1 # SPDX-License-Identifier: GPL-2.0-only
6 # IPv6 as module will cause a CRASH if you try to unload it
8 tristate "The IPv6 protocol"
11 Support for IP version 6 (IPv6).
13 For general information about IPv6, see
14 <https://en.wikipedia.org/wiki/IPv6>.
15 For specific information about IPv6 under Linux, see
16 Documentation/networking/ipv6.rst and read the HOWTO at
17 <https://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/>
19 To compile this protocol support as a module, choose M here: the
20 module will be called ipv6.
24 config IPV6_ROUTER_PREF
25 bool "IPv6: Router Preference (RFC 4191) support"
27 Router Preference is an optional extension to the Router
28 Advertisement message which improves the ability of hosts
29 to pick an appropriate router, especially when the hosts
30 are placed in a multi-homed network.
34 config IPV6_ROUTE_INFO
35 bool "IPv6: Route Information (RFC 4191) support"
36 depends on IPV6_ROUTER_PREF
38 Support of Route Information.
42 config IPV6_OPTIMISTIC_DAD
43 bool "IPv6: Enable RFC 4429 Optimistic DAD"
45 Support for optimistic Duplicate Address Detection. It allows for
46 autoconfigured addresses to be used more quickly.
51 tristate "IPv6: AH transformation"
54 Support for IPsec AH (Authentication Header).
56 AH can be used with various authentication algorithms. Besides
57 enabling AH support itself, this option enables the generic
58 implementations of the algorithms that RFC 8221 lists as MUST be
59 implemented. If you need any other algorithms, you'll need to enable
60 them in the crypto API. You should also enable accelerated
61 implementations of any needed algorithms when available.
66 tristate "IPv6: ESP transformation"
69 Support for IPsec ESP (Encapsulating Security Payload).
71 ESP can be used with various encryption and authentication algorithms.
72 Besides enabling ESP support itself, this option enables the generic
73 implementations of the algorithms that RFC 8221 lists as MUST be
74 implemented. If you need any other algorithms, you'll need to enable
75 them in the crypto API. You should also enable accelerated
76 implementations of any needed algorithms when available.
80 config INET6_ESP_OFFLOAD
81 tristate "IPv6: ESP transformation offload"
86 Support for ESP transformation offload. This makes sense
87 only if this system really does IPsec and want to do it
88 with high throughput. A typical desktop system does not
89 need it, even if it does IPsec.
94 bool "IPv6: ESP in TCP encapsulation (RFC 8229)"
95 depends on XFRM && INET6_ESP
100 Support for RFC 8229 encapsulation of ESP and IKE over
106 tristate "IPv6: IPComp transformation"
107 select INET6_XFRM_TUNNEL
110 Support for IP Payload Compression Protocol (IPComp) (RFC3173),
111 typically needed for IPsec.
116 tristate "IPv6: Mobility"
119 Support for IPv6 Mobility described in RFC 3775.
124 tristate "IPv6: Identifier Locator Addressing (ILA)"
129 Support for IPv6 Identifier Locator Addressing (ILA).
131 ILA is a mechanism to do network virtualization without
132 encapsulation. The basic concept of ILA is that we split an
133 IPv6 address into a 64 bit locator and 64 bit identifier. The
134 identifier is the identity of an entity in communication
135 ("who") and the locator expresses the location of the
138 ILA can be configured using the "encap ila" option with
139 "ip -6 route" command. ILA is described in
140 https://tools.ietf.org/html/draft-herbert-nvo3-ila-00.
144 config INET6_XFRM_TUNNEL
154 tristate "Virtual (secure) IPv6: tunneling"
159 Tunneling means encapsulating data of one protocol type within
160 another protocol and sending it over a channel that understands the
161 encapsulating protocol. This can be used with xfrm mode tunnel to give
162 the notion of a secure tunnel for IPSEC and then use routing protocol
166 tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
169 select IPV6_NDISC_NODETYPE
172 Tunneling means encapsulating data of one protocol type within
173 another protocol and sending it over a channel that understands the
174 encapsulating protocol. This driver implements encapsulation of IPv6
175 into IPv4 packets. This is useful if you want to connect two IPv6
176 networks over an IPv4-only path.
