2019-06-22 13:13:15 +08:00
|
|
|
[Unit]
|
|
|
|
|
Description=Tango Frontend Engine - Running Environment Setup
|
2019-09-07 21:33:02 +08:00
|
|
|
Before=tsgkni.service
|
2019-09-05 11:37:37 +08:00
|
|
|
Wants=network-online.target
|
2019-09-26 14:27:20 +08:00
|
|
|
After=network-online.target
|
2019-06-22 13:13:15 +08:00
|
|
|
|
|
|
|
|
[Service]
|
|
|
|
|
EnvironmentFile=/etc/sysconfig/tfe-env-config
|
|
|
|
|
Type=oneshot
|
|
|
|
|
RemainAfterExit=yes
|
|
|
|
|
|
|
|
|
|
# all works are done in execstartpre, this is only a fake target
|
|
|
|
|
ExecStart=/bin/true
|
|
|
|
|
ExecStop=/bin/true
|
|
|
|
|
|
|
|
|
|
ExecStartPost=/usr/sbin/ip link set ${TFE_DEVICE_DATA_INCOMING} address ${TFE_LOCAL_MAC_DATA_INCOMING}
|
|
|
|
|
ExecStartPost=/usr/sbin/ip link set ${TFE_DEVICE_DATA_INCOMING} up
|
|
|
|
|
ExecStartPost=/usr/sbin/ip addr flush dev ${TFE_DEVICE_DATA_INCOMING}
|
|
|
|
|
ExecStartPost=/usr/sbin/ip addr add ${TFE_LOCAL_IP_DATA_INCOMING}/30 dev ${TFE_DEVICE_DATA_INCOMING}
|
|
|
|
|
ExecStartPost=/usr/sbin/ip neigh flush dev ${TFE_DEVICE_DATA_INCOMING}
|
|
|
|
|
ExecStartPost=/usr/sbin/ip neigh add ${TFE_PEER_IP_DATA_INCOMING} lladdr ${TFE_PEER_MAC_DATA_INCOMING} dev ${TFE_DEVICE_DATA_INCOMING} nud permanent
|
2021-04-28 14:14:56 +08:00
|
|
|
ExecStartPost=/usr/sbin/ip6tables -A INPUT -i ${TFE_DEVICE_DATA_INCOMING} -m bpf --bytecode '17,48 0 0 0,84 0 0 240,21 0 13 96,48 0 0 6,21 0 11 6,40 0 0 4,37 0 9 24,48 0 0 52,84 0 0 240,116 0 0 2,53 0 5 24,48 0 0 60,21 0 3 88,48 0 0 61,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
|
|
|
|
|
ExecStartPost=/usr/sbin/iptables -A INPUT -i ${TFE_DEVICE_DATA_INCOMING} -m bpf --bytecode '18,48 0 0 0,84 0 0 240,21 0 14 64,48 0 0 9,21 0 12 6,40 0 0 6,69 10 0 8191,177 0 0 0,80 0 0 12,84 0 0 240,116 0 0 2,53 0 5 24,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
|
2019-06-22 13:13:15 +08:00
|
|
|
|
|
|
|
|
# policy route
|
|
|
|
|
ExecStartPost=/usr/sbin/ip rule add iif ${TFE_DEVICE_DATA_INCOMING} tab 100
|
|
|
|
|
ExecStartPost=/usr/sbin/ip route add local default dev lo table 100
|
|
|
|
|
ExecStartPost=/usr/sbin/ip rule add fwmark 0x65 lookup 101
|
|
|
|
|
ExecStartPost=/usr/sbin/ip route add default dev ${TFE_DEVICE_DATA_INCOMING} via ${TFE_PEER_IP_DATA_INCOMING} table 101
|
|
|
|
|
|
|
|
|
|
# policy route v6
|
|
|
|
|
ExecStartPost=/usr/sbin/ip addr add fd00::02/64 dev ${TFE_DEVICE_DATA_INCOMING}
|
|
|
|
|
ExecStartPost=/usr/sbin/ip -6 rule add iif ${TFE_DEVICE_DATA_INCOMING} tab 102
|
|
|
|
|
ExecStartPost=/usr/sbin/ip -6 route add local default dev lo table 102
|
2022-12-20 16:59:55 +08:00
|
|
|
ExecStartPost=/usr/sbin/ip -6 rule add fwmark 0x65 lookup 202
|
2022-12-28 14:29:32 +08:00
|
|
|
ExecStartPost=/usr/sbin/ip -6 route add default dev ${TFE_DEVICE_DATA_INCOMING} via fd00::01 table 202
|
2019-06-22 13:13:15 +08:00
|
|
|
ExecStartPost=/usr/sbin/ip -6 neigh add fd00::01 lladdr ${TFE_PEER_MAC_DATA_INCOMING} dev ${TFE_DEVICE_DATA_INCOMING} nud permanent
|
|
|
|
|
|
|
|
|
|
# stop
|
