From 450312e2374bf36e9410639a17d9c562977e0b66 Mon Sep 17 00:00:00 2001 From: Johannes Kimmel Date: Sun, 28 Nov 2021 16:18:41 +0100 Subject: [PATCH] fff-layer3-config: add rules for router_ip MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If the router_ips don't happen to be included in the client network's subnet, the decision defaults to a main table lookup. This causes packets to choose the wrong interface. This patch forces packets from a router_ip to be routed via the fff table. Fixes: #175 Signed-off-by: Johannes Kimmel Reviewed-by: Fabian Bläse --- .../files/etc/layer3.d/30-network-routerip | 52 +++++++++++++++++++ src/packages/fff/fff-layer3/Makefile | 2 +- 2 files changed, 53 insertions(+), 1 deletion(-) diff --git a/src/packages/fff/fff-layer3-config/files/etc/layer3.d/30-network-routerip b/src/packages/fff/fff-layer3-config/files/etc/layer3.d/30-network-routerip index 32412bf8..dcbac943 100644 --- a/src/packages/fff/fff-layer3-config/files/etc/layer3.d/30-network-routerip +++ b/src/packages/fff/fff-layer3-config/files/etc/layer3.d/30-network-routerip @@ -1,3 +1,5 @@ +. /lib/functions.sh + configure() { local router_ip local router_ip6 @@ -9,16 +11,66 @@ configure() { # remove netmask entry that ships by default uci -q del network.loopback.netmask + # clean old rules + remove_rules() { + local name="$1" + + # check if filter was added by this script + if ! [ "$(uci -q get network.$name.addedbyautoconfig)" = '30-network-routerip' ]; then + return + fi + + uci -q del network.$name + } + + config_load network + config_foreach remove_rules rule + config_foreach remove_rules rule6 + # add router_ip router_ip=$(uci -q get gateway.meta.router_ip) for ip in $router_ip; do uci -q add_list network.loopback.ipaddr="$ip" + + # CIDR notation required + case $ip in + */*) + # do nothing; ip is already in CIDR notation + ;; + *) + ip="$ip/32" + ;; + esac + + config=$(uci add network rule) + uci -q set network.$config.src="$ip" + uci -q set network.$config.lookup='fff' + # default prio for the ip4table interface option is 10000 + uci -q set network.$config.priority='10000' + uci -q set network.$config.addedbyautoconfig='30-network-routerip' done # add router_ip6 router_ip6=$(uci -q get gateway.meta.router_ip6) for ip in $router_ip6; do uci -q add_list network.loopback.ip6addr="$ip" + + # CIDR notation required + case $ip in + */*) + # do nothing; ip is already in CIDR notation + ;; + *) + ip="$ip/128" + ;; + esac + + config=$(uci add network rule6) + uci -q set network.$config.src="$ip" + uci -q set network.$config.lookup='fff' + # default prio for the ip6table interface option is 10000 + uci -q set network.$config.priority='10000' + uci -q set network.$config.addedbyautoconfig='30-network-routerip' done } diff --git a/src/packages/fff/fff-layer3/Makefile b/src/packages/fff/fff-layer3/Makefile index 5e80bb2b..8318e25d 100644 --- a/src/packages/fff/fff-layer3/Makefile +++ b/src/packages/fff/fff-layer3/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=fff-layer3 -PKG_RELEASE:=8 +PKG_RELEASE:=9 include $(INCLUDE_DIR)/package.mk