vm/mix/net: make vm.gateway6 consistent with vm.gateway
Use VM's actual IP address as a gateway for other VMs, instead of hardcoded link-local address. This is important for sys-net generated ICMP diagnostics packets - those must _not_ have link-local source address, otherwise wouldn't be properly forwarded back to the right VM.
This commit is contained in:
Marek Marczykowski-Górecki
parent
f4be284331
commit
2dee554ab7
@ -993,7 +993,7 @@ class TC_90_QubesVM(QubesVMTestsMixin, qubes.tests.QubesTestCase):
|
||||
expected['/qubes-ip6'] = \
|
||||
qubes.config.qubes_ipv6_prefix.replace(':0000', '') + \
|
||||
'::a89:3'
|
||||
expected['/qubes-gateway6'] = 'fe80::fcff:ffff:feff:ffff'
|
||||
expected['/qubes-gateway6'] = expected['/qubes-ip6'][:-1] + '2'
|
||||
vm.create_qdb_entries()
|
||||
self.assertEqual(test_qubesdb.data, expected)
|
||||
|
||||
@ -1043,9 +1043,9 @@ class TC_90_QubesVM(QubesVMTestsMixin, qubes.tests.QubesTestCase):
|
||||
test_qubesdb.data.clear()
|
||||
with self.subTest('proxy_ipv6'):
|
||||
netvm.features['ipv6'] = True
|
||||
expected['/qubes-netvm-gateway6'] = 'fe80::fcff:ffff:feff:ffff'
|
||||
ip6 = qubes.config.qubes_ipv6_prefix.replace(
|
||||
':0000', '') + '::a89:3'
|
||||
expected['/qubes-netvm-gateway6'] = ip6[:-1] + '2'
|
||||
expected['/qubes-firewall/' + ip6] = ''
|
||||
expected['/qubes-firewall/' + ip6 + '/0000'] = 'action=accept'
|
||||
expected['/qubes-firewall/' + ip6 + '/policy'] = 'drop'
|
||||
|
||||
@ -192,7 +192,7 @@ class NetVMMixin(qubes.events.Emitter):
|
||||
def gateway6(self):
|
||||
'''Gateway (IPv6) for other domains that use this domain as netvm.'''
|
||||
if self.features.check_with_netvm('ipv6', False):
|
||||
return 'fe80::fcff:ffff:feff:ffff' if self.provides_network else \
|
||||
return self.visible_ip6 if self.provides_network else \
|
||||
None
|
||||
return None
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user