xref: /linux/net/ipv6/Kconfig (revision 71e2f4dd5a65bd8dbca0b77661e75eea471168f8)
1# SPDX-License-Identifier: GPL-2.0-only
2#
3# IPv6 configuration
4#
5
6#   IPv6 as module will cause a CRASH if you try to unload it
7menuconfig IPV6
8	tristate "The IPv6 protocol"
9	default y
10	---help---
11	  Support for IP version 6 (IPv6).
12
13	  For general information about IPv6, see
14	  <https://en.wikipedia.org/wiki/IPv6>.
15	  For specific information about IPv6 under Linux, see
16	  Documentation/networking/ipv6.txt and read the HOWTO at
17	  <http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/>
18
19	  To compile this protocol support as a module, choose M here: the
20	  module will be called ipv6.
21
22if IPV6
23
24config IPV6_ROUTER_PREF
25	bool "IPv6: Router Preference (RFC 4191) support"
26	---help---
27	  Router Preference is an optional extension to the Router
28	  Advertisement message which improves the ability of hosts
29	  to pick an appropriate router, especially when the hosts
30	  are placed in a multi-homed network.
31
32	  If unsure, say N.
33
34config IPV6_ROUTE_INFO
35	bool "IPv6: Route Information (RFC 4191) support"
36	depends on IPV6_ROUTER_PREF
37	---help---
38	  Support of Route Information.
39
40	  If unsure, say N.
41
42config IPV6_OPTIMISTIC_DAD
43	bool "IPv6: Enable RFC 4429 Optimistic DAD"
44	---help---
45	  Support for optimistic Duplicate Address Detection. It allows for
46	  autoconfigured addresses to be used more quickly.
47
48	  If unsure, say N.
49
50config INET6_AH
51	tristate "IPv6: AH transformation"
52	select XFRM_ALGO
53	select CRYPTO
54	select CRYPTO_HMAC
55	select CRYPTO_MD5
56	select CRYPTO_SHA1
57	---help---
58	  Support for IPsec AH.
59
60	  If unsure, say Y.
61
62config INET6_ESP
63	tristate "IPv6: ESP transformation"
64	select XFRM_ALGO
65	select CRYPTO
66	select CRYPTO_AUTHENC
67	select CRYPTO_HMAC
68	select CRYPTO_MD5
69	select CRYPTO_CBC
70	select CRYPTO_SHA1
71	select CRYPTO_DES
72	select CRYPTO_ECHAINIV
73	---help---
74	  Support for IPsec ESP.
75
76	  If unsure, say Y.
77
78config INET6_ESP_OFFLOAD
79	tristate "IPv6: ESP transformation offload"
80	depends on INET6_ESP
81	select XFRM_OFFLOAD
82	default n
83	---help---
84	  Support for ESP transformation offload. This makes sense
85	  only if this system really does IPsec and want to do it
86	  with high throughput. A typical desktop system does not
87	  need it, even if it does IPsec.
88
89	  If unsure, say N.
90
91config INET6_IPCOMP
92	tristate "IPv6: IPComp transformation"
93	select INET6_XFRM_TUNNEL
94	select XFRM_IPCOMP
95	---help---
96	  Support for IP Payload Compression Protocol (IPComp) (RFC3173),
97	  typically needed for IPsec.
98
99	  If unsure, say Y.
100
101config IPV6_MIP6
102	tristate "IPv6: Mobility"
103	select XFRM
104	---help---
105	  Support for IPv6 Mobility described in RFC 3775.
106
107	  If unsure, say N.
108
109config IPV6_ILA
110	tristate "IPv6: Identifier Locator Addressing (ILA)"
111	depends on NETFILTER
112	select DST_CACHE
113	select LWTUNNEL
114	---help---
115	  Support for IPv6 Identifier Locator Addressing (ILA).
116
117	  ILA is a mechanism to do network virtualization without
118	  encapsulation. The basic concept of ILA is that we split an
119	  IPv6 address into a 64 bit locator and 64 bit identifier. The
120	  identifier is the identity of an entity in communication
121	  ("who") and the locator expresses the location of the
122	  entity ("where").
123
124	  ILA can be configured using the "encap ila" option with
125	  "ip -6 route" command. ILA is described in
126	  https://tools.ietf.org/html/draft-herbert-nvo3-ila-00.
127
128	  If unsure, say N.
129
130config INET6_XFRM_TUNNEL
131	tristate
132	select INET6_TUNNEL
133	default n
134
135config INET6_TUNNEL
136	tristate
137	default n
138
139config IPV6_VTI
140tristate "Virtual (secure) IPv6: tunneling"
141	select IPV6_TUNNEL
142	select NET_IP_TUNNEL
143	select XFRM
144	---help---
145	Tunneling means encapsulating data of one protocol type within
146	another protocol and sending it over a channel that understands the
147	encapsulating protocol. This can be used with xfrm mode tunnel to give
148	the notion of a secure tunnel for IPSEC and then use routing protocol
149	on top.
150
151config IPV6_SIT
152	tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
153	select INET_TUNNEL
154	select NET_IP_TUNNEL
155	select IPV6_NDISC_NODETYPE
156	default y
157	---help---
158	  Tunneling means encapsulating data of one protocol type within
159	  another protocol and sending it over a channel that understands the
160	  encapsulating protocol. This driver implements encapsulation of IPv6
161	  into IPv4 packets. This is useful if you want to connect two IPv6
162	  networks over an IPv4-only path.
