xref: /linux/net/ipv6/Kconfig (revision 9fffa4e9b3b158f63334e603e610da7d529a0f9a)
1# SPDX-License-Identifier: GPL-2.0-only
2#
3# IPv6 configuration
4#
5
6#   IPv6 as module will cause a CRASH if you try to unload it
7menuconfig IPV6
8	tristate "The IPv6 protocol"
9	default y
10	select CRYPTO_LIB_SHA1
11	help
12	  Support for IP version 6 (IPv6).
13
14	  For general information about IPv6, see
15	  <https://en.wikipedia.org/wiki/IPv6>.
16	  For specific information about IPv6 under Linux, see
17	  Documentation/networking/ipv6.rst and read the HOWTO at
18	  <https://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/>
19
20	  To compile this protocol support as a module, choose M here: the
21	  module will be called ipv6.
22
23if IPV6
24
25config IPV6_ROUTER_PREF
26	bool "IPv6: Router Preference (RFC 4191) support"
27	help
28	  Router Preference is an optional extension to the Router
29	  Advertisement message which improves the ability of hosts
30	  to pick an appropriate router, especially when the hosts
31	  are placed in a multi-homed network.
32
33	  If unsure, say N.
34
35config IPV6_ROUTE_INFO
36	bool "IPv6: Route Information (RFC 4191) support"
37	depends on IPV6_ROUTER_PREF
38	help
39	  Support of Route Information.
40
41	  If unsure, say N.
42
43config IPV6_OPTIMISTIC_DAD
44	bool "IPv6: Enable RFC 4429 Optimistic DAD"
45	help
46	  Support for optimistic Duplicate Address Detection. It allows for
47	  autoconfigured addresses to be used more quickly.
48
49	  If unsure, say N.
50
51config INET6_AH
52	tristate "IPv6: AH transformation"
53	select XFRM_AH
54	help
55	  Support for IPsec AH (Authentication Header).
56
57	  AH can be used with various authentication algorithms.  Besides
58	  enabling AH support itself, this option enables the generic
59	  implementations of the algorithms that RFC 8221 lists as MUST be
60	  implemented.  If you need any other algorithms, you'll need to enable
61	  them in the crypto API.  You should also enable accelerated
62	  implementations of any needed algorithms when available.
63
64	  If unsure, say Y.
65
66config INET6_ESP
67	tristate "IPv6: ESP transformation"
68	select XFRM_ESP
69	help
70	  Support for IPsec ESP (Encapsulating Security Payload).
71
72	  ESP can be used with various encryption and authentication algorithms.
73	  Besides enabling ESP support itself, this option enables the generic
74	  implementations of the algorithms that RFC 8221 lists as MUST be
75	  implemented.  If you need any other algorithms, you'll need to enable
76	  them in the crypto API.  You should also enable accelerated
77	  implementations of any needed algorithms when available.
78
79	  If unsure, say Y.
80
81config INET6_ESP_OFFLOAD
82	tristate "IPv6: ESP transformation offload"
83	depends on INET6_ESP
84	select XFRM_OFFLOAD
85	default n
86	help
87	  Support for ESP transformation offload. This makes sense
88	  only if this system really does IPsec and want to do it
89	  with high throughput. A typical desktop system does not
90	  need it, even if it does IPsec.
91
92	  If unsure, say N.
93
94config INET6_ESPINTCP
95	bool "IPv6: ESP in TCP encapsulation (RFC 8229)"
96	depends on XFRM && INET6_ESP
97	select STREAM_PARSER
98	select NET_SOCK_MSG
99	select XFRM_ESPINTCP
100	help
101	  Support for RFC 8229 encapsulation of ESP and IKE over
102	  TCP/IPv6 sockets.
103
104	  If unsure, say N.
105
106config INET6_IPCOMP
107	tristate "IPv6: IPComp transformation"
108	select INET6_XFRM_TUNNEL
109	select XFRM_IPCOMP
110	help
111	  Support for IP Payload Compression Protocol (IPComp) (RFC3173),
112	  typically needed for IPsec.
113
114	  If unsure, say Y.
115
116config IPV6_MIP6
117	tristate "IPv6: Mobility"
118	select XFRM
119	help
120	  Support for IPv6 Mobility described in RFC 3775.
121
122	  If unsure, say N.
123
124config IPV6_ILA
125	tristate "IPv6: Identifier Locator Addressing (ILA)"
126	depends on NETFILTER
127	select DST_CACHE
128	select LWTUNNEL
129	help
130	  Support for IPv6 Identifier Locator Addressing (ILA).
131
132	  ILA is a mechanism to do network virtualization without
133	  encapsulation. The basic concept of ILA is that we split an
134	  IPv6 address into a 64 bit locator and 64 bit identifier. The
135	  identifier is the identity of an entity in communication
136	  ("who") and the locator expresses the location of the
137	  entity ("where").
138
139	  ILA can be configured using the "encap ila" option with
140	  "ip -6 route" command. ILA is described in
141	  https://tools.ietf.org/html/draft-herbert-nvo3-ila-00.
142
143	  If unsure, say N.
144
145config INET6_XFRM_TUNNEL
146	tristate
147	select INET6_TUNNEL
148	default n
149
150config INET6_TUNNEL
151	tristate
152	default n
153
154config IPV6_VTI
155	tristate "Virtual (secure) IPv6: tunneling"
156	select IPV6_TUNNEL
157	select NET_IP_TUNNEL
158	select XFRM
159	help
160	Tunneling means encapsulating data of one protocol type within
161	another protocol and sending it over a channel that understands the
162	encapsulating protocol. This can be used with xfrm mode tunnel to give
163	the notion of a secure tunnel for IPSEC and then use routing protocol
164	on top.
165
166config IPV6_SIT
167	tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
168	select INET_TUNNEL
169	select NET_IP_TUNNEL
170	select IPV6_NDISC_NODETYPE
171	default y
172	help
173	  Tunneling means encapsulating data of one protocol type within
174	  another protocol and sending it over a channel that understands the
175	  encapsulating protocol. This driver implements encapsulation of IPv6
176	  into IPv4 packets. This is useful if you want to connect two IPv6
177	  networks over an IPv4-only path.
178
179	  Saying M here will produce a module called sit. If unsure, say Y.
180
181config IPV6_SIT_6RD
182	bool "IPv6: IPv6 Rapid Deployment (6RD)"
183	depends on IPV6_SIT
184	default n
185	help
186	  IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon
187	  mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly
188	  deploy IPv6 unicast service to IPv4 sites to which it provides
189	  customer premise equipment.  Like 6to4, it utilizes stateless IPv6 in
190	  IPv4 encapsulation in order to transit IPv4-only network
191	  infrastructure.  Unlike 6to4, a 6rd service provider uses an IPv6
192	  prefix of its own in place of the fixed 6to4 prefix.
193
194	  With this option enabled, the SIT driver offers 6rd functionality by
195	  providing additional ioctl API to configure the IPv6 Prefix for in
196	  stead of static 2002::/16 for 6to4.
197
198	  If unsure, say N.
199
200config IPV6_NDISC_NODETYPE
201	bool
202
203config IPV6_TUNNEL
204	tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)"
205	select INET6_TUNNEL
206	select DST_CACHE
207	select GRO_CELLS
208	help
209	  Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in
210	  RFC 2473.
211
212	  If unsure, say N.
213
214config IPV6_GRE
215	tristate "IPv6: GRE tunnel"
216	select IPV6_TUNNEL
217	select NET_IP_TUNNEL
218	depends on NET_IPGRE_DEMUX
219	help
220	  Tunneling means encapsulating data of one protocol type within
221	  another protocol and sending it over a channel that understands the
222	  encapsulating protocol. This particular tunneling driver implements
223	  GRE (Generic Routing Encapsulation) and at this time allows
224	  encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure.