2021-04-28 14:14:56 +08:00
|
|
|
ExecStopPost=/usr/sbin/ip6tables -D INPUT -i ${TFE_DEVICE_DATA_INCOMING} -m bpf --bytecode '17,48 0 0 0,84 0 0 240,21 0 13 96,48 0 0 6,21 0 11 6,40 0 0 4,37 0 9 24,48 0 0 52,84 0 0 240,116 0 0 2,53 0 5 24,48 0 0 60,21 0 3 88,48 0 0 61,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
|
|
|
|
|
ExecStopPost=/usr/sbin/iptables -D INPUT -i ${TFE_DEVICE_DATA_INCOMING} -m bpf --bytecode '18,48 0 0 0,84 0 0 240,21 0 14 64,48 0 0 9,21 0 12 6,40 0 0 6,69 10 0 8191,177 0 0 0,80 0 0 12,84 0 0 240,116 0 0 2,53 0 5 24,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
|
2019-06-22 13:13:15 +08:00
|
|
|
ExecStopPost=/usr/sbin/ip rule del iif ${TFE_DEVICE_DATA_INCOMING} tab 100
|
|
|
|
|
ExecStopPost=/usr/sbin/ip route del local default dev lo table 100
|
|
|
|
|
ExecStopPost=/usr/sbin/ip rule del fwmark 0x65 lookup 101
|
|
|
|
|
ExecStopPost=/usr/sbin/ip route del default dev ${TFE_DEVICE_DATA_INCOMING} via ${TFE_PEER_IP_DATA_INCOMING} table 101
|
2022-12-20 16:59:55 +08:00
|
|
|
ExecStopPost=/usr/sbin/ip -6 rule del fwmark 0x65 lookup 202
|
2022-12-28 14:29:32 +08:00
|
|
|
ExecStopPost=/usr/sbin/ip -6 route del default dev ${TFE_DEVICE_DATA_INCOMING} via fd00::01 table 202
|
2019-06-22 13:13:15 +08:00
|
|
|
ExecStopPost=/usr/sbin/ip -6 rule del iif ${TFE_DEVICE_DATA_INCOMING} tab 102
|
|
|
|
|
ExecStopPost=/usr/sbin/ip -6 route del local default dev lo table 102
|
|
|
|
|
ExecStopPost=/usr/sbin/ip addr del fd00::02/64 dev ${TFE_DEVICE_DATA_INCOMING}
|
|
|
|
|
ExecStopPost=/usr/sbin/ip link set ${TFE_DEVICE_DATA_INCOMING} down
|
2022-12-20 16:59:55 +08:00
|
|
|
|
2022-12-23 13:58:44 +08:00
|
|
|
#############################################################
|
|
|
|
|
## Add Decrypted Traffic Steering Policy Route
|
|
|
|
|
############################################################
|
|
|
|
|
#
|
2022-12-26 10:47:43 +08:00
|
|
|
#ExecStartPost=/usr/sbin/ip link add dev ${STEERING_CLIENT_DEV_NAME} type veth peer name veth_internal
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip link add dev ${STEERING_SERVER_DEV_NAME} type veth peer name veth_external
|
|
|
|
|
#
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip link set ${STEERING_CLIENT_DEV_NAME} address ${STEERING_CLIENT_DEV_MAC}
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip link set ${STEERING_SERVER_DEV_NAME} address ${STEERING_SERVER_DEV_MAC}
|
|
|
|
|
#
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip link set veth_internal up
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip link set veth_external up
|
|
|
|
|
#
|
2022-12-23 13:58:44 +08:00
|
|
|
#ExecStartPost=/usr/sbin/ethtool --offload ${STEERING_CLIENT_DEV_NAME} rx off tx off
|
|
|
|
|
#ExecStartPost=/usr/sbin/ethtool --offload ${STEERING_SERVER_DEV_NAME} rx off tx off
|
|
|
|
|
#
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip link set ${STEERING_CLIENT_DEV_NAME} up
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip link set ${STEERING_SERVER_DEV_NAME} up
