| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1 | # |
| 2 | # XFRM configuration |
| 3 | # |
| Sam Ravnborg | 6a2e9b7 | 2005-07-11 21:13:56 -0700 | [diff] [blame] | 4 | config XFRM |
| 5 | bool |
| 6 | depends on NET |
| 7 | |
| Jan Beulich | 7e15252 | 2012-05-15 01:57:44 +0000 | [diff] [blame] | 8 | config XFRM_ALGO |
| 9 | tristate |
| 10 | select XFRM |
| 11 | select CRYPTO |
| Arnd Bergmann | dfa3cee5 | 2019-06-18 13:22:13 +0200 | [diff] [blame] | 12 | select CRYPTO_HASH |
| 13 | select CRYPTO_BLKCIPHER |
| Jan Beulich | 7e15252 | 2012-05-15 01:57:44 +0000 | [diff] [blame] | 14 | |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 15 | config XFRM_USER |
| Masahide NAKAMURA | 654b32c | 2006-08-23 19:12:56 -0700 | [diff] [blame] | 16 | tristate "Transformation user configuration interface" |
| Jan Beulich | 7e15252 | 2012-05-15 01:57:44 +0000 | [diff] [blame] | 17 | depends on INET |
| 18 | select XFRM_ALGO |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 19 | ---help--- |
| Masahide NAKAMURA | 654b32c | 2006-08-23 19:12:56 -0700 | [diff] [blame] | 20 | Support for Transformation(XFRM) user configuration interface |
| 21 | like IPsec used by native Linux tools. |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 22 | |
| 23 | If unsure, say Y. |
| 24 | |
| Steffen Klassert | f5bb9e9 | 2018-06-12 14:07:12 +0200 | [diff] [blame] | 25 | config XFRM_INTERFACE |
| 26 | tristate "Transformation virtual interface" |
| 27 | depends on XFRM && IPV6 |
| 28 | ---help--- |
| 29 | This provides a virtual interface to route IPsec traffic. |
| 30 | |
| 31 | If unsure, say N. |
| 32 | |
| Masahide NAKAMURA | c11f1a1 | 2006-08-23 22:38:14 -0700 | [diff] [blame] | 33 | config XFRM_SUB_POLICY |
| Kees Cook | f215bf4 | 2012-10-02 11:20:07 -0700 | [diff] [blame] | 34 | bool "Transformation sub policy support" |
| 35 | depends on XFRM |
| Masahide NAKAMURA | c11f1a1 | 2006-08-23 22:38:14 -0700 | [diff] [blame] | 36 | ---help--- |
| 37 | Support sub policy for developers. By using sub policy with main |
| 38 | one, two policies can be applied to the same packet at once. |
| 39 | Policy which lives shorter time in kernel should be a sub. |
| 40 | |
| 41 | If unsure, say N. |
| 42 | |
| Shinta Sugimoto | d047365 | 2007-02-08 13:13:07 -0800 | [diff] [blame] | 43 | config XFRM_MIGRATE |
| Kees Cook | f215bf4 | 2012-10-02 11:20:07 -0700 | [diff] [blame] | 44 | bool "Transformation migrate database" |
| 45 | depends on XFRM |
| Shinta Sugimoto | d047365 | 2007-02-08 13:13:07 -0800 | [diff] [blame] | 46 | ---help--- |
| 47 | A feature to update locator(s) of a given IPsec security |
| 48 | association dynamically. This feature is required, for |
| 49 | instance, in a Mobile IPv6 environment with IPsec configuration |
| 50 | where mobile nodes change their attachment point to the Internet. |
| 51 | |
| 52 | If unsure, say N. |
| 53 | |
| Masahide NAKAMURA | 8ea8434 | 2007-12-20 20:44:02 -0800 | [diff] [blame] | 54 | config XFRM_STATISTICS |
| Kees Cook | f215bf4 | 2012-10-02 11:20:07 -0700 | [diff] [blame] | 55 | bool "Transformation statistics" |
| 56 | depends on INET && XFRM && PROC_FS |
| Masahide NAKAMURA | 8ea8434 | 2007-12-20 20:44:02 -0800 | [diff] [blame] | 57 | ---help--- |
| 58 | This statistics is not a SNMP/MIB specification but shows |
| 59 | statistics about transformation error (or almost error) factor |
| 60 | at packet processing for developer. |
| 61 | |
| 62 | If unsure, say N. |
| 63 | |
| Herbert Xu | 6fccab6 | 2008-07-25 02:54:40 -0700 | [diff] [blame] | 64 | config XFRM_IPCOMP |
| 65 | tristate |
| Jan Beulich | 7e15252 | 2012-05-15 01:57:44 +0000 | [diff] [blame] | 66 | select XFRM_ALGO |
| Herbert Xu | 6fccab6 | 2008-07-25 02:54:40 -0700 | [diff] [blame] | 67 | select CRYPTO |
| 68 | select CRYPTO_DEFLATE |
| 69 | |
| Sam Ravnborg | 6a2e9b7 | 2005-07-11 21:13:56 -0700 | [diff] [blame] | 70 | config NET_KEY |
| 71 | tristate "PF_KEY sockets" |
| Jan Beulich | 7e15252 | 2012-05-15 01:57:44 +0000 | [diff] [blame] | 72 | select XFRM_ALGO |
| Sam Ravnborg | 6a2e9b7 | 2005-07-11 21:13:56 -0700 | [diff] [blame] | 73 | ---help--- |
| 74 | PF_KEYv2 socket family, compatible to KAME ones. |
| 75 | They are required if you are going to use IPsec tools ported |
| 76 | from KAME. |
| 77 | |
| 78 | Say Y unless you know what you are doing. |
| 79 | |
| Shinta Sugimoto | f6ed0ec | 2007-02-08 13:15:05 -0800 | [diff] [blame] | 80 | config NET_KEY_MIGRATE |
| Kees Cook | f215bf4 | 2012-10-02 11:20:07 -0700 | [diff] [blame] | 81 | bool "PF_KEY MIGRATE" |
| 82 | depends on NET_KEY |
| Shinta Sugimoto | f6ed0ec | 2007-02-08 13:15:05 -0800 | [diff] [blame] | 83 | select XFRM_MIGRATE |
| 84 | ---help--- |
| 85 | Add a PF_KEY MIGRATE message to PF_KEYv2 socket family. |
| 86 | The PF_KEY MIGRATE message is used to dynamically update |
| 87 | locator(s) of a given IPsec security association. |
| 88 | This feature is required, for instance, in a Mobile IPv6 |
| 89 | environment with IPsec configuration where mobile nodes |
| 90 | change their attachment point to the Internet. Detail |
| 91 | information can be found in the internet-draft |
| 92 | <draft-sugimoto-mip6-pfkey-migrate>. |
| 93 | |
| 94 | If unsure, say N. |
| Sam Ravnborg | 6a2e9b7 | 2005-07-11 21:13:56 -0700 | [diff] [blame] | 95 | |