summaryrefslogtreecommitdiff
path: root/freerouter-p4dpdk-pkt.service
diff options
context:
space:
mode:
Diffstat (limited to 'freerouter-p4dpdk-pkt.service')
-rw-r--r--freerouter-p4dpdk-pkt.service34
1 files changed, 34 insertions, 0 deletions
diff --git a/freerouter-p4dpdk-pkt.service b/freerouter-p4dpdk-pkt.service
new file mode 100644
index 0000000..d809f87
--- /dev/null
+++ b/freerouter-p4dpdk-pkt.service
@@ -0,0 +1,34 @@
+[Unit]
+Description=p4dpdk specific process of freerouter
+Requires=freerouter.service freerouter-native@cpu_port.service network.target
+After=freerouter.service freerouter-native@cpu_port.service network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/p4dpdk.bin -m 2048 --no-huge --no-pci --vdev=net_af_packet0,iface=eth1,blocksz=16384,framesz=16384 --vdev=net_af_packet1,iface=eth2,blocksz=16384,framesz=16384 --vdev=net_af_packet2,iface=veth250,blocksz=16384,framesz=16384 -- 127.0.0.1 9080 2 0 1 2 1 3 4 -2 65407 0 -9 256 0 -4 512 0
+Restart=always
+RestartSec=5
+WorkingDirectory=/var/lib/freerouter
+User=freerouter
+Group=freerouter
+CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_IPC_LOCK
+AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN CAP_IPC_LOCK
+NoNewPrivileges=true
+ProtectSystem=strict
+ProtectHome=true
+ReadWritePaths=/var/lib/freerouter /etc/freerouter
+PrivateTmp=true
+# PrivateDevices is not possible because some types need access to a physical device.
+PrivateDevices=false
+PrivateNetwork=false
+# Private Users clears all capabilities.
+PrivateUsers=false
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+RestrictNamespaces=true
+LockPersonality=true
+RemoveIPC=true
+
+[Install]
+WantedBy=multi-user.target
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-21 14:07:42 +0000