• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#
2# XFRM configuration
3#
4config XFRM
5       bool
6       depends on NET
7       select GRO_CELLS
8
9config XFRM_OFFLOAD
10       bool
11       depends on XFRM
12
13config XFRM_ALGO
14	tristate
15	select XFRM
16	select CRYPTO
17	select CRYPTO_HASH
18	select CRYPTO_BLKCIPHER
19
20config XFRM_USER
21	tristate "Transformation user configuration interface"
22	depends on INET
23	select XFRM_ALGO
24	---help---
25	  Support for Transformation(XFRM) user configuration interface
26	  like IPsec used by native Linux tools.
27
28	  If unsure, say Y.
29
30config XFRM_INTERFACE
31	tristate "Transformation virtual interface"
32	depends on XFRM && IPV6
33	---help---
34	  This provides a virtual interface to route IPsec traffic.
35
36	  If unsure, say N.
37
38config XFRM_SUB_POLICY
39	bool "Transformation sub policy support"
40	depends on XFRM
41	---help---
42	  Support sub policy for developers. By using sub policy with main
43	  one, two policies can be applied to the same packet at once.
44	  Policy which lives shorter time in kernel should be a sub.
45
46	  If unsure, say N.
47
48config XFRM_MIGRATE
49	bool "Transformation migrate database"
50	depends on XFRM
51	---help---
52	  A feature to update locator(s) of a given IPsec security
53	  association dynamically.  This feature is required, for
54	  instance, in a Mobile IPv6 environment with IPsec configuration
55	  where mobile nodes change their attachment point to the Internet.
56
57	  If unsure, say N.
58
59config XFRM_STATISTICS
60	bool "Transformation statistics"
61	depends on INET && XFRM && PROC_FS
62	---help---
63	  This statistics is not a SNMP/MIB specification but shows
64	  statistics about transformation error (or almost error) factor
65	  at packet processing for developer.
66
67	  If unsure, say N.
68
69config XFRM_IPCOMP
70	tristate
71	select XFRM_ALGO
72	select CRYPTO
73	select CRYPTO_DEFLATE
74
75config NET_KEY
76	tristate "PF_KEY sockets"
77	select XFRM_ALGO
78	---help---
79	  PF_KEYv2 socket family, compatible to KAME ones.
80	  They are required if you are going to use IPsec tools ported
81	  from KAME.
82
83	  Say Y unless you know what you are doing.
84
85config NET_KEY_MIGRATE
86	bool "PF_KEY MIGRATE"
87	depends on NET_KEY
88	select XFRM_MIGRATE
89	---help---
90	  Add a PF_KEY MIGRATE message to PF_KEYv2 socket family.
91	  The PF_KEY MIGRATE message is used to dynamically update
92	  locator(s) of a given IPsec security association.
93	  This feature is required, for instance, in a Mobile IPv6
94	  environment with IPsec configuration where mobile nodes
95	  change their attachment point to the Internet.  Detail
96	  information can be found in the internet-draft
97	  <draft-sugimoto-mip6-pfkey-migrate>.
98
99	  If unsure, say N.
100
101