From 21514827d8fcb5c3a6edcf302dee483670eb3dfe Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Sun, 24 Oct 2021 00:04:56 -0700 Subject: meta-google: gbmc-bridge: Don't enable DHCPv6 Just turning DHCP off via the DHCP= option is not enough. If you use IPv6AcceptRA=true you need to also disable the DHCPv6Client= in the IPv6AcceptRA section. Change-Id: I6e2e6e3f9b9395bd690f3d1a8915fac5061a0b25 Signed-off-by: William A. Kennington III --- .../recipes-google/networking/gbmc-bridge/-bmc-gbmcbr.network.in | 2 ++ 1 file changed, 2 insertions(+) (limited to 'meta-google/recipes-google/networking/gbmc-bridge') diff --git a/meta-google/recipes-google/networking/gbmc-bridge/-bmc-gbmcbr.network.in b/meta-google/recipes-google/networking/gbmc-bridge/-bmc-gbmcbr.network.in index c6097bbdb..afea5cca7 100644 --- a/meta-google/recipes-google/networking/gbmc-bridge/-bmc-gbmcbr.network.in +++ b/meta-google/recipes-google/networking/gbmc-bridge/-bmc-gbmcbr.network.in @@ -7,3 +7,5 @@ IPv6AcceptRA=true LLMNR=true MulticastDNS=true LinkLocalAddressing=ipv6 +[IPv6AcceptRA] +DHCPv6Client=false -- cgit v1.2.3 From a22b4458fe6d64b5dcd60e00acaa0ff083f6f056 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Thu, 4 Nov 2021 22:57:43 -0700 Subject: meta-google: gbmc-bridge: Restrict network from /72 to /76 We can have multiple gBMC networks within one "machine". This allows us to have multiple address sets. Change-Id: I5b18b7822f50bb0570e1aa5a70ac47036694d922 Signed-off-by: William A. Kennington III --- meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in | 2 +- meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in | 6 +++--- meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) (limited to 'meta-google/recipes-google/networking/gbmc-bridge') diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in index 961da5095..b04f2aa8f 100644 --- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in @@ -56,7 +56,7 @@ ValidLifetimeSec=60 Route=$ncsi_pfx/80 LifetimeSec=60 [Route] -Destination=$stateless_pfx/72 +Destination=$stateless_pfx/76 Type=unreachable Metric=1024 EOF diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in index d07b9e2f0..fc8e8198a 100644 --- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in @@ -54,15 +54,15 @@ gbmc_ncsi_nft_update() { if (( ${#ip_bytes[@]} != 0 )); then ip_bytes[8]=0xfd pfx="$(ip_bytes_to_str ip_bytes)" - contents+=" ip6 saddr != $pfx/72 ip6 daddr" - contents+=" $pfx/72 goto ncsi_gbmc_br_pub_input"$'\n' + contents+=" ip6 saddr != $pfx/76 ip6 daddr" + contents+=" $pfx/76 goto ncsi_gbmc_br_pub_input"$'\n' fi fi contents+=' }'$'\n' contents+=' chain ncsi_forward {'$'\n' if [ -n "$pfx" ]; then - contents+=" ip6 saddr != $pfx/72 ip6 daddr $pfx/72 accept"$'\n' + contents+=" ip6 saddr != $pfx/76 ip6 daddr $pfx/76 accept"$'\n' fi contents+=' }'$'\n' contents+='}'$'\n' diff --git a/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh b/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh index 19b8f64a1..980f7b6d6 100644 --- a/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh +++ b/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh @@ -48,7 +48,7 @@ gbmc_br_nft_hook() { gbmc_br_nft_update # Match only global IP addresses on the bridge that match the BMC prefix # (:fdxx:). So 2002:af4:3480:2248:fd02:6345:3069:9186 would become - # a 2002:af4:3480:2248:fd00/72 rule. + # a 2002:af4:3480:2248:fd00/76 rule. elif [ "$change" = 'addr' -a "$intf" = 'gbmcbr' -a "$scope" = 'global' ] && [[ "$fam" == 'inet6' && "$flags" != *tentative* ]]; then local ip_bytes=() @@ -63,7 +63,7 @@ gbmc_br_nft_hook() { for (( i=9; i<16; i++ )); do ip_bytes[$i]=0 done - pfx="$(ip_bytes_to_str ip_bytes)/72" + pfx="$(ip_bytes_to_str ip_bytes)/76" if [ "$action" = "add" -a "$pfx" != "$gbmc_br_nft_pfx" ]; then gbmc_br_nft_pfx="$pfx" gbmc_br_nft_update -- cgit v1.2.3 From 58ac4343a47e69e6c23f7f3128b6da1b9d922a91 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Fri, 5 Nov 2021 04:15:36 -0700 Subject: meta-google: gbmc-bridge: Defer address reconfiguration Reconfiguring network interfaces immediately after detecting changes may not allow them enough time to settle. Without waiting, we might pre-emptively assume the configuration is changing even though networkd is just flushing and resetting the interface with the same config. Change-Id: I6a6858578d0499305fe2a3d3592dc73533bb02f1 Signed-off-by: William A. Kennington III --- .../recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in | 9 +++++++-- .../recipes-google/networking/gbmc-bridge/gbmc-br-from-ra.sh | 10 ++++++---- 2 files changed, 13 insertions(+), 6 deletions(-) (limited to 'meta-google/recipes-google/networking/gbmc-bridge') diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in index ce53b8efb..5adc41328 100644 --- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in @@ -16,9 +16,12 @@ gbmc_ncsi_br_pub_addr_init= gbmc_ncsi_br_pub_addr_lastip= +gbmc_ncsi_br_pub_addr_confip= gbmc_ncsi_br_pub_addr_update() { [ -n "$gbmc_ncsi_br_pub_addr_init" ] || return + [ "$gbmc_ncsi_br_pub_addr_confip" != "$gbmc_ncsi_br_pub_addr_lastip" ] || return + gbmc_ncsi_br_pub_addr_confip="$gbmc_ncsi_br_pub_addr_lastip" printf 'gBMC Bridge Pub Addr from NCSI: %s\n' \ "${gbmc_ncsi_br_pub_addr_lastip:-(deleted)}" >&2 @@ -85,17 +88,19 @@ EOF gbmc_ncsi_br_pub_addr_hook() { if [ "$change" = 'init' ]; then gbmc_ncsi_br_pub_addr_init=1 + gbmc_ip_monitor_defer + elif [ "$change" = 'defer' ]; then gbmc_ncsi_br_pub_addr_update elif [ "$change" = 'addr' -a "$intf" = '@NCSI_IF@' ] && [ "$scope" = 'global' -a "$fam" = 'inet6' ] && [[ "$flags" != *deprecated* ]]; then if [ "$action" = 'add' -a "$ip" != "$gbmc_ncsi_br_pub_addr_lastip" ]; then gbmc_ncsi_br_pub_addr_lastip="$ip" - gbmc_ncsi_br_pub_addr_update + gbmc_ip_monitor_defer fi if [ "$action" = 'del' -a "$ip" = "$gbmc_ncsi_br_pub_addr_lastip" ]; then gbmc_ncsi_br_pub_addr_lastip= - gbmc_ncsi_br_pub_addr_update + gbmc_ip_monitor_defer fi fi } diff --git a/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-from-ra.sh b/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-from-ra.sh index 18341fefb..a9bfd74af 100644 --- a/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-from-ra.sh +++ b/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-from-ra.sh @@ -67,26 +67,28 @@ gbmc_br_from_ra_update() { gbmc_br_from_ra_hook() { if [ "$change" = 'init' ]; then gbmc_br_from_ra_init=1 + gbmc_ip_monitor_defer + elif [ "$change" = 'defer' ]; then gbmc_br_from_ra_update elif [[ "$change" == 'route' && "$route" != *' via '* ]] && [[ "$route" =~ ^(.* dev gbmcbr proto ra .*)( +expires +([^ ]+)sec).*$ ]]; then pfx="${route%% *}" if [ "$action" = 'add' ]; then gbmc_br_from_ra_pfxs["$pfx"]="${BASH_REMATCH[3]}" - gbmc_br_from_ra_update + gbmc_ip_monitor_defer elif [ "$action" = 'del' ]; then gbmc_br_from_ra_pfxs["$pfx"]=0 - gbmc_br_from_ra_update + gbmc_ip_monitor_defer fi elif [ "$change" = 'link' -a "$intf" = 'gbmcbr' ]; then rdisc6 -m gbmcbr -r 1 -w 100 >/dev/null 2>&1 if [ "$action" = 'add' -a "$mac" != "$gbmc_br_from_ra_mac" ]; then gbmc_br_from_ra_mac="$mac" - gbmc_br_from_ra_update + gbmc_ip_monitor_defer fi if [ "$action" = 'del' -a "$mac" = "$gbmc_br_from_ra_mac" ]; then gbmc_br_from_ra_mac= - gbmc_br_from_ra_update + gbmc_ip_monitor_defer fi fi } -- cgit v1.2.3