meta-google: gbmc-systemd-config: Enable packet forwarding

This allows gBMCs to route packets, needed for routing packets to the
management netowrk.

Change-Id: I71f59eeb12607aa9c9d64687fb983938d5d69413
Signed-off-by: William A. Kennington III <wak@google.com>

3 files changed, 28 insertions, 13 deletions

diff --git a/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in b/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in
index 4ebe35128..70f14ae59 100644
--- a/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in
+++ b/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in
@@ -24,4 +24,11 @@ table inet filter {
         icmpv6 type nd-neighbor-solicit accept
         icmpv6 type nd-router-advert accept
     }
+    chain ncsi_forward {
+        type filter hook forward priority 0; policy accept;
+        iifname != @NCSI_IF@ accept
+        oifname != gbmcbr drop
+        ip6 daddr fdb5:0481:10ce::/64 drop
+        ip6 saddr fdb5:0481:10ce::/64 drop
+    }
 }
diff --git a/meta-google/recipes-google/systemd/files/40-gbmc-forward.conf b/meta-google/recipes-google/systemd/files/40-gbmc-forward.conf
new file mode 100644
index 000000000..9f8d1eb50
--- /dev/null
+++ b/meta-google/recipes-google/systemd/files/40-gbmc-forward.conf
@@ -0,0 +1,5 @@
+net.ipv4.ip_forward=1
+net.ipv4.conf.default.forwarding=1
+net.ipv4.conf.all.forwarding=1
+net.ipv6.conf.default.forwarding=1
+net.ipv6.conf.all.forwarding=1
diff --git a/meta-google/recipes-google/systemd/gbmc-systemd-config.bb b/meta-google/recipes-google/systemd/gbmc-systemd-config.bb
index 011b62edc..29d81f46a 100644
--- a/meta-google/recipes-google/systemd/gbmc-systemd-config.bb
+++ b/meta-google/recipes-google/systemd/gbmc-systemd-config.bb
@@ -10,11 +10,13 @@ S = "${WORKDIR}"
 SRC_URI_append = " \
   file://firmware-updates.target \
   file://firmware-updates-pre.target \
+  file://40-gbmc-forward.conf \
   "
 
 FILES_${PN}_append = " \
   ${systemd_unitdir}/coredump.conf.d/40-gbmc-coredump.conf \
   ${systemd_unitdir}/resolved.conf.d/40-gbmc-nomdns.conf \
+  ${libdir}/sysctl.d/40-gbmc-forward.conf \
   "
 
 FILES_${PN}_append_dev = " \
@@ -28,22 +30,23 @@ SYSTEMD_SERVICE_${PN}_append = " \
 
 # Put coredumps in the journal to ensure they stay in ram
 do_install() {
-    install -d -m 0755 ${D}${systemd_unitdir}/coredump.conf.d
-    printf "[Coredump]\nStorage=journal\n" \
-        >${D}${systemd_unitdir}/coredump.conf.d/40-gbmc-coredump.conf
+  install -d -m 0755 ${D}${systemd_unitdir}/coredump.conf.d
+  printf "[Coredump]\nStorage=journal\n" \
+    >${D}${systemd_unitdir}/coredump.conf.d/40-gbmc-coredump.conf
 
-    install -d -m 0755 ${D}${systemd_unitdir}/resolved.conf.d
-    printf "[Resolve]\nLLMNR=no\nMulticastDNS=resolve\n" \
-        >${D}${systemd_unitdir}/resolved.conf.d/40-gbmc-nomdns.conf
+  install -d -m 0755 ${D}${systemd_unitdir}/resolved.conf.d
+  printf "[Resolve]\nLLMNR=no\nMulticastDNS=resolve\n" \
+    >${D}${systemd_unitdir}/resolved.conf.d/40-gbmc-nomdns.conf
 
-    install -d -m 0755 ${D}${systemd_system_unitdir}
-    install -m 0644 ${WORKDIR}/firmware-updates.target ${D}${systemd_system_unitdir}/
-    install -m 0644 ${WORKDIR}/firmware-updates-pre.target ${D}${systemd_system_unitdir}/
+  install -d -m 0755 ${D}${systemd_system_unitdir}
+  install -m 0644 ${WORKDIR}/firmware-updates.target ${D}${systemd_system_unitdir}/
+  install -m 0644 ${WORKDIR}/firmware-updates-pre.target ${D}${systemd_system_unitdir}/
+
+  install -d -m0755 ${D}${libdir}/sysctl.d
+  install -m 0644 ${WORKDIR}/40-gbmc-forward.conf ${D}${libdir}/sysctl.d/
 }
 
 do_install_append_dev() {
-    install -d -m 0755 ${D}${libdir}/sysctl.d
-    printf "kernel.sysrq = 1\n" \
-        >${D}${libdir}/sysctl.d/40-gbmc-debug.conf
-
+  printf "kernel.sysrq = 1\n" \
+      >${D}${libdir}/sysctl.d/40-gbmc-debug.conf
 }