fw4: fall back to device if l3_device is not available in ifstatus

If the l3_device ifstatus property of a referenced logical interface is
unavailable, e.g. due to the logical interface being down, no jump rules
to the related zone chains are emitted. This is a deviation from fw3 which
fell back to the l2 device value in this case.

Do the same in firewall4 to still produce matching rules in the majority
of cases, even if the l3 device ends up being something else.

Fixes: #10639
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

diff --git a/root/usr/share/ucode/fw4.uc b/root/usr/share/ucode/fw4.uc
index 766290ef5727c2489abd1f9f69a4fe36769c253f..a7837ed4088e977eea96c841951733b91c30c821 100644 (file)
--- a/root/usr/share/ucode/fw4.uc
+++ b/root/usr/share/ucode/fw4.uc
@@ -541,7 +541,7 @@ return {
                        for (let ifc in ifaces.interface) {
                                let net = {
                                        up: ifc.up,
-                                       device: ifc.l3_device,
+                                       device: ifc.l3_device ?? ifc.device,
                                        physdev: ifc.device,
                                        zone: ifc.data?.zone
                                };
@@ -589,7 +589,7 @@ return {
                                                        ...rulespec,
 
                                                        name: (rulespec.type != 'ipset') ? `ubus:${ifc.interface}[${ifc.proto}] ${rulespec.type || 'rule'} ${n}` : rulespec.name,
-                                                       device: rulespec.device || ifc.l3_device
+                                                       device: rulespec.device ?? ifc.l3_device ?? ifc.device
                                                });
 
                                                n++;