xref: /linux/net/ipv6/Kconfig (revision 8ce936c2f1a68c3a4f46578eed016ff92a67fbc6)
1# SPDX-License-Identifier: GPL-2.0-only
2#
3# IPv6 configuration
4#
5
6#   IPv6 as module will cause a CRASH if you try to unload it
7menuconfig IPV6
8	tristate "The IPv6 protocol"
9	default y
10	help
11	  Support for IP version 6 (IPv6).
12
13	  For general information about IPv6, see
14	  <https://en.wikipedia.org/wiki/IPv6>.
15	  For specific information about IPv6 under Linux, see
16	  Documentation/networking/ipv6.rst and read the HOWTO at
17	  <https://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/>
18
19	  To compile this protocol support as a module, choose M here: the
20	  module will be called ipv6.
21
22if IPV6
23
24config IPV6_ROUTER_PREF
25	bool "IPv6: Router Preference (RFC 4191) support"
26	help
27	  Router Preference is an optional extension to the Router
28	  Advertisement message which improves the ability of hosts
29	  to pick an appropriate router, especially when the hosts
30	  are placed in a multi-homed network.
31
32	  If unsure, say N.
33
34config IPV6_ROUTE_INFO
35	bool "IPv6: Route Information (RFC 4191) support"
36	depends on IPV6_ROUTER_PREF
37	help
38	  Support of Route Information.
39
40	  If unsure, say N.
41
42config IPV6_OPTIMISTIC_DAD
43	bool "IPv6: Enable RFC 4429 Optimistic DAD"
44	help
45	  Support for optimistic Duplicate Address Detection. It allows for
46	  autoconfigured addresses to be used more quickly.
47
48	  If unsure, say N.
49
50config INET6_AH
51	tristate "IPv6: AH transformation"
52	select XFRM_AH
53	help
54	  Support for IPsec AH (Authentication Header).
55
56	  AH can be used with various authentication algorithms.  Besides
57	  enabling AH support itself, this option enables the generic
58	  implementations of the algorithms that RFC 8221 lists as MUST be
59	  implemented.  If you need any other algorithms, you'll need to enable
60	  them in the crypto API.  You should also enable accelerated
61	  implementations of any needed algorithms when available.
62
63	  If unsure, say Y.
64
65config INET6_ESP
66	tristate "IPv6: ESP transformation"
67	select XFRM_ESP
68	help
69	  Support for IPsec ESP (Encapsulating Security Payload).
70
71	  ESP can be used with various encryption and authentication algorithms.
72	  Besides enabling ESP support itself, this option enables the generic
73	  implementations of the algorithms that RFC 8221 lists as MUST be
74	  implemented.  If you need any other algorithms, you'll need to enable
75	  them in the crypto API.  You should also enable accelerated
76	  implementations of any needed algorithms when available.
77
78	  If unsure, say Y.
79
80config INET6_ESP_OFFLOAD
81	tristate "IPv6: ESP transformation offload"
82	depends on INET6_ESP
83	select XFRM_OFFLOAD
84	default n
85	help
86	  Support for ESP transformation offload. This makes sense
87	  only if this system really does IPsec and want to do it
88	  with high throughput. A typical desktop system does not
89	  need it, even if it does IPsec.
90
91	  If unsure, say N.
92
93config INET6_ESPINTCP
94	bool "IPv6: ESP in TCP encapsulation (RFC 8229)"
95	depends on XFRM && INET6_ESP
96	select STREAM_PARSER
97	select NET_SOCK_MSG
98	select XFRM_ESPINTCP
99	help
100	  Support for RFC 8229 encapsulation of ESP and IKE over
101	  TCP/IPv6 sockets.
102
103	  If unsure, say N.
104
105config INET6_IPCOMP
106	tristate "IPv6: IPComp transformation"
107	select INET6_XFRM_TUNNEL
108	select XFRM_IPCOMP
109	help
110	  Support for IP Payload Compression Protocol (IPComp) (RFC3173),
111	  typically needed for IPsec.
