xref: /linux/net/ipv6/Kconfig (revision 4ce06406958b67fdddcc2e6948237dd6ff6ba112) 
1# SPDX-License-Identifier: GPL-2.0-only
2#
3# IPv6 configuration
4#
5
6menuconfig IPV6
7	bool "The IPv6 protocol"
8	default y
9	select CRYPTO_LIB_SHA1
10	help
11	  Support for IP version 6 (IPv6).
12
13	  For general information about IPv6, see
14	  <https://en.wikipedia.org/wiki/IPv6>.
15	  For specific information about IPv6 under Linux, see
16	  Documentation/networking/ipv6.rst and read the HOWTO at
17	  <https://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/>
18
19if IPV6
20
21config IPV6_ROUTER_PREF
22	bool "IPv6: Router Preference (RFC 4191) support"
23	help
24	  Router Preference is an optional extension to the Router
25	  Advertisement message which improves the ability of hosts
26	  to pick an appropriate router, especially when the hosts
27	  are placed in a multi-homed network.
28
29	  If unsure, say N.
30
31config IPV6_ROUTE_INFO
32	bool "IPv6: Route Information (RFC 4191) support"
33	depends on IPV6_ROUTER_PREF
34	help
35	  Support of Route Information.
36
37	  If unsure, say N.
38
39config IPV6_OPTIMISTIC_DAD
40	bool "IPv6: Enable RFC 4429 Optimistic DAD"
41	help
42	  Support for optimistic Duplicate Address Detection. It allows for
43	  autoconfigured addresses to be used more quickly.
44
45	  If unsure, say N.
46
47config INET6_AH
48	tristate "IPv6: AH transformation"
49	select XFRM_AH
50	help
51	  Support for IPsec AH (Authentication Header).
52
53	  AH can be used with various authentication algorithms.  Besides
54	  enabling AH support itself, this option enables the generic
55	  implementations of the algorithms that RFC 8221 lists as MUST be
56	  implemented.  If you need any other algorithms, you'll need to enable
57	  them in the crypto API.  You should also enable accelerated
58	  implementations of any needed algorithms when available.
59
60	  If unsure, say Y.
61
62config INET6_ESP
63	tristate "IPv6: ESP transformation"
64	select XFRM_ESP
65	help
66	  Support for IPsec ESP (Encapsulating Security Payload).
67
68	  ESP can be used with various encryption and authentication algorithms.
69	  Besides enabling ESP support itself, this option enables the generic
70	  implementations of the algorithms that RFC 8221 lists as MUST be
71	  implemented.  If you need any other algorithms, you'll need to enable
72	  them in the crypto API.  You should also enable accelerated
73	  implementations of any needed algorithms when available.
74
75	  If unsure, say Y.
76
77config INET6_ESP_OFFLOAD
78	tristate "IPv6: ESP transformation offload"
79	depends on INET6_ESP
80	select XFRM_OFFLOAD
81	default n
82	help
83	  Support for ESP transformation offload. This makes sense
84	  only if this system really does IPsec and want to do it
85	  with high throughput. A typical desktop system does not
86	  need it, even if it does IPsec.
87
88	  If unsure, say N.
89
90config INET6_ESPINTCP
91	bool "IPv6: ESP in TCP encapsulation (RFC 8229)"
92	depends on XFRM && INET6_ESP
93	select STREAM_PARSER
94	select NET_SOCK_MSG
95	select XFRM_ESPINTCP
96	help
97	  Support for RFC 8229 encapsulation of ESP and IKE over
98	  TCP/IPv6 sockets.
99
100	  If unsure, say N.
101
102config INET6_IPCOMP
103	tristate "IPv6: IPComp transformation"
104	select INET6_XFRM_TUNNEL
105	select XFRM_IPCOMP
106	help
107	  Support for IP Payload Compression Protocol (IPComp) (RFC3173),
108	  typically needed for IPsec.
