11da177e4SLinus Torvalds# 21da177e4SLinus Torvalds# XFRM configuration 31da177e4SLinus Torvalds# 46a2e9b73SSam Ravnborgconfig XFRM 56a2e9b73SSam Ravnborg bool 66a2e9b73SSam Ravnborg depends on NET 797e219b7SEric Dumazet select GRO_CELLS 8a84e3f53SFlorian Westphal select SKB_EXTENSIONS 96a2e9b73SSam Ravnborg 1025393d3fSSteffen Klassertconfig XFRM_OFFLOAD 1125393d3fSSteffen Klassert bool 1225393d3fSSteffen Klassert 137e152524SJan Beulichconfig XFRM_ALGO 147e152524SJan Beulich tristate 157e152524SJan Beulich select XFRM 167e152524SJan Beulich select CRYPTO 177e152524SJan Beulich 181da177e4SLinus Torvaldsconfig XFRM_USER 19654b32c6SMasahide NAKAMURA tristate "Transformation user configuration interface" 207e152524SJan Beulich depends on INET 217e152524SJan Beulich select XFRM_ALGO 221da177e4SLinus Torvalds ---help--- 23654b32c6SMasahide NAKAMURA Support for Transformation(XFRM) user configuration interface 24654b32c6SMasahide NAKAMURA like IPsec used by native Linux tools. 251da177e4SLinus Torvalds 261da177e4SLinus Torvalds If unsure, say Y. 271da177e4SLinus Torvalds 28f203b76dSSteffen Klassertconfig XFRM_INTERFACE 29f203b76dSSteffen Klassert tristate "Transformation virtual interface" 30f203b76dSSteffen Klassert depends on XFRM && IPV6 31f203b76dSSteffen Klassert ---help--- 32f203b76dSSteffen Klassert This provides a virtual interface to route IPsec traffic. 33f203b76dSSteffen Klassert 34f203b76dSSteffen Klassert If unsure, say N. 35f203b76dSSteffen Klassert 36c11f1a15SMasahide NAKAMURAconfig XFRM_SUB_POLICY 37f215bf48SKees Cook bool "Transformation sub policy support" 38f215bf48SKees Cook depends on XFRM 39c11f1a15SMasahide NAKAMURA ---help--- 40c11f1a15SMasahide NAKAMURA Support sub policy for developers. By using sub policy with main 41c11f1a15SMasahide NAKAMURA one, two policies can be applied to the same packet at once. 42c11f1a15SMasahide NAKAMURA Policy which lives shorter time in kernel should be a sub. 43c11f1a15SMasahide NAKAMURA 44c11f1a15SMasahide NAKAMURA If unsure, say N. 45c11f1a15SMasahide NAKAMURA 46d0473655SShinta Sugimotoconfig XFRM_MIGRATE 47f215bf48SKees Cook bool "Transformation migrate database" 48f215bf48SKees Cook depends on XFRM 49d0473655SShinta Sugimoto ---help--- 50d0473655SShinta Sugimoto A feature to update locator(s) of a given IPsec security 51d0473655SShinta Sugimoto association dynamically. This feature is required, for 52d0473655SShinta Sugimoto instance, in a Mobile IPv6 environment with IPsec configuration 53d0473655SShinta Sugimoto where mobile nodes change their attachment point to the Internet. 54d0473655SShinta Sugimoto 55d0473655SShinta Sugimoto If unsure, say N. 56d0473655SShinta Sugimoto 578ea84349SMasahide NAKAMURAconfig XFRM_STATISTICS 58f215bf48SKees Cook bool "Transformation statistics" 59f215bf48SKees Cook depends on INET && XFRM && PROC_FS 608ea84349SMasahide NAKAMURA ---help--- 618ea84349SMasahide NAKAMURA This statistics is not a SNMP/MIB specification but shows 628ea84349SMasahide NAKAMURA statistics about transformation error (or almost error) factor 638ea84349SMasahide NAKAMURA at packet processing for developer. 648ea84349SMasahide NAKAMURA 658ea84349SMasahide NAKAMURA If unsure, say N. 668ea84349SMasahide NAKAMURA 676fccab67SHerbert Xuconfig XFRM_IPCOMP 686fccab67SHerbert Xu tristate 697e152524SJan Beulich select XFRM_ALGO 706fccab67SHerbert Xu select CRYPTO 716fccab67SHerbert Xu select CRYPTO_DEFLATE 726fccab67SHerbert Xu 736a2e9b73SSam Ravnborgconfig NET_KEY 746a2e9b73SSam Ravnborg tristate "PF_KEY sockets" 757e152524SJan Beulich select XFRM_ALGO 766a2e9b73SSam Ravnborg ---help--- 776a2e9b73SSam Ravnborg PF_KEYv2 socket family, compatible to KAME ones. 786a2e9b73SSam Ravnborg They are required if you are going to use IPsec tools ported 796a2e9b73SSam Ravnborg from KAME. 806a2e9b73SSam Ravnborg 816a2e9b73SSam Ravnborg Say Y unless you know what you are doing. 826a2e9b73SSam Ravnborg 83f6ed0ec0SShinta Sugimotoconfig NET_KEY_MIGRATE 84f215bf48SKees Cook bool "PF_KEY MIGRATE" 85f215bf48SKees Cook depends on NET_KEY 86f6ed0ec0SShinta Sugimoto select XFRM_MIGRATE 87f6ed0ec0SShinta Sugimoto ---help--- 88f6ed0ec0SShinta Sugimoto Add a PF_KEY MIGRATE message to PF_KEYv2 socket family. 89f6ed0ec0SShinta Sugimoto The PF_KEY MIGRATE message is used to dynamically update 90f6ed0ec0SShinta Sugimoto locator(s) of a given IPsec security association. 91f6ed0ec0SShinta Sugimoto This feature is required, for instance, in a Mobile IPv6 92f6ed0ec0SShinta Sugimoto environment with IPsec configuration where mobile nodes 93f6ed0ec0SShinta Sugimoto change their attachment point to the Internet. Detail 94f6ed0ec0SShinta Sugimoto information can be found in the internet-draft 95f6ed0ec0SShinta Sugimoto <draft-sugimoto-mip6-pfkey-migrate>. 96f6ed0ec0SShinta Sugimoto 97f6ed0ec0SShinta Sugimoto If unsure, say N. 98