1 # SPDX-License-Identifier: GPL-2.0-only
19 select CRYPTO_SKCIPHER
23 tristate "Transformation user configuration interface"
26 Support for Transformation(XFRM) user configuration interface
27 like IPsec used by native Linux tools.
32 tristate "Transformation virtual interface"
33 depends on XFRM && IPV6
35 This provides a virtual interface to route IPsec traffic.
39 config XFRM_SUB_POLICY
40 bool "Transformation sub policy support"
43 Support sub policy for developers. By using sub policy with main
44 one, two policies can be applied to the same packet at once.
45 Policy which lives shorter time in kernel should be a sub.
50 bool "Transformation migrate database"
53 A feature to update locator(s) of a given IPsec security
54 association dynamically. This feature is required, for
55 instance, in a Mobile IPv6 environment with IPsec configuration
56 where mobile nodes change their attachment point to the Internet.
60 config XFRM_STATISTICS
61 bool "Transformation statistics"
62 depends on XFRM && PROC_FS
64 This statistics is not a SNMP/MIB specification but shows
65 statistics about transformation error (or almost error) factor
66 at packet processing for developer.
70 # This option selects XFRM_ALGO along with the AH authentication algorithms that
71 # RFC 8221 lists as MUST be implemented.
79 # This option selects XFRM_ALGO along with the ESP encryption and authentication
80 # algorithms that RFC 8221 lists as MUST be implemented.
88 select CRYPTO_ECHAINIV
101 tristate "PF_KEY sockets"
104 PF_KEYv2 socket family, compatible to KAME ones.
105 They are required if you are going to use IPsec tools ported
108 Say Y unless you know what you are doing.
110 config NET_KEY_MIGRATE
111 bool "PF_KEY MIGRATE"
115 Add a PF_KEY MIGRATE message to PF_KEYv2 socket family.
116 The PF_KEY MIGRATE message is used to dynamically update
117 locator(s) of a given IPsec security association.
118 This feature is required, for instance, in a Mobile IPv6
119 environment with IPsec configuration where mobile nodes
120 change their attachment point to the Internet. Detail
121 information can be found in the internet-draft
122 <draft-sugimoto-mip6-pfkey-migrate>.