vici: Update offloading configuration for full packet HW offloading

diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
index 6f589fe20718e45ac8c16cd5dde0931867667cfe..52eee8c848577e35aa2211895f56f95d1fbd1f84 100644 (file)
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@@ -1042,6 +1042,8 @@ CALLBACK(parse_hw_offload, bool,
        enum_map_t map[] = {
                { "no",         HW_OFFLOAD_NO           },
                { "yes",        HW_OFFLOAD_CRYPTO       },
+               { "crypto",     HW_OFFLOAD_CRYPTO       },
+               { "packet",     HW_OFFLOAD_PACKET       },
                { "auto",       HW_OFFLOAD_AUTO         },
        };
        int d;

diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt
index 92774414567a5efdb33c2128670da66efaf8eb55..70a4542aa9df4eadea9b007b48163ad84dce4090 100644 (file)
--- a/src/swanctl/swanctl.opt
+++ b/src/swanctl/swanctl.opt
@@ -1071,10 +1071,12 @@ connections.<conn>.children.<child>.hw_offload = no
        implementation.
 
        Enable hardware offload for this CHILD_SA, if supported by the IPsec
-       implementation. The value _yes_ enforces offloading and the installation
-       will fail if it's not supported by either kernel or device.     The value _auto_
-       enables offloading, if it's supported, but the installation does not fail
-       otherwise.
+       implementation. The values _crypto_ or _packet_ enforce crypto or full
+       packet offloading and the installation will fail if the selected mode is not
+       supported by either kernel or device. On Linux, _packet_ also offloads
+       policies, including trap policies. The value _auto_ enables full packet
+       or crypto offloading, if either is supported, but the installation does not
+       fail otherwise.
 
 connections.<conn>.children.<child>.copy_df = yes
        Whether to copy the DF bit to the outer IPv4 header in tunnel mode.