xref: /openbmc/linux/net/xfrm/Kconfig (revision 4f6cce39) 
1#
2# XFRM configuration
3#
4config XFRM
5       bool
6       depends on NET
7       select GRO_CELLS
8
9config XFRM_OFFLOAD
10       bool
11       depends on XFRM
12
13config XFRM_ALGO
14	tristate
15	select XFRM
16	select CRYPTO
17
18config XFRM_USER
19	tristate "Transformation user configuration interface"
20	depends on INET
21	select XFRM_ALGO
22	---help---
23	  Support for Transformation(XFRM) user configuration interface
24	  like IPsec used by native Linux tools.
25
26	  If unsure, say Y.
27
28config XFRM_SUB_POLICY
29	bool "Transformation sub policy support"
30	depends on XFRM
31	---help---
32	  Support sub policy for developers. By using sub policy with main
33	  one, two policies can be applied to the same packet at once.
34	  Policy which lives shorter time in kernel should be a sub.
35
36	  If unsure, say N.
37
38config XFRM_MIGRATE
39	bool "Transformation migrate database"
40	depends on XFRM
41	---help---
42	  A feature to update locator(s) of a given IPsec security
43	  association dynamically.  This feature is required, for
44	  instance, in a Mobile IPv6 environment with IPsec configuration
45	  where mobile nodes change their attachment point to the Internet.
46
47	  If unsure, say N.
48
49config XFRM_STATISTICS
50	bool "Transformation statistics"
51	depends on INET && XFRM && PROC_FS
52	---help---
53	  This statistics is not a SNMP/MIB specification but shows
54	  statistics about transformation error (or almost error) factor
55	  at packet processing for developer.
56
57	  If unsure, say N.
58
59config XFRM_IPCOMP
60	tristate
61	select XFRM_ALGO
62	select CRYPTO
63	select CRYPTO_DEFLATE
64
65config NET_KEY
66	tristate "PF_KEY sockets"
67	select XFRM_ALGO
68	---help---
69	  PF_KEYv2 socket family, compatible to KAME ones.
70	  They are required if you are going to use IPsec tools ported
71	  from KAME.
72
73	  Say Y unless you know what you are doing.
74
75config NET_KEY_MIGRATE
76	bool "PF_KEY MIGRATE"
77	depends on NET_KEY
78	select XFRM_MIGRATE
79	---help---
80	  Add a PF_KEY MIGRATE message to PF_KEYv2 socket family.
81	  The PF_KEY MIGRATE message is used to dynamically update
82	  locator(s) of a given IPsec security association.
83	  This feature is required, for instance, in a Mobile IPv6
84	  environment with IPsec configuration where mobile nodes
85	  change their attachment point to the Internet.  Detail
86	  information can be found in the internet-draft
87	  <draft-sugimoto-mip6-pfkey-migrate>.
88
89	  If unsure, say N.
90
91