#!/bin/bash eth=$(cat /etc/sysconfig/tfe-env-config | grep -v \# | grep TFE_DEVICE_DATA_INCOMING | awk -F '=' '{print $2}') local_addr_v4=$(cat /etc/sysconfig/tfe-env-config | grep -v \# | grep TFE_LOCAL_IP_DATA_INCOMING | awk -F '=' '{print $2}') peer_addr_v4=$(cat /etc/sysconfig/tfe-env-config | grep -v \# | grep TFE_PEER_IP_DATA_INCOMING | awk -F '=' '{print $2}') local_mac=$(cat /etc/sysconfig/tfe-env-config | grep -v \# | grep TFE_LOCAL_MAC_DATA_INCOMING | awk -F '=' '{print $2}') peer_mac=$(cat /etc/sysconfig/tfe-env-config | grep -v \# | grep TFE_PEER_MAC_DATA_INCOMING | awk -F '=' '{print $2}') local_addr_v6=fd00::02 peer_addr_v6=fd00::01 ########################################################### # Start ########################################################### function setup() { # 配置网卡 MAC 并将网卡状态设置为 UP ip link set ${eth} address ${local_mac} ip link set ${eth} up # 配置 Address 和 Netmask ip addr flush dev ${eth} ip addr add ${local_addr_v4}/30 dev ${eth} ip addr add ${local_addr_v6}/64 dev ${eth} # 回流的 IPv4/IPv6 流量分别走 table 100/102 ip -4 rule add iif ${eth} tab 100 ip -6 rule add iif ${eth} tab 102 ip -4 route add local default dev lo table 100 ip -6 route add local default dev lo table 102 # 回注的 IPv4 流量走 table 101 # 回注的 IPv6 流量走默认路由 ip rule add fwmark 0x65 lookup 101 ip -4 route add default dev ${eth} via ${peer_addr_v4} table 101 ip -6 route add default dev ${eth} via ${peer_addr_v6} # 配置 ARP ip neigh flush dev ${eth} ip -4 neigh add ${peer_addr_v4} lladdr ${peer_mac} dev ${eth} nud permanent ip -6 neigh add ${peer_addr_v6} lladdr ${peer_mac} dev ${eth} nud permanent # 配置 iptables iptables -A INPUT -i ${eth} -m bpf --bytecode '18,48 0 0 0,84 0 0 240,21 0 14 64,48 0 0 9,21 0 12 6,40 0 0 6,69 10 0 8191,177 0 0 0,80 0 0 12,84 0 0 240,116 0 0 2,53 0 5 24,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1 ip6tables -A INPUT -i ${eth} -m bpf --bytecode '17,48 0 0 0,84 0 0 240,21 0 13 96,48 0 0 6,21 0 11 6,40 0 0 4,37 0 9 24,48 0 0 52,84 0 0 240,116 0 0 2,53 0 5 24,48 0 0 60,21 0 3 88,48 0 0 61,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1 } ########################################################### # Stop ########################################################### function setdown() { # 删除 iptables iptables -D INPUT -i ${eth} -m bpf --bytecode '18,48 0 0 0,84 0 0 240,21 0 14 64,48 0 0 9,21 0 12 6,40 0 0 6,69 10 0 8191,177 0 0 0,80 0 0 12,84 0 0 240,116 0 0 2,53 0 5 24,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1 ip6tables -D INPUT -i ${eth} -m bpf --bytecode '17,48 0 0 0,84 0 0 240,21 0 13 96,48 0 0 6,21 0 11 6,40 0 0 4,37 0 9 24,48 0 0 52,84 0 0 240,116 0 0 2,53 0 5 24,48 0 0 60,21 0 3 88,48 0 0 61,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1 # 删除 ARP ip -4 neigh del ${peer_addr_v4} lladdr ${peer_mac} dev ${eth} nud permanent # TODO NEW ADD ip -6 neigh del ${peer_addr_v6} lladdr ${peer_mac} dev ${eth} nud permanent # TODO NEW ADD # 删除回注的路由 ip rule del fwmark 0x65 lookup 101 