From 71ef4b2e33e682ead93afc90409e5e55e0f83fab Mon Sep 17 00:00:00 2001
From: CoprDistGit <infra@openeuler.org>
Date: Fri, 16 Aug 2024 22:05:20 +0000
Subject: automatic import of freerouter

---
 freerouter-p4xdp.service | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 freerouter-p4xdp.service

(limited to 'freerouter-p4xdp.service')

diff --git a/freerouter-p4xdp.service b/freerouter-p4xdp.service
new file mode 100644
index 0000000..bfee29c
--- /dev/null
+++ b/freerouter-p4xdp.service
@@ -0,0 +1,37 @@
+[Unit]
+Description=p4xdp specific process of freerouter
+Requires=freerouter.service freerouter-native@cpu_port.service network.target
+After=freerouter.service freerouter-native@cpu_port.service network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/p4xdp_user.bin 127.0.0.1 9080 2 skb eth1 eth2 veth250
+ExecStopPost=-/usr/sbin/ip link set dev eth1 xdpgeneric off
+ExecStopPost=-/usr/sbin/ip link set dev eth2 xdpgeneric off
+ExecStopPost=-/usr/sbin/ip link set dev veth250 xdpgeneric off
+Restart=always
+RestartSec=5
+WorkingDirectory=/var/lib/freerouter
+User=freerouter
+Group=freerouter
+CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_IPC_LOCK CAP_SYS_ADMIN
+AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN CAP_IPC_LOCK CAP_SYS_ADMIN
+NoNewPrivileges=true
+ProtectSystem=strict
+ProtectHome=true
+ReadWritePaths=/var/lib/freerouter /etc/freerouter
+PrivateTmp=true
+# PrivateDevices is not possible because some types need access to a physical device.
+PrivateDevices=false
+PrivateNetwork=false
+# Private Users clears all capabilities.
+PrivateUsers=false
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+RestrictNamespaces=true
+LockPersonality=true
+RemoveIPC=true
+
+[Install]
+WantedBy=multi-user.target
-- 
cgit v1.2.3