script/service/tfe-env-debug.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181

#!/bin/bash

eth=$(cat /etc/sysconfig/tfe-env-config | grep -v \# | grep TFE_DEVICE_DATA_INCOMING | awk -F '=' '{print $2}')

local_addr_v4=$(cat /etc/sysconfig/tfe-env-config | grep -v \# | grep TFE_LOCAL_IP_DATA_INCOMING | awk -F '=' '{print $2}')
peer_addr_v4=$(cat /etc/sysconfig/tfe-env-config | grep -v \# | grep TFE_PEER_IP_DATA_INCOMING | awk -F '=' '{print $2}')

local_mac=$(cat /etc/sysconfig/tfe-env-config | grep -v \# | grep TFE_LOCAL_MAC_DATA_INCOMING | awk -F '=' '{print $2}')
peer_mac=$(cat /etc/sysconfig/tfe-env-config | grep -v \# | grep TFE_PEER_MAC_DATA_INCOMING | awk -F '=' '{print $2}')

local_addr_v6=fd00::02
peer_addr_v6=fd00::01

###########################################################
# Start
###########################################################

function setup() {
    # 配置网卡 MAC 并将网卡状态设置为 UP
    ip link set ${eth} address ${local_mac}
    ip link set ${eth} up

    # 配置 Address 和 Netmask
    ip addr flush dev ${eth}

    ip addr add ${local_addr_v4}/30 dev ${eth}
    ip addr add ${local_addr_v6}/64 dev ${eth}

    # 回流的 IPv4/IPv6 流量分别走 table 100/102
    ip -4 rule add iif ${eth} tab 100
    ip -6 rule add iif ${eth} tab 102

    ip -4 route add local default dev lo table 100
    ip -6 route add local default dev lo table 102

    # 回注的 IPv4 流量走 table 101
    # 回注的 IPv6 流量走默认路由
    ip rule add fwmark 0x65 lookup 101
    ip -4 route add default dev ${eth} via ${peer_addr_v4} table 101
    ip -6 route add default dev ${eth} via ${peer_addr_v6}

    # 配置 ARP
    ip neigh flush dev ${eth}

    ip -4 neigh add ${peer_addr_v4} lladdr ${peer_mac} dev ${eth} nud permanent
    ip -6 neigh add ${peer_addr_v6} lladdr ${peer_mac} dev ${eth} nud permanent

    # 配置 iptables
    iptables -A INPUT -i ${eth} -m bpf --bytecode '18,48 0 0 0,84 0 0 240,21 0 14 64,48 0 0 9,21 0 12 6,40 0 0 6,69 10 0 8191,177 0 0 0,80 0 0 12,84 0 0 240,116 0 0 2,53 0 5 24,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
    ip6tables -A INPUT -i ${eth} -m bpf --bytecode '17,48 0 0 0,84 0 0 240,21 0 13 96,48 0 0 6,21 0 11 6,40 0 0 4,37 0 9 24,48 0 0 52,84 0 0 240,116 0 0 2,53 0 5 24,48 0 0 60,21 0 3 88,48 0 0 61,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
}

###########################################################
# Stop
###########################################################

function setdown() {
    # 删除 iptables
    iptables -D INPUT -i ${eth} -m bpf --bytecode '18,48 0 0 0,84 0 0 240,21 0 14 64,48 0 0 9,21 0 12 6,40 0 0 6,69 10 0 8191,177 0 0 0,80 0 0 12,84 0 0 240,116 0 0 2,53 0 5 24,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
    ip6tables -D INPUT -i ${eth} -m bpf --bytecode '17,48 0 0 0,84 0 0 240,21 0 13 96,48 0 0 6,21 0 11 6,40 0 0 4,37 0 9 24,48 0 0 52,84 0 0 240,116 0 0 2,53 0 5 24,48 0 0 60,21 0 3 88,48 0 0 61,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1

    # 删除 ARP
    ip -4 neigh del ${peer_addr_v4} lladdr ${peer_mac} dev ${eth} nud permanent # TODO NEW ADD
    ip -6 neigh del ${peer_addr_v6} lladdr ${peer_mac} dev ${eth} nud permanent # TODO NEW ADD

    # 删除回注的路由
    ip rule del fwmark 0x65 lookup 101

    ip -4 route del default dev ${eth} via ${peer_addr_v4} table 101
    ip -6 route del default dev ${eth} via ${peer_addr_v6}

    # 删除回流的路由
    ip -4 rule del iif ${eth} tab 100
    ip -6 rule del iif ${eth} tab 102

    ip -4 route del local default dev lo table 100
    ip -6 route del local default dev lo table 102

    # 删除 IP Address 和 NetMask
    ip addr del ${local_addr_v4}/30 dev ${eth} # TODO NEW ADD
    ip addr del ${local_addr_v6}/64 dev ${eth}

    # 将网卡状态设置为 DOWN
    ip link set ${eth} down
}

###########################################################
# Debug
###########################################################

function debug() {
    printf "\e[32m --------------------------------------------- \e[0m\n"
    printf "\e[32m Local Addr V4 : %s \e[0m\n" ${local_addr_v4}
    printf "\e[32m Peer  Addr V4 : %s \e[0m\n" ${peer_addr_v4}
    printf "\e[32m Local Addr V6 : %s \e[0m\n" ${local_addr_v6}
    printf "\e[32m Peer  Addr V6 : %s \e[0m\n" ${peer_addr_v6}
    printf "\e[32m Local MAC     : %s \e[0m\n" ${local_mac}
    printf "\e[32m Peer  MAC     : %s \e[0m\n" ${peer_mac}
    printf "\e[32m --------------------------------------------- \e[0m\n"

    printf "\n\n\e[32m Run: ifconfig %s \e[0m\n" ${eth}
    ifconfig ${eth}

    printf "\n\n\e[32m Run: ethtool %s \e[0m\n" ${eth}
    ethtool ${eth}

    # 检查 ip rule
    printf "\n\n\e[32m Run: ip -4 rule list table 100 \e[0m\n"
    ip -4 rule list table 100

    printf "\n\n\e[32m Run: ip -4 rule list table 101 \e[0m\n"
    ip -4 rule list table 101

    printf "\n\n\e[32m Run: ip -6 rule list table 102 \e[0m\n"
    ip -6 rule list table 102

    # 检查 ip route
    printf "\n\n\e[32m Run: ip -4 route show table 100 \e[0m\n"
    ip -4 route show table 100

    printf "\n\n\e[32m Run: ip -4 route show table 101 \e[0m\n"
    ip -4 route show table 101

    printf "\n\n\e[32m Run: ip -6 route show table 102 \e[0m\n"
    ip -6 route show table 102

    printf "\n\n\e[32m Run: ip -6 route show default \e[0m\n"
    ip -6 route show default

    # 检查 ip neigh
    printf "\n\n\e[32m Run: ip -4 neigh list dev %s \e[0m\n" ${eth}
    ip -4 neigh list dev ${eth}

    printf "\n\n\e[32m Run: ip -6 neigh list dev %s \e[0m\n" ${eth}
    ip -6 neigh list dev ${eth}

    # 检查 iptables
    printf "\n\n\e[32m Run: iptables -t mangle -L \e[0m\n"
    iptables -t mangle -L

    printf "\n\n\e[32m Run: iptables -t filter -L \e[0m\n"
    iptables -t filter -L

    printf "\n\n\e[32m Run: iptables -t raw -L \e[0m\n"
    iptables -t raw -L

    printf "\n\n\e[32m Run: iptables -t nat -L \e[0m\n"
    iptables -t nat -L

    printf "\n\n\e[32m Run: ip6tables -t mangle -L \e[0m\n"
    ip6tables -t mangle -L

    printf "\n\n\e[32m Run: ip6tables -t filter -L \e[0m\n"
    ip6tables -t filter -L

    printf "\n\n\e[32m Run: ip6tables -t raw -L \e[0m\n"
    ip6tables -t raw -L

    printf "\n\n\e[32m Run: ip6tables -t nat -L \e[0m\n"
    ip6tables -t nat -L
}

function usage() {
    echo "Usage: $(basename $0) [setup|setdown|debug]"
}

option_setup="setup"
option_setdown="setdown"
option_debug="debug"

option=$1

if [ "$option" = "$option_setup" ]; then
    setup
elif [ "$option" = "$option_setdown" ]; then
    setdown
elif [ "$option" = "$option_debug" ]; then
    debug
else
    usage
fi