The pfkey user configuration interface was replaced by the netlink
user configuration interface more than a decade ago. In between
all maintained IKE implementations moved to the netlink interface.
So let config NET_KEY default to no in Kconfig. The pfkey code
will be removed in a second step.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Acked-by: Antony Antony <antony.antony@secunet.com>
Acked-by: Tobias Brunner <tobias@strongswan.org>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Tuomo Soini <tis@foobar.fi>
Acked-by: Paul Wouters <paul@nohats.ca>
{
int err = proto_register(&key_proto, 0);
+ pr_warn_once("PFKEY is deprecated and scheduled to be removed in 2027, "
+ "please contact the netdev mailing list\n");
if (err != 0)
goto out;
select CRYPTO_DEFLATE
config NET_KEY
- tristate "PF_KEY sockets"
+ tristate "PF_KEY sockets (deprecated)"
select XFRM_ALGO
help
PF_KEYv2 socket family, compatible to KAME ones.
- They are required if you are going to use IPsec tools ported
- from KAME.
- Say Y unless you know what you are doing.
+ The PF_KEYv2 socket interface is deprecated and
+ scheduled for removal. All maintained IKE daemons
+ no longer need PF_KEY sockets. Please use the netlink
+ interface (XFRM_USER) to configure IPsec.
+
+ If unsure, say N.
config NET_KEY_MIGRATE
bool "PF_KEY MIGRATE"
projects / thirdparty / kernel / linux.git / commitdiff
