[ebtbles] Replace binary config file to text config file for ebtables (…

…#5252) Issue: Binary ebtables config file is CPU arch dependent Fix: Load the text config during firsttime boot and Generate the binary persistent atomic file Signed-off-by: Antony Rheneus <arheneus@marvell.com>
sonic-net · Jan 28, 2021 · e9d3d96 · e9d3d96
1 parent cc998f3
commit e9d3d96
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 2 deletions.
diff --git a/build_debian.sh b/build_debian.sh
@@ -466,8 +466,12 @@ if [ "${enable_organization_extensions}" = "y" ]; then
 fi
 
 ## Setup ebtable rules (rule file is in binary format)
-sudo sed -i 's/EBTABLES_LOAD_ON_START="no"/EBTABLES_LOAD_ON_START="yes"/g' ${FILESYSTEM_ROOT}/etc/default/ebtables
-sudo cp files/image_config/ebtables/ebtables.filter ${FILESYSTEM_ROOT}/etc
+sudo cp -f files/image_config/ebtables/ebtables.default $FILESYSTEM_ROOT/etc/default/ebtables
+sudo cp -f files/image_config/ebtables/ebtables.init $FILESYSTEM_ROOT/etc/init.d/ebtables
+sudo cp -f files/image_config/ebtables/ebtables.service $FILESYSTEM_ROOT/lib/systemd/system/ebtables.service
+sudo cp files/image_config/ebtables/ebtables.filter.cfg ${FILESYSTEM_ROOT}/etc
+sudo LANG=C chroot $FILESYSTEM_ROOT update-alternatives --set ebtables /usr/sbin/ebtables-legacy
+sudo LANG=C chroot $FILESYSTEM_ROOT systemctl enable ebtables.service
 
 ## Debug Image specific changes
 ## Update motd for debug image

diff --git a/files/image_config/ebtables/ebtables.filter b/files/image_config/ebtables/ebtables.filter
diff --git a/files/image_config/ebtables/ebtables.filter.cfg b/files/image_config/ebtables/ebtables.filter.cfg
@@ -0,0 +1,11 @@
+# SONiC ebtables filter table configuration
+# Generated using ebtables-save
+
+*filter
+:INPUT ACCEPT
+:FORWARD ACCEPT
+:OUTPUT ACCEPT
+-A FORWARD -d BGA -j DROP
+-A FORWARD -p ARP -j DROP
+-A FORWARD -p 802_1Q --vlan-encap ARP -j DROP
+
diff --git a/files/image_config/platform/rc.local b/files/image_config/platform/rc.local
@@ -186,6 +186,13 @@ program_console_speed()
     systemctl daemon-reload
 }
 
+ebtables_config()
+{
+    # Generate atomic config file and save it persistent
+    /usr/sbin/ebtables-restore < /etc/ebtables.filter.cfg
+    /usr/sbin/ebtables -t filter --atomic-file /etc/ebtables.filter --atomic-save
+}
+
 #### Begin Main Body ####
 
 logger "SONiC version ${SONIC_VERSION} starting up..."
@@ -355,6 +362,9 @@ if [ -f $FIRST_BOOT_FILE ]; then
     # Create dir where following scripts put their output files
     mkdir -p /var/platform
 
+    # Firsttime ebtables configuration
+    ebtables_config
+
     firsttime_exit
 fi