diff options
Diffstat (limited to 'kernel/net/xfrm/Kconfig')
-rw-r--r-- | kernel/net/xfrm/Kconfig | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/kernel/net/xfrm/Kconfig b/kernel/net/xfrm/Kconfig new file mode 100644 index 000000000..bda1a1362 --- /dev/null +++ b/kernel/net/xfrm/Kconfig @@ -0,0 +1,85 @@ +# +# XFRM configuration +# +config XFRM + bool + depends on NET + +config XFRM_ALGO + tristate + select XFRM + select CRYPTO + +config XFRM_USER + tristate "Transformation user configuration interface" + depends on INET + select XFRM_ALGO + ---help--- + Support for Transformation(XFRM) user configuration interface + like IPsec used by native Linux tools. + + If unsure, say Y. + +config XFRM_SUB_POLICY + bool "Transformation sub policy support" + depends on XFRM + ---help--- + Support sub policy for developers. By using sub policy with main + one, two policies can be applied to the same packet at once. + Policy which lives shorter time in kernel should be a sub. + + If unsure, say N. + +config XFRM_MIGRATE + bool "Transformation migrate database" + depends on XFRM + ---help--- + A feature to update locator(s) of a given IPsec security + association dynamically. This feature is required, for + instance, in a Mobile IPv6 environment with IPsec configuration + where mobile nodes change their attachment point to the Internet. + + If unsure, say N. + +config XFRM_STATISTICS + bool "Transformation statistics" + depends on INET && XFRM && PROC_FS + ---help--- + This statistics is not a SNMP/MIB specification but shows + statistics about transformation error (or almost error) factor + at packet processing for developer. + + If unsure, say N. + +config XFRM_IPCOMP + tristate + select XFRM_ALGO + select CRYPTO + select CRYPTO_DEFLATE + +config NET_KEY + tristate "PF_KEY sockets" + select XFRM_ALGO + ---help--- + PF_KEYv2 socket family, compatible to KAME ones. + They are required if you are going to use IPsec tools ported + from KAME. + + Say Y unless you know what you are doing. + +config NET_KEY_MIGRATE + bool "PF_KEY MIGRATE" + depends on NET_KEY + select XFRM_MIGRATE + ---help--- + Add a PF_KEY MIGRATE message to PF_KEYv2 socket family. + The PF_KEY MIGRATE message is used to dynamically update + locator(s) of a given IPsec security association. + This feature is required, for instance, in a Mobile IPv6 + environment with IPsec configuration where mobile nodes + change their attachment point to the Internet. Detail + information can be found in the internet-draft + <draft-sugimoto-mip6-pfkey-migrate>. + + If unsure, say N. + |