From 7914558ad84912ce478a95d2220dd2f729f524ad Mon Sep 17 00:00:00 2001
From: Tomasz Sterna <tomek@xiaoka.com>
Date: Fri, 11 Mar 2011 19:39:52 +0100
Subject: [PATCH 1/2] FwVM network changes watcher script

---
 fwvm/bin/qubes_netwatcher    | 27 +++++++++++++++++++++++
 fwvm/init.d/qubes_netwatcher | 42 ++++++++++++++++++++++++++++++++++++
 2 files changed, 69 insertions(+)
 create mode 100755 fwvm/bin/qubes_netwatcher
 create mode 100755 fwvm/init.d/qubes_netwatcher

diff --git a/fwvm/bin/qubes_netwatcher b/fwvm/bin/qubes_netwatcher
new file mode 100755
index 0000000..8f9d2e9
--- /dev/null
+++ b/fwvm/bin/qubes_netwatcher
@@ -0,0 +1,27 @@
+#!/bin/bash
+set -e
+
+PIDFILE=/var/run/qubes/qubes_netwatcher.pid
+CURR_NETCFG=""
+
+# PIDfile handling
+[[ -e $PIDFILE ]] && kill -s 0 $(<$PIDFILE) 2>/dev/null && exit 0
+echo $$ >$PIDFILE
+
+trap 'exit 0' SIGTERM
+
+while true; do
+	NET_DOMID=$(/usr/bin/xenstore-read qubes_netvm_domid)
+	if [[ -n "$NET_DOMID" ]] && [[ $NET_DOMID -gt 0 ]]; then
+		NETCFG=$(/usr/bin/xenstore-read /local/domain/$NET_DOMID/qubes_netvm_external_ip)
+		if [[ "$NETCFG" != "$CURR_NETCFG" ]]; then
+			/sbin/service qubes_firewall stop
+			/sbin/service qubes_firewall start
+			CURR_NETCFG="$NETCFG"
+		fi
+
+		/usr/bin/xenstore-watch /local/domain/$NET_DOMID/qubes_netvm_external_ip
+	else
+		/usr/bin/xenstore-watch qubes_netvm_domid
+	fi
+done
diff --git a/fwvm/init.d/qubes_netwatcher b/fwvm/init.d/qubes_netwatcher
new file mode 100755
index 0000000..c322c82
--- /dev/null
+++ b/fwvm/init.d/qubes_netwatcher
@@ -0,0 +1,42 @@
+#!/bin/sh
+#
+# chkconfig: 345 92 92
+# description: Starts Qubes Network monitor
+#
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+PIDFILE=/var/run/qubes/qubes_netwatcher.pid
+
+start()
+{
+	echo -n $"Starting Qubes Network monitor:"
+	/sbin/ethtool -K eth0 sg off
+	/usr/bin/qubes_netwatcher &
+	success
+	echo ""
+	return 0
+}
+
+stop()
+{
+	echo -n "Stopping Qubes Network monitor:"
+	kill -9 $(cat $PIDFILE) 2>/dev/null  && success || failure
+	echo ""
+	return 0
+}
+
+case "$1" in
+  start)
+	start
+	;;
+  stop)
+	stop
+	;;
+  *)
+	echo $"Usage: $0 {start|stop}"
+	exit 3
+	;;
+esac
+
+exit $RETVAL

From bfb5ec483d52a824c129328d5850c0cfdd7d909f Mon Sep 17 00:00:00 2001
From: Tomasz Sterna <tomek@xiaoka.com>
Date: Fri, 11 Mar 2011 19:40:23 +0100
Subject: [PATCH 2/2] Use SIGKILL to stop qubes_firewall service

---
 fwvm/init.d/qubes_firewall | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fwvm/init.d/qubes_firewall b/fwvm/init.d/qubes_firewall
index f970734..c23fb2b 100755
--- a/fwvm/init.d/qubes_firewall
+++ b/fwvm/init.d/qubes_firewall
@@ -21,7 +21,7 @@ start()
 stop()
 {
 	echo -n "Stopping Qubes Firewall monitor:"
-	kill $(cat $PIDFILE) 2>/dev/null  && success || failure
+	kill -9 $(cat $PIDFILE) 2>/dev/null  && success || failure
 	echo ""
 	return 0
 }