diff options
author | William A. Kennington III <wak@google.com> | 2021-03-11 06:24:22 +0300 |
---|---|---|
committer | William A. Kennington III <wak@google.com> | 2021-05-07 04:09:53 +0300 |
commit | 5ba6d08d7f49d26ae466f6d826ed1d849972ad59 (patch) | |
tree | 56fbb156b19d25ed97437a4bf79101548a298bb5 | |
parent | e99168aab003bd20a901f40e15823af6637a4abd (diff) | |
download | openbmc-5ba6d08d7f49d26ae466f6d826ed1d849972ad59.tar.xz |
meta-google: gbmc-systemd-config: Enable packet forwarding
This allows gBMCs to route packets, needed for routing packets to the
management netowrk.
Change-Id: I71f59eeb12607aa9c9d64687fb983938d5d69413
Signed-off-by: William A. Kennington III <wak@google.com>
3 files changed, 28 insertions, 13 deletions
diff --git a/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in b/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in index 4ebe35128..70f14ae59 100644 --- a/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in +++ b/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in @@ -24,4 +24,11 @@ table inet filter { icmpv6 type nd-neighbor-solicit accept icmpv6 type nd-router-advert accept } + chain ncsi_forward { + type filter hook forward priority 0; policy accept; + iifname != @NCSI_IF@ accept + oifname != gbmcbr drop + ip6 daddr fdb5:0481:10ce::/64 drop + ip6 saddr fdb5:0481:10ce::/64 drop + } } diff --git a/meta-google/recipes-google/systemd/files/40-gbmc-forward.conf b/meta-google/recipes-google/systemd/files/40-gbmc-forward.conf new file mode 100644 index 000000000..9f8d1eb50 --- /dev/null +++ b/meta-google/recipes-google/systemd/files/40-gbmc-forward.conf @@ -0,0 +1,5 @@ +net.ipv4.ip_forward=1 +net.ipv4.conf.default.forwarding=1 +net.ipv4.conf.all.forwarding=1 +net.ipv6.conf.default.forwarding=1 +net.ipv6.conf.all.forwarding=1 diff --git a/meta-google/recipes-google/systemd/gbmc-systemd-config.bb b/meta-google/recipes-google/systemd/gbmc-systemd-config.bb index 011b62edc..29d81f46a 100644 --- a/meta-google/recipes-google/systemd/gbmc-systemd-config.bb +++ b/meta-google/recipes-google/systemd/gbmc-systemd-config.bb @@ -10,11 +10,13 @@ S = "${WORKDIR}" SRC_URI_append = " \ file://firmware-updates.target \ file://firmware-updates-pre.target \ + file://40-gbmc-forward.conf \ " FILES_${PN}_append = " \ ${systemd_unitdir}/coredump.conf.d/40-gbmc-coredump.conf \ ${systemd_unitdir}/resolved.conf.d/40-gbmc-nomdns.conf \ + ${libdir}/sysctl.d/40-gbmc-forward.conf \ " FILES_${PN}_append_dev = " \ @@ -28,22 +30,23 @@ SYSTEMD_SERVICE_${PN}_append = " \ # Put coredumps in the journal to ensure they stay in ram do_install() { - install -d -m 0755 ${D}${systemd_unitdir}/coredump.conf.d - printf "[Coredump]\nStorage=journal\n" \ - >${D}${systemd_unitdir}/coredump.conf.d/40-gbmc-coredump.conf + install -d -m 0755 ${D}${systemd_unitdir}/coredump.conf.d + printf "[Coredump]\nStorage=journal\n" \ + >${D}${systemd_unitdir}/coredump.conf.d/40-gbmc-coredump.conf - install -d -m 0755 ${D}${systemd_unitdir}/resolved.conf.d - printf "[Resolve]\nLLMNR=no\nMulticastDNS=resolve\n" \ - >${D}${systemd_unitdir}/resolved.conf.d/40-gbmc-nomdns.conf + install -d -m 0755 ${D}${systemd_unitdir}/resolved.conf.d + printf "[Resolve]\nLLMNR=no\nMulticastDNS=resolve\n" \ + >${D}${systemd_unitdir}/resolved.conf.d/40-gbmc-nomdns.conf - install -d -m 0755 ${D}${systemd_system_unitdir} - install -m 0644 ${WORKDIR}/firmware-updates.target ${D}${systemd_system_unitdir}/ - install -m 0644 ${WORKDIR}/firmware-updates-pre.target ${D}${systemd_system_unitdir}/ + install -d -m 0755 ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/firmware-updates.target ${D}${systemd_system_unitdir}/ + install -m 0644 ${WORKDIR}/firmware-updates-pre.target ${D}${systemd_system_unitdir}/ + + install -d -m0755 ${D}${libdir}/sysctl.d + install -m 0644 ${WORKDIR}/40-gbmc-forward.conf ${D}${libdir}/sysctl.d/ } do_install_append_dev() { - install -d -m 0755 ${D}${libdir}/sysctl.d - printf "kernel.sysrq = 1\n" \ - >${D}${libdir}/sysctl.d/40-gbmc-debug.conf - + printf "kernel.sysrq = 1\n" \ + >${D}${libdir}/sysctl.d/40-gbmc-debug.conf } |