81 lines
		
	
	
		
			2.3 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			81 lines
		
	
	
		
			2.3 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| #
 | |
| # XFRM configuration
 | |
| #
 | |
| config XFRM
 | |
|        bool
 | |
|        select CRYPTO
 | |
|        depends on NET
 | |
| 
 | |
| config XFRM_USER
 | |
| 	tristate "Transformation user configuration interface"
 | |
| 	depends on INET && XFRM
 | |
| 	---help---
 | |
| 	  Support for Transformation(XFRM) user configuration interface
 | |
| 	  like IPsec used by native Linux tools.
 | |
| 
 | |
| 	  If unsure, say Y.
 | |
| 
 | |
| config XFRM_SUB_POLICY
 | |
| 	bool "Transformation sub policy support (EXPERIMENTAL)"
 | |
| 	depends on XFRM && EXPERIMENTAL
 | |
| 	---help---
 | |
| 	  Support sub policy for developers. By using sub policy with main
 | |
| 	  one, two policies can be applied to the same packet at once.
 | |
| 	  Policy which lives shorter time in kernel should be a sub.
 | |
| 
 | |
| 	  If unsure, say N.
 | |
| 
 | |
| config XFRM_MIGRATE
 | |
| 	bool "Transformation migrate database (EXPERIMENTAL)"
 | |
| 	depends on XFRM && EXPERIMENTAL
 | |
| 	---help---
 | |
| 	  A feature to update locator(s) of a given IPsec security
 | |
| 	  association dynamically.  This feature is required, for
 | |
| 	  instance, in a Mobile IPv6 environment with IPsec configuration
 | |
| 	  where mobile nodes change their attachment point to the Internet.
 | |
| 
 | |
| 	  If unsure, say N.
 | |
| 
 | |
| config XFRM_STATISTICS
 | |
| 	bool "Transformation statistics (EXPERIMENTAL)"
 | |
| 	depends on INET && XFRM && PROC_FS && EXPERIMENTAL
 | |
| 	---help---
 | |
| 	  This statistics is not a SNMP/MIB specification but shows
 | |
| 	  statistics about transformation error (or almost error) factor
 | |
| 	  at packet processing for developer.
 | |
| 
 | |
| 	  If unsure, say N.
 | |
| 
 | |
| config XFRM_IPCOMP
 | |
| 	tristate
 | |
| 	select XFRM
 | |
| 	select CRYPTO
 | |
| 	select CRYPTO_DEFLATE
 | |
| 
 | |
| config NET_KEY
 | |
| 	tristate "PF_KEY sockets"
 | |
| 	select XFRM
 | |
| 	---help---
 | |
| 	  PF_KEYv2 socket family, compatible to KAME ones.
 | |
| 	  They are required if you are going to use IPsec tools ported
 | |
| 	  from KAME.
 | |
| 
 | |
| 	  Say Y unless you know what you are doing.
 | |
| 
 | |
| config NET_KEY_MIGRATE
 | |
| 	bool "PF_KEY MIGRATE (EXPERIMENTAL)"
 | |
| 	depends on NET_KEY && EXPERIMENTAL
 | |
| 	select XFRM_MIGRATE
 | |
| 	---help---
 | |
| 	  Add a PF_KEY MIGRATE message to PF_KEYv2 socket family.
 | |
| 	  The PF_KEY MIGRATE message is used to dynamically update
 | |
| 	  locator(s) of a given IPsec security association.
 | |
| 	  This feature is required, for instance, in a Mobile IPv6
 | |
| 	  environment with IPsec configuration where mobile nodes
 | |
| 	  change their attachment point to the Internet.  Detail
 | |
| 	  information can be found in the internet-draft
 | |
| 	  <draft-sugimoto-mip6-pfkey-migrate>.
 | |
| 
 | |
| 	  If unsure, say N.
 | |
| 
 |