From 284fc2f7966cbdb309369953e88a848cafbe8026 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 14 Oct 2022 10:57:53 +0200
Subject: [PATCH] swanctl: Document the behavior of %unique[-dir] on IKE_SAs

---
 src/swanctl/swanctl.opt | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt
index 553831eca8..9cdf78434d 100644
--- a/src/swanctl/swanctl.opt
+++ b/src/swanctl/swanctl.opt
@@ -301,12 +301,22 @@ connections.<conn>.if_id_in = 0
 	XFRM interface ID set on inbound policies/SA, can be overridden by child
 	config, see there for details.
 
+	The special value _%unique_ allocates a unique interface ID per IKE_SA,
+	which is inherited by all its CHILD_SAs (unless overriden there), beyond
+	that the value _%unique-dir_ assigns a different unique interface ID for
+	each direction (in/out).
+
 connections.<conn>.if_id_out = 0
 	Default outbound XFRM interface ID for children.
 
 	XFRM interface ID set on outbound policies/SA, can be overridden by child
 	config, see there for details.
 
+	The special value _%unique_ allocates a unique interface ID per IKE_SA,
+	which is inherited by all its CHILD_SAs (unless overriden there), beyond
+	that the value _%unique-dir_ assigns a different unique interface ID for
+	each direction (in/out).
+
 connections.<conn>.mediation = no
 	Whether this connection is a mediation connection.
 
-- 
2.47.2