mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-12-26 04:45:36 +07:00
7a6498ebcd
Rationale: Reduces attack surface on kernel devs opening the links for MITM as HTTPS traffic is much harder to manipulate. Deterministic algorithm: For each file: If not .svg: For each line: If doesn't contain `\bxmlns\b`: For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: If both the HTTP and HTTPS versions return 200 OK and serve the same content: Replace HTTP with HTTPS. Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de> Signed-off-by: David S. Miller <davem@davemloft.net>
331 lines
9.4 KiB
Plaintext
331 lines
9.4 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0-only
|
|
#
|
|
# IPv6 configuration
|
|
#
|
|
|
|
# IPv6 as module will cause a CRASH if you try to unload it
|
|
menuconfig IPV6
|
|
tristate "The IPv6 protocol"
|
|
default y
|
|
help
|
|
Support for IP version 6 (IPv6).
|
|
|
|
For general information about IPv6, see
|
|
<https://en.wikipedia.org/wiki/IPv6>.
|
|
For specific information about IPv6 under Linux, see
|
|
Documentation/networking/ipv6.rst and read the HOWTO at
|
|
<https://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/>
|
|
|
|
To compile this protocol support as a module, choose M here: the
|
|
module will be called ipv6.
|
|
|
|
if IPV6
|
|
|
|
config IPV6_ROUTER_PREF
|
|
bool "IPv6: Router Preference (RFC 4191) support"
|
|
help
|
|
Router Preference is an optional extension to the Router
|
|
Advertisement message which improves the ability of hosts
|
|
to pick an appropriate router, especially when the hosts
|
|
are placed in a multi-homed network.
|
|
|
|
If unsure, say N.
|
|
|
|
config IPV6_ROUTE_INFO
|
|
bool "IPv6: Route Information (RFC 4191) support"
|
|
depends on IPV6_ROUTER_PREF
|
|
help
|
|
Support of Route Information.
|
|
|
|
If unsure, say N.
|
|
|
|
config IPV6_OPTIMISTIC_DAD
|
|
bool "IPv6: Enable RFC 4429 Optimistic DAD"
|
|
help
|
|
Support for optimistic Duplicate Address Detection. It allows for
|
|
autoconfigured addresses to be used more quickly.
|
|
|
|
If unsure, say N.
|
|
|
|
config INET6_AH
|
|
tristate "IPv6: AH transformation"
|
|
select XFRM_AH
|
|
help
|
|
Support for IPsec AH (Authentication Header).
|
|
|
|
AH can be used with various authentication algorithms. Besides
|
|
enabling AH support itself, this option enables the generic
|
|
implementations of the algorithms that RFC 8221 lists as MUST be
|
|
implemented. If you need any other algorithms, you'll need to enable
|
|
them in the crypto API. You should also enable accelerated
|
|
implementations of any needed algorithms when available.
|
|
|
|
If unsure, say Y.
|
|
|
|
config INET6_ESP
|
|
tristate "IPv6: ESP transformation"
|
|
select XFRM_ESP
|
|
help
|
|
Support for IPsec ESP (Encapsulating Security Payload).
|
|
|
|
ESP can be used with various encryption and authentication algorithms.
|
|
Besides enabling ESP support itself, this option enables the generic
|
|
implementations of the algorithms that RFC 8221 lists as MUST be
|
|
implemented. If you need any other algorithms, you'll need to enable
|
|
them in the crypto API. You should also enable accelerated
|
|
implementations of any needed algorithms when available.
|
|
|
|
If unsure, say Y.
|
|
|
|
config INET6_ESP_OFFLOAD
|
|
tristate "IPv6: ESP transformation offload"
|
|
depends on INET6_ESP
|
|
select XFRM_OFFLOAD
|
|
default n
|
|
help
|
|
Support for ESP transformation offload. This makes sense
|
|
only if this system really does IPsec and want to do it
|
|
with high throughput. A typical desktop system does not
|
|
need it, even if it does IPsec.
|
|
|
|
If unsure, say N.
|
|
|
|
config INET6_ESPINTCP
|
|
bool "IPv6: ESP in TCP encapsulation (RFC 8229)"
|
|
depends on XFRM && INET6_ESP
|
|
select STREAM_PARSER
|
|
select NET_SOCK_MSG
|
|
select XFRM_ESPINTCP
|
|
help
|
|
Support for RFC 8229 encapsulation of ESP and IKE over
|
|
TCP/IPv6 sockets.
|
|
|
|
If unsure, say N.