178 Saying M here will produce a module called sit. If unsure, say Y.
181 bool "IPv6: IPv6 Rapid Deployment (6RD)"
185 IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon
186 mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly
187 deploy IPv6 unicast service to IPv4 sites to which it provides
188 customer premise equipment. Like 6to4, it utilizes stateless IPv6 in
189 IPv4 encapsulation in order to transit IPv4-only network
190 infrastructure. Unlike 6to4, a 6rd service provider uses an IPv6
191 prefix of its own in place of the fixed 6to4 prefix.
193 With this option enabled, the SIT driver offers 6rd functionality by
194 providing additional ioctl API to configure the IPv6 Prefix for in
195 stead of static 2002::/16 for 6to4.
199 config IPV6_NDISC_NODETYPE
203 tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)"
208 Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in
214 tristate "IPv6: GRE tunnel"
217 depends on NET_IPGRE_DEMUX
219 Tunneling means encapsulating data of one protocol type within
220 another protocol and sending it over a channel that understands the
221 encapsulating protocol. This particular tunneling driver implements
222 GRE (Generic Routing Encapsulation) and at this time allows
223 encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure.
224 This driver is useful if the other endpoint is a Cisco router: Cisco
225 likes GRE much better than the other Linux tunneling driver ("IP
226 tunneling" above). In addition, GRE allows multicast redistribution
229 Saying M here will produce a module called ip6_gre. If unsure, say N.
233 default NET_FOU && IPV6
235 config IPV6_FOU_TUNNEL
237 default NET_FOU_IP_TUNNELS && IPV6_FOU
240 config IPV6_MULTIPLE_TABLES
241 bool "IPv6: Multiple Routing Tables"
244 Support multiple routing tables.
247 bool "IPv6: source address based routing"
248 depends on IPV6_MULTIPLE_TABLES
250 Enable routing by source address or prefix.
252 The destination address is still the primary routing key, so mixing
253 normal and source prefix specific routes in the same routing table
254 may sometimes lead to unintended routing behavior. This can be
255 avoided by defining different routing tables for the normal and
256 source prefix specific routes.
261 bool "IPv6: multicast routing"
263 select IP_MROUTE_COMMON
265 Support for IPv6 multicast forwarding.
268 config IPV6_MROUTE_MULTIPLE_TABLES
269 bool "IPv6: multicast policy routing"
270 depends on IPV6_MROUTE
273 Normally, a multicast router runs a userspace daemon and decides
274 what to do with a multicast packet based on the source and
275 destination addresses. If you say Y here, the multicast router
276 will also be able to take interfaces and packet marks into
277 account and run multiple instances of userspace daemons
278 simultaneously, each one handling a single table.
283 bool "IPv6: PIM-SM version 2 support"
284 depends on IPV6_MROUTE
286 Support for IPv6 PIM multicast routing protocol PIM-SMv2.
289 config IPV6_SEG6_LWTUNNEL
290 bool "IPv6: Segment Routing Header encapsulation support"
294 select IPV6_MULTIPLE_TABLES
296 Support for encapsulation of packets within an outer IPv6
297 header and a Segment Routing Header using the lightweight
298 tunnels mechanism. Also enable support for advanced local
299 processing of SRv6 packets based on their active segment.
303 config IPV6_SEG6_HMAC
304 bool "IPv6: Segment Routing HMAC support"
310 Support for HMAC signature generation and verification
311 of SR-enabled packets.
317 depends on IPV6_SEG6_LWTUNNEL
320 config IPV6_RPL_LWTUNNEL
321 bool "IPv6: RPL Source Routing Header support"
325 Support for RFC6554 RPL Source Routing Header using the lightweight