diff options
author | P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com> | 2022-03-30 23:46:16 +0300 |
---|---|---|
committer | P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com> | 2022-03-30 23:46:16 +0300 |
commit | 2af35ee50ce9918ee3626c59f2cff62cd3ab9568 (patch) | |
tree | bcc218f953c63222bff793a788b7922b9e39fb88 /meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in | |
parent | 7cf0c1cd0ce835d1833509b7b911e8a97380278b (diff) | |
parent | 9248c75b142fa11243c20f4d200a04e4f6395b51 (diff) | |
download | openbmc-2af35ee50ce9918ee3626c59f2cff62cd3ab9568.tar.xz |
Merge tag '1-0.91' of github.com:intel-innersource/firmware.bmc.openbmc.yocto.openbmc into update
Diffstat (limited to 'meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in')
-rw-r--r-- | meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in | 29 |
1 files changed, 1 insertions, 28 deletions
diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in index 7a630f5fe..074ec5785 100644 --- a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-nft.sh.in @@ -35,45 +35,18 @@ gbmc_ncsi_nft_update() { fi local ip6="$gbmc_ncsi_nft_lastip6" - local pfx= if [ -n "$ip6" ]; then contents+=" ip6 daddr $ip6/128 goto ncsi_legacy_input"$'\n' - - local ip_bytes=() - ip_to_bytes ip_bytes "$ip6" - # If our address has enough spare bits for appending the BMC suffix - # then we add a rule that allows the BMC subnet. That is, we need a /64 - # as input. - local i - for (( i = 8; i < 16; i++ )); do - if (( ip_bytes[$i] != 0 )); then - ip_bytes=() - break - fi - done - if (( ${#ip_bytes[@]} != 0 )); then - ip_bytes[8]=0xfd - pfx="$(ip_bytes_to_str ip_bytes)" - contents+=" ip6 saddr != $pfx/76 ip6 daddr" - contents+=" $pfx/76 goto ncsi_gbmc_br_pub_input"$'\n' - fi fi contents+=' }'$'\n' - contents+=' chain ncsi_forward {'$'\n' - if [ -n "$pfx" ]; then - contents+=" ip6 saddr != $pfx/76 ip6 daddr $pfx/76 accept"$'\n' - fi - contents+=' }'$'\n' contents+='}'$'\n' local rfile=/run/nftables/40-gbmc-ncsi-in.rules mkdir -p -m 755 "$(dirname "$rfile")" printf '%s' "$contents" >"$rfile" - echo 'Restarting nftables' >&2 - systemctl reset-failed nftables - systemctl --no-block restart nftables + systemctl reset-failed nftables && systemctl --no-block reload-or-restart nftables || true } gbmc_ncsi_nft_hook() { |