diff options
| author | William A. Kennington III <wak@google.com> | 2021-11-05 08:57:43 +0300 |
|---|---|---|
| committer | William A. Kennington III <wak@google.com> | 2021-11-06 02:40:16 +0300 |
| commit | a22b4458fe6d64b5dcd60e00acaa0ff083f6f056 (patch) | |
| tree | 5fd005c626d3ac57ff93ebd2cb01ee6b143ab7ab /meta-google | |
| parent | 60a33d67f938e70844e06faaf33baf3ee06e1728 (diff) | |
| download | openbmc-a22b4458fe6d64b5dcd60e00acaa0ff083f6f056.tar.xz | |
meta-google: gbmc-bridge: Restrict network from /72 to /76
We can have multiple gBMC networks within one "machine". This allows us
to have multiple address sets.
Change-Id: I5b18b7822f50bb0570e1aa5a70ac47036694d922
Signed-off-by: William A. Kennington III <wak@google.com>
Diffstat (limited to 'meta-google')
3 files changed, 6 insertions, 6 deletions
diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in index 961da5095..b04f2aa8f 100644 --- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in @@ -56,7 +56,7 @@ ValidLifetimeSec=60 Route=$ncsi_pfx/80 LifetimeSec=60 [Route] -Destination=$stateless_pfx/72 +Destination=$stateless_pfx/76 Type=unreachable Metric=1024 EOF diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in index d07b9e2f0..fc8e8198a 100644 --- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in @@ -54,15 +54,15 @@ gbmc_ncsi_nft_update() { if (( ${#ip_bytes[@]} != 0 )); then ip_bytes[8]=0xfd pfx="$(ip_bytes_to_str ip_bytes)" - contents+=" ip6 saddr != $pfx/72 ip6 daddr" - contents+=" $pfx/72 goto ncsi_gbmc_br_pub_input"$'\n' + contents+=" ip6 saddr != $pfx/76 ip6 daddr" + contents+=" $pfx/76 goto ncsi_gbmc_br_pub_input"$'\n' fi fi contents+=' }'$'\n' contents+=' chain ncsi_forward {'$'\n' if [ -n "$pfx" ]; then - contents+=" ip6 saddr != $pfx/72 ip6 daddr $pfx/72 accept"$'\n' + contents+=" ip6 saddr != $pfx/76 ip6 daddr $pfx/76 accept"$'\n' fi contents+=' }'$'\n' contents+='}'$'\n' diff --git a/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh b/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh index 19b8f64a1..980f7b6d6 100644 --- a/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh +++ b/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh @@ -48,7 +48,7 @@ gbmc_br_nft_hook() { gbmc_br_nft_update # Match only global IP addresses on the bridge that match the BMC prefix # (<mpfx>:fdxx:). So 2002:af4:3480:2248:fd02:6345:3069:9186 would become - # a 2002:af4:3480:2248:fd00/72 rule. + # a 2002:af4:3480:2248:fd00/76 rule. elif [ "$change" = 'addr' -a "$intf" = 'gbmcbr' -a "$scope" = 'global' ] && [[ "$fam" == 'inet6' && "$flags" != *tentative* ]]; then local ip_bytes=() @@ -63,7 +63,7 @@ gbmc_br_nft_hook() { for (( i=9; i<16; i++ )); do ip_bytes[$i]=0 done - pfx="$(ip_bytes_to_str ip_bytes)/72" + pfx="$(ip_bytes_to_str ip_bytes)/76" if [ "$action" = "add" -a "$pfx" != "$gbmc_br_nft_pfx" ]; then gbmc_br_nft_pfx="$pfx" gbmc_br_nft_update |