[FS#3284] firewall3 parses boolean options as false

OpenWrt Bugs openwrt-bugs at lists.openwrt.org
Sat Aug 15 00:40:09 EDT 2020 

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

A new Flyspray task has been opened.  Details are below. 

User who did this - RemiNV (RemiNV) 

Attached to Project - OpenWrt/LEDE Project
Summary - firewall3 parses boolean options as false
Task Type - Bug Report
Category - Base system
Status - Unconfirmed
Assigned To - 
Operating System - All
Severity - Low
Priority - Very Low
Reported Version - Trunk
Due in Version - Undecided
Due Date - Undecided
Details - fw3 does not parse boolean options properly: { "bool_attr": "true" } is fine, but { "bool_attr": true } (no quotes) is parsed as false.

Repro steps:

Assuming there is a "wanclient" DHCPv6 client logical interface, based on a eth0.2 switch VLAN interface:

  ubus  call network.interface notify_proto '{ "action": 0, "link-up": true, "interface": "wanclient", "ifname": "eth0.2", "data": { "firewall": [ { "type": "nat", "target": "SNAT", "family": "inet", "proto": "icmp", "connlimit_ports": true, "snat_ip": "192.168.42.42", "snat_port": "63345-63346" }]}}'
  iptables -t nat -S POSTROUTING


Shows the following iptables SNAT rule:

  -A POSTROUTING -o eth0.2 -p icmp -m comment --comment "!fw3: ubus:wanclient[dhcpv6] nat 0" -j SNAT --to-source 192.168.42.42:63345-63346


Notice that it does not specify connlimit options, even though '"connlimit_ports": true' was specified in the ubus call.
However if the same is done with '"connlimit_ports": "true"' (note the quotes around "true"):

  ubus  call network.interface notify_proto '{ "action": 0, "link-up": true, "interface": "wanclient", "ifname": "eth0.2", "data": { "firewall": [ { "type": "nat", "target": "SNAT", "family": "inet", "proto": "icmp", "connlimit_ports": "true", "snat_ip": "192.168.42.42", "snat_port": "63345-63346" }]}}'


The correct iptables rule is added:

  -A POSTROUTING -o eth0.2 -p icmp -m connlimit --connlimit-upto 2 --connlimit-mask 32 --connlimit-daddr -m comment --comment "!fw3: ubus:wanclient[dhcpv6] nat 0" -j SNAT --to-source 192.168.42.42:63345-63346


This seems to be a bug in firewall3/options.c: in fw3_parse_blob_options, boolean options as parsed as string options (with blobmsg_get_string), which seems to return an empty string for an actual boolean option (true without quotes).

I have a patch and will try to send it.

More information can be found at the following URL:
https://bugs.openwrt.org/index.php?do=details&task_id=3284

You are receiving this message because you have requested it from the Flyspray bugtracking system.  If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

More information about the openwrt-bugs mailing list