[FS#4240] firewall4: dscp match requires ip/ip6 prepended

OpenWrt Bugs openwrt-bugs at lists.openwrt.org
Tue Jan 25 18:52:03 PST 2022 

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

A new Flyspray task has been opened.  Details are below. 

User who did this - dave14305 (dave14305) 

Attached to Project - OpenWrt/LEDE Project
Summary - firewall4: dscp match requires ip/ip6 prepended
Task Type - Bug Report
Category - Base system
Status - Unconfirmed
Assigned To - 
Operating System - All
Severity - Low
Priority - Very Low
Reported Version - Trunk
Due in Version - Undecided
Due Date - Undecided
Details - Device: bcm2711, r18639-f5865452ac

Firewall rule with a dscp match fails to process due to missing ip or ip6 family prepended to the dscp expression.

My rule:
config rule
        option name 'WiFi Calling'
        list proto 'udp'
        option src '*'
        option src_port '4500'
        option dest '*'
        option dest_port '4500'
        option target 'DSCP'
        option set_dscp 'CS6'
        option dscp 'CS0'
Invalid statements:
        chain mangle_forward {
                type filter hook forward priority mangle; policy accept;
                meta nfproto ipv4 udp sport 4500 udp dport 4500 dscp 0x0 counter ip dscp set 0x30 comment "!fw4: WiFi Calling"
                meta nfproto ipv6 udp sport 4500 udp dport 4500 dscp 0x0 counter ip6 dscp set 0x30 comment "!fw4: WiFi Calling"
        }
Correct statements:
        chain mangle_forward {
                type filter hook forward priority mangle; policy accept;
                meta nfproto ipv4 udp sport 4500 udp dport 4500 ip dscp 0x0 counter ip dscp set 0x30 comment "!fw4: WiFi Calling"
                meta nfproto ipv6 udp sport 4500 udp dport 4500 ip6 dscp 0x0 counter ip6 dscp set 0x30 comment "!fw4: WiFi Calling"

Old code:
{%+ if (rule.dscp): -%}
	dscp{% if (rule.dscp.invert): %} !={% endif %} {{ fw4.hex(rule.dscp.dscp) }} {%+ endif -%}

New code:
{%+ if (rule.dscp): -%}
        {{ fw4.ipproto(rule.family) }} dscp{% if (rule.dscp.invert): %} !={% endif %} {{ fw4.hex(rule.dscp.dscp) }} {%+ endif -%}

More information can be found at the following URL:
https://bugs.openwrt.org/index.php?do=details&task_id=4240

You are receiving this message because you have requested it from the Flyspray bugtracking system.  If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

More information about the openwrt-bugs mailing list