diff options
author | dheerajpdsk <p.dheeraj.srujan.kumar@intel.com> | 2022-05-06 02:48:05 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-05-06 02:48:05 +0300 |
commit | ca8d06bc610af08c2d3efc487aa9519989b743e6 (patch) | |
tree | c557da2136640a8ce48439f19fe5f7071faffeca /meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in | |
parent | 7cf0c1cd0ce835d1833509b7b911e8a97380278b (diff) | |
parent | 18f97faa411078b95d042d207f5fff32bc8ece1d (diff) | |
download | openbmc-ca8d06bc610af08c2d3efc487aa9519989b743e6.tar.xz |
Update
Diffstat (limited to 'meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in')
-rw-r--r-- | meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in | 29 |
1 files changed, 1 insertions, 28 deletions
diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in index 7a630f5fe..074ec5785 100644 --- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in @@ -35,45 +35,18 @@ gbmc_ncsi_nft_update() { fi local ip6="$gbmc_ncsi_nft_lastip6" - local pfx= if [ -n "$ip6" ]; then contents+=" ip6 daddr $ip6/128 goto ncsi_legacy_input"$'\n' - - local ip_bytes=() - ip_to_bytes ip_bytes "$ip6" - # If our address has enough spare bits for appending the BMC suffix - # then we add a rule that allows the BMC subnet. That is, we need a /64 - # as input. - local i - for (( i = 8; i < 16; i++ )); do - if (( ip_bytes[$i] != 0 )); then - ip_bytes=() - break - fi - done - if (( ${#ip_bytes[@]} != 0 )); then - ip_bytes[8]=0xfd - pfx="$(ip_bytes_to_str ip_bytes)" - contents+=" ip6 saddr != $pfx/76 ip6 daddr" - contents+=" $pfx/76 goto ncsi_gbmc_br_pub_input"$'\n' - fi fi contents+=' }'$'\n' - contents+=' chain ncsi_forward {'$'\n' - if [ -n "$pfx" ]; then - contents+=" ip6 saddr != $pfx/76 ip6 daddr $pfx/76 accept"$'\n' - fi - contents+=' }'$'\n' contents+='}'$'\n' local rfile=/run/nftables/40-gbmc-ncsi-in.rules mkdir -p -m 755 "$(dirname "$rfile")" printf '%s' "$contents" >"$rfile" - echo 'Restarting nftables' >&2 - systemctl reset-failed nftables - systemctl --no-block restart nftables + systemctl reset-failed nftables && systemctl --no-block reload-or-restart nftables || true } gbmc_ncsi_nft_hook() { |