xref: /openbmc/linux/net/xfrm/Kconfig (revision f1770e3c) 
1#
2# XFRM configuration
3#
4config XFRM
5       bool
6       depends on NET
7       select GRO_CELLS
8
9config XFRM_OFFLOAD
10       bool
11
12config XFRM_ALGO
13	tristate
14	select XFRM
15	select CRYPTO
16
17config XFRM_USER
18	tristate "Transformation user configuration interface"
19	depends on INET
20	select XFRM_ALGO
21	---help---
22	  Support for Transformation(XFRM) user configuration interface
23	  like IPsec used by native Linux tools.
24
25	  If unsure, say Y.
26
27config XFRM_INTERFACE
28	tristate "Transformation virtual interface"
29	depends on XFRM && IPV6
30	---help---
31	  This provides a virtual interface to route IPsec traffic.
32
33	  If unsure, say N.
34
35config XFRM_SUB_POLICY
36	bool "Transformation sub policy support"
37	depends on XFRM
38	---help---
39	  Support sub policy for developers. By using sub policy with main
40	  one, two policies can be applied to the same packet at once.
41	  Policy which lives shorter time in kernel should be a sub.
42
43	  If unsure, say N.
44
45config XFRM_MIGRATE
46	bool "Transformation migrate database"
47	depends on XFRM
48	---help---
49	  A feature to update locator(s) of a given IPsec security
50	  association dynamically.  This feature is required, for
51	  instance, in a Mobile IPv6 environment with IPsec configuration
52	  where mobile nodes change their attachment point to the Internet.
53
54	  If unsure, say N.
55
56config XFRM_STATISTICS
57	bool "Transformation statistics"
58	depends on INET && XFRM && PROC_FS
59	---help---
60	  This statistics is not a SNMP/MIB specification but shows
61	  statistics about transformation error (or almost error) factor
62	  at packet processing for developer.
63
64	  If unsure, say N.
65
66config XFRM_IPCOMP
67	tristate
68	select XFRM_ALGO
69	select CRYPTO
70	select CRYPTO_DEFLATE
71
72config NET_KEY
73	tristate "PF_KEY sockets"
74	select XFRM_ALGO
75	---help---
76	  PF_KEYv2 socket family, compatible to KAME ones.
77	  They are required if you are going to use IPsec tools ported
78	  from KAME.
79
80	  Say Y unless you know what you are doing.
81
82config NET_KEY_MIGRATE
83	bool "PF_KEY MIGRATE"
84	depends on NET_KEY
85	select XFRM_MIGRATE
86	---help---
87	  Add a PF_KEY MIGRATE message to PF_KEYv2 socket family.
88	  The PF_KEY MIGRATE message is used to dynamically update
89	  locator(s) of a given IPsec security association.
90	  This feature is required, for instance, in a Mobile IPv6
91	  environment with IPsec configuration where mobile nodes
92	  change their attachment point to the Internet.  Detail
93	  information can be found in the internet-draft
94	  <draft-sugimoto-mip6-pfkey-migrate>.
95
96	  If unsure, say N.
97