TSG-13114 TFE的Decrypted Traffic Steering功能支持IPv6协议

    tfe-env.service中增加Decrypted Traffic Steering的策略路由

2 files changed, 75 insertions, 6 deletions

diff --git a/script/service/tfe-env-config b/script/service/tfe-env-config
index 310b95c..8401f33 100644
--- a/script/service/tfe-env-config
+++ b/script/service/tfe-env-config
@@ -3,5 +3,7 @@ TFE_LOCAL_MAC_DATA_INCOMING=fe:65:b7:00:00:01
 TFE_PEER_MAC_DATA_INCOMING=aa:bb:cc:dd:ee:ff
 TFE_LOCAL_IP_DATA_INCOMING=172.16.241.2
 TFE_PEER_IP_DATA_INCOMING=172.16.241.1
-TFE_WATCHDOG_DEVICE=enp2s0
-TFE_WATCHDOG_IP=192.168.100.1
+STEERING_CLIENT_DEV_NAME=ens18f2
+STEERING_SERVER_DEV_NAME=ens18f3
+STEERING_CLIENT_DEV_MAC=80:61:5f:0f:97:e5
+STEERING_SERVER_DEV_MAC=80:61:5f:0f:97:e6
\ No newline at end of file
diff --git a/script/service/tfe-env.service b/script/service/tfe-env.service
index f83ea4a..2fa7f3f 100644
--- a/script/service/tfe-env.service
+++ b/script/service/tfe-env.service
@@ -13,7 +13,6 @@ RemainAfterExit=yes
 ExecStart=/bin/true
 ExecStop=/bin/true
 
-# ExecStartPost=/usr/sbin/modprobe tfe-kmod
 ExecStartPost=/usr/sbin/ip link set ${TFE_DEVICE_DATA_INCOMING} address ${TFE_LOCAL_MAC_DATA_INCOMING}
 ExecStartPost=/usr/sbin/ip link set ${TFE_DEVICE_DATA_INCOMING} up
 ExecStartPost=/usr/sbin/ip addr flush dev ${TFE_DEVICE_DATA_INCOMING}
@@ -31,9 +30,10 @@ ExecStartPost=/usr/sbin/ip route add default dev ${TFE_DEVICE_DATA_INCOMING} via
 
 # policy route v6
 ExecStartPost=/usr/sbin/ip addr add fd00::02/64 dev ${TFE_DEVICE_DATA_INCOMING}
-ExecStartPost=/usr/sbin/ip -6 route add default via fd00::01
 ExecStartPost=/usr/sbin/ip -6 rule add iif ${TFE_DEVICE_DATA_INCOMING} tab 102
 ExecStartPost=/usr/sbin/ip -6 route add local default dev lo table 102
+ExecStartPost=/usr/sbin/ip -6 rule add fwmark 0x65 lookup 202
+ExecStartPost=/usr/sbin/ip -6 route add default dev tap0 via fd00::01 table 202
 ExecStartPost=/usr/sbin/ip -6 neigh add fd00::01 lladdr ${TFE_PEER_MAC_DATA_INCOMING} dev ${TFE_DEVICE_DATA_INCOMING} nud permanent
 
