diff options
| author | William A. Kennington III <wak@google.com> | 2021-12-14 01:32:20 +0300 |
|---|---|---|
| committer | William A. Kennington III <wak@google.com> | 2022-01-28 02:50:00 +0300 |
| commit | 71fc1893b0d2c01c4bc649c06720b223bbfa3ec8 (patch) | |
| tree | febc0222da15b7207b0daf702fd8f1d699736577 /meta-google | |
| parent | 068d85be1cb6c628aff92eb103f648a9e42172e5 (diff) | |
| download | openbmc-71fc1893b0d2c01c4bc649c06720b223bbfa3ec8.tar.xz | |
meta-google: gbmc-ncsi-config: DHCP workaround
We need a workaround for some well known configurations where it is safe
to use the default DHCP source port for sending relayed messages. Some
of our upstream server and relay software does not understand alternate
ports.
This will be removed when that support is fully available.
Change-Id: I24ea031c23556c62a26875dddac25708b6b8de79
Signed-off-by: William A. Kennington III <wak@google.com>
Diffstat (limited to 'meta-google')
4 files changed, 50 insertions, 1 deletions
diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-dhcrelay.service.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-dhcrelay.service.in index 5e03455422..62a519a2da 100644 --- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-dhcrelay.service.in +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-dhcrelay.service.in @@ -7,7 +7,7 @@ StartLimitBurst=3 [Service] Restart=always RestartSec=5 -ExecStart=/usr/sbin/dhcrelay -d --no-pid -rp 3967 -l gbmcncsidhcp -u @NCSI_IF@ +ExecStart=/usr/sbin/dhcrelay -d --no-pid -rp 3967 -l gbmcncsidhcp -u ff02::1:2%%@NCSI_IF@ [Install] WantedBy=multi-user.target diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.sh.in index 2788f7f19d..bd2f2becc9 100755 --- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.sh.in +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.sh.in @@ -83,6 +83,10 @@ EOF if [ "$(systemctl is-active systemd-networkd)" != 'inactive' ]; then networkctl reload && networkctl reconfigure gbmcbr "$NCSI_IF" || true fi + + # DHCP Relay workaround until alternate source port is supported + # TODO: Remove this once internal relaying cleanups land + gbmc-ncsi-smartnic-wa.sh || true } w=60 diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-smartnic-wa.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-smartnic-wa.sh.in new file mode 100644 index 0000000000..a6f5cca626 --- /dev/null +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-smartnic-wa.sh.in @@ -0,0 +1,39 @@ +#!/bin/bash +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +override=/run/systemd/system/gbmc-ncsi-dhcrelay.service.d/10-nosp.conf +mkdir -p "$(dirname "$override")" +echo '[Service]' >"$override" +echo 'ExecStart=' >>"$override" +# Remove the source relay port from the relay, bringing it back to run on +# the default port 547. Our relays don't support the source port option needed +# to run on 3967 for our legacy NICs. +systemctl cat gbmc-ncsi-dhcrelay | grep '^ExecStart=' | sed 's, -rp 3967,,' >>"$override" +systemctl daemon-reload +systemctl reset-failed gbmc-ncsi-dhcrelay +systemctl restart --no-block gbmc-ncsi-dhcrelay + +read -r -d '' contents <<EOF +table inet filter { + chain ncsi_legacy_input { + udp dport 547 accept + } +} +EOF +rfile=/run/nftables/60-gbmc-ncsi-ra.rules +mkdir -p "$(dirname "$rfile")" +printf '%s' "$contents" >"$rfile" +systemctl reset-failed nftables +systemctl --no-block reload-or-restart nftables diff --git a/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb b/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb index 0312f05023..b761b161af 100644 --- a/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb +++ b/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb @@ -14,6 +14,7 @@ SRC_URI += " \ file://gbmc-ncsi-dhcrelay.service.in \ file://gbmc-ncsi-ip-from-ra.service.in \ file://gbmc-ncsi-ip-from-ra.sh.in \ + file://gbmc-ncsi-smartnic-wa.sh.in \ file://gbmc-ncsi-sslh.socket.in \ file://gbmc-ncsi-sslh.service \ file://gbmc-ncsi-nft.sh.in \ @@ -126,6 +127,11 @@ do_install:append() { >${WORKDIR}/gbmc-ncsi-ip-from-ra.sh install -d -m0755 ${D}${libexecdir} install -m0755 ${WORKDIR}/gbmc-ncsi-ip-from-ra.sh ${D}${libexecdir}/ + + sed "s,@NCSI_IF@,$if_name,g" ${WORKDIR}/gbmc-ncsi-smartnic-wa.sh.in \ + >${WORKDIR}/gbmc-ncsi-smartnic-wa.sh + install -d -m0755 ${D}${bindir} + install -m0755 ${WORKDIR}/gbmc-ncsi-smartnic-wa.sh ${D}${bindir}/ } do_rm_work:prepend() { |