luci-app-firewall: expose flow offloading options
authorHannu Nyman <hannu.nyman@iki.fi>
Sat, 26 May 2018 17:31:23 +0000 (20:31 +0300)
committerHannu Nyman <hannu.nyman@iki.fi>
Sun, 27 May 2018 16:26:39 +0000 (19:26 +0300)
Expose options related to routing/NAT flow offloading
feature in firewall3. Offloading is available in kernel 4.14+

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 177224c14a0f2787aed41fc38e5b6c11171feb9d)

applications/luci-app-firewall/luasrc/model/cbi/firewall/zones.lua

index 500e5078f42c2f0c5b0d6cb88a16e8db2f5efd9f..2c5083a019b5202acd5920009a163144ac2892c7 100644 (file)
@@ -3,6 +3,7 @@
 
 local ds = require "luci.dispatcher"
 local fw = require "luci.model.firewall"
+local fs = require "nixio.fs"
 
 local m, s, o, p, i, v
 
@@ -32,6 +33,28 @@ for i, v in ipairs(p) do
        v:value("ACCEPT", translate("accept"))
 end
 
+-- Netfilter flow offload support
+
+local offload = fs.access("/sys/module/xt_FLOWOFFLOAD/refcnt")
+
+if offload then
+       s:option(DummyValue, "offload_advice",
+               translate("Routing/NAT Offloading"),
+               translate("Experimental feature. Not fully compatible with QoS/SQM."))
+
+       o = s:option(Flag, "flow_offloading",
+               translate("Software flow offloading"),
+               translate("Software based offloading for routing/NAT"))
+       o.optional = true
+
+       o = s:option(Flag, "flow_offloading_hw",
+               translate("Hardware flow offloading"),
+               translate("Requires hardware NAT support. Implemented at least for mt7621"))
+       o.optional = true
+       o:depends( "flow_offloading", 1)
+end
+
+-- Firewall zones
 
 s = m:section(TypedSection, "zone", translate("Zones"))
 s.template = "cbi/tblsection"