2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2025-01-22 20:43:56 +08:00
linux-next/net/ipv6/Kconfig
David S. Miller 0e5f9d50ad Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
Steffen Klassert says:

====================
pull request (net): ipsec 2020-06-19

1) Fix double ESP trailer insertion in IPsec crypto offload if
   netif_xmit_frozen_or_stopped is true. From Huy Nguyen.

2) Merge fixup for "remove output_finish indirection from
   xfrm_state_afinfo". From Stephen Rothwell.

3) Select CRYPTO_SEQIV for ESP as this is needed for GCM and several
   other encryption algorithms. Also modernize the crypto algorithm
   selections for ESP and AH, remove those that are maked as "MUST NOT"
   and add those that are marked as "MUST" be implemented in RFC 8221.
   From Eric Biggers.

Please note the merge conflict between commit:

a7f7f6248d ("treewide: replace '---help---' in Kconfig files with 'help'")

from Linus' tree and commits:

7d4e391959 ("esp, ah: consolidate the crypto algorithm selections")
be01369859 ("esp, ah: modernize the crypto algorithm selections")

from the ipsec tree.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2020-06-19 13:03:47 -07:00

331 lines
9.4 KiB
Plaintext

# SPDX-License-Identifier: GPL-2.0-only
#
# IPv6 configuration
#
# IPv6 as module will cause a CRASH if you try to unload it
menuconfig IPV6
tristate "The IPv6 protocol"
default y
help
Support for IP version 6 (IPv6).
For general information about IPv6, see
<https://en.wikipedia.org/wiki/IPv6>.
For specific information about IPv6 under Linux, see
Documentation/networking/ipv6.rst and read the HOWTO at
<http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/>
To compile this protocol support as a module, choose M here: the
module will be called ipv6.
if IPV6
config IPV6_ROUTER_PREF
bool "IPv6: Router Preference (RFC 4191) support"
help
Router Preference is an optional extension to the Router
Advertisement message which improves the ability of hosts
to pick an appropriate router, especially when the hosts
are placed in a multi-homed network.
If unsure, say N.
config IPV6_ROUTE_INFO
bool "IPv6: Route Information (RFC 4191) support"
depends on IPV6_ROUTER_PREF
help
Support of Route Information.
If unsure, say N.
config IPV6_OPTIMISTIC_DAD
bool "IPv6: Enable RFC 4429 Optimistic DAD"
help
Support for optimistic Duplicate Address Detection. It allows for
autoconfigured addresses to be used more quickly.
If unsure, say N.
config INET6_AH
tristate "IPv6: AH transformation"
select XFRM_AH
help
Support for IPsec AH (Authentication Header).
AH can be used with various authentication algorithms. Besides
enabling AH support itself, this option enables the generic
implementations of the algorithms that RFC 8221 lists as MUST be
implemented. If you need any other algorithms, you'll need to enable
them in the crypto API. You should also enable accelerated
implementations of any needed algorithms when available.
If unsure, say Y.
config INET6_ESP
tristate "IPv6: ESP transformation"
select XFRM_ESP
help
Support for IPsec ESP (Encapsulating Security Payload).
ESP can be used with various encryption and authentication algorithms.
Besides enabling ESP support itself, this option enables the generic
implementations of the algorithms that RFC 8221 lists as MUST be
implemented. If you need any other algorithms, you'll need to enable
them in the crypto API. You should also enable accelerated
implementations of any needed algorithms when available.
If unsure, say Y.
config INET6_ESP_OFFLOAD
tristate "IPv6: ESP transformation offload"
depends on INET6_ESP
select XFRM_OFFLOAD
default n
help
Support for ESP transformation offload. This makes sense
only if this system really does IPsec and want to do it
with high throughput. A typical desktop system does not
need it, even if it does IPsec.
If unsure, say N.
config INET6_ESPINTCP
bool "IPv6: ESP in TCP encapsulation (RFC 8229)"
depends on XFRM && INET6_ESP
select STREAM_PARSER
select NET_SOCK_MSG
select XFRM_ESPINTCP
help
Support for RFC 8229 encapsulation of ESP and IKE over
TCP/IPv6 sockets.
If unsure, say N.
config INET6_IPCOMP
tristate "IPv6: IPComp transformation"
select INET6_XFRM_TUNNEL
select XFRM_IPCOMP
help
Support for IP Payload Compression Protocol (IPComp) (RFC3173),
typically needed for IPsec.
If unsure, say Y.
config IPV6_MIP6
tristate "IPv6: Mobility"
select XFRM
help
Support for IPv6 Mobility described in RFC 3775.
If unsure, say N.
config IPV6_ILA
tristate "IPv6: Identifier Locator Addressing (ILA)"
depends on NETFILTER
select DST_CACHE
select LWTUNNEL
help
Support for IPv6 Identifier Locator Addressing (ILA).
ILA is a mechanism to do network virtualization without
encapsulation. The basic concept of ILA is that we split an
IPv6 address into a 64 bit locator and 64 bit identifier. The
identifier is the identity of an entity in communication
("who") and the locator expresses the location of the
entity ("where").
ILA can be configured using the "encap ila" option with
"ip -6 route" command. ILA is described in
https://tools.ietf.org/html/draft-herbert-nvo3-ila-00.
If unsure, say N.
config INET6_XFRM_TUNNEL
tristate
