Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1 | # |
| 2 | # XFRM configuration |
| 3 | # |
Sam Ravnborg | 6a2e9b7 | 2005-07-11 21:13:56 -0700 | [diff] [blame] | 4 | config XFRM |
| 5 | bool |
| 6 | depends on NET |
| 7 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 8 | config XFRM_USER |
Masahide NAKAMURA | 654b32c | 2006-08-23 19:12:56 -0700 | [diff] [blame] | 9 | tristate "Transformation user configuration interface" |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 10 | depends on INET && XFRM |
| 11 | ---help--- |
Masahide NAKAMURA | 654b32c | 2006-08-23 19:12:56 -0700 | [diff] [blame] | 12 | Support for Transformation(XFRM) user configuration interface |
| 13 | like IPsec used by native Linux tools. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 14 | |
| 15 | If unsure, say Y. |
| 16 | |
Masahide NAKAMURA | c11f1a1 | 2006-08-23 22:38:14 -0700 | [diff] [blame] | 17 | config XFRM_SUB_POLICY |
| 18 | bool "Transformation sub policy support (EXPERIMENTAL)" |
| 19 | depends on XFRM && EXPERIMENTAL |
| 20 | ---help--- |
| 21 | Support sub policy for developers. By using sub policy with main |
| 22 | one, two policies can be applied to the same packet at once. |
| 23 | Policy which lives shorter time in kernel should be a sub. |
| 24 | |
| 25 | If unsure, say N. |
| 26 | |
Shinta Sugimoto | d047365 | 2007-02-08 13:13:07 -0800 | [diff] [blame] | 27 | config XFRM_MIGRATE |
| 28 | bool "Transformation migrate database (EXPERIMENTAL)" |
| 29 | depends on XFRM && EXPERIMENTAL |
| 30 | ---help--- |
| 31 | A feature to update locator(s) of a given IPsec security |
| 32 | association dynamically. This feature is required, for |
| 33 | instance, in a Mobile IPv6 environment with IPsec configuration |
| 34 | where mobile nodes change their attachment point to the Internet. |
| 35 | |
| 36 | If unsure, say N. |
| 37 | |
Sam Ravnborg | 6a2e9b7 | 2005-07-11 21:13:56 -0700 | [diff] [blame] | 38 | config NET_KEY |
| 39 | tristate "PF_KEY sockets" |
| 40 | select XFRM |
| 41 | ---help--- |
| 42 | PF_KEYv2 socket family, compatible to KAME ones. |
| 43 | They are required if you are going to use IPsec tools ported |
| 44 | from KAME. |
| 45 | |
| 46 | Say Y unless you know what you are doing. |
| 47 | |
Shinta Sugimoto | f6ed0ec | 2007-02-08 13:15:05 -0800 | [diff] [blame^] | 48 | config NET_KEY_MIGRATE |
| 49 | bool "PF_KEY MIGRATE (EXPERIMENTAL)" |
| 50 | depends on NET_KEY && EXPERIMENTAL |
| 51 | select XFRM_MIGRATE |
| 52 | ---help--- |
| 53 | Add a PF_KEY MIGRATE message to PF_KEYv2 socket family. |
| 54 | The PF_KEY MIGRATE message is used to dynamically update |
| 55 | locator(s) of a given IPsec security association. |
| 56 | This feature is required, for instance, in a Mobile IPv6 |
| 57 | environment with IPsec configuration where mobile nodes |
| 58 | change their attachment point to the Internet. Detail |
| 59 | information can be found in the internet-draft |
| 60 | <draft-sugimoto-mip6-pfkey-migrate>. |
| 61 | |
| 62 | If unsure, say N. |
Sam Ravnborg | 6a2e9b7 | 2005-07-11 21:13:56 -0700 | [diff] [blame] | 63 | |