d7a669dd2f
This patch adds three helper functions to be used with the seg6local packet processing actions. The decap_and_validate() function will be used by the End.D* actions, that decapsulate an SR-enabled packet. The advance_nextseg() function applies the fundamental operations to update an SRH for the next segment. The lookup_nexthop() function helps select the next-hop for the processed SR packets. It supports an optional next-hop address to route the packet specifically through it, and an optional routing table to use. Signed-off-by: David Lebrun <david.lebrun@uclouvain.be> Signed-off-by: David S. Miller <davem@davemloft.net>
333 lines
9.0 KiB
Plaintext
333 lines
9.0 KiB
Plaintext
#
|
|
# IPv6 configuration
|
|
#
|
|
|
|
# IPv6 as module will cause a CRASH if you try to unload it
|
|
menuconfig IPV6
|
|
tristate "The IPv6 protocol"
|
|
default y
|
|
---help---
|
|
Support for IP version 6 (IPv6).
|
|
|
|
For general information about IPv6, see
|
|
<https://en.wikipedia.org/wiki/IPv6>.
|
|
For specific information about IPv6 under Linux, see
|
|
Documentation/networking/ipv6.txt and read the HOWTO at
|
|
<http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/>
|
|
|
|
To compile this protocol support as a module, choose M here: the
|
|
module will be called ipv6.
|
|
|
|
if IPV6
|
|
|
|
config IPV6_ROUTER_PREF
|
|
bool "IPv6: Router Preference (RFC 4191) support"
|
|
---help---
|
|
Router Preference is an optional extension to the Router
|
|
Advertisement message which improves the ability of hosts
|
|
to pick an appropriate router, especially when the hosts
|
|
are placed in a multi-homed network.
|
|
|
|
If unsure, say N.
|
|
|
|
config IPV6_ROUTE_INFO
|
|
bool "IPv6: Route Information (RFC 4191) support"
|
|
depends on IPV6_ROUTER_PREF
|
|
---help---
|
|
This is experimental support of Route Information.
|
|
|
|
If unsure, say N.
|
|
|
|
config IPV6_OPTIMISTIC_DAD
|
|
bool "IPv6: Enable RFC 4429 Optimistic DAD"
|
|
---help---
|
|
This is experimental support for optimistic Duplicate
|
|
Address Detection. It allows for autoconfigured addresses
|
|
to be used more quickly.
|
|
|
|
If unsure, say N.
|
|
|
|
config INET6_AH
|
|
tristate "IPv6: AH transformation"
|
|
select XFRM_ALGO
|
|
select CRYPTO
|
|
select CRYPTO_HMAC
|
|
select CRYPTO_MD5
|
|
select CRYPTO_SHA1
|
|
---help---
|
|
Support for IPsec AH.
|
|
|
|
If unsure, say Y.
|
|
|
|
config INET6_ESP
|
|
tristate "IPv6: ESP transformation"
|
|
select XFRM_ALGO
|
|
select CRYPTO
|
|
select CRYPTO_AUTHENC
|
|
select CRYPTO_HMAC
|
|
select CRYPTO_MD5
|
|
select CRYPTO_CBC
|
|
select CRYPTO_SHA1
|
|
select CRYPTO_DES
|
|
select CRYPTO_ECHAINIV
|
|
---help---
|
|
Support for IPsec ESP.
|
|
|
|
If unsure, say Y.
|
|
|
|
config INET6_ESP_OFFLOAD
|
|
tristate "IPv6: ESP transformation offload"
|
|
depends on INET6_ESP
|
|
select XFRM_OFFLOAD
|
|
default n
|
|
---help---
|
|
Support for ESP transformation offload. This makes sense
|
|
only if this system really does IPsec and want to do it
|
|
with high throughput. A typical desktop system does not
|
|
need it, even if it does IPsec.
|
|
|
|
If unsure, say N.
|
|
|
|
config INET6_IPCOMP
|
|
tristate "IPv6: IPComp transformation"
|
|
select INET6_XFRM_TUNNEL
|
|
select XFRM_IPCOMP
|
|
---help---
|
|
Support for IP Payload Compression Protocol (IPComp) (RFC3173),
|
|
typically needed for IPsec.
|
|
|
|
If unsure, say Y.
|
|
|
|
config IPV6_MIP6
|
|
tristate "IPv6: Mobility"
|
|
select XFRM
|
|
---help---
|
|
Support for IPv6 Mobility described in RFC 3775.
