11da177e4SLinus Torvalds# 21da177e4SLinus Torvalds# XFRM configuration 31da177e4SLinus Torvalds# 46a2e9b73SSam Ravnborgconfig XFRM 56a2e9b73SSam Ravnborg bool 66a2e9b73SSam Ravnborg depends on NET 76a2e9b73SSam Ravnborg 81da177e4SLinus Torvaldsconfig XFRM_USER 9654b32c6SMasahide NAKAMURA tristate "Transformation user configuration interface" 101da177e4SLinus Torvalds depends on INET && XFRM 111da177e4SLinus Torvalds ---help--- 12654b32c6SMasahide NAKAMURA Support for Transformation(XFRM) user configuration interface 13654b32c6SMasahide NAKAMURA like IPsec used by native Linux tools. 141da177e4SLinus Torvalds 151da177e4SLinus Torvalds If unsure, say Y. 161da177e4SLinus Torvalds 17c11f1a15SMasahide NAKAMURAconfig XFRM_SUB_POLICY 18c11f1a15SMasahide NAKAMURA bool "Transformation sub policy support (EXPERIMENTAL)" 19c11f1a15SMasahide NAKAMURA depends on XFRM && EXPERIMENTAL 20c11f1a15SMasahide NAKAMURA ---help--- 21c11f1a15SMasahide NAKAMURA Support sub policy for developers. By using sub policy with main 22c11f1a15SMasahide NAKAMURA one, two policies can be applied to the same packet at once. 23c11f1a15SMasahide NAKAMURA Policy which lives shorter time in kernel should be a sub. 24c11f1a15SMasahide NAKAMURA 25c11f1a15SMasahide NAKAMURA If unsure, say N. 26c11f1a15SMasahide NAKAMURA 27d0473655SShinta Sugimotoconfig XFRM_MIGRATE 28d0473655SShinta Sugimoto bool "Transformation migrate database (EXPERIMENTAL)" 29d0473655SShinta Sugimoto depends on XFRM && EXPERIMENTAL 30d0473655SShinta Sugimoto ---help--- 31d0473655SShinta Sugimoto A feature to update locator(s) of a given IPsec security 32d0473655SShinta Sugimoto association dynamically. This feature is required, for 33d0473655SShinta Sugimoto instance, in a Mobile IPv6 environment with IPsec configuration 34d0473655SShinta Sugimoto where mobile nodes change their attachment point to the Internet. 35d0473655SShinta Sugimoto 36d0473655SShinta Sugimoto If unsure, say N. 37d0473655SShinta Sugimoto 388ea84349SMasahide NAKAMURAconfig XFRM_STATISTICS 398ea84349SMasahide NAKAMURA bool "Transformation statistics (EXPERIMENTAL)" 408ea84349SMasahide NAKAMURA depends on XFRM && PROC_FS && EXPERIMENTAL 418ea84349SMasahide NAKAMURA ---help--- 428ea84349SMasahide NAKAMURA This statistics is not a SNMP/MIB specification but shows 438ea84349SMasahide NAKAMURA statistics about transformation error (or almost error) factor 448ea84349SMasahide NAKAMURA at packet processing for developer. 458ea84349SMasahide NAKAMURA 468ea84349SMasahide NAKAMURA If unsure, say N. 478ea84349SMasahide NAKAMURA 486a2e9b73SSam Ravnborgconfig NET_KEY 496a2e9b73SSam Ravnborg tristate "PF_KEY sockets" 506a2e9b73SSam Ravnborg select XFRM 516a2e9b73SSam Ravnborg ---help--- 526a2e9b73SSam Ravnborg PF_KEYv2 socket family, compatible to KAME ones. 536a2e9b73SSam Ravnborg They are required if you are going to use IPsec tools ported 546a2e9b73SSam Ravnborg from KAME. 556a2e9b73SSam Ravnborg 566a2e9b73SSam Ravnborg Say Y unless you know what you are doing. 576a2e9b73SSam Ravnborg 58f6ed0ec0SShinta Sugimotoconfig NET_KEY_MIGRATE 59f6ed0ec0SShinta Sugimoto bool "PF_KEY MIGRATE (EXPERIMENTAL)" 60f6ed0ec0SShinta Sugimoto depends on NET_KEY && EXPERIMENTAL 61f6ed0ec0SShinta Sugimoto select XFRM_MIGRATE 62f6ed0ec0SShinta Sugimoto ---help--- 63f6ed0ec0SShinta Sugimoto Add a PF_KEY MIGRATE message to PF_KEYv2 socket family. 64f6ed0ec0SShinta Sugimoto The PF_KEY MIGRATE message is used to dynamically update 65f6ed0ec0SShinta Sugimoto locator(s) of a given IPsec security association. 66f6ed0ec0SShinta Sugimoto This feature is required, for instance, in a Mobile IPv6 67f6ed0ec0SShinta Sugimoto environment with IPsec configuration where mobile nodes 68f6ed0ec0SShinta Sugimoto change their attachment point to the Internet. Detail 69f6ed0ec0SShinta Sugimoto information can be found in the internet-draft 70f6ed0ec0SShinta Sugimoto <draft-sugimoto-mip6-pfkey-migrate>. 71f6ed0ec0SShinta Sugimoto 72f6ed0ec0SShinta Sugimoto If unsure, say N. 736a2e9b73SSam Ravnborg 74