xref: /openbmc/linux/net/xfrm/Kconfig (revision 367b8112) 
1#
2# XFRM configuration
3#
4config XFRM
5       bool
6       select CRYPTO
7       depends on NET
8
9config XFRM_USER
10	tristate "Transformation user configuration interface"
11	depends on INET && XFRM
12	---help---
13	  Support for Transformation(XFRM) user configuration interface
14	  like IPsec used by native Linux tools.
15
16	  If unsure, say Y.
17
18config XFRM_SUB_POLICY
19	bool "Transformation sub policy support (EXPERIMENTAL)"
20	depends on XFRM && EXPERIMENTAL
21	---help---
22	  Support sub policy for developers. By using sub policy with main
23	  one, two policies can be applied to the same packet at once.
24	  Policy which lives shorter time in kernel should be a sub.
25
26	  If unsure, say N.
27
28config XFRM_MIGRATE
29	bool "Transformation migrate database (EXPERIMENTAL)"
30	depends on XFRM && EXPERIMENTAL
31	---help---
32	  A feature to update locator(s) of a given IPsec security
33	  association dynamically.  This feature is required, for
34	  instance, in a Mobile IPv6 environment with IPsec configuration
35	  where mobile nodes change their attachment point to the Internet.
36
37	  If unsure, say N.
38
39config XFRM_STATISTICS
40	bool "Transformation statistics (EXPERIMENTAL)"
41	depends on INET && XFRM && PROC_FS && EXPERIMENTAL
42	---help---
43	  This statistics is not a SNMP/MIB specification but shows
44	  statistics about transformation error (or almost error) factor
45	  at packet processing for developer.
46
47	  If unsure, say N.
48
49config XFRM_IPCOMP
50	tristate
51	select XFRM
52	select CRYPTO
53	select CRYPTO_DEFLATE
54
55config NET_KEY
56	tristate "PF_KEY sockets"
57	select XFRM
58	---help---
59	  PF_KEYv2 socket family, compatible to KAME ones.
60	  They are required if you are going to use IPsec tools ported
61	  from KAME.
62
63	  Say Y unless you know what you are doing.
64
65config NET_KEY_MIGRATE
66	bool "PF_KEY MIGRATE (EXPERIMENTAL)"
67	depends on NET_KEY && EXPERIMENTAL
68	select XFRM_MIGRATE
69	---help---
70	  Add a PF_KEY MIGRATE message to PF_KEYv2 socket family.
71	  The PF_KEY MIGRATE message is used to dynamically update
72	  locator(s) of a given IPsec security association.
73	  This feature is required, for instance, in a Mobile IPv6
74	  environment with IPsec configuration where mobile nodes
75	  change their attachment point to the Internet.  Detail
76	  information can be found in the internet-draft
77	  <draft-sugimoto-mip6-pfkey-migrate>.
78
79	  If unsure, say N.
80
81