Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / kernel / shift / mainline / 26333c37fc285e7372f1b9461f3ae0ba3dc699c9 / . / net / xfrm / Kconfig
blob: b7fd9c838416052f2bea9803d707120781a1cef3 [file] [log] [blame]
Thomas Gleixnerec8f24b2019-05-19 13:07:45 +0100[diff] [blame]1# SPDX-License-Identifier: GPL-2.0-only
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2#
3# XFRM configuration
4#
Sam Ravnborg6a2e9b72005-07-11 21:13:56 -0700[diff] [blame]5config XFRM
Krzysztof Kozlowski43da1412019-11-21 21:28:35 +0800[diff] [blame]6 bool
7 depends on INET
8 select GRO_CELLS
9 select SKB_EXTENSIONS
Sam Ravnborg6a2e9b72005-07-11 21:13:56 -0700[diff] [blame]10
Steffen Klassert25393d32017-02-15 09:39:44 +0100[diff] [blame]11config XFRM_OFFLOAD
Krzysztof Kozlowski43da1412019-11-21 21:28:35 +0800[diff] [blame]12 bool
Steffen Klassert25393d32017-02-15 09:39:44 +0100[diff] [blame]13
Jan Beulich7e152522012-05-15 01:57:44 +0000[diff] [blame]14config XFRM_ALGO
15 tristate
16 select XFRM
17 select CRYPTO
Arnd Bergmann597179b2019-06-18 13:22:13 +0200[diff] [blame]18 select CRYPTO_HASH
Eric Biggersb95bba52019-10-25 12:41:13 -0700[diff] [blame]19 select CRYPTO_SKCIPHER
Jan Beulich7e152522012-05-15 01:57:44 +0000[diff] [blame]20
Florian Westphale54d1522019-04-12 10:14:46 +0200[diff] [blame]21if INET
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]22config XFRM_USER
Masahide NAKAMURA654b32c2006-08-23 19:12:56 -0700[diff] [blame]23 tristate "Transformation user configuration interface"
Jan Beulich7e152522012-05-15 01:57:44 +0000[diff] [blame]24 select XFRM_ALGO
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]25 ---help---
Masahide NAKAMURA654b32c2006-08-23 19:12:56 -0700[diff] [blame]26 Support for Transformation(XFRM) user configuration interface
27 like IPsec used by native Linux tools.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]28
29 If unsure, say Y.
30
Steffen Klassertf203b762018-06-12 14:07:12 +0200[diff] [blame]31config XFRM_INTERFACE
32 tristate "Transformation virtual interface"
33 depends on XFRM && IPV6
34 ---help---
35 This provides a virtual interface to route IPsec traffic.
36
37 If unsure, say N.
38
Masahide NAKAMURAc11f1a12006-08-23 22:38:14 -0700[diff] [blame]39config XFRM_SUB_POLICY
Kees Cookf215bf42012-10-02 11:20:07 -0700[diff] [blame]40 bool "Transformation sub policy support"
41 depends on XFRM
Masahide NAKAMURAc11f1a12006-08-23 22:38:14 -0700[diff] [blame]42 ---help---
43 Support sub policy for developers. By using sub policy with main
44 one, two policies can be applied to the same packet at once.
45 Policy which lives shorter time in kernel should be a sub.
46
47 If unsure, say N.
48
Shinta Sugimotod0473652007-02-08 13:13:07 -0800[diff] [blame]49config XFRM_MIGRATE
Kees Cookf215bf42012-10-02 11:20:07 -0700[diff] [blame]50 bool "Transformation migrate database"
51 depends on XFRM
Shinta Sugimotod0473652007-02-08 13:13:07 -0800[diff] [blame]52 ---help---
53 A feature to update locator(s) of a given IPsec security
54 association dynamically. This feature is required, for
55 instance, in a Mobile IPv6 environment with IPsec configuration
56 where mobile nodes change their attachment point to the Internet.
57
58 If unsure, say N.
59
Masahide NAKAMURA8ea84342007-12-20 20:44:02 -0800[diff] [blame]60config XFRM_STATISTICS
Kees Cookf215bf42012-10-02 11:20:07 -0700[diff] [blame]61 bool "Transformation statistics"
Florian Westphale54d1522019-04-12 10:14:46 +0200[diff] [blame]62 depends on XFRM && PROC_FS
Masahide NAKAMURA8ea84342007-12-20 20:44:02 -0800[diff] [blame]63 ---help---
64 This statistics is not a SNMP/MIB specification but shows
65 statistics about transformation error (or almost error) factor
66 at packet processing for developer.
67
68 If unsure, say N.
69
Herbert Xu6fccab62008-07-25 02:54:40 -0700[diff] [blame]70config XFRM_IPCOMP
71 tristate
Jan Beulich7e152522012-05-15 01:57:44 +0000[diff] [blame]72 select XFRM_ALGO
Herbert Xu6fccab62008-07-25 02:54:40 -0700[diff] [blame]73 select CRYPTO
74 select CRYPTO_DEFLATE
75
Sam Ravnborg6a2e9b72005-07-11 21:13:56 -0700[diff] [blame]76config NET_KEY
77 tristate "PF_KEY sockets"
Jan Beulich7e152522012-05-15 01:57:44 +0000[diff] [blame]78 select XFRM_ALGO
Sam Ravnborg6a2e9b72005-07-11 21:13:56 -0700[diff] [blame]79 ---help---
80 PF_KEYv2 socket family, compatible to KAME ones.
81 They are required if you are going to use IPsec tools ported
82 from KAME.
83
84 Say Y unless you know what you are doing.
85
Shinta Sugimotof6ed0ec2007-02-08 13:15:05 -0800[diff] [blame]86config NET_KEY_MIGRATE
Kees Cookf215bf42012-10-02 11:20:07 -0700[diff] [blame]87 bool "PF_KEY MIGRATE"
88 depends on NET_KEY
Shinta Sugimotof6ed0ec2007-02-08 13:15:05 -0800[diff] [blame]89 select XFRM_MIGRATE
90 ---help---
91 Add a PF_KEY MIGRATE message to PF_KEYv2 socket family.
92 The PF_KEY MIGRATE message is used to dynamically update
93 locator(s) of a given IPsec security association.
94 This feature is required, for instance, in a Mobile IPv6
95 environment with IPsec configuration where mobile nodes
96 change their attachment point to the Internet. Detail
97 information can be found in the internet-draft
98 <draft-sugimoto-mip6-pfkey-migrate>.
99
100 If unsure, say N.
Florian Westphale54d1522019-04-12 10:14:46 +0200[diff] [blame]101
Sabrina Dubroca26333c32020-04-27 17:59:35 +0200[diff] [blame^]102config XFRM_ESPINTCP
103 bool
104
Florian Westphale54d1522019-04-12 10:14:46 +0200[diff] [blame]105endif # INET