• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#
2# XFRM configuration
3#
4config XFRM
5       bool
6       depends on NET
7
8config XFRM_ALGO
9	tristate
10	select XFRM
11	select CRYPTO
12
13config XFRM_USER
14	tristate "Transformation user configuration interface"
15	depends on INET
16	select XFRM_ALGO
17	---help---
18	  Support for Transformation(XFRM) user configuration interface
19	  like IPsec used by native Linux tools.
20
21	  If unsure, say Y.
22
23config XFRM_USER_COMPAT
24	tristate "Compatible ABI support"
25	depends on XFRM_USER && COMPAT_FOR_U64_ALIGNMENT && \
26		HAVE_EFFICIENT_UNALIGNED_ACCESS
27	select WANT_COMPAT_NETLINK_MESSAGES
28	help
29	  Transformation(XFRM) user configuration interface like IPsec
30	  used by compatible Linux applications.
31
32	  If unsure, say N.
33
34config XFRM_SUB_POLICY
35	bool "Transformation sub policy support"
36	depends on XFRM
37	---help---
38	  Support sub policy for developers. By using sub policy with main
39	  one, two policies can be applied to the same packet at once.
40	  Policy which lives shorter time in kernel should be a sub.
41
42	  If unsure, say N.
43
44config XFRM_MIGRATE
45	bool "Transformation migrate database"
46	depends on XFRM
47	---help---
48	  A feature to update locator(s) of a given IPsec security
49	  association dynamically.  This feature is required, for
50	  instance, in a Mobile IPv6 environment with IPsec configuration
51	  where mobile nodes change their attachment point to the Internet.
52
53	  If unsure, say N.
54
55config XFRM_STATISTICS
56	bool "Transformation statistics"
57	depends on INET && XFRM && PROC_FS
58	---help---
59	  This statistics is not a SNMP/MIB specification but shows
60	  statistics about transformation error (or almost error) factor
61	  at packet processing for developer.
62
63	  If unsure, say N.
64
65config XFRM_IPCOMP
66	tristate
67	select XFRM_ALGO
68	select CRYPTO
69	select CRYPTO_DEFLATE
70
71config NET_KEY
72	tristate "PF_KEY sockets"
73	select XFRM_ALGO
74	---help---
75	  PF_KEYv2 socket family, compatible to KAME ones.
76	  They are required if you are going to use IPsec tools ported
77	  from KAME.
78
79	  Say Y unless you know what you are doing.
80
81config NET_KEY_MIGRATE
82	bool "PF_KEY MIGRATE"
83	depends on NET_KEY
84	select XFRM_MIGRATE
85	---help---
86	  Add a PF_KEY MIGRATE message to PF_KEYv2 socket family.
87	  The PF_KEY MIGRATE message is used to dynamically update
88	  locator(s) of a given IPsec security association.
89	  This feature is required, for instance, in a Mobile IPv6
90	  environment with IPsec configuration where mobile nodes
91	  change their attachment point to the Internet.  Detail
92	  information can be found in the internet-draft
93	  <draft-sugimoto-mip6-pfkey-migrate>.
94
95	  If unsure, say N.
96
97