TSG-13114 TFE的Decrypted Traffic Steering功能支持IPv6协议
tfe-env.service中增加Decrypted Traffic Steering的策略路由
This commit is contained in:
luwenpeng
@@ -3,5 +3,7 @@ TFE_LOCAL_MAC_DATA_INCOMING=fe:65:b7:00:00:01
|
||||
TFE_PEER_MAC_DATA_INCOMING=aa:bb:cc:dd:ee:ff
|
||||
TFE_LOCAL_IP_DATA_INCOMING=172.16.241.2
|
||||
TFE_PEER_IP_DATA_INCOMING=172.16.241.1
|
||||
TFE_WATCHDOG_DEVICE=enp2s0
|
||||
TFE_WATCHDOG_IP=192.168.100.1
|
||||
STEERING_CLIENT_DEV_NAME=ens18f2
|
||||
STEERING_SERVER_DEV_NAME=ens18f3
|
||||
STEERING_CLIENT_DEV_MAC=80:61:5f:0f:97:e5
|
||||
STEERING_SERVER_DEV_MAC=80:61:5f:0f:97:e6
|
||||
@@ -13,7 +13,6 @@ RemainAfterExit=yes
|
||||
ExecStart=/bin/true
|
||||
ExecStop=/bin/true
|
||||
|
||||
# ExecStartPost=/usr/sbin/modprobe tfe-kmod
|
||||
ExecStartPost=/usr/sbin/ip link set ${TFE_DEVICE_DATA_INCOMING} address ${TFE_LOCAL_MAC_DATA_INCOMING}
|
||||
ExecStartPost=/usr/sbin/ip link set ${TFE_DEVICE_DATA_INCOMING} up
|
||||
ExecStartPost=/usr/sbin/ip addr flush dev ${TFE_DEVICE_DATA_INCOMING}
|
||||
@@ -31,9 +30,10 @@ ExecStartPost=/usr/sbin/ip route add default dev ${TFE_DEVICE_DATA_INCOMING} via
|
||||
|
||||
# policy route v6
|
||||
ExecStartPost=/usr/sbin/ip addr add fd00::02/64 dev ${TFE_DEVICE_DATA_INCOMING}
|
||||
ExecStartPost=/usr/sbin/ip -6 route add default via fd00::01
|
||||
ExecStartPost=/usr/sbin/ip -6 rule add iif ${TFE_DEVICE_DATA_INCOMING} tab 102
|
||||
ExecStartPost=/usr/sbin/ip -6 route add local default dev lo table 102
|
||||
ExecStartPost=/usr/sbin/ip -6 rule add fwmark 0x65 lookup 202
|
||||
ExecStartPost=/usr/sbin/ip -6 route add default dev tap0 via fd00::01 table 202
|
||||
ExecStartPost=/usr/sbin/ip -6 neigh add fd00::01 lladdr ${TFE_PEER_MAC_DATA_INCOMING} dev ${TFE_DEVICE_DATA_INCOMING} nud permanent
|
||||
|
||||
# stop
|
||||
@@ -43,12 +43,79 @@ ExecStopPost=/usr/sbin/ip rule del iif ${TFE_DEVICE_DATA_INCOMING} tab 100
|
||||
ExecStopPost=/usr/sbin/ip route del local default dev lo table 100
|
||||
ExecStopPost=/usr/sbin/ip rule del fwmark 0x65 lookup 101
|
||||
ExecStopPost=/usr/sbin/ip route del default dev ${TFE_DEVICE_DATA_INCOMING} via ${TFE_PEER_IP_DATA_INCOMING} table 101
|
||||
ExecStopPost=/usr/sbin/ip -6 rule del fwmark 0x65 lookup 202
|
||||
ExecStopPost=/usr/sbin/ip -6 route del default dev tap0 via fd00::01 table 202
|
||||
ExecStopPost=/usr/sbin/ip -6 rule del iif ${TFE_DEVICE_DATA_INCOMING} tab 102
|
||||
ExecStopPost=/usr/sbin/ip -6 route del default via fd00::01
|
||||
ExecStopPost=/usr/sbin/ip -6 route del local default dev lo table 102
|
||||
ExecStopPost=/usr/sbin/ip addr del fd00::02/64 dev ${TFE_DEVICE_DATA_INCOMING}
|
||||
ExecStopPost=/usr/sbin/ip link set ${TFE_DEVICE_DATA_INCOMING} down
|
||||
