1# IPv6 Options
2
3# Copyright (c) 2016 Intel Corporation.
4# Copyright (c) 2025 Aerlync Labs Inc.
5# SPDX-License-Identifier: Apache-2.0
6
7menuconfig NET_IPV6
8	bool "IPv6"
9	default y
10	help
11	  Enable IPv6 support. This should be selected by default as there
12	  is limited set of network bearers provided that support IPv4.
13
14if NET_IPV6
15
16config NET_IF_MAX_IPV6_COUNT
17	int "Max number of IPv6 network interfaces in the system"
18	default NET_VLAN_COUNT if NET_VLAN && NET_VLAN_COUNT > 0
19	default 2 if NRF70_ENABLE_DUAL_VIF
20	default 2 if NET_LOOPBACK
21	default 1
22	help
23	  This tells how many network interfaces there will be in the system
24	  that will have IPv6 enabled.
25
26config NET_IF_UNICAST_IPV6_ADDR_COUNT
27	int "Max number of unicast IPv6 addresses per network interface"
28	default 6 if NET_L2_OPENTHREAD
29	default 3 if NET_LOOPBACK
30	default 2
31
32config NET_IF_MCAST_IPV6_ADDR_COUNT
33	int "Max number of multicast IPv6 addresses per network interface"
34	default 8 if NET_L2_OPENTHREAD
35	default 3
36
37config NET_IF_IPV6_PREFIX_COUNT
38	int "Max number of IPv6 prefixes per network interface"
39	default 2
40
41if NET_NATIVE_IPV6
42
43config NET_IPV6_MTU
44	int "Initial IPv6 MTU value"
45	default 1280
46	range 1280 1500
47	help
48	  The value should normally be 1280 which is the minimum IPv6 packet
49	  size that implementations need to support without fragmentation.
50
51config NET_IPV6_PMTU
52	bool "IPv6 Path MTU Discovery"
53	help
54	  Enables IPv6 Path MTU Discovery (see RFC 8201)
55
56config NET_IPV6_PMTU_DESTINATION_CACHE_ENTRIES
57	int "Number of IPv6 PMTU destination cache entries"
58	default 3
59	depends on NET_IPV6_PMTU
60	help
61	  How many PMTU entries we can track for each destination address.
62
63config NET_INITIAL_HOP_LIMIT
64	int "Initial IPv6 hop limit value for unicast packets"
65	default 64
66	range 0 $(UINT8_MAX)
67	help
68	  The value should normally be > 0. The device receiving the IPv6
69	  packet will decrement the value and will drop the packet if the hop
70	  limit value is 0. When sending, the packet is dropped before
71	  transmitting to network if hop limit is 0.
72
73config NET_INITIAL_MCAST_HOP_LIMIT
74	int "Initial IPv6 hop limit value for multicast packets"
75	default 1
76	range 0 $(UINT8_MAX)
77	help
78	  The value should normally be > 0. The device receiving the IPv6
79	  packet will decrement the value and will drop the packet if the hop
80	  limit value is 0. When sending, the packet is dropped before
81	  transmitting to network if hop limit is 0.
82	  The default is 1 (same as in IPv4) which means that multicast packets
83	  don't leave the local network unless the application explicitly
84	  requests it.
85
86config NET_INITIAL_IPV6_MCAST_LOOP
87	bool "Control whether the socket sees multicast packets sent by itself"
88	default y
89	help
90	  Assign initial value to IPV6_MULTICAST_LOOP in socket options,
91	  if not set by the user using setsockopt().
92
93config NET_IPV6_MAX_NEIGHBORS
94	int "How many IPv6 neighbors are supported"
95	default 8
96	range 1 254
97	help
98	  The value depends on your network needs.
99
100config NET_IPV6_FRAGMENT
101	bool "Support IPv6 fragmentation"
102	help
103	  IPv6 fragmentation is disabled by default. This saves memory and
104	  should not cause issues normally as we support anyway the minimum
105	  length IPv6 packets (1280 bytes). If you enable fragmentation
106	  support, please increase amount of RX data buffers so that larger
107	  than 1280 byte packets can be received.
108
109config NET_IPV6_FRAGMENT_MAX_COUNT
110	int "How many packets to reassemble at a time"
111	range 1 16
112	default 1
113	depends on NET_IPV6_FRAGMENT
114	help
115	  How many fragmented IPv6 packets can be waiting reassembly
116	  simultaneously. Each fragment count might use up to 1280 bytes
117	  of memory so you need to plan this and increase the network buffer
118	  count.
119
120config NET_IPV6_FRAGMENT_MAX_PKT
121	int "How many fragments can be handled to reassemble a packet"
122	default 2
123	depends on NET_IPV6_FRAGMENT
124	help
125	  Incoming fragments are stored in per-packet queue before being
126	  reassembled. This value defines the number of fragments that
127	  can be handled at the same time to reassemble a single packet.
