diff options
| author | Sabrina Dubroca <sd@queasysnail.net> | 2019-11-25 14:49:02 +0100 |
|---|---|---|
| committer | Steffen Klassert <steffen.klassert@secunet.com> | 2019-12-09 09:59:07 +0100 |
| commit | e27cca96cd68fa2c6814c90f9a1cfd36bb68c593 (patch) | |
| tree | c5d84ce22c0cdd452fea7478ca8d63b37188b6b6 /net/ipv4/Kconfig | |
| parent | eecd227a9a3479038ba2a2f579b3ce9edb364b80 (diff) | |
| download | linux-e27cca96cd68fa2c6814c90f9a1cfd36bb68c593.tar.gz | |
xfrm: add espintcp (RFC 8229)
TCP encapsulation of IKE and IPsec messages (RFC 8229) is implemented as a TCP ULP, overriding in particular the sendmsg and recvmsg operations. A Stream Parser is used to extract messages out of the TCP stream using the first 2 bytes as length marker. Received IKE messages are put on "ike_queue", waiting to be dequeued by the custom recvmsg implementation. Received ESP messages are sent to XFRM, like with UDP encapsulation. Some of this code is taken from the original submission by Herbert Xu. Currently, only IPv4 is supported, like for UDP encapsulation. Co-developed-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/ipv4/Kconfig')
| -rw-r--r-- | net/ipv4/Kconfig | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig index fc816b187170..f96bd489b362 100644 --- a/net/ipv4/Kconfig +++ b/net/ipv4/Kconfig @@ -378,6 +378,17 @@ config INET_ESP_OFFLOAD If unsure, say N. +config INET_ESPINTCP + bool "IP: ESP in TCP encapsulation (RFC 8229)" + depends on XFRM && INET_ESP + select STREAM_PARSER + select NET_SOCK_MSG + help + Support for RFC 8229 encapsulation of ESP and IKE over + TCP/IPv4 sockets. + + If unsure, say N. + config INET_IPCOMP tristate "IP: IPComp transformation" select INET_XFRM_TUNNEL |