From 177224c14a0f2787aed41fc38e5b6c11171feb9d Mon Sep 17 00:00:00 2001
From: Hannu Nyman <hannu.nyman@iki.fi>
Date: Sat, 26 May 2018 20:31:23 +0300
Subject: [PATCH 1/1] luci-app-firewall: expose flow offloading options

Expose options related to routing/NAT flow offloading
feature in firewall3. Offloading is available in kernel 4.14+

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
---
 .../luasrc/model/cbi/firewall/zones.lua       | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/applications/luci-app-firewall/luasrc/model/cbi/firewall/zones.lua b/applications/luci-app-firewall/luasrc/model/cbi/firewall/zones.lua
index 500e5078f..2c5083a01 100644
--- a/applications/luci-app-firewall/luasrc/model/cbi/firewall/zones.lua
+++ b/applications/luci-app-firewall/luasrc/model/cbi/firewall/zones.lua
@@ -3,6 +3,7 @@
 
 local ds = require "luci.dispatcher"
 local fw = require "luci.model.firewall"
+local fs = require "nixio.fs"
 
 local m, s, o, p, i, v
 
@@ -32,6 +33,28 @@ for i, v in ipairs(p) do
 	v:value("ACCEPT", translate("accept"))
 end
 
+-- Netfilter flow offload support
+
+local offload = fs.access("/sys/module/xt_FLOWOFFLOAD/refcnt")
+
+if offload then
+	s:option(DummyValue, "offload_advice",
+		translate("Routing/NAT Offloading"),
+		translate("Experimental feature. Not fully compatible with QoS/SQM."))
+
+	o = s:option(Flag, "flow_offloading",
+		translate("Software flow offloading"),
+		translate("Software based offloading for routing/NAT"))
+	o.optional = true
+
+	o = s:option(Flag, "flow_offloading_hw",
+		translate("Hardware flow offloading"),
+		translate("Requires hardware NAT support. Implemented at least for mt7621"))
+	o.optional = true
+	o:depends( "flow_offloading", 1)
+end
+
+-- Firewall zones
 
 s = m:section(TypedSection, "zone", translate("Zones"))
 s.template = "cbi/tblsection"
-- 
2.25.1