From 938af2c7fdae05c8e165dee259e17df9fad80880 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Sat, 29 Oct 2016 22:28:57 +0200
Subject: [PATCH] network: change vif-route-qubes-nat parameters

Keep "main" IP (the one in xenstore) as the one seen by the netvm, and
pass the "fake" one (the one seen by the VM) as script parameter.

Fixes QubesOS/qubes-issues#1143
---
 network/vif-qubes-nat.sh    | 21 ++++++++++++++++++---
 network/vif-route-qubes-nat |  6 ++++--
 2 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/network/vif-qubes-nat.sh b/network/vif-qubes-nat.sh
index 360e72e..57f588a 100755
--- a/network/vif-qubes-nat.sh
+++ b/network/vif-qubes-nat.sh
@@ -9,6 +9,24 @@ netvm_if="${vif}"
 netns_netvm_if="${vif}-p"
 netns_appvm_if="${vif}"
 
+#
+#               .----------------------------------.
+#               |          NetVM/ProxyVM           |
+# .------------.|.------------------.              |
+# |   AppVM    ||| $netns namespace |              |
+# |            |||                  |              |
+# |  eth0<--------->$netns_appvm_if |              |
+# |$appvm_ip   |||   $appvm_gw_ip   |              |
+# |$appvm_gw_ip|||         ^        |              |
+# '------------'||         |NAT     |              |
+#               ||         v        |              |
+#               ||  $netns_netvm_if<--->$netvm_if  |
+#               ||     $netvm_ip    |  $netvm_gw_ip|
+#               |'------------------'              |
+#               '----------------------------------'
+#
+
+
 function run
 {
     #echo "$@" >> /var/log/qubes-nat.log
@@ -20,8 +38,6 @@ function netns
     run ip netns exec "$netns" "$@"
 }
 
-
-
 run ip addr flush dev "$netns_appvm_if"
 run ip netns delete "$netns" || :
 
@@ -32,7 +48,6 @@ if test "$command" == online; then
     run ip link add "$netns_netvm_if" type veth peer name "$netvm_if"
     run ip link set "$netns_netvm_if" netns "$netns"
 
-
     netns ip6tables -t raw -I PREROUTING -j DROP
     netns ip6tables -P INPUT DROP
     netns ip6tables -P FORWARD DROP
diff --git a/network/vif-route-qubes-nat b/network/vif-route-qubes-nat
index 2566bb0..c7da437 100755
--- a/network/vif-route-qubes-nat
+++ b/network/vif-route-qubes-nat
@@ -20,15 +20,17 @@
 #         this script).
 #============================================================================
 
+# IPs as seen by the VM
 appvm_gw_ip="$1"
-netvm_ip="$2"
+appvm_ip="$2"
 shift 2
 
 dir=$(dirname "$0")
 . "$dir/vif-common.sh"
 
 if [ "${ip}" ]; then
-    appvm_ip="$ip"
+    # IPs as seen by this VM
+    netvm_ip="$ip"
     netvm_gw_ip=`qubesdb-read /qubes-netvm-gateway`
     netvm_dns2_ip=`qubesdb-read /qubes-netvm-secondary-dns`