Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / kernel / shift / mainline / 09870235827451409ff546b073d754a19fd17e2e / . / net / xfrm / Kconfig
blob: 3adf31a83a79a27a29d8a99e6724d51de5e2ab25 [file] [log] [blame]
Thomas Gleixnerec8f24b2019-05-19 13:07:45 +0100[diff] [blame]1# SPDX-License-Identifier: GPL-2.0-only
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2#
3# XFRM configuration
4#
Sam Ravnborg6a2e9b72005-07-11 21:13:56 -0700[diff] [blame]5config XFRM
Krzysztof Kozlowski43da1412019-11-21 21:28:35 +0800[diff] [blame]6 bool
7 depends on INET
8 select GRO_CELLS
9 select SKB_EXTENSIONS
Sam Ravnborg6a2e9b72005-07-11 21:13:56 -0700[diff] [blame]10
Steffen Klassert25393d32017-02-15 09:39:44 +0100[diff] [blame]11config XFRM_OFFLOAD
Krzysztof Kozlowski43da1412019-11-21 21:28:35 +0800[diff] [blame]12 bool
Steffen Klassert25393d32017-02-15 09:39:44 +0100[diff] [blame]13
Jan Beulich7e152522012-05-15 01:57:44 +0000[diff] [blame]14config XFRM_ALGO
15 tristate
16 select XFRM
17 select CRYPTO
Arnd Bergmann597179b2019-06-18 13:22:13 +0200[diff] [blame]18 select CRYPTO_HASH
Eric Biggersb95bba52019-10-25 12:41:13 -0700[diff] [blame]19 select CRYPTO_SKCIPHER
Jan Beulich7e152522012-05-15 01:57:44 +0000[diff] [blame]20
Florian Westphale54d1522019-04-12 10:14:46 +0200[diff] [blame]21if INET
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]22config XFRM_USER
Masahide NAKAMURA654b32c2006-08-23 19:12:56 -0700[diff] [blame]23 tristate "Transformation user configuration interface"
Jan Beulich7e152522012-05-15 01:57:44 +0000[diff] [blame]24 select XFRM_ALGO
Masahiro Yamadaa7f7f622020-06-14 01:50:22 +0900[diff] [blame]25 help
Masahide NAKAMURA654b32c2006-08-23 19:12:56 -0700[diff] [blame]26 Support for Transformation(XFRM) user configuration interface
27 like IPsec used by native Linux tools.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]28
29 If unsure, say Y.
30
Dmitry Safonovc9e7c762020-09-21 15:36:51 +0100[diff] [blame]31config XFRM_USER_COMPAT
32 tristate "Compatible ABI support"
Dmitry Safonov5106f4a2020-09-21 15:36:55 +0100[diff] [blame]33 depends on XFRM_USER && COMPAT_FOR_U64_ALIGNMENT && \
34 HAVE_EFFICIENT_UNALIGNED_ACCESS
Dmitry Safonovc9e7c762020-09-21 15:36:51 +0100[diff] [blame]35 select WANT_COMPAT_NETLINK_MESSAGES
36 help
37 Transformation(XFRM) user configuration interface like IPsec
38 used by compatible Linux applications.
39
40 If unsure, say N.
41
Steffen Klassertf203b762018-06-12 14:07:12 +0200[diff] [blame]42config XFRM_INTERFACE
43 tristate "Transformation virtual interface"
44 depends on XFRM && IPV6
Masahiro Yamadaa7f7f622020-06-14 01:50:22 +0900[diff] [blame]45 help
Steffen Klassertf203b762018-06-12 14:07:12 +0200[diff] [blame]46 This provides a virtual interface to route IPsec traffic.
47
48 If unsure, say N.
49
Masahide NAKAMURAc11f1a12006-08-23 22:38:14 -0700[diff] [blame]50config XFRM_SUB_POLICY
Kees Cookf215bf42012-10-02 11:20:07 -0700[diff] [blame]51 bool "Transformation sub policy support"
52 depends on XFRM
Masahiro Yamadaa7f7f622020-06-14 01:50:22 +0900[diff] [blame]53 help
Masahide NAKAMURAc11f1a12006-08-23 22:38:14 -0700[diff] [blame]54 Support sub policy for developers. By using sub policy with main
55 one, two policies can be applied to the same packet at once.
56 Policy which lives shorter time in kernel should be a sub.
57
58 If unsure, say N.
59
Shinta Sugimotod0473652007-02-08 13:13:07 -0800[diff] [blame]60config XFRM_MIGRATE
Kees Cookf215bf42012-10-02 11:20:07 -0700[diff] [blame]61 bool "Transformation migrate database"
62 depends on XFRM
Masahiro Yamadaa7f7f622020-06-14 01:50:22 +0900[diff] [blame]63 help
Shinta Sugimotod0473652007-02-08 13:13:07 -0800[diff] [blame]64 A feature to update locator(s) of a given IPsec security
65 association dynamically. This feature is required, for
66 instance, in a Mobile IPv6 environment with IPsec configuration
67 where mobile nodes change their attachment point to the Internet.
