1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
# SPDX-License-Identifier: GPL-2.0-only
#
# XFRM configuration
#
config XFRM
bool
depends on INET
select GRO_CELLS
select SKB_EXTENSIONS
config XFRM_OFFLOAD
bool
config XFRM_ALGO
tristate
select XFRM
select CRYPTO
select CRYPTO_HASH
select CRYPTO_SKCIPHER
if INET
config XFRM_USER
tristate "Transformation user configuration interface"
select XFRM_ALGO
help
Support for Transformation(XFRM) user configuration interface
like IPsec used by native Linux tools.
If unsure, say Y.
config XFRM_INTERFACE
tristate "Transformation virtual interface"
depends on XFRM && IPV6
help
This provides a virtual interface to route IPsec traffic.
If unsure, say N.
config XFRM_SUB_POLICY
bool "Transformation sub policy support"
depends on XFRM
help
Support sub policy for developers. By using sub policy with main
one, two policies can be applied to the same packet at once.
Policy which lives shorter time in kernel should be a sub.
If unsure, say N.
config XFRM_MIGRATE
bool "Transformation migrate database"
depends on XFRM
help
A feature to update locator(s) of a given IPsec security
association dynamically. This feature is required, for
instance, in a Mobile IPv6 environment with IPsec configuration
where mobile nodes change their attachment point to the Internet.
If unsure, say N.
config XFRM_STATISTICS
bool "Transformation statistics"
depends on XFRM && PROC_FS
help
This statistics is not a SNMP/MIB specification but shows
statistics about transformation error (or almost error) factor
at packet processing for developer.
If unsure, say N.
# This option selects XFRM_ALGO along with the AH authentication algorithms that
# RFC 8221 lists as MUST be implemented.
config XFRM_AH
tristate
select XFRM_ALGO
select CRYPTO
select CRYPTO_HMAC
select CRYPTO_SHA256
# This option selects XFRM_ALGO along with the ESP encryption and authentication
# algorithms that RFC 8221 lists as MUST be implemented.
config XFRM_ESP
tristate
select XFRM_ALGO
select CRYPTO
select CRYPTO_AES
select CRYPTO_AUTHENC
select CRYPTO_CBC
select CRYPTO_ECHAINIV
select CRYPTO_GCM
select CRYPTO_HMAC
select CRYPTO_SEQIV
select CRYPTO_SHA256
config XFRM_IPCOMP
tristate
select XFRM_ALGO
select CRYPTO
select CRYPTO_DEFLATE
config NET_KEY
tristate "PF_KEY sockets"
select XFRM_ALGO
help
PF_KEYv2 socket family, compatible to KAME ones.
They are required if you are going to use IPsec tools ported
from KAME.
Say Y unless you know what you are doing.
config NET_KEY_MIGRATE
bool "PF_KEY MIGRATE"
depends on NET_KEY
select XFRM_MIGRATE
help
Add a PF_KEY MIGRATE message to PF_KEYv2 socket family.
The PF_KEY MIGRATE message is used to dynamically update
locator(s) of a given IPsec security association.
This feature is required, for instance, in a Mobile IPv6
environment with IPsec configuration where mobile nodes
change their attachment point to the Internet. Detail
information can be found in the internet-draft
<draft-sugimoto-mip6-pfkey-migrate>.
If unsure, say N.
config XFRM_ESPINTCP
bool
endif # INET
|