diff options
author | Steffen Klassert <steffen.klassert@secunet.com> | 2018-06-12 14:07:12 +0200 |
---|---|---|
committer | Steffen Klassert <steffen.klassert@secunet.com> | 2018-06-23 16:07:25 +0200 |
commit | f203b76d78092faf248db3f851840fbecf80b40e (patch) | |
tree | 108d48fe7d28b6096f1bc209bc497c36406c12f5 /net/xfrm/Kconfig | |
parent | xfrm: Add a new lookup key to match xfrm interfaces. (diff) | |
download | linux-f203b76d78092faf248db3f851840fbecf80b40e.tar.xz linux-f203b76d78092faf248db3f851840fbecf80b40e.zip |
xfrm: Add virtual xfrm interfaces
This patch adds support for virtual xfrm interfaces.
Packets that are routed through such an interface
are guaranteed to be IPsec transformed or dropped.
It is a generic virtual interface that ensures IPsec
transformation, no need to know what happens behind
the interface. This means that we can tunnel IPv4 and
IPv6 through the same interface and support all xfrm
modes (tunnel, transport and beet) on it.
Co-developed-by: Lorenzo Colitti <lorenzo@google.com>
Co-developed-by: Benedict Wong <benedictwong@google.com>
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: Benedict Wong <benedictwong@google.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Shannon Nelson <shannon.nelson@oracle.com>
Tested-by: Benedict Wong <benedictwong@google.com>
Tested-by: Antony Antony <antony@phenome.org>
Reviewed-by: Eyal Birger <eyal.birger@gmail.com>
Diffstat (limited to 'net/xfrm/Kconfig')
-rw-r--r-- | net/xfrm/Kconfig | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/net/xfrm/Kconfig b/net/xfrm/Kconfig index 286ed25c1a69..53381888a7b3 100644 --- a/net/xfrm/Kconfig +++ b/net/xfrm/Kconfig @@ -25,6 +25,14 @@ config XFRM_USER If unsure, say Y. +config XFRM_INTERFACE + tristate "Transformation virtual interface" + depends on XFRM && IPV6 + ---help--- + This provides a virtual interface to route IPsec traffic. + + If unsure, say N. + config XFRM_SUB_POLICY bool "Transformation sub policy support" depends on XFRM |