11da177e4SLinus Torvalds# 21da177e4SLinus Torvalds# XFRM configuration 31da177e4SLinus Torvalds# 46a2e9b73SSam Ravnborgconfig XFRM 56a2e9b73SSam Ravnborg bool 66a2e9b73SSam Ravnborg depends on NET 76a2e9b73SSam Ravnborg 81da177e4SLinus Torvaldsconfig XFRM_USER 9654b32c6SMasahide NAKAMURA tristate "Transformation user configuration interface" 101da177e4SLinus Torvalds depends on INET && XFRM 111da177e4SLinus Torvalds ---help--- 12654b32c6SMasahide NAKAMURA Support for Transformation(XFRM) user configuration interface 13654b32c6SMasahide NAKAMURA like IPsec used by native Linux tools. 141da177e4SLinus Torvalds 151da177e4SLinus Torvalds If unsure, say Y. 161da177e4SLinus Torvalds 17c11f1a15SMasahide NAKAMURAconfig XFRM_SUB_POLICY 18c11f1a15SMasahide NAKAMURA bool "Transformation sub policy support (EXPERIMENTAL)" 19c11f1a15SMasahide NAKAMURA depends on XFRM && EXPERIMENTAL 20c11f1a15SMasahide NAKAMURA ---help--- 21c11f1a15SMasahide NAKAMURA Support sub policy for developers. By using sub policy with main 22c11f1a15SMasahide NAKAMURA one, two policies can be applied to the same packet at once. 23c11f1a15SMasahide NAKAMURA Policy which lives shorter time in kernel should be a sub. 24c11f1a15SMasahide NAKAMURA 25c11f1a15SMasahide NAKAMURA If unsure, say N. 26c11f1a15SMasahide NAKAMURA 27d0473655SShinta Sugimotoconfig XFRM_MIGRATE 28d0473655SShinta Sugimoto bool "Transformation migrate database (EXPERIMENTAL)" 29d0473655SShinta Sugimoto depends on XFRM && EXPERIMENTAL 30d0473655SShinta Sugimoto ---help--- 31d0473655SShinta Sugimoto A feature to update locator(s) of a given IPsec security 32d0473655SShinta Sugimoto association dynamically. This feature is required, for 33d0473655SShinta Sugimoto instance, in a Mobile IPv6 environment with IPsec configuration 34d0473655SShinta Sugimoto where mobile nodes change their attachment point to the Internet. 35d0473655SShinta Sugimoto 36d0473655SShinta Sugimoto If unsure, say N. 37d0473655SShinta Sugimoto 386a2e9b73SSam Ravnborgconfig NET_KEY 396a2e9b73SSam Ravnborg tristate "PF_KEY sockets" 406a2e9b73SSam Ravnborg select XFRM 416a2e9b73SSam Ravnborg ---help--- 426a2e9b73SSam Ravnborg PF_KEYv2 socket family, compatible to KAME ones. 436a2e9b73SSam Ravnborg They are required if you are going to use IPsec tools ported 446a2e9b73SSam Ravnborg from KAME. 456a2e9b73SSam Ravnborg 466a2e9b73SSam Ravnborg Say Y unless you know what you are doing. 476a2e9b73SSam Ravnborg 48f6ed0ec0SShinta Sugimotoconfig NET_KEY_MIGRATE 49f6ed0ec0SShinta Sugimoto bool "PF_KEY MIGRATE (EXPERIMENTAL)" 50f6ed0ec0SShinta Sugimoto depends on NET_KEY && EXPERIMENTAL 51f6ed0ec0SShinta Sugimoto select XFRM_MIGRATE 52f6ed0ec0SShinta Sugimoto ---help--- 53f6ed0ec0SShinta Sugimoto Add a PF_KEY MIGRATE message to PF_KEYv2 socket family. 54f6ed0ec0SShinta Sugimoto The PF_KEY MIGRATE message is used to dynamically update 55f6ed0ec0SShinta Sugimoto locator(s) of a given IPsec security association. 56f6ed0ec0SShinta Sugimoto This feature is required, for instance, in a Mobile IPv6 57f6ed0ec0SShinta Sugimoto environment with IPsec configuration where mobile nodes 58f6ed0ec0SShinta Sugimoto change their attachment point to the Internet. Detail 59f6ed0ec0SShinta Sugimoto information can be found in the internet-draft 60f6ed0ec0SShinta Sugimoto <draft-sugimoto-mip6-pfkey-migrate>. 61f6ed0ec0SShinta Sugimoto 62f6ed0ec0SShinta Sugimoto If unsure, say N. 636a2e9b73SSam Ravnborg 64