From 2b8f26308fa886acbbf4f82c4920bfea553ec3b7 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Thu, 15 Dec 2022 16:41:59 +0100 Subject: [PATCH] vici: Update offloading configuration for full packet HW offloading --- src/libcharon/plugins/vici/vici_config.c | 2 ++ src/swanctl/swanctl.opt | 10 ++++++---- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c index 6f589fe207..52eee8c848 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c @@ -1042,6 +1042,8 @@ CALLBACK(parse_hw_offload, bool, enum_map_t map[] = { { "no", HW_OFFLOAD_NO }, { "yes", HW_OFFLOAD_CRYPTO }, + { "crypto", HW_OFFLOAD_CRYPTO }, + { "packet", HW_OFFLOAD_PACKET }, { "auto", HW_OFFLOAD_AUTO }, }; int d; diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index 9277441456..70a4542aa9 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -1071,10 +1071,12 @@ connections..children..hw_offload = no implementation. Enable hardware offload for this CHILD_SA, if supported by the IPsec - implementation. The value _yes_ enforces offloading and the installation - will fail if it's not supported by either kernel or device. The value _auto_ - enables offloading, if it's supported, but the installation does not fail - otherwise. + implementation. The values _crypto_ or _packet_ enforce crypto or full + packet offloading and the installation will fail if the selected mode is not + supported by either kernel or device. On Linux, _packet_ also offloads + policies, including trap policies. The value _auto_ enables full packet + or crypto offloading, if either is supported, but the installation does not + fail otherwise. connections..children..copy_df = yes Whether to copy the DF bit to the outer IPv4 header in tunnel mode. -- 2.47.2