7 жил өмнө · 938af2c7fd
--- a/network/vif-qubes-nat.sh
+++ b/network/vif-qubes-nat.sh
@@ -9,6 +9,24 @@ netvm_if="${vif}"
 
				 netns_netvm_if="${vif}-p"
			
 
				 netns_appvm_if="${vif}"
			
 
				 
			
 
				+#
			
 
				+#               .----------------------------------.
			
 
				+#               |          NetVM/ProxyVM           |
			
 
				+# .------------.|.------------------.              |
			
 
				+# |   AppVM    ||| $netns namespace |              |
			
 
				+# |            |||                  |              |
			
 
				+# |  eth0<--------->$netns_appvm_if |              |
			
 
				+# |$appvm_ip   |||   $appvm_gw_ip   |              |
			
 
				+# |$appvm_gw_ip|||         ^        |              |
			
 
				+# '------------'||         |NAT     |              |
			
 
				+#               ||         v        |              |
			
 
				+#               ||  $netns_netvm_if<--->$netvm_if  |
			
 
				+#               ||     $netvm_ip    |  $netvm_gw_ip|
			
 
				+#               |'------------------'              |
			
 
				+#               '----------------------------------'
			
 
				+#
			
 
				+
			
 
				+
			
 
				 function run
			
 
				 {
			
 
				     #echo "$@" >> /var/log/qubes-nat.log
			
@@ -20,8 +38,6 @@ function netns
 
				     run ip netns exec "$netns" "$@"
			
 
				 }
			
 
				 
			
 
				-
			
 
				-
			
 
				 run ip addr flush dev "$netns_appvm_if"
			
 
				 run ip netns delete "$netns" || :
			
 
				 
			
@@ -32,7 +48,6 @@ if test "$command" == online; then
 
				     run ip link add "$netns_netvm_if" type veth peer name "$netvm_if"
			
 
				     run ip link set "$netns_netvm_if" netns "$netns"
			
 
				 
			
 
				-
			
 
				     netns ip6tables -t raw -I PREROUTING -j DROP
			
 
				     netns ip6tables -P INPUT DROP
			
 
				     netns ip6tables -P FORWARD DROP
			
--- a/network/vif-route-qubes-nat
+++ b/network/vif-route-qubes-nat
@@ -20,15 +20,17 @@
 
				 #         this script).
			
 
				 #============================================================================
			
 
				 
			
 
				+# IPs as seen by the VM
			
 
				 appvm_gw_ip="$1"
			
 
				-netvm_ip="$2"
			
 
				+appvm_ip="$2"
			
 
				 shift 2
			
 
				 
			
 
				 dir=$(dirname "$0")
			
 
				 . "$dir/vif-common.sh"
			
 
				 
			
 
				 if [ "${ip}" ]; then
			
 
				-    appvm_ip="$ip"
			
 
				+    # IPs as seen by this VM
			
 
				+    netvm_ip="$ip"
			
 
				     netvm_gw_ip=`qubesdb-read /qubes-netvm-gateway`
			
 
				     netvm_dns2_ip=`qubesdb-read /qubes-netvm-secondary-dns`