network: change vif-route-qubes-nat parameters

Keep "main" IP (the one in xenstore) as the one seen by the netvm, and pass the "fake" one (the one seen by the VM) as script parameter. Fixes QubesOS/qubes-issues#1143
2016-10-29 22:28:57 +02:00 · 2016-10-29 22:28:57 +02:00 · 938af2c7fd
commit 938af2c7fd
parent be86c7da1f
2 changed files with 22 additions and 5 deletions
--- a/network/vif-qubes-nat.sh
+++ b/network/vif-qubes-nat.sh
@ -9,6 +9,24 @@ netvm_if="${vif}"
 netns_netvm_if="${vif}-p"
 netns_appvm_if="${vif}"

+#
+#               .----------------------------------.
+#               |          NetVM/ProxyVM           |
+# .------------.|.------------------.              |
+# |   AppVM    ||| $netns namespace |              |
+# |            |||                  |              |
+# |  eth0<--------->$netns_appvm_if |              |
+# |$appvm_ip   |||   $appvm_gw_ip   |              |
+# |$appvm_gw_ip|||         ^        |              |
+# '------------'||         |NAT     |              |
+#               ||         v        |              |
+#               ||  $netns_netvm_if<--->$netvm_if  |
+#               ||     $netvm_ip    |  $netvm_gw_ip|
+#               |'------------------'              |
+#               '----------------------------------'
+#
+
+
 function run
 {
    #echo "$@" >> /var/log/qubes-nat.log
@ -20,8 +38,6 @@ function netns
    run ip netns exec "$netns" "$@"
 }

-
-
 run ip addr flush dev "$netns_appvm_if"
 run ip netns delete "$netns" || :

@ -32,7 +48,6 @@ if test "$command" == online; then
    run ip link add "$netns_netvm_if" type veth peer name "$netvm_if"
    run ip link set "$netns_netvm_if" netns "$netns"

-
    netns ip6tables -t raw -I PREROUTING -j DROP
    netns ip6tables -P INPUT DROP
    netns ip6tables -P FORWARD DROP
--- a/network/vif-route-qubes-nat
+++ b/network/vif-route-qubes-nat
@ -20,15 +20,17 @@
 #         this script).
 #============================================================================

+# IPs as seen by the VM
 appvm_gw_ip="$1"
-netvm_ip="$2"
+appvm_ip="$2"
 shift 2

 dir=$(dirname "$0")
 . "$dir/vif-common.sh"

 if [ "${ip}" ]; then
-    appvm_ip="$ip"
+    # IPs as seen by this VM
+    netvm_ip="$ip"
    netvm_gw_ip=`qubesdb-read /qubes-netvm-gateway`
    netvm_dns2_ip=`qubesdb-read /qubes-netvm-secondary-dns`