68
69 If unsure, say N.
70
Masahide NAKAMURA8ea84342007-12-20 20:44:02 -0800[diff] [blame]71config XFRM_STATISTICS
Kees Cookf215bf42012-10-02 11:20:07 -0700[diff] [blame]72 bool "Transformation statistics"
Florian Westphale54d1522019-04-12 10:14:46 +0200[diff] [blame]73 depends on XFRM && PROC_FS
Masahiro Yamadaa7f7f622020-06-14 01:50:22 +0900[diff] [blame]74 help
Masahide NAKAMURA8ea84342007-12-20 20:44:02 -0800[diff] [blame]75 This statistics is not a SNMP/MIB specification but shows
76 statistics about transformation error (or almost error) factor
77 at packet processing for developer.
78
79 If unsure, say N.
80
Eric Biggersbe013692020-06-10 09:14:37 -0700[diff] [blame]81# This option selects XFRM_ALGO along with the AH authentication algorithms that
82# RFC 8221 lists as MUST be implemented.
Eric Biggers7d4e3912020-06-10 09:14:35 -0700[diff] [blame]83config XFRM_AH
84 tristate
85 select XFRM_ALGO
86 select CRYPTO
87 select CRYPTO_HMAC
Eric Biggersbe013692020-06-10 09:14:37 -0700[diff] [blame]88 select CRYPTO_SHA256
Eric Biggers7d4e3912020-06-10 09:14:35 -0700[diff] [blame]89
Eric Biggersbe013692020-06-10 09:14:37 -0700[diff] [blame]90# This option selects XFRM_ALGO along with the ESP encryption and authentication
91# algorithms that RFC 8221 lists as MUST be implemented.
Eric Biggers7d4e3912020-06-10 09:14:35 -0700[diff] [blame]92config XFRM_ESP
93 tristate
94 select XFRM_ALGO
95 select CRYPTO
Eric Biggersbe013692020-06-10 09:14:37 -0700[diff] [blame]96 select CRYPTO_AES
Eric Biggers7d4e3912020-06-10 09:14:35 -0700[diff] [blame]97 select CRYPTO_AUTHENC
Eric Biggers7d4e3912020-06-10 09:14:35 -0700[diff] [blame]98 select CRYPTO_CBC
Eric Biggers7d4e3912020-06-10 09:14:35 -0700[diff] [blame]99 select CRYPTO_ECHAINIV
Eric Biggersbe013692020-06-10 09:14:37 -0700[diff] [blame]100 select CRYPTO_GCM
101 select CRYPTO_HMAC
Eric Biggers37ea0f12020-06-10 09:14:36 -0700[diff] [blame]102 select CRYPTO_SEQIV
Eric Biggersbe013692020-06-10 09:14:37 -0700[diff] [blame]103 select CRYPTO_SHA256
Eric Biggers7d4e3912020-06-10 09:14:35 -0700[diff] [blame]104
Herbert Xu6fccab62008-07-25 02:54:40 -0700[diff] [blame]105config XFRM_IPCOMP
106 tristate
Jan Beulich7e152522012-05-15 01:57:44 +0000[diff] [blame]107 select XFRM_ALGO
Herbert Xu6fccab62008-07-25 02:54:40 -0700[diff] [blame]108 select CRYPTO
109 select CRYPTO_DEFLATE
110
Sam Ravnborg6a2e9b72005-07-11 21:13:56 -0700[diff] [blame]111config NET_KEY
112 tristate "PF_KEY sockets"
Jan Beulich7e152522012-05-15 01:57:44 +0000[diff] [blame]113 select XFRM_ALGO
Masahiro Yamadaa7f7f622020-06-14 01:50:22 +0900[diff] [blame]114 help
Sam Ravnborg6a2e9b72005-07-11 21:13:56 -0700[diff] [blame]115 PF_KEYv2 socket family, compatible to KAME ones.
116 They are required if you are going to use IPsec tools ported
117 from KAME.
118
119 Say Y unless you know what you are doing.
120
Shinta Sugimotof6ed0ec2007-02-08 13:15:05 -0800[diff] [blame]121config NET_KEY_MIGRATE
Kees Cookf215bf42012-10-02 11:20:07 -0700[diff] [blame]122 bool "PF_KEY MIGRATE"
123 depends on NET_KEY
Shinta Sugimotof6ed0ec2007-02-08 13:15:05 -0800[diff] [blame]124 select XFRM_MIGRATE
Masahiro Yamadaa7f7f622020-06-14 01:50:22 +0900[diff] [blame]125 help
Shinta Sugimotof6ed0ec2007-02-08 13:15:05 -0800[diff] [blame]126 Add a PF_KEY MIGRATE message to PF_KEYv2 socket family.
127 The PF_KEY MIGRATE message is used to dynamically update
128 locator(s) of a given IPsec security association.
129 This feature is required, for instance, in a Mobile IPv6
130 environment with IPsec configuration where mobile nodes
131 change their attachment point to the Internet. Detail
132 information can be found in the internet-draft
133 <draft-sugimoto-mip6-pfkey-migrate>.
134
135 If unsure, say N.
Florian Westphale54d1522019-04-12 10:14:46 +0200[diff] [blame]136
Sabrina Dubroca26333c32020-04-27 17:59:35 +0200[diff] [blame]137config XFRM_ESPINTCP
138 bool
139
Florian Westphale54d1522019-04-12 10:14:46 +0200[diff] [blame]140endif # INET