Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / meta-phosphor / 62a4b6cde3046a2439bdcef79a6ac85fd6684194
commit62a4b6cde3046a2439bdcef79a6ac85fd6684194[log] [tgz]
authorVernon Mauery <vernon.mauery@linux.intel.com>Fri Apr 12 13:56:52 2019 -0700
committerBrad Bishop <bradleyb@fuzziesquirrel.com>Fri Apr 26 13:40:30 2019 +0000
tree012f502d50cf65ea0100b5776d13d376fe13989a
parent3f8b40d3001f38302e6eea3db97266f221279c36 [diff]
Enable reverse-path filter for IPv4

/proc/sys/net/ipv4/conf/*/rp_filter enforces filtering of packets to
make sure that only packets that match the route can be sent on an
interface. This is recommended for reducing IP spoofing as will as
allowing for proper UDP behavior when multiple configured NICs have the
same subnet.

This is needed for the upcoming change of phosphor-ipmi-net, were its
socket file uses the bind-to-device option to be able to bind each
instance to a single network interface.  This allows each RMCP+ bridge
to accept only incoming packets on that interface. But in order to do
this with two NICs on the same subnet, reverse-path filtering must be
enabled in the kernel.

Change-Id: Iaae5783f8d30d8fc524ef3e19e776c75fe25bbfd
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
2 files changed
tree: 012f502d50cf65ea0100b5776d13d376fe13989a
  1. aspeed-layer/
  2. classes/
  3. conf/
  4. nuvoton-layer/
  5. recipes-connectivity/
  6. recipes-core/
  7. recipes-devtools/
  8. recipes-extended/
  9. recipes-graphics/
  10. recipes-phosphor/
  11. recipes-protocols/
  12. recipes-support/
  13. recipes-textproc/
  14. COPYING.apache-2.0
  15. COPYING.MIT
  16. LICENSE
  17. MAINTAINERS
  18. README.md
  19. recipes.txt
README.md

OpenBMC

meta-phosphor is the OpenBMC layer. This layer should be included for all OpenBMC systems. The OpenBMC layer contains content which is shared between all OpenBMC systems.