1# SPDX-License-Identifier: GPL-2.0-only 2# 3# XFRM configuration 4# 5config XFRM 6 bool 7 depends on INET 8 select GRO_CELLS 9 select SKB_EXTENSIONS 10 11config XFRM_OFFLOAD 12 bool 13 14config XFRM_ALGO 15 tristate 16 select XFRM 17 select CRYPTO 18 19if INET 20config XFRM_USER 21 tristate "Transformation user configuration interface" 22 select XFRM_ALGO 23 ---help--- 24 Support for Transformation(XFRM) user configuration interface 25 like IPsec used by native Linux tools. 26 27 If unsure, say Y. 28 29config XFRM_INTERFACE 30 tristate "Transformation virtual interface" 31 depends on XFRM && IPV6 32 ---help--- 33 This provides a virtual interface to route IPsec traffic. 34 35 If unsure, say N. 36 37config XFRM_SUB_POLICY 38 bool "Transformation sub policy support" 39 depends on XFRM 40 ---help--- 41 Support sub policy for developers. By using sub policy with main 42 one, two policies can be applied to the same packet at once. 43 Policy which lives shorter time in kernel should be a sub. 44 45 If unsure, say N. 46 47config XFRM_MIGRATE 48 bool "Transformation migrate database" 49 depends on XFRM 50 ---help--- 51 A feature to update locator(s) of a given IPsec security 52 association dynamically. This feature is required, for 53 instance, in a Mobile IPv6 environment with IPsec configuration 54 where mobile nodes change their attachment point to the Internet. 55 56 If unsure, say N. 57 58config XFRM_STATISTICS 59 bool "Transformation statistics" 60 depends on XFRM && PROC_FS 61 ---help--- 62 This statistics is not a SNMP/MIB specification but shows 63 statistics about transformation error (or almost error) factor 64 at packet processing for developer. 65 66 If unsure, say N. 67 68config XFRM_IPCOMP 69 tristate 70 select XFRM_ALGO 71 select CRYPTO 72 select CRYPTO_DEFLATE 73 74config NET_KEY 75 tristate "PF_KEY sockets" 76 select XFRM_ALGO 77 ---help--- 78 PF_KEYv2 socket family, compatible to KAME ones. 79 They are required if you are going to use IPsec tools ported 80 from KAME. 81 82 Say Y unless you know what you are doing. 83 84config NET_KEY_MIGRATE 85 bool "PF_KEY MIGRATE" 86 depends on NET_KEY 87 select XFRM_MIGRATE 88 ---help--- 89 Add a PF_KEY MIGRATE message to PF_KEYv2 socket family. 90 The PF_KEY MIGRATE message is used to dynamically update 91 locator(s) of a given IPsec security association. 92 This feature is required, for instance, in a Mobile IPv6 93 environment with IPsec configuration where mobile nodes 94 change their attachment point to the Internet. Detail 95 information can be found in the internet-draft 96 <draft-sugimoto-mip6-pfkey-migrate>. 97 98 If unsure, say N. 99 100endif # INET 101