|
|
|
|
If unsure, say N.
|
|
|
|
config IPV6_ILA
|
|
tristate "IPv6: Identifier Locator Addressing (ILA)"
|
|
depends on NETFILTER
|
|
select LWTUNNEL
|
|
---help---
|
|
Support for IPv6 Identifier Locator Addressing (ILA).
|
|
|
|
ILA is a mechanism to do network virtualization without
|
|
encapsulation. The basic concept of ILA is that we split an
|
|
IPv6 address into a 64 bit locator and 64 bit identifier. The
|
|
identifier is the identity of an entity in communication
|
|
("who") and the locator expresses the location of the
|
|
entity ("where").
|
|
|
|
ILA can be configured using the "encap ila" option with
|
|
"ip -6 route" command. ILA is described in
|
|
https://tools.ietf.org/html/draft-herbert-nvo3-ila-00.
|
|
|
|
If unsure, say N.
|
|
|
|
config INET6_XFRM_TUNNEL
|
|
tristate
|
|
select INET6_TUNNEL
|
|
default n
|
|
|
|
config INET6_TUNNEL
|
|
tristate
|
|
default n
|
|
|
|
config INET6_XFRM_MODE_TRANSPORT
|
|
tristate "IPv6: IPsec transport mode"
|
|
default IPV6
|
|
select XFRM
|
|
---help---
|
|
Support for IPsec transport mode.
|
|
|
|
If unsure, say Y.
|
|
|
|
config INET6_XFRM_MODE_TUNNEL
|
|
tristate "IPv6: IPsec tunnel mode"
|
|
default IPV6
|
|
select XFRM
|
|
---help---
|
|
Support for IPsec tunnel mode.
|
|
|
|
If unsure, say Y.
|
|
|
|
config INET6_XFRM_MODE_BEET
|
|
tristate "IPv6: IPsec BEET mode"
|
|
default IPV6
|
|
select XFRM
|
|
---help---
|
|
Support for IPsec BEET mode.
|
|
|
|
If unsure, say Y.
|
|
|
|
config INET6_XFRM_MODE_ROUTEOPTIMIZATION
|
|
tristate "IPv6: MIPv6 route optimization mode"
|
|
select XFRM
|
|
---help---
|
|
Support for MIPv6 route optimization mode.
|
|
|
|
config IPV6_VTI
|
|
tristate "Virtual (secure) IPv6: tunneling"
|
|
select IPV6_TUNNEL
|
|
select NET_IP_TUNNEL
|
|
depends on INET6_XFRM_MODE_TUNNEL
|
|
---help---
|
|
Tunneling means encapsulating data of one protocol type within
|
|
another protocol and sending it over a channel that understands the
|
|
encapsulating protocol. This can be used with xfrm mode tunnel to give
|
|
the notion of a secure tunnel for IPSEC and then use routing protocol
|
|
on top.
|
|
|
|
config IPV6_SIT
|
|
tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
|
|
select INET_TUNNEL
|
|
select NET_IP_TUNNEL
|
|
select IPV6_NDISC_NODETYPE
|
|
default y
|
|
---help---
|
|
Tunneling means encapsulating data of one protocol type within
|
|
another protocol and sending it over a channel that understands the
|
|
encapsulating protocol. This driver implements encapsulation of IPv6
|
|
into IPv4 packets. This is useful if you want to connect two IPv6
|
|
networks over an IPv4-only path.
|
|
|
|
Saying M here will produce a module called sit. If unsure, say Y.
|
|
|
|
config IPV6_SIT_6RD
|
|
bool "IPv6: IPv6 Rapid Deployment (6RD)"
|
|
depends on IPV6_SIT
|
|
default n
|
|
---help---
|
|
IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon
|
|
mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly
|
|
deploy IPv6 unicast service to IPv4 sites to which it provides
|
|
customer premise equipment. Like 6to4, it utilizes stateless IPv6 in
|
|
IPv4 encapsulation in order to transit IPv4-only network
|
|
infrastructure. Unlike 6to4, a 6rd service provider uses an IPv6
|
|
prefix of its own in place of the fixed 6to4 prefix.
|
|
|
|
With this option enabled, the SIT driver offers 6rd functionality by
|
|
providing additional ioctl API to configure the IPv6 Prefix for in
|
|
stead of static 2002::/16 for 6to4.
|
|
|
|
If unsure, say N.
