diff options
Diffstat (limited to 'src/swanctl')
| -rw-r--r-- | src/swanctl/command.c | 2 | ||||
| -rw-r--r-- | src/swanctl/command.h | 2 | ||||
| -rw-r--r-- | src/swanctl/commands/list_algs.c | 2 | ||||
| -rw-r--r-- | src/swanctl/commands/redirect.c | 2 | ||||
| -rw-r--r-- | src/swanctl/commands/terminate.c | 9 | ||||
| -rw-r--r-- | src/swanctl/swanctl.conf.5.main | 8 | ||||
| -rw-r--r-- | src/swanctl/swanctl.opt | 6 |
7 files changed, 26 insertions, 5 deletions
diff --git a/src/swanctl/command.c b/src/swanctl/command.c index 225dff617..63f4523bb 100644 --- a/src/swanctl/command.c +++ b/src/swanctl/command.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/swanctl/command.h b/src/swanctl/command.h index 0d93ae45c..f2640d90f 100644 --- a/src/swanctl/command.h +++ b/src/swanctl/command.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/swanctl/commands/list_algs.c b/src/swanctl/commands/list_algs.c index 616e6ff75..99b5c7627 100644 --- a/src/swanctl/commands/list_algs.c +++ b/src/swanctl/commands/list_algs.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/swanctl/commands/redirect.c b/src/swanctl/commands/redirect.c index 6edb936e6..46e0c5719 100644 --- a/src/swanctl/commands/redirect.c +++ b/src/swanctl/commands/redirect.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/swanctl/commands/terminate.c b/src/swanctl/commands/terminate.c index 8b3233c89..bce404a54 100644 --- a/src/swanctl/commands/terminate.c +++ b/src/swanctl/commands/terminate.c @@ -39,6 +39,7 @@ static int terminate(vici_conn_t *conn) command_format_options_t format = COMMAND_FORMAT_NONE; char *arg, *child = NULL, *ike = NULL; int ret = 0, timeout = 0, level = 1, child_id = 0, ike_id = 0; + bool force = FALSE; while (TRUE) { @@ -55,6 +56,9 @@ static int terminate(vici_conn_t *conn) case 'c': child = arg; continue; + case 'f': + force = TRUE; + continue; case 'i': ike = arg; continue; @@ -101,6 +105,10 @@ static int terminate(vici_conn_t *conn) { vici_add_key_valuef(req, "ike-id", "%d", ike_id); } + if (force) + { + vici_add_key_valuef(req, "force", "yes"); + } if (timeout) { vici_add_key_valuef(req, "timeout", "%d", timeout * 1000); @@ -150,6 +158,7 @@ static void __attribute__ ((constructor))reg() {"ike", 'i', 1, "terminate by IKE_SA name"}, {"child-id", 'C', 1, "terminate by CHILD_SA reqid"}, {"ike-id", 'I', 1, "terminate by IKE_SA unique identifier"}, + {"force", 'f', 0, "terminate IKE_SA without waiting, unless timeout is set"}, {"timeout", 't', 1, "timeout in seconds before detaching"}, {"raw", 'r', 0, "dump raw response message"}, {"pretty", 'P', 0, "dump raw response message in pretty print"}, diff --git a/src/swanctl/swanctl.conf.5.main b/src/swanctl/swanctl.conf.5.main index 637661083..1f7e3a2cc 100644 --- a/src/swanctl/swanctl.conf.5.main +++ b/src/swanctl/swanctl.conf.5.main @@ -1146,7 +1146,13 @@ disables IPsec replay protection. .TP .BR connections.<conn>.children.<child>.hw_offload " [no]" Enable hardware offload for this CHILD_SA, if supported by the IPsec -implementation. +implementation. The value +.RI "" "yes" "" +enforces offloading and the installation will +fail if it's not supported by either kernel or device. The value +.RI "" "auto" "" +enables offloading, if it's supported, but the installation does not fail +otherwise. .TP .BR connections.<conn>.children.<child>.start_action " [none]" diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index 5675b31ca..120e5812e 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -931,6 +931,12 @@ connections.<conn>.children.<child>.hw_offload = no Enable hardware offload for this CHILD_SA, if supported by the IPsec implementation. + Enable hardware offload for this CHILD_SA, if supported by the IPsec + implementation. The value _yes_ enforces offloading and the installation + will fail if it's not supported by either kernel or device. The value _auto_ + enables offloading, if it's supported, but the installation does not fail + otherwise. + connections.<conn>.children.<child>.start_action = none Action to perform after loading the configuration (_none_, _trap_, _start_). |