# ExecStopPost=/usr/sbin/modprobe -r tfe-kmod
|
||||
|
||||
###########################################################
|
||||
# Add Decrypted Traffic Steering Policy Route
|
||||
###########################################################
|
||||
|
||||
ExecStartPost=/usr/sbin/ethtool --offload ${STEERING_CLIENT_DEV_NAME} rx off tx off
|
||||
ExecStartPost=/usr/sbin/ethtool --offload ${STEERING_SERVER_DEV_NAME} rx off tx off
|
||||
|
||||
ExecStartPost=/usr/sbin/ip link set ${STEERING_CLIENT_DEV_NAME} up
|
||||
ExecStartPost=/usr/sbin/ip link set ${STEERING_SERVER_DEV_NAME} up
|
||||
ExecStartPost=/usr/sbin/ip addr flush dev ${STEERING_CLIENT_DEV_NAME}
|
||||
ExecStartPost=/usr/sbin/ip addr flush dev ${STEERING_SERVER_DEV_NAME}
|
||||
|
||||
ExecStartPost=/usr/sbin/ip addr add 2.2.2.2/24 dev ${STEERING_CLIENT_DEV_NAME}
|
||||
ExecStartPost=/usr/sbin/ip addr add 3.3.3.3/24 dev ${STEERING_SERVER_DEV_NAME}
|
||||
ExecStartPost=/usr/sbin/ip -4 neigh flush dev ${STEERING_CLIENT_DEV_NAME}
|
||||
ExecStartPost=/usr/sbin/ip -4 neigh flush dev ${STEERING_SERVER_DEV_NAME}
|
||||
ExecStartPost=/usr/sbin/ip -4 neigh add 2.2.2.1 lladdr ${STEERING_SERVER_DEV_MAC} dev ${STEERING_CLIENT_DEV_NAME} nud permanent
|
||||
ExecStartPost=/usr/sbin/ip -4 neigh add 3.3.3.1 lladdr ${STEERING_CLIENT_DEV_MAC} dev ${STEERING_SERVER_DEV_NAME} nud permanent
|
||||
ExecStartPost=/usr/sbin/ip -4 rule add fwmark 0x11 lookup 111
|
||||
ExecStartPost=/usr/sbin/ip -4 rule add fwmark 0x22 lookup 222
|
||||
ExecStartPost=/usr/sbin/ip -4 route add default dev ${STEERING_CLIENT_DEV_NAME} via 2.2.2.1 table 111
|
||||
ExecStartPost=/usr/sbin/ip -4 route add default dev ${STEERING_SERVER_DEV_NAME} via 3.3.3.1 table 222
|
||||
ExecStartPost=/usr/sbin/ip -4 rule add iif ${STEERING_CLIENT_DEV_NAME} tab 100
|
||||
ExecStartPost=/usr/sbin/ip -4 rule add iif ${STEERING_SERVER_DEV_NAME} tab 100
|
||||
|
||||
ExecStartPost=/usr/sbin/ip addr add fd02::02/64 dev ${STEERING_CLIENT_DEV_NAME}
|
||||
ExecStartPost=/usr/sbin/ip addr add fd03::03/64 dev ${STEERING_SERVER_DEV_NAME}
|
||||
ExecStartPost=/usr/sbin/ip -6 neigh flush dev ${STEERING_CLIENT_DEV_NAME}
|
||||
ExecStartPost=/usr/sbin/ip -6 neigh flush dev ${STEERING_SERVER_DEV_NAME}
|
||||
ExecStartPost=/usr/sbin/ip -6 neigh add fd02::01 lladdr ${STEERING_SERVER_DEV_MAC} dev ${STEERING_CLIENT_DEV_NAME} nud permanent
|
||||
ExecStartPost=/usr/sbin/ip -6 neigh add fd03::01 lladdr ${STEERING_CLIENT_DEV_MAC} dev ${STEERING_SERVER_DEV_NAME} nud permanent
|
||||
ExecStartPost=/usr/sbin/ip -6 rule add fwmark 0x11 lookup 333
|
||||
ExecStartPost=/usr/sbin/ip -6 rule add fwmark 0x22 lookup 444
|
||||
ExecStartPost=/usr/sbin/ip -6 route add default dev ${STEERING_CLIENT_DEV_NAME} via fd02::01 table 333