|
|
|
|
config INET6_IPCOMP
|
|
tristate "IPv6: IPComp transformation"
|
|
select INET6_XFRM_TUNNEL
|
|
select XFRM_IPCOMP
|
|
help
|
|
Support for IP Payload Compression Protocol (IPComp) (RFC3173),
|
|
typically needed for IPsec.
|
|
|
|
If unsure, say Y.
|
|
|
|
config IPV6_MIP6
|
|
tristate "IPv6: Mobility"
|
|
select XFRM
|
|
help
|
|
Support for IPv6 Mobility described in RFC 3775.
|
|
|
|
If unsure, say N.
|
|
|
|
config IPV6_ILA
|
|
tristate "IPv6: Identifier Locator Addressing (ILA)"
|
|
depends on NETFILTER
|
|
select DST_CACHE
|
|
select LWTUNNEL
|
|
help
|
|
Support for IPv6 Identifier Locator Addressing (ILA).
|
|
|
|
ILA is a mechanism to do network virtualization without
|
|
encapsulation. The basic concept of ILA is that we split an
|
|
IPv6 address into a 64 bit locator and 64 bit identifier. The
|
|
identifier is the identity of an entity in communication
|
|
("who") and the locator expresses the location of the
|
|
entity ("where").
|
|
|
|
ILA can be configured using the "encap ila" option with
|
|
"ip -6 route" command. ILA is described in
|
|
https://tools.ietf.org/html/draft-herbert-nvo3-ila-00.
|
|
|
|
If unsure, say N.
|
|
|
|
config INET6_XFRM_TUNNEL
|
|
tristate
|
|
select INET6_TUNNEL
|
|
default n
|
|
|
|
config INET6_TUNNEL
|
|
tristate
|
|
default n
|
|
|
|
config IPV6_VTI
|
|
tristate "Virtual (secure) IPv6: tunneling"
|
|
select IPV6_TUNNEL
|
|
select NET_IP_TUNNEL
|
|
select XFRM
|
|
help
|
|
Tunneling means encapsulating data of one protocol type within
|
|
another protocol and sending it over a channel that understands the
|
|
encapsulating protocol. This can be used with xfrm mode tunnel to give
|
|
the notion of a secure tunnel for IPSEC and then use routing protocol
|
|
on top.
|
|
|
|
config IPV6_SIT
|
|
tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
|
|
select INET_TUNNEL
|
|
select NET_IP_TUNNEL
|
|
select IPV6_NDISC_NODETYPE
|
|
default y
|
|
help
|
|
Tunneling means encapsulating data of one protocol type within
|
|
another protocol and sending it over a channel that understands the
|
|
encapsulating protocol. This driver implements encapsulation of IPv6
|
|
into IPv4 packets. This is useful if you want to connect two IPv6
|
|
networks over an IPv4-only path.
|
|
|
|
Saying M here will produce a module called sit. If unsure, say Y.
|
|
|
|
config IPV6_SIT_6RD
|
|
bool "IPv6: IPv6 Rapid Deployment (6RD)"
|
|
depends on IPV6_SIT
|
|
default n
|
|
help
|
|
IPv6 Rapid Deployment (6rd; draft-ietf-softwire-ipv6-6rd) builds upon
|
|
mechanisms of 6to4 (RFC3056) to enable a service provider to rapidly
|
|
deploy IPv6 unicast service to IPv4 sites to which it provides
|
|
customer premise equipment. Like 6to4, it utilizes stateless IPv6 in
|
|
IPv4 encapsulation in order to transit IPv4-only network
|
|
infrastructure. Unlike 6to4, a 6rd service provider uses an IPv6
|
|
prefix of its own in place of the fixed 6to4 prefix.
|
|
|
|
With this option enabled, the SIT driver offers 6rd functionality by
|
|
providing additional ioctl API to configure the IPv6 Prefix for in
|
|
stead of static 2002::/16 for 6to4.
|
|
|
|
If unsure, say N.
|
|
|
|
config IPV6_NDISC_NODETYPE
|
|
bool
|
|
|
|
config IPV6_TUNNEL
|
|
tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)"
|
|
select INET6_TUNNEL
|
|
select DST_CACHE
|
|
select GRO_CELLS
|
|
help
|
|
Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in
|
|
RFC 2473.
|
|
|
|
If unsure, say N.