|
|
|
|
config IPV6_NDISC_NODETYPE
|
|
bool
|
|
|
|
config IPV6_TUNNEL
|
|
tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)"
|
|
select INET6_TUNNEL
|
|
select DST_CACHE
|
|
select GRO_CELLS
|
|
---help---
|
|
Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in
|
|
RFC 2473.
|
|
|
|
If unsure, say N.
|
|
|
|
config IPV6_GRE
|
|
tristate "IPv6: GRE tunnel"
|
|
select IPV6_TUNNEL
|
|
select NET_IP_TUNNEL
|
|
depends on NET_IPGRE_DEMUX
|
|
---help---
|
|
Tunneling means encapsulating data of one protocol type within
|
|
another protocol and sending it over a channel that understands the
|
|
encapsulating protocol. This particular tunneling driver implements
|
|
GRE (Generic Routing Encapsulation) and at this time allows
|
|
encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure.
|
|
This driver is useful if the other endpoint is a Cisco router: Cisco
|
|
likes GRE much better than the other Linux tunneling driver ("IP
|
|
tunneling" above). In addition, GRE allows multicast redistribution
|
|
through the tunnel.
|
|
|
|
Saying M here will produce a module called ip6_gre. If unsure, say N.
|
|
|
|
config IPV6_FOU
|
|
tristate
|
|
default NET_FOU && IPV6
|
|
|
|
config IPV6_FOU_TUNNEL
|
|
tristate
|
|
default NET_FOU_IP_TUNNELS && IPV6_FOU
|
|
select IPV6_TUNNEL
|
|
|
|
config IPV6_MULTIPLE_TABLES
|
|
bool "IPv6: Multiple Routing Tables"
|
|
select FIB_RULES
|
|
---help---
|
|
Support multiple routing tables.
|
|
|
|
config IPV6_SUBTREES
|
|
bool "IPv6: source address based routing"
|
|
depends on IPV6_MULTIPLE_TABLES
|
|
---help---
|
|
Enable routing by source address or prefix.
|
|
|
|
The destination address is still the primary routing key, so mixing
|
|
normal and source prefix specific routes in the same routing table
|
|
may sometimes lead to unintended routing behavior. This can be
|
|
avoided by defining different routing tables for the normal and
|
|
source prefix specific routes.
|
|
|
|
If unsure, say N.
|
|
|
|
config IPV6_MROUTE
|
|
bool "IPv6: multicast routing"
|
|
depends on IPV6
|
|
---help---
|
|
Experimental support for IPv6 multicast forwarding.
|
|
If unsure, say N.
|
|
|
|
config IPV6_MROUTE_MULTIPLE_TABLES
|
|
bool "IPv6: multicast policy routing"
|
|
depends on IPV6_MROUTE
|
|
select FIB_RULES
|
|
help
|
|
Normally, a multicast router runs a userspace daemon and decides
|
|
what to do with a multicast packet based on the source and
|
|
destination addresses. If you say Y here, the multicast router
|
|
will also be able to take interfaces and packet marks into
|
|
account and run multiple instances of userspace daemons
|
|
simultaneously, each one handling a single table.
|
|
|
|
If unsure, say N.
|
|
|
|
config IPV6_PIMSM_V2
|
|
bool "IPv6: PIM-SM version 2 support"
|
|
depends on IPV6_MROUTE
|
|
---help---
|
|
Support for IPv6 PIM multicast routing protocol PIM-SMv2.
|
|
If unsure, say N.
|
|
|
|
config IPV6_SEG6_LWTUNNEL
|
|
bool "IPv6: Segment Routing Header encapsulation support"
|
|
depends on IPV6
|
|
select LWTUNNEL
|
|
select DST_CACHE
|
|
select IPV6_MULTIPLE_TABLES
|
|
---help---
|
|
Support for encapsulation of packets within an outer IPv6
|
|
header and a Segment Routing Header using the lightweight
|
|
tunnels mechanism. Also enable support for advanced local
|
|
processing of SRv6 packets based on their active segment.
|
|
|
|
If unsure, say N.
|
|
|
|
config IPV6_SEG6_HMAC
|
|
bool "IPv6: Segment Routing HMAC support"
|
|
depends on IPV6
|
|
select CRYPTO_HMAC
|
|
select CRYPTO_SHA1
|
|
select CRYPTO_SHA256
|
|
---help---
|
|
Support for HMAC signature generation and verification
|
|
of SR-enabled packets.
|
|
|
|
If unsure, say N.
|
|
|
|
endif # IPV6
|