1ec8f24b7SThomas Gleixner# SPDX-License-Identifier: GPL-2.0-only 21da177e4SLinus Torvalds# 31da177e4SLinus Torvalds# XFRM configuration 41da177e4SLinus Torvalds# 56a2e9b73SSam Ravnborgconfig XFRM 66a2e9b73SSam Ravnborg bool 7e54d1527SFlorian Westphal depends on INET 897e219b7SEric Dumazet select GRO_CELLS 9a84e3f53SFlorian Westphal select SKB_EXTENSIONS 106a2e9b73SSam Ravnborg 1125393d3fSSteffen Klassertconfig XFRM_OFFLOAD 1225393d3fSSteffen Klassert bool 1325393d3fSSteffen Klassert 147e152524SJan Beulichconfig XFRM_ALGO 157e152524SJan Beulich tristate 167e152524SJan Beulich select XFRM 177e152524SJan Beulich select CRYPTO 18597179b0SArnd Bergmann select CRYPTO_HASH 19b95bba5dSEric Biggers select CRYPTO_SKCIPHER 207e152524SJan Beulich 21e54d1527SFlorian Westphalif INET 221da177e4SLinus Torvaldsconfig XFRM_USER 23654b32c6SMasahide NAKAMURA tristate "Transformation user configuration interface" 247e152524SJan Beulich select XFRM_ALGO 251da177e4SLinus Torvalds ---help--- 26654b32c6SMasahide NAKAMURA Support for Transformation(XFRM) user configuration interface 27654b32c6SMasahide NAKAMURA like IPsec used by native Linux tools. 281da177e4SLinus Torvalds 291da177e4SLinus Torvalds If unsure, say Y. 301da177e4SLinus Torvalds 31f203b76dSSteffen Klassertconfig XFRM_INTERFACE 32f203b76dSSteffen Klassert tristate "Transformation virtual interface" 33f203b76dSSteffen Klassert depends on XFRM && IPV6 34f203b76dSSteffen Klassert ---help--- 35f203b76dSSteffen Klassert This provides a virtual interface to route IPsec traffic. 36f203b76dSSteffen Klassert 37f203b76dSSteffen Klassert If unsure, say N. 38f203b76dSSteffen Klassert 39c11f1a15SMasahide NAKAMURAconfig XFRM_SUB_POLICY 40f215bf48SKees Cook bool "Transformation sub policy support" 41f215bf48SKees Cook depends on XFRM 42c11f1a15SMasahide NAKAMURA ---help--- 43c11f1a15SMasahide NAKAMURA Support sub policy for developers. By using sub policy with main 44c11f1a15SMasahide NAKAMURA one, two policies can be applied to the same packet at once. 45c11f1a15SMasahide NAKAMURA Policy which lives shorter time in kernel should be a sub. 46c11f1a15SMasahide NAKAMURA 47c11f1a15SMasahide NAKAMURA If unsure, say N. 48c11f1a15SMasahide NAKAMURA 49d0473655SShinta Sugimotoconfig XFRM_MIGRATE 50f215bf48SKees Cook bool "Transformation migrate database" 51f215bf48SKees Cook depends on XFRM 52d0473655SShinta Sugimoto ---help--- 53d0473655SShinta Sugimoto A feature to update locator(s) of a given IPsec security 54d0473655SShinta Sugimoto association dynamically. This feature is required, for 55d0473655SShinta Sugimoto instance, in a Mobile IPv6 environment with IPsec configuration 56d0473655SShinta Sugimoto where mobile nodes change their attachment point to the Internet. 57d0473655SShinta Sugimoto 58d0473655SShinta Sugimoto If unsure, say N. 59d0473655SShinta Sugimoto 608ea84349SMasahide NAKAMURAconfig XFRM_STATISTICS 61f215bf48SKees Cook bool "Transformation statistics" 62e54d1527SFlorian Westphal depends on XFRM && PROC_FS 638ea84349SMasahide NAKAMURA ---help--- 648ea84349SMasahide NAKAMURA This statistics is not a SNMP/MIB specification but shows 658ea84349SMasahide NAKAMURA statistics about transformation error (or almost error) factor 668ea84349SMasahide NAKAMURA at packet processing for developer. 678ea84349SMasahide NAKAMURA 688ea84349SMasahide NAKAMURA If unsure, say N. 698ea84349SMasahide NAKAMURA 706fccab67SHerbert Xuconfig XFRM_IPCOMP 716fccab67SHerbert Xu tristate 727e152524SJan Beulich select XFRM_ALGO 736fccab67SHerbert Xu select CRYPTO 746fccab67SHerbert Xu select CRYPTO_DEFLATE 756fccab67SHerbert Xu 766a2e9b73SSam Ravnborgconfig NET_KEY 776a2e9b73SSam Ravnborg tristate "PF_KEY sockets" 787e152524SJan Beulich select XFRM_ALGO 796a2e9b73SSam Ravnborg ---help--- 806a2e9b73SSam Ravnborg PF_KEYv2 socket family, compatible to KAME ones. 816a2e9b73SSam Ravnborg They are required if you are going to use IPsec tools ported 826a2e9b73SSam Ravnborg from KAME. 836a2e9b73SSam Ravnborg 846a2e9b73SSam Ravnborg Say Y unless you know what you are doing. 856a2e9b73SSam Ravnborg 86f6ed0ec0SShinta Sugimotoconfig NET_KEY_MIGRATE 87f215bf48SKees Cook bool "PF_KEY MIGRATE" 88f215bf48SKees Cook depends on NET_KEY 89f6ed0ec0SShinta Sugimoto select XFRM_MIGRATE 90f6ed0ec0SShinta Sugimoto ---help--- 91f6ed0ec0SShinta Sugimoto Add a PF_KEY MIGRATE message to PF_KEYv2 socket family. 92f6ed0ec0SShinta Sugimoto The PF_KEY MIGRATE message is used to dynamically update 93f6ed0ec0SShinta Sugimoto locator(s) of a given IPsec security association. 94f6ed0ec0SShinta Sugimoto This feature is required, for instance, in a Mobile IPv6 95f6ed0ec0SShinta Sugimoto environment with IPsec configuration where mobile nodes 96f6ed0ec0SShinta Sugimoto change their attachment point to the Internet. Detail 97f6ed0ec0SShinta Sugimoto information can be found in the internet-draft 98f6ed0ec0SShinta Sugimoto <draft-sugimoto-mip6-pfkey-migrate>. 99f6ed0ec0SShinta Sugimoto 100f6ed0ec0SShinta Sugimoto If unsure, say N. 101e54d1527SFlorian Westphal 10226333c37SSabrina Dubrocaconfig XFRM_ESPINTCP 10326333c37SSabrina Dubroca bool 10426333c37SSabrina Dubroca 105e54d1527SFlorian Westphalendif # INET 106