163
164	  Saying M here will produce a module called sit. If unsure, say Y.
165
166config IPV6_SIT_6RD
167	bool "IPv6: IPv6 Rapid Deployment (6RD)"
168	depends on IPV6_SIT
169	default n
170	---help---
171	  IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon
172	  mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly
173	  deploy IPv6 unicast service to IPv4 sites to which it provides
174	  customer premise equipment.  Like 6to4, it utilizes stateless IPv6 in
175	  IPv4 encapsulation in order to transit IPv4-only network
176	  infrastructure.  Unlike 6to4, a 6rd service provider uses an IPv6
177	  prefix of its own in place of the fixed 6to4 prefix.
178
179	  With this option enabled, the SIT driver offers 6rd functionality by
180	  providing additional ioctl API to configure the IPv6 Prefix for in
181	  stead of static 2002::/16 for 6to4.
182
183	  If unsure, say N.
184
185config IPV6_NDISC_NODETYPE
186	bool
187
188config IPV6_TUNNEL
189	tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)"
190	select INET6_TUNNEL
191	select DST_CACHE
192	select GRO_CELLS
193	---help---
194	  Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in
195	  RFC 2473.
196
197	  If unsure, say N.
198
199config IPV6_GRE
200	tristate "IPv6: GRE tunnel"
201	select IPV6_TUNNEL
202	select NET_IP_TUNNEL
203	depends on NET_IPGRE_DEMUX
204	---help---
205	  Tunneling means encapsulating data of one protocol type within
206	  another protocol and sending it over a channel that understands the
207	  encapsulating protocol. This particular tunneling driver implements
208	  GRE (Generic Routing Encapsulation) and at this time allows
209	  encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure.
210	  This driver is useful if the other endpoint is a Cisco router: Cisco
211	  likes GRE much better than the other Linux tunneling driver ("IP
212	  tunneling" above). In addition, GRE allows multicast redistribution
213	  through the tunnel.
214
215	  Saying M here will produce a module called ip6_gre. If unsure, say N.
216
217config IPV6_FOU
218	tristate
219	default NET_FOU && IPV6
220
221config IPV6_FOU_TUNNEL
222	tristate
223	default NET_FOU_IP_TUNNELS && IPV6_FOU
224	select IPV6_TUNNEL
225
226config IPV6_MULTIPLE_TABLES
227	bool "IPv6: Multiple Routing Tables"
228	select FIB_RULES
229	---help---
230	  Support multiple routing tables.
231
232config IPV6_SUBTREES
233	bool "IPv6: source address based routing"
234	depends on IPV6_MULTIPLE_TABLES
235	---help---
236	  Enable routing by source address or prefix.
237
238	  The destination address is still the primary routing key, so mixing
239	  normal and source prefix specific routes in the same routing table
240	  may sometimes lead to unintended routing behavior.  This can be
241	  avoided by defining different routing tables for the normal and
242	  source prefix specific routes.
243
244	  If unsure, say N.
245
246config IPV6_MROUTE
247	bool "IPv6: multicast routing"
248	depends on IPV6
249	select IP_MROUTE_COMMON
250	---help---
251	  Support for IPv6 multicast forwarding.
252	  If unsure, say N.
253
254config IPV6_MROUTE_MULTIPLE_TABLES
255	bool "IPv6: multicast policy routing"
256	depends on IPV6_MROUTE
257	select FIB_RULES
258	help
259	  Normally, a multicast router runs a userspace daemon and decides
260	  what to do with a multicast packet based on the source and
261	  destination addresses. If you say Y here, the multicast router
262	  will also be able to take interfaces and packet marks into
263	  account and run multiple instances of userspace daemons
264	  simultaneously, each one handling a single table.
265
266	  If unsure, say N.
267
268config IPV6_PIMSM_V2
269	bool "IPv6: PIM-SM version 2 support"
270	depends on IPV6_MROUTE
271	---help---
272	  Support for IPv6 PIM multicast routing protocol PIM-SMv2.
273	  If unsure, say N.
274
275config IPV6_SEG6_LWTUNNEL
276	bool "IPv6: Segment Routing Header encapsulation support"
277	depends on IPV6
278	select LWTUNNEL
279	select DST_CACHE
280	select IPV6_MULTIPLE_TABLES
281	---help---
282	  Support for encapsulation of packets within an outer IPv6
283	  header and a Segment Routing Header using the lightweight
284	  tunnels mechanism. Also enable support for advanced local
285	  processing of SRv6 packets based on their active segment.
286
287	  If unsure, say N.
288
289config IPV6_SEG6_HMAC
290	bool "IPv6: Segment Routing HMAC support"
291	depends on IPV6
292	select CRYPTO_HMAC
293	select CRYPTO_SHA1
294	select CRYPTO_SHA256
295	---help---
296	  Support for HMAC signature generation and verification
297	  of SR-enabled packets.
298
299	  If unsure, say N.
300
301config IPV6_SEG6_BPF
302	def_bool y
303	depends on IPV6_SEG6_LWTUNNEL
304	depends on IPV6 = y
305
306endif # IPV6
307