1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
[Unit]
Description=Tango Frontend Engine - Running Environment Setup
Before=tsgkni.service
Wants=network-online.target
After=network-online.target
[Service]
EnvironmentFile=/etc/sysconfig/tfe-env-config
Type=oneshot
RemainAfterExit=yes
# all works are done in execstartpre, this is only a fake target
ExecStart=/bin/true
ExecStop=/bin/true
# ExecStartPost=/usr/sbin/modprobe tfe-kmod
ExecStartPost=/usr/sbin/ip link set ${TFE_DEVICE_DATA_INCOMING} address ${TFE_LOCAL_MAC_DATA_INCOMING}
ExecStartPost=/usr/sbin/ip link set ${TFE_DEVICE_DATA_INCOMING} up
ExecStartPost=/usr/sbin/ip addr flush dev ${TFE_DEVICE_DATA_INCOMING}
ExecStartPost=/usr/sbin/ip addr add ${TFE_LOCAL_IP_DATA_INCOMING}/30 dev ${TFE_DEVICE_DATA_INCOMING}
ExecStartPost=/usr/sbin/ip neigh flush dev ${TFE_DEVICE_DATA_INCOMING}
ExecStartPost=/usr/sbin/ip neigh add ${TFE_PEER_IP_DATA_INCOMING} lladdr ${TFE_PEER_MAC_DATA_INCOMING} dev ${TFE_DEVICE_DATA_INCOMING} nud permanent
ExecStartPost=/usr/sbin/ip6tables -A INPUT -i ${TFE_DEVICE_DATA_INCOMING} -m bpf --bytecode '17,48 0 0 0,84 0 0 240,21 0 13 96,48 0 0 6,21 0 11 6,40 0 0 4,37 0 9 24,48 0 0 52,84 0 0 240,116 0 0 2,53 0 5 24,48 0 0 60,21 0 3 88,48 0 0 61,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
ExecStartPost=/usr/sbin/iptables -A INPUT -i ${TFE_DEVICE_DATA_INCOMING} -m bpf --bytecode '18,48 0 0 0,84 0 0 240,21 0 14 64,48 0 0 9,21 0 12 6,40 0 0 6,69 10 0 8191,177 0 0 0,80 0 0 12,84 0 0 240,116 0 0 2,53 0 5 24,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
# policy route
ExecStartPost=/usr/sbin/ip rule add iif ${TFE_DEVICE_DATA_INCOMING} tab 100
ExecStartPost=/usr/sbin/ip route add local default dev lo table 100
ExecStartPost=/usr/sbin/ip rule add fwmark 0x65 lookup 101
ExecStartPost=/usr/sbin/ip route add default dev ${TFE_DEVICE_DATA_INCOMING} via ${TFE_PEER_IP_DATA_INCOMING} table 101
# policy route v6
ExecStartPost=/usr/sbin/ip addr add fd00::02/64 dev ${TFE_DEVICE_DATA_INCOMING}
ExecStartPost=/usr/sbin/ip -6 route add default via fd00::01
ExecStartPost=/usr/sbin/ip -6 rule add iif ${TFE_DEVICE_DATA_INCOMING} tab 102
ExecStartPost=/usr/sbin/ip -6 route add local default dev lo table 102
ExecStartPost=/usr/sbin/ip -6 neigh add fd00::01 lladdr ${TFE_PEER_MAC_DATA_INCOMING} dev ${TFE_DEVICE_DATA_INCOMING} nud permanent
# stop
ExecStopPost=/usr/sbin/ip6tables -D INPUT -i ${TFE_DEVICE_DATA_INCOMING} -m bpf --bytecode '17,48 0 0 0,84 0 0 240,21 0 13 96,48 0 0 6,21 0 11 6,40 0 0 4,37 0 9 24,48 0 0 52,84 0 0 240,116 0 0 2,53 0 5 24,48 0 0 60,21 0 3 88,48 0 0 61,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
ExecStopPost=/usr/sbin/iptables -D INPUT -i ${TFE_DEVICE_DATA_INCOMING} -m bpf --bytecode '18,48 0 0 0,84 0 0 240,21 0 14 64,48 0 0 9,21 0 12 6,40 0 0 6,69 10 0 8191,177 0 0 0,80 0 0 12,84 0 0 240,116 0 0 2,53 0 5 24,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' -j NFQUEUE --queue-num 1
ExecStopPost=/usr/sbin/ip rule del iif ${TFE_DEVICE_DATA_INCOMING} tab 100
ExecStopPost=/usr/sbin/ip route del local default dev lo table 100
ExecStopPost=/usr/sbin/ip rule del fwmark 0x65 lookup 101
ExecStopPost=/usr/sbin/ip route del default dev ${TFE_DEVICE_DATA_INCOMING} via ${TFE_PEER_IP_DATA_INCOMING} table 101
ExecStopPost=/usr/sbin/ip -6 rule del iif ${TFE_DEVICE_DATA_INCOMING} tab 102
ExecStopPost=/usr/sbin/ip -6 route del default via fd00::01
ExecStopPost=/usr/sbin/ip -6 route del local default dev lo table 102
ExecStopPost=/usr/sbin/ip addr del fd00::02/64 dev ${TFE_DEVICE_DATA_INCOMING}
ExecStopPost=/usr/sbin/ip link set ${TFE_DEVICE_DATA_INCOMING} down
# ExecStopPost=/usr/sbin/modprobe -r tfe-kmod
[Install]
RequiredBy=tfe.service
WantedBy=multi-user.target
|
