# SPDX-License-Identifier: GPL-2.0-only # # IPv6 configuration # # IPv6 as module will cause a CRASH if you try to unload it menuconfig IPV6 tristate "The IPv6 protocol" default y select CRYPTO_LIB_SHA1 help Support for IP version 6 (IPv6). For general information about IPv6, see <https://en.wikipedia.org/wiki/IPv6>. For specific information about IPv6 under Linux, see Documentation/networking/ipv6.rst and read the HOWTO at <https://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/> To compile this protocol support as a module, choose M here: the module will be called ipv6. if IPV6 config IPV6_ROUTER_PREF bool "IPv6: Router Preference (RFC 4191) support" help Router Preference is an optional extension to the Router Advertisement message which improves the ability of hosts to pick an appropriate router, especially when the hosts are placed in a multi-homed network. If unsure, say N. config IPV6_ROUTE_INFO bool "IPv6: Route Information (RFC 4191) support" depends on IPV6_ROUTER_PREF help Support of Route Information. If unsure, say N. config IPV6_OPTIMISTIC_DAD bool "IPv6: Enable RFC 4429 Optimistic DAD" help Support for optimistic Duplicate Address Detection. It allows for autoconfigured addresses to be used more quickly. If unsure, say N. config INET6_AH tristate "IPv6: AH transformation" select XFRM_AH help Support for IPsec AH (Authentication Header). AH can be used with various authentication algorithms. Besides enabling AH support itself, this option enables the generic implementations of the algorithms that RFC 8221 lists as MUST be implemented. If you need any other algorithms, you'll need to enable them in the crypto API. You should also enable accelerated implementations of any needed algorithms when available. If unsure, say Y. config INET6_ESP tristate "IPv6: ESP transformation" select XFRM_ESP help Support for IPsec ESP (Encapsulating Security Payload). ESP can be used with various encryption and authentication algorithms. Besides enabling ESP support itself, this option enables the generic implementations of the algorithms that RFC 8221 lists as MUST be implemented. If you need any other algorithms, you'll need to enable them in the crypto API. You should also enable accelerated implementations of any needed algorithms when available. If unsure, say Y. config INET6_ESP_OFFLOAD tristate "IPv6: ESP transformation offload" depends on INET6_ESP select XFRM_OFFLOAD default n help Support for ESP transformation offload. This makes sense only if this system really does IPsec and want to do it with high throughput. A typical desktop system does not need it, even if it does IPsec. If unsure, say N. config INET6_ESPINTCP bool "IPv6: ESP in TCP encapsulation (RFC 8229)" depends on XFRM && INET6_ESP select STREAM_PARSER select NET_SOCK_MSG select XFRM_ESPINTCP help Support for RFC 8229 encapsulation of ESP and IKE over TCP/IPv6 sockets. If unsure, say N. config INET6_IPCOMP tristate "IPv6: IPComp transformation" select INET6_XFRM_TUNNEL select XFRM_IPCOMP help Support for IP Payload Compression Protocol (IPComp) (RFC3173), typically needed for IPsec. If unsure, say Y. config IPV6_MIP6 tristate "IPv6: Mobility" select XFRM help Support for IPv6 Mobility described in RFC 3775. If unsure, say N. config IPV6_ILA tristate "IPv6: Identifier Locator Addressing (ILA)" depends on NETFILTER select DST_CACHE select LWTUNNEL help Support for IPv6 Identifier Locator Addressing (ILA). ILA is a mechanism to do network virtualization without encapsulation. The basic concept of ILA is that we split an IPv6 address into a 64 bit locator and 64 bit identifier. The identifier is the identity of an entity in communication ("who") and the locator expresses the location of the entity ("where"). ILA can be configured using the "encap ila" option with "ip -6 route" command. ILA is described in https://tools.ietf.org/html/draft-herbert-nvo3-ila-00. If unsure, say N. config INET6_XFRM_TUNNEL tristate select INET6_TUNNEL default n config INET6_TUNNEL tristate default n config IPV6_VTI tristate "Virtual (secure) IPv6: tunneling" select IPV6_TUNNEL select NET_IP_TUNNEL select XFRM help Tunneling means encapsulating data of one protocol type within another protocol and sending it over a channel that understands the encapsulating protocol. This can be used with xfrm mode tunnel to give the notion of a secure tunnel for IPSEC and then use routing protocol on top. config IPV6_SIT tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" select INET_TUNNEL select NET_IP_TUNNEL select IPV6_NDISC_NODETYPE default y help Tunneling means encapsulating data of one protocol type within another protocol and