10 tristate "Transformation user configuration interface"
11 depends on INET && XFRM
13 Support for Transformation(XFRM) user configuration interface
14 like IPsec used by native Linux tools.
18 config XFRM_SUB_POLICY
19 bool "Transformation sub policy support (EXPERIMENTAL)"
20 depends on XFRM && EXPERIMENTAL
22 Support sub policy for developers. By using sub policy with main
23 one, two policies can be applied to the same packet at once.
24 Policy which lives shorter time in kernel should be a sub.
29 bool "Transformation migrate database (EXPERIMENTAL)"
30 depends on XFRM && EXPERIMENTAL
32 A feature to update locator(s) of a given IPsec security
33 association dynamically. This feature is required, for
34 instance, in a Mobile IPv6 environment with IPsec configuration
35 where mobile nodes change their attachment point to the Internet.
39 config XFRM_STATISTICS
40 bool "Transformation statistics (EXPERIMENTAL)"
41 depends on INET && XFRM && PROC_FS && EXPERIMENTAL
43 This statistics is not a SNMP/MIB specification but shows
44 statistics about transformation error (or almost error) factor
45 at packet processing for developer.
56 tristate "PF_KEY sockets"
59 PF_KEYv2 socket family, compatible to KAME ones.
60 They are required if you are going to use IPsec tools ported
63 Say Y unless you know what you are doing.
65 config NET_KEY_MIGRATE
66 bool "PF_KEY MIGRATE (EXPERIMENTAL)"
67 depends on NET_KEY && EXPERIMENTAL
70 Add a PF_KEY MIGRATE message to PF_KEYv2 socket family.
71 The PF_KEY MIGRATE message is used to dynamically update
72 locator(s) of a given IPsec security association.
73 This feature is required, for instance, in a Mobile IPv6
74 environment with IPsec configuration where mobile nodes
75 change their attachment point to the Internet. Detail
76 information can be found in the internet-draft
77 <draft-sugimoto-mip6-pfkey-migrate>.