128
129	  We do not have to accept IPv6 packets larger than 1500 bytes
130	  (RFC 2460 ch 5). This means that we should receive everything
131	  within the first two fragments. The first one being 1280 bytes and
132	  the second one 220 bytes.
133
134	  You can increase this value if you expect packets with more
135	  than two fragments.
136
137config NET_IPV6_FRAGMENT_TIMEOUT
138	int "How long to wait the fragments to receive"
139	range 1 60
140	default 5
141	depends on NET_IPV6_FRAGMENT
142	help
143	  How long to wait for IPv6 fragment to arrive before the reassembly
144	  will timeout. RFC 2460 chapter 4.5 tells to wait for 60 seconds but
145	  this might be too long in memory constrained devices. This value
146	  is in seconds.
147
148config NET_IPV6_MLD
149	bool "Multicast Listener Discovery support"
150	default y
151	help
152	  The value depends on your network needs. MLD should normally
153	  be active. Currently we support only MLDv2. See RFC 3810 for
154	  details.
155
156config NET_IPV6_NBR_CACHE
157	bool "Neighbor cache"
158	default y
159	help
160	  The value depends on your network needs. Neighbor cache should
161	  normally be active.
162
163config NET_IPV6_ND
164	bool "Activate neighbor discovery"
165	depends on NET_IPV6_NBR_CACHE
166	select NET_IPV6_MLD if !NET_TEST
167	default y
168	help
169	  The value depends on your network needs. ND should normally
170	  be active.
171
172config NET_IPV6_DAD
173	bool "Activate duplicate address detection"
174	depends on NET_IPV6_NBR_CACHE
175	default y
176	help
177	  The value depends on your network needs. DAD should normally
178	  be active.
179
180config NET_IPV6_NS_TIMEOUT
181	int "Timeout of Neighbor Solicitation messaging (in ms)"
182	depends on NET_IPV6_NBR_CACHE
183	default 1000
184	help
185	  The timeout in milliseconds between attempts to send a Neighbor
186	  Solicitation message.
187
188config NET_IPV6_RS_TIMEOUT
189	int "Timeout of Router Solicitation messaging"
190	depends on NET_IPV6_ND
191	range 1 30
192	default 1
193	help
194	  The timeout in seconds between attempts to send a Router
195	  Solicitation message at startup.
196
197config NET_IPV6_RA_RDNSS
198	bool "Support RA RDNSS option"
199	depends on NET_IPV6_ND
200	depends on DNS_RESOLVER
201	default y
202	help
203	  Support Router Advertisement Recursive DNS Server option.
204	  See RFC 6106 for details. The value depends on your network needs.
205
206choice NET_IPV6_IID_GENERATION
207	prompt "IPv6 Interface Identifier (IID) generation"
208	default NET_IPV6_IID_EUI_64
209	help
210	  Determines how the IPv6 Interface Identifier (IID) is generated.
211	  By default the legacy format using EUI-64 (MAC address) specified in
212	  RFC 4291 chapter 2.5.1 is used.
213	  User can also choose to use stable IID specified in RFC 7217 in which
214	  case a randomized IID is generated for each network interface.
215	  The stable IID enhances privacy by having a different IID for each
216	  network interface.
217
218config NET_IPV6_IID_EUI_64
219	bool "Generate IID using EUI-64"
220	help
221	  Generate IID from modified EUI-64 a.k.a MAC address. This is the
222	  legacy way described in RFC 4291 chapter 2.5.1
223
224config NET_IPV6_IID_STABLE
225	bool "Generate stable IID [EXPERIMENTAL]"
226	select PSA_CRYPTO
227	select PSA_WANT_KEY_TYPE_HMAC
228	select PSA_WANT_ALG_HMAC
229	select PSA_WANT_ALG_SHA_256
230	select EXPERIMENTAL
231	depends on !NET_6LO
232	help
233	  Generate a stable IID described in RFC 7217. This option specifies a
234	  method for generating IPv6 Interface Identifiers to be used with
235	  IPv6 Stateless Address Autoconfiguration (SLAAC), such that an IPv6
236	  address configured using this method is stable within each subnet,
237	  but the corresponding Interface Identifier changes when the host
238	  moves from one network to another. This method is meant to be an
239	  alternative to generating Interface Identifiers based on hardware
240	  addresses (e.g., IEEE LAN Media Access Control (MAC) addresses),
241	  such that the benefits of stable addresses can be achieved without
242	  sacrificing the security and privacy of users.
243	  Currently the stable IID generation is disabled for 6lo networks
244	  because of header compression.
