1# 2# XFRM configuration 3# 4config XFRM 5 bool 6 depends on NET 7 8config XFRM_USER 9 tristate "Transformation user configuration interface" 10 depends on INET && XFRM 11 ---help--- 12 Support for Transformation(XFRM) user configuration interface 13 like IPsec used by native Linux tools. 14 15 If unsure, say Y. 16 17config XFRM_SUB_POLICY 18 bool "Transformation sub policy support (EXPERIMENTAL)" 19 depends on XFRM && EXPERIMENTAL 20 ---help--- 21 Support sub policy for developers. By using sub policy with main 22 one, two policies can be applied to the same packet at once. 23 Policy which lives shorter time in kernel should be a sub. 24 25 If unsure, say N. 26 27config XFRM_MIGRATE 28 bool "Transformation migrate database (EXPERIMENTAL)" 29 depends on XFRM && EXPERIMENTAL 30 ---help--- 31 A feature to update locator(s) of a given IPsec security 32 association dynamically. This feature is required, for 33 instance, in a Mobile IPv6 environment with IPsec configuration 34 where mobile nodes change their attachment point to the Internet. 35 36 If unsure, say N. 37 38config NET_KEY 39 tristate "PF_KEY sockets" 40 select XFRM 41 ---help--- 42 PF_KEYv2 socket family, compatible to KAME ones. 43 They are required if you are going to use IPsec tools ported 44 from KAME. 45 46 Say Y unless you know what you are doing. 47 48config NET_KEY_MIGRATE 49 bool "PF_KEY MIGRATE (EXPERIMENTAL)" 50 depends on NET_KEY && EXPERIMENTAL 51 select XFRM_MIGRATE 52 ---help--- 53 Add a PF_KEY MIGRATE message to PF_KEYv2 socket family. 54 The PF_KEY MIGRATE message is used to dynamically update 55 locator(s) of a given IPsec security association. 56 This feature is required, for instance, in a Mobile IPv6 57 environment with IPsec configuration where mobile nodes 58 change their attachment point to the Internet. Detail 59 information can be found in the internet-draft 60 <draft-sugimoto-mip6-pfkey-migrate>. 61 62 If unsure, say N. 63 64