From 0104373444013d879c62a1a37b333c6d76ff3dde Mon Sep 17 00:00:00 2001
From: Johannes Kimmel <fff@bareminimum.eu>
Date: Sun, 28 Nov 2021 16:18:41 +0100
Subject: [PATCH] fff-layer3-config: add rules for router_ip

This forces routes for packets originating from a router_ip to be looked
up in the fff table.  If the router_ips don't happen to be included in
the client network's subnet, the decision defaults to a main table
lookup.  This causes packets to choose the wrong interface.

This patch forces packets from a router_ip to be routed via the fff table.

Fixes #175

Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
---
 .../files/etc/layer3.d/30-network-routerip    | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/src/packages/fff/fff-layer3-config/files/etc/layer3.d/30-network-routerip b/src/packages/fff/fff-layer3-config/files/etc/layer3.d/30-network-routerip
index 32412bf..8dab753 100644
--- a/src/packages/fff/fff-layer3-config/files/etc/layer3.d/30-network-routerip
+++ b/src/packages/fff/fff-layer3-config/files/etc/layer3.d/30-network-routerip
@@ -1,3 +1,5 @@
+. /lib/functions.sh
+
 configure() {
 	local router_ip
 	local router_ip6
@@ -9,16 +11,46 @@ configure() {
 	# remove netmask entry that ships by default
 	uci -q del network.loopback.netmask
 
+	# clean old rules
+	remove_rules() {
+		local name="$1"
+
+		# check if filter was added by this script
+		if ! [ "$(uci -q get network.$name.addedbyautoconfig)" = '30-network-routerip' ]; then
+			return
+		fi
+
+		uci -q del network.$name
+	}
+
+	config_load network
+	config_foreach remove_rules rule
+	config_foreach remove_rules rule6
+
 	# add router_ip
 	router_ip=$(uci -q get gateway.meta.router_ip)
 	for ip in $router_ip; do
 		uci -q add_list network.loopback.ipaddr="$ip"
+
+		config=$(uci add network rule)
+		uci -q set network.$config.src="$ip"
+		uci -q set network.$config.lookup='fff'
+		# default prio for the ip4table interface option is 10000
+		uci -q set network.$config.priority='10000'
+		uci -q set network.$config.addedbyautoconfig='30-network-routerip'
 	done
 
 	# add router_ip6
 	router_ip6=$(uci -q get gateway.meta.router_ip6)
 	for ip in $router_ip6; do
 		uci -q add_list network.loopback.ip6addr="$ip"
+
+		config=$(uci add network rule6)
+		uci -q set network.$config.src="$ip"
+		uci -q set network.$config.lookup='fff'
+		# default prio for the ip6table interface option is 10000
+		uci -q set network.$config.priority='10000'
+		uci -q set network.$config.addedbyautoconfig='30-network-routerip'
 	done
 }