2005-04-16 16:20:36 -06:00
|
|
|
#
|
|
|
|
# XFRM configuration
|
|
|
|
#
|
2005-07-11 22:13:56 -06:00
|
|
|
config XFRM
|
|
|
|
bool
|
|
|
|
depends on NET
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
config XFRM_USER
|
2006-08-23 20:12:56 -06:00
|
|
|
tristate "Transformation user configuration interface"
|
2005-04-16 16:20:36 -06:00
|
|
|
depends on INET && XFRM
|
|
|
|
---help---
|
2006-08-23 20:12:56 -06:00
|
|
|
Support for Transformation(XFRM) user configuration interface
|
|
|
|
like IPsec used by native Linux tools.
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
If unsure, say Y.
|
|
|
|
|
2006-08-23 23:38:14 -06:00
|
|
|
config XFRM_SUB_POLICY
|
|
|
|
bool "Transformation sub policy support (EXPERIMENTAL)"
|
|
|
|
depends on XFRM && EXPERIMENTAL
|
|
|
|
---help---
|
|
|
|
Support sub policy for developers. By using sub policy with main
|
|
|
|
one, two policies can be applied to the same packet at once.
|
|
|
|
Policy which lives shorter time in kernel should be a sub.
|
|
|
|
|
|
|
|
If unsure, say N.
|
|
|
|
|
2007-02-08 14:13:07 -07:00
|
|
|
config XFRM_MIGRATE
|
|
|
|
bool "Transformation migrate database (EXPERIMENTAL)"
|
|
|
|
depends on XFRM && EXPERIMENTAL
|
|
|
|
---help---
|
|
|
|
A feature to update locator(s) of a given IPsec security
|
|
|
|
association dynamically. This feature is required, for
|
|
|
|
instance, in a Mobile IPv6 environment with IPsec configuration
|
|
|
|
where mobile nodes change their attachment point to the Internet.
|
|
|
|
|
|
|
|
If unsure, say N.
|
|
|
|
|
2005-07-11 22:13:56 -06:00
|
|
|
config NET_KEY
|
|
|
|
tristate "PF_KEY sockets"
|
|
|
|
select XFRM
|
|
|
|
---help---
|
|
|
|
PF_KEYv2 socket family, compatible to KAME ones.
|
|
|
|
They are required if you are going to use IPsec tools ported
|
|
|
|
from KAME.
|
|
|
|
|
|
|
|
Say Y unless you know what you are doing.
|
|
|
|
|
2007-02-08 14:15:05 -07:00
|
|
|
config NET_KEY_MIGRATE
|
|
|
|
bool "PF_KEY MIGRATE (EXPERIMENTAL)"
|
|
|
|
depends on NET_KEY && EXPERIMENTAL
|
|
|
|
select XFRM_MIGRATE
|
|
|
|
---help---
|
|
|
|
Add a PF_KEY MIGRATE message to PF_KEYv2 socket family.
|
|
|
|
The PF_KEY MIGRATE message is used to dynamically update
|
|
|
|
locator(s) of a given IPsec security association.
|
|
|
|
This feature is required, for instance, in a Mobile IPv6
|
|
|
|
environment with IPsec configuration where mobile nodes
|
|
|
|
change their attachment point to the Internet. Detail
|
|
|
|
information can be found in the internet-draft
|
|
|
|
<draft-sugimoto-mip6-pfkey-migrate>.
|
|
|
|
|
|
|
|
If unsure, say N.
|
2005-07-11 22:13:56 -06:00
|
|
|
|