|
||||
ExecStartPost=/usr/sbin/ip -6 route add default dev ${STEERING_SERVER_DEV_NAME} via fd03::01 table 444
|
||||
ExecStartPost=/usr/sbin/ip -6 rule add iif ${STEERING_CLIENT_DEV_NAME} tab 102
|
||||
ExecStartPost=/usr/sbin/ip -6 rule add iif ${STEERING_SERVER_DEV_NAME} tab 102
|
||||
|
||||
###########################################################
|
||||
# Del Decrypted Traffic Steering Policy Route
|
||||
###########################################################
|
||||
|
||||
ExecStopPost=/usr/sbin/ip -6 rule del iif ${STEERING_CLIENT_DEV_NAME} tab 102
|
||||
ExecStopPost=/usr/sbin/ip -6 rule del iif ${STEERING_SERVER_DEV_NAME} tab 102
|
||||
ExecStopPost=/usr/sbin/ip -6 route del default dev ${STEERING_CLIENT_DEV_NAME} via fd02::01 table 333
|
||||
ExecStopPost=/usr/sbin/ip -6 route del default dev ${STEERING_SERVER_DEV_NAME} via fd03::01 table 444
|
||||
ExecStopPost=/usr/sbin/ip -6 rule del fwmark 0x11 lookup 333
|
||||
ExecStopPost=/usr/sbin/ip -6 rule del fwmark 0x22 lookup 444
|
||||
ExecStopPost=/usr/sbin/ip -6 neigh del fd02::01 lladdr ${STEERING_SERVER_DEV_MAC} dev ${STEERING_CLIENT_DEV_NAME} nud permanent
|
||||
ExecStopPost=/usr/sbin/ip -6 neigh del fd03::01 lladdr ${STEERING_CLIENT_DEV_MAC} dev ${STEERING_SERVER_DEV_NAME} nud permanent
|
||||
ExecStopPost=/usr/sbin/ip addr del fd02::02/64 dev ${STEERING_CLIENT_DEV_NAME}
|
||||
ExecStopPost=/usr/sbin/ip addr del fd03::03/64 dev ${STEERING_SERVER_DEV_NAME}
|
||||
|
||||
ExecStopPost=/usr/sbin/ip -4 rule del iif ${STEERING_CLIENT_DEV_NAME} tab 100
|
||||
ExecStopPost=/usr/sbin/ip -4 rule del iif ${STEERING_SERVER_DEV_NAME} tab 100
|
||||
ExecStopPost=/usr/sbin/ip -4 route del default dev ${STEERING_CLIENT_DEV_NAME} via 2.2.2.1 table 111
|
||||
ExecStopPost=/usr/sbin/ip -4 route del default dev ${STEERING_SERVER_DEV_NAME} via 3.3.3.1 table 222
|
||||
ExecStopPost=/usr/sbin/ip -4 rule del fwmark 0x11 lookup 111
|
||||
ExecStopPost=/usr/sbin/ip -4 rule del fwmark 0x22 lookup 222
|
||||
ExecStopPost=/usr/sbin/ip -4 neigh del 2.2.2.1 lladdr ${STEERING_SERVER_DEV_MAC} dev ${STEERING_CLIENT_DEV_NAME} nud permanent
|
||||
ExecStopPost=/usr/sbin/ip -4 neigh del 3.3.3.1 lladdr ${STEERING_CLIENT_DEV_MAC} dev ${STEERING_SERVER_DEV_NAME} nud permanent
|
||||
ExecStopPost=/usr/sbin/ip -4 addr del 2.2.2.2/24 dev ${STEERING_CLIENT_DEV_NAME}
|
||||
ExecStopPost=/usr/sbin/ip -4 addr del 3.3.3.3/24 dev ${STEERING_SERVER_DEV_NAME}
|
||||
|
||||
ExecStopPost=/usr/sbin/ip link set ${STEERING_CLIENT_DEV_NAME} down
|
||||
ExecStopPost=/usr/sbin/ip link set ${STEERING_SERVER_DEV_NAME} down
|
||||
|
||||
[Install]
|
||||
RequiredBy=tfe.service
|
||||
|
||||
Reference in New Issue
Block a user