xref: /openbmc/linux/net/xfrm/Kconfig (revision f9a82c48) 
1#
2# XFRM configuration
3#
4config XFRM
5       bool
6       depends on NET
7       select GRO_CELLS
8       select SKB_EXTENSIONS
9
10config XFRM_OFFLOAD
11       bool
12
13config XFRM_ALGO
14	tristate
15	select XFRM
16	select CRYPTO
17
18config XFRM_USER
19	tristate "Transformation user configuration interface"
20	depends on INET
21	select XFRM_ALGO
22	---help---
23	  Support for Transformation(XFRM) user configuration interface
24	  like IPsec used by native Linux tools.
25
26	  If unsure, say Y.
27
28config XFRM_INTERFACE
29	tristate "Transformation virtual interface"
30	depends on XFRM && IPV6
31	---help---
32	  This provides a virtual interface to route IPsec traffic.
33
34	  If unsure, say N.
35
36config XFRM_SUB_POLICY
37	bool "Transformation sub policy support"
38	depends on XFRM
39	---help---
40	  Support sub policy for developers. By using sub policy with main
41	  one, two policies can be applied to the same packet at once.
42	  Policy which lives shorter time in kernel should be a sub.
43
44	  If unsure, say N.
45
46config XFRM_MIGRATE
47	bool "Transformation migrate database"
48	depends on XFRM
49	---help---
50	  A feature to update locator(s) of a given IPsec security
51	  association dynamically.  This feature is required, for
52	  instance, in a Mobile IPv6 environment with IPsec configuration
53	  where mobile nodes change their attachment point to the Internet.
54
55	  If unsure, say N.
56
57config XFRM_STATISTICS
58	bool "Transformation statistics"
59	depends on INET && XFRM && PROC_FS
60	---help---
61	  This statistics is not a SNMP/MIB specification but shows
62	  statistics about transformation error (or almost error) factor
63	  at packet processing for developer.
64
65	  If unsure, say N.
66
67config XFRM_IPCOMP
68	tristate
69	select XFRM_ALGO
70	select CRYPTO
71	select CRYPTO_DEFLATE
72
73config NET_KEY
74	tristate "PF_KEY sockets"
75	select XFRM_ALGO
76	---help---
77	  PF_KEYv2 socket family, compatible to KAME ones.
78	  They are required if you are going to use IPsec tools ported
79	  from KAME.
80
81	  Say Y unless you know what you are doing.
82
83config NET_KEY_MIGRATE
84	bool "PF_KEY MIGRATE"
85	depends on NET_KEY
86	select XFRM_MIGRATE
87	---help---
88	  Add a PF_KEY MIGRATE message to PF_KEYv2 socket family.
89	  The PF_KEY MIGRATE message is used to dynamically update
90	  locator(s) of a given IPsec security association.
91	  This feature is required, for instance, in a Mobile IPv6
92	  environment with IPsec configuration where mobile nodes
93	  change their attachment point to the Internet.  Detail
94	  information can be found in the internet-draft
95	  <draft-sugimoto-mip6-pfkey-migrate>.
96
97	  If unsure, say N.
98