lime-proto-anygw: turn hardcoded aa:aa:aa:aa:aa:aa into anygw_mac=aa:…

…aa:aa:%N1:%N2:aa

In addition, make it configurable in /etc/config/lime
parametrizable with %Nn evidently,
and equal to aa:aa:aa:%N1:%N2:aa by default
Adapt ebtables drop rule to match only the first 3 bytes of the anygw_mac
since now each cloud will have a different anygw_mac
All this is needed to avoid confusing ar71xx ethernet switches
when connecting two different clouds via ethernet cables.

Signed-off-by: Gui Iribarren <gui@altermundi.net>

packages/lime-proto-anygw/src/anygw.lua

@@ -8,12 +8,18 @@ anygw = {}
 
 anygw.configured = false
 
+function anygw.anygw_mac()
+	local anygw_mac = config.get("network", "anygw_mac") or "aa:aa:aa:%N1:%N2:aa"
+	return utils.applyNetTemplate16(anygw_mac)
+end
+
 function anygw.configure(args)
 	if anygw.configured then return end
 	anygw.configured = true
 
 	local ipv4, ipv6 = network.primary_address()
-	local anygw_mac = "aa:aa:aa:aa:aa:aa"
+	local anygw_mac = anygw.anygw_mac()
+	local anygw_mac_mask = "ff:ff:ff:00:00:00" -- bytes 4 & 5 vary depending on %N1 and %N2 by default
 	local anygw_ipv6 = ipv6:minhost()
 	local anygw_ipv4 = ipv4:minhost()
 	anygw_ipv6:prefix(64) -- SLAAC only works with a /64, per RFC
@@ -56,10 +62,10 @@ function anygw.configure(args)
 	fs.writefile(
 		"/etc/firewall.lime.d/20-anygw-ebtables",
 		"\n" ..
-		"ebtables -D FORWARD -j DROP -d " .. anygw_mac .. "\n" ..
-		"ebtables -A FORWARD -j DROP -d " .. anygw_mac .. "\n" ..
-		"ebtables -t nat -D POSTROUTING -o bat0 -j DROP -s " .. anygw_mac .. "\n" ..
-		"ebtables -t nat -A POSTROUTING -o bat0 -j DROP -s " .. anygw_mac .. "\n"
+		"ebtables -D FORWARD -j DROP -d " .. anygw_mac .. "/" .. anygw_mac_mask .. "\n" ..
+		"ebtables -A FORWARD -j DROP -d " .. anygw_mac .. "/" .. anygw_mac_mask .. "\n" ..
+		"ebtables -t nat -D POSTROUTING -o bat0 -j DROP -s " .. anygw_mac .. "/" .. anygw_mac_mask .. "\n" ..
+		"ebtables -t nat -A POSTROUTING -o bat0 -j DROP -s " .. anygw_mac .. "/" .. anygw_mac_mask .. "\n"
 	)
 
 	uci:set("dhcp", "lan", "ignore", "1")

packages/lime-system/files/etc/config/lime-example

@@ -25,6 +25,7 @@ config lime network
 #	option bmx6_over_batman false                                          # Disables Bmx6 meshing on top of batman
 	option main_ipv4_address '10.%N1.0.0/16'                               # Here you have 4 possibilities: set a static IP and the subnet, like '192.0.2.1/16'; parametrize with %Mn and %Nn, and set the subnet, like '192.%N1.%M5.%M6/16'; set a whole network address (so not a specific IP) for getting the IP autocompleted in that network with bits from MAC address, this works also with netmasks other than /24 or /16, like '192.0.128.0/17' (but not valid network addresses, for example '192.0.128.0/16' or '192.0.129.0/17', won't get parametrized); set two different parameters, the first for subnet and the second for IP parametrization, like '192.0.128.0/16/17', this results in /16 subnet but IP parametrized in a /17 range.
 	option main_ipv6_address '2a00:1508:0a%N1:%N200::/64'                  # Parametrizable in the same way as main_ipv4_address. If used, the IP autocompletion will fill maximum the last 24 bits, so specifying an IP autocompletion range bigger than /104 is not useful.
+	option anygw_mac 'aa:aa:aa:%N1:%N2:aa'                                 # Parametrizable with %Nn. Keep in mind that the ebtables rule will use a mask of ff:ff:ff:00:00:00 so br-lan will not forward anything coming in that matches the first 3 bytes of it's own anygw_mac (aa:aa:aa: by default)
 	option bmx6_mtu '1398'                                                 # Set MTU for bmx6 tunnel interfaces
 	list protocols adhoc                                                   # List of protocols configured by LiMe, some of these require the relative package "lime-proto-...". Note that if you set here some protocols, you overwrite the *whole* list of protocols set in /etc/config/lime-defaults
 	list protocols lan