meta-google: gbmc-ncsi-config: DHCP workaround
We need a workaround for some well known configurations where it is safe
to use the default DHCP source port for sending relayed messages. Some
of our upstream server and relay software does not understand alternate
ports.
This will be removed when that support is fully available.
Change-Id: I24ea031c23556c62a26875dddac25708b6b8de79
Signed-off-by: William A. Kennington III <wak@google.com>
diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-dhcrelay.service.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-dhcrelay.service.in
index 5e03455..62a519a 100644
--- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-dhcrelay.service.in
+++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-dhcrelay.service.in
@@ -7,7 +7,7 @@
[Service]
Restart=always
RestartSec=5
-ExecStart=/usr/sbin/dhcrelay -d --no-pid -rp 3967 -l gbmcncsidhcp -u @NCSI_IF@
+ExecStart=/usr/sbin/dhcrelay -d --no-pid -rp 3967 -l gbmcncsidhcp -u ff02::1:2%%@NCSI_IF@
[Install]
WantedBy=multi-user.target
diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.sh.in
index 2788f7f..bd2f2be 100755
--- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.sh.in
+++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-ip-from-ra.sh.in
@@ -83,6 +83,10 @@
if [ "$(systemctl is-active systemd-networkd)" != 'inactive' ]; then
networkctl reload && networkctl reconfigure gbmcbr "$NCSI_IF" || true
fi
+
+ # DHCP Relay workaround until alternate source port is supported
+ # TODO: Remove this once internal relaying cleanups land
+ gbmc-ncsi-smartnic-wa.sh || true
}
w=60
diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-smartnic-wa.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-smartnic-wa.sh.in
new file mode 100644
index 0000000..a6f5cca
--- /dev/null
+++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-smartnic-wa.sh.in
@@ -0,0 +1,39 @@
+#!/bin/bash
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+override=/run/systemd/system/gbmc-ncsi-dhcrelay.service.d/10-nosp.conf
+mkdir -p "$(dirname "$override")"
+echo '[Service]' >"$override"
+echo 'ExecStart=' >>"$override"
+# Remove the source relay port from the relay, bringing it back to run on
+# the default port 547. Our relays don't support the source port option needed
+# to run on 3967 for our legacy NICs.
+systemctl cat gbmc-ncsi-dhcrelay | grep '^ExecStart=' | sed 's, -rp 3967,,' >>"$override"
+systemctl daemon-reload
+systemctl reset-failed gbmc-ncsi-dhcrelay
+systemctl restart --no-block gbmc-ncsi-dhcrelay
+
+read -r -d '' contents <<EOF
+table inet filter {
+ chain ncsi_legacy_input {
+ udp dport 547 accept
+ }
+}
+EOF
+rfile=/run/nftables/60-gbmc-ncsi-ra.rules
+mkdir -p "$(dirname "$rfile")"
+printf '%s' "$contents" >"$rfile"
+systemctl reset-failed nftables
+systemctl --no-block reload-or-restart nftables
diff --git a/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb b/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb
index 0312f05..b761b16 100644
--- a/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb
+++ b/meta-google/recipes-google/ncsi/gbmc-ncsi-config.bb
@@ -14,6 +14,7 @@
file://gbmc-ncsi-dhcrelay.service.in \
file://gbmc-ncsi-ip-from-ra.service.in \
file://gbmc-ncsi-ip-from-ra.sh.in \
+ file://gbmc-ncsi-smartnic-wa.sh.in \
file://gbmc-ncsi-sslh.socket.in \
file://gbmc-ncsi-sslh.service \
file://gbmc-ncsi-nft.sh.in \
@@ -126,6 +127,11 @@
>${WORKDIR}/gbmc-ncsi-ip-from-ra.sh
install -d -m0755 ${D}${libexecdir}
install -m0755 ${WORKDIR}/gbmc-ncsi-ip-from-ra.sh ${D}${libexecdir}/
+
+ sed "s,@NCSI_IF@,$if_name,g" ${WORKDIR}/gbmc-ncsi-smartnic-wa.sh.in \
+ >${WORKDIR}/gbmc-ncsi-smartnic-wa.sh
+ install -d -m0755 ${D}${bindir}
+ install -m0755 ${WORKDIR}/gbmc-ncsi-smartnic-wa.sh ${D}${bindir}/
}
do_rm_work:prepend() {