diff options
| author | Jo-Philipp Wich | 2022-02-03 22:35:35 +0000 |
|---|---|---|
| committer | Jo-Philipp Wich | 2022-02-03 22:35:35 +0000 |
| commit | 7cb10c809314261c20ddca069eacd469adf44be3 (patch) | |
| tree | 14daf12f0159aed7221554e418befaca337d7399 | |
| parent | b2241a1a70f8c367604ad25dea5b615fd1c8a5a1 (diff) | |
| download | firewall4-7cb10c809314261c20ddca069eacd469adf44be3.tar.gz | |
fw4: disable "flow_offloading_hw" option for now
Currently there does not appear to exist any kernel side nft flowtable
implementation that supports hardware flow offloading.
Attempting to upload a ruleset containing a flowtable declaration with
the hardware offloading flag set will fail with a generic EOPNOTSUPP
error.
Since there is neither a graceful recovery (e.g. continue without
hardware flow offloading) nor any possibility to probe kernel side
support from userspace, disable the facility entirely for now.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
| -rw-r--r-- | root/usr/share/ucode/fw4.uc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/root/usr/share/ucode/fw4.uc b/root/usr/share/ucode/fw4.uc index 175883f..7a2cd75 100644 --- a/root/usr/share/ucode/fw4.uc +++ b/root/usr/share/ucode/fw4.uc @@ -1695,7 +1695,7 @@ return { custom_chains: [ "bool", null, UNSUPPORTED ], disable_ipv6: [ "bool", null, UNSUPPORTED ], flow_offloading: [ "bool", "0" ], - flow_offloading_hw: [ "bool", "0" ] + flow_offloading_hw: [ "bool", "0", UNSUPPORTED ] }); if (defs.synflood_protect === null) |