diff options
author | William A. Kennington III <wak@google.com> | 2021-05-07 13:25:25 +0300 |
---|---|---|
committer | William A. Kennington III <wak@google.com> | 2021-05-10 22:11:03 +0300 |
commit | 4f233cd0f430af2172ec4e596f70181a8c6f62ef (patch) | |
tree | 0239f1f3e8cc711106c23e0a5dd30334ee33e1ec | |
parent | 70264b98c0362f850c3122966995db8ce4e8f0e8 (diff) | |
download | openbmc-4f233cd0f430af2172ec4e596f70181a8c6f62ef.tar.xz |
meta-google: gbmc-bridge: Look at IP bytes instead of regex
Change-Id: Ie3a20df633346692039103edc882e202b7c3309b
Signed-off-by: William A. Kennington III <wak@google.com>
-rw-r--r-- | meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-gw-src.sh | 13 | ||||
-rw-r--r-- | meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh | 15 |
2 files changed, 23 insertions, 5 deletions
diff --git a/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-gw-src.sh b/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-gw-src.sh index 1364efd7b7..f765b0d106 100644 --- a/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-gw-src.sh +++ b/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-gw-src.sh @@ -14,6 +14,8 @@ [ -z "${gbmc_br_gw_src_lib-}" ] || return +source /usr/share/network/lib.sh || exit + gbmc_br_gw_src_ip= declare -A gbmc_br_gw_src_routes=() @@ -48,8 +50,15 @@ gbmc_br_gw_src_hook() { # prefix (<mpfx>:fd00:). So 2002:af4:3480:2248:fd00:6345:3069:9186 would be # matched as the preferred source IP for outoging traffic. elif [ "$change" = 'addr' -a "$intf" = 'gbmcbr' -a "$scope" = 'global' ] && - [[ "$fam" == 'inet6' && "$ip" =~ ^([^:]+:){4}fd00:.*$ ]] && - [[ "$flags" != *tentative* ]]; then + [[ "$fam" == 'inet6' && "$flags" != *tentative* ]]; then + local ip_bytes=() + if ! ip_to_bytes ip_bytes "$ip"; then + echo "gBMC Bridge Ensure RA Invalid IP: $ip" >&2 + return 1 + fi + if (( ip_bytes[9] != 0xfd || ip_bytes[10] != 0 )); then + return 0 + fi if [ "$action" = 'add' -a "$ip" != "$gbmc_br_gw_src_ip" ]; then gbmc_br_gw_src_ip="$ip" gbmc_br_gw_src_update diff --git a/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh b/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh index 2099185e8d..185d78b816 100644 --- a/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh +++ b/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh @@ -14,6 +14,8 @@ [ -z "${gbmc_br_nft_lib-}" ] || return +source /usr/share/network/lib.sh || exit + gbmc_br_nft_init= gbmc_br_nft_pfx= @@ -48,9 +50,16 @@ gbmc_br_nft_hook() { # (<mpfx>:fdxx:). So 2002:af4:3480:2248:fd02:6345:3069:9186 would become # a 2002:af4:3480:2248:fd00/72 rule. elif [ "$change" = 'addr' -a "$intf" = 'gbmcbr' -a "$scope" = 'global' ] && - [[ "$fam" == 'inet6' && "$ip" =~ ^(([^:]+:){4}fd)[^:]{2}:.*$ ]] && - [[ "$flags" != *tentative* ]]; then - pfx="${BASH_REMATCH[1]}00::/72" + [[ "$fam" == 'inet6' && "$flags" != *tentative* ]]; then + local ip_bytes=() + if ! ip_to_bytes ip_bytes "$ip"; then + echo "gBMC Bridge NFT Invalid IP: $ip" >&2 + return 1 + fi + if (( ip_bytes[9] != 0xfd )); then + return 0 + fi + pfx="$(printf '%02x%02x:%02x%02x:%02x%02x:%02x%02x:fd00::/72' "${ip_bytes[@]}")" if [ "$action" = "add" -a "$pfx" != "$gbmc_br_nft_pfx" ]; then gbmc_br_nft_pfx="$pfx" gbmc_br_nft_update |