From 7ff44ea6f0dcf35d22b76746b1f115b416c83568 Mon Sep 17 00:00:00 2001 From: luwenpeng Date: Wed, 21 Apr 2021 13:51:57 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=20tfe-env.service=20=09*=20?= =?UTF-8?q?=E5=88=A0=E9=99=A4=20tfe-kmod=20=09*=20=E5=A2=9E=E5=8A=A0=20ipt?= =?UTF-8?q?ables=20bpf?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- script/service/tfe-env.service | 2 ++ 1 file changed, 2 insertions(+) diff --git a/script/service/tfe-env.service b/script/service/tfe-env.service index 5bf650f..252532e 100644 --- a/script/service/tfe-env.service +++ b/script/service/tfe-env.service @@ -20,6 +20,7 @@ ExecStartPost=/usr/sbin/ip addr flush dev ${TFE_DEVICE_DATA_INCOMING} ExecStartPost=/usr/sbin/ip addr add ${TFE_LOCAL_IP_DATA_INCOMING}/30 dev ${TFE_DEVICE_DATA_INCOMING} ExecStartPost=/usr/sbin/ip neigh flush dev ${TFE_DEVICE_DATA_INCOMING} ExecStartPost=/usr/sbin/ip neigh add ${TFE_PEER_IP_DATA_INCOMING} lladdr ${TFE_PEER_MAC_DATA_INCOMING} dev ${TFE_DEVICE_DATA_INCOMING} nud permanent +ExecStartPost=/usr/sbin/iptables -A INPUT -i ${TFE_DEVICE_DATA_INCOMING} -m bpf --bytecode '14,48 0 0 0,84 0 0 240,21 0 10 64,48 0 0 9,21 0 8 6,40 0 0 6,69 6 0 8191,177 0 0 0,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1 # policy route ExecStartPost=/usr/sbin/ip rule add iif ${TFE_DEVICE_DATA_INCOMING} tab 100 @@ -35,6 +36,7 @@ ExecStartPost=/usr/sbin/ip -6 route add local default dev lo table 102 ExecStartPost=/usr/sbin/ip -6 neigh add fd00::01 lladdr ${TFE_PEER_MAC_DATA_INCOMING} dev ${TFE_DEVICE_DATA_INCOMING} nud permanent # stop +ExecStopPost=/usr/sbin/iptables -D INPUT -i ${TFE_DEVICE_DATA_INCOMING} -m bpf --bytecode '14,48 0 0 0,84 0 0 240,21 0 10 64,48 0 0 9,21 0 8 6,40 0 0 6,69 6 0 8191,177 0 0 0,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1 ExecStopPost=/usr/sbin/ip rule del iif ${TFE_DEVICE_DATA_INCOMING} tab 100 ExecStopPost=/usr/sbin/ip route del local default dev lo table 100 ExecStopPost=/usr/sbin/ip rule del fwmark 0x65 lookup 101