Главная Обзор Помощь
Вход
Qubes
/
core-agent-linux
2
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Просмотр исходного кода

network: change vif-route-qubes-nat parameters

Keep "main" IP (the one in xenstore) as the one seen by the netvm, and
pass the "fake" one (the one seen by the VM) as script parameter.

Fixes QubesOS/qubes-issues#1143
Marek Marczykowski-Górecki 7 лет назад
Родитель
be86c7da1f
Сommit
938af2c7fd
2 измененных файлов с 22 добавлено и 5 удалено
Единый вид Показать статистику Diff
  1. 18 3
      network/vif-qubes-nat.sh
  2. 4 2
      network/vif-route-qubes-nat

+ 18 - 3
network/vif-qubes-nat.sh
Просмотреть файл 

@@ -9,6 +9,24 @@ netvm_if="${vif}"
 
 netns_netvm_if="${vif}-p"
 
 netns_netvm_if="${vif}-p"
 
 netns_appvm_if="${vif}"
 
 netns_appvm_if="${vif}"
 
 
 
+#
 
+#               .----------------------------------.
 
+#               |          NetVM/ProxyVM           |
 
+# .------------.|.------------------.              |
 
+# |   AppVM    ||| $netns namespace |              |
 
+# |            |||                  |              |
 
+# |  eth0<--------->$netns_appvm_if |              |
 
+# |$appvm_ip   |||   $appvm_gw_ip   |              |
 
+# |$appvm_gw_ip|||         ^        |              |
 
+# '------------'||         |NAT     |              |
 
+#               ||         v        |              |
 
+#               ||  $netns_netvm_if<--->$netvm_if  |
 
+#               ||     $netvm_ip    |  $netvm_gw_ip|
 
+#               |'------------------'              |
 
+#               '----------------------------------'
 
+#
 
+
 
+
 
 function run
 
 function run
 
 {
 
 {
 
     #echo "$@" >> /var/log/qubes-nat.log
 
     #echo "$@" >> /var/log/qubes-nat.log
 
@@ -20,8 +38,6 @@ function netns
 
     run ip netns exec "$netns" "$@"
 
     run ip netns exec "$netns" "$@"
 
 }
 
 }
 
 
 
-
 
-
 
 run ip addr flush dev "$netns_appvm_if"
 
 run ip addr flush dev "$netns_appvm_if"
 
 run ip netns delete "$netns" || :
 
 run ip netns delete "$netns" || :
 
 
 
@@ -32,7 +48,6 @@ if test "$command" == online; then
 
     run ip link add "$netns_netvm_if" type veth peer name "$netvm_if"
 
     run ip link add "$netns_netvm_if" type veth peer name "$netvm_if"
 
     run ip link set "$netns_netvm_if" netns "$netns"
 
     run ip link set "$netns_netvm_if" netns "$netns"
 
 
 
-
 
     netns ip6tables -t raw -I PREROUTING -j DROP
 
     netns ip6tables -t raw -I PREROUTING -j DROP
 
     netns ip6tables -P INPUT DROP
 
     netns ip6tables -P INPUT DROP
 
     netns ip6tables -P FORWARD DROP
 
     netns ip6tables -P FORWARD DROP

+ 4 - 2
network/vif-route-qubes-nat
Просмотреть файл 

@@ -20,15 +20,17 @@
 
 #         this script).
 
 #         this script).
 
 #============================================================================
 
 #============================================================================
 
 
 
+# IPs as seen by the VM
 
 appvm_gw_ip="$1"
 
 appvm_gw_ip="$1"
 
-netvm_ip="$2"
 
+appvm_ip="$2"
 
 shift 2
 
 shift 2
 
 
 
 dir=$(dirname "$0")
 
 dir=$(dirname "$0")
 
 . "$dir/vif-common.sh"
 
 . "$dir/vif-common.sh"
 
 
 
 if [ "${ip}" ]; then
 
 if [ "${ip}" ]; then
 
-    appvm_ip="$ip"
 
+    # IPs as seen by this VM
 
+    netvm_ip="$ip"
 
     netvm_gw_ip=`qubesdb-read /qubes-netvm-gateway`
 
     netvm_gw_ip=`qubesdb-read /qubes-netvm-gateway`
 
     netvm_dns2_ip=`qubesdb-read /qubes-netvm-secondary-dns`
 
     netvm_dns2_ip=`qubesdb-read /qubes-netvm-secondary-dns`