From f136fd06237d983140d189e92cd06b439df8ea5b Mon Sep 17 00:00:00 2001
From: "arheneus@marvell.com"
 <51254330+antony-rheneus@users.noreply.github.com>
Date: Fri, 4 Sep 2020 05:57:07 +0530
Subject: [PATCH] [ebtbles] Replace binary config file to text config file for
 ebtables (#5252)

Issue: Binary ebtables config file is CPU arch dependent
Fix: Load the text config during firsttime boot and
     Generate the binary persistent atomic file

Signed-off-by: Antony Rheneus <arheneus@marvell.com>
---
 build_debian.sh                                 |   2 +-
 files/image_config/ebtables/ebtables.filter     | Bin 840 -> 0 bytes
 files/image_config/ebtables/ebtables.filter.cfg |  11 +++++++++++
 files/image_config/platform/rc.local            |  10 ++++++++++
 4 files changed, 22 insertions(+), 1 deletion(-)
 delete mode 100644 files/image_config/ebtables/ebtables.filter
 create mode 100644 files/image_config/ebtables/ebtables.filter.cfg

diff --git a/build_debian.sh b/build_debian.sh
index c39a4b28b4b0..fa5984187b83 100755
--- a/build_debian.sh
+++ b/build_debian.sh
@@ -486,7 +486,7 @@ fi
 sudo cp -f files/image_config/ebtables/ebtables.default $FILESYSTEM_ROOT/etc/default/ebtables
 sudo cp -f files/image_config/ebtables/ebtables.init $FILESYSTEM_ROOT/etc/init.d/ebtables
 sudo cp -f files/image_config/ebtables/ebtables.service $FILESYSTEM_ROOT/lib/systemd/system/ebtables.service
-sudo cp files/image_config/ebtables/ebtables.filter ${FILESYSTEM_ROOT}/etc
+sudo cp files/image_config/ebtables/ebtables.filter.cfg ${FILESYSTEM_ROOT}/etc
 sudo LANG=C chroot $FILESYSTEM_ROOT update-alternatives --set ebtables /usr/sbin/ebtables-legacy
 sudo LANG=C chroot $FILESYSTEM_ROOT systemctl enable ebtables.service
 
diff --git a/files/image_config/ebtables/ebtables.filter b/files/image_config/ebtables/ebtables.filter
deleted file mode 100644
index dfe55672769d11ab45ac86336eb0db9bf5050126..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 840
zcmYex%qdANVqo}@t1thio&f{!0Y#XBcmWea%FRD0JYZA9p5>to3=L5Fz!nG}rs_Ws
zfb@Yd2so^Q$iwu3#60~1LPJ0dAW%!(0JfhI!iAF{b6^~hy^cXHFfN!j;(>7Of%-u#
zn7zUfVL0i7!+aB{{urn{TmzJ03YCX&85<4(86Z1At||bsL3jZW7ndaFr6d-m0GU_;
z2UPSQSSJGm%%2==5D9&OOA6S+--H(;?~6m;6e<t1G!x3m{!AVBHA2n1l^+OpAI#k_
z`;0&d1PGqukT-_PLsT&^AiHk?P!NPK0C8DPVjhsf31Hy|QozB+LUMS6^!bN|AQBu%
V00@i(AvA~trBz7GBE*Pg0RTI2ZQTF>

diff --git a/files/image_config/ebtables/ebtables.filter.cfg b/files/image_config/ebtables/ebtables.filter.cfg
new file mode 100644
index 000000000000..7a2dc5c8b6ec
--- /dev/null
+++ b/files/image_config/ebtables/ebtables.filter.cfg
@@ -0,0 +1,11 @@
+# SONiC ebtables filter table configuration
+# Generated using ebtables-save
+
+*filter
+:INPUT ACCEPT
+:FORWARD ACCEPT
+:OUTPUT ACCEPT
+-A FORWARD -d BGA -j DROP
+-A FORWARD -p ARP -j DROP
+-A FORWARD -p 802_1Q --vlan-encap ARP -j DROP
+
diff --git a/files/image_config/platform/rc.local b/files/image_config/platform/rc.local
index bf4e0b631cd9..a58d6197558f 100755
--- a/files/image_config/platform/rc.local
+++ b/files/image_config/platform/rc.local
@@ -123,6 +123,13 @@ program_console_speed()
     systemctl daemon-reload
 }
 
+ebtables_config()
+{
+    # Generate atomic config file and save it persistent
+    /usr/sbin/ebtables-restore < /etc/ebtables.filter.cfg
+    /usr/sbin/ebtables -t filter --atomic-file /etc/ebtables.filter --atomic-save
+}
+
 #### Begin Main Body ####
 
 logger "SONiC version ${SONIC_VERSION} starting up..."
@@ -341,6 +348,9 @@ if [ -f $FIRST_BOOT_FILE ]; then
     # Create dir where following scripts put their output files
     mkdir -p /var/platform
 
+    # Firsttime ebtables configuration
+    ebtables_config
+
     firsttime_exit
 fi