Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1 | # |
| 2 | # XFRM configuration |
| 3 | # |
Sam Ravnborg | 6a2e9b7 | 2005-07-11 21:13:56 -0700 | [diff] [blame] | 4 | config XFRM |
| 5 | bool |
| 6 | depends on NET |
| 7 | |
Jan Beulich | 7e15252 | 2012-05-15 01:57:44 +0000 | [diff] [blame] | 8 | config XFRM_ALGO |
| 9 | tristate |
| 10 | select XFRM |
| 11 | select CRYPTO |
Arnd Bergmann | dfa3cee5 | 2019-06-18 13:22:13 +0200 | [diff] [blame] | 12 | select CRYPTO_HASH |
| 13 | select CRYPTO_BLKCIPHER |
Jan Beulich | 7e15252 | 2012-05-15 01:57:44 +0000 | [diff] [blame] | 14 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 15 | config XFRM_USER |
Masahide NAKAMURA | 654b32c | 2006-08-23 19:12:56 -0700 | [diff] [blame] | 16 | tristate "Transformation user configuration interface" |
Jan Beulich | 7e15252 | 2012-05-15 01:57:44 +0000 | [diff] [blame] | 17 | depends on INET |
| 18 | select XFRM_ALGO |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 19 | ---help--- |
Masahide NAKAMURA | 654b32c | 2006-08-23 19:12:56 -0700 | [diff] [blame] | 20 | Support for Transformation(XFRM) user configuration interface |
| 21 | like IPsec used by native Linux tools. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 22 | |
| 23 | If unsure, say Y. |
| 24 | |
Masahide NAKAMURA | c11f1a1 | 2006-08-23 22:38:14 -0700 | [diff] [blame] | 25 | config XFRM_SUB_POLICY |
Kees Cook | f215bf4 | 2012-10-02 11:20:07 -0700 | [diff] [blame] | 26 | bool "Transformation sub policy support" |
| 27 | depends on XFRM |
Masahide NAKAMURA | c11f1a1 | 2006-08-23 22:38:14 -0700 | [diff] [blame] | 28 | ---help--- |
| 29 | Support sub policy for developers. By using sub policy with main |
| 30 | one, two policies can be applied to the same packet at once. |
| 31 | Policy which lives shorter time in kernel should be a sub. |
| 32 | |
| 33 | If unsure, say N. |
| 34 | |
Shinta Sugimoto | d047365 | 2007-02-08 13:13:07 -0800 | [diff] [blame] | 35 | config XFRM_MIGRATE |
Kees Cook | f215bf4 | 2012-10-02 11:20:07 -0700 | [diff] [blame] | 36 | bool "Transformation migrate database" |
| 37 | depends on XFRM |
Shinta Sugimoto | d047365 | 2007-02-08 13:13:07 -0800 | [diff] [blame] | 38 | ---help--- |
| 39 | A feature to update locator(s) of a given IPsec security |
| 40 | association dynamically. This feature is required, for |
| 41 | instance, in a Mobile IPv6 environment with IPsec configuration |
| 42 | where mobile nodes change their attachment point to the Internet. |
| 43 | |
| 44 | If unsure, say N. |
| 45 | |
Masahide NAKAMURA | 8ea8434 | 2007-12-20 20:44:02 -0800 | [diff] [blame] | 46 | config XFRM_STATISTICS |
Kees Cook | f215bf4 | 2012-10-02 11:20:07 -0700 | [diff] [blame] | 47 | bool "Transformation statistics" |
| 48 | depends on INET && XFRM && PROC_FS |
Masahide NAKAMURA | 8ea8434 | 2007-12-20 20:44:02 -0800 | [diff] [blame] | 49 | ---help--- |
| 50 | This statistics is not a SNMP/MIB specification but shows |
| 51 | statistics about transformation error (or almost error) factor |
| 52 | at packet processing for developer. |
| 53 | |
| 54 | If unsure, say N. |
| 55 | |
Herbert Xu | 6fccab6 | 2008-07-25 02:54:40 -0700 | [diff] [blame] | 56 | config XFRM_IPCOMP |
| 57 | tristate |
Jan Beulich | 7e15252 | 2012-05-15 01:57:44 +0000 | [diff] [blame] | 58 | select XFRM_ALGO |
Herbert Xu | 6fccab6 | 2008-07-25 02:54:40 -0700 | [diff] [blame] | 59 | select CRYPTO |
| 60 | select CRYPTO_DEFLATE |
| 61 | |
Sam Ravnborg | 6a2e9b7 | 2005-07-11 21:13:56 -0700 | [diff] [blame] | 62 | config NET_KEY |
| 63 | tristate "PF_KEY sockets" |
Jan Beulich | 7e15252 | 2012-05-15 01:57:44 +0000 | [diff] [blame] | 64 | select XFRM_ALGO |
Sam Ravnborg | 6a2e9b7 | 2005-07-11 21:13:56 -0700 | [diff] [blame] | 65 | ---help--- |
| 66 | PF_KEYv2 socket family, compatible to KAME ones. |
| 67 | They are required if you are going to use IPsec tools ported |
| 68 | from KAME. |
| 69 | |
| 70 | Say Y unless you know what you are doing. |
| 71 | |
Shinta Sugimoto | f6ed0ec | 2007-02-08 13:15:05 -0800 | [diff] [blame] | 72 | config NET_KEY_MIGRATE |
Kees Cook | f215bf4 | 2012-10-02 11:20:07 -0700 | [diff] [blame] | 73 | bool "PF_KEY MIGRATE" |
| 74 | depends on NET_KEY |
Shinta Sugimoto | f6ed0ec | 2007-02-08 13:15:05 -0800 | [diff] [blame] | 75 | select XFRM_MIGRATE |
| 76 | ---help--- |
| 77 | Add a PF_KEY MIGRATE message to PF_KEYv2 socket family. |
| 78 | The PF_KEY MIGRATE message is used to dynamically update |
| 79 | locator(s) of a given IPsec security association. |
| 80 | This feature is required, for instance, in a Mobile IPv6 |
| 81 | environment with IPsec configuration where mobile nodes |
| 82 | change their attachment point to the Internet. Detail |
| 83 | information can be found in the internet-draft |
| 84 | <draft-sugimoto-mip6-pfkey-migrate>. |
| 85 | |
| 86 | If unsure, say N. |
Sam Ravnborg | 6a2e9b7 | 2005-07-11 21:13:56 -0700 | [diff] [blame] | 87 | |