xref: /openbmc/linux/net/xfrm/Kconfig (revision 7e152524) 
11da177e4SLinus Torvalds#
21da177e4SLinus Torvalds# XFRM configuration
31da177e4SLinus Torvalds#
46a2e9b73SSam Ravnborgconfig XFRM
56a2e9b73SSam Ravnborg       bool
66a2e9b73SSam Ravnborg       depends on NET
76a2e9b73SSam Ravnborg
87e152524SJan Beulichconfig XFRM_ALGO
97e152524SJan Beulich	tristate
107e152524SJan Beulich	select XFRM
117e152524SJan Beulich	select CRYPTO
127e152524SJan Beulich
131da177e4SLinus Torvaldsconfig XFRM_USER
14654b32c6SMasahide NAKAMURA	tristate "Transformation user configuration interface"
157e152524SJan Beulich	depends on INET
167e152524SJan Beulich	select XFRM_ALGO
171da177e4SLinus Torvalds	---help---
18654b32c6SMasahide NAKAMURA	  Support for Transformation(XFRM) user configuration interface
19654b32c6SMasahide NAKAMURA	  like IPsec used by native Linux tools.
201da177e4SLinus Torvalds
211da177e4SLinus Torvalds	  If unsure, say Y.
221da177e4SLinus Torvalds
23c11f1a15SMasahide NAKAMURAconfig XFRM_SUB_POLICY
24c11f1a15SMasahide NAKAMURA	bool "Transformation sub policy support (EXPERIMENTAL)"
25c11f1a15SMasahide NAKAMURA	depends on XFRM && EXPERIMENTAL
26c11f1a15SMasahide NAKAMURA	---help---
27c11f1a15SMasahide NAKAMURA	  Support sub policy for developers. By using sub policy with main
28c11f1a15SMasahide NAKAMURA	  one, two policies can be applied to the same packet at once.
29c11f1a15SMasahide NAKAMURA	  Policy which lives shorter time in kernel should be a sub.
30c11f1a15SMasahide NAKAMURA
31c11f1a15SMasahide NAKAMURA	  If unsure, say N.
32c11f1a15SMasahide NAKAMURA
33d0473655SShinta Sugimotoconfig XFRM_MIGRATE
34d0473655SShinta Sugimoto	bool "Transformation migrate database (EXPERIMENTAL)"
35d0473655SShinta Sugimoto	depends on XFRM && EXPERIMENTAL
36d0473655SShinta Sugimoto	---help---
37d0473655SShinta Sugimoto	  A feature to update locator(s) of a given IPsec security
38d0473655SShinta Sugimoto	  association dynamically.  This feature is required, for
39d0473655SShinta Sugimoto	  instance, in a Mobile IPv6 environment with IPsec configuration
40d0473655SShinta Sugimoto	  where mobile nodes change their attachment point to the Internet.
41d0473655SShinta Sugimoto
42d0473655SShinta Sugimoto	  If unsure, say N.
43d0473655SShinta Sugimoto
448ea84349SMasahide NAKAMURAconfig XFRM_STATISTICS
458ea84349SMasahide NAKAMURA	bool "Transformation statistics (EXPERIMENTAL)"
460f4bda00SPaul Mundt	depends on INET && XFRM && PROC_FS && EXPERIMENTAL
478ea84349SMasahide NAKAMURA	---help---
488ea84349SMasahide NAKAMURA	  This statistics is not a SNMP/MIB specification but shows
498ea84349SMasahide NAKAMURA	  statistics about transformation error (or almost error) factor
508ea84349SMasahide NAKAMURA	  at packet processing for developer.
518ea84349SMasahide NAKAMURA
528ea84349SMasahide NAKAMURA	  If unsure, say N.
538ea84349SMasahide NAKAMURA
546fccab67SHerbert Xuconfig XFRM_IPCOMP
556fccab67SHerbert Xu	tristate
567e152524SJan Beulich	select XFRM_ALGO
576fccab67SHerbert Xu	select CRYPTO
586fccab67SHerbert Xu	select CRYPTO_DEFLATE
596fccab67SHerbert Xu
606a2e9b73SSam Ravnborgconfig NET_KEY
616a2e9b73SSam Ravnborg	tristate "PF_KEY sockets"
627e152524SJan Beulich	select XFRM_ALGO
636a2e9b73SSam Ravnborg	---help---
646a2e9b73SSam Ravnborg	  PF_KEYv2 socket family, compatible to KAME ones.
656a2e9b73SSam Ravnborg	  They are required if you are going to use IPsec tools ported
666a2e9b73SSam Ravnborg	  from KAME.
676a2e9b73SSam Ravnborg
686a2e9b73SSam Ravnborg	  Say Y unless you know what you are doing.
696a2e9b73SSam Ravnborg
70f6ed0ec0SShinta Sugimotoconfig NET_KEY_MIGRATE
71f6ed0ec0SShinta Sugimoto	bool "PF_KEY MIGRATE (EXPERIMENTAL)"
72f6ed0ec0SShinta Sugimoto	depends on NET_KEY && EXPERIMENTAL
73f6ed0ec0SShinta Sugimoto	select XFRM_MIGRATE
74f6ed0ec0SShinta Sugimoto	---help---
75f6ed0ec0SShinta Sugimoto	  Add a PF_KEY MIGRATE message to PF_KEYv2 socket family.
76f6ed0ec0SShinta Sugimoto	  The PF_KEY MIGRATE message is used to dynamically update
77f6ed0ec0SShinta Sugimoto	  locator(s) of a given IPsec security association.
78f6ed0ec0SShinta Sugimoto	  This feature is required, for instance, in a Mobile IPv6
79f6ed0ec0SShinta Sugimoto	  environment with IPsec configuration where mobile nodes
80f6ed0ec0SShinta Sugimoto	  change their attachment point to the Internet.  Detail
81f6ed0ec0SShinta Sugimoto	  information can be found in the internet-draft
82f6ed0ec0SShinta Sugimoto	  <draft-sugimoto-mip6-pfkey-migrate>.
83f6ed0ec0SShinta Sugimoto
84f6ed0ec0SShinta Sugimoto	  If unsure, say N.
856a2e9b73SSam Ravnborg
86