From a22b4458fe6d64b5dcd60e00acaa0ff083f6f056 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Thu, 4 Nov 2021 22:57:43 -0700 Subject: meta-google: gbmc-bridge: Restrict network from /72 to /76 We can have multiple gBMC networks within one "machine". This allows us to have multiple address sets. Change-Id: I5b18b7822f50bb0570e1aa5a70ac47036694d922 Signed-off-by: William A. Kennington III --- meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in') diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in index d07b9e2f0..fc8e8198a 100644 --- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in @@ -54,15 +54,15 @@ gbmc_ncsi_nft_update() { if (( ${#ip_bytes[@]} != 0 )); then ip_bytes[8]=0xfd pfx="$(ip_bytes_to_str ip_bytes)" - contents+=" ip6 saddr != $pfx/72 ip6 daddr" - contents+=" $pfx/72 goto ncsi_gbmc_br_pub_input"$'\n' + contents+=" ip6 saddr != $pfx/76 ip6 daddr" + contents+=" $pfx/76 goto ncsi_gbmc_br_pub_input"$'\n' fi fi contents+=' }'$'\n' contents+=' chain ncsi_forward {'$'\n' if [ -n "$pfx" ]; then - contents+=" ip6 saddr != $pfx/72 ip6 daddr $pfx/72 accept"$'\n' + contents+=" ip6 saddr != $pfx/76 ip6 daddr $pfx/76 accept"$'\n' fi contents+=' }'$'\n' contents+='}'$'\n' -- cgit v1.2.3 From cbd9ef029b2134af941a801715cf3b7281d21e95 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Thu, 4 Nov 2021 20:52:17 -0700 Subject: meta-google: gbmc-ncsi-config: Ignore deprecated addresses We plan to use deprecated addresses to allow for neighbor discovery, but they will be ignored by networkd and this script as to prevent misconfiguration. Change-Id: Ibc0bee71c19add79f05b5ce58b34d3175e2f6fbd Signed-off-by: William A. Kennington III --- meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in | 3 ++- meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in') diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in index 78af419c5..ce53b8efb 100644 --- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in @@ -87,7 +87,8 @@ gbmc_ncsi_br_pub_addr_hook() { gbmc_ncsi_br_pub_addr_init=1 gbmc_ncsi_br_pub_addr_update elif [ "$change" = 'addr' -a "$intf" = '@NCSI_IF@' ] && - [ "$scope" = 'global' -a "$fam" = 'inet6' ]; then + [ "$scope" = 'global' -a "$fam" = 'inet6' ] && + [[ "$flags" != *deprecated* ]]; then if [ "$action" = 'add' -a "$ip" != "$gbmc_ncsi_br_pub_addr_lastip" ]; then gbmc_ncsi_br_pub_addr_lastip="$ip" gbmc_ncsi_br_pub_addr_update diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in index fc8e8198a..7a630f5fe 100644 --- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in @@ -80,7 +80,8 @@ gbmc_ncsi_nft_hook() { if [ "$change" = 'init' ]; then gbmc_ncsi_nft_init=1 gbmc_ncsi_nft_update - elif [ "$change" = 'addr' -a "$intf" = '@NCSI_IF@' -a "$scope" = 'global' ]; then + elif [ "$change" = 'addr' -a "$intf" = '@NCSI_IF@' -a "$scope" = 'global' ] && + [[ "$flags" != *deprecated* ]]; then if [ "$fam" = 'inet6' ]; then local -n lastip='gbmc_ncsi_nft_lastip6' else -- cgit v1.2.3