1ec8f24b7SThomas Gleixner# SPDX-License-Identifier: GPL-2.0-only 21da177e4SLinus Torvalds# 31da177e4SLinus Torvalds# XFRM configuration 41da177e4SLinus Torvalds# 56a2e9b73SSam Ravnborgconfig XFRM 66a2e9b73SSam Ravnborg bool 7e54d1527SFlorian Westphal depends on INET 897e219b7SEric Dumazet select GRO_CELLS 9a84e3f53SFlorian Westphal select SKB_EXTENSIONS 106a2e9b73SSam Ravnborg 1125393d3fSSteffen Klassertconfig XFRM_OFFLOAD 1225393d3fSSteffen Klassert bool 1325393d3fSSteffen Klassert 147e152524SJan Beulichconfig XFRM_ALGO 157e152524SJan Beulich tristate 167e152524SJan Beulich select XFRM 177e152524SJan Beulich select CRYPTO 18597179b0SArnd Bergmann select CRYPTO_HASH 19b95bba5dSEric Biggers select CRYPTO_SKCIPHER 207e152524SJan Beulich 21e54d1527SFlorian Westphalif INET 221da177e4SLinus Torvaldsconfig XFRM_USER 23654b32c6SMasahide NAKAMURA tristate "Transformation user configuration interface" 247e152524SJan Beulich select XFRM_ALGO 251da177e4SLinus Torvalds ---help--- 26654b32c6SMasahide NAKAMURA Support for Transformation(XFRM) user configuration interface 27654b32c6SMasahide NAKAMURA like IPsec used by native Linux tools. 281da177e4SLinus Torvalds 291da177e4SLinus Torvalds If unsure, say Y. 301da177e4SLinus Torvalds 31f203b76dSSteffen Klassertconfig XFRM_INTERFACE 32f203b76dSSteffen Klassert tristate "Transformation virtual interface" 33f203b76dSSteffen Klassert depends on XFRM && IPV6 34f203b76dSSteffen Klassert ---help--- 35f203b76dSSteffen Klassert This provides a virtual interface to route IPsec traffic. 36f203b76dSSteffen Klassert 37f203b76dSSteffen Klassert If unsure, say N. 38f203b76dSSteffen Klassert 39c11f1a15SMasahide NAKAMURAconfig XFRM_SUB_POLICY 40f215bf48SKees Cook bool "Transformation sub policy support" 41f215bf48SKees Cook depends on XFRM 42c11f1a15SMasahide NAKAMURA ---help--- 43c11f1a15SMasahide NAKAMURA Support sub policy for developers. By using sub policy with main 44c11f1a15SMasahide NAKAMURA one, two policies can be applied to the same packet at once. 45c11f1a15SMasahide NAKAMURA Policy which lives shorter time in kernel should be a sub. 46c11f1a15SMasahide NAKAMURA 47c11f1a15SMasahide NAKAMURA If unsure, say N. 48c11f1a15SMasahide NAKAMURA 49d0473655SShinta Sugimotoconfig XFRM_MIGRATE 50f215bf48SKees Cook bool "Transformation migrate database" 51f215bf48SKees Cook depends on XFRM 52d0473655SShinta Sugimoto ---help--- 53d0473655SShinta Sugimoto A feature to update locator(s) of a given IPsec security 54d0473655SShinta Sugimoto association dynamically. This feature is required, for 55d0473655SShinta Sugimoto instance, in a Mobile IPv6 environment with IPsec configuration 56d0473655SShinta Sugimoto where mobile nodes change their attachment point to the Internet. 57d0473655SShinta Sugimoto 58d0473655SShinta Sugimoto If unsure, say N. 59d0473655SShinta Sugimoto 608ea84349SMasahide NAKAMURAconfig XFRM_STATISTICS 61f215bf48SKees Cook bool "Transformation statistics" 62e54d1527SFlorian Westphal depends on XFRM && PROC_FS 638ea84349SMasahide NAKAMURA ---help--- 648ea84349SMasahide NAKAMURA This statistics is not a SNMP/MIB specification but shows 658ea84349SMasahide NAKAMURA statistics about transformation error (or almost error) factor 668ea84349SMasahide NAKAMURA at packet processing for developer. 