112
113	  If unsure, say Y.
114
115config IPV6_MIP6
116	tristate "IPv6: Mobility"
117	select XFRM
118	help
119	  Support for IPv6 Mobility described in RFC 3775.
120
121	  If unsure, say N.
122
123config IPV6_ILA
124	tristate "IPv6: Identifier Locator Addressing (ILA)"
125	depends on NETFILTER
126	select DST_CACHE
127	select LWTUNNEL
128	help
129	  Support for IPv6 Identifier Locator Addressing (ILA).
130
131	  ILA is a mechanism to do network virtualization without
132	  encapsulation. The basic concept of ILA is that we split an
133	  IPv6 address into a 64 bit locator and 64 bit identifier. The
134	  identifier is the identity of an entity in communication
135	  ("who") and the locator expresses the location of the
136	  entity ("where").
137
138	  ILA can be configured using the "encap ila" option with
139	  "ip -6 route" command. ILA is described in
140	  https://tools.ietf.org/html/draft-herbert-nvo3-ila-00.
141
142	  If unsure, say N.
143
144config INET6_XFRM_TUNNEL
145	tristate
146	select INET6_TUNNEL
147	default n
148
149config INET6_TUNNEL
150	tristate
151	default n
152
153config IPV6_VTI
154tristate "Virtual (secure) IPv6: tunneling"
155	select IPV6_TUNNEL
156	select NET_IP_TUNNEL
157	select XFRM
158	help
159	Tunneling means encapsulating data of one protocol type within
160	another protocol and sending it over a channel that understands the
161	encapsulating protocol. This can be used with xfrm mode tunnel to give
162	the notion of a secure tunnel for IPSEC and then use routing protocol
163	on top.
164
165config IPV6_SIT
166	tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
167	select INET_TUNNEL
168	select NET_IP_TUNNEL
169	select IPV6_NDISC_NODETYPE
170	default y
171	help
172	  Tunneling means encapsulating data of one protocol type within
173	  another protocol and sending it over a channel that understands the
174	  encapsulating protocol. This driver implements encapsulation of IPv6
175	  into IPv4 packets. This is useful if you want to connect two IPv6
176	  networks over an IPv4-only path.
177
178	  Saying M here will produce a module called sit. If unsure, say Y.
179
180config IPV6_SIT_6RD
181	bool "IPv6: IPv6 Rapid Deployment (6RD)"
182	depends on IPV6_SIT
183	default n
184	help
185	  IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon
186	  mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly
187	  deploy IPv6 unicast service to IPv4 sites to which it provides
188	  customer premise equipment.  Like 6to4, it utilizes stateless IPv6 in
189	  IPv4 encapsulation in order to transit IPv4-only network
190	  infrastructure.  Unlike 6to4, a 6rd service provider uses an IPv6
191	  prefix of its own in place of the fixed 6to4 prefix.
192
193	  With this option enabled, the SIT driver offers 6rd functionality by
194	  providing additional ioctl API to configure the IPv6 Prefix for in
195	  stead of static 2002::/16 for 6to4.
196
197	  If unsure, say N.
198
199config IPV6_NDISC_NODETYPE
200	bool
201
202config IPV6_TUNNEL
203	tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)"
204	select INET6_TUNNEL
205	select DST_CACHE
206	select GRO_CELLS
207	help
208	  Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in
209	  RFC 2473.
210
211	  If unsure, say N.
212
213config IPV6_GRE
214	tristate "IPv6: GRE tunnel"
215	select IPV6_TUNNEL
216	select NET_IP_TUNNEL
217	depends on NET_IPGRE_DEMUX
218	help
219	  Tunneling means encapsulating data of one protocol type within
220	  another protocol and sending it over a channel that understands the
221	  encapsulating protocol. This particular tunneling driver implements
222	  GRE (Generic Routing Encapsulation) and at this time allows
223	  encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure.
224	  This driver is useful if the other endpoint is a Cisco router: Cisco
225	  likes GRE much better than the other Linux tunneling driver ("IP
226	  tunneling" above). In addition, GRE allows multicast redistribution
227	  through the tunnel.
