Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | # |
2 | # XFRM configuration | |
3 | # | |
6a2e9b73 SR |
4 | config XFRM |
5 | bool | |
50dd7965 | 6 | select CRYPTO |
6a2e9b73 SR |
7 | depends on NET |
8 | ||
1da177e4 | 9 | config XFRM_USER |
654b32c6 | 10 | tristate "Transformation user configuration interface" |
1da177e4 LT |
11 | depends on INET && XFRM |
12 | ---help--- | |
654b32c6 MN |
13 | Support for Transformation(XFRM) user configuration interface |
14 | like IPsec used by native Linux tools. | |
1da177e4 LT |
15 | |
16 | If unsure, say Y. | |
17 | ||
c11f1a15 MN |
18 | config XFRM_SUB_POLICY |
19 | bool "Transformation sub policy support (EXPERIMENTAL)" | |
20 | depends on XFRM && EXPERIMENTAL | |
21 | ---help--- | |
22 | Support sub policy for developers. By using sub policy with main | |
23 | one, two policies can be applied to the same packet at once. | |
24 | Policy which lives shorter time in kernel should be a sub. | |
25 | ||
26 | If unsure, say N. | |
27 | ||
d0473655 SS |
28 | config XFRM_MIGRATE |
29 | bool "Transformation migrate database (EXPERIMENTAL)" | |
30 | depends on XFRM && EXPERIMENTAL | |
31 | ---help--- | |
32 | A feature to update locator(s) of a given IPsec security | |
33 | association dynamically. This feature is required, for | |
34 | instance, in a Mobile IPv6 environment with IPsec configuration | |
35 | where mobile nodes change their attachment point to the Internet. | |
36 | ||
37 | If unsure, say N. | |
38 | ||
8ea84349 MN |
39 | config XFRM_STATISTICS |
40 | bool "Transformation statistics (EXPERIMENTAL)" | |
0f4bda00 | 41 | depends on INET && XFRM && PROC_FS && EXPERIMENTAL |
8ea84349 MN |
42 | ---help--- |
43 | This statistics is not a SNMP/MIB specification but shows | |
44 | statistics about transformation error (or almost error) factor | |
45 | at packet processing for developer. | |
46 | ||
47 | If unsure, say N. | |
48 | ||
6fccab67 HX |
49 | config XFRM_IPCOMP |
50 | tristate | |
51 | select XFRM | |
52 | select CRYPTO | |
53 | select CRYPTO_DEFLATE | |
54 | ||
6a2e9b73 SR |
55 | config NET_KEY |
56 | tristate "PF_KEY sockets" | |
57 | select XFRM | |
58 | ---help--- | |
59 | PF_KEYv2 socket family, compatible to KAME ones. | |
60 | They are required if you are going to use IPsec tools ported | |
61 | from KAME. | |
62 | ||
63 | Say Y unless you know what you are doing. | |
64 | ||
f6ed0ec0 SS |
65 | config NET_KEY_MIGRATE |
66 | bool "PF_KEY MIGRATE (EXPERIMENTAL)" | |
67 | depends on NET_KEY && EXPERIMENTAL | |
68 | select XFRM_MIGRATE | |
69 | ---help--- | |
70 | Add a PF_KEY MIGRATE message to PF_KEYv2 socket family. | |
71 | The PF_KEY MIGRATE message is used to dynamically update | |
72 | locator(s) of a given IPsec security association. | |
73 | This feature is required, for instance, in a Mobile IPv6 | |
74 | environment with IPsec configuration where mobile nodes | |
75 | change their attachment point to the Internet. Detail | |
76 | information can be found in the internet-draft | |
77 | <draft-sugimoto-mip6-pfkey-migrate>. | |
78 | ||
79 | If unsure, say N. | |
6a2e9b73 | 80 |