I’m using a BT Home Hub 5A as the OpenWRT router and a Billion 8800 NL R2 in half bridge modem mode which handles the PPPoE connection aswell DHCP, and I want to write DSCP markings into conntrack and restore them on ingress. I’m already encountering issues with writing DSCP markings into conntrack.
I’m using the following rules (chain in the forward hook):
nft add rule inet dscptag dscptag ct mark set ip dscp or 128 counter
Unfortunately, the rules either aren’t being written into conntrack or aren’t being written correctly.
meta nfproto 0 ct mark set @nh,8,8 & 0xfc [invalid type] | 0x80 counter packets 0 bytes 0
meta nfproto 0 ct mark set @nh,0,16 & 0xfc0 [invalid type] | 0x80 counter packets 0 bytes 0
}
}
I'm a newbie so it would appreciate if someone could help me out with this issue or walk through with me on this issue .
Ahhh apologies, the screenshot was just to illustrate the software to you. However, when I do ping 1.1.1.1 -t its shows as cs0. I can show you once I’m home in like 10mins
To verify if the rule is being generated correctly internally, please run:
nft -c -d netlink add rule inet dscptag dscptag ct mark set ip dscp or 128 counter
nft -c -d netlink add rule inet dscptag dscptag ct mark set ip6 dscp or 128 counter
nft -c -d netlink add rule inet dscptag dscptag meta nfproto ipv4 ct mark set ip dscp or 128 counter
nft -c -d netlink add rule inet dscptag dscptag meta nfproto ipv6 ct mark set ip6 dscp or 128 counter
Do you get the same output if you explicitly add the nfproto?
nft -c -d netlink add rule inet dscptag dscptag meta nfproto ipv4 ct mark set ip dscp or 128 counter
nft -c -d netlink add rule inet dscptag dscptag meta nfproto ipv6 ct mark set ip6 dscp or 128 counter
I’m not sure what this all means i’m a newbie but are you saying there is nothing wrong with the router? I have long replaced it with a Beryl AX and everything is now working as it should anyways
The thread is full of misconceptions.
Packet enters at ingress , then raw, then conntrack has more detail starting at mangle (at this point you set / get the ct mark) then back then at raw level ct mark is lost from packet and continues to egress.
I am still puzzled about byte order issues claimed. Down to lol.
So why you need connection marking? like QoS priority?