firewall: T7358: add offload option to global state policy

Since the jump to the global state chain is inserted before all rules,
it wasn't possible to use offload with the global state policies

This commit adds a new chain for offloaded traffic in the forward
chain and jumps to that chain. Please enter the commit message for your changes. Lines starting

1 files changed, 8 insertions, 0 deletions

diff --git a/interface-definitions/include/firewall/global-options.xml.i b/interface-definitions/include/firewall/global-options.xml.i
index 355b41fde..7393ff5c9 100644
--- a/interface-definitions/include/firewall/global-options.xml.i
+++ b/interface-definitions/include/firewall/global-options.xml.i
@@ -217,6 +217,14 @@
         <help>Global firewall state-policy</help>
       </properties>
       <children>
+        <node name="offload">
+          <properties>
+            <help>All stateful forward traffic is offloaded to a flowtable</help>
+          </properties>
+          <children>
+            #include <include/firewall/offload-target.xml.i>
+          </children>
+        </node>
         <node name="established">
           <properties>
             <help>Global firewall policy for packets part of an established connection</help>