|
|
|
|
config IPV6_GRE
|
|
tristate "IPv6: GRE tunnel"
|
|
select IPV6_TUNNEL
|
|
select NET_IP_TUNNEL
|
|
depends on NET_IPGRE_DEMUX
|
|
help
|
|
Tunneling means encapsulating data of one protocol type within
|
|
another protocol and sending it over a channel that understands the
|
|
encapsulating protocol. This particular tunneling driver implements
|
|
GRE (Generic Routing Encapsulation) and at this time allows
|
|
encapsulating of IPv4 or IPv6 over existing IPv6 infrastructure.
|
|
This driver is useful if the other endpoint is a Cisco router: Cisco
|
|
likes GRE much better than the other Linux tunneling driver ("IP
|
|
tunneling" above). In addition, GRE allows multicast redistribution
|
|
through the tunnel.
|
|
|
|
Saying M here will produce a module called ip6_gre. If unsure, say N.
|
|
|
|
config IPV6_FOU
|
|
tristate
|
|
default NET_FOU && IPV6
|
|
|
|
config IPV6_FOU_TUNNEL
|
|
tristate
|
|
default NET_FOU_IP_TUNNELS && IPV6_FOU
|
|
select IPV6_TUNNEL
|
|
|
|
config IPV6_MULTIPLE_TABLES
|
|
bool "IPv6: Multiple Routing Tables"
|
|
select FIB_RULES
|
|
help
|
|
Support multiple routing tables.
|
|
|
|
config IPV6_SUBTREES
|
|
bool "IPv6: source address based routing"
|
|
depends on IPV6_MULTIPLE_TABLES
|
|
help
|
|
Enable routing by source address or prefix.
|
|
|
|
The destination address is still the primary routing key, so mixing
|
|
normal and source prefix specific routes in the same routing table
|
|
may sometimes lead to unintended routing behavior. This can be
|
|
avoided by defining different routing tables for the normal and
|
|
source prefix specific routes.
|
|
|
|
If unsure, say N.
|
|
|
|
config IPV6_MROUTE
|
|
bool "IPv6: multicast routing"
|
|
depends on IPV6
|
|
select IP_MROUTE_COMMON
|
|
help
|
|
Support for IPv6 multicast forwarding.
|
|
If unsure, say N.
|
|
|
|
config IPV6_MROUTE_MULTIPLE_TABLES
|
|
bool "IPv6: multicast policy routing"
|
|
depends on IPV6_MROUTE
|
|
select FIB_RULES
|
|
help
|
|
Normally, a multicast router runs a userspace daemon and decides
|
|
what to do with a multicast packet based on the source and
|
|
destination addresses. If you say Y here, the multicast router
|
|
will also be able to take interfaces and packet marks into
|
|
account and run multiple instances of userspace daemons
|
|
simultaneously, each one handling a single table.
|
|
|
|
If unsure, say N.
|
|
|
|
config IPV6_PIMSM_V2
|
|
bool "IPv6: PIM-SM version 2 support"
|
|
depends on IPV6_MROUTE
|
|
help
|
|
Support for IPv6 PIM multicast routing protocol PIM-SMv2.
|
|
If unsure, say N.
|
|
|
|
config IPV6_SEG6_LWTUNNEL
|
|
bool "IPv6: Segment Routing Header encapsulation support"
|
|
depends on IPV6
|
|
select LWTUNNEL
|
|
select DST_CACHE
|
|
select IPV6_MULTIPLE_TABLES
|
|
help
|
|
Support for encapsulation of packets within an outer IPv6
|
|
header and a Segment Routing Header using the lightweight
|
|
tunnels mechanism. Also enable support for advanced local
|
|
processing of SRv6 packets based on their active segment.
|
|
|
|
If unsure, say N.
|
|
|
|
config IPV6_SEG6_HMAC
|
|
bool "IPv6: Segment Routing HMAC support"
|
|
depends on IPV6
|
|
select CRYPTO_HMAC
|
|
select CRYPTO_SHA1
|
|
select CRYPTO_SHA256
|
|
help
|
|
Support for HMAC signature generation and verification
|
|
of SR-enabled packets.
|
|
|
|
If unsure, say N.
|
|
|
|
config IPV6_SEG6_BPF
|
|
def_bool y
|
|
depends on IPV6_SEG6_LWTUNNEL
|
|
depends on IPV6 = y
|
|
|
|
config IPV6_RPL_LWTUNNEL
|
|
bool "IPv6: RPL Source Routing Header support"
|
|
depends on IPV6
|
|
select LWTUNNEL
|
|
help
|
|
Support for RFC6554 RPL Source Routing Header using the lightweight
|
|
tunnels mechanism.
|
|
|
|
If unsure, say N.
|
|
|
|
endif # IPV6
|