From 9674509e803564061f868f732d571f3ce0485756 Mon Sep 17 00:00:00 2001
From: "William A. Kennington III" <wak@google.com>
Date: Fri, 6 Aug 2021 00:06:42 -0700
Subject: meta-google: gbmc-ncsi-config: Add relay support for the bridge

We may have multiple BMCs running on the internal gbmcbr network via USB
links to attached trays. These BMCs do not have a direct connection to
the network, and require the NCSI BMC to relay all of their traffic
(including DHCP) out opf the machine. This patch enables dhcrelay to run
on the NCSI interface and proxy all DHCP traffic from the bridge out of
the machine.

Change-Id: I60f97ae2d64289c7b706b3d0a6c8fb79a931e485
Signed-off-by: William A. Kennington III <wak@google.com>
---
 .../recipes-google/ncsi/files/-bmc-gbmcbrncsidhcp.netdev    |  5 +++++
 .../recipes-google/ncsi/files/-bmc-gbmcbrncsidhcp.network   |  4 ++++
 .../recipes-google/ncsi/files/-bmc-gbmcncsidhcp.netdev      |  5 +++++
 .../recipes-google/ncsi/files/-bmc-gbmcncsidhcp.network     |  9 +++++++++
 meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in |  6 ++++++
 .../recipes-google/ncsi/files/gbmc-ncsi-dhcrelay.service.in | 13 +++++++++++++
 6 files changed, 42 insertions(+)
 create mode 100644 meta-google/recipes-google/ncsi/files/-bmc-gbmcbrncsidhcp.netdev
 create mode 100644 meta-google/recipes-google/ncsi/files/-bmc-gbmcbrncsidhcp.network
 create mode 100644 meta-google/recipes-google/ncsi/files/-bmc-gbmcncsidhcp.netdev
 create mode 100644 meta-google/recipes-google/ncsi/files/-bmc-gbmcncsidhcp.network
 create mode 100644 meta-google/recipes-google/ncsi/files/gbmc-ncsi-dhcrelay.service.in

(limited to 'meta-google/recipes-google/ncsi/files')

diff --git a/meta-google/recipes-google/ncsi/files/-bmc-gbmcbrncsidhcp.netdev b/meta-google/recipes-google/ncsi/files/-bmc-gbmcbrncsidhcp.netdev
new file mode 100644
index 000000000..58f13bd46
--- /dev/null
+++ b/meta-google/recipes-google/ncsi/files/-bmc-gbmcbrncsidhcp.netdev
@@ -0,0 +1,5 @@
+[NetDev]
+Name=gbmcbrncsidhcp
+Kind=veth
+[Peer]
+Name=gbmcncsidhcp
diff --git a/meta-google/recipes-google/ncsi/files/-bmc-gbmcbrncsidhcp.network b/meta-google/recipes-google/ncsi/files/-bmc-gbmcbrncsidhcp.network
new file mode 100644
index 000000000..5474bffab
--- /dev/null
+++ b/meta-google/recipes-google/ncsi/files/-bmc-gbmcbrncsidhcp.network
@@ -0,0 +1,4 @@
+[Match]
+Name=gbmcbrncsidhcp
+[Network]
+Bridge=gbmcbr
diff --git a/meta-google/recipes-google/ncsi/files/-bmc-gbmcncsidhcp.netdev b/meta-google/recipes-google/ncsi/files/-bmc-gbmcncsidhcp.netdev
new file mode 100644
index 000000000..08235aac0
--- /dev/null
+++ b/meta-google/recipes-google/ncsi/files/-bmc-gbmcncsidhcp.netdev
@@ -0,0 +1,5 @@
+[NetDev]
+Name=gbmcncsidhcp
+Kind=veth
+[Peer]
+Name=gbmcbrncsidhcp
diff --git a/meta-google/recipes-google/ncsi/files/-bmc-gbmcncsidhcp.network b/meta-google/recipes-google/ncsi/files/-bmc-gbmcncsidhcp.network
new file mode 100644
index 000000000..868d24b7e
--- /dev/null
+++ b/meta-google/recipes-google/ncsi/files/-bmc-gbmcncsidhcp.network
@@ -0,0 +1,9 @@
+[Match]
+Name=gbmcncsidhcp
+[Network]
+DHCP=false
+IPv6AcceptRA=false
+LLMNR=false
+MulticastDNS=false
+LinkLocalAddressing=ipv6
+Address=fdb5:0481:10ce::1/64
diff --git a/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in b/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in
index 938dca34b..f71272010 100644
--- a/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in
+++ b/meta-google/recipes-google/ncsi/files/50-gbmc-ncsi.rules.in
@@ -31,4 +31,10 @@ table inet filter {
         ip6 daddr fdb5:0481:10ce::/64 drop
         ip6 saddr fdb5:0481:10ce::/64 drop
     }
+    chain ncsi_dhcp_input {
+        type filter hook input priority 0; policy drop;
+        iifname != ncsigbmc accept
+        ip6 nexthdr icmpv6 accept
+        udp dport 547 accept
+    }
 }
diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-dhcrelay.service.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-dhcrelay.service.in
new file mode 100644
index 000000000..5e0345542
--- /dev/null
+++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-dhcrelay.service.in
@@ -0,0 +1,13 @@
+[Unit]
+Description=gBMC DHCP Relay Agent Daemon
+After=network.target
+StartLimitIntervalSec=10
+StartLimitBurst=3
+
+[Service]
+Restart=always
+RestartSec=5
+ExecStart=/usr/sbin/dhcrelay -d --no-pid -rp 3967 -l gbmcncsidhcp -u @NCSI_IF@
+
+[Install]
+WantedBy=multi-user.target
-- 
cgit v1.2.3