228
229	  Saying M here will produce a module called ip6_gre. If unsure, say N.
230
231config IPV6_FOU
232	tristate
233	default NET_FOU && IPV6
234
235config IPV6_FOU_TUNNEL
236	tristate
237	default NET_FOU_IP_TUNNELS && IPV6_FOU
238	select IPV6_TUNNEL
239
240config IPV6_MULTIPLE_TABLES
241	bool "IPv6: Multiple Routing Tables"
242	select FIB_RULES
243	help
244	  Support multiple routing tables.
245
246config IPV6_SUBTREES
247	bool "IPv6: source address based routing"
248	depends on IPV6_MULTIPLE_TABLES
249	help
250	  Enable routing by source address or prefix.
251
252	  The destination address is still the primary routing key, so mixing
253	  normal and source prefix specific routes in the same routing table
254	  may sometimes lead to unintended routing behavior.  This can be
255	  avoided by defining different routing tables for the normal and
256	  source prefix specific routes.
257
258	  If unsure, say N.
259
260config IPV6_MROUTE
261	bool "IPv6: multicast routing"
262	depends on IPV6
263	select IP_MROUTE_COMMON
264	help
265	  Support for IPv6 multicast forwarding.
266	  If unsure, say N.
267
268config IPV6_MROUTE_MULTIPLE_TABLES
269	bool "IPv6: multicast policy routing"
270	depends on IPV6_MROUTE
271	select FIB_RULES
272	help
273	  Normally, a multicast router runs a userspace daemon and decides
274	  what to do with a multicast packet based on the source and
275	  destination addresses. If you say Y here, the multicast router
276	  will also be able to take interfaces and packet marks into
277	  account and run multiple instances of userspace daemons
278	  simultaneously, each one handling a single table.
279
280	  If unsure, say N.
281
282config IPV6_PIMSM_V2
283	bool "IPv6: PIM-SM version 2 support"
284	depends on IPV6_MROUTE
285	help
286	  Support for IPv6 PIM multicast routing protocol PIM-SMv2.
287	  If unsure, say N.
288
289config IPV6_SEG6_LWTUNNEL
290	bool "IPv6: Segment Routing Header encapsulation support"
291	depends on IPV6
292	select LWTUNNEL
293	select DST_CACHE
294	select IPV6_MULTIPLE_TABLES
295	help
296	  Support for encapsulation of packets within an outer IPv6
297	  header and a Segment Routing Header using the lightweight
298	  tunnels mechanism. Also enable support for advanced local
299	  processing of SRv6 packets based on their active segment.
300
301	  If unsure, say N.
302
303config IPV6_SEG6_HMAC
304	bool "IPv6: Segment Routing HMAC support"
305	depends on IPV6
306	select CRYPTO
307	select CRYPTO_HMAC
308	select CRYPTO_SHA1
309	select CRYPTO_SHA256
310	help
311	  Support for HMAC signature generation and verification
312	  of SR-enabled packets.
313
314	  If unsure, say N.
315
316config IPV6_SEG6_BPF
317	def_bool y
318	depends on IPV6_SEG6_LWTUNNEL
319	depends on IPV6 = y
320
321config IPV6_RPL_LWTUNNEL
322	bool "IPv6: RPL Source Routing Header support"
323	depends on IPV6
324	select LWTUNNEL
325	help
326	  Support for RFC6554 RPL Source Routing Header using the lightweight
327	  tunnels mechanism.
328
329	  If unsure, say N.
330
331config IPV6_IOAM6_LWTUNNEL
332	bool "IPv6: IOAM Pre-allocated Trace insertion support"
333	depends on IPV6
334	select LWTUNNEL
335	help
336	  Support for the inline insertion of IOAM Pre-allocated
337	  Trace Header (only on locally generated packets), using
338	  the lightweight tunnels mechanism.
339
340	  If unsure, say N.
341
342endif # IPV6
343