Exclude offloading on VLAN

Installing and Using OpenWrt Network and Wireless Configuration
1

Can I exclude VLANs/Zones or interfaces from offloading?
I have a GL-MT6000 and want to enable SQM on uplink (which is a vlan on br-lan) and enable offloading on the other vlans.
Is that possible?

2

Is offload solving any problem?

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, VPN keys, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall
3

I have not setup the router yet, so I can’t provide the config.
It should do wireguard, the routing across VLANs, and the uplink (500/100Mbit) with SQM.
I guess without offload it will not handle 2.5G routing.

4 
I got it working with following setup:

nft add table inet partoffload
nft add flowtable inet partoffload ft '{ hook ingress priority filter; devices = { lan1, lan2, lan3, lan4, lan5 }; flags offload; counter; }'
nft add chain inet partoffload lan '{ type filter hook forward priority filter; }'
nft add rule inet partoffload lan meta l4proto { tcp, udp } flow add @ft

it excludes eth1 from hardware offload and enables sqm on eth1.
would be nice if this would be possible in luci.

1 Like
Lets talk about firewall4 (default nftables firewall)
5

Add following to /etc/nftabled.d/abc.nft (any name .nft) to integrate with fw4 table

        flowtable pft {
                hook ingress priority filter
                devices = { lan1, lan2, lan3, lan4, lan5 }
                flags offload
                counter
        }

        chain lans {
                type filter hook forward priority filter + 1; policy accept;
                flow add @pft return
        }

What I am wondering - is it any different from soft offloading as flowtable has just one end of forwarding transformation.

Not significant - but your flowtbable reloads with fw4
flowtable name is different from default so you can have both and still Run fw4 check/nft -c
priority is one hair later than dropping invalid packets
flow add already includes tcpudp filter, again return from chain hair earlier for offload-initiating last not offloaded packets...

The code for selecting offload candidate interfaces is here https://github.com/openwrt/firewall4/blame/master/root/usr/share/ucode/fw4.uc#L508 if you are looking to contribute.

Archer C6 v2 no space for ath10k-firmware
6

I did not test it, so I dont know.

That was intended, so that my flowtable is not overwritten from luci.
(I included it with the ‘script option’ of fw4)

Your suggestions sound reasonable and I will test it next time I'm at the location.
Thank you!

7

Thanks if you succeed. Just # comment out flags line. Radical (>10%) bandwidth or latency change means hw offload matters.

Your script is correct in general. I just slightly improved its integration. Either way it adds one hook which is about weight of "counter" statement, indifferent on filogic router, probbaly loses bandwidth on archaic ones.