Qubes/core-agent-linux
1
0
Fork 0
程式碼 問題 合併請求 版本發布 Wiki 動態

network: change vif-route-qubes-nat parameters

瀏覽代碼 
Keep "main" IP (the one in xenstore) as the one seen by the netvm, and
pass the "fake" one (the one seen by the VM) as script parameter.

Fixes QubesOS/qubes-issues#1143
This commit is contained in:
Marek Marczykowski-Górecki 2016-10-29 22:28:57 +02:00
父節點 be86c7da1f
當前提交 938af2c7fd
沒有發現已知的金鑰在資料庫的簽署中
GPG 金鑰 ID: 063938BA42CFA724
共有 2 個檔案被更改,包括 22 行新增5 行删除
顯示統計資料 下載 Patch 檔 下載差異檔 展開所有檔案 折疊所有檔案

21
network/vif-qubes-nat.sh
查看文件

@ -9,6 +9,24 @@ netvm_if="${vif}"
netns_netvm_if="${vif}-p"
netns_appvm_if="${vif}"
#
# .----------------------------------.
# | NetVM/ProxyVM |
# .------------.|.------------------. |
# | AppVM ||| $netns namespace | |
# | ||| | |
# | eth0<--------->$netns_appvm_if | |
# |$appvm_ip ||| $appvm_gw_ip | |
# |$appvm_gw_ip||| ^ | |
# '------------'|| |NAT | |
# || v | |
# || $netns_netvm_if<--->$netvm_if |
# || $netvm_ip | $netvm_gw_ip|
# |'------------------' |
# '----------------------------------'
#
function run
{
#echo "$@" >> /var/log/qubes-nat.log
@ -20,8 +38,6 @@ function netns
run ip netns exec "$netns" "$@"
}
run ip addr flush dev "$netns_appvm_if"
run ip netns delete "$netns" || :
@ -32,7 +48,6 @@ if test "$command" == online; then
run ip link add "$netns_netvm_if" type veth peer name "$netvm_if"
run ip link set "$netns_netvm_if" netns "$netns"
netns ip6tables -t raw -I PREROUTING -j DROP
netns ip6tables -P INPUT DROP
netns ip6tables -P FORWARD DROP

6
network/vif-route-qubes-nat
查看文件

@ -20,15 +20,17 @@
# this script).
#============================================================================
# IPs as seen by the VM
appvm_gw_ip="$1"
netvm_ip="$2"
appvm_ip="$2"
shift 2
dir=$(dirname "$0")
. "$dir/vif-common.sh"
if [ "${ip}" ]; then
appvm_ip="$ip"
# IPs as seen by this VM
netvm_ip="$ip"
netvm_gw_ip=`qubesdb-read /qubes-netvm-gateway`
netvm_dns2_ip=`qubesdb-read /qubes-netvm-secondary-dns`