225	  This driver is useful if the other endpoint is a Cisco router: Cisco
226	  likes GRE much better than the other Linux tunneling driver ("IP
227	  tunneling" above). In addition, GRE allows multicast redistribution
228	  through the tunnel.
229
230	  Saying M here will produce a module called ip6_gre. If unsure, say N.
231
232config IPV6_FOU
233	tristate
234	default NET_FOU && IPV6
235
236config IPV6_FOU_TUNNEL
237	tristate
238	default NET_FOU_IP_TUNNELS && IPV6_FOU
239	select IPV6_TUNNEL
240
241config IPV6_MULTIPLE_TABLES
242	bool "IPv6: Multiple Routing Tables"
243	select FIB_RULES
244	help
245	  Support multiple routing tables.
246
247config IPV6_SUBTREES
248	bool "IPv6: source address based routing"
249	depends on IPV6_MULTIPLE_TABLES
250	help
251	  Enable routing by source address or prefix.
252
253	  The destination address is still the primary routing key, so mixing
254	  normal and source prefix specific routes in the same routing table
255	  may sometimes lead to unintended routing behavior.  This can be
256	  avoided by defining different routing tables for the normal and
257	  source prefix specific routes.
258
259	  If unsure, say N.
260
261config IPV6_MROUTE
262	bool "IPv6: multicast routing"
263	depends on IPV6
264	select IP_MROUTE_COMMON
265	help
266	  Support for IPv6 multicast forwarding.
267	  If unsure, say N.
268
269config IPV6_MROUTE_MULTIPLE_TABLES
270	bool "IPv6: multicast policy routing"
271	depends on IPV6_MROUTE
272	select FIB_RULES
273	help
274	  Normally, a multicast router runs a userspace daemon and decides
275	  what to do with a multicast packet based on the source and
276	  destination addresses. If you say Y here, the multicast router
277	  will also be able to take interfaces and packet marks into
278	  account and run multiple instances of userspace daemons
279	  simultaneously, each one handling a single table.
280
281	  If unsure, say N.
282
283config IPV6_PIMSM_V2
284	bool "IPv6: PIM-SM version 2 support"
285	depends on IPV6_MROUTE
286	help
287	  Support for IPv6 PIM multicast routing protocol PIM-SMv2.
288	  If unsure, say N.
289
290config IPV6_SEG6_LWTUNNEL
291	bool "IPv6: Segment Routing Header encapsulation support"
292	depends on IPV6
293	select LWTUNNEL
294	select DST_CACHE
295	select IPV6_MULTIPLE_TABLES
296	help
297	  Support for encapsulation of packets within an outer IPv6
298	  header and a Segment Routing Header using the lightweight
299	  tunnels mechanism. Also enable support for advanced local
300	  processing of SRv6 packets based on their active segment.
301
302	  If unsure, say N.
303
304config IPV6_SEG6_HMAC
305	bool "IPv6: Segment Routing HMAC support"
306	depends on IPV6
307	select CRYPTO
308	select CRYPTO_HMAC
309	select CRYPTO_SHA1
310	select CRYPTO_SHA256
311	help
312	  Support for HMAC signature generation and verification
313	  of SR-enabled packets.
314
315	  If unsure, say N.
316
317config IPV6_SEG6_BPF
318	def_bool y
319	depends on IPV6_SEG6_LWTUNNEL
320	depends on IPV6 = y
321
322config IPV6_RPL_LWTUNNEL
323	bool "IPv6: RPL Source Routing Header support"
324	depends on IPV6
325	select LWTUNNEL
326	select DST_CACHE
327	help
328	  Support for RFC6554 RPL Source Routing Header using the lightweight
329	  tunnels mechanism.
330
331	  If unsure, say N.
332
333config IPV6_IOAM6_LWTUNNEL
334	bool "IPv6: IOAM Pre-allocated Trace insertion support"
335	depends on IPV6
336	select LWTUNNEL
337	select DST_CACHE
338	help
339	  Support for the insertion of IOAM Pre-allocated Trace
340	  Header using the lightweight tunnels mechanism.
341
342	  If unsure, say N.
343
344endif # IPV6
345