109
110	  If unsure, say Y.
111
112config IPV6_MIP6
113	tristate "IPv6: Mobility"
114	select XFRM
115	help
116	  Support for IPv6 Mobility described in RFC 3775.
117
118	  If unsure, say N.
119
120config IPV6_ILA
121	tristate "IPv6: Identifier Locator Addressing (ILA)"
122	depends on NETFILTER
123	select DST_CACHE
124	select LWTUNNEL
125	help
126	  Support for IPv6 Identifier Locator Addressing (ILA).
127
128	  ILA is a mechanism to do network virtualization without
129	  encapsulation. The basic concept of ILA is that we split an
130	  IPv6 address into a 64 bit locator and 64 bit identifier. The
131	  identifier is the identity of an entity in communication
132	  ("who") and the locator expresses the location of the
133	  entity ("where").
134
135	  ILA can be configured using the "encap ila" option with
136	  "ip -6 route" command. ILA is described in
137	  https://tools.ietf.org/html/draft-herbert-nvo3-ila-00.
138
139	  If unsure, say N.
140
141config INET6_XFRM_TUNNEL
142	tristate
143	select INET6_TUNNEL
144	default n
145
146config INET6_TUNNEL
147	tristate
148	default n
149
150config IPV6_VTI
151	tristate "Virtual (secure) IPv6: tunneling"
152	select IPV6_TUNNEL
153	select NET_IP_TUNNEL
154	select XFRM
155	help
156	Tunneling means encapsulating data of one protocol type within
157	another protocol and sending it over a channel that understands the
158	encapsulating protocol. This can be used with xfrm mode tunnel to give
159	the notion of a secure tunnel for IPSEC and then use routing protocol
160	on top.
161
162config IPV6_SIT
163	tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
164	select INET_TUNNEL
165	select NET_IP_TUNNEL
166	select IPV6_NDISC_NODETYPE
167	default y
168	help
169	  Tunneling means encapsulating data of one protocol type within
170	  another protocol and sending it over a channel that understands the
171	  encapsulating protocol. This driver implements encapsulation of IPv6
172	  into IPv4 packets. This is useful if you want to connect two IPv6
173	  networks over an IPv4-only path.
174
175	  Saying M here will produce a module called sit. If unsure, say Y.
176
177config IPV6_SIT_6RD
178	bool "IPv6: IPv6 Rapid Deployment (6RD)"
179	depends on IPV6_SIT
180	default n
181	help
182	  IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon
183	  mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly
184	  deploy IPv6 unicast service to IPv4 sites to which it provides
185	  customer premise equipment.  Like 6to4, it utilizes stateless IPv6 in
186	  IPv4 encapsulation in order to transit IPv4-only network
187	  infrastructure.  Unlike 6to4, a 6rd service provider uses an IPv6
188	  prefix of its own in place of the fixed 6to4 prefix.
189
190	  With this option enabled, the SIT driver offers 6rd functionality by
191	  providing additional ioctl API to configure the IPv6 Prefix for in
192	  stead of static 2002::/16 for 6to4.
193
194	  If unsure, say N.
195
196config IPV6_NDISC_NODETYPE
197	bool
198
199config IPV6_TUNNEL
200	tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)"
201	select INET6_TUNNEL
202	select DST_CACHE
203	select GRO_CELLS
204	help
205	  Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in
206	  RFC 2473.
207
208	  If unsure, say N.
209
210config IPV6_GRE
211	tristate "IPv6: GRE tunnel"
212	select IPV6_TUNNEL
213	select NET_IP_TUNNEL
214	depends on NET_IPGRE_DEMUX
215	help
216	  Tunneling means encapsulating data of one protocol type within
217	  another protocol and sending it over a channel that understands the
218	  encapsulating protocol. This particular tunneling driver implements
219	  GRE (Generic Routing Encapsulation) and at this time allows
220	  encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure.
221	  This driver is useful if the other endpoint is a Cisco router: Cisco
222	  likes GRE much better than the other Linux tunneling driver ("IP
223	  tunneling" above). In addition, GRE allows multicast redistribution
224	  through the tunnel.
