diff options
| author | Dmitry Safonov <dima@arista.com> | 2023-10-23 21:21:54 +0200 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2023-10-27 11:35:44 +0200 |
| commit | c845f5f3590ef4669fe5464f8a42be6442cd174b (patch) | |
| tree | 214c44c94438c63ad11bb6b1c4c7442b83416dc0 /net/ipv4/Kconfig | |
| parent | net/tcp: Prepare tcp_md5sig_pool for TCP-AO (diff) | |
| download | linux-c845f5f3590ef4669fe5464f8a42be6442cd174b.tar.xz linux-c845f5f3590ef4669fe5464f8a42be6442cd174b.zip | |
net/tcp: Add TCP-AO config and structures
Introduce new kernel config option and common structures as well as
helpers to be used by TCP-AO code.
Co-developed-by: Francesco Ruggeri <fruggeri@arista.com>
Signed-off-by: Francesco Ruggeri <fruggeri@arista.com>
Co-developed-by: Salam Noureddine <noureddine@arista.com>
Signed-off-by: Salam Noureddine <noureddine@arista.com>
Signed-off-by: Dmitry Safonov <dima@arista.com>
Acked-by: David Ahern <dsahern@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to '')
| -rw-r--r-- | net/ipv4/Kconfig | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig index 89e2ab023272..8e94ed7c56a0 100644 --- a/net/ipv4/Kconfig +++ b/net/ipv4/Kconfig @@ -744,6 +744,19 @@ config DEFAULT_TCP_CONG config TCP_SIGPOOL tristate +config TCP_AO + bool "TCP: Authentication Option (RFC5925)" + select CRYPTO + select TCP_SIGPOOL + depends on 64BIT && IPV6 != m # seq-number extension needs WRITE_ONCE(u64) + help + TCP-AO specifies the use of stronger Message Authentication Codes (MACs), + protects against replays for long-lived TCP connections, and + provides more details on the association of security with TCP + connections than TCP MD5 (See RFC5925) + + If unsure, say N. + config TCP_MD5SIG bool "TCP: MD5 Signature Option support (RFC2385)" select CRYPTO |