 # stop
@@ -43,12 +43,79 @@ ExecStopPost=/usr/sbin/ip rule del iif ${TFE_DEVICE_DATA_INCOMING} tab 100
 ExecStopPost=/usr/sbin/ip route del local default dev lo table 100
 ExecStopPost=/usr/sbin/ip rule del fwmark 0x65 lookup 101
 ExecStopPost=/usr/sbin/ip route del default dev ${TFE_DEVICE_DATA_INCOMING} via ${TFE_PEER_IP_DATA_INCOMING} table 101
+ExecStopPost=/usr/sbin/ip -6 rule del fwmark 0x65 lookup 202
+ExecStopPost=/usr/sbin/ip -6 route del default dev tap0 via fd00::01 table 202
 ExecStopPost=/usr/sbin/ip -6 rule del iif ${TFE_DEVICE_DATA_INCOMING} tab 102
-ExecStopPost=/usr/sbin/ip -6 route del default via fd00::01
 ExecStopPost=/usr/sbin/ip -6 route del local default dev lo table 102
 ExecStopPost=/usr/sbin/ip addr del fd00::02/64 dev ${TFE_DEVICE_DATA_INCOMING}
 ExecStopPost=/usr/sbin/ip link set ${TFE_DEVICE_DATA_INCOMING} down
-# ExecStopPost=/usr/sbin/modprobe -r tfe-kmod
+
+###########################################################
+# Add Decrypted Traffic Steering Policy Route
+###########################################################
+
+ExecStartPost=/usr/sbin/ethtool --offload ${STEERING_CLIENT_DEV_NAME} rx off tx off
+ExecStartPost=/usr/sbin/ethtool --offload ${STEERING_SERVER_DEV_NAME} rx off tx off
+
+ExecStartPost=/usr/sbin/ip link set ${STEERING_CLIENT_DEV_NAME} up
+ExecStartPost=/usr/sbin/ip link set ${STEERING_SERVER_DEV_NAME} up
+ExecStartPost=/usr/sbin/ip addr flush dev ${STEERING_CLIENT_DEV_NAME}
+ExecStartPost=/usr/sbin/ip addr flush dev ${STEERING_SERVER_DEV_NAME}
+
+ExecStartPost=/usr/sbin/ip addr add 2.2.2.2/24 dev ${STEERING_CLIENT_DEV_NAME}
+ExecStartPost=/usr/sbin/ip addr add 3.3.3.3/24 dev ${STEERING_SERVER_DEV_NAME}
+ExecStartPost=/usr/sbin/ip -4 neigh flush dev ${STEERING_CLIENT_DEV_NAME}
+ExecStartPost=/usr/sbin/ip -4 neigh flush dev ${STEERING_SERVER_DEV_NAME}
+ExecStartPost=/usr/sbin/ip -4 neigh add 2.2.2.1 lladdr ${STEERING_SERVER_DEV_MAC} dev ${STEERING_CLIENT_DEV_NAME} nud permanent
+ExecStartPost=/usr/sbin/ip -4 neigh add 3.3.3.1 lladdr ${STEERING_CLIENT_DEV_MAC} dev ${STEERING_SERVER_DEV_NAME} nud permanent
+ExecStartPost=/usr/sbin/ip -4 rule add fwmark 0x11 lookup 111
+ExecStartPost=/usr/sbin/ip -4 rule add fwmark 0x22 lookup 222
+ExecStartPost=/usr/sbin/ip -4 route add default dev ${STEERING_CLIENT_DEV_NAME} via 2.2.2.1 table 111
+ExecStartPost=/usr/sbin/ip -4 route add default dev ${STEERING_SERVER_DEV_NAME} via 3.3.3.1 table 222
+ExecStartPost=/usr/sbin/ip -4 rule add iif ${STEERING_CLIENT_DEV_NAME} tab 100
+ExecStartPost=/usr/sbin/ip -4 rule add iif ${STEERING_SERVER_DEV_NAME} tab 100
+
+ExecStartPost=/usr/sbin/ip addr add fd02::02/64 dev ${STEERING_CLIENT_DEV_NAME}
+ExecStartPost=/usr/sbin/ip addr add fd03::03/64 dev ${STEERING_SERVER_DEV_NAME}
+ExecStartPost=/usr/sbin/ip -6 neigh flush dev ${STEERING_CLIENT_DEV_NAME}
+ExecStartPost=/usr/sbin/ip -6 neigh flush dev ${STEERING_SERVER_DEV_NAME}
