select NET_IP_TUNNEL |
| select IPV6_NDISC_NODETYPE |
| default y |
| help |
| Tunneling means encapsulating data of one protocol type within |
| another protocol and sending it over a channel that understands the |
| encapsulating protocol. This driver implements encapsulation of IPv6 |
| into IPv4 packets. This is useful if you want to connect two IPv6 |
| networks over an IPv4-only path. |
| |
| Saying M here will produce a module called sit. If unsure, say Y. |
| |
| config IPV6_SIT_6RD |
| bool "IPv6: IPv6 Rapid Deployment (6RD)" |
| depends on IPV6_SIT |
| default n |
| help |
| IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon |
| mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly |
| deploy IPv6 unicast service to IPv4 sites to which it provides |
| customer premise equipment. Like 6to4, it utilizes stateless IPv6 in |
| IPv4 encapsulation in order to transit IPv4-only network |
| infrastructure. Unlike 6to4, a 6rd service provider uses an IPv6 |
| prefix of its own in place of the fixed 6to4 prefix. |
| |
| With this option enabled, the SIT driver offers 6rd functionality by |
| providing additional ioctl API to configure the IPv6 Prefix for in |
| stead of static 2002::/16 for 6to4. |
| |
| If unsure, say N. |
| |
| config IPV6_NDISC_NODETYPE |
| bool |
| |
| config IPV6_TUNNEL |
| tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)" |
| select INET6_TUNNEL |
| select DST_CACHE |
| select GRO_CELLS |
| help |
| Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in |
| RFC 2473. |
| |
| If unsure, say N. |
| |
| config IPV6_GRE |
| tristate "IPv6: GRE tunnel" |
| select IPV6_TUNNEL |
| select NET_IP_TUNNEL |
| depends on NET_IPGRE_DEMUX |
| help |
| Tunneling means encapsulating data of one protocol type within |
| another protocol and sending it over a channel that understands the |
| encapsulating protocol. This particular tunneling driver implements |
| GRE (Generic Routing Encapsulation) and at this time allows |
| encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure. |
| This driver is useful if the other endpoint is a Cisco router: Cisco |
| likes GRE much better than the other Linux tunneling driver ("IP |
| tunneling" above). In addition, GRE allows multicast redistribution |
| through the tunnel. |
| |
| Saying M here will produce a module called ip6_gre. If unsure, say N. |
| |
| config IPV6_FOU |
| tristate |
| default NET_FOU && IPV6 |
| |
| config IPV6_FOU_TUNNEL |
| tristate |
| default NET_FOU_IP_TUNNELS && IPV6_FOU |
| select IPV6_TUNNEL |
| |
| config IPV6_MULTIPLE_TABLES |
| bool "IPv6: Multiple Routing Tables" |
| select FIB_RULES |
| help |
| Support multiple routing tables. |
| |
| config IPV6_SUBTREES |
| bool "IPv6: source address based routing" |
| depends on IPV6_MULTIPLE_TABLES |
| help |
| Enable routing by source address or prefix. |
| |
| The destination address is still the primary routing key, so mixing |
| normal and source prefix specific routes in the same routing table |
| may sometimes lead to unintended routing behavior. This can be |
| avoided by defining different routing tables for the normal and |
| source prefix specific routes. |
| |
| If unsure, say N. |
| |
| config IPV6_MROUTE |
| bool "IPv6: multicast routing" |
| depends on IPV6 |
| select IP_MROUTE_COMMON |
| help |
| Support for IPv6 multicast forwarding. |
| If unsure, say N. |
| |
| config IPV6_MROUTE_MULTIPLE_TABLES |
| bool "IPv6: multicast policy routing" |
| depends on IPV6_MROUTE |
| select FIB_RULES |
| help |
| Normally, a multicast router runs a userspace daemon and decides |
| what to do with a multicast packet based on the source and |
| destination addresses. If you say Y here, the multicast router |
| will also be able to take interfaces and packet marks into |
| account and run multiple instances of userspace daemons |
| simultaneously, each one handling a single table. |
| |
| If unsure, say N. |
| |
| config IPV6_PIMSM_V2 |
| bool "IPv6: PIM-SM version 2 support" |
| depends on IPV6_MROUTE |
| help |
| Support for IPv6 PIM multicast routing protocol PIM-SMv2. |
| If unsure, say N. |
| |
| config IPV6_SEG6_LWTUNNEL |
| bool "IPv6: Segment Routing Header encapsulation support" |
| depends on IPV6 |
| select LWTUNNEL |
| select DST_CACHE |
| select IPV6_MULTIPLE_TABLES |
| help |
| Support for encapsulation of packets within an outer IPv6 |
| header and a Segment Routing Header using the lightweight |
| tunnels mechanism. Also enable support for advanced local |
| processing of SRv6 packets based on their active segment. |
| |
| If unsure, say N. |
| |
| config IPV6_SEG6_HMAC |
| bool "IPv6: Segment Routing HMAC support" |
| depends on IPV6 |
| select CRYPTO_HMAC |
| select CRYPTO_SHA1 |
| select CRYPTO_SHA256 |
| help |
| Support for HMAC signature generation and verification |
| of SR-enabled packets. |
| |
| If unsure, say N. |
| |
| config IPV6_SEG6_BPF |
| def_bool y |
| depends on IPV6_SEG6_LWTUNNEL |
| depends on IPV6 = y |
| |
| config IPV6_RPL_LWTUNNEL |
| bool "IPv6: RPL Source Routing Header support" |
| depends on IPV6 |
| select LWTUNNEL |
| help |
| Support for RFC6554 RPL Source Routing Header using the lightweight |
| tunnels mechanism. |
| |
| If unsure, say N. |
| |
| endif # IPV6 |