commit a22b4458fe6d64b5dcd60e00acaa0ff083f6f056
author William A. Kennington III <wak@google.com> Thu Nov 04 22:57:43 2021 -0700
committer William A. Kennington III <wak@google.com> Fri Nov 05 16:40:16 2021 -0700
tree 5fd005c626d3ac57ff93ebd2cb01ee6b143ab7ab
parent 60a33d67f938e70844e06faaf33baf3ee06e1728

meta-google: gbmc-bridge: Restrict network from /72 to /76

We can have multiple gBMC networks within one "machine". This allows us
to have multiple address sets.

Change-Id: I5b18b7822f50bb0570e1aa5a70ac47036694d922
Signed-off-by: William A. Kennington III <wak@google.com>

meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in

diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in
index 961da50..b04f2aa 100644
--- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in
+++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-pub-addr.sh.in
@@ -56,7 +56,7 @@
 Route=$ncsi_pfx/80
 LifetimeSec=60
 [Route]
-Destination=$stateless_pfx/72
+Destination=$stateless_pfx/76
 Type=unreachable
 Metric=1024
 EOF

meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in

diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in
index d07b9e2..fc8e819 100644
--- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in
+++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in
@@ -54,15 +54,15 @@
     if (( ${#ip_bytes[@]} != 0 )); then
       ip_bytes[8]=0xfd
       pfx="$(ip_bytes_to_str ip_bytes)"
-      contents+="        ip6 saddr != $pfx/72 ip6 daddr"
-      contents+=" $pfx/72 goto ncsi_gbmc_br_pub_input"$'\n'
+      contents+="        ip6 saddr != $pfx/76 ip6 daddr"
+      contents+=" $pfx/76 goto ncsi_gbmc_br_pub_input"$'\n'
     fi
   fi
 
   contents+='    }'$'\n'
   contents+='    chain ncsi_forward {'$'\n'
   if [ -n "$pfx" ]; then
-    contents+="        ip6 saddr != $pfx/72 ip6 daddr $pfx/72 accept"$'\n'
+    contents+="        ip6 saddr != $pfx/76 ip6 daddr $pfx/76 accept"$'\n'
   fi
   contents+='    }'$'\n'
   contents+='}'$'\n'

meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh

diff --git a/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh b/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh
index 19b8f64..980f7b6 100644
--- a/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh
+++ b/meta-google/recipes-google/networking/gbmc-bridge/gbmc-br-nft.sh
@@ -48,7 +48,7 @@
     gbmc_br_nft_update
   # Match only global IP addresses on the bridge that match the BMC prefix
   # (<mpfx>:fdxx:). So 2002:af4:3480:2248:fd02:6345:3069:9186 would become
-  # a 2002:af4:3480:2248:fd00/72 rule.
+  # a 2002:af4:3480:2248:fd00/76 rule.
   elif [ "$change" = 'addr' -a "$intf" = 'gbmcbr' -a "$scope" = 'global' ] &&
        [[ "$fam" == 'inet6' && "$flags" != *tentative* ]]; then
     local ip_bytes=()
@@ -63,7 +63,7 @@
     for (( i=9; i<16; i++ )); do
       ip_bytes[$i]=0
     done
-    pfx="$(ip_bytes_to_str ip_bytes)/72"
+    pfx="$(ip_bytes_to_str ip_bytes)/76"
     if [ "$action" = "add" -a "$pfx" != "$gbmc_br_nft_pfx" ]; then
       gbmc_br_nft_pfx="$pfx"
       gbmc_br_nft_update