| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1 | # |
| 2 | # XFRM configuration |
| 3 | # |
| Sam Ravnborg | 6a2e9b7 | 2005-07-11 21:13:56 -0700 | [diff] [blame] | 4 | config XFRM |
| 5 | bool |
| 6 | depends on NET |
| 7 | |
| Jan Beulich | 7e15252 | 2012-05-15 01:57:44 +0000 | [diff] [blame] | 8 | config XFRM_ALGO |
| 9 | tristate |
| 10 | select XFRM |
| 11 | select CRYPTO |
| 12 | |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 13 | config XFRM_USER |
| Masahide NAKAMURA | 654b32c | 2006-08-23 19:12:56 -0700 | [diff] [blame] | 14 | tristate "Transformation user configuration interface" |
| Jan Beulich | 7e15252 | 2012-05-15 01:57:44 +0000 | [diff] [blame] | 15 | depends on INET |
| 16 | select XFRM_ALGO |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 17 | ---help--- |
| Masahide NAKAMURA | 654b32c | 2006-08-23 19:12:56 -0700 | [diff] [blame] | 18 | Support for Transformation(XFRM) user configuration interface |
| 19 | like IPsec used by native Linux tools. |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 20 | |
| 21 | If unsure, say Y. |
| 22 | |
| Steffen Klassert | f5bb9e9 | 2018-06-12 14:07:12 +0200 | [diff] [blame] | 23 | config XFRM_INTERFACE |
| 24 | tristate "Transformation virtual interface" |
| 25 | depends on XFRM && IPV6 |
| 26 | ---help--- |
| 27 | This provides a virtual interface to route IPsec traffic. |
| 28 | |
| 29 | If unsure, say N. |
| 30 | |
| Masahide NAKAMURA | c11f1a1 | 2006-08-23 22:38:14 -0700 | [diff] [blame] | 31 | config XFRM_SUB_POLICY |
| Kees Cook | f215bf4 | 2012-10-02 11:20:07 -0700 | [diff] [blame] | 32 | bool "Transformation sub policy support" |
| 33 | depends on XFRM |
| Masahide NAKAMURA | c11f1a1 | 2006-08-23 22:38:14 -0700 | [diff] [blame] | 34 | ---help--- |
| 35 | Support sub policy for developers. By using sub policy with main |
| 36 | one, two policies can be applied to the same packet at once. |
| 37 | Policy which lives shorter time in kernel should be a sub. |
| 38 | |
| 39 | If unsure, say N. |
| 40 | |
| Shinta Sugimoto | d047365 | 2007-02-08 13:13:07 -0800 | [diff] [blame] | 41 | config XFRM_MIGRATE |
| Kees Cook | f215bf4 | 2012-10-02 11:20:07 -0700 | [diff] [blame] | 42 | bool "Transformation migrate database" |
| 43 | depends on XFRM |
| Shinta Sugimoto | d047365 | 2007-02-08 13:13:07 -0800 | [diff] [blame] | 44 | ---help--- |
| 45 | A feature to update locator(s) of a given IPsec security |
| 46 | association dynamically. This feature is required, for |
| 47 | instance, in a Mobile IPv6 environment with IPsec configuration |
| 48 | where mobile nodes change their attachment point to the Internet. |
| 49 | |
| 50 | If unsure, say N. |
| 51 | |
| Masahide NAKAMURA | 8ea8434 | 2007-12-20 20:44:02 -0800 | [diff] [blame] | 52 | config XFRM_STATISTICS |
| Kees Cook | f215bf4 | 2012-10-02 11:20:07 -0700 | [diff] [blame] | 53 | bool "Transformation statistics" |
| 54 | depends on INET && XFRM && PROC_FS |
| Masahide NAKAMURA | 8ea8434 | 2007-12-20 20:44:02 -0800 | [diff] [blame] | 55 | ---help--- |
| 56 | This statistics is not a SNMP/MIB specification but shows |
| 57 | statistics about transformation error (or almost error) factor |
| 58 | at packet processing for developer. |
| 59 | |
| 60 | If unsure, say N. |
| 61 | |
| Herbert Xu | 6fccab6 | 2008-07-25 02:54:40 -0700 | [diff] [blame] | 62 | config XFRM_IPCOMP |
| 63 | tristate |
| Jan Beulich | 7e15252 | 2012-05-15 01:57:44 +0000 | [diff] [blame] | 64 | select XFRM_ALGO |
| Herbert Xu | 6fccab6 | 2008-07-25 02:54:40 -0700 | [diff] [blame] | 65 | select CRYPTO |
| 66 | select CRYPTO_DEFLATE |
| 67 | |
| Sam Ravnborg | 6a2e9b7 | 2005-07-11 21:13:56 -0700 | [diff] [blame] | 68 | config NET_KEY |
| 69 | tristate "PF_KEY sockets" |
| Jan Beulich | 7e15252 | 2012-05-15 01:57:44 +0000 | [diff] [blame] | 70 | select XFRM_ALGO |
| Sam Ravnborg | 6a2e9b7 | 2005-07-11 21:13:56 -0700 | [diff] [blame] | 71 | ---help--- |
| 72 | PF_KEYv2 socket family, compatible to KAME ones. |
| 73 | They are required if you are going to use IPsec tools ported |
| 74 | from KAME. |
| 75 | |
| 76 | Say Y unless you know what you are doing. |
| 77 | |
| Shinta Sugimoto | f6ed0ec | 2007-02-08 13:15:05 -0800 | [diff] [blame] | 78 | config NET_KEY_MIGRATE |
| Kees Cook | f215bf4 | 2012-10-02 11:20:07 -0700 | [diff] [blame] | 79 | bool "PF_KEY MIGRATE" |
| 80 | depends on NET_KEY |
| Shinta Sugimoto | f6ed0ec | 2007-02-08 13:15:05 -0800 | [diff] [blame] | 81 | select XFRM_MIGRATE |
| 82 | ---help--- |
| 83 | Add a PF_KEY MIGRATE message to PF_KEYv2 socket family. |
| 84 | The PF_KEY MIGRATE message is used to dynamically update |
| 85 | locator(s) of a given IPsec security association. |
| 86 | This feature is required, for instance, in a Mobile IPv6 |
| 87 | environment with IPsec configuration where mobile nodes |
| 88 | change their attachment point to the Internet. Detail |
| 89 | information can be found in the internet-draft |
| 90 | <draft-sugimoto-mip6-pfkey-migrate>. |
| 91 | |
| 92 | If unsure, say N. |
| Sam Ravnborg | 6a2e9b7 | 2005-07-11 21:13:56 -0700 | [diff] [blame] | 93 | |