I’m using a BT Home Hub 5A as the OpenWRT router and a Billion 8800 NL R2 in half bridge modem mode which handles the PPPoE connection aswell DHCP, and I want to write DSCP markings into conntrack and restore them on ingress. I’m already encountering issues with writing DSCP markings into conntrack.
I’m using the following rules (chain in the forward hook):
nft add rule inet dscptag dscptag ct mark set ip dscp or 128 counter
Unfortunately, the rules either aren’t being written into conntrack or aren’t being written correctly.
meta nfproto 0 ct mark set @nh,8,8 & 0xfc [invalid type] | 0x80 counter packets 0 bytes 0
meta nfproto 0 ct mark set @nh,0,16 & 0xfc0 [invalid type] | 0x80 counter packets 0 bytes 0
}
}
I'm a newbie so it would appreciate if someone could help me out with this issue or walk through with me on this issue .
Ahhh apologies, the screenshot was just to illustrate the software to you. However, when I do ping 1.1.1.1 -t its shows as cs0. I can show you once I’m home in like 10mins
To verify if the rule is being generated correctly internally, please run:
nft -c -d netlink add rule inet dscptag dscptag ct mark set ip dscp or 128 counter
nft -c -d netlink add rule inet dscptag dscptag ct mark set ip6 dscp or 128 counter
nft -c -d netlink add rule inet dscptag dscptag meta nfproto ipv4 ct mark set ip dscp or 128 counter
nft -c -d netlink add rule inet dscptag dscptag meta nfproto ipv6 ct mark set ip6 dscp or 128 counter
Do you get the same output if you explicitly add the nfproto?
nft -c -d netlink add rule inet dscptag dscptag meta nfproto ipv4 ct mark set ip dscp or 128 counter
nft -c -d netlink add rule inet dscptag dscptag meta nfproto ipv6 ct mark set ip6 dscp or 128 counter