sending it over a channel that understands the encapsulating protocol. This driver implements encapsulation of IPv6 into IPv4 packets. This is useful if you want to connect two IPv6 networks over an IPv4-only path. Saying M here will produce a module called sit. If unsure, say Y. config IPV6_SIT_6RD bool "IPv6: IPv6 Rapid Deployment (6RD)" depends on IPV6_SIT default n help IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly deploy IPv6 unicast service to IPv4 sites to which it provides customer premise equipment. Like 6to4, it utilizes stateless IPv6 in IPv4 encapsulation in order to transit IPv4-only network infrastructure. Unlike 6to4, a 6rd service provider uses an IPv6 prefix of its own in place of the fixed 6to4 prefix. With this option enabled, the SIT driver offers 6rd functionality by providing additional ioctl API to configure the IPv6 Prefix for in stead of static 2002::/16 for 6to4. If unsure, say N. config IPV6_NDISC_NODETYPE bool config IPV6_TUNNEL tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)" select INET6_TUNNEL select DST_CACHE select GRO_CELLS help Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in RFC 2473. If unsure, say N. config IPV6_GRE tristate "IPv6: GRE tunnel" select IPV6_TUNNEL select NET_IP_TUNNEL depends on NET_IPGRE_DEMUX help Tunneling means encapsulating data of one protocol type within another protocol and sending it over a channel that understands the encapsulating protocol. This particular tunneling driver implements GRE (Generic Routing Encapsulation) and at this time allows encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure. This driver is useful if the other endpoint is a Cisco router: Cisco likes GRE much better than the other Linux tunneling driver ("IP tunneling" above). In addition, GRE allows multicast redistribution through the tunnel. Saying M here will produce a module called ip6_gre. If unsure, say N. config IPV6_FOU tristate default NET_FOU && IPV6 config IPV6_FOU_TUNNEL tristate default NET_FOU_IP_TUNNELS && IPV6_FOU select IPV6_TUNNEL config IPV6_MULTIPLE_TABLES bool "IPv6: Multiple Routing Tables" select FIB_RULES help Support multiple routing tables. config IPV6_SUBTREES bool "IPv6: source address based routing" depends on IPV6_MULTIPLE_TABLES help Enable routing by source address or prefix. The destination address is still the primary routing key, so mixing normal and source prefix specific routes in the same routing table may sometimes lead to unintended routing behavior. This can be avoided by defining different routing tables for the normal and source prefix specific routes. If unsure, say N. config IPV6_MROUTE bool "IPv6: multicast routing" depends on IPV6 select IP_MROUTE_COMMON help Support for IPv6 multicast forwarding. If unsure, say N. config IPV6_MROUTE_MULTIPLE_TABLES bool "IPv6: multicast policy routing" depends on IPV6_MROUTE select FIB_RULES help Normally, a multicast router runs a userspace daemon and decides what to do with a multicast packet based on the source and destination addresses. If you say Y here, the multicast router will also be able to take interfaces and packet marks into account and run multiple instances of userspace daemons simultaneously, each one handling a single table. If unsure, say N. config IPV6_PIMSM_V2 bool "IPv6: PIM-SM version 2 support" depends on IPV6_MROUTE help Support for IPv6 PIM multicast routing protocol PIM-SMv2. If unsure, say N. config IPV6_SEG6_LWTUNNEL bool "IPv6: Segment Routing Header encapsulation support" depends on IPV6 select LWTUNNEL select DST_CACHE select IPV6_MULTIPLE_TABLES help Support for encapsulation of packets within an outer IPv6 header and a Segment Routing Header using the lightweight tunnels mechanism. Also enable support for advanced local processing of SRv6 packets based on their active segment. If unsure, say N. config IPV6_SEG6_HMAC bool "IPv6: Segment Routing HMAC support" depends on IPV6 select CRYPTO select CRYPTO_HMAC select CRYPTO_SHA1 select CRYPTO_SHA256 help Support for HMAC signature generation and verification of SR-enabled packets. If unsure, say N. config IPV6_SEG6_BPF def_bool y depends on IPV6_SEG6_LWTUNNEL depends on IPV6 = y config IPV6_RPL_LWTUNNEL bool "IPv6: RPL Source Routing Header support" depends on IPV6 select LWTUNNEL help Support for RFC6554 RPL Source Routing Header using the lightweight tunnels mechanism. If unsure, say N. config IPV6_IOAM6_LWTUNNEL bool "IPv6: IOAM Pre-allocated Trace insertion support" depends on IPV6 select LWTUNNEL select DST_CACHE help Support for the insertion of IOAM Pre-allocated Trace Header using the lightweight tunnels mechanism. If unsure, say N. endif # IPV6