All routers answering to anygw IP when connected via LAN-LAN

[ilario]

I first reported this issue here (first spotted by @pedro-nonfree) #1007 (comment) but @pony1k correctly identified that the issues are idependent.

What happens is that when one use the anygw IP (e.g. connecting to thisnode.info) gets answers from both routers, if they are connected in this way:

Laptop-ethernet port____lan1-router1-lan2____lan1-router2

This was observed using DSA-supported routers (PlasmaCloud PA1200 with both ports configured as LAN; Xiaomi MiRouter 4A gigabit edition) using OpenWrt 22.03 branch.

Seems that this should be avoided by these rules:

lime-packages/packages/lime-proto-anygw/files/etc/init.d/lime-anygw-ebtables

Lines 9 to 10 in 8aa007e

	RULE_DO_NOT_FORWARD_ANYGW_1="FORWARD -j DROP -d $ANYGW_MACS"
	RULE_DO_NOT_FORWARD_ANYGW_2="POSTROUTING -t nat -o bat0 -j DROP -s $ANYGW_MACS"

[G10h4ck]

In case of non-DSA hardware switches, those rules does not even see the packets because they are switched directly by the switching chip without pushing them to the CPU and then to the kernel.

In case of DSA hardware switch it probably depends on the implementation, reading a bunch of kernel and driver code should help deciphering this.

[G10h4ck]

anyway one should not use AnyGW IP for SSH or similar things, having the lime-app responding on that IP is already an usability compromise

[LaneaLucy]

Shouldn't there be ground routing set, if you connect 2 lime systems over cable, which by default uses different vlans, which again solves the problem, that the CPU don't see the packets?

[G10h4ck]

Shouldn't there be ground routing set, if you connect 2 lime systems over cable, which by default uses different vlans, which again solves the problem, that the CPU don't see the packets?

That is a possibility but it doesn't happen automatically