11da177e4SLinus Torvalds# 21da177e4SLinus Torvalds# XFRM configuration 31da177e4SLinus Torvalds# 46a2e9b73SSam Ravnborgconfig XFRM 56a2e9b73SSam Ravnborg bool 66a2e9b73SSam Ravnborg depends on NET 76a2e9b73SSam Ravnborg 825393d3fSSteffen Klassertconfig XFRM_OFFLOAD 925393d3fSSteffen Klassert bool 1025393d3fSSteffen Klassert depends on XFRM 1125393d3fSSteffen Klassert 127e152524SJan Beulichconfig XFRM_ALGO 137e152524SJan Beulich tristate 147e152524SJan Beulich select XFRM 157e152524SJan Beulich select CRYPTO 167e152524SJan Beulich 171da177e4SLinus Torvaldsconfig XFRM_USER 18654b32c6SMasahide NAKAMURA tristate "Transformation user configuration interface" 197e152524SJan Beulich depends on INET 207e152524SJan Beulich select XFRM_ALGO 211da177e4SLinus Torvalds ---help--- 22654b32c6SMasahide NAKAMURA Support for Transformation(XFRM) user configuration interface 23654b32c6SMasahide NAKAMURA like IPsec used by native Linux tools. 241da177e4SLinus Torvalds 251da177e4SLinus Torvalds If unsure, say Y. 261da177e4SLinus Torvalds 27c11f1a15SMasahide NAKAMURAconfig XFRM_SUB_POLICY 28f215bf48SKees Cook bool "Transformation sub policy support" 29f215bf48SKees Cook depends on XFRM 30c11f1a15SMasahide NAKAMURA ---help--- 31c11f1a15SMasahide NAKAMURA Support sub policy for developers. By using sub policy with main 32c11f1a15SMasahide NAKAMURA one, two policies can be applied to the same packet at once. 33c11f1a15SMasahide NAKAMURA Policy which lives shorter time in kernel should be a sub. 34c11f1a15SMasahide NAKAMURA 35c11f1a15SMasahide NAKAMURA If unsure, say N. 36c11f1a15SMasahide NAKAMURA 37d0473655SShinta Sugimotoconfig XFRM_MIGRATE 38f215bf48SKees Cook bool "Transformation migrate database" 39f215bf48SKees Cook depends on XFRM 40d0473655SShinta Sugimoto ---help--- 41d0473655SShinta Sugimoto A feature to update locator(s) of a given IPsec security 42d0473655SShinta Sugimoto association dynamically. This feature is required, for 43d0473655SShinta Sugimoto instance, in a Mobile IPv6 environment with IPsec configuration 44d0473655SShinta Sugimoto where mobile nodes change their attachment point to the Internet. 45d0473655SShinta Sugimoto 46d0473655SShinta Sugimoto If unsure, say N. 47d0473655SShinta Sugimoto 488ea84349SMasahide NAKAMURAconfig XFRM_STATISTICS 49f215bf48SKees Cook bool "Transformation statistics" 50f215bf48SKees Cook depends on INET && XFRM && PROC_FS 518ea84349SMasahide NAKAMURA ---help--- 528ea84349SMasahide NAKAMURA This statistics is not a SNMP/MIB specification but shows 538ea84349SMasahide NAKAMURA statistics about transformation error (or almost error) factor 548ea84349SMasahide NAKAMURA at packet processing for developer. 558ea84349SMasahide NAKAMURA 568ea84349SMasahide NAKAMURA If unsure, say N. 578ea84349SMasahide NAKAMURA 586fccab67SHerbert Xuconfig XFRM_IPCOMP 596fccab67SHerbert Xu tristate 607e152524SJan Beulich select XFRM_ALGO 616fccab67SHerbert Xu select CRYPTO 626fccab67SHerbert Xu select CRYPTO_DEFLATE 636fccab67SHerbert Xu 646a2e9b73SSam Ravnborgconfig NET_KEY 656a2e9b73SSam Ravnborg tristate "PF_KEY sockets" 667e152524SJan Beulich select XFRM_ALGO 676a2e9b73SSam Ravnborg ---help--- 686a2e9b73SSam Ravnborg PF_KEYv2 socket family, compatible to KAME ones. 696a2e9b73SSam Ravnborg They are required if you are going to use IPsec tools ported 706a2e9b73SSam Ravnborg from KAME. 716a2e9b73SSam Ravnborg 726a2e9b73SSam Ravnborg Say Y unless you know what you are doing. 736a2e9b73SSam Ravnborg 74f6ed0ec0SShinta Sugimotoconfig NET_KEY_MIGRATE 75f215bf48SKees Cook bool "PF_KEY MIGRATE" 76f215bf48SKees Cook depends on NET_KEY 77f6ed0ec0SShinta Sugimoto select XFRM_MIGRATE 78f6ed0ec0SShinta Sugimoto ---help--- 79f6ed0ec0SShinta Sugimoto Add a PF_KEY MIGRATE message to PF_KEYv2 socket family. 80f6ed0ec0SShinta Sugimoto The PF_KEY MIGRATE message is used to dynamically update 81f6ed0ec0SShinta Sugimoto locator(s) of a given IPsec security association. 82f6ed0ec0SShinta Sugimoto This feature is required, for instance, in a Mobile IPv6 83f6ed0ec0SShinta Sugimoto environment with IPsec configuration where mobile nodes 84f6ed0ec0SShinta Sugimoto change their attachment point to the Internet. Detail 85f6ed0ec0SShinta Sugimoto information can be found in the internet-draft 86f6ed0ec0SShinta Sugimoto <draft-sugimoto-mip6-pfkey-migrate>. 87f6ed0ec0SShinta Sugimoto 88f6ed0ec0SShinta Sugimoto If unsure, say N. 896a2e9b73SSam Ravnborg 90