1ec8f24b7SThomas Gleixner# SPDX-License-Identifier: GPL-2.0-only 21da177e4SLinus Torvalds# 31da177e4SLinus Torvalds# XFRM configuration 41da177e4SLinus Torvalds# 56a2e9b73SSam Ravnborgconfig XFRM 66a2e9b73SSam Ravnborg bool 7e54d1527SFlorian Westphal depends on INET 897e219b7SEric Dumazet select GRO_CELLS 9a84e3f53SFlorian Westphal select SKB_EXTENSIONS 106a2e9b73SSam Ravnborg 1125393d3fSSteffen Klassertconfig XFRM_OFFLOAD 1225393d3fSSteffen Klassert bool 1325393d3fSSteffen Klassert 147e152524SJan Beulichconfig XFRM_ALGO 157e152524SJan Beulich tristate 167e152524SJan Beulich select XFRM 177e152524SJan Beulich select CRYPTO 187e152524SJan Beulich 19e54d1527SFlorian Westphalif INET 201da177e4SLinus Torvaldsconfig XFRM_USER 21654b32c6SMasahide NAKAMURA tristate "Transformation user configuration interface" 227e152524SJan Beulich select XFRM_ALGO 231da177e4SLinus Torvalds ---help--- 24654b32c6SMasahide NAKAMURA Support for Transformation(XFRM) user configuration interface 25654b32c6SMasahide NAKAMURA like IPsec used by native Linux tools. 261da177e4SLinus Torvalds 271da177e4SLinus Torvalds If unsure, say Y. 281da177e4SLinus Torvalds 29f203b76dSSteffen Klassertconfig XFRM_INTERFACE 30f203b76dSSteffen Klassert tristate "Transformation virtual interface" 31f203b76dSSteffen Klassert depends on XFRM && IPV6 32f203b76dSSteffen Klassert ---help--- 33f203b76dSSteffen Klassert This provides a virtual interface to route IPsec traffic. 34f203b76dSSteffen Klassert 35f203b76dSSteffen Klassert If unsure, say N. 36f203b76dSSteffen Klassert 37c11f1a15SMasahide NAKAMURAconfig XFRM_SUB_POLICY 38f215bf48SKees Cook bool "Transformation sub policy support" 39f215bf48SKees Cook depends on XFRM 40c11f1a15SMasahide NAKAMURA ---help--- 41c11f1a15SMasahide NAKAMURA Support sub policy for developers. By using sub policy with main 42c11f1a15SMasahide NAKAMURA one, two policies can be applied to the same packet at once. 43c11f1a15SMasahide NAKAMURA Policy which lives shorter time in kernel should be a sub. 44c11f1a15SMasahide NAKAMURA 45c11f1a15SMasahide NAKAMURA If unsure, say N. 46c11f1a15SMasahide NAKAMURA 47d0473655SShinta Sugimotoconfig XFRM_MIGRATE 48f215bf48SKees Cook bool "Transformation migrate database" 49f215bf48SKees Cook depends on XFRM 50d0473655SShinta Sugimoto ---help--- 51d0473655SShinta Sugimoto A feature to update locator(s) of a given IPsec security 52d0473655SShinta Sugimoto association dynamically. This feature is required, for 53d0473655SShinta Sugimoto instance, in a Mobile IPv6 environment with IPsec configuration 54d0473655SShinta Sugimoto where mobile nodes change their attachment point to the Internet. 55d0473655SShinta Sugimoto 56d0473655SShinta Sugimoto If unsure, say N. 57d0473655SShinta Sugimoto 588ea84349SMasahide NAKAMURAconfig XFRM_STATISTICS 59f215bf48SKees Cook bool "Transformation statistics" 60e54d1527SFlorian Westphal depends on XFRM && PROC_FS 618ea84349SMasahide NAKAMURA ---help--- 628ea84349SMasahide NAKAMURA This statistics is not a SNMP/MIB specification but shows 638ea84349SMasahide NAKAMURA statistics about transformation error (or almost error) factor 648ea84349SMasahide NAKAMURA at packet processing for developer. 658ea84349SMasahide NAKAMURA 668ea84349SMasahide NAKAMURA If unsure, say N. 678ea84349SMasahide NAKAMURA 686fccab67SHerbert Xuconfig XFRM_IPCOMP 696fccab67SHerbert Xu tristate 707e152524SJan Beulich select XFRM_ALGO 716fccab67SHerbert Xu select CRYPTO 726fccab67SHerbert Xu select CRYPTO_DEFLATE 736fccab67SHerbert Xu 746a2e9b73SSam Ravnborgconfig NET_KEY 756a2e9b73SSam Ravnborg tristate "PF_KEY sockets" 767e152524SJan Beulich select XFRM_ALGO 776a2e9b73SSam Ravnborg ---help--- 786a2e9b73SSam Ravnborg PF_KEYv2 socket family, compatible to KAME ones. 796a2e9b73SSam Ravnborg They are required if you are going to use IPsec tools ported 806a2e9b73SSam Ravnborg from KAME. 816a2e9b73SSam Ravnborg 826a2e9b73SSam Ravnborg Say Y unless you know what you are doing. 836a2e9b73SSam Ravnborg 84f6ed0ec0SShinta Sugimotoconfig NET_KEY_MIGRATE 85f215bf48SKees Cook bool "PF_KEY MIGRATE" 86f215bf48SKees Cook depends on NET_KEY 87f6ed0ec0SShinta Sugimoto select XFRM_MIGRATE 88f6ed0ec0SShinta Sugimoto ---help--- 89f6ed0ec0SShinta Sugimoto Add a PF_KEY MIGRATE message to PF_KEYv2 socket family. 90f6ed0ec0SShinta Sugimoto The PF_KEY MIGRATE message is used to dynamically update 91f6ed0ec0SShinta Sugimoto locator(s) of a given IPsec security association. 92f6ed0ec0SShinta Sugimoto This feature is required, for instance, in a Mobile IPv6 93f6ed0ec0SShinta Sugimoto environment with IPsec configuration where mobile nodes 94f6ed0ec0SShinta Sugimoto change their attachment point to the Internet. Detail 95f6ed0ec0SShinta Sugimoto information can be found in the internet-draft 96f6ed0ec0SShinta Sugimoto <draft-sugimoto-mip6-pfkey-migrate>. 97f6ed0ec0SShinta Sugimoto 98f6ed0ec0SShinta Sugimoto If unsure, say N. 99e54d1527SFlorian Westphal 100e54d1527SFlorian Westphalendif # INET 101