From 382c6fc6ffe76d7ce418018f69902572701215a3 Mon Sep 17 00:00:00 2001
From: l0crian1 <ryan.claridge13@gmail.com>
Date: Wed, 16 Apr 2025 12:31:34 -0400
Subject: firewall: T7358: add offload option to global state policy

Since the jump to the global state chain is inserted before all rules,
it wasn't possible to use offload with the global state policies

This commit adds a new chain for offloaded traffic in the forward
chain and jumps to that chain. Please enter the commit message for your changes. Lines starting
---
 interface-definitions/include/firewall/global-options.xml.i | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'interface-definitions/include')

diff --git a/interface-definitions/include/firewall/global-options.xml.i b/interface-definitions/include/firewall/global-options.xml.i
index 355b41fde..7393ff5c9 100644
--- a/interface-definitions/include/firewall/global-options.xml.i
+++ b/interface-definitions/include/firewall/global-options.xml.i
@@ -217,6 +217,14 @@
         <help>Global firewall state-policy</help>
       </properties>
       <children>
+        <node name="offload">
+          <properties>
+            <help>All stateful forward traffic is offloaded to a flowtable</help>
+          </properties>
+          <children>
+            #include <include/firewall/offload-target.xml.i>
+          </children>
+        </node>
         <node name="established">
           <properties>
             <help>Global firewall policy for packets part of an established connection</help>
-- 
cgit v1.2.3