^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) # SPDX-License-Identifier: GPL-2.0-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) #
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) # XFRM configuration
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) #
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) config XFRM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) bool
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) depends on INET
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) select GRO_CELLS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) select SKB_EXTENSIONS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) config XFRM_OFFLOAD
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) bool
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) config XFRM_ALGO
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) tristate
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) select XFRM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) select CRYPTO
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) select CRYPTO_HASH
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) select CRYPTO_SKCIPHER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) if INET
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) config XFRM_USER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) tristate "Transformation user configuration interface"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) select XFRM_ALGO
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) Support for Transformation(XFRM) user configuration interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) like IPsec used by native Linux tools.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) If unsure, say Y.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) config XFRM_USER_COMPAT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) tristate "Compatible ABI support"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) depends on XFRM_USER && COMPAT_FOR_U64_ALIGNMENT && \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) HAVE_EFFICIENT_UNALIGNED_ACCESS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) select WANT_COMPAT_NETLINK_MESSAGES
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) Transformation(XFRM) user configuration interface like IPsec
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) used by compatible Linux applications.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) If unsure, say N.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) config XFRM_INTERFACE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) tristate "Transformation virtual interface"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) depends on XFRM && IPV6
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) This provides a virtual interface to route IPsec traffic.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) If unsure, say N.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) config XFRM_SUB_POLICY
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) bool "Transformation sub policy support"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) depends on XFRM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) Support sub policy for developers. By using sub policy with main
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) one, two policies can be applied to the same packet at once.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) Policy which lives shorter time in kernel should be a sub.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) If unsure, say N.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) config XFRM_MIGRATE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) bool "Transformation migrate database"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) depends on XFRM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) A feature to update locator(s) of a given IPsec security
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) association dynamically. This feature is required, for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) instance, in a Mobile IPv6 environment with IPsec configuration
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) where mobile nodes change their attachment point to the Internet.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) If unsure, say N.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) config XFRM_STATISTICS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) bool "Transformation statistics"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) depends on XFRM && PROC_FS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) This statistics is not a SNMP/MIB specification but shows
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) statistics about transformation error (or almost error) factor
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) at packet processing for developer.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) If unsure, say N.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) # This option selects XFRM_ALGO along with the AH authentication algorithms that
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) # RFC 8221 lists as MUST be implemented.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) config XFRM_AH
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) tristate
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) select XFRM_ALGO
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) select CRYPTO
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) select CRYPTO_HMAC
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) select CRYPTO_SHA256
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) # This option selects XFRM_ALGO along with the ESP encryption and authentication
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) # algorithms that RFC 8221 lists as MUST be implemented.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) config XFRM_ESP
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) tristate
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) select XFRM_ALGO
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) select CRYPTO
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) select CRYPTO_AES
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) select CRYPTO_AUTHENC
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) select CRYPTO_CBC
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) select CRYPTO_ECHAINIV
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) select CRYPTO_GCM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) select CRYPTO_HMAC
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) select CRYPTO_SEQIV
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) select CRYPTO_SHA256
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) config XFRM_IPCOMP
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) tristate
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) select XFRM_ALGO
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) select CRYPTO
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) select CRYPTO_DEFLATE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) config NET_KEY
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) tristate "PF_KEY sockets"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) select XFRM_ALGO
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) PF_KEYv2 socket family, compatible to KAME ones.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) They are required if you are going to use IPsec tools ported
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) from KAME.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) Say Y unless you know what you are doing.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) config NET_KEY_MIGRATE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) bool "PF_KEY MIGRATE"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) depends on NET_KEY
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) select XFRM_MIGRATE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) Add a PF_KEY MIGRATE message to PF_KEYv2 socket family.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) The PF_KEY MIGRATE message is used to dynamically update
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) locator(s) of a given IPsec security association.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) This feature is required, for instance, in a Mobile IPv6
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) environment with IPsec configuration where mobile nodes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) change their attachment point to the Internet. Detail
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) information can be found in the internet-draft
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) <draft-sugimoto-mip6-pfkey-migrate>.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) If unsure, say N.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) config XFRM_ESPINTCP
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) bool
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) endif # INET
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags