From a22b4458fe6d64b5dcd60e00acaa0ff083f6f056 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Thu, 4 Nov 2021 22:57:43 -0700 Subject: meta-google: gbmc-bridge: Restrict network from /72 to /76 We can have multiple gBMC networks within one "machine". This allows us to have multiple address sets. Change-Id: I5b18b7822f50bb0570e1aa5a70ac47036694d922 Signed-off-by: William A. Kennington III --- meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in | 2 +- meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in | 6 +++--- meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) (limited to 'meta-google') diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in index 961da5095..b04f2aa8f 100644 --- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in @@ -56,7 +56,7 @@ ValidLifetimeSec=60 Route=$ncsi_pfx/80 LifetimeSec=60 [Route] -Destination=$stateless_pfx/72 +Destination=$stateless_pfx/76 Type=unreachable Metric=1024 EOF diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in index d07b9e2f0..fc8e8198a 100644 --- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in @@ -54,15 +54,15 @@ gbmc_ncsi_nft_update() { if (( ${#ip_bytes[@]} != 0 )); then ip_bytes[8]=0xfd pfx="$(ip_bytes_to_str ip_bytes)" - contents+=" ip6 saddr != $pfx/72 ip6 daddr" - contents+=" $pfx/72 goto ncsi_gbmc_br_pub_input"$'\n' + contents+=" ip6 saddr != $pfx/76 ip6 daddr" + contents+=" $pfx/76 goto ncsi_gbmc_br_pub_input"$'\n' fi fi contents+=' }'$'\n' contents+=' chain ncsi_forward {'$'\n' if [ -n "$pfx" ]; then - contents+=" ip6 saddr != $pfx/72 ip6 daddr $pfx/72 accept"$'\n' + contents+=" ip6 saddr != $pfx/76 ip6 daddr $pfx/76 accept"$'\n' fi contents+=' }'$'\n' contents+='}'$'\n' diff --git a/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh b/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh index 19b8f64a1..980f7b6d6 100644 --- a/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh +++ b/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh @@ -48,7 +48,7 @@ gbmc_br_nft_hook() { gbmc_br_nft_update # Match only global IP addresses on the bridge that match the BMC prefix # (:fdxx:). So 2002:af4:3480:2248:fd02:6345:3069:9186 would become - # a 2002:af4:3480:2248:fd00/72 rule. + # a 2002:af4:3480:2248:fd00/76 rule. elif [ "$change" = 'addr' -a "$intf" = 'gbmcbr' -a "$scope" = 'global' ] && [[ "$fam" == 'inet6' && "$flags" != *tentative* ]]; then local ip_bytes=() @@ -63,7 +63,7 @@ gbmc_br_nft_hook() { for (( i=9; i<16; i++ )); do ip_bytes[$i]=0 done - pfx="$(ip_bytes_to_str ip_bytes)/72" + pfx="$(ip_bytes_to_str ip_bytes)/76" if [ "$action" = "add" -a "$pfx" != "$gbmc_br_nft_pfx" ]; then gbmc_br_nft_pfx="$pfx" gbmc_br_nft_update -- cgit v1.2.3