fw4: resolve zone layer 2 devices for hw flow offloading

Some interface protocols like PPPoE use a layer 3 device that is different
fro mthe layer 2 one and which cannot be resolved to a lower device through
sysfs, so additionally track related layer 2 devices and resolve those when
constructing a hardware flow offloading table.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

diff --git a/root/usr/share/ucode/fw4.uc b/root/usr/share/ucode/fw4.uc
index 243e27c51627d5ebce602e5d3029f09df015d5d5..7172a8686e746051356a20c3652ee5f7f1ac8f27 100644 (file)
--- a/root/usr/share/ucode/fw4.uc
+++ b/root/usr/share/ucode/fw4.uc
@@ -453,7 +453,7 @@ return {
                        }
 
                        for (let zone in this.zones())
-                               for (let device in zone.match_devices)
+                               for (let device in zone.related_physdevs)
                                        push(devices, ...resolve_lower_devices(devstatus, device));
 
                        devices = uniq(devices);
@@ -463,9 +463,9 @@ return {
 
                        this.warn('Hardware flow offloading unavailable, falling back to software offloading');
                        this.state.defaults.flow_offloading_hw = false;
-               }
 
-               devices = [];
+                       devices = [];
+               }
 
                for (let zone in this.zones())
                        for (let device in zone.match_devices)
@@ -536,6 +536,7 @@ return {
                                let net = {
                                        up: ifc.up,
                                        device: ifc.l3_device,
+                                       physdev: ifc.device,
                                        zone: ifc.data?.zone
                                };
 
@@ -1883,6 +1884,7 @@ return {
                        zone.auto_helper = false;
 
                let match_devices = [];
+               let related_physdevs = [];
                let related_subnets = [];
                let related_ubus_networks = [];
                let match_subnets, masq_src_subnets, masq_dest_subnets;
@@ -1903,6 +1905,9 @@ return {
                                        });
                                }
 
+                               if (net.physdev && !e.invert)
+                                       push(related_physdevs, net.physdev);
+
                                push(related_subnets, ...(net.ipaddrs || []));
                        }
                }
@@ -2036,6 +2041,7 @@ return {
                zone.match_subnets = map(filter(related_subnets, s => !s.invert && s.bits != -1), this.cidr);
 
                zone.related_subnets = related_subnets;
+               zone.related_physdevs = related_physdevs;
 
                if (zone.masq || zone.masq6)
                        zone.dflags.snat = true;

diff --git a/tests/01_configuration/01_ruleset b/tests/01_configuration/01_ruleset
index f19daf59604bd5387eda19f892708712d2b152bc..913bfb3f308b57a1e862a45151b00adc5271dac2 100644 (file)
--- a/tests/01_configuration/01_ruleset
+++ b/tests/01_configuration/01_ruleset
@@ -26,7 +26,7 @@ table inet fw4 {
 
        flowtable ft {
                hook ingress priority 0;
-               devices = { "eth0" };
+               devices = { "eth0", "eth1" };
                flags offload;
        }
 
@@ -299,9 +299,8 @@ table inet fw4 {
 [call] ctx.call object <network.device> method <status> args <null>
 [call] fs.opendir path </sys/class/net/br-lan>
 [call] fs.opendir path </sys/class/net/eth0>
-[call] fs.opendir path </sys/class/net/pppoe-wan>
-[call] fs.opendir path </sys/class/net/pppoe-wan>
-[call] system command </usr/sbin/nft -c 'add table inet fw4-hw-offload-test; add flowtable inet fw4-hw-offload-test ft { hook ingress priority 0; devices = { "eth0" }; flags offload; }' 2>/dev/null> timeout <null>
+[call] fs.opendir path </sys/class/net/eth1>
+[call] system command </usr/sbin/nft -c 'add table inet fw4-hw-offload-test; add flowtable inet fw4-hw-offload-test ft { hook ingress priority 0; devices = { "eth0", "eth1" }; flags offload; }' 2>/dev/null> timeout <null>
 [call] fs.popen cmdline </usr/sbin/nft --terse --json list flowtables inet> mode <r>
 [call] fs.open path </sys/class/net/br-lan/flags> mode <r>
 [call] fs.open path </sys/class/net/br-lan/flags> mode <r>