+ExecStartPost=/usr/sbin/ip -6 neigh add fd02::01 lladdr ${STEERING_SERVER_DEV_MAC} dev ${STEERING_CLIENT_DEV_NAME} nud permanent
+ExecStartPost=/usr/sbin/ip -6 neigh add fd03::01 lladdr ${STEERING_CLIENT_DEV_MAC} dev ${STEERING_SERVER_DEV_NAME} nud permanent
+ExecStartPost=/usr/sbin/ip -6 rule add fwmark 0x11 lookup 333
+ExecStartPost=/usr/sbin/ip -6 rule add fwmark 0x22 lookup 444
+ExecStartPost=/usr/sbin/ip -6 route add default dev ${STEERING_CLIENT_DEV_NAME} via fd02::01 table 333
+ExecStartPost=/usr/sbin/ip -6 route add default dev ${STEERING_SERVER_DEV_NAME} via fd03::01 table 444
+ExecStartPost=/usr/sbin/ip -6 rule add iif ${STEERING_CLIENT_DEV_NAME} tab 102
+ExecStartPost=/usr/sbin/ip -6 rule add iif ${STEERING_SERVER_DEV_NAME} tab 102
+
+###########################################################
+# Del Decrypted Traffic Steering Policy Route
+###########################################################
+
+ExecStopPost=/usr/sbin/ip -6 rule del iif ${STEERING_CLIENT_DEV_NAME} tab 102
+ExecStopPost=/usr/sbin/ip -6 rule del iif ${STEERING_SERVER_DEV_NAME} tab 102
+ExecStopPost=/usr/sbin/ip -6 route del default dev ${STEERING_CLIENT_DEV_NAME} via fd02::01 table 333
+ExecStopPost=/usr/sbin/ip -6 route del default dev ${STEERING_SERVER_DEV_NAME} via fd03::01 table 444
+ExecStopPost=/usr/sbin/ip -6 rule del fwmark 0x11 lookup 333
+ExecStopPost=/usr/sbin/ip -6 rule del fwmark 0x22 lookup 444
+ExecStopPost=/usr/sbin/ip -6 neigh del fd02::01 lladdr ${STEERING_SERVER_DEV_MAC} dev ${STEERING_CLIENT_DEV_NAME} nud permanent
+ExecStopPost=/usr/sbin/ip -6 neigh del fd03::01 lladdr ${STEERING_CLIENT_DEV_MAC} dev ${STEERING_SERVER_DEV_NAME} nud permanent
+ExecStopPost=/usr/sbin/ip addr del fd02::02/64 dev ${STEERING_CLIENT_DEV_NAME}
+ExecStopPost=/usr/sbin/ip addr del fd03::03/64 dev ${STEERING_SERVER_DEV_NAME}
+
+ExecStopPost=/usr/sbin/ip -4 rule del iif ${STEERING_CLIENT_DEV_NAME} tab 100
+ExecStopPost=/usr/sbin/ip -4 rule del iif ${STEERING_SERVER_DEV_NAME} tab 100
+ExecStopPost=/usr/sbin/ip -4 route del default dev ${STEERING_CLIENT_DEV_NAME} via 2.2.2.1 table 111
+ExecStopPost=/usr/sbin/ip -4 route del default dev ${STEERING_SERVER_DEV_NAME} via 3.3.3.1 table 222
+ExecStopPost=/usr/sbin/ip -4 rule del fwmark 0x11 lookup 111
+ExecStopPost=/usr/sbin/ip -4 rule del fwmark 0x22 lookup 222
+ExecStopPost=/usr/sbin/ip -4 neigh del 2.2.2.1 lladdr ${STEERING_SERVER_DEV_MAC} dev ${STEERING_CLIENT_DEV_NAME} nud permanent
+ExecStopPost=/usr/sbin/ip -4 neigh del 3.3.3.1 lladdr ${STEERING_CLIENT_DEV_MAC} dev ${STEERING_SERVER_DEV_NAME} nud permanent
+ExecStopPost=/usr/sbin/ip -4 addr del 2.2.2.2/24 dev ${STEERING_CLIENT_DEV_NAME}
+ExecStopPost=/usr/sbin/ip -4 addr del 3.3.3.3/24 dev ${STEERING_SERVER_DEV_NAME}
+
+ExecStopPost=/usr/sbin/ip link set ${STEERING_CLIENT_DEV_NAME} down
+ExecStopPost=/usr/sbin/ip link set ${STEERING_SERVER_DEV_NAME} down
 
 [Install]
 RequiredBy=tfe.service