Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Minor logic improvement

Browse Source
This commit is contained in:
Giulio 2021-06-29 13:20:16 +02:00
parent 99ea8dddbe
commit 787cb1170b
2 changed files with 10 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
qubes/firewall.py
View File

@ -689,15 +689,12 @@ class Firewall:
entries['{:04}'.format(ruleno)] = rule.rule entries['{:04}'.format(ruleno)] = rule.rule
return entries return entries
def qdb_forward_entries(self, addr_family=None): def qdb_forward_entries(self, addr_family=None, type):
''' In order to keep all the 'parsing' logic here and not in net.py, ''' In order to keep all the 'parsing' logic here and not in net.py,
directly separate forwarding rules from standard rules since they need directly separate forwarding rules from standard rules since they need
to be handled differently later. to be handled differently later.
''' '''
entries = { entries = {}
"internal": [],
"external": []
}
if addr_family is not None: if addr_family is not None:
exclude_dsttype = 'dst4' if addr_family == 6 else 'dst6' exclude_dsttype = 'dst4' if addr_family == 6 else 'dst6'
for ruleno, rule in zip(itertools.count(), self.rules): for ruleno, rule in zip(itertools.count(), self.rules):
@ -709,10 +706,6 @@ class Firewall:
# include only forwarding rules # include only forwarding rules
if rule.action != "forward": if rule.action != "forward":
continue continue
if rule.forwardtype == "internal": if rule.forwardtype == type:
entries["internal"]['{:04}'.format(ruleno)] = rule.rule entries['{:04}'.format(ruleno)] = rule.rule
elif rule.forwardype == "external":
entries["external"]['{:04}'.format(ruleno)] = rule.rule
else:
raise ValueError('invalid forwardtype for rule')
return entries return entries

7
qubes/vm/mix/net.py
View File

@ -398,7 +398,12 @@ class NetVMMixin(qubes.events.Emitter):
self.untrusted_qdb.rm(base_dir) self.untrusted_qdb.rm(base_dir)
# write new forward rules # write new forward rules
for key, value in vm.firewall.qdb_forward_entries( for key, value in vm.firewall.qdb_forward_entries(
addr_family=addr_family).items(): addr_family=addr_family, "internal").items():
# code here
# signal its done
for key, value in vm.firewall.qdb_forward_entries(
addr_family=addr_family, "external").items():
# to fix
for netvm in netpath: for netvm in netpath:
self.untrusted_qdb.write(base_dir + key, value) self.untrusted_qdb.write(base_dir + key, value)
# signal its done # signal its done