245
246endchoice
247
248config NET_IPV6_PE
249	bool "Privacy extension (RFC 8981) support [EXPERIMENTAL]"
250	select PSA_CRYPTO
251	select PSA_WANT_KEY_TYPE_HMAC
252	select PSA_WANT_ALG_HMAC
253	select PSA_WANT_ALG_SHA_256
254	select EXPERIMENTAL
255	select NET_MGMT
256	select NET_MGMT_EVENT
257	select NET_MGMT_EVENT_INFO
258	help
259	  This enables IPv6 privacy extension (RFC 8981) support.
260	  The interface identifier is randomized and SLAAC addresses
261	  generated from it will expire. This requires that applications are
262	  prepared to use new IPv6 addresses when old ones will expire.
263	  Note that you should make sure that the value of config option
264	  CONFIG_NET_IF_UNICAST_IPV6_ADDR_COUNT should be large enough so that
265	  two PE generated IPv6 addresses can be added to the network interface
266	  at the same time.
267
268if NET_IPV6_PE
269
270config NET_IPV6_PE_FILTER_PREFIX_COUNT
271	int "Size of the IPv6 prefix filter list"
272	default 0
273	help
274	  Size of the allow/deny filter list of IPv6 prefixes. User can
275	  set filters at runtime and it is possible to enable or disable
276	  privacy extension support according to this filter list.
277	  By default no filters are enabled.
278
279config NET_IPV6_PE_PREFER_PUBLIC_ADDRESSES
280	bool "Prefer public preferred address over temporary one"
281	help
282	  Prefer public addresses over temporary addresses.
283
284config NET_IPV6_PE_TEMP_VALID_LIFETIME
285	int "Max lifetime for temporary address (in minutes)"
286	default 1440
287	help
288	  No temporary address should ever remain valid for longer than this
289	  value. The value is in minutes. Default value is 1 day (24*60).
290
291config NET_IPV6_PE_TEMP_PREFERRED_LIFETIME
292	int "Max preferred lifetime for temporary address (in minutes)"
293	default 1380
294	help
295	  No temporary address should ever remain preferred for longer than this
296	  value. The value is in minutes. Default value is 23 hours (23*60).
297
298config NET_IPV6_PE_TEMP_IDGEN_RETRIES
299	int "Max amount of failed DAD attempts"
300	default 3
301	help
302	  The node MUST perform duplicate address detection (DAD) on the
303	  generated temporary address. If after TEMP_IDGEN_RETRIES consecutive
304	  attempts no non-unique address was generated then there will be no
305	  attempt to generate temporary addresses for that interface.
306
307endif
308
309config NET_6LO
310	bool "6lowpan IPv6 Compression library"
311	default y if NET_L2_IEEE802154
312	help
313	  6lowpan compression and fragmentation. It is enabled by default
314	  if 802.15.4 is present, since using IPv6 on it requires it.
315
316	  You may disable this option if you wish to implement a non-IP
317	  custom protocol on top of the 802.15.4 MAC (L2) layer.
318
319config NET_6LO_CONTEXT
320	bool "6lowpan context based compression"
321	depends on NET_6LO
322	help
323	  Enables 6lowpan context based compression based on information
324	  received in Router Advertisement (RA) message.
325
326config NET_MAX_6LO_CONTEXTS
327	int "Number of supported 6CO (6lowpan contexts options)"
328	depends on NET_6LO_CONTEXT
329	default 1
330	range 1 16
331	help
332	  6lowpan context options table size. The value depends on your
333	  network and memory consumption. More 6CO options uses more memory.
334
335if NET_6LO
336module = NET_6LO
337module-dep = NET_LOG
338module-str = Log level for 6LoWPAN library
339module-help = Enables 6LoWPAN code to output debug messages.
340source "subsys/net/Kconfig.template.log_config.net"
341endif # NET_6LO
342
343module = NET_IPV6
344module-dep = NET_LOG
345module-str = Log level for core IPv6
346module-help = Enables core IPv6 code to output debug messages.
347source "subsys/net/Kconfig.template.log_config.net"
348
349module = NET_IPV6_ND
350module-dep = NET_LOG
351module-str = Log level for IPv6 Neighbor Discovery
352module-help = Enables IPv6 Neighbor Discovery code to output debug messages.
353source "subsys/net/Kconfig.template.log_config.net"
354
355module = NET_IPV6_PE
356module-dep = NET_LOG
357module-str = Log level for IPv6 Privacy Extension
358module-help = Enables IPv6 Privacy Extension code to output debug messages.
359source "subsys/net/Kconfig.template.log_config.net"
360
361module = NET_ICMPV6
362module-dep = NET_LOG
363module-str = Log level for ICMPv6
364module-help = Enables ICMPv6 code to output debug messages.
365source "subsys/net/Kconfig.template.log_config.net"
366
367module = NET_IPV6_NBR_CACHE
368module-dep = NET_LOG
369module-str = Log level for IPv6 neighbor cache
370module-help = Enables IPv6 Neighbor Cache code to output debug messages.
371source "subsys/net/Kconfig.template.log_config.net"
372
373endif # NET_NATIVE_IPV6
374endif # NET_IPV6
375