meta-google: gbmc-bridge: Add package This adds a machine local ethernet network which allows BMCs to communicate with one another. Change-Id: I5e0ace231af02d84f7678b8241b5ec71823e86af Signed-off-by: William A. Kennington III <wak@google.com>

commit: 832f02b111487b37e71c0170795cb0db6ce1732a [log] [tgz]
author: William A. Kennington III <wak@google.com> Fri Apr 23 12:53:36 2021 -0700
committer: William A. Kennington III <wak@google.com> Fri May 07 01:09:53 2021 +0000
tree: 651a4b956784ca96bc04297ceb10818114bca086
parent: 29dfcd8a0f2124d1b2e331683012548f7d416515 [diff] [blame]
diff --git a/meta-google/recipes-google/networking/gbmc-bridge/50-gbmc-br.rules b/meta-google/recipes-google/networking/gbmc-bridge/50-gbmc-br.rules
new file mode 100644
index 0000000..1a5e633
--- /dev/null
+++ b/meta-google/recipes-google/networking/gbmc-bridge/50-gbmc-br.rules

@@ -0,0 +1,27 @@
+table bridge filter {
+  chain gbmc_br_prerouting {
+    type filter hook prerouting priority 0;
+    iifname != gbmcbr accept
+    # Sometimes our links are over NCSI and we don't want to broadcast
+    # those packets over the entire bridge. They are only relevant P2P.
+    ether type 0x88F8 drop
+  }
+}
+
+table inet filter {
+  chain gbmc_br_input {
+    type filter hook input priority 0; policy drop;
+    iifname != gbmcbr accept
+    jump gbmc_br_int_input
+    jump gbmc_br_pub_input
+    reject
+  }
+  chain gbmc_br_int_input {
+    ip6 daddr ff00::/8 accept
+    ip6 daddr fe80::/64 accept
+    ip6 daddr fdb5:0481:10ce::/64 accept
+  }
+  chain gbmc_br_pub_input {
+    ip6 nexthdr icmpv6 accept
+  }
+}
commit	832f02b111487b37e71c0170795cb0db6ce1732a	[log] [tgz]
author	William A. Kennington III <wak@google.com>	Fri Apr 23 12:53:36 2021 -0700
committer	William A. Kennington III <wak@google.com>	Fri May 07 01:09:53 2021 +0000
tree	651a4b956784ca96bc04297ceb10818114bca086
parent	29dfcd8a0f2124d1b2e331683012548f7d416515 [diff] [blame]