1# 2# XFRM configuration 3# 4config XFRM 5 bool 6 depends on NET 7 8config XFRM_ALGO 9 tristate 10 select XFRM 11 select CRYPTO 12 13config XFRM_USER 14 tristate "Transformation user configuration interface" 15 depends on INET 16 select XFRM_ALGO 17 ---help--- 18 Support for Transformation(XFRM) user configuration interface 19 like IPsec used by native Linux tools. 20 21 If unsure, say Y. 22 23config XFRM_SUB_POLICY 24 bool "Transformation sub policy support (EXPERIMENTAL)" 25 depends on XFRM && EXPERIMENTAL 26 ---help--- 27 Support sub policy for developers. By using sub policy with main 28 one, two policies can be applied to the same packet at once. 29 Policy which lives shorter time in kernel should be a sub. 30 31 If unsure, say N. 32 33config XFRM_MIGRATE 34 bool "Transformation migrate database (EXPERIMENTAL)" 35 depends on XFRM && EXPERIMENTAL 36 ---help--- 37 A feature to update locator(s) of a given IPsec security 38 association dynamically. This feature is required, for 39 instance, in a Mobile IPv6 environment with IPsec configuration 40 where mobile nodes change their attachment point to the Internet. 41 42 If unsure, say N. 43 44config XFRM_STATISTICS 45 bool "Transformation statistics (EXPERIMENTAL)" 46 depends on INET && XFRM && PROC_FS && EXPERIMENTAL 47 ---help--- 48 This statistics is not a SNMP/MIB specification but shows 49 statistics about transformation error (or almost error) factor 50 at packet processing for developer. 51 52 If unsure, say N. 53 54config XFRM_IPCOMP 55 tristate 56 select XFRM_ALGO 57 select CRYPTO 58 select CRYPTO_DEFLATE 59 60config NET_KEY 61 tristate "PF_KEY sockets" 62 select XFRM_ALGO 63 ---help--- 64 PF_KEYv2 socket family, compatible to KAME ones. 65 They are required if you are going to use IPsec tools ported 66 from KAME. 67 68 Say Y unless you know what you are doing. 69 70config NET_KEY_MIGRATE 71 bool "PF_KEY MIGRATE (EXPERIMENTAL)" 72 depends on NET_KEY && EXPERIMENTAL 73 select XFRM_MIGRATE 74 ---help--- 75 Add a PF_KEY MIGRATE message to PF_KEYv2 socket family. 76 The PF_KEY MIGRATE message is used to dynamically update 77 locator(s) of a given IPsec security association. 78 This feature is required, for instance, in a Mobile IPv6 79 environment with IPsec configuration where mobile nodes 80 change their attachment point to the Internet. Detail 81 information can be found in the internet-draft 82 <draft-sugimoto-mip6-pfkey-migrate>. 83 84 If unsure, say N. 85 86