diff options
Diffstat (limited to 'meta-google/recipes-google')
7 files changed, 68 insertions, 0 deletions
diff --git a/meta-google/recipes-google/ncsi/files/-bmc-gbmcbrncsidhcp.netdev b/meta-google/recipes-google/ncsi/files/-bmc-gbmcbrncsidhcp.netdev new file mode 100644 index 000000000..58f13bd46 --- /dev/null +++ b/meta-google/recipes-google/ncsi/files/-bmc-gbmcbrncsidhcp.netdev @@ -0,0 +1,5 @@ +[NetDev] +Name=gbmcbrncsidhcp +Kind=veth +[Peer] +Name=gbmcncsidhcp diff --git a/meta-google/recipes-google/ncsi/files/-bmc-gbmcbrncsidhcp.network b/meta-google/recipes-google/ncsi/files/-bmc-gbmcbrncsidhcp.network new file mode 100644 index 000000000..5474bffab --- /dev/null +++ b/meta-google/recipes-google/ncsi/files/-bmc-gbmcbrncsidhcp.network @@ -0,0 +1,4 @@ +[Match] +Name=gbmcbrncsidhcp +[Network] +Bridge=gbmcbr diff --git a/meta-google/recipes-google/ncsi/files/-bmc-gbmcncsidhcp.netdev b/meta-google/recipes-google/ncsi/files/-bmc-gbmcncsidhcp.netdev new file mode 100644 index 000000000..08235aac0 --- /dev/null +++ b/meta-google/recipes-google/ncsi/files/-bmc-gbmcncsidhcp.netdev @@ -0,0 +1,5 @@ +[NetDev] +Name=gbmcncsidhcp +Kind=veth +[Peer] +Name=gbmcbrncsidhcp diff --git a/meta-google/recipes-google/ncsi/files/-bmc-gbmcncsidhcp.network b/meta-google/recipes-google/ncsi/files/-bmc-gbmcncsidhcp.network new file mode 100644 index 000000000..868d24b7e --- /dev/null +++ b/meta-google/recipes-google/ncsi/files/-bmc-gbmcncsidhcp.network @@ -0,0 +1,9 @@ +[Match] +Name=gbmcncsidhcp +[Network] +DHCP=false +IPv6AcceptRA=false +LLMNR=false +MulticastDNS=false +LinkLocalAddressing=ipv6 +Address=fdb5:0481:10ce::1/64 diff --git a/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in b/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in index 938dca34b..f71272010 100644 --- a/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in +++ b/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in @@ -31,4 +31,10 @@ table inet filter { ip6 daddr fdb5:0481:10ce::/64 drop ip6 saddr fdb5:0481:10ce::/64 drop } + chain ncsi_dhcp_input { + type filter hook input priority 0; policy drop; + iifname != ncsigbmc accept + ip6 nexthdr icmpv6 accept + udp dport 547 accept + } } diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-dhcrelay.service.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-dhcrelay.service.in new file mode 100644 index 000000000..5e0345542 --- /dev/null +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-dhcrelay.service.in @@ -0,0 +1,13 @@ +[Unit] +Description=gBMC DHCP Relay Agent Daemon +After=network.target +StartLimitIntervalSec=10 +StartLimitBurst=3 + +[Service] +Restart=always +RestartSec=5 +ExecStart=/usr/sbin/dhcrelay -d --no-pid -rp 3967 -l gbmcncsidhcp -u @NCSI_IF@ + +[Install] +WantedBy=multi-user.target diff --git a/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb b/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb index 6480be1da..0302ed836 100644 --- a/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb +++ b/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb @@ -6,7 +6,12 @@ LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5 inherit systemd SRC_URI += " \ + file://-bmc-gbmcbrncsidhcp.netdev \ + file://-bmc-gbmcbrncsidhcp.network \ + file://-bmc-gbmcncsidhcp.netdev \ + file://-bmc-gbmcncsidhcp.network \ file://50-gbmc-ncsi.rules.in \ + file://gbmc-ncsi-dhcrelay.service.in \ file://gbmc-ncsi-sslh.socket.in \ file://gbmc-ncsi-sslh.service \ file://gbmc-ncsi-nft.sh.in \ @@ -17,6 +22,7 @@ SRC_URI += " \ S = "${WORKDIR}" RDEPENDS:${PN} += " \ + dhcp-relay \ gbmc-ip-monitor \ ncsid \ nftables-systemd \ @@ -29,6 +35,7 @@ FILES:${PN} += " \ " SYSTEMD_SERVICE:${PN} += " \ + gbmc-ncsi-dhcrelay.service \ gbmc-ncsi-sslh.service \ gbmc-ncsi-sslh.socket \ gbmc-ncsi-set-nicenabled.service \ @@ -47,6 +54,16 @@ do_install:append() { echo "net.ipv6.conf.$if_name.dad_transmits=0" \ >>${D}${sysconfdir}/sysctl.d/25-gbmc-ncsi.conf + install -d -m0755 ${D}${systemd_unitdir}/network + install -m0644 ${WORKDIR}/-bmc-gbmcbrncsidhcp.netdev \ + ${D}${systemd_unitdir}/network/ + install -m0644 ${WORKDIR}/-bmc-gbmcbrncsidhcp.network \ + ${D}${systemd_unitdir}/network/ + install -m0644 ${WORKDIR}/-bmc-gbmcncsidhcp.netdev \ + ${D}${systemd_unitdir}/network/ + install -m0644 ${WORKDIR}/-bmc-gbmcncsidhcp.network \ + ${D}${systemd_unitdir}/network/ + netdir=${D}${systemd_unitdir}/network/00-bmc-$if_name.network.d install -d -m0755 "$netdir" echo '[Network]' >>"$netdir"/gbmc-ncsi.conf @@ -80,4 +97,13 @@ do_install:append() { sed "s,@NCSI_IF@,$if_name,g" ${WORKDIR}/gbmc-ncsi-set-nicenabled.service.in \ >${D}${systemd_system_unitdir}/gbmc-ncsi-set-nicenabled.service + + sed "s,@NCSI_IF@,$if_name,g" ${WORKDIR}/gbmc-ncsi-dhcrelay.service.in \ + >${D}${systemd_system_unitdir}/gbmc-ncsi-dhcrelay.service +} + +do_rm_work:prepend() { + # HACK: Work around broken do_rm_work not properly calling rm with `--` + # It doesn't like filenames that start with `-` + rm -rf -- ${WORKDIR}/-* } |