| William A. Kennington III | 71fc189 | 2021-12-13 14:32:20 -0800 | [diff] [blame] | 1 | #!/bin/bash |
| 2 | # Copyright 2021 Google LLC |
| 3 | # |
| 4 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | # you may not use this file except in compliance with the License. |
| 6 | # You may obtain a copy of the License at |
| 7 | # |
| 8 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | # |
| 10 | # Unless required by applicable law or agreed to in writing, software |
| 11 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | # See the License for the specific language governing permissions and |
| 14 | # limitations under the License. |
| 15 | |
| William A. Kennington III | 95e2e99 | 2023-11-08 17:13:19 -0800 | [diff] [blame] | 16 | HAS_DHCRELAY='@GBMC_NCSI_DHCP_RELAY@' |
| 17 | |
| 18 | if [ "$HAS_DHCRELAY" = 1 ]; then |
| 19 | override=/run/systemd/system/gbmc-ncsi-dhcrelay.service.d/10-nosp.conf |
| 20 | mkdir -p "$(dirname "$override")" |
| 21 | echo '[Service]' >"$override" |
| 22 | echo 'ExecStart=' >>"$override" |
| 23 | # Remove the source relay port from the relay, bringing it back to run on |
| 24 | # the default port 547. Our relays don't support the source port option needed |
| 25 | # to run on 3967 for our legacy NICs. |
| 26 | grep '^ExecStart=' /lib/systemd/system/gbmc-ncsi-dhcrelay.service | \ |
| 27 | sed 's, -rp 3967,,' >>"$override" |
| 28 | fi |
| William A. Kennington III | a8d4047 | 2022-01-25 16:13:00 -0800 | [diff] [blame] | 29 | |
| 30 | override=/run/systemd/system/gbmc-br-dhcp.service.d/10-direct.conf |
| 31 | mkdir -p "$(dirname "$override")" |
| 32 | echo '[Service]' >"$override" |
| 33 | echo 'ExecStart=' >>"$override" |
| 34 | # Switch the gbmcbr interface for the NCSI one to avoid passing the SOLICIT |
| 35 | # message through the BMC relay. |
| William A. Kennington III | d5a68df | 2022-06-29 16:55:07 -0700 | [diff] [blame] | 36 | grep '^ExecStart=' /lib/systemd/system/gbmc-br-dhcp.service | \ |
| 37 | sed 's, -i gbmcbr, -i @NCSI_IF@,' >>"$override" |
| William A. Kennington III | a8d4047 | 2022-01-25 16:13:00 -0800 | [diff] [blame] | 38 | |
| William A. Kennington III | 71fc189 | 2021-12-13 14:32:20 -0800 | [diff] [blame] | 39 | systemctl daemon-reload |
| William A. Kennington III | 95e2e99 | 2023-11-08 17:13:19 -0800 | [diff] [blame] | 40 | if [ "$HAS_DHCRELAY" = 1 ]; then |
| 41 | systemctl reset-failed gbmc-ncsi-dhcrelay |
| 42 | systemctl restart --no-block gbmc-ncsi-dhcrelay |
| 43 | fi |
| William A. Kennington III | a8d4047 | 2022-01-25 16:13:00 -0800 | [diff] [blame] | 44 | systemctl reset-failed gbmc-br-dhcp |
| 45 | systemctl restart --no-block gbmc-br-dhcp |
| William A. Kennington III | 71fc189 | 2021-12-13 14:32:20 -0800 | [diff] [blame] | 46 | |
| 47 | read -r -d '' contents <<EOF |
| 48 | table inet filter { |
| 49 | chain ncsi_legacy_input { |
| William A. Kennington III | a8d4047 | 2022-01-25 16:13:00 -0800 | [diff] [blame] | 50 | udp dport {546,547} accept |
| William A. Kennington III | 71fc189 | 2021-12-13 14:32:20 -0800 | [diff] [blame] | 51 | } |
| 52 | } |
| 53 | EOF |
| 54 | rfile=/run/nftables/60-gbmc-ncsi-ra.rules |
| 55 | mkdir -p "$(dirname "$rfile")" |
| 56 | printf '%s' "$contents" >"$rfile" |
| 57 | systemctl reset-failed nftables |
| 58 | systemctl --no-block reload-or-restart nftables |