1 # SPDX-License-Identifier: GPL-2.0-only
6 # IPv6 as module will cause a CRASH if you try to unload it
8 tristate "The IPv6 protocol"
10 select CRYPTO_LIB_SHA1
12 Support for IP version 6 (IPv6).
14 For general information about IPv6, see
15 <https://en.wikipedia.org/wiki/IPv6>.
16 For specific information about IPv6 under Linux, see
17 Documentation/networking/ipv6.rst and read the HOWTO at
18 <https://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/>
20 To compile this protocol support as a module, choose M here: the
21 module will be called ipv6.
25 config IPV6_ROUTER_PREF
26 bool "IPv6: Router Preference (RFC 4191) support"
28 Router Preference is an optional extension to the Router
29 Advertisement message which improves the ability of hosts
30 to pick an appropriate router, especially when the hosts
31 are placed in a multi-homed network.
35 config IPV6_ROUTE_INFO
36 bool "IPv6: Route Information (RFC 4191) support"
37 depends on IPV6_ROUTER_PREF
39 Support of Route Information.
43 config IPV6_OPTIMISTIC_DAD
44 bool "IPv6: Enable RFC 4429 Optimistic DAD"
46 Support for optimistic Duplicate Address Detection. It allows for
47 autoconfigured addresses to be used more quickly.
52 tristate "IPv6: AH transformation"
55 Support for IPsec AH (Authentication Header).
57 AH can be used with various authentication algorithms. Besides
58 enabling AH support itself, this option enables the generic
59 implementations of the algorithms that RFC 8221 lists as MUST be
60 implemented. If you need any other algorithms, you'll need to enable
61 them in the crypto API. You should also enable accelerated
62 implementations of any needed algorithms when available.
67 tristate "IPv6: ESP transformation"
70 Support for IPsec ESP (Encapsulating Security Payload).
72 ESP can be used with various encryption and authentication algorithms.
73 Besides enabling ESP support itself, this option enables the generic
74 implementations of the algorithms that RFC 8221 lists as MUST be
75 implemented. If you need any other algorithms, you'll need to enable
76 them in the crypto API. You should also enable accelerated
77 implementations of any needed algorithms when available.
81 config INET6_ESP_OFFLOAD
82 tristate "IPv6: ESP transformation offload"
87 Support for ESP transformation offload. This makes sense
88 only if this system really does IPsec and want to do it
89 with high throughput. A typical desktop system does not
90 need it, even if it does IPsec.
95 bool "IPv6: ESP in TCP encapsulation (RFC 8229)"
96 depends on XFRM && INET6_ESP
101 Support for RFC 8229 encapsulation of ESP and IKE over
107 tristate "IPv6: IPComp transformation"
108 select INET6_XFRM_TUNNEL
111 Support for IP Payload Compression Protocol (IPComp) (RFC3173),
112 typically needed for IPsec.
117 tristate "IPv6: Mobility"
120 Support for IPv6 Mobility described in RFC 3775.
125 tristate "IPv6: Identifier Locator Addressing (ILA)"
130 Support for IPv6 Identifier Locator Addressing (ILA).
132 ILA is a mechanism to do network virtualization without
133 encapsulation. The basic concept of ILA is that we split an
134 IPv6 address into a 64 bit locator and 64 bit identifier. The
135 identifier is the identity of an entity in communication
136 ("who") and the locator expresses the location of the
139 ILA can be configured using the "encap ila" option with
140 "ip -6 route" command. ILA is described in
141 https://tools.ietf.org/html/draft-herbert-nvo3-ila-00.
145 config INET6_XFRM_TUNNEL
155 tristate "Virtual (secure) IPv6: tunneling"
160 Tunneling means encapsulating data of one protocol type within
161 another protocol and sending it over a channel that understands the
162 encapsulating protocol. This can be used with xfrm mode tunnel to give
163 the notion of a secure tunnel for IPSEC and then use routing protocol
167 tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
170 select IPV6_NDISC_NODETYPE
173 Tunneling means encapsulating data of one protocol type within
174 another protocol and sending it over a channel that understands the
175 encapsulating protocol. This driver implements encapsulation of IPv6
176 into IPv4 packets. This is useful if you want to connect two IPv6
177 networks over an IPv4-only path.