ip -4 route del default dev ${eth} via ${peer_addr_v4} table 101 ip -6 route del default dev ${eth} via ${peer_addr_v6} # 删除回流的路由 ip -4 rule del iif ${eth} tab 100 ip -6 rule del iif ${eth} tab 102 ip -4 route del local default dev lo table 100 ip -6 route del local default dev lo table 102 # 删除 IP Address 和 NetMask ip addr del ${local_addr_v4}/30 dev ${eth} # TODO NEW ADD ip addr del ${local_addr_v6}/64 dev ${eth} # 将网卡状态设置为 DOWN ip link set ${eth} down } ########################################################### # Debug ########################################################### function debug() { printf "\e[32m --------------------------------------------- \e[0m\n" printf "\e[32m Local Addr V4 : %s \e[0m\n" ${local_addr_v4} printf "\e[32m Peer Addr V4 : %s \e[0m\n" ${peer_addr_v4} printf "\e[32m Local Addr V6 : %s \e[0m\n" ${local_addr_v6} printf "\e[32m Peer Addr V6 : %s \e[0m\n" ${peer_addr_v6} printf "\e[32m Local MAC : %s \e[0m\n" ${local_mac} printf "\e[32m Peer MAC : %s \e[0m\n" ${peer_mac} printf "\e[32m --------------------------------------------- \e[0m\n" printf "\n\n\e[32m Run: ifconfig %s \e[0m\n" ${eth} ifconfig ${eth} printf "\n\n\e[32m Run: ethtool %s \e[0m\n" ${eth} ethtool ${eth} # 检查 ip rule printf "\n\n\e[32m Run: ip -4 rule list table 100 \e[0m\n" ip -4 rule list table 100 printf "\n\n\e[32m Run: ip -4 rule list table 101 \e[0m\n" ip -4 rule list table 101 printf "\n\n\e[32m Run: ip -6 rule list table 102 \e[0m\n" ip -6 rule list table 102 # 检查 ip route printf "\n\n\e[32m Run: ip -4 route show table 100 \e[0m\n" ip -4 route show table 100 printf "\n\n\e[32m Run: ip -4 route show table 101 \e[0m\n" ip -4 route show table 101 printf "\n\n\e[32m Run: ip -6 route show table 102 \e[0m\n" ip -6 route show table 102 printf "\n\n\e[32m Run: ip -6 route show default \e[0m\n" ip -6 route show default # 检查 ip neigh printf "\n\n\e[32m Run: ip -4 neigh list dev %s \e[0m\n" ${eth} ip -4 neigh list dev ${eth} printf "\n\n\e[32m Run: ip -6 neigh list dev %s \e[0m\n" ${eth} ip -6 neigh list dev ${eth} # 检查 iptables printf "\n\n\e[32m Run: iptables -t mangle -L \e[0m\n" iptables -t mangle -L printf "\n\n\e[32m Run: iptables -t filter -L \e[0m\n" iptables -t filter -L printf "\n\n\e[32m Run: iptables -t raw -L \e[0m\n" iptables -t raw -L printf "\n\n\e[32m Run: iptables -t nat -L \e[0m\n" iptables -t nat -L printf "\n\n\e[32m Run: ip6tables -t mangle -L \e[0m\n" ip6tables -t mangle -L printf "\n\n\e[32m Run: ip6tables -t filter -L \e[0m\n" ip6tables -t filter -L printf "\n\n\e[32m Run: ip6tables -t raw -L \e[0m\n" ip6tables -t raw -L printf "\n\n\e[32m Run: ip6tables -t nat -L \e[0m\n" ip6tables -t nat -L } function usage() { echo "Usage: $(basename $0) [setup|setdown|debug]" } option_setup="setup" option_setdown="setdown" option_debug="debug" option=$1 if [ "$option" = "$option_setup" ]; then setup elif [ "$option" = "$option_setdown" ]; then setdown elif [ "$option" = "$option_debug" ]; then debug else usage fi