2019-05-19 05:07:45 -07:00
|
|
|
# SPDX-License-Identifier: GPL-2.0-only
|
2005-04-16 15:20:36 -07:00
|
|
|
#
|
|
|
|
# XFRM configuration
|
|
|
|
#
|
2005-07-11 21:13:56 -07:00
|
|
|
config XFRM
|
2019-11-21 06:28:35 -07:00
|
|
|
bool
|
|
|
|
depends on INET
|
|
|
|
select GRO_CELLS
|
|
|
|
select SKB_EXTENSIONS
|
2005-07-11 21:13:56 -07:00
|
|
|
|
2017-02-15 01:39:44 -07:00
|
|
|
config XFRM_OFFLOAD
|
2019-11-21 06:28:35 -07:00
|
|
|
bool
|
2017-02-15 01:39:44 -07:00
|
|
|
|
2012-05-14 18:57:44 -07:00
|
|
|
config XFRM_ALGO
|
|
|
|
tristate
|
|
|
|
select XFRM
|
|
|
|
select CRYPTO
|
2023-09-20 16:20:25 -07:00
|
|
|
select CRYPTO_AEAD
|
2019-06-18 04:22:13 -07:00
|
|
|
select CRYPTO_HASH
|
2019-10-25 12:41:13 -07:00
|
|
|
select CRYPTO_SKCIPHER
|
2012-05-14 18:57:44 -07:00
|
|
|
|
2019-04-12 01:14:46 -07:00
|
|
|
if INET
|
2005-04-16 15:20:36 -07:00
|
|
|
config XFRM_USER
|
2006-08-23 19:12:56 -07:00
|
|
|
tristate "Transformation user configuration interface"
|
2012-05-14 18:57:44 -07:00
|
|
|
select XFRM_ALGO
|
2020-06-13 09:50:22 -07:00
|
|
|
help
|
2006-08-23 19:12:56 -07:00
|
|
|
Support for Transformation(XFRM) user configuration interface
|
|
|
|
like IPsec used by native Linux tools.
|
2005-04-16 15:20:36 -07:00
|
|
|
|
|
|
|
If unsure, say Y.
|
|
|
|
|
2020-09-21 07:36:51 -07:00
|
|
|
config XFRM_USER_COMPAT
|
|
|
|
tristate "Compatible ABI support"
|
2020-09-21 07:36:55 -07:00
|
|
|
depends on XFRM_USER && COMPAT_FOR_U64_ALIGNMENT && \
|
|
|
|
HAVE_EFFICIENT_UNALIGNED_ACCESS
|
2020-09-21 07:36:51 -07:00
|
|
|
select WANT_COMPAT_NETLINK_MESSAGES
|
|
|
|
help
|
|
|
|
Transformation(XFRM) user configuration interface like IPsec
|
|
|
|
used by compatible Linux applications.
|
|
|
|
|
|
|
|
If unsure, say N.
|
|
|
|
|
2018-06-12 05:07:12 -07:00
|
|
|
config XFRM_INTERFACE
|
|
|
|
tristate "Transformation virtual interface"
|
|
|
|
depends on XFRM && IPV6
|
2020-06-13 09:50:22 -07:00
|
|
|
help
|
2018-06-12 05:07:12 -07:00
|
|
|
This provides a virtual interface to route IPsec traffic.
|
|
|
|
|
|
|
|
If unsure, say N.
|
|
|
|
|
2006-08-23 22:38:14 -07:00
|
|
|
config XFRM_SUB_POLICY
|
2012-10-02 11:20:07 -07:00
|
|
|
bool "Transformation sub policy support"
|
|
|
|
depends on XFRM
|
2020-06-13 09:50:22 -07:00
|
|
|
help
|
2006-08-23 22:38:14 -07:00
|
|
|
Support sub policy for developers. By using sub policy with main
|
|
|
|
one, two policies can be applied to the same packet at once.
|
|
|
|
Policy which lives shorter time in kernel should be a sub.
|
|
|
|
|
|
|
|
If unsure, say N.
|
|
|
|
|
2007-02-08 14:13:07 -07:00
|
|
|
config XFRM_MIGRATE
|
2012-10-02 11:20:07 -07:00
|
|
|
bool "Transformation migrate database"
|
|
|
|
depends on XFRM
|
2020-06-13 09:50:22 -07:00
|
|
|
help
|
2007-02-08 14:13:07 -07:00
|
|
|
A feature to update locator(s) of a given IPsec security
|
|
|
|
association dynamically. This feature is required, for
|
|
|
|
instance, in a Mobile IPv6 environment with IPsec configuration
|
|
|
|
where mobile nodes change their attachment point to the Internet.
|
|
|
|
|
|
|
|
If unsure, say N.
