fw4: disable "flow_offloading_hw" option for now

Currently there does not appear to exist any kernel side nft flowtable
implementation that supports hardware flow offloading.

Attempting to upload a ruleset containing a flowtable declaration with
the hardware offloading flag set will fail with a generic EOPNOTSUPP
error.

Since there is neither a graceful recovery (e.g. continue without
hardware flow offloading) nor any possibility to probe kernel side
support from userspace, disable the facility entirely for now.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

diff --git a/root/usr/share/ucode/fw4.uc b/root/usr/share/ucode/fw4.uc
index 175883f85b254910dd409b03902afcd56a507411..7a2cd7574cb5616a6f718f10e4db622039258af5 100644 (file)
--- a/root/usr/share/ucode/fw4.uc
+++ b/root/usr/share/ucode/fw4.uc
@@ -1695,7 +1695,7 @@ return {
                        custom_chains: [ "bool", null, UNSUPPORTED ],
                        disable_ipv6: [ "bool", null, UNSUPPORTED ],
                        flow_offloading: [ "bool", "0" ],
-                       flow_offloading_hw: [ "bool", "0" ]
+                       flow_offloading_hw: [ "bool", "0", UNSUPPORTED ]
                });
 
                if (defs.synflood_protect === null)