XFRM

XFRM is the Linux kernel's IPsec transformation framework. It provides the internal data structures and processing needed to implement IPsec features such as authentication header (AH) and encapsulating security payload (ESP) for both IPv4 and IPv6. It supports transport and tunnel modes and serves as the integration layer between policy management and security associations in the kernel.

The framework revolves around two core objects: the Security Policy Database (SPD) and the Security Association

At runtime, the kernel consults the SPD to decide whether to apply IPsec; if applicable, it selects

XFRM is a central component of the Linux IPsec stack and underpins VPN technologies and secure tunnels.

See also: IPsec, PF_KEY, NETLINK_XFRM.