678ea84349SMasahide NAKAMURA 688ea84349SMasahide NAKAMURA If unsure, say N. 698ea84349SMasahide NAKAMURA 707d4e3919SEric Biggersconfig XFRM_AH 717d4e3919SEric Biggers tristate 727d4e3919SEric Biggers select XFRM_ALGO 737d4e3919SEric Biggers select CRYPTO 747d4e3919SEric Biggers select CRYPTO_HMAC 757d4e3919SEric Biggers select CRYPTO_MD5 767d4e3919SEric Biggers select CRYPTO_SHA1 777d4e3919SEric Biggers 787d4e3919SEric Biggersconfig XFRM_ESP 797d4e3919SEric Biggers tristate 807d4e3919SEric Biggers select XFRM_ALGO 817d4e3919SEric Biggers select CRYPTO 827d4e3919SEric Biggers select CRYPTO_AUTHENC 837d4e3919SEric Biggers select CRYPTO_HMAC 847d4e3919SEric Biggers select CRYPTO_MD5 857d4e3919SEric Biggers select CRYPTO_CBC 867d4e3919SEric Biggers select CRYPTO_SHA1 877d4e3919SEric Biggers select CRYPTO_DES 887d4e3919SEric Biggers select CRYPTO_ECHAINIV 8937ea0f18SEric Biggers select CRYPTO_SEQIV 907d4e3919SEric Biggers 916fccab67SHerbert Xuconfig XFRM_IPCOMP 926fccab67SHerbert Xu tristate 937e152524SJan Beulich select XFRM_ALGO 946fccab67SHerbert Xu select CRYPTO 956fccab67SHerbert Xu select CRYPTO_DEFLATE 966fccab67SHerbert Xu 976a2e9b73SSam Ravnborgconfig NET_KEY 986a2e9b73SSam Ravnborg tristate "PF_KEY sockets" 997e152524SJan Beulich select XFRM_ALGO 1006a2e9b73SSam Ravnborg ---help--- 1016a2e9b73SSam Ravnborg PF_KEYv2 socket family, compatible to KAME ones. 1026a2e9b73SSam Ravnborg They are required if you are going to use IPsec tools ported 1036a2e9b73SSam Ravnborg from KAME. 1046a2e9b73SSam Ravnborg 1056a2e9b73SSam Ravnborg Say Y unless you know what you are doing. 1066a2e9b73SSam Ravnborg 107f6ed0ec0SShinta Sugimotoconfig NET_KEY_MIGRATE 108f215bf48SKees Cook bool "PF_KEY MIGRATE" 109f215bf48SKees Cook depends on NET_KEY 110f6ed0ec0SShinta Sugimoto select XFRM_MIGRATE 111f6ed0ec0SShinta Sugimoto ---help--- 112f6ed0ec0SShinta Sugimoto Add a PF_KEY MIGRATE message to PF_KEYv2 socket family. 113f6ed0ec0SShinta Sugimoto The PF_KEY MIGRATE message is used to dynamically update 114f6ed0ec0SShinta Sugimoto locator(s) of a given IPsec security association. 115f6ed0ec0SShinta Sugimoto This feature is required, for instance, in a Mobile IPv6 116f6ed0ec0SShinta Sugimoto environment with IPsec configuration where mobile nodes 117f6ed0ec0SShinta Sugimoto change their attachment point to the Internet. Detail 118f6ed0ec0SShinta Sugimoto information can be found in the internet-draft 119f6ed0ec0SShinta Sugimoto <draft-sugimoto-mip6-pfkey-migrate>. 120f6ed0ec0SShinta Sugimoto 121f6ed0ec0SShinta Sugimoto If unsure, say N. 122e54d1527SFlorian Westphal 12326333c37SSabrina Dubrocaconfig XFRM_ESPINTCP 12426333c37SSabrina Dubroca bool 12526333c37SSabrina Dubroca 126e54d1527SFlorian Westphalendif # INET 127