summaryrefslogtreecommitdiff
path: root/meta-google/recipes-google/nftables
AgeCommit message (Collapse)AuthorFilesLines
2021-12-16meta-google: nftables: Make rule loading atomicWilliam A. Kennington III2-5/+10
This ensures that all of the rules are processed and unexpected packets are not allowed or blocked by the kernel at any time. Change-Id: Ia7bb1d7f604f8ed1bd9759a23e370d20cb0c690d Signed-off-by: William A. Kennington III <wak@google.com>
2021-08-07meta-google: Cleanup for Yocto override syntax changeWilly Tu1-2/+2
``` convert-overrides.py meta-google git grep "_[a-z0-9_/-]*[ :]" -- meta-google | grep ".bb" git grep -l _gbmc -- meta-google | grep ".bb" \ | xargs sed -i 's/_gbmc/:gbmc/' git grep -l _prod -- meta-google | grep ".bb" \ | xargs sed -i 's/_prod/:prod/' git grep -l _dev -- meta-google | grep ".bb" \ | xargs sed -i 's/_dev/:dev/' git grep -l _hoth -- meta-google | grep ".bb" \ | xargs sed -i 's/_hoth/:hoth/' git grep -l _bandaid -- meta-google | grep ".bb" \ | xargs sed -i 's/_bandaid/:bandaid/' ``` Some small fix includes ``` platforms_gbmc_bringup platforms_gbmc_secure ``` Tested: ``` $ git grep "_[a-z0-9_/-]*[ :]" -- meta-google | grep ".bb" meta-google/recipes-connectivity/avahi/avahi_%.bbappend:do_install:append:gbmc() { meta-google/recipes-core/dropbear/dropbear_%.bbappend:do_install:append:gbmc:dev() { meta-google/recipes-core/dropbear/dropbear_%.bbappend: echo ' chain gbmc_br_pub_input {' >>"$rules" meta-google/recipes-extended/libconfig/conf2struct-native_git.bb: oe_runmake checker meta-google/recipes-extended/libconfig/conf2struct-native_git.bb: oe_runmake install meta-google/recipes-extended/networking/mstpd_git.bb:do_install:append() { meta-google/recipes-extended/networking/sslh_git.bb: oe_runmake distclean meta-google/recipes-extended/networking/sslh_git.bb: oe_runmake sslh-conf.h meta-google/recipes-extended/networking/sslh_git.bb: oe_runmake install meta-google/recipes-google/ipmi/ipmi-fru-sh.bb:do_install:append() { meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb:do_install:append() { meta-google/recipes-google/networking/gbmc-bridge.bb:do_rm_work:prepend() { meta-google/recipes-google/networking/gbmc-bridge.bb: # HACK: Work around broken do_rm_work not properly calling rm with `--` meta-google/recipes-google/networking/gbmc-ip-monitor.bb:do_install:append() { meta-google/recipes-google/networking/gbmc-iperf3.bb:do_install:append:dev() { meta-google/recipes-google/networking/gbmc-iperf3.bb: echo ' chain gbmc_br_pub_input {' >>"$rules" meta-google/recipes-google/networking/gbmc-mac-config.bb:do_install:append() { meta-google/recipes-google/networking/network-sh.bb:do_install:append() { meta-google/recipes-google/ssh/authorized-keys-comp.bb:SUMMARY = "Compiles a set of authorized_keys files into a single file" meta-google/recipes-google/ssh/authorized-keys-comp.bb:do_install:append() { meta-google/recipes-google/systemd/gbmc-systemd-config.bb:do_install:append:dev() { meta-google/recipes-google/test/test-sh.bb:do_install:append() { meta-google/recipes-phosphor/flash/inplace-gbmc-update.bb:do_install:prepend:dev() { meta-google/recipes-phosphor/host/phosphor-host-postd_%.bbappend:do_install:append:gbmc:dev() { meta-google/recipes-phosphor/initrdscripts/obmc-phosphor-initfs.bbappend:do_install:append:gbmc:dev() { meta-google/recipes-phosphor/initrdscripts/obmc-phosphor-initfs.bbappend:do_install:append:gbmc:prod() { meta-google/recipes-phosphor/ipmi/phosphor-ipmi-config.bbappend:do_install:append:gbmc() { meta-google/recipes-phosphor/ipmi/phosphor-ipmi-config.bbappend: overlapping="$(jq '."${GBMCBR_IPMI_CHANNEL}" | .is_valid and .name != "gbmcbr"' $chjson)" ``` Change-Id: I9d610c664bd44e8bd81fb8f7e76249a0b43b9ffd Signed-off-by: Willy Tu <wltu@google.com>
2021-03-24meta-google: nftables-systemd: Flush at startWilliam A. Kennington III2-1/+2
We don't want errors in loading previous rules to affect the state of the ruleset during restart. Change-Id: Ic122e971670d56022029f1155c1accdf129672d0 Signed-off-by: William A. Kennington III <wak@google.com>
2021-03-09meta-google: nftables-systemd: Parse rules in a useful orderWilliam A. Kennington III3-4/+27
We want to make sure rules get parsed in a sensible order, following a sorting order similar to systemd units. Change-Id: Ica06c953dba793d89d50c6b4cfc8e8a2eb1f58de Signed-off-by: William A. Kennington III <wak@google.com>
2021-03-09meta-google: nftables-systemd: Add missing RDEPENDSWilliam A. Kennington III1-0/+5
Change-Id: I4700ccc2d96385f9c7113e402ca9e1c9f788f399 Signed-off-by: William A. Kennington III <wak@google.com>
2021-02-17meta-google: nftables-systemd: Fix for missing rulesWilliam A. Kennington III1-1/+1
We need nftables-systemd to execute correctly even if the machine has no rules installed. Change-Id: I20d58b721381a2829eaa2baedd5d79e8e0a10fd0 Signed-off-by: William A. Kennington III <wak@google.com>
2021-02-17meta-google: recipes-google: nftables: Import from gBMCWilly Tu2-0/+28
Initial recipes-google/nftables code from gBMC. Google-Bug-Id: 179618498 Upstream: 8ac594bdf054082ca6dbe35c4345759fe4c31669 Signed-off-by: Willy Tu <wltu@google.com> Change-Id: Ic768cd1ffeec5831063c9a0f5cdbc8fdcd36a862
generated by cgit v1.2.3 (git 2.39.0) at 2024-06-28 23:55:08 +0300