diff options
Diffstat (limited to 'meta-google')
4 files changed, 50 insertions, 1 deletions
diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-dhcrelay.service.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-dhcrelay.service.in index 5e03455422..62a519a2da 100644 --- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-dhcrelay.service.in +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-dhcrelay.service.in @@ -7,7 +7,7 @@ StartLimitBurst=3 [Service] Restart=always RestartSec=5 -ExecStart=/usr/sbin/dhcrelay -d --no-pid -rp 3967 -l gbmcncsidhcp -u @NCSI_IF@ +ExecStart=/usr/sbin/dhcrelay -d --no-pid -rp 3967 -l gbmcncsidhcp -u ff02::1:2%%@NCSI_IF@ [Install] WantedBy=multi-user.target diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.sh.in index 2788f7f19d..bd2f2becc9 100755 --- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.sh.in +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.sh.in @@ -83,6 +83,10 @@ EOF if [ "$(systemctl is-active systemd-networkd)" != 'inactive' ]; then networkctl reload && networkctl reconfigure gbmcbr "$NCSI_IF" || true fi + + # DHCP Relay workaround until alternate source port is supported + # TODO: Remove this once internal relaying cleanups land + gbmc-ncsi-smartnic-wa.sh || true } w=60 diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-smartnic-wa.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-smartnic-wa.sh.in new file mode 100644 index 0000000000..a6f5cca626 --- /dev/null +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-smartnic-wa.sh.in @@ -0,0 +1,39 @@ +#!/bin/bash +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +override=/run/systemd/system/gbmc-ncsi-dhcrelay.service.d/10-nosp.conf +mkdir -p "$(dirname "$override")" +echo '[Service]' >"$override" +echo 'ExecStart=' >>"$override" +# Remove the source relay port from the relay, bringing it back to run on +# the default port 547. Our relays don't support the source port option needed +# to run on 3967 for our legacy NICs. +systemctl cat gbmc-ncsi-dhcrelay | grep '^ExecStart=' | sed 's, -rp 3967,,' >>"$override" +systemctl daemon-reload +systemctl reset-failed gbmc-ncsi-dhcrelay +systemctl restart --no-block gbmc-ncsi-dhcrelay + +read -r -d '' contents <<EOF +table inet filter { + chain ncsi_legacy_input { + udp dport 547 accept + } +} +EOF +rfile=/run/nftables/60-gbmc-ncsi-ra.rules +mkdir -p "$(dirname "$rfile")" +printf '%s' "$contents" >"$rfile" +systemctl reset-failed nftables +systemctl --no-block reload-or-restart nftables diff --git a/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb b/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb index 0312f05023..b761b161af 100644 --- a/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb +++ b/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb @@ -14,6 +14,7 @@ SRC_URI += " \ file://gbmc-ncsi-dhcrelay.service.in \ file://gbmc-ncsi-ip-from-ra.service.in \ file://gbmc-ncsi-ip-from-ra.sh.in \ + file://gbmc-ncsi-smartnic-wa.sh.in \ file://gbmc-ncsi-sslh.socket.in \ file://gbmc-ncsi-sslh.service \ file://gbmc-ncsi-nft.sh.in \ @@ -126,6 +127,11 @@ do_install:append() { >${WORKDIR}/gbmc-ncsi-ip-from-ra.sh install -d -m0755 ${D}${libexecdir} install -m0755 ${WORKDIR}/gbmc-ncsi-ip-from-ra.sh ${D}${libexecdir}/ + + sed "s,@NCSI_IF@,$if_name,g" ${WORKDIR}/gbmc-ncsi-smartnic-wa.sh.in \ + >${WORKDIR}/gbmc-ncsi-smartnic-wa.sh + install -d -m0755 ${D}${bindir} + install -m0755 ${WORKDIR}/gbmc-ncsi-smartnic-wa.sh ${D}${bindir}/ } do_rm_work:prepend() { |