From: Ilan Tayari <[email protected]> Convert nic-offload configuration from boolean to 3-choice enum. The behavior is: no - Never attempt nic offload yes - Always attempt nic offload, and fail if it fails auto - Auto-detect kernel and NIC capability. attempt nic-offload only if supported, and fallback to non-offload if it fails.
Default is auto. Signed-off-by: Ilan Tayari <[email protected]> --- include/pluto_constants.h | 6 ++++++ include/whack.h | 2 +- lib/libipsecconf/confread.c | 2 +- lib/libipsecconf/keywords.c | 8 +++++++- programs/pluto/connections.c | 5 +++-- programs/pluto/connections.h | 2 +- programs/whack/whack.c | 13 ++++++++++--- 7 files changed, 29 insertions(+), 9 deletions(-) diff --git a/include/pluto_constants.h b/include/pluto_constants.h index f683e0570..a03ed8e5b 100644 --- a/include/pluto_constants.h +++ b/include/pluto_constants.h @@ -723,6 +723,12 @@ enum encaps_options { encaps_yes = 3, }; +enum nic_offload_options { + nic_offload_no = 0, + nic_offload_yes = 1, + nic_offload_auto = 2, +}; + enum ynf_options { ynf_no = 0, ynf_yes = 1, diff --git a/include/whack.h b/include/whack.h index 9e8a15ae1..bde7909db 100644 --- a/include/whack.h +++ b/include/whack.h @@ -155,7 +155,7 @@ struct whack_message { unsigned long sa_replay_window; deltatime_t r_timeout; /* in secs */ unsigned long r_interval; /* in msec */ - bool nic_offload; + enum nic_offload_options nic_offload; /* For IKEv1 RFC 3706 - Dead Peer Detection */ deltatime_t dpd_delay; diff --git a/lib/libipsecconf/confread.c b/lib/libipsecconf/confread.c index da2c11f28..2544351a9 100644 --- a/lib/libipsecconf/confread.c +++ b/lib/libipsecconf/confread.c @@ -150,7 +150,7 @@ void ipsecconf_default_values(struct starter_config *cfg) POLICY_IKE_FRAG_ALLOW | /* ike_frag=yes */ POLICY_ESN_NO; /* esn=no */ - cfg->conn_default.options[KBF_NIC_OFFLOAD] = FALSE; + cfg->conn_default.options[KBF_NIC_OFFLOAD] = nic_offload_auto; cfg->conn_default.options[KBF_IKELIFETIME] = IKE_SA_LIFETIME_DEFAULT; cfg->conn_default.options[KBF_REPLAY_WINDOW] = IPSEC_SA_DEFAULT_REPLAY_WINDOW; diff --git a/lib/libipsecconf/keywords.c b/lib/libipsecconf/keywords.c index a2f554f96..23ab2e036 100644 --- a/lib/libipsecconf/keywords.c +++ b/lib/libipsecconf/keywords.c @@ -389,6 +389,12 @@ static const struct keyword_enum_value kw_ocsp_method_values[] = { }; static const struct keyword_enum_values kw_ocsp_method_list = VALUES_INITIALIZER(kw_ocsp_method_values); +static const struct keyword_enum_value kw_nic_offload_values[] = { + { "no", nic_offload_no }, + { "yes", nic_offload_yes }, + { "auto", nic_offload_auto }, +}; +static const struct keyword_enum_values kw_nic_offload_list = VALUES_INITIALIZER(kw_nic_offload_values); /* MASTER KEYWORD LIST * Note: this table is terminated by an entry with keyname == NULL. @@ -610,7 +616,7 @@ const struct keyword_def ipsec_conf_keywords_v2[] = { { "modecfgwins1", kv_conn, kt_obsolete, KBF_WARNIGNORE, NOT_ENUM }, { "modecfgwins2", kv_conn, kt_obsolete, KBF_WARNIGNORE, NOT_ENUM }, - { "nic-offload", kv_conn, kt_bool, KBF_NIC_OFFLOAD, NOT_ENUM }, + { "nic-offload", kv_conn, kt_enum, KBF_NIC_OFFLOAD, &kw_nic_offload_list }, { "encapsulation", kv_conn, kt_enum, KBF_ENCAPS, &kw_encaps_list }, { "forceencaps", kv_conn, kt_obsolete, KBF_WARNIGNORE, NOT_ENUM }, diff --git a/programs/pluto/connections.c b/programs/pluto/connections.c index 7d7b9fa17..7cc5d5f40 100644 --- a/programs/pluto/connections.c +++ b/programs/pluto/connections.c @@ -4108,12 +4108,13 @@ void show_one_connection(const struct connection *c) strcpy(markstr, "unset"); whack_log(RC_COMMENT, - "\"%s\"%s: nflog-group: %s; mark: %s; vti-iface:%s; vti-routing:%s; vti-shared:%s;%s", + "\"%s\"%s: nflog-group: %s; mark: %s; vti-iface:%s; vti-routing:%s; vti-shared:%s; nic-offload:%s", c->name, instance, nflogstr, markstr, c->vti_iface == NULL ? "unset" : c->vti_iface, c->vti_routing ? "yes" : "no", c->vti_shared ? "yes" : "no", - c->nic_offload ? " nic-offload:yes;" : "" + (c->nic_offload == nic_offload_auto) ? "auto" : + (c->nic_offload == nic_offload_yes) ? "yes" : "no" ); { diff --git a/programs/pluto/connections.h b/programs/pluto/connections.h index d5fee13d9..7c10ce998 100644 --- a/programs/pluto/connections.h +++ b/programs/pluto/connections.h @@ -242,7 +242,7 @@ struct connection { deltatime_t r_timeout; /* max time (in secs) for one packet exchange attempt */ reqid_t sa_reqid; int encapsulation; - bool nic_offload; + enum nic_offload_options nic_offload; /* RFC 3706 DPD */ deltatime_t dpd_delay; /* time between checks */ diff --git a/programs/whack/whack.c b/programs/whack/whack.c index 9157fc6b5..86b845fae 100644 --- a/programs/whack/whack.c +++ b/programs/whack/whack.c @@ -675,7 +675,7 @@ static const struct option long_opts[] = { { "pfsgroup", required_argument, NULL, CD_PFSGROUP + OO }, { "esp", required_argument, NULL, CD_ESP + OO }, { "remote_peer_type", required_argument, NULL, CD_REMOTEPEERTYPE + OO }, - { "nic-offload", no_argument, NULL, CD_NIC_OFFLOAD + OO}, + { "nic-offload", required_argument, NULL, CD_NIC_OFFLOAD + OO}, PS("ikev1-allow", IKEV1_ALLOW), @@ -945,7 +945,7 @@ int main(int argc, char **argv) msg.modecfg_domain = NULL; msg.modecfg_banner = NULL; - msg.nic_offload = FALSE; + msg.nic_offload = nic_offload_auto; msg.sa_ike_life_seconds = deltatime(IKE_SA_LIFETIME_DEFAULT); msg.sa_ipsec_life_seconds = deltatime(IPSEC_SA_LIFETIME_DEFAULT); msg.sa_rekey_margin = deltatime(SA_REPLACEMENT_MARGIN_DEFAULT); @@ -1698,7 +1698,14 @@ int main(int argc, char **argv) continue; case CD_NIC_OFFLOAD: /* --nic-offload */ - msg.nic_offload = TRUE; + if (streq(optarg, "no")) + msg.nic_offload = nic_offload_no; + else if (streq(optarg, "yes")) + msg.nic_offload = nic_offload_yes; + else if (streq(optarg, "auto")) + msg.nic_offload = nic_offload_auto; + else + diag("--nic_offload options are 'no', 'yes' or 'auto'"); continue; case CD_NO_NAT_KEEPALIVE: /* --no-nat_keepalive */ -- 2.11.0 _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