|
|
|
|
|
2007-12-20 21:44:02 -07:00
|
|
|
config XFRM_STATISTICS
|
2012-10-02 11:20:07 -07:00
|
|
|
bool "Transformation statistics"
|
2019-04-12 01:14:46 -07:00
|
|
|
depends on XFRM && PROC_FS
|
2020-06-13 09:50:22 -07:00
|
|
|
help
|
2007-12-20 21:44:02 -07:00
|
|
|
This statistics is not a SNMP/MIB specification but shows
|
|
|
|
statistics about transformation error (or almost error) factor
|
|
|
|
at packet processing for developer.
|
|
|
|
|
|
|
|
If unsure, say N.
|
|
|
|
|
2020-06-10 09:14:37 -07:00
|
|
|
# This option selects XFRM_ALGO along with the AH authentication algorithms that
|
|
|
|
# RFC 8221 lists as MUST be implemented.
|
2020-06-10 09:14:35 -07:00
|
|
|
config XFRM_AH
|
|
|
|
tristate
|
|
|
|
select XFRM_ALGO
|
|
|
|
select CRYPTO
|
|
|
|
select CRYPTO_HMAC
|
2020-06-10 09:14:37 -07:00
|
|
|
select CRYPTO_SHA256
|
2020-06-10 09:14:35 -07:00
|
|
|
|
2020-06-10 09:14:37 -07:00
|
|
|
# This option selects XFRM_ALGO along with the ESP encryption and authentication
|
|
|
|
# algorithms that RFC 8221 lists as MUST be implemented.
|
2020-06-10 09:14:35 -07:00
|
|
|
config XFRM_ESP
|
|
|
|
tristate
|
|
|
|
select XFRM_ALGO
|
|
|
|
select CRYPTO
|
2020-06-10 09:14:37 -07:00
|
|
|
select CRYPTO_AES
|
2020-06-10 09:14:35 -07:00
|
|
|
select CRYPTO_AUTHENC
|
|
|
|
select CRYPTO_CBC
|
|
|
|
select CRYPTO_ECHAINIV
|
2020-06-10 09:14:37 -07:00
|
|
|
select CRYPTO_GCM
|
|
|
|
select CRYPTO_HMAC
|
2020-06-10 09:14:36 -07:00
|
|
|
select CRYPTO_SEQIV
|
2020-06-10 09:14:37 -07:00
|
|
|
select CRYPTO_SHA256
|
2020-06-10 09:14:35 -07:00
|
|
|
|
2008-07-25 02:54:40 -07:00
|
|
|
config XFRM_IPCOMP
|
|
|
|
tristate
|
2012-05-14 18:57:44 -07:00
|
|
|
select XFRM_ALGO
|
2008-07-25 02:54:40 -07:00
|
|
|
select CRYPTO
|
|
|
|
select CRYPTO_DEFLATE
|
|
|
|
|
2005-07-11 21:13:56 -07:00
|
|
|
config NET_KEY
|
|
|
|
tristate "PF_KEY sockets"
|
2012-05-14 18:57:44 -07:00
|
|
|
select XFRM_ALGO
|
2020-06-13 09:50:22 -07:00
|
|
|
help
|
2005-07-11 21:13:56 -07:00
|
|
|
PF_KEYv2 socket family, compatible to KAME ones.
|
|
|
|
They are required if you are going to use IPsec tools ported
|
|
|
|
from KAME.
|
|
|
|
|
|
|
|
Say Y unless you know what you are doing.
|
|
|
|
|
2007-02-08 14:15:05 -07:00
|
|
|
config NET_KEY_MIGRATE
|
2012-10-02 11:20:07 -07:00
|
|
|
bool "PF_KEY MIGRATE"
|
|
|
|
depends on NET_KEY
|
2007-02-08 14:15:05 -07:00
|
|
|
select XFRM_MIGRATE
|
2020-06-13 09:50:22 -07:00
|
|
|
help
|
2007-02-08 14:15:05 -07:00
|
|
|
Add a PF_KEY MIGRATE message to PF_KEYv2 socket family.
|
|
|
|
The PF_KEY MIGRATE message is used to dynamically update
|
|
|
|
locator(s) of a given IPsec security association.
|
|
|
|
This feature is required, for instance, in a Mobile IPv6
|
|
|
|
environment with IPsec configuration where mobile nodes
|
|
|
|
change their attachment point to the Internet. Detail
|
|
|
|
information can be found in the internet-draft
|
|
|
|
<draft-sugimoto-mip6-pfkey-migrate>.
|
|
|
|
|
|
|
|
If unsure, say N.
|
2019-04-12 01:14:46 -07:00
|
|
|
|
2020-04-27 08:59:35 -07:00
|
|
|
config XFRM_ESPINTCP
|
|
|
|
bool
|
|
|
|
|
2019-04-12 01:14:46 -07:00
|
|
|
endif # INET
|