From 60051fb4a7c5af0a53098aa0a3e2a055e4b7a095 Mon Sep 17 00:00:00 2001
From: Johannes Kimmel <fff@bareminimum.eu>
Date: Tue, 26 Jan 2021 18:28:50 +0100
Subject: [PATCH 1/2] fff-babeld: redistribute all peer_ip and peer_ip6
 addresses

So far peer ips were only distributed via babel if they happened to fall
into the predefined network ranges. Currently, these only contain the
prefixes from the private and ULA ranges. Specifying any other address,
e.g. a globally routed one, will not result in the router being
reachable via that address.

Now peer ips are added to the `loopback` interface and babel is
instructed to redistribute addresses from `lo`, so any peer ip is
redistributed and therefore the router is now reachable via these
addresses.

Another option could have been to dynamically add a redistribute filter
for the peer ips before this section:

```
config filter
    option type 'redistribute'
    option local 'true'
    option action 'deny'
```

Sadly it almost impossible to do this in a reasonable manner with uci,
that doesn't involve iterating over all filter options or requiring this
specific section to be always named.

Adding the peer ips to `lo` is also the more conventional way to
configure an address "owned" by a router.

Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
---
 .../fff/fff-babeld/files/etc/config/babeld        |  5 +++++
 .../fff/fff-babeld/files/etc/layer3.d/40-babel    | 15 +++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/src/packages/fff/fff-babeld/files/etc/config/babeld b/src/packages/fff/fff-babeld/files/etc/config/babeld
index a62788a0..e3a7584f 100644
--- a/src/packages/fff/fff-babeld/files/etc/config/babeld
+++ b/src/packages/fff/fff-babeld/files/etc/config/babeld
@@ -22,6 +22,11 @@ config filter
 	option local 'true'
 	option ip 'fd43:5602:29bd::/48'
 
+config filter
+	option type 'redistribute'
+	option local 'true'
+	option interface 'lo'
+
 config filter
 	option type 'redistribute'
 	option local 'true'
diff --git a/src/packages/fff/fff-babeld/files/etc/layer3.d/40-babel b/src/packages/fff/fff-babeld/files/etc/layer3.d/40-babel
index c238cc16..9e7e77e6 100644
--- a/src/packages/fff/fff-babeld/files/etc/layer3.d/40-babel
+++ b/src/packages/fff/fff-babeld/files/etc/layer3.d/40-babel
@@ -90,6 +90,21 @@ configure() {
 	for prefix in $(uci -q get gateway.@client[0].ip6addr); do
 		babel_add_redistribute_filter "$prefix"
 	done
+
+	# clean up old peer ips
+	uci -q del network.loopback.ipaddr
+	uci -q del network.loopback.ip6addr
+
+	# remove netmask entry that ships by default
+	uci -q del network.loopback.netmask
+
+	# re-add loopback addresses
+	uci -q add_list network.loopback.ipaddr="127.0.0.1/8"
+	uci -q add_list network.loopback.ip6addr="::1/128"
+
+	# add peer ips to lo to be redistributed
+	peerip=$(uci -q get gateway.@gateway[0].peer_ip) && uci -q add_list network.loopback.ipaddr="${peerip}/32"
+	peerip6=$(uci -q get gateway.@gateway[0].peer_ip6) && uci -q add_list network.loopback.ip6addr="${peerip6}/128"
 }
 
 apply() {
-- 
2.39.2


From 00a894c21b8aae9d130ba40d413d258b2d9014fc Mon Sep 17 00:00:00 2001
From: Johannes Kimmel <fff@bareminimum.eu>
Date: Wed, 27 Jan 2021 13:06:44 +0100
Subject: [PATCH 2/2] fff-babeld, fff-wiregaurd: don't add peer_ip6 address to
 interfaces

It is not required for the `peer_ip6` to be configured on babel
interfaces. IPv6 link local addresses are sufficient for routing.

However, setting `peer_ip` is still required until IPv4 routing with a
IPv6 nexthop is working. For this, a newer Kernel and support from Babel
is still required.

Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
---
 .../fff/fff-babeld/files/etc/layer3.d/40-babel     |  2 --
 .../fff/fff-babeld/files/lib/functions/fff/babel   | 14 --------------
 .../fff-wireguard/files/etc/layer3.d/50-wireguard  |  1 -
 3 files changed, 17 deletions(-)

diff --git a/src/packages/fff/fff-babeld/files/etc/layer3.d/40-babel b/src/packages/fff/fff-babeld/files/etc/layer3.d/40-babel
index 9e7e77e6..4675e98f 100644
--- a/src/packages/fff/fff-babeld/files/etc/layer3.d/40-babel
+++ b/src/packages/fff/fff-babeld/files/etc/layer3.d/40-babel
@@ -70,9 +70,7 @@ configure() {
 
 		# peer_ip
 		uci -q delete "network.$prefixname.ipaddr"
-		uci -q delete "network.$prefixname.ip6addr"
 		babel_add_peeraddr "network.$prefixname.ipaddr"
-		babel_add_peer6addr "network.$prefixname.ip6addr"
 
 		# add babel interface
 		babel_add_interface "$prefixname" "$iface" "$type" "$rxcost" || { echo "Could not add babeld interface for babelpeer $name"; exit 1; }
diff --git a/src/packages/fff/fff-babeld/files/lib/functions/fff/babel b/src/packages/fff/fff-babeld/files/lib/functions/fff/babel
index 3b2c7dac..46506174 100644
--- a/src/packages/fff/fff-babeld/files/lib/functions/fff/babel
+++ b/src/packages/fff/fff-babeld/files/lib/functions/fff/babel
@@ -47,20 +47,6 @@ babel_add_peeraddr() {
 	return 0
 }
 
-babel_add_peer6addr() {
-	[ "$#" -ne "1" ] && return 1
-
-	local option="$1"
-
-	if peer_ip6=$(uci -q get gateway.@gateway[0].peer_ip6); then
-		uci add_list "$option"="$peer_ip6"
-	else
-		return 1
-	fi
-
-	return 0
-}
-
 babel_add_interface() {
 	[ "$#" -ne "4" ] && return 1
 
diff --git a/src/packages/fff/fff-wireguard/files/etc/layer3.d/50-wireguard b/src/packages/fff/fff-wireguard/files/etc/layer3.d/50-wireguard
index d95d522f..0426452a 100644
--- a/src/packages/fff/fff-wireguard/files/etc/layer3.d/50-wireguard
+++ b/src/packages/fff/fff-wireguard/files/etc/layer3.d/50-wireguard
@@ -120,7 +120,6 @@ configure() {
 
 		# add peer_ip
 		babel_add_peeraddr "network.$prefixname.addresses"
-		babel_add_peer6addr "network.$prefixname.addresses"
 
 		# add iif-rules
 		babel_add_iifrules "$prefixname" || { echo "ERROR: Could not add iif-rules for wgpeer $name"; exit 1; }
-- 
2.39.2