181 lines
6.5 KiB
Bash
181 lines
6.5 KiB
Bash
#!/bin/bash
|
|
|
|
eth=$(cat /etc/sysconfig/tfe-env-config | grep -v \# | grep TFE_DEVICE_DATA_INCOMING | awk -F '=' '{print $2}')
|
|
|
|
local_addr_v4=$(cat /etc/sysconfig/tfe-env-config | grep -v \# | grep TFE_LOCAL_IP_DATA_INCOMING | awk -F '=' '{print $2}')
|
|
peer_addr_v4=$(cat /etc/sysconfig/tfe-env-config | grep -v \# | grep TFE_PEER_IP_DATA_INCOMING | awk -F '=' '{print $2}')
|
|
|
|
local_mac=$(cat /etc/sysconfig/tfe-env-config | grep -v \# | grep TFE_LOCAL_MAC_DATA_INCOMING | awk -F '=' '{print $2}')
|
|
peer_mac=$(cat /etc/sysconfig/tfe-env-config | grep -v \# | grep TFE_PEER_MAC_DATA_INCOMING | awk -F '=' '{print $2}')
|
|
|
|
local_addr_v6=fd00::02
|
|
peer_addr_v6=fd00::01
|
|
|
|
###########################################################
|
|
# Start
|
|
###########################################################
|
|
|
|
function setup() {
|
|
# 配置网卡 MAC 并将网卡状态设置为 UP
|
|
ip link set ${eth} address ${local_mac}
|
|
ip link set ${eth} up
|
|
|
|
# 配置 Address 和 Netmask
|
|
ip addr flush dev ${eth}
|
|
|
|
ip addr add ${local_addr_v4}/30 dev ${eth}
|
|
ip addr add ${local_addr_v6}/64 dev ${eth}
|
|
|
|
# 回流的 IPv4/IPv6 流量分别走 table 100/102
|
|
ip -4 rule add iif ${eth} tab 100
|
|
ip -6 rule add iif ${eth} tab 102
|
|
|
|
ip -4 route add local default dev lo table 100
|
|
ip -6 route add local default dev lo table 102
|
|
|
|
# 回注的 IPv4 流量走 table 101
|
|
# 回注的 IPv6 流量走默认路由
|
|
ip rule add fwmark 0x65 lookup 101
|
|
ip -4 route add default dev ${eth} via ${peer_addr_v4} table 101
|
|
ip -6 route add default dev ${eth} via ${peer_addr_v6}
|
|
|
|
# 配置 ARP
|
|
ip neigh flush dev ${eth}
|
|
|
|
ip -4 neigh add ${peer_addr_v4} lladdr ${peer_mac} dev ${eth} nud permanent
|
|
ip -6 neigh add ${peer_addr_v6} lladdr ${peer_mac} dev ${eth} nud permanent
|
|
|
|
# 配置 iptables
|
|
iptables -A INPUT -i ${eth} -m bpf --bytecode '18,48 0 0 0,84 0 0 240,21 0 14 64,48 0 0 9,21 0 12 6,40 0 0 6,69 10 0 8191,177 0 0 0,80 0 0 12,84 0 0 240,116 0 0 2,53 0 5 24,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
|
|
ip6tables -A INPUT -i ${eth} -m bpf --bytecode '17,48 0 0 0,84 0 0 240,21 0 13 96,48 0 0 6,21 0 11 6,40 0 0 4,37 0 9 24,48 0 0 52,84 0 0 240,116 0 0 2,53 0 5 24,48 0 0 60,21 0 3 88,48 0 0 61,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
|
|
}
|
|
|
|
###########################################################
|
|
# Stop
|
|
###########################################################
|
|
|
|
function setdown() {
|
|
# 删除 iptables
|
|
iptables -D INPUT -i ${eth} -m bpf --bytecode '18,48 0 0 0,84 0 0 240,21 0 14 64,48 0 0 9,21 0 12 6,40 0 0 6,69 10 0 8191,177 0 0 0,80 0 0 12,84 0 0 240,116 0 0 2,53 0 5 24,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
|
|
ip6tables -D INPUT -i ${eth} -m bpf --bytecode '17,48 0 0 0,84 0 0 240,21 0 13 96,48 0 0 6,21 0 11 6,40 0 0 4,37 0 9 24,48 0 0 52,84 0 0 240,116 0 0 2,53 0 5 24,48 0 0 60,21 0 3 88,48 0 0 61,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
|
|
|
|
# 删除 ARP
|
|
ip -4 neigh del ${peer_addr_v4} lladdr ${peer_mac} dev ${eth} nud permanent # TODO NEW ADD
|
|
ip -6 neigh del ${peer_addr_v6} lladdr ${peer_mac} dev ${eth} nud permanent # TODO NEW ADD
|
|
|
|
# 删除回注的路由
|
|
ip rule del fwmark 0x65 lookup 101
|
|
|
|
ip -4 route del default dev ${eth} via ${peer_addr_v4} table 101
|
|
