meta-google: gbmc-ncsi-config: Fix ND answering without bridge
We want to answer all of the possible BMC addresses for neighbor
discovery in cases where the bridge is not present on the BMC image.
Change-Id: Id8f0f929bbac2c8526a5ab87b410124357e4bd3d
Signed-off-by: William A. Kennington III <wak@google.com>
diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-deprecated-ips.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-deprecated-ips.sh.in
index d6bc9eb..a1b16ca 100644
--- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-deprecated-ips.sh.in
+++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-br-deprecated-ips.sh.in
@@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-[ -z "${gbmc_ncsi_br_deprecated_ips_lib-}" ] || return
+[ -n "${gbmc_ncsi_br_deprecated_ips_lib-}" ] && return
source /usr/share/network/lib.sh || exit
@@ -20,41 +20,12 @@
gbmc_ncsi_br_deprecated_ips_confip=
gbmc_ncsi_br_deprecated_ips_lastip=
-gbmc_ncsi_br_deprecated_ips_addr_contents() {
- local addr="$1"
-
- # If our address is assigned explicitly, don't mark it deprecated
- local line
- for line in $(grep '^Address=' /etc/systemd/network/*-bmc-@NCSI_IF@.network); do
- # Remove `Address=` on the input line
- local apfx="$(echo "$line" | sed 's,^[^=]*=,,')"
- # ip_pfx_concat is used to normalize the address string for comparison
- [[ "$addr/128" == "$(ip_pfx_concat "$apfx" ::)" ]] && return
- done
-
- cat <<EOF
-[Address]
-Address=$addr/128
-PreferredLifetime=0
-EOF
-}
-
-gbmc_ncsi_br_deprecated_ips_host_contents() {
- local addr="$1"
-
- cat <<EOF
-[Network]
-IPv6ProxyNDP=yes
-IPv6ProxyNDPAddress=$addr
-EOF
-}
-
gbmc_ncsi_br_deprecated_ips_update() {
[ -n "$gbmc_ncsi_br_deprecated_ips_init" ] || return
[ "$gbmc_ncsi_br_deprecated_ips_confip" != "$gbmc_ncsi_br_deprecated_ips_lastip" ] || return
gbmc_ncsi_br_deprecated_ips_confip="$gbmc_ncsi_br_deprecated_ips_lastip"
- printf 'gBMC Bridge NCSI Deprecated Addrs: %s\n' \
+ printf 'gBMC NCSI Deprecated Addrs: %s\n' \
"${gbmc_ncsi_br_deprecated_ips_lastip:-(deleted)}" >&2
local contents=
@@ -66,21 +37,29 @@
local pfx="$(ip_bytes_to_str pfx_bytes)"
(( pfx_bytes[9] &= 0xf0 ))
local stateless_pfx="$(ip_bytes_to_str pfx_bytes)"
- local gbmcbr_mac="$(ip link show gbmcbr | tail -n 1 | awk '{print $2}')"
- local gbmcbr_eui48="$(mac_to_eui48 "$gbmcbr_mac")"
- local stateless_ip="$(ip_pfx_concat "$stateless_pfx/80" "$gbmcbr_eui48")"
- stateless_ip="${stateless_ip%/*}"
+ local stateless_ip=
+ if [ -e /sys/class/net/gbmcbr ]; then
+ local gbmcbr_mac="$(ip link show gbmcbr | tail -n 1 | awk '{print $2}')"
+ local gbmcbr_eui48="$(mac_to_eui48 "$gbmcbr_mac")"
+ stateless_ip="$(ip_pfx_concat "$stateless_pfx/80" "$gbmcbr_eui48")"
+ stateless_ip="${stateless_ip%/*}"
+ fi
pfx_bytes[8]=0
pfx_bytes[9]=0
local host_pfx="$(ip_bytes_to_str pfx_bytes)"
- contents+="$(gbmc_ncsi_br_deprecated_ips_addr_contents "$pfx")"$'\n'
- contents+="$(gbmc_ncsi_br_deprecated_ips_addr_contents "$stateless_pfx")"$'\n'
- contents+="$(gbmc_ncsi_br_deprecated_ips_addr_contents "$stateless_ip")"$'\n'
- contents+="$(gbmc_ncsi_br_deprecated_ips_host_contents "$host_pfx")"$'\n'
+ read -r -d '' contents <<EOF
+[Network]
+IPv6ProxyNDP=yes
+IPv6ProxyNDPAddress=$pfx
+IPv6ProxyNDPAddress=$stateless_pfx
+IPv6ProxyNDPAddress=$host_pfx
+${stateless_ip:+IPv6ProxyNDPAddress=}$stateless_ip
+EOF
read -r -d '' nfcontents <<EOF
table inet filter {
chain ncsi_input {
ip6 saddr != $pfx/76 ip6 daddr $pfx/76 goto ncsi_gbmc_br_pub_input
+ ip6 daddr $host_pfx/64 goto ncsi_legacy_input
}
chain ncsi_forward {
ip6 saddr != $pfx/76 ip6 daddr $pfx/76 accept
@@ -123,8 +102,9 @@
gbmc_ip_monitor_defer
elif [ "$change" = 'defer' ]; then
gbmc_ncsi_br_deprecated_ips_update
- elif [ "$change" = 'addr' -a "$intf" = 'gbmcbr' ] &&
- [ "$scope" = 'global' -a "$fam" = 'inet6' ]; then
+ elif [ "$change" = 'addr' -a "$scope" = 'global' -a "$fam" = 'inet6' ] &&
+ [ "$intf" = 'gbmcbr' -o "$intf" = '@NCSI_IF@' ] &&
+ [[ "$flags" != *deprecated* ]]; then
local pfx_bytes=()
ip_to_bytes pfx_bytes "$ip" || return
# No ULA Addresses