1# IPv6 Options
2
3# Copyright (c) 2016 Intel Corporation.
4# Copyright (c) 2025 Aerlync Labs Inc.
5# SPDX-License-Identifier: Apache-2.0
6
7menuconfig NET_IPV6
8	bool "IPv6"
9	default y
10	help
11	  Enable IPv6 support. This should be selected by default as there
12	  is limited set of network bearers provided that support IPv4.
13
14if NET_IPV6
15
16config NET_IF_MAX_IPV6_COUNT
17	int "Max number of IPv6 network interfaces in the system"
18	default NET_VLAN_COUNT if NET_VLAN && NET_VLAN_COUNT > 0
19	default 2 if NET_LOOPBACK
20	default 1
21	help
22	  This tells how many network interfaces there will be in the system
23	  that will have IPv6 enabled.
24
25config NET_IF_UNICAST_IPV6_ADDR_COUNT
26	int "Max number of unicast IPv6 addresses per network interface"
27	default 6 if NET_L2_OPENTHREAD
28	default 3 if NET_LOOPBACK
29	default 2
30
31config NET_IF_MCAST_IPV6_ADDR_COUNT
32	int "Max number of multicast IPv6 addresses per network interface"
33	default 8 if NET_L2_OPENTHREAD
34	default 3
35
36config NET_IF_IPV6_PREFIX_COUNT
37	int "Max number of IPv6 prefixes per network interface"
38	default 2
39
40if NET_NATIVE_IPV6
41
42config NET_IPV6_MTU
43	int "Initial IPv6 MTU value"
44	default 1280
45	range 1280 1500
46	help
47	  The value should normally be 1280 which is the minimum IPv6 packet
48	  size that implementations need to support without fragmentation.
49
50config NET_IPV6_PMTU
51	bool "IPv6 Path MTU Discovery"
52	help
53	  Enables IPv6 Path MTU Discovery (see RFC 8201)
54
55config NET_IPV6_PMTU_DESTINATION_CACHE_ENTRIES
56	int "Number of IPv6 PMTU destination cache entries"
57	default 3
58	depends on NET_IPV6_PMTU
59	help
60	  How many PMTU entries we can track for each destination address.
61
62config NET_INITIAL_HOP_LIMIT
63	int "Initial IPv6 hop limit value for unicast packets"
64	default 64
65	range 0 $(UINT8_MAX)
66	help
67	  The value should normally be > 0. The device receiving the IPv6
68	  packet will decrement the value and will drop the packet if the hop
69	  limit value is 0. When sending, the packet is dropped before
70	  transmitting to network if hop limit is 0.
71
72config NET_INITIAL_MCAST_HOP_LIMIT
73	int "Initial IPv6 hop limit value for multicast packets"
74	default 1
75	range 0 $(UINT8_MAX)
76	help
77	  The value should normally be > 0. The device receiving the IPv6
78	  packet will decrement the value and will drop the packet if the hop
79	  limit value is 0. When sending, the packet is dropped before
80	  transmitting to network if hop limit is 0.
81	  The default is 1 (same as in IPv4) which means that multicast packets
82	  don't leave the local network unless the application explicitly
83	  requests it.
84
85config NET_INITIAL_IPV6_MCAST_LOOP
86	bool "Control whether the socket sees multicast packets sent by itself"
87	default y
88	help
89	  Assign initial value to IPV6_MULTICAST_LOOP in socket options,
90	  if not set by the user using setsockopt().
91
92config NET_IPV6_MAX_NEIGHBORS
93	int "How many IPv6 neighbors are supported"
94	default 8
95	range 1 254
96	help
97	  The value depends on your network needs.
98
99config NET_IPV6_FRAGMENT
100	bool "Support IPv6 fragmentation"
101	help
102	  IPv6 fragmentation is disabled by default. This saves memory and
103	  should not cause issues normally as we support anyway the minimum
104	  length IPv6 packets (1280 bytes). If you enable fragmentation
105	  support, please increase amount of RX data buffers so that larger
106	  than 1280 byte packets can be received.
107
108config NET_IPV6_FRAGMENT_MAX_COUNT
109	int "How many packets to reassemble at a time"
110	range 1 16
111	default 1
112	depends on NET_IPV6_FRAGMENT
113	help
114	  How many fragmented IPv6 packets can be waiting reassembly
115	  simultaneously. Each fragment count might use up to 1280 bytes
116	  of memory so you need to plan this and increase the network buffer
117	  count.
118
119config NET_IPV6_FRAGMENT_MAX_PKT
120	int "How many fragments can be handled to reassemble a packet"
121	default 2
122	depends on NET_IPV6_FRAGMENT
123	help
124	  Incoming fragments are stored in per-packet queue before being
125	  reassembled. This value defines the number of fragments that
126	  can be handled at the same time to reassemble a single packet.
