From: Tobias Brunner Date: Thu, 15 Dec 2022 15:41:59 +0000 (+0100) Subject: vici: Update offloading configuration for full packet HW offloading X-Git-Tag: android-2.4.1~4^2~9 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2b8f26308fa886acbbf4f82c4920bfea553ec3b7;p=thirdparty%2Fstrongswan.git vici: Update offloading configuration for full packet HW offloading --- diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c index 6f589fe207..52eee8c848 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c @@ -1042,6 +1042,8 @@ CALLBACK(parse_hw_offload, bool, enum_map_t map[] = { { "no", HW_OFFLOAD_NO }, { "yes", HW_OFFLOAD_CRYPTO }, + { "crypto", HW_OFFLOAD_CRYPTO }, + { "packet", HW_OFFLOAD_PACKET }, { "auto", HW_OFFLOAD_AUTO }, }; int d; diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index 9277441456..70a4542aa9 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -1071,10 +1071,12 @@ connections..children..hw_offload = no implementation. Enable hardware offload for this CHILD_SA, if supported by the IPsec - implementation. The value _yes_ enforces offloading and the installation - will fail if it's not supported by either kernel or device. The value _auto_ - enables offloading, if it's supported, but the installation does not fail - otherwise. + implementation. The values _crypto_ or _packet_ enforce crypto or full + packet offloading and the installation will fail if the selected mode is not + supported by either kernel or device. On Linux, _packet_ also offloads + policies, including trap policies. The value _auto_ enables full packet + or crypto offloading, if either is supported, but the installation does not + fail otherwise. connections..children..copy_df = yes Whether to copy the DF bit to the outer IPv4 header in tunnel mode.