[PFKEYV2]: CONFIG_NET_KEY_MIGRATE option

Add CONFIG_NET_KEY_MIGRATE option which makes it possible for user
application to send or receive MIGRATE message to/from PF_KEY socket.

Signed-off-by: Shinta Sugimoto <shinta.sugimoto@ericsson.com>
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/xfrm/Kconfig b/net/xfrm/Kconfig
index d385a78694367476eb2cfdb574bf2891644d1536..577a4f821b9879d580a965092b5372b4f6cd213a 100644 (file)
--- a/net/xfrm/Kconfig
+++ b/net/xfrm/Kconfig
@@ -45,4 +45,19 @@ config NET_KEY
 
          Say Y unless you know what you are doing.
 
+config NET_KEY_MIGRATE
+       bool "PF_KEY MIGRATE (EXPERIMENTAL)"
+       depends on NET_KEY && EXPERIMENTAL
+       select XFRM_MIGRATE
+       ---help---
+         Add a PF_KEY MIGRATE message to PF_KEYv2 socket family.
+         The PF_KEY MIGRATE message is used to dynamically update
+         locator(s) of a given IPsec security association.
+         This feature is required, for instance, in a Mobile IPv6
+         environment with IPsec configuration where mobile nodes
+         change their attachment point to the Internet.  Detail
+         information can be found in the internet-draft
+         <draft-sugimoto-mip6-pfkey-migrate>.
+
+         If unsure, say N.