1# 2# XFRM configuration 3# 4config XFRM 5 bool 6 select CRYPTO 7 depends on NET 8 9config XFRM_USER 10 tristate "Transformation user configuration interface" 11 depends on INET && XFRM 12 ---help--- 13 Support for Transformation(XFRM) user configuration interface 14 like IPsec used by native Linux tools. 15 16 If unsure, say Y. 17 18config XFRM_SUB_POLICY 19 bool "Transformation sub policy support (EXPERIMENTAL)" 20 depends on XFRM && EXPERIMENTAL 21 ---help--- 22 Support sub policy for developers. By using sub policy with main 23 one, two policies can be applied to the same packet at once. 24 Policy which lives shorter time in kernel should be a sub. 25 26 If unsure, say N. 27 28config XFRM_MIGRATE 29 bool "Transformation migrate database (EXPERIMENTAL)" 30 depends on XFRM && EXPERIMENTAL 31 ---help--- 32 A feature to update locator(s) of a given IPsec security 33 association dynamically. This feature is required, for 34 instance, in a Mobile IPv6 environment with IPsec configuration 35 where mobile nodes change their attachment point to the Internet. 36 37 If unsure, say N. 38 39config XFRM_STATISTICS 40 bool "Transformation statistics (EXPERIMENTAL)" 41 depends on INET && XFRM && PROC_FS && EXPERIMENTAL 42 ---help--- 43 This statistics is not a SNMP/MIB specification but shows 44 statistics about transformation error (or almost error) factor 45 at packet processing for developer. 46 47 If unsure, say N. 48 49config NET_KEY 50 tristate "PF_KEY sockets" 51 select XFRM 52 ---help--- 53 PF_KEYv2 socket family, compatible to KAME ones. 54 They are required if you are going to use IPsec tools ported 55 from KAME. 56 57 Say Y unless you know what you are doing. 58 59config NET_KEY_MIGRATE 60 bool "PF_KEY MIGRATE (EXPERIMENTAL)" 61 depends on NET_KEY && EXPERIMENTAL 62 select XFRM_MIGRATE 63 ---help--- 64 Add a PF_KEY MIGRATE message to PF_KEYv2 socket family. 65 The PF_KEY MIGRATE message is used to dynamically update 66 locator(s) of a given IPsec security association. 67 This feature is required, for instance, in a Mobile IPv6 68 environment with IPsec configuration where mobile nodes 69 change their attachment point to the Internet. Detail 70 information can be found in the internet-draft 71 <draft-sugimoto-mip6-pfkey-migrate>. 72 73 If unsure, say N. 74 75