Gitiles
Code Review Sign In
gerrit.openbmc.org / mdmillerii / openbmc / 8bd3a6f7acdd6134afee90064a05832f755e4cbf^! / .
commit8bd3a6f7acdd6134afee90064a05832f755e4cbf[log] [tgz]
authorWilliam A. Kennington III <wak@google.com>Tue Sep 10 16:44:23 2024 -0700
committerWilliam A. Kennington III <wak@google.com>Fri Sep 13 04:34:03 2024 +0000
treead536575d3b89a4f8a4e1c2d2936009e001a56e9
parent280f77127d1b42a5b72ef99e0c9d822ff2f932a3 [diff]
meta-google: gbmc-ncsi-config: Add route policy

If an external NIC is used, this will fix the triangle routing scenario
so that traffic directed down the NCSI path will return on the NCSI
path, instead of taking the default route.

Change-Id: I53054563dd4f121950fcc20d2fdf8b118f5c50be
Signed-off-by: William A. Kennington III <wak@google.com>

diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-deprecated-ips.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-deprecated-ips.sh.in
index 1e2db45..93c6b27 100644
--- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-deprecated-ips.sh.in
+++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-deprecated-ips.sh.in

@@ -22,6 +22,8 @@
 gbmc_ncsi_br_deprecated_ips_lastncsi=
 gbmc_ncsi_br_deprecated_ips_confncsi=
 
+GBMC_NCSI_ROUTE_TABLE=900
+
 gbmc_ncsi_br_deprecated_ips_update() {
   [ -n "$gbmc_ncsi_br_deprecated_ips_init" ] || return
   [ "$gbmc_ncsi_br_deprecated_ips_confip" != "$gbmc_ncsi_br_deprecated_ips_lastip" ] || \
@@ -62,6 +64,10 @@
 IPv6ProxyNDPAddress=$stateless_pfx
 ${host_pfx:+IPv6ProxyNDPAddress=}$host_pfx
 ${stateless_ip:+IPv6ProxyNDPAddress=}$stateless_ip
+[RoutingPolicyRule]
+From=$pfx/76
+Table=$GBMC_NCSI_ROUTE_TABLE
+Priority=$GBMC_NCSI_ROUTE_TABLE
 EOF
     read -r -d '' nfcontents <<EOF
 table inet filter {
@@ -92,6 +98,7 @@
   while read -r entry; do
     ip -6 neigh del proxy ${entry%% *} dev @NCSI_IF@ || true
   done < <(ip -6 neigh show proxy dev @NCSI_IF@)
+  ip -6 rule del pref $GBMC_NCSI_ROUTE_TABLE 2>/dev/null || true
 
   local st=0
   if [ -n "$gbmc_ncsi_br_deprecated_ips_lastip" ]; then
@@ -104,6 +111,8 @@
     if [ -n "$stateless_ip" ]; then
       ip -6 neigh add proxy $stateless_ip dev @NCSI_IF@ || st=$?
     fi
+    ip -6 rule add pref $GBMC_NCSI_ROUTE_TABLE from $pfx/76 \
+      lookup $GBMC_NCSI_ROUTE_TABLE || st=$?
   fi
 
   if (( st != 0 )); then

diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ra.sh b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ra.sh
index 014b3b7..34c59ab 100644
--- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ra.sh
+++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ra.sh

@@ -17,12 +17,23 @@
 IP_OFFSET=1
 # NCSI is known to be closer to the ToR than bridge routes. Prefer over bridge routes.
 ROUTE_METRIC=900
+ROUTE_TABLE=900
 
 update_rtr() {
   busctl set-property xyz.openbmc_project.Network /xyz/openbmc_project/network/"$RA_IF" \
     xyz.openbmc_project.Network.EthernetInterface DefaultGateway6 s "" || true
 
   default_update_rtr "$@"
+
+  # Add additional gateway information
+  for file in /run/systemd/network/{00,}-bmc-$RA_IF.network; do
+    mkdir -p "$file.d"
+    printf '[Route]\nGateway=%s\nGatewayOnLink=true\nTable=%d' \
+      "$rtr" "$ROUTE_TABLE" >"$file.d"/10-gateway-table.conf
+  done
+
+  ip -6 route replace default via "$rtr" onlink dev "$RA_IF" table "$ROUTE_TABLE" || \
+    networkctl reload && networkctl reconfigure "$RA_IF"
 }
 
 ncsi_is_active() {