From 2dee554ab7a737946c2eedd1e7d6b3de5a67abe4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Mon, 2 Apr 2018 23:59:22 +0200
Subject: [PATCH] vm/mix/net: make vm.gateway6 consistent with vm.gateway

Use VM's actual IP address as a gateway for other VMs, instead of
hardcoded link-local address. This is important for sys-net generated
ICMP diagnostics packets - those must _not_ have link-local source
address, otherwise wouldn't be properly forwarded back to the right VM.
---
 qubes/tests/vm/qubesvm.py | 4 ++--
 qubes/vm/mix/net.py       | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/qubes/tests/vm/qubesvm.py b/qubes/tests/vm/qubesvm.py
index b3316b04..168bd579 100644
--- a/qubes/tests/vm/qubesvm.py
+++ b/qubes/tests/vm/qubesvm.py
@@ -993,7 +993,7 @@ class TC_90_QubesVM(QubesVMTestsMixin, qubes.tests.QubesTestCase):
             expected['/qubes-ip6'] = \
                 qubes.config.qubes_ipv6_prefix.replace(':0000', '') + \
                 '::a89:3'
-            expected['/qubes-gateway6'] = 'fe80::fcff:ffff:feff:ffff'
+            expected['/qubes-gateway6'] = expected['/qubes-ip6'][:-1] + '2'
             vm.create_qdb_entries()
             self.assertEqual(test_qubesdb.data, expected)
 
@@ -1043,9 +1043,9 @@ class TC_90_QubesVM(QubesVMTestsMixin, qubes.tests.QubesTestCase):
         test_qubesdb.data.clear()
         with self.subTest('proxy_ipv6'):
             netvm.features['ipv6'] = True
-            expected['/qubes-netvm-gateway6'] = 'fe80::fcff:ffff:feff:ffff'
             ip6 = qubes.config.qubes_ipv6_prefix.replace(
                 ':0000', '') + '::a89:3'
+            expected['/qubes-netvm-gateway6'] = ip6[:-1] + '2'
             expected['/qubes-firewall/' + ip6] = ''
             expected['/qubes-firewall/' + ip6 + '/0000'] = 'action=accept'
             expected['/qubes-firewall/' + ip6 + '/policy'] = 'drop'
diff --git a/qubes/vm/mix/net.py b/qubes/vm/mix/net.py
index 0562d131..4ceeb858 100644
--- a/qubes/vm/mix/net.py
+++ b/qubes/vm/mix/net.py
@@ -192,7 +192,7 @@ class NetVMMixin(qubes.events.Emitter):
     def gateway6(self):
         '''Gateway (IPv6) for other domains that use this domain as netvm.'''
         if self.features.check_with_netvm('ipv6', False):
-            return 'fe80::fcff:ffff:feff:ffff' if self.provides_network else \
+            return self.visible_ip6 if self.provides_network else \
                 None
         return None