ip -6 route del default dev ${eth} via ${peer_addr_v6}
|
|
|
|
# 删除回流的路由
|
|
ip -4 rule del iif ${eth} tab 100
|
|
ip -6 rule del iif ${eth} tab 102
|
|
|
|
ip -4 route del local default dev lo table 100
|
|
ip -6 route del local default dev lo table 102
|
|
|
|
# 删除 IP Address 和 NetMask
|
|
ip addr del ${local_addr_v4}/30 dev ${eth} # TODO NEW ADD
|
|
ip addr del ${local_addr_v6}/64 dev ${eth}
|
|
|
|
# 将网卡状态设置为 DOWN
|
|
ip link set ${eth} down
|
|
}
|
|
|
|
###########################################################
|
|
# Debug
|
|
###########################################################
|
|
|
|
function debug() {
|
|
printf "\e[32m --------------------------------------------- \e[0m\n"
|
|
printf "\e[32m Local Addr V4 : %s \e[0m\n" ${local_addr_v4}
|
|
printf "\e[32m Peer Addr V4 : %s \e[0m\n" ${peer_addr_v4}
|
|
printf "\e[32m Local Addr V6 : %s \e[0m\n" ${local_addr_v6}
|
|
printf "\e[32m Peer Addr V6 : %s \e[0m\n" ${peer_addr_v6}
|
|
printf "\e[32m Local MAC : %s \e[0m\n" ${local_mac}
|
|
printf "\e[32m Peer MAC : %s \e[0m\n" ${peer_mac}
|
|
printf "\e[32m --------------------------------------------- \e[0m\n"
|
|
|
|
printf "\n\n\e[32m Run: ifconfig %s \e[0m\n" ${eth}
|
|
ifconfig ${eth}
|
|
|
|
printf "\n\n\e[32m Run: ethtool %s \e[0m\n" ${eth}
|
|
ethtool ${eth}
|
|
|
|
# 检查 ip rule
|
|
printf "\n\n\e[32m Run: ip -4 rule list table 100 \e[0m\n"
|
|
ip -4 rule list table 100
|
|
|
|
printf "\n\n\e[32m Run: ip -4 rule list table 101 \e[0m\n"
|
|
ip -4 rule list table 101
|
|
|
|
printf "\n\n\e[32m Run: ip -6 rule list table 102 \e[0m\n"
|
|
ip -6 rule list table 102
|
|
|
|
# 检查 ip route
|
|
printf "\n\n\e[32m Run: ip -4 route show table 100 \e[0m\n"
|
|
ip -4 route show table 100
|
|
|
|
printf "\n\n\e[32m Run: ip -4 route show table 101 \e[0m\n"
|
|
ip -4 route show table 101
|
|
|
|
printf "\n\n\e[32m Run: ip -6 route show table 102 \e[0m\n"
|
|
ip -6 route show table 102
|
|
|
|
printf "\n\n\e[32m Run: ip -6 route show default \e[0m\n"
|
|
ip -6 route show default
|
|
|
|
# 检查 ip neigh
|
|
printf "\n\n\e[32m Run: ip -4 neigh list dev %s \e[0m\n" ${eth}
|
|
ip -4 neigh list dev ${eth}
|
|
|
|
printf "\n\n\e[32m Run: ip -6 neigh list dev %s \e[0m\n" ${eth}
|
|
ip -6 neigh list dev ${eth}
|
|
|
|
# 检查 iptables
|
|
printf "\n\n\e[32m Run: iptables -t mangle -L \e[0m\n"
|
|
iptables -t mangle -L
|
|
|
|
printf "\n\n\e[32m Run: iptables -t filter -L \e[0m\n"
|
|
iptables -t filter -L
|
|
|
|
printf "\n\n\e[32m Run: iptables -t raw -L \e[0m\n"
|
|
iptables -t raw -L
|
|
|
|
printf "\n\n\e[32m Run: iptables -t nat -L \e[0m\n"
|
|
iptables -t nat -L
|
|
|
|
printf "\n\n\e[32m Run: ip6tables -t mangle -L \e[0m\n"
|
|
ip6tables -t mangle -L
|
|
|
|
printf "\n\n\e[32m Run: ip6tables -t filter -L \e[0m\n"
|
|
ip6tables -t filter -L
|
|
|
|
printf "\n\n\e[32m Run: ip6tables -t raw -L \e[0m\n"
|
|
ip6tables -t raw -L
|
|
|
|
printf "\n\n\e[32m Run: ip6tables -t nat -L \e[0m\n"
|
|
ip6tables -t nat -L
|
|
}
|
|
|
|
function usage() {
|
|
echo "Usage: $(basename $0) [setup|setdown|debug]"
|
|
}
|
|
|
|
option_setup="setup"
|
|
option_setdown="setdown"
|
|
option_debug="debug"
|
|
|
|
option=$1
|
|
|
|
if [ "$option" = "$option_setup" ]; then
|
|
setup
|
|
elif [ "$option" = "$option_setdown" ]; then
|
|
setdown
|
|
elif [ "$option" = "$option_debug" ]; then
|
|
debug
|
|
else
|
|
usage
|
|
fi |