select INET6_TUNNEL
default n
config INET6_TUNNEL
tristate
default n
config IPV6_VTI
tristate "Virtual (secure) IPv6: tunneling"
select IPV6_TUNNEL
select NET_IP_TUNNEL
select XFRM
help
Tunneling means encapsulating data of one protocol type within
another protocol and sending it over a channel that understands the
encapsulating protocol. This can be used with xfrm mode tunnel to give
the notion of a secure tunnel for IPSEC and then use routing protocol
on top.
config IPV6_SIT
tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
select INET_TUNNEL
select NET_IP_TUNNEL
select IPV6_NDISC_NODETYPE
default y
help
Tunneling means encapsulating data of one protocol type within
another protocol and sending it over a channel that understands the
encapsulating protocol. This driver implements encapsulation of IPv6
into IPv4 packets. This is useful if you want to connect two IPv6
networks over an IPv4-only path.
Saying M here will produce a module called sit. If unsure, say Y.
config IPV6_SIT_6RD
bool "IPv6: IPv6 Rapid Deployment (6RD)"
depends on IPV6_SIT
default n
help
IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon
mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly
deploy IPv6 unicast service to IPv4 sites to which it provides
customer premise equipment. Like 6to4, it utilizes stateless IPv6 in
IPv4 encapsulation in order to transit IPv4-only network
infrastructure. Unlike 6to4, a 6rd service provider uses an IPv6
prefix of its own in place of the fixed 6to4 prefix.
With this option enabled, the SIT driver offers 6rd functionality by
providing additional ioctl API to configure the IPv6 Prefix for in
stead of static 2002::/16 for 6to4.
If unsure, say N.
config IPV6_NDISC_NODETYPE
bool
config IPV6_TUNNEL
tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)"
select INET6_TUNNEL
select DST_CACHE
select GRO_CELLS
help
Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in
RFC 2473.
If unsure, say N.
config IPV6_GRE
tristate "IPv6: GRE tunnel"
select IPV6_TUNNEL
select NET_IP_TUNNEL
depends on NET_IPGRE_DEMUX
help
Tunneling means encapsulating data of one protocol type within
another protocol and sending it over a channel that understands the
encapsulating protocol. This particular tunneling driver implements
GRE (Generic Routing Encapsulation) and at this time allows
encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure.
This driver is useful if the other endpoint is a Cisco router: Cisco
likes GRE much better than the other Linux tunneling driver ("IP
tunneling" above). In addition, GRE allows multicast redistribution
through the tunnel.
Saying M here will produce a module called ip6_gre. If unsure, say N.
config IPV6_FOU
tristate
default NET_FOU && IPV6
config IPV6_FOU_TUNNEL
tristate
default NET_FOU_IP_TUNNELS && IPV6_FOU
select IPV6_TUNNEL
config IPV6_MULTIPLE_TABLES
bool "IPv6: Multiple Routing Tables"
select FIB_RULES
help
Support multiple routing tables.
config IPV6_SUBTREES
bool "IPv6: source address based routing"
depends on IPV6_MULTIPLE_TABLES
help
Enable routing by source address or prefix.
The destination address is still the primary routing key, so mixing
normal and source prefix specific routes in the same routing table
may sometimes lead to unintended routing behavior. This can be
avoided by defining different routing tables for the normal and
source prefix specific routes.
If unsure, say N.
config IPV6_MROUTE
bool "IPv6: multicast routing"
depends on IPV6
select IP_MROUTE_COMMON
help
Support for IPv6 multicast forwarding.
If unsure, say N.
config IPV6_MROUTE_MULTIPLE_TABLES
bool "IPv6: multicast policy routing"
depends on IPV6_MROUTE
select FIB_RULES
help
Normally, a multicast router runs a userspace daemon and decides
what to do with a multicast packet based on the source and
destination addresses. If you say Y here, the multicast router
will also be able to take interfaces and packet marks into
account and run multiple instances of userspace daemons
simultaneously, each one handling a single table.
If unsure, say N.
config IPV6_PIMSM_V2
bool "IPv6: PIM-SM version 2 support"
depends on IPV6_MROUTE
help
Support for IPv6 PIM multicast routing protocol PIM-SMv2.
If unsure, say N.
config IPV6_SEG6_LWTUNNEL
bool "IPv6: Segment Routing Header encapsulation support"
depends on IPV6
select LWTUNNEL
select DST_CACHE
select IPV6_MULTIPLE_TABLES
help
Support for encapsulation of packets within an outer IPv6
header and a Segment Routing Header using the lightweight
tunnels mechanism. Also enable support for advanced local
processing of SRv6 packets based on their active segment.
If unsure, say N.
config IPV6_SEG6_HMAC
bool "IPv6: Segment Routing HMAC support"
depends on IPV6
select CRYPTO_HMAC
select CRYPTO_SHA1
select CRYPTO_SHA256
help
Support for HMAC signature generation and verification
of SR-enabled packets.
If unsure, say N.
config IPV6_SEG6_BPF
def_bool y
depends on IPV6_SEG6_LWTUNNEL
depends on IPV6 = y
config IPV6_RPL_LWTUNNEL
bool "IPv6: RPL Source Routing Header support"
depends on IPV6
select LWTUNNEL
help
Support for RFC6554 RPL Source Routing Header using the lightweight
tunnels mechanism.
If unsure, say N.
endif # IPV6