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip addr flush dev ${STEERING_CLIENT_DEV_NAME}
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip addr flush dev ${STEERING_SERVER_DEV_NAME}
|
|
|
|
|
#
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip addr add 2.2.2.2/24 dev ${STEERING_CLIENT_DEV_NAME}
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip addr add 3.3.3.3/24 dev ${STEERING_SERVER_DEV_NAME}
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip -4 neigh flush dev ${STEERING_CLIENT_DEV_NAME}
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip -4 neigh flush dev ${STEERING_SERVER_DEV_NAME}
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip -4 neigh add 2.2.2.1 lladdr ${STEERING_SERVER_DEV_MAC} dev ${STEERING_CLIENT_DEV_NAME} nud permanent
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip -4 neigh add 3.3.3.1 lladdr ${STEERING_CLIENT_DEV_MAC} dev ${STEERING_SERVER_DEV_NAME} nud permanent
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip -4 rule add fwmark 0x11 lookup 111
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip -4 rule add fwmark 0x22 lookup 222
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip -4 route add default dev ${STEERING_CLIENT_DEV_NAME} via 2.2.2.1 table 111
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip -4 route add default dev ${STEERING_SERVER_DEV_NAME} via 3.3.3.1 table 222
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip -4 rule add iif ${STEERING_CLIENT_DEV_NAME} tab 100
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip -4 rule add iif ${STEERING_SERVER_DEV_NAME} tab 100
|
|
|
|
|
#
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip addr add fd02::02/64 dev ${STEERING_CLIENT_DEV_NAME}
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip addr add fd03::03/64 dev ${STEERING_SERVER_DEV_NAME}
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip -6 neigh flush dev ${STEERING_CLIENT_DEV_NAME}
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip -6 neigh flush dev ${STEERING_SERVER_DEV_NAME}
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip -6 neigh add fd02::01 lladdr ${STEERING_SERVER_DEV_MAC} dev ${STEERING_CLIENT_DEV_NAME} nud permanent
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip -6 neigh add fd03::01 lladdr ${STEERING_CLIENT_DEV_MAC} dev ${STEERING_SERVER_DEV_NAME} nud permanent
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip -6 rule add fwmark 0x11 lookup 333
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip -6 rule add fwmark 0x22 lookup 444
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip -6 route add default dev ${STEERING_CLIENT_DEV_NAME} via fd02::01 table 333
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip -6 route add default dev ${STEERING_SERVER_DEV_NAME} via fd03::01 table 444
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip -6 rule add iif ${STEERING_CLIENT_DEV_NAME} tab 102
|
|
|
|
|
#ExecStartPost=/usr/sbin/ip -6 rule add iif ${STEERING_SERVER_DEV_NAME} tab 102
