[linux-2.6-block.git] / net / xfrm / Kconfig

#
# XFRM configuration
#
config XFRM
       bool
       depends on NET

config XFRM_USER
	tristate "Transformation user configuration interface"
	depends on INET && XFRM
	---help---
	  Support for Transformation(XFRM) user configuration interface
	  like IPsec used by native Linux tools.

	  If unsure, say Y.

config XFRM_SUB_POLICY
	bool "Transformation sub policy support (EXPERIMENTAL)"
	depends on XFRM && EXPERIMENTAL
	---help---
	  Support sub policy for developers. By using sub policy with main
	  one, two policies can be applied to the same packet at once.
	  Policy which lives shorter time in kernel should be a sub.

	  If unsure, say N.

config XFRM_MIGRATE
	bool "Transformation migrate database (EXPERIMENTAL)"
	depends on XFRM && EXPERIMENTAL
	---help---
	  A feature to update locator(s) of a given IPsec security
	  association dynamically.  This feature is required, for
	  instance, in a Mobile IPv6 environment with IPsec configuration
	  where mobile nodes change their attachment point to the Internet.

	  If unsure, say N.

config XFRM_STATISTICS
	bool "Transformation statistics (EXPERIMENTAL)"
	depends on XFRM && PROC_FS && EXPERIMENTAL
	---help---
	  This statistics is not a SNMP/MIB specification but shows
	  statistics about transformation error (or almost error) factor
	  at packet processing for developer.

	  If unsure, say N.

config NET_KEY
	tristate "PF_KEY sockets"
	select XFRM
	---help---
	  PF_KEYv2 socket family, compatible to KAME ones.
	  They are required if you are going to use IPsec tools ported
	  from KAME.

	  Say Y unless you know what you are doing.

config NET_KEY_MIGRATE
	bool "PF_KEY MIGRATE (EXPERIMENTAL)"
	depends on NET_KEY && EXPERIMENTAL
	select XFRM_MIGRATE
	---help---
	  Add a PF_KEY MIGRATE message to PF_KEYv2 socket family.
	  The PF_KEY MIGRATE message is used to dynamically update
	  locator(s) of a given IPsec security association.
	  This feature is required, for instance, in a Mobile IPv6
	  environment with IPsec configuration where mobile nodes
	  change their attachment point to the Internet.  Detail
	  information can be found in the internet-draft
	  <draft-sugimoto-mip6-pfkey-migrate>.

	  If unsure, say N.
Commit	Line	Data
1da177e4 LT	1	#
	2	# XFRM configuration
	3	#
6a2e9b73 SR	4	config XFRM
	5	bool
	6	depends on NET
	7
1da177e4	8	config XFRM_USER
654b32c6	9	tristate "Transformation user configuration interface"
1da177e4 LT	10	depends on INET && XFRM
1da177e4 LT	11	---help---
654b32c6 MN	12	Support for Transformation(XFRM) user configuration interface
654b32c6 MN	13	like IPsec used by native Linux tools.
1da177e4 LT	14
	15	If unsure, say Y.
	16
c11f1a15 MN	17	config XFRM_SUB_POLICY
	18	bool "Transformation sub policy support (EXPERIMENTAL)"
	19	depends on XFRM && EXPERIMENTAL
	20	---help---
	21	Support sub policy for developers. By using sub policy with main
	22	one, two policies can be applied to the same packet at once.
	23	Policy which lives shorter time in kernel should be a sub.
	24
	25	If unsure, say N.
	26
d0473655 SS	27	config XFRM_MIGRATE
	28	bool "Transformation migrate database (EXPERIMENTAL)"
	29	depends on XFRM && EXPERIMENTAL
	30	---help---
	31	A feature to update locator(s) of a given IPsec security
	32	association dynamically. This feature is required, for
	33	instance, in a Mobile IPv6 environment with IPsec configuration
	34	where mobile nodes change their attachment point to the Internet.
	35
	36	If unsure, say N.
	37
8ea84349 MN	38	config XFRM_STATISTICS
	39	bool "Transformation statistics (EXPERIMENTAL)"
	40	depends on XFRM && PROC_FS && EXPERIMENTAL
	41	---help---
	42	This statistics is not a SNMP/MIB specification but shows
	43	statistics about transformation error (or almost error) factor
	44	at packet processing for developer.
	45
	46	If unsure, say N.
	47
6a2e9b73 SR	48	config NET_KEY
	49	tristate "PF_KEY sockets"
	50	select XFRM
	51	---help---
	52	PF_KEYv2 socket family, compatible to KAME ones.
	53	They are required if you are going to use IPsec tools ported
	54	from KAME.
	55
	56	Say Y unless you know what you are doing.
	57
f6ed0ec0 SS	58	config NET_KEY_MIGRATE
	59	bool "PF_KEY MIGRATE (EXPERIMENTAL)"
	60	depends on NET_KEY && EXPERIMENTAL
	61	select XFRM_MIGRATE
	62	---help---
	63	Add a PF_KEY MIGRATE message to PF_KEYv2 socket family.
	64	The PF_KEY MIGRATE message is used to dynamically update
	65	locator(s) of a given IPsec security association.
	66	This feature is required, for instance, in a Mobile IPv6
	67	environment with IPsec configuration where mobile nodes
	68	change their attachment point to the Internet. Detail
	69	information can be found in the internet-draft
	70	<draft-sugimoto-mip6-pfkey-migrate>.
	71
	72	If unsure, say N.
6a2e9b73	73