127
128	  We do not have to accept IPv6 packets larger than 1500 bytes
129	  (RFC 2460 ch 5). This means that we should receive everything
130	  within the first two fragments. The first one being 1280 bytes and
131	  the second one 220 bytes.
132
133	  You can increase this value if you expect packets with more
134	  than two fragments.
135
136config NET_IPV6_FRAGMENT_TIMEOUT
137	int "How long to wait the fragments to receive"
138	range 1 60
139	default 5
140	depends on NET_IPV6_FRAGMENT
141	help
142	  How long to wait for IPv6 fragment to arrive before the reassembly
143	  will timeout. RFC 2460 chapter 4.5 tells to wait for 60 seconds but
144	  this might be too long in memory constrained devices. This value
145	  is in seconds.
146
147config NET_IPV6_MLD
148	bool "Multicast Listener Discovery support"
149	default y
150	help
151	  The value depends on your network needs. MLD should normally
152	  be active. Currently we support only MLDv2. See RFC 3810 for
153	  details.
154
155config NET_IPV6_NBR_CACHE
156	bool "Neighbor cache"
157	default y
158	help
159	  The value depends on your network needs. Neighbor cache should
160	  normally be active.
161
162config NET_IPV6_ND
163	bool "Activate neighbor discovery"
164	depends on NET_IPV6_NBR_CACHE
165	select NET_IPV6_MLD if !NET_TEST
166	default y
167	help
168	  The value depends on your network needs. ND should normally
169	  be active.
170
171config NET_IPV6_DAD
172	bool "Activate duplicate address detection"
173	depends on NET_IPV6_NBR_CACHE
174	default y
175	help
176	  The value depends on your network needs. DAD should normally
177	  be active.
178
179config NET_IPV6_NS_TIMEOUT
180	int "Timeout of Neighbor Solicitation messaging (in ms)"
181	depends on NET_IPV6_NBR_CACHE
182	default 1000
183	help
184	  The timeout in milliseconds between attempts to send a Neighbor
185	  Solicitation message.
186
187config NET_IPV6_RS_TIMEOUT
188	int "Timeout of Router Solicitation messaging"
189	depends on NET_IPV6_ND
190	range 1 30
191	default 1
192	help
193	  The timeout in seconds between attempts to send a Router
194	  Solicitation message at startup.
195
196config NET_IPV6_RA_RDNSS
197	bool "Support RA RDNSS option"
198	depends on NET_IPV6_ND
199	depends on DNS_RESOLVER
200	default y
201	help
202	  Support Router Advertisement Recursive DNS Server option.
203	  See RFC 6106 for details. The value depends on your network needs.
204
205choice NET_IPV6_IID_GENERATION
206	prompt "IPv6 Interface Identifier (IID) generation"
207	default NET_IPV6_IID_EUI_64
208	help
209	  Determines how the IPv6 Interface Identifier (IID) is generated.
210	  By default the legacy format using EUI-64 (MAC address) specified in
211	  RFC 4291 chapter 2.5.1 is used.
212	  User can also choose to use stable IID specified in RFC 7217 in which
213	  case a randomized IID is generated for each network interface.
214	  The stable IID enhances privacy by having a different IID for each
215	  network interface.
216
217config NET_IPV6_IID_EUI_64
218	bool "Generate IID using EUI-64"
219	help
220	  Generate IID from modified EUI-64 a.k.a MAC address. This is the
221	  legacy way described in RFC 4291 chapter 2.5.1
222
223config NET_IPV6_IID_STABLE
224	bool "Generate stable IID [EXPERIMENTAL]"
225	select MBEDTLS
226	select MBEDTLS_MD
227	select EXPERIMENTAL
228	depends on !NET_6LO
229	help
230	  Generate a stable IID described in RFC 7217. This option specifies a
231	  method for generating IPv6 Interface Identifiers to be used with
232	  IPv6 Stateless Address Autoconfiguration (SLAAC), such that an IPv6
233	  address configured using this method is stable within each subnet,
234	  but the corresponding Interface Identifier changes when the host
235	  moves from one network to another. This method is meant to be an
236	  alternative to generating Interface Identifiers based on hardware
237	  addresses (e.g., IEEE LAN Media Access Control (MAC) addresses),
238	  such that the benefits of stable addresses can be achieved without
239	  sacrificing the security and privacy of users.
240	  Currently the stable IID generation is disabled for 6lo networks
241	  because of header compression.