225
226	  Saying M here will produce a module called ip6_gre. If unsure, say N.
227
228config IPV6_FOU
229	tristate
230	default NET_FOU && IPV6
231
232config IPV6_FOU_TUNNEL
233	tristate
234	default NET_FOU_IP_TUNNELS && IPV6_FOU
235	select IPV6_TUNNEL
236
237config IPV6_MULTIPLE_TABLES
238	bool "IPv6: Multiple Routing Tables"
239	select FIB_RULES
240	help
241	  Support multiple routing tables.
242
243config IPV6_SUBTREES
244	bool "IPv6: source address based routing"
245	depends on IPV6_MULTIPLE_TABLES
246	help
247	  Enable routing by source address or prefix.
248
249	  The destination address is still the primary routing key, so mixing
250	  normal and source prefix specific routes in the same routing table
251	  may sometimes lead to unintended routing behavior.  This can be
252	  avoided by defining different routing tables for the normal and
253	  source prefix specific routes.
254
255	  If unsure, say N.
256
257config IPV6_MROUTE
258	bool "IPv6: multicast routing"
259	depends on IPV6
260	select IP_MROUTE_COMMON
261	help
262	  Support for IPv6 multicast forwarding.
263	  If unsure, say N.
264
265config IPV6_MROUTE_MULTIPLE_TABLES
266	bool "IPv6: multicast policy routing"
267	depends on IPV6_MROUTE
268	select FIB_RULES
269	help
270	  Normally, a multicast router runs a userspace daemon and decides
271	  what to do with a multicast packet based on the source and
272	  destination addresses. If you say Y here, the multicast router
273	  will also be able to take interfaces and packet marks into
274	  account and run multiple instances of userspace daemons
275	  simultaneously, each one handling a single table.
276
277	  If unsure, say N.
278
279config IPV6_PIMSM_V2
280	bool "IPv6: PIM-SM version 2 support"
281	depends on IPV6_MROUTE
282	help
283	  Support for IPv6 PIM multicast routing protocol PIM-SMv2.
284	  If unsure, say N.
285
286config IPV6_SEG6_LWTUNNEL
287	bool "IPv6: Segment Routing Header encapsulation support"
288	depends on IPV6
289	select LWTUNNEL
290	select DST_CACHE
291	select IPV6_MULTIPLE_TABLES
292	help
293	  Support for encapsulation of packets within an outer IPv6
294	  header and a Segment Routing Header using the lightweight
295	  tunnels mechanism. Also enable support for advanced local
296	  processing of SRv6 packets based on their active segment.
297
298	  If unsure, say N.
299
300config IPV6_SEG6_HMAC
301	bool "IPv6: Segment Routing HMAC support"
302	depends on IPV6
303	select CRYPTO_LIB_SHA1
304	select CRYPTO_LIB_SHA256
305	select CRYPTO_LIB_UTILS
306	help
307	  Support for HMAC signature generation and verification
308	  of SR-enabled packets.
309
310	  If unsure, say N.
311
312config IPV6_SEG6_BPF
313	def_bool y
314	depends on IPV6_SEG6_LWTUNNEL
315	depends on IPV6 = y
316
317config IPV6_RPL_LWTUNNEL
318	bool "IPv6: RPL Source Routing Header support"
319	depends on IPV6
320	select LWTUNNEL
321	select DST_CACHE
322	help
323	  Support for RFC6554 RPL Source Routing Header using the lightweight
324	  tunnels mechanism.
325
326	  If unsure, say N.
327
328config IPV6_IOAM6_LWTUNNEL
329	bool "IPv6: IOAM Pre-allocated Trace insertion support"
330	depends on IPV6
331	select LWTUNNEL
332	select DST_CACHE
333	help
334	  Support for the insertion of IOAM Pre-allocated Trace
335	  Header using the lightweight tunnels mechanism.
336
337	  If unsure, say N.
338
339endif # IPV6
340