From: Jo-Philipp Wich Date: Sat, 12 Feb 2022 19:32:38 +0000 (+0100) Subject: fw4: resolve zone layer 2 devices for hw flow offloading X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=53caa1a762125a71389a486aa913e4fbdf3650cf;p=project%2Ffirewall4.git fw4: resolve zone layer 2 devices for hw flow offloading Some interface protocols like PPPoE use a layer 3 device that is different fro mthe layer 2 one and which cannot be resolved to a lower device through sysfs, so additionally track related layer 2 devices and resolve those when constructing a hardware flow offloading table. Signed-off-by: Jo-Philipp Wich --- diff --git a/root/usr/share/ucode/fw4.uc b/root/usr/share/ucode/fw4.uc index 243e27c..7172a86 100644 --- a/root/usr/share/ucode/fw4.uc +++ b/root/usr/share/ucode/fw4.uc @@ -453,7 +453,7 @@ return { } for (let zone in this.zones()) - for (let device in zone.match_devices) + for (let device in zone.related_physdevs) push(devices, ...resolve_lower_devices(devstatus, device)); devices = uniq(devices); @@ -463,9 +463,9 @@ return { this.warn('Hardware flow offloading unavailable, falling back to software offloading'); this.state.defaults.flow_offloading_hw = false; - } - devices = []; + devices = []; + } for (let zone in this.zones()) for (let device in zone.match_devices) @@ -536,6 +536,7 @@ return { let net = { up: ifc.up, device: ifc.l3_device, + physdev: ifc.device, zone: ifc.data?.zone }; @@ -1883,6 +1884,7 @@ return { zone.auto_helper = false; let match_devices = []; + let related_physdevs = []; let related_subnets = []; let related_ubus_networks = []; let match_subnets, masq_src_subnets, masq_dest_subnets; @@ -1903,6 +1905,9 @@ return { }); } + if (net.physdev && !e.invert) + push(related_physdevs, net.physdev); + push(related_subnets, ...(net.ipaddrs || [])); } } @@ -2036,6 +2041,7 @@ return { zone.match_subnets = map(filter(related_subnets, s => !s.invert && s.bits != -1), this.cidr); zone.related_subnets = related_subnets; + zone.related_physdevs = related_physdevs; if (zone.masq || zone.masq6) zone.dflags.snat = true; diff --git a/tests/01_configuration/01_ruleset b/tests/01_configuration/01_ruleset index f19daf5..913bfb3 100644 --- a/tests/01_configuration/01_ruleset +++ b/tests/01_configuration/01_ruleset @@ -26,7 +26,7 @@ table inet fw4 { flowtable ft { hook ingress priority 0; - devices = { "eth0" }; + devices = { "eth0", "eth1" }; flags offload; } @@ -299,9 +299,8 @@ table inet fw4 { [call] ctx.call object method args [call] fs.opendir path [call] fs.opendir path -[call] fs.opendir path -[call] fs.opendir path -[call] system command /dev/null> timeout +[call] fs.opendir path +[call] system command /dev/null> timeout [call] fs.popen cmdline mode [call] fs.open path mode [call] fs.open path mode