mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-12-18 00:24:58 +08:00
32b6170ca5
The ESP algorithms using CBC mode require echainiv. Hence INET*_ESP have to select CRYPTO_ECHAINIV in order to work properly. This solves the issues caused by a misconfiguration as described in [1]. The original approach, patching crypto/Kconfig was turned down by Herbert Xu [2]. [1] https://lists.strongswan.org/pipermail/users/2015-December/009074.html [2] http://marc.info/?l=linux-crypto-vger&m=145224655809562&w=2 Signed-off-by: Thomas Egerer <hakke_007@gmx.de> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
282 lines
7.7 KiB
Plaintext
282 lines
7.7 KiB
Plaintext
#
|
|
# IPv6 configuration
|
|
#
|
|
|
|
# IPv6 as module will cause a CRASH if you try to unload it
|
|
menuconfig IPV6
|
|
tristate "The IPv6 protocol"
|
|
default y
|
|
---help---
|
|
Support for IP version 6 (IPv6).
|
|
|
|
For general information about IPv6, see
|
|
<https://en.wikipedia.org/wiki/IPv6>.
|
|
For specific information about IPv6 under Linux, see
|
|
Documentation/networking/ipv6.txt and read the HOWTO at
|
|
<http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/>
|
|
|
|
To compile this protocol support as a module, choose M here: the
|
|
module will be called ipv6.
|
|
|
|
if IPV6
|
|
|
|
config IPV6_ROUTER_PREF
|
|
bool "IPv6: Router Preference (RFC 4191) support"
|
|
---help---
|
|
Router Preference is an optional extension to the Router
|
|
Advertisement message which improves the ability of hosts
|
|
to pick an appropriate router, especially when the hosts
|
|
are placed in a multi-homed network.
|
|
|
|
If unsure, say N.
|
|
|
|
config IPV6_ROUTE_INFO
|
|
bool "IPv6: Route Information (RFC 4191) support"
|
|
depends on IPV6_ROUTER_PREF
|
|
---help---
|
|
This is experimental support of Route Information.
|
|
|
|
If unsure, say N.
|
|
|
|
config IPV6_OPTIMISTIC_DAD
|
|
bool "IPv6: Enable RFC 4429 Optimistic DAD"
|
|
---help---
|
|
This is experimental support for optimistic Duplicate
|
|
Address Detection. It allows for autoconfigured addresses
|
|
to be used more quickly.
|
|
|
|
If unsure, say N.
|
|
|
|
config INET6_AH
|
|
tristate "IPv6: AH transformation"
|
|
select XFRM_ALGO
|
|
select CRYPTO
|
|
select CRYPTO_HMAC
|
|
select CRYPTO_MD5
|
|
select CRYPTO_SHA1
|
|
---help---
|
|
Support for IPsec AH.
|
|
|
|
If unsure, say Y.
|
|
|
|
config INET6_ESP
|
|
tristate "IPv6: ESP transformation"
|
|
select XFRM_ALGO
|
|
select CRYPTO
|
|
select CRYPTO_AUTHENC
|
|
select CRYPTO_HMAC
|
|
select CRYPTO_MD5
|
|
select CRYPTO_CBC
|
|
select CRYPTO_SHA1
|
|
select CRYPTO_DES
|
|
select CRYPTO_ECHAINIV
|
|
---help---
|
|
Support for IPsec ESP.
|
|
|
|
If unsure, say Y.
|
|
|
|
config INET6_IPCOMP
|
|
tristate "IPv6: IPComp transformation"
|
|
select INET6_XFRM_TUNNEL
|
|
select XFRM_IPCOMP
|
|
---help---
|
|
Support for IP Payload Compression Protocol (IPComp) (RFC3173),
|
|
typically needed for IPsec.
|
|
|
|
If unsure, say Y.
|
|
|
|
config IPV6_MIP6
|
|
tristate "IPv6: Mobility"
|
|
select XFRM
|
|
---help---
|
|
Support for IPv6 Mobility described in RFC 3775.
|
|
|
|
If unsure, say N.
|
|
|
|
config IPV6_ILA
|
|
tristate "IPv6: Identifier Locator Addressing (ILA)"
|
|
depends on NETFILTER
|
|
select LWTUNNEL
|
|
---help---
|
|
Support for IPv6 Identifier Locator Addressing (ILA).
|
|
|
|
ILA is a mechanism to do network virtualization without
|
|
encapsulation. The basic concept of ILA is that we split an
|
|
IPv6 address into a 64 bit locator and 64 bit identifier. The
|
|
identifier is the identity of an entity in communication
|
|
("who") and the locator expresses the location of the
|
|
entity ("where").
|
|
|
|
ILA can be configured using the "encap ila" option with
|
|
"ip -6 route" command. ILA is described in
|
|
https://tools.ietf.org/html/draft-herbert-nvo3-ila-00.
|
|
|
|
If unsure, say N.
|
|
|
|
config INET6_XFRM_TUNNEL
|
|
tristate
|
|
select INET6_TUNNEL
|
|
default n
|
|
|
|
config INET6_TUNNEL
|
|
tristate
|
|
default n
|
|
|
|
config INET6_XFRM_MODE_TRANSPORT
|
|
tristate "IPv6: IPsec transport mode"
|
|
default IPV6
|
|
select XFRM
|
|
---help---
|
|
Support for IPsec transport mode.
|
|
|
|
If unsure, say Y.
|
|
|
|
config INET6_XFRM_MODE_TUNNEL
|
|
tristate "IPv6: IPsec tunnel mode"
|
|
default IPV6
|
|
select XFRM
|
|
---help---
|
|
Support for IPsec tunnel mode.
|
|
|
|
If unsure, say Y.