179 Saying M here will produce a module called sit. If unsure, say Y.
182 bool "IPv6: IPv6 Rapid Deployment (6RD)"
186 IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon
187 mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly
188 deploy IPv6 unicast service to IPv4 sites to which it provides
189 customer premise equipment. Like 6to4, it utilizes stateless IPv6 in
190 IPv4 encapsulation in order to transit IPv4-only network
191 infrastructure. Unlike 6to4, a 6rd service provider uses an IPv6
192 prefix of its own in place of the fixed 6to4 prefix.
194 With this option enabled, the SIT driver offers 6rd functionality by
195 providing additional ioctl API to configure the IPv6 Prefix for in
196 stead of static 2002::/16 for 6to4.
200 config IPV6_NDISC_NODETYPE
204 tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)"
209 Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in
215 tristate "IPv6: GRE tunnel"
218 depends on NET_IPGRE_DEMUX
220 Tunneling means encapsulating data of one protocol type within
221 another protocol and sending it over a channel that understands the
222 encapsulating protocol. This particular tunneling driver implements
223 GRE (Generic Routing Encapsulation) and at this time allows
224 encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure.
225 This driver is useful if the other endpoint is a Cisco router: Cisco
226 likes GRE much better than the other Linux tunneling driver ("IP
227 tunneling" above). In addition, GRE allows multicast redistribution
230 Saying M here will produce a module called ip6_gre. If unsure, say N.
234 default NET_FOU && IPV6
236 config IPV6_FOU_TUNNEL
238 default NET_FOU_IP_TUNNELS && IPV6_FOU
241 config IPV6_MULTIPLE_TABLES
242 bool "IPv6: Multiple Routing Tables"
245 Support multiple routing tables.
248 bool "IPv6: source address based routing"
249 depends on IPV6_MULTIPLE_TABLES
251 Enable routing by source address or prefix.
253 The destination address is still the primary routing key, so mixing
254 normal and source prefix specific routes in the same routing table
255 may sometimes lead to unintended routing behavior. This can be
256 avoided by defining different routing tables for the normal and
257 source prefix specific routes.
262 bool "IPv6: multicast routing"
264 select IP_MROUTE_COMMON
266 Support for IPv6 multicast forwarding.
269 config IPV6_MROUTE_MULTIPLE_TABLES
270 bool "IPv6: multicast policy routing"
271 depends on IPV6_MROUTE
274 Normally, a multicast router runs a userspace daemon and decides
275 what to do with a multicast packet based on the source and
276 destination addresses. If you say Y here, the multicast router
277 will also be able to take interfaces and packet marks into
278 account and run multiple instances of userspace daemons
279 simultaneously, each one handling a single table.
284 bool "IPv6: PIM-SM version 2 support"
285 depends on IPV6_MROUTE
287 Support for IPv6 PIM multicast routing protocol PIM-SMv2.
290 config IPV6_SEG6_LWTUNNEL
291 bool "IPv6: Segment Routing Header encapsulation support"
295 select IPV6_MULTIPLE_TABLES
297 Support for encapsulation of packets within an outer IPv6
298 header and a Segment Routing Header using the lightweight
299 tunnels mechanism. Also enable support for advanced local
300 processing of SRv6 packets based on their active segment.
304 config IPV6_SEG6_HMAC
305 bool "IPv6: Segment Routing HMAC support"
312 Support for HMAC signature generation and verification
313 of SR-enabled packets.
319 depends on IPV6_SEG6_LWTUNNEL
322 config IPV6_RPL_LWTUNNEL
323 bool "IPv6: RPL Source Routing Header support"
328 Support for RFC6554 RPL Source Routing Header using the lightweight
333 config IPV6_IOAM6_LWTUNNEL
334 bool "IPv6: IOAM Pre-allocated Trace insertion support"
339 Support for the insertion of IOAM Pre-allocated Trace
340 Header using the lightweight tunnels mechanism.