Hello OpenWrt hackers, I'm playing around with OpenWrt master on a MikroTik RB750Gr3 and would like to do hardware accelerated statefull bridge firewalling. My end goal is to learn and make PhanTap (https://github.com/nccgroup/phantap) work at line rate.
MT7621 supports flow offload, so the high level idea would be to: - create a linux bridge with 2 ports (say lan4/lan5) - disable normal switch offload (do not forward just based on mac dest) and have the packets go through netfilter - have netfilter create/install flow offload rules for most connections like we do for the routing case. - enjoy My questions are: - will the hardware let me do that (any restrictions on the flow offload rules or ...) ? - is it already possible with OpenWrt master (I was not able to have a bridge without offload yet) ? - any pointer to ongoing work in that area (while writing this email I just found NF_CONNTRACK_BRIDGE) Thanks Etienne _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel