Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

network: use iptables-restore instead of iptables --wait

Browse Source 
The later one is present only in latest iptables version - especially
debian does not have it. But we need to handle "Device or resources
busy" problem somehow.
This commit is contained in:
Marek Marczykowski-Górecki 2015-06-27 04:55:56 +02:00
parent 5176228abc
commit 2bfc6edddc
1 changed files with 2 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
network/vif-route-qubes
View File

@ -47,17 +47,14 @@ domid=${domid/.*/}
# 32752 is max XID aka domid # 32752 is max XID aka domid
metric=$[ 32752 - $domid ] metric=$[ 32752 - $domid ]
if iptables --help |grep -q -- --wait; then
wait=--wait
fi
if [ "${ip}" ] ; then if [ "${ip}" ] ; then
# If we've been given a list of IP addresses, then add routes from dom0 to # If we've been given a list of IP addresses, then add routes from dom0 to
# the guest using those addresses. # the guest using those addresses.
for addr in ${ip} ; do for addr in ${ip} ; do
${cmdprefix} ip route ${ipcmd} ${addr} dev ${vif} metric $metric ${cmdprefix} ip route ${ipcmd} ${addr} dev ${vif} metric $metric
done done
${cmdprefix} iptables $wait -t raw $iptables_cmd -i ${vif} \! -s ${ip} -j DROP echo -e "*raw\n$iptables_cmd -i ${vif} ! -s ${ip} -j DROP\nCOMMIT" | \
${cmdprefix} iptables-restore --noflush
back_ip=`qubesdb-read /qubes-netvm-gateway` back_ip=`qubesdb-read /qubes-netvm-gateway`
${cmdprefix} ip addr ${ipcmd} ${back_ip}/32 dev ${vif} ${cmdprefix} ip addr ${ipcmd} ${back_ip}/32 dev ${vif}
fi fi