Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | # |
2 | # XFRM configuration | |
3 | # | |
6a2e9b73 SR |
4 | config XFRM |
5 | bool | |
6 | depends on NET | |
7 | ||
1da177e4 | 8 | config XFRM_USER |
654b32c6 | 9 | tristate "Transformation user configuration interface" |
1da177e4 LT |
10 | depends on INET && XFRM |
11 | ---help--- | |
654b32c6 MN |
12 | Support for Transformation(XFRM) user configuration interface |
13 | like IPsec used by native Linux tools. | |
1da177e4 LT |
14 | |
15 | If unsure, say Y. | |
16 | ||
c11f1a15 MN |
17 | config XFRM_SUB_POLICY |
18 | bool "Transformation sub policy support (EXPERIMENTAL)" | |
19 | depends on XFRM && EXPERIMENTAL | |
20 | ---help--- | |
21 | Support sub policy for developers. By using sub policy with main | |
22 | one, two policies can be applied to the same packet at once. | |
23 | Policy which lives shorter time in kernel should be a sub. | |
24 | ||
25 | If unsure, say N. | |
26 | ||
d0473655 SS |
27 | config XFRM_MIGRATE |
28 | bool "Transformation migrate database (EXPERIMENTAL)" | |
29 | depends on XFRM && EXPERIMENTAL | |
30 | ---help--- | |
31 | A feature to update locator(s) of a given IPsec security | |
32 | association dynamically. This feature is required, for | |
33 | instance, in a Mobile IPv6 environment with IPsec configuration | |
34 | where mobile nodes change their attachment point to the Internet. | |
35 | ||
36 | If unsure, say N. | |
37 | ||
8ea84349 MN |
38 | config XFRM_STATISTICS |
39 | bool "Transformation statistics (EXPERIMENTAL)" | |
40 | depends on XFRM && PROC_FS && EXPERIMENTAL | |
41 | ---help--- | |
42 | This statistics is not a SNMP/MIB specification but shows | |
43 | statistics about transformation error (or almost error) factor | |
44 | at packet processing for developer. | |
45 | ||
46 | If unsure, say N. | |
47 | ||
6a2e9b73 SR |
48 | config NET_KEY |
49 | tristate "PF_KEY sockets" | |
50 | select XFRM | |
51 | ---help--- | |
52 | PF_KEYv2 socket family, compatible to KAME ones. | |
53 | They are required if you are going to use IPsec tools ported | |
54 | from KAME. | |
55 | ||
56 | Say Y unless you know what you are doing. | |
57 | ||
f6ed0ec0 SS |
58 | config NET_KEY_MIGRATE |
59 | bool "PF_KEY MIGRATE (EXPERIMENTAL)" | |
60 | depends on NET_KEY && EXPERIMENTAL | |
61 | select XFRM_MIGRATE | |
62 | ---help--- | |
63 | Add a PF_KEY MIGRATE message to PF_KEYv2 socket family. | |
64 | The PF_KEY MIGRATE message is used to dynamically update | |
65 | locator(s) of a given IPsec security association. | |
66 | This feature is required, for instance, in a Mobile IPv6 | |
67 | environment with IPsec configuration where mobile nodes | |
68 | change their attachment point to the Internet. Detail | |
69 | information can be found in the internet-draft | |
70 | <draft-sugimoto-mip6-pfkey-migrate>. | |
71 | ||
72 | If unsure, say N. | |
6a2e9b73 | 73 |