FW3_OPT("accept_redirects", bool, defaults, accept_redirects),
FW3_OPT("accept_source_route", bool, defaults, accept_source_route),
+ FW3_OPT("auto_helper", bool, defaults, auto_helper),
FW3_OPT("custom_chains", bool, defaults, custom_chains),
FW3_OPT("disable_ipv6", bool, defaults, disable_ipv6),
+ FW3_OPT("flow_offloading", bool, defaults, flow_offloading),
+ FW3_OPT("flow_offloading_hw", bool, defaults, flow_offloading_hw),
FW3_OPT("__flags_v4", int, defaults, flags[0]),
FW3_OPT("__flags_v6", int, defaults, flags[1]),
}
}
+static void
+check_offloading(struct uci_element *e, bool *offloading)
+{
+ FILE *f;
+
+ if (!*offloading)
+ return;
+
+ f = fopen("/sys/module/xt_FLOWOFFLOAD/refcnt", "r");
+
+ if (f)
+ {
+ fclose(f);
+ return;
+ }
+
+ warn_elem(e, "enables offloading but missing kernel support, disabling");
+ *offloading = false;
+}
+
void
fw3_load_defaults(struct fw3_state *state, struct uci_package *p)
{
defs->tcp_syncookies = true;
defs->tcp_window_scaling = true;
defs->custom_chains = true;
+ defs->auto_helper = true;
uci_foreach_element(&p->sections, e)
{
continue;
}
- fw3_parse_options(&state->defaults, fw3_flag_opts, s);
+ if(!fw3_parse_options(&state->defaults, fw3_flag_opts, s))
+ warn_elem(e, "has invalid options");
check_policy(e, &defs->policy_input, "input");
check_policy(e, &defs->policy_output, "output");
check_policy(e, &defs->policy_forward, "forward");
+
+ check_offloading(e, &defs->flow_offloading);
}
}
for (i = 0; i < ARRAY_SIZE(chains); i += 2)
{
r = fw3_ipt_rule_new(handle);
- fw3_ipt_rule_comment(r, "user chain for %s", chains[i+1]);
+ fw3_ipt_rule_comment(r, "Custom %s rule chain", chains[i+1]);
fw3_ipt_rule_target(r, "%s_rule", chains[i+1]);
fw3_ipt_rule_append(r, chains[i]);
}
}
+ if (defs->flow_offloading)
+ {
+ r = fw3_ipt_rule_new(handle);
+ fw3_ipt_rule_comment(r, "Traffic offloading");
+ fw3_ipt_rule_extra(r, "-m conntrack --ctstate RELATED,ESTABLISHED");
+ fw3_ipt_rule_target(r, "FLOWOFFLOAD");
+ if (defs->flow_offloading_hw)
+ fw3_ipt_rule_addarg(r, false, "--hw", NULL);
+ fw3_ipt_rule_append(r, "FORWARD");
+ }
+
for (i = 0; i < ARRAY_SIZE(chains); i += 2)
{
r = fw3_ipt_rule_new(handle);
if (defs->custom_chains)
{
r = fw3_ipt_rule_new(handle);
- fw3_ipt_rule_comment(r, "user chain for prerouting");
+ fw3_ipt_rule_comment(r, "Custom prerouting rule chain");
fw3_ipt_rule_target(r, "prerouting_rule");
fw3_ipt_rule_append(r, "PREROUTING");
r = fw3_ipt_rule_new(handle);
- fw3_ipt_rule_comment(r, "user chain for postrouting");
+ fw3_ipt_rule_comment(r, "Custom postrouting rule chain");
fw3_ipt_rule_target(r, "postrouting_rule");
fw3_ipt_rule_append(r, "POSTROUTING");
}