Age | Commit message (Collapse) | Author | Files | Lines |
|
This ensures that all of the rules are processed and unexpected packets
are not allowed or blocked by the kernel at any time.
Change-Id: Ia7bb1d7f604f8ed1bd9759a23e370d20cb0c690d
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
The receipt of the RA is indicative of a non-NCSI configuration so we
can shut down the daemon in this instance.
Change-Id: Iff958be408cff853973bd335f2459cd3d9bca0e0
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
The nft rules were not deleted in cases where the public addresses are
removed from the gbmc-br interface. This would create broken rules.
Change-Id: I22a88f1fb15ccbea49e586061ea8e93bbbfb1bc1
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
We were missing this address but we want neighbor discovery from outside
the BMC to work against this range.
Change-Id: I6ef139486f382df21596c460626bfe2f692c7236
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
We use functions from the network-sh library and need to include it.
Change-Id: I7f78b7dd37c4e5d38342c4625c26c4b583133bf5
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
This ensures they are run prior to running other DHCP configuration
logic.
Change-Id: I0180414bbc291ea49e548a312cd2b713344613e1
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
This makes it possible for a BMC to acquire a public address via DHCP
provisioning.
None of the update processes are included yet.
Change-Id: I51ca2aa4859bcd2b9e909dd5a0d9e66cfbd648af
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
This scans the gbmcbr interface for public addresses, and adds the
relevant addresses to the NCSI interface of the BMC. This is required
for neighbor discovery to work from prod over the NCSI link, when the
addresses do not already exist (BMC DHCP will not have them).
Change-Id: I27ff0cd3c4750b752b35399b8a0288db5ac9fe28
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Reconfiguring network interfaces immediately after detecting changes may
not allow them enough time to settle. Without waiting, we might
pre-emptively assume the configuration is changing even though networkd
is just flushing and resetting the interface with the same config.
Change-Id: I6a6858578d0499305fe2a3d3592dc73533bb02f1
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
We plan to use deprecated addresses to allow for neighbor discovery, but
they will be ignored by networkd and this script as to prevent
misconfiguration.
Change-Id: Ibc0bee71c19add79f05b5ce58b34d3175e2f6fbd
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Currently this will make no difference in configuration, but it will be
useful once we implement our DHCP process and need to contend with
multiple configurations.
Change-Id: Ia93530e67cdb88fcbe90ef2b6dfbd5a239469ff7
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
We can have multiple gBMC networks within one "machine". This allows us
to have multiple address sets.
Change-Id: I5b18b7822f50bb0570e1aa5a70ac47036694d922
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
This make it possible for the hostname or IP information to change
independently, in case a mistake is made in a development environment
and just the hostname or just the prefix need to be updated.
Change-Id: I66169dc6cdee681f77bad4b8638dc6a2c72fca5f
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
We need the hostname to be properly configured in order to login with
GLOME. This derives the hostname from the FQDN that is passed via the
DNS list in the RA messages from the smart NIC.
Change-Id: I4e7a414b6b75bfb227df5763917e9e5d09579d7d
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Our end2end DHCP solution is not yet working, but we need a way to
derive addresses for a BMC from the smart NIC in front of it. This
provides a mechanism for detecting the address from RA beacons the NIC
is sending.
Change-Id: I0cdc8c192974c0b00257ebe58e911e62636e4c81
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
We may have multiple BMCs running on the internal gbmcbr network via USB
links to attached trays. These BMCs do not have a direct connection to
the network, and require the NCSI BMC to relay all of their traffic
(including DHCP) out opf the machine. This patch enables dhcrelay to run
on the NCSI interface and proxy all DHCP traffic from the bridge out of
the machine.
Change-Id: I60f97ae2d64289c7b706b3d0a6c8fb79a931e485
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
The `pfx` variable was not correctly being initialized
Change-Id: Iafc0a2ca8dbfe943a9bc8c1649ae68fb00d267a1
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Sometimes the phosphor-networkd starts before systemd-networkd finishes
configuring NCSI interface. This causes phosphor-networkd to mark this
interface as unmanaged.
Setting NICEnabled property to true will ensure the interface is
enabled. If this service starts before systemd-networkd is done, the
set-property command will fail. So retry till the command succeeds.
Signed-off-by: Vivekanand Veeracholan <vveerach@google.com>
Change-Id: I232d363cff48bbf955ac0f1f9a6dac7ae5467257
|
|
We don't want traffic being routed back out of the BMC when it is
destined for the BMC network. It's nice that unrecognized routes return
an obvious unreachable error to the end user.
Change-Id: If261faf7b8f2416ee9a802f85db17ed62946625d
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
We only want to allow <pfx>::fd... traffic info the machine area network
from the outside world. Instead of just blocking internal network
addresses from the outside, explicitly look at the prefix.
Change-Id: Id0afef7c813aef381e81b8fcfb570778f529f5dc
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Change-Id: I455ab70094cfdc79b38097a838051f51b3c852da
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
The other workarounds to try and restart networkd tend to result in
flaky behavior. We get much more consistent and fast reconfigurations if
we target the bridge directly.
Change-Id: I3222eba4a2d2b71e3893f93643f412e5238ee60e
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
This allows gBMCs to route packets, needed for routing packets to the
management netowrk.
Change-Id: I71f59eeb12607aa9c9d64687fb983938d5d69413
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
This dynamically detects addresses applied to the NC-SI interface and
infers the addreses which should be used explicitly by BMCs.
Change-Id: I9036be0a54936aace580746cd1900ee653f43cfd
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Break down packets by their incoming address and ensure that we don't
allow packets to unintended destinations. Right now this is effectively
a no-op, but it will be necessary for BMC public addressing.
Change-Id: I39c16c3b9cd4c293df42b928674e39677d7834e9
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
The name of the unit files got updated, but the internal references did
not.
Change-Id: I772e5755ba45cc7f4b4fdd2469286f08032c0f9d
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Logically these packages belong together and don't make much sense
without each other. Combine them to reduce package complexity for users.
Change-Id: I3d3998f8d10cacbd01f6d883b0033a3260ff60df
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Make it clear this is a gbmc style configuration, similar to
gbmc-systemd-config or gbmc-iperf3.
Change-Id: Icd9a2f45f5b399ecb3f8ab1a63d1f0344342ab3a
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
The license was mistakenly set to closed and it was missing an included
rules file.
Google-Bug-Id: 179618497
Change-Id: I8b9b01f7b53f03e6caa079de36e096db1a875955
Signed-off-by: William A. Kennington III <wak@google.com>
|