Blame view
net/xfrm/Kconfig
3.38 KB
ec8f24b7f treewide: Add SPD... |
1 |
# SPDX-License-Identifier: GPL-2.0-only |
1da177e4c Linux-2.6.12-rc2 |
2 3 4 |
# # XFRM configuration # |
6a2e9b738 [NET]: move confi... |
5 |
config XFRM |
43da14110 net: Fix Kconfig ... |
6 7 8 9 |
bool depends on INET select GRO_CELLS select SKB_EXTENSIONS |
6a2e9b738 [NET]: move confi... |
10 |
|
25393d3fc net: Prepare gro ... |
11 |
config XFRM_OFFLOAD |
43da14110 net: Fix Kconfig ... |
12 |
bool |
25393d3fc net: Prepare gro ... |
13 |
|
7e1525249 xfrm: make xfrm_a... |
14 15 16 17 |
config XFRM_ALGO tristate select XFRM select CRYPTO |
597179b0b ipsec: select cry... |
18 |
select CRYPTO_HASH |
b95bba5d0 crypto: skcipher ... |
19 |
select CRYPTO_SKCIPHER |
7e1525249 xfrm: make xfrm_a... |
20 |
|
e54d15276 xfrm: kconfig: ma... |
21 |
if INET |
1da177e4c Linux-2.6.12-rc2 |
22 |
config XFRM_USER |
654b32c6a [XFRM]: Fix messa... |
23 |
tristate "Transformation user configuration interface" |
7e1525249 xfrm: make xfrm_a... |
24 |
select XFRM_ALGO |
a7f7f6248 treewide: replace... |
25 |
help |
654b32c6a [XFRM]: Fix messa... |
26 27 |
Support for Transformation(XFRM) user configuration interface like IPsec used by native Linux tools. |
1da177e4c Linux-2.6.12-rc2 |
28 29 |
If unsure, say Y. |
c9e7c76d7 xfrm: Provide API... |
30 31 |
config XFRM_USER_COMPAT tristate "Compatible ABI support" |
5106f4a8a xfrm/compat: Add ... |
32 33 |
depends on XFRM_USER && COMPAT_FOR_U64_ALIGNMENT && \ HAVE_EFFICIENT_UNALIGNED_ACCESS |
c9e7c76d7 xfrm: Provide API... |
34 35 36 37 38 39 |
select WANT_COMPAT_NETLINK_MESSAGES help Transformation(XFRM) user configuration interface like IPsec used by compatible Linux applications. If unsure, say N. |
f203b76d7 xfrm: Add virtual... |
40 41 42 |
config XFRM_INTERFACE tristate "Transformation virtual interface" depends on XFRM && IPV6 |
a7f7f6248 treewide: replace... |
43 |
help |
f203b76d7 xfrm: Add virtual... |
44 45 46 |
This provides a virtual interface to route IPsec traffic. If unsure, say N. |
c11f1a15c [XFRM] POLICY: Ad... |
47 |
config XFRM_SUB_POLICY |
f215bf48c net/xfrm: remove ... |
48 49 |
bool "Transformation sub policy support" depends on XFRM |
a7f7f6248 treewide: replace... |
50 |
help |
c11f1a15c [XFRM] POLICY: Ad... |
51 52 53 54 55 |
Support sub policy for developers. By using sub policy with main one, two policies can be applied to the same packet at once. Policy which lives shorter time in kernel should be a sub. If unsure, say N. |
d0473655c [XFRM]: CONFIG_XF... |
56 |
config XFRM_MIGRATE |
f215bf48c net/xfrm: remove ... |
57 58 |
bool "Transformation migrate database" depends on XFRM |
a7f7f6248 treewide: replace... |
59 |
help |
d0473655c [XFRM]: CONFIG_XF... |
60 61 62 63 64 65 |
A feature to update locator(s) of a given IPsec security association dynamically. This feature is required, for instance, in a Mobile IPv6 environment with IPsec configuration where mobile nodes change their attachment point to the Internet. If unsure, say N. |
8ea843495 [XFRM]: Add packe... |
66 |
config XFRM_STATISTICS |
f215bf48c net/xfrm: remove ... |