|
|
|
|
config INET6_XFRM_MODE_BEET
|
|
tristate "IPv6: IPsec BEET mode"
|
|
default IPV6
|
|
select XFRM
|
|
---help---
|
|
Support for IPsec BEET mode.
|
|
|
|
If unsure, say Y.
|
|
|
|
config INET6_XFRM_MODE_ROUTEOPTIMIZATION
|
|
tristate "IPv6: MIPv6 route optimization mode"
|
|
select XFRM
|
|
---help---
|
|
Support for MIPv6 route optimization mode.
|
|
|
|
config IPV6_VTI
|
|
tristate "Virtual (secure) IPv6: tunneling"
|
|
select IPV6_TUNNEL
|
|
select NET_IP_TUNNEL
|
|
depends on INET6_XFRM_MODE_TUNNEL
|
|
---help---
|
|
Tunneling means encapsulating data of one protocol type within
|
|
another protocol and sending it over a channel that understands the
|
|
encapsulating protocol. This can be used with xfrm mode tunnel to give
|
|
the notion of a secure tunnel for IPSEC and then use routing protocol
|
|
on top.
|
|
|
|
config IPV6_SIT
|
|
tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
|
|
select INET_TUNNEL
|
|
select NET_IP_TUNNEL
|
|
select IPV6_NDISC_NODETYPE
|
|
default y
|
|
---help---
|
|
Tunneling means encapsulating data of one protocol type within
|
|
another protocol and sending it over a channel that understands the
|
|
encapsulating protocol. This driver implements encapsulation of IPv6
|
|
into IPv4 packets. This is useful if you want to connect two IPv6
|
|
networks over an IPv4-only path.
|
|
|
|
Saying M here will produce a module called sit. If unsure, say Y.
|
|
|
|
config IPV6_SIT_6RD
|
|
bool "IPv6: IPv6 Rapid Deployment (6RD)"
|
|
depends on IPV6_SIT
|
|
default n
|
|
---help---
|
|
IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon
|
|
mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly
|
|
deploy IPv6 unicast service to IPv4 sites to which it provides
|
|
customer premise equipment. Like 6to4, it utilizes stateless IPv6 in
|
|
IPv4 encapsulation in order to transit IPv4-only network
|
|
infrastructure. Unlike 6to4, a 6rd service provider uses an IPv6
|
|
prefix of its own in place of the fixed 6to4 prefix.
|
|
|
|
With this option enabled, the SIT driver offers 6rd functionality by
|
|
providing additional ioctl API to configure the IPv6 Prefix for in
|
|
stead of static 2002::/16 for 6to4.
|
|
|
|
If unsure, say N.
|
|
|
|
config IPV6_NDISC_NODETYPE
|
|
bool
|
|
|
|
config IPV6_TUNNEL
|
|
tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)"
|
|
select INET6_TUNNEL
|
|
---help---
|
|
Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in
|
|
RFC 2473.
|
|
|
|
If unsure, say N.
|
|
|
|
config IPV6_GRE
|
|
tristate "IPv6: GRE tunnel"
|
|
select IPV6_TUNNEL
|
|
select NET_IP_TUNNEL
|
|
---help---
|
|
Tunneling means encapsulating data of one protocol type within
|
|
another protocol and sending it over a channel that understands the
|
|
encapsulating protocol. This particular tunneling driver implements
|
|
GRE (Generic Routing Encapsulation) and at this time allows
|
|
encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure.
|
|
This driver is useful if the other endpoint is a Cisco router: Cisco
|
|
likes GRE much better than the other Linux tunneling driver ("IP
|
|
tunneling" above). In addition, GRE allows multicast redistribution
|
|
through the tunnel.
|
|
|
|
Saying M here will produce a module called ip6_gre. If unsure, say N.
|
|
|
|
config IPV6_MULTIPLE_TABLES
|
|
bool "IPv6: Multiple Routing Tables"
|
|
select FIB_RULES
|
|
---help---
|
|
Support multiple routing tables.
|
|
|
|
config IPV6_SUBTREES
|
|
bool "IPv6: source address based routing"
|
|
depends on IPV6_MULTIPLE_TABLES
|
|
---help---
|
|
Enable routing by source address or prefix.
|
|
|
|
The destination address is still the primary routing key, so mixing
|
|
normal and source prefix specific routes in the same routing table
|
|
may sometimes lead to unintended routing behavior. This can be
|
|
avoided by defining different routing tables for the normal and
|
|
source prefix specific routes.
|
|
|
|
If unsure, say N.
|
|
|
|
config IPV6_MROUTE
|
|
bool "IPv6: multicast routing"
|
|
depends on IPV6
|
|
---help---
|
|
Experimental support for IPv6 multicast forwarding.
|
|
If unsure, say N.
|
|
|
|
config IPV6_MROUTE_MULTIPLE_TABLES
|
|
bool "IPv6: multicast policy routing"
|
|
depends on IPV6_MROUTE
|
|
select FIB_RULES
|
|
help
|
|
Normally, a multicast router runs a userspace daemon and decides
|
|
what to do with a multicast packet based on the source and
|
|
destination addresses. If you say Y here, the multicast router
|
|
will also be able to take interfaces and packet marks into
|
|
account and run multiple instances of userspace daemons
|
|
simultaneously, each one handling a single table.
|
|
|
|
If unsure, say N.
|
|
|
|
config IPV6_PIMSM_V2
|
|
bool "IPv6: PIM-SM version 2 support"
|
|
depends on IPV6_MROUTE
|
|
---help---
|
|
Support for IPv6 PIM multicast routing protocol PIM-SMv2.
|
|
If unsure, say N.
|
|
|
|
endif # IPV6
|