From a7a542ecd792c012726bfcb42d0918c09a231fa9 Mon Sep 17 00:00:00 2001
From: Markus Gothe <markus.gothe@genexis.eu>
Date: Thu, 20 Feb 2025 12:53:18 +0100
Subject: [PATCH] base-files: Add hotplug-scripts for WG offloading.

---
 .../etc/hotplug.d/proto/10-wireguard          | 11 +++++
 .../etc/hotplug.d/proto/10-wireguard          | 41 +++++++++++++++++++
 2 files changed, 52 insertions(+)
 create mode 100755 airoha/base-files/etc/hotplug.d/proto/10-wireguard
 create mode 100755 brcmbca/base-files/etc/hotplug.d/proto/10-wireguard

diff --git a/airoha/base-files/etc/hotplug.d/proto/10-wireguard b/airoha/base-files/etc/hotplug.d/proto/10-wireguard
new file mode 100755
index 000000000..c6e820f6c
--- /dev/null
+++ b/airoha/base-files/etc/hotplug.d/proto/10-wireguard
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+[ "$PROTOCOL" = "wireguard" ] || exit 0
+[ "$ACTION" = "post-setup" -o "$ACTION" = "pre-teardown" ] || exit 0
+[ -n "$INTERFACE" ] || exit 0
+
+readonly LISTEN_PORT="$(wg show "${INTERFACE}" listen-port)"
+[ -n "$LISTEN_PORT" ] || exit 0
+
+[ "$ACTION" = "post-setup" ] && CMD=add || CMD=del
+/userfs/bin/ppemgr localin $CMD dport $((LISTEN_PORT))
diff --git a/brcmbca/base-files/etc/hotplug.d/proto/10-wireguard b/brcmbca/base-files/etc/hotplug.d/proto/10-wireguard
new file mode 100755
index 000000000..06786a7e6
--- /dev/null
+++ b/brcmbca/base-files/etc/hotplug.d/proto/10-wireguard
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+[ "$PROTOCOL" = "wireguard" ] || exit 0
+[ "$ACTION" = "pre-setup" -o "$ACTION" = "post-teardown" ] || exit 0
+[ -n "$INTERFACE" ] || exit 0
+
+if [ "$ACTION" = "pre-setup" ]; then
+	iptables -w -D input_rule -i "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+	iptables -w -I input_rule -i "${INTERFACE}" -j SKIPLOG
+	ip6tables -w -D input_rule -i "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+	ip6tables -w -I input_rule -i "${INTERFACE}" -j SKIPLOG
+
+	iptables -w -D forwarding_rule -i "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+	iptables -w -I forwarding_rule -i "${INTERFACE}" -j SKIPLOG
+	ip6tables -w -D forwarding_rule -i "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+	ip6tables -w -I forwarding_rule -i "${INTERFACE}" -j SKIPLOG
+
+	iptables -w -D output_rule -o "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+	iptables -w -I output_rule -o "${INTERFACE}" -j SKIPLOG
+	ip6tables -w -D output_rule -o "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+	ip6tables -w -I output_rule -o "${INTERFACE}" -j SKIPLOG
+
+	iptables -w -D forwarding_rule -o "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+	iptables -w -I forwarding_rule -o "${INTERFACE}" -j SKIPLOG
+	ip6tables -w -D forwarding_rule -o "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+	ip6tables -w -I forwarding_rule -o "${INTERFACE}" -j SKIPLOG
+else
+	iptables -w -D input_rule -i "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+	ip6tables -w -D input_rule -i "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+
+	iptables -w -D forwarding_rule -i "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+	ip6tables -w -D forwarding_rule -i "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+
+	iptables -w -D output_rule -o "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+	ip6tables -w -D output_rule -o "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+
+	iptables -w -D forwarding_rule -o "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+	ip6tables -w -D forwarding_rule -o "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+fi
+
+fcctl flush
-- 
GitLab