67 |
bool "Transformation statistics" |
e54d15276 xfrm: kconfig: ma... |
68 |
depends on XFRM && PROC_FS |
a7f7f6248 treewide: replace... |
69 |
help |
8ea843495 [XFRM]: Add packe... |
70 71 72 73 74 |
This statistics is not a SNMP/MIB specification but shows statistics about transformation error (or almost error) factor at packet processing for developer. If unsure, say N. |
be0136985 esp, ah: moderniz... |
75 76 |
# This option selects XFRM_ALGO along with the AH authentication algorithms that # RFC 8221 lists as MUST be implemented. |
7d4e39195 esp, ah: consolid... |
77 78 79 80 81 |
config XFRM_AH tristate select XFRM_ALGO select CRYPTO select CRYPTO_HMAC |
be0136985 esp, ah: moderniz... |
82 |
select CRYPTO_SHA256 |
7d4e39195 esp, ah: consolid... |
83 |
|
be0136985 esp, ah: moderniz... |
84 85 |
# This option selects XFRM_ALGO along with the ESP encryption and authentication # algorithms that RFC 8221 lists as MUST be implemented. |
7d4e39195 esp, ah: consolid... |
86 87 88 89 |
config XFRM_ESP tristate select XFRM_ALGO select CRYPTO |
be0136985 esp, ah: moderniz... |
90 |
select CRYPTO_AES |
7d4e39195 esp, ah: consolid... |
91 |
select CRYPTO_AUTHENC |
7d4e39195 esp, ah: consolid... |
92 |
select CRYPTO_CBC |
7d4e39195 esp, ah: consolid... |
93 |
select CRYPTO_ECHAINIV |
be0136985 esp, ah: moderniz... |
94 95 |
select CRYPTO_GCM select CRYPTO_HMAC |
37ea0f18f esp: select CRYPT... |
96 |
select CRYPTO_SEQIV |
be0136985 esp, ah: moderniz... |
97 |
select CRYPTO_SHA256 |
7d4e39195 esp, ah: consolid... |
98 |
|
6fccab671 ipsec: ipcomp - M... |
99 100 |
config XFRM_IPCOMP tristate |
7e1525249 xfrm: make xfrm_a... |
101 |
select XFRM_ALGO |
6fccab671 ipsec: ipcomp - M... |
102 103 |
select CRYPTO select CRYPTO_DEFLATE |
6a2e9b738 [NET]: move confi... |
104 105 |
config NET_KEY tristate "PF_KEY sockets" |
7e1525249 xfrm: make xfrm_a... |
106 |
select XFRM_ALGO |
a7f7f6248 treewide: replace... |
107 |
help |
6a2e9b738 [NET]: move confi... |
108 109 110 111 112 |
PF_KEYv2 socket family, compatible to KAME ones. They are required if you are going to use IPsec tools ported from KAME. Say Y unless you know what you are doing. |
f6ed0ec0e [PFKEYV2]: CONFIG... |
113 |
config NET_KEY_MIGRATE |
f215bf48c net/xfrm: remove ... |
114 115 |
bool "PF_KEY MIGRATE" depends on NET_KEY |
f6ed0ec0e [PFKEYV2]: CONFIG... |
116 |
select XFRM_MIGRATE |
a7f7f6248 treewide: replace... |
117 |
help |
f6ed0ec0e [PFKEYV2]: CONFIG... |
118 119 120 121 122 123 124 125 126 127 |
Add a PF_KEY MIGRATE message to PF_KEYv2 socket family. The PF_KEY MIGRATE message is used to dynamically update locator(s) of a given IPsec security association. This feature is required, for instance, in a Mobile IPv6 environment with IPsec configuration where mobile nodes change their attachment point to the Internet. Detail information can be found in the internet-draft <draft-sugimoto-mip6-pfkey-migrate>. If unsure, say N. |
e54d15276 xfrm: kconfig: ma... |
128 |
|
26333c37f xfrm: add IPv6 su... |
129 130 |
config XFRM_ESPINTCP bool |
e54d15276 xfrm: kconfig: ma... |
131 |
endif # INET |