162306a36Sopenharmony_ci# SPDX-License-Identifier: GPL-2.0-only 262306a36Sopenharmony_ci# 362306a36Sopenharmony_ci# XFRM configuration 462306a36Sopenharmony_ci# 562306a36Sopenharmony_ciconfig XFRM 662306a36Sopenharmony_ci bool 762306a36Sopenharmony_ci depends on INET 862306a36Sopenharmony_ci select GRO_CELLS 962306a36Sopenharmony_ci select SKB_EXTENSIONS 1062306a36Sopenharmony_ci 1162306a36Sopenharmony_ciconfig XFRM_OFFLOAD 1262306a36Sopenharmony_ci bool 1362306a36Sopenharmony_ci 1462306a36Sopenharmony_ciconfig XFRM_ALGO 1562306a36Sopenharmony_ci tristate 1662306a36Sopenharmony_ci select XFRM 1762306a36Sopenharmony_ci select CRYPTO 1862306a36Sopenharmony_ci select CRYPTO_HASH 1962306a36Sopenharmony_ci select CRYPTO_SKCIPHER 2062306a36Sopenharmony_ci 2162306a36Sopenharmony_ciif INET 2262306a36Sopenharmony_ciconfig XFRM_USER 2362306a36Sopenharmony_ci tristate "Transformation user configuration interface" 2462306a36Sopenharmony_ci select XFRM_ALGO 2562306a36Sopenharmony_ci help 2662306a36Sopenharmony_ci Support for Transformation(XFRM) user configuration interface 2762306a36Sopenharmony_ci like IPsec used by native Linux tools. 2862306a36Sopenharmony_ci 2962306a36Sopenharmony_ci If unsure, say Y. 3062306a36Sopenharmony_ci 3162306a36Sopenharmony_ciconfig XFRM_USER_COMPAT 3262306a36Sopenharmony_ci tristate "Compatible ABI support" 3362306a36Sopenharmony_ci depends on XFRM_USER && COMPAT_FOR_U64_ALIGNMENT && \ 3462306a36Sopenharmony_ci HAVE_EFFICIENT_UNALIGNED_ACCESS 3562306a36Sopenharmony_ci select WANT_COMPAT_NETLINK_MESSAGES 3662306a36Sopenharmony_ci help 3762306a36Sopenharmony_ci Transformation(XFRM) user configuration interface like IPsec 3862306a36Sopenharmony_ci used by compatible Linux applications. 3962306a36Sopenharmony_ci 4062306a36Sopenharmony_ci If unsure, say N. 4162306a36Sopenharmony_ci 4262306a36Sopenharmony_ciconfig XFRM_INTERFACE 4362306a36Sopenharmony_ci tristate "Transformation virtual interface" 4462306a36Sopenharmony_ci depends on XFRM && IPV6 4562306a36Sopenharmony_ci help 4662306a36Sopenharmony_ci This provides a virtual interface to route IPsec traffic. 4762306a36Sopenharmony_ci 4862306a36Sopenharmony_ci If unsure, say N. 4962306a36Sopenharmony_ci 5062306a36Sopenharmony_ciconfig XFRM_SUB_POLICY 5162306a36Sopenharmony_ci bool "Transformation sub policy support" 5262306a36Sopenharmony_ci depends on XFRM 5362306a36Sopenharmony_ci help 5462306a36Sopenharmony_ci Support sub policy for developers. By using sub policy with main 5562306a36Sopenharmony_ci one, two policies can be applied to the same packet at once. 5662306a36Sopenharmony_ci Policy which lives shorter time in kernel should be a sub. 5762306a36Sopenharmony_ci 5862306a36Sopenharmony_ci If unsure, say N. 5962306a36Sopenharmony_ci 6062306a36Sopenharmony_ciconfig XFRM_MIGRATE 6162306a36Sopenharmony_ci bool "Transformation migrate database" 6262306a36Sopenharmony_ci depends on XFRM 6362306a36Sopenharmony_ci help 6462306a36Sopenharmony_ci A feature to update locator(s) of a given IPsec security 6562306a36Sopenharmony_ci association dynamically. This feature is required, for 6662306a36Sopenharmony_ci instance, in a Mobile IPv6 environment with IPsec configuration 6762306a36Sopenharmony_ci where mobile nodes change their attachment point to the Internet. 