242
243endchoice
244
245config NET_IPV6_PE
246	bool "Privacy extension (RFC 8981) support [EXPERIMENTAL]"
247	select MBEDTLS
248	select MBEDTLS_MD
249	select EXPERIMENTAL
250	select NET_MGMT
251	select NET_MGMT_EVENT
252	select NET_MGMT_EVENT_INFO
253	help
254	  This enables IPv6 privacy extension (RFC 8981) support.
255	  The interface identifier is randomized and SLAAC addresses
256	  generated from it will expire. This requires that applications are
257	  prepared to use new IPv6 addresses when old ones will expire.
258	  Note that you should make sure that the value of config option
259	  CONFIG_NET_IF_UNICAST_IPV6_ADDR_COUNT should be large enough so that
260	  two PE generated IPv6 addresses can be added to the network interface
261	  at the same time.
262
263if NET_IPV6_PE
264
265config NET_IPV6_PE_FILTER_PREFIX_COUNT
266	int "Size of the IPv6 prefix filter list"
267	default 0
268	help
269	  Size of the allow/deny filter list of IPv6 prefixes. User can
270	  set filters at runtime and it is possible to enable or disable
271	  privacy extension support according to this filter list.
272	  By default no filters are enabled.
273
274config NET_IPV6_PE_PREFER_PUBLIC_ADDRESSES
275	bool "Prefer public preferred address over temporary one"
276	help
277	  Prefer public addresses over temporary addresses.
278
279config NET_IPV6_PE_TEMP_VALID_LIFETIME
280	int "Max lifetime for temporary address (in minutes)"
281	default 1440
282	help
283	  No temporary address should ever remain valid for longer than this
284	  value. The value is in minutes. Default value is 1 day (24*60).
285
286config NET_IPV6_PE_TEMP_PREFERRED_LIFETIME
287	int "Max preferred lifetime for temporary address (in minutes)"
288	default 1380
289	help
290	  No temporary address should ever remain preferred for longer than this
291	  value. The value is in minutes. Default value is 23 hours (23*60).
292
293config NET_IPV6_PE_TEMP_IDGEN_RETRIES
294	int "Max amount of failed DAD attempts"
295	default 3
296	help
297	  The node MUST perform duplicate address detection (DAD) on the
298	  generated temporary address. If after TEMP_IDGEN_RETRIES consecutive
299	  attempts no non-unique address was generated then there will be no
300	  attempt to generate temporary addresses for that interface.
301
302endif
303
304config NET_6LO
305	bool "6lowpan IPv6 Compression library"
306	default y if NET_L2_IEEE802154
307	help
308	  6lowpan compression and fragmentation. It is enabled by default
309	  if 802.15.4 is present, since using IPv6 on it requires it.
310
311	  You may disable this option if you wish to implement a non-IP
312	  custom protocol on top of the 802.15.4 MAC (L2) layer.
313
314config NET_6LO_CONTEXT
315	bool "6lowpan context based compression"
316	depends on NET_6LO
317	help
318	  Enables 6lowpan context based compression based on information
319	  received in Router Advertisement (RA) message.
320
321config NET_MAX_6LO_CONTEXTS
322	int "Number of supported 6CO (6lowpan contexts options)"
323	depends on NET_6LO_CONTEXT
324	default 1
325	range 1 16
326	help
327	  6lowpan context options table size. The value depends on your
328	  network and memory consumption. More 6CO options uses more memory.
329
330if NET_6LO
331module = NET_6LO
332module-dep = NET_LOG
333module-str = Log level for 6LoWPAN library
334module-help = Enables 6LoWPAN code to output debug messages.
335source "subsys/net/Kconfig.template.log_config.net"
336endif # NET_6LO
337
338module = NET_IPV6
339module-dep = NET_LOG
340module-str = Log level for core IPv6
341module-help = Enables core IPv6 code to output debug messages.
342source "subsys/net/Kconfig.template.log_config.net"
343
344module = NET_IPV6_ND
345module-dep = NET_LOG
346module-str = Log level for IPv6 Neighbor Discovery
347module-help = Enables IPv6 Neighbor Discovery code to output debug messages.
348source "subsys/net/Kconfig.template.log_config.net"
349
350module = NET_IPV6_PE
351module-dep = NET_LOG
352module-str = Log level for IPv6 Privacy Extension
353module-help = Enables IPv6 Privacy Extension code to output debug messages.
354source "subsys/net/Kconfig.template.log_config.net"
355
356module = NET_ICMPV6
357module-dep = NET_LOG
358module-str = Log level for ICMPv6
359module-help = Enables ICMPv6 code to output debug messages.
360source "subsys/net/Kconfig.template.log_config.net"
361
362module = NET_IPV6_NBR_CACHE
363module-dep = NET_LOG
364module-str = Log level for IPv6 neighbor cache
365module-help = Enables IPv6 Neighbor Cache code to output debug messages.
366source "subsys/net/Kconfig.template.log_config.net"
367
368endif # NET_NATIVE_IPV6
369endif # NET_IPV6
370