|
|
|
|
|
#
|
|
|
|
|
############################################################
|
|
|
|
|
## Del Decrypted Traffic Steering Policy Route
|
|
|
|
|
############################################################
|
|
|
|
|
#
|
|
|
|
|
#ExecStopPost=/usr/sbin/ip -6 rule del iif ${STEERING_CLIENT_DEV_NAME} tab 102
|
|
|
|
|
#ExecStopPost=/usr/sbin/ip -6 rule del iif ${STEERING_SERVER_DEV_NAME} tab 102
|
|
|
|
|
#ExecStopPost=/usr/sbin/ip -6 route del default dev ${STEERING_CLIENT_DEV_NAME} via fd02::01 table 333
|
|
|
|
|
#ExecStopPost=/usr/sbin/ip -6 route del default dev ${STEERING_SERVER_DEV_NAME} via fd03::01 table 444
|
|
|
|
|
#ExecStopPost=/usr/sbin/ip -6 rule del fwmark 0x11 lookup 333
|
|
|
|
|
#ExecStopPost=/usr/sbin/ip -6 rule del fwmark 0x22 lookup 444
|
|
|
|
|
#ExecStopPost=/usr/sbin/ip -6 neigh del fd02::01 lladdr ${STEERING_SERVER_DEV_MAC} dev ${STEERING_CLIENT_DEV_NAME} nud permanent
|
|
|
|
|
#ExecStopPost=/usr/sbin/ip -6 neigh del fd03::01 lladdr ${STEERING_CLIENT_DEV_MAC} dev ${STEERING_SERVER_DEV_NAME} nud permanent
|
|
|
|
|
#ExecStopPost=/usr/sbin/ip addr del fd02::02/64 dev ${STEERING_CLIENT_DEV_NAME}
|
|
|
|
|
#ExecStopPost=/usr/sbin/ip addr del fd03::03/64 dev ${STEERING_SERVER_DEV_NAME}
|
|
|
|
|
#
|
|
|
|
|
#ExecStopPost=/usr/sbin/ip -4 rule del iif ${STEERING_CLIENT_DEV_NAME} tab 100
|
|
|
|
|
#ExecStopPost=/usr/sbin/ip -4 rule del iif ${STEERING_SERVER_DEV_NAME} tab 100
|
|
|
|
|
#ExecStopPost=/usr/sbin/ip -4 route del default dev ${STEERING_CLIENT_DEV_NAME} via 2.2.2.1 table 111
|
|
|
|
|
#ExecStopPost=/usr/sbin/ip -4 route del default dev ${STEERING_SERVER_DEV_NAME} via 3.3.3.1 table 222
|
|
|
|
|
#ExecStopPost=/usr/sbin/ip -4 rule del fwmark 0x11 lookup 111
|
|
|
|
|
#ExecStopPost=/usr/sbin/ip -4 rule del fwmark 0x22 lookup 222
|
|
|
|
|
#ExecStopPost=/usr/sbin/ip -4 neigh del 2.2.2.1 lladdr ${STEERING_SERVER_DEV_MAC} dev ${STEERING_CLIENT_DEV_NAME} nud permanent
|
|
|
|
|
#ExecStopPost=/usr/sbin/ip -4 neigh del 3.3.3.1 lladdr ${STEERING_CLIENT_DEV_MAC} dev ${STEERING_SERVER_DEV_NAME} nud permanent
|
|
|
|
|
#ExecStopPost=/usr/sbin/ip -4 addr del 2.2.2.2/24 dev ${STEERING_CLIENT_DEV_NAME}
|
|
|
|
|
#ExecStopPost=/usr/sbin/ip -4 addr del 3.3.3.3/24 dev ${STEERING_SERVER_DEV_NAME}
|
|
|
|
|
#
|
|
|
|
|
#ExecStopPost=/usr/sbin/ip link set ${STEERING_CLIENT_DEV_NAME} down
|
|
|
|
|
#ExecStopPost=/usr/sbin/ip link set ${STEERING_SERVER_DEV_NAME} down
|
2022-12-26 10:47:43 +08:00
|
|
|
#
|
|
|
|
|
#ExecStopPost=/usr/sbin/ip link set veth_internal down
|
|
|
|
|
#ExecStopPost=/usr/sbin/ip link set veth_external down
|
|
|
|
|
#
|
|
|
|
|
#ExecStopPost=/usr/sbin/ip link del dev ${STEERING_CLIENT_DEV_NAME} type veth peer name veth_internal
|
|
|
|
|
#ExecStopPost=/usr/sbin/ip link del dev ${STEERING_SERVER_DEV_NAME} type veth peer name veth_external
|
2019-06-22 13:13:15 +08:00
|
|
|
|
|
|
|
|
[Install]
|
2019-09-05 11:37:37 +08:00
|
|
|
RequiredBy=tfe.service
|
2019-06-22 13:13:15 +08:00
|
|
|
WantedBy=multi-user.target
|
