diff options
author | William A. Kennington III <wak@google.com> | 2021-11-05 11:31:59 +0300 |
---|---|---|
committer | William A. Kennington III <wak@google.com> | 2021-12-04 04:09:21 +0300 |
commit | 21e7e45b77e026689b72f182aca4ba2ffd5e0a36 (patch) | |
tree | 8d77b2468c741a22404a97528dda914338593ff5 /meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in | |
parent | eefb1dde08064d8400a9107500dde5d26ebad63b (diff) | |
download | openbmc-21e7e45b77e026689b72f182aca4ba2ffd5e0a36.tar.xz |
meta-google: gbmc-bridge: Provision NCSI deprecated addresses
This scans the gbmcbr interface for public addresses, and adds the
relevant addresses to the NCSI interface of the BMC. This is required
for neighbor discovery to work from prod over the NCSI link, when the
addresses do not already exist (BMC DHCP will not have them).
Change-Id: I27ff0cd3c4750b752b35399b8a0288db5ac9fe28
Signed-off-by: William A. Kennington III <wak@google.com>
Diffstat (limited to 'meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in')
-rw-r--r-- | meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in | 25 |
1 files changed, 0 insertions, 25 deletions
diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in index 7a630f5fe..30b2b65e4 100644 --- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in @@ -35,36 +35,11 @@ gbmc_ncsi_nft_update() { fi local ip6="$gbmc_ncsi_nft_lastip6" - local pfx= if [ -n "$ip6" ]; then contents+=" ip6 daddr $ip6/128 goto ncsi_legacy_input"$'\n' - - local ip_bytes=() - ip_to_bytes ip_bytes "$ip6" - # If our address has enough spare bits for appending the BMC suffix - # then we add a rule that allows the BMC subnet. That is, we need a /64 - # as input. - local i - for (( i = 8; i < 16; i++ )); do - if (( ip_bytes[$i] != 0 )); then - ip_bytes=() - break - fi - done - if (( ${#ip_bytes[@]} != 0 )); then - ip_bytes[8]=0xfd - pfx="$(ip_bytes_to_str ip_bytes)" - contents+=" ip6 saddr != $pfx/76 ip6 daddr" - contents+=" $pfx/76 goto ncsi_gbmc_br_pub_input"$'\n' - fi fi contents+=' }'$'\n' - contents+=' chain ncsi_forward {'$'\n' - if [ -n "$pfx" ]; then - contents+=" ip6 saddr != $pfx/76 ip6 daddr $pfx/76 accept"$'\n' - fi - contents+=' }'$'\n' contents+='}'$'\n' local rfile=/run/nftables/40-gbmc-ncsi-in.rules |