K 10
svn:author
V 2
ae
K 8
svn:date
V 27
2016-12-22T12:32:58.820700Z
K 7
svn:log
V 1006
Add kernel option IPSEC_SUPPORT.

It is supposed to be used in kernel that supports IPsec as kernel module.
Currently we don't have ability to unregister network domain(9), thus to
have loadable IPsec, we need PF_KEY is build in the kernel.

There will be three options to control IPsec build:
* options IPSEC: all IPsec related code is build in the kernel.
* options TCP_SIGNATURE: TCP-MD5 support is build in the kernel.
* options IPSEC_SUPPORT:
  PF_KEY support is build in the kernel and IPsec consumer code contains
  runtime checks for presence of IPsec modules.

TCP_SIGNATURE support is also planned to be implemented as kernel module.
If kernel has IPSEC_SUPPORT option, but has not TCP_SIGNATURE option,
it will be possible to load TCP_SIGNATURE as module.
If kernel has IPSEC option, but has not TCP_SIGNATURE option - TCP_SIGNATURE
support will not be available.
If both IPSEC and IPSEC_SUPPORT are enabled, but TCP_SIGNATURE is not -
TCP_SIGNATURE support would be available as kernel module.

END