6862306a36Sopenharmony_ci 6962306a36Sopenharmony_ci If unsure, say N. 7062306a36Sopenharmony_ci 7162306a36Sopenharmony_ciconfig XFRM_STATISTICS 7262306a36Sopenharmony_ci bool "Transformation statistics" 7362306a36Sopenharmony_ci depends on XFRM && PROC_FS 7462306a36Sopenharmony_ci help 7562306a36Sopenharmony_ci This statistics is not a SNMP/MIB specification but shows 7662306a36Sopenharmony_ci statistics about transformation error (or almost error) factor 7762306a36Sopenharmony_ci at packet processing for developer. 7862306a36Sopenharmony_ci 7962306a36Sopenharmony_ci If unsure, say N. 8062306a36Sopenharmony_ci 8162306a36Sopenharmony_ci# This option selects XFRM_ALGO along with the AH authentication algorithms that 8262306a36Sopenharmony_ci# RFC 8221 lists as MUST be implemented. 8362306a36Sopenharmony_ciconfig XFRM_AH 8462306a36Sopenharmony_ci tristate 8562306a36Sopenharmony_ci select XFRM_ALGO 8662306a36Sopenharmony_ci select CRYPTO 8762306a36Sopenharmony_ci select CRYPTO_HMAC 8862306a36Sopenharmony_ci select CRYPTO_SHA256 8962306a36Sopenharmony_ci 9062306a36Sopenharmony_ci# This option selects XFRM_ALGO along with the ESP encryption and authentication 9162306a36Sopenharmony_ci# algorithms that RFC 8221 lists as MUST be implemented. 9262306a36Sopenharmony_ciconfig XFRM_ESP 9362306a36Sopenharmony_ci tristate 9462306a36Sopenharmony_ci select XFRM_ALGO 9562306a36Sopenharmony_ci select CRYPTO 9662306a36Sopenharmony_ci select CRYPTO_AES 9762306a36Sopenharmony_ci select CRYPTO_AUTHENC 9862306a36Sopenharmony_ci select CRYPTO_CBC 9962306a36Sopenharmony_ci select CRYPTO_ECHAINIV 10062306a36Sopenharmony_ci select CRYPTO_GCM 10162306a36Sopenharmony_ci select CRYPTO_HMAC 10262306a36Sopenharmony_ci select CRYPTO_SEQIV 10362306a36Sopenharmony_ci select CRYPTO_SHA256 10462306a36Sopenharmony_ci 10562306a36Sopenharmony_ciconfig XFRM_IPCOMP 10662306a36Sopenharmony_ci tristate 10762306a36Sopenharmony_ci select XFRM_ALGO 10862306a36Sopenharmony_ci select CRYPTO 10962306a36Sopenharmony_ci select CRYPTO_DEFLATE 11062306a36Sopenharmony_ci 11162306a36Sopenharmony_ciconfig NET_KEY 11262306a36Sopenharmony_ci tristate "PF_KEY sockets" 11362306a36Sopenharmony_ci select XFRM_ALGO 11462306a36Sopenharmony_ci help 11562306a36Sopenharmony_ci PF_KEYv2 socket family, compatible to KAME ones. 11662306a36Sopenharmony_ci They are required if you are going to use IPsec tools ported 11762306a36Sopenharmony_ci from KAME. 11862306a36Sopenharmony_ci 11962306a36Sopenharmony_ci Say Y unless you know what you are doing. 12062306a36Sopenharmony_ci 12162306a36Sopenharmony_ciconfig NET_KEY_MIGRATE 12262306a36Sopenharmony_ci bool "PF_KEY MIGRATE" 12362306a36Sopenharmony_ci depends on NET_KEY 12462306a36Sopenharmony_ci select XFRM_MIGRATE 12562306a36Sopenharmony_ci help 12662306a36Sopenharmony_ci Add a PF_KEY MIGRATE message to PF_KEYv2 socket family. 12762306a36Sopenharmony_ci The PF_KEY MIGRATE message is used to dynamically update 12862306a36Sopenharmony_ci locator(s) of a given IPsec security association. 12962306a36Sopenharmony_ci This feature is required, for instance, in a Mobile IPv6 13062306a36Sopenharmony_ci environment with IPsec configuration where mobile nodes 13162306a36Sopenharmony_ci change their attachment point to the Internet. Detail 13262306a36Sopenharmony_ci information can be found in the internet-draft 13362306a36Sopenharmony_ci <draft-sugimoto-mip6-pfkey-migrate>. 13462306a36Sopenharmony_ci 13562306a36Sopenharmony_ci If unsure, say N. 13662306a36Sopenharmony_ci 13762306a36Sopenharmony_ciconfig XFRM_ESPINTCP 13862306a36Sopenharmony_ci bool 13962306a36Sopenharmony_ci 14062306a36Sopenharmony_ciendif # INET 141