From: Tobias Brunner Date: Tue, 25 Mar 2025 12:44:44 +0000 (+0100) Subject: kernel-netlink: Enable UDP GRO X-Git-Tag: 6.0.2dr1~35 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=57e74f64b38f6f8a1c46f50a4c7660ed7dc77b61;p=thirdparty%2Fstrongswan.git kernel-netlink: Enable UDP GRO This enables GRO offload for inbound ESP-in-UDP packets if the esp4|6_offload modules are loaded. Note that inbound ESP or ESP-in-UDP packets won't be visible on layer 3 in Netfilter or tcpdump. --- diff --git a/src/include/linux/udp.h b/src/include/linux/udp.h index b68a166f2e..c0920eaa2d 100644 --- a/src/include/linux/udp.h +++ b/src/include/linux/udp.h @@ -29,6 +29,7 @@ struct udphdr { /* UDP socket options */ #define UDP_CORK 1 /* Never send partially complete segments */ #define UDP_ENCAP 100 /* Set the socket to accept encapsulated packets */ +#define UDP_GRO 104 /* This socket can receive UDP GRO packets */ /* UDP encapsulation types */ #define UDP_ENCAP_ESPINUDP_NON_IKE 1 /* draft-ietf-ipsec-nat-t-ike-00/01 */ diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c index c6e50cc05d..df28228853 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -3884,6 +3884,12 @@ METHOD(kernel_ipsec_t, enable_udp_decap, bool, DBG1(DBG_KNL, "unable to set UDP_ENCAP: %s", strerror(errno)); return FALSE; } + type = 1; + if (setsockopt(fd, SOL_UDP, UDP_GRO, &type, sizeof(type)) < 0) + { + DBG1(DBG_KNL, "unable to set UDP_GRO: %s", strerror(errno)); + return FALSE; + } return TRUE; }