From 68a8b6c94e81a977d4e29826ebd844be206d253a Mon Sep 17 00:00:00 2001
From: luwenpeng <luwenpeng@zdjizhi.com>
Date: Wed, 28 Apr 2021 14:14:56 +0800
Subject: [PATCH] =?UTF-8?q?TSG-6203=20=E4=BF=AE=E5=A4=8D=20iptables=20bpf?=
 =?UTF-8?q?=20bytecode=20=E6=97=A0=E6=B3=95=E6=AD=A3=E7=A1=AE=E8=AF=86?=
 =?UTF-8?q?=E5=88=AB=20IPv6=20=E9=A6=96=E5=8C=85=E7=9A=84=E9=97=AE?=
 =?UTF-8?q?=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 script/service/tfe-env.service | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/script/service/tfe-env.service b/script/service/tfe-env.service
index 252532e..f83ea4a 100644
--- a/script/service/tfe-env.service
+++ b/script/service/tfe-env.service
@@ -20,7 +20,8 @@ ExecStartPost=/usr/sbin/ip addr flush dev ${TFE_DEVICE_DATA_INCOMING}
 ExecStartPost=/usr/sbin/ip addr add ${TFE_LOCAL_IP_DATA_INCOMING}/30 dev ${TFE_DEVICE_DATA_INCOMING}
 ExecStartPost=/usr/sbin/ip neigh flush dev ${TFE_DEVICE_DATA_INCOMING}
 ExecStartPost=/usr/sbin/ip neigh add ${TFE_PEER_IP_DATA_INCOMING} lladdr ${TFE_PEER_MAC_DATA_INCOMING} dev ${TFE_DEVICE_DATA_INCOMING} nud permanent
-ExecStartPost=/usr/sbin/iptables -A INPUT -i ${TFE_DEVICE_DATA_INCOMING} -m bpf --bytecode '14,48 0 0 0,84 0 0 240,21 0 10 64,48 0 0 9,21 0 8 6,40 0 0 6,69 6 0 8191,177 0 0 0,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
+ExecStartPost=/usr/sbin/ip6tables -A INPUT -i ${TFE_DEVICE_DATA_INCOMING} -m bpf --bytecode '17,48 0 0 0,84 0 0 240,21 0 13 96,48 0 0 6,21 0 11 6,40 0 0 4,37 0 9 24,48 0 0 52,84 0 0 240,116 0 0 2,53 0 5 24,48 0 0 60,21 0 3 88,48 0 0 61,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
+ExecStartPost=/usr/sbin/iptables -A INPUT -i ${TFE_DEVICE_DATA_INCOMING} -m bpf --bytecode '18,48 0 0 0,84 0 0 240,21 0 14 64,48 0 0 9,21 0 12 6,40 0 0 6,69 10 0 8191,177 0 0 0,80 0 0 12,84 0 0 240,116 0 0 2,53 0 5 24,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
 
 # policy route
 ExecStartPost=/usr/sbin/ip rule add iif ${TFE_DEVICE_DATA_INCOMING} tab 100
@@ -36,7 +37,8 @@ ExecStartPost=/usr/sbin/ip -6 route add local default dev lo table 102
 ExecStartPost=/usr/sbin/ip -6 neigh add fd00::01 lladdr ${TFE_PEER_MAC_DATA_INCOMING} dev ${TFE_DEVICE_DATA_INCOMING} nud permanent
 
 # stop
-ExecStopPost=/usr/sbin/iptables -D INPUT -i ${TFE_DEVICE_DATA_INCOMING} -m bpf --bytecode '14,48 0 0 0,84 0 0 240,21 0 10 64,48 0 0 9,21 0 8 6,40 0 0 6,69 6 0 8191,177 0 0 0,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
+ExecStopPost=/usr/sbin/ip6tables -D INPUT -i ${TFE_DEVICE_DATA_INCOMING} -m bpf --bytecode '17,48 0 0 0,84 0 0 240,21 0 13 96,48 0 0 6,21 0 11 6,40 0 0 4,37 0 9 24,48 0 0 52,84 0 0 240,116 0 0 2,53 0 5 24,48 0 0 60,21 0 3 88,48 0 0 61,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
+ExecStopPost=/usr/sbin/iptables -D INPUT -i ${TFE_DEVICE_DATA_INCOMING} -m bpf --bytecode '18,48 0 0 0,84 0 0 240,21 0 14 64,48 0 0 9,21 0 12 6,40 0 0 6,69 10 0 8191,177 0 0 0,80 0 0 12,84 0 0 240,116 0 0 2,53 0 5 24,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
 ExecStopPost=/usr/sbin/ip rule del iif ${TFE_DEVICE_DATA_INCOMING} tab 100
 ExecStopPost=/usr/sbin/ip route del local default dev lo table 100
 ExecStopPost=/usr/sbin/ip rule del fwmark 0x65 lookup 101