Etusivu Tutki Apua
Kirjaudu sisään
Qubes
/
core-agent-linux
2
0
Fork 0
Tiedostot Ongelmat 0 Pull-pyynnöt 0 Wiki
Selaa lähdekoodia

Add permanent neighbor entries

This allows network traffic to flow even if ARP and NDP do not work or
ave explicitly been disabled.
Demi Marie Obenour 3 vuotta sitten
vanhempi
74f5fb5ac7
commit
aa71677cbd
2 muutettua tiedostoa jossa 20 lisäystä ja 4 poistoa
Jaettu näkymä Näytä diff tilastot
  1. 15 3
      network/setup-ip
  2. 5 1
      network/vif-route-qubes

+ 15 - 3
network/setup-ip
Näytä tiedosto 

@@ -4,6 +4,14 @@
 
 # shellcheck disable=SC1091
 
 . /usr/lib/qubes/init/functions
 
 
+add_host_route () {
 
+    /sbin/ip -- route replace to unicast "$1" dev "$2" onlink scope host
 
+}
 
+
 
+add_default_route () {
 
+    /sbin/ip -- route replace to unicast default via "$1" dev "$2" onlink
 
+}
 
+
 
 configure_network() {
 
     local MAC="$1"
 
     local INTERFACE="$2"
 
@@ -17,20 +25,24 @@ configure_network() {
 
     local secondary_dns="${10}"
 
 
     /sbin/ifconfig "$INTERFACE" "$ip" netmask "$netmask"
 
+    /sbin/ip -- neighbour replace to "$ip" dev "$INTERFACE" \
 
+        lladdr "$MAC" nud permanent
 
     if [ -n "$ip6" ]; then
 
         /sbin/ifconfig "$INTERFACE" add "$ip6/$netmask6"
 
+        /sbin/ip -- neighbour replace to "$ip6" dev "$INTERFACE" \
 
+            lladdr "$MAC" nud permanent
 
     fi
 
     /sbin/ifconfig "$INTERFACE" up
 
 
     if [ -n "$gateway" ]; then
 
         /sbin/route add -host "$gateway" dev "$INTERFACE"
 
         if [ -n "$gateway6" ] && ! echo "$gateway6" | grep -q "^fe80:"; then
 
-            /sbin/route -6 add "$gateway6/$netmask6" dev "$INTERFACE"
 
+            add_route "$gateway6/$netmask6" "$INTERFACE"
 
         fi
 
         if ! qsvc disable-default-route ; then
 
-            /sbin/route add default gw "$gateway"
 
+            add_default_route "$gateway" "$INTERFACE"
 
             if [ -n "$gateway6" ]; then
 
-                /sbin/route -6 add default gw "$gateway6" dev "$INTERFACE"
 
+                add_default_route "$gateway6" "$INTERFACE"
 
             fi
 
         fi
 
     fi

+ 5 - 1
network/vif-route-qubes
Näytä tiedosto 

@@ -134,6 +134,10 @@ if [ "${ip}" ]; then
 
             "$iptables_cmd ! -i vif+ -s ${addr} -j DROP" \
 
             "COMMIT" | \
 
             ${cmdprefix} $ipt --noflush $ipt_arg
 
+        if [[ "$command" = 'online' ]]; then
 
+            ip neighbour "${ipcmd}" to "${addr}" \
 
+                dev "${vif}" lladdr 00:16:3e:5e:6c:6c:00 nud permanent
 
+        fi
 
     done
 
     # if no IPv6 is assigned, block all IPv6 traffic on that interface
 
     if ! [[ "$ip" = *:* ]]; then
 
@@ -155,7 +159,7 @@ if [ "${ip}" ]; then
 
             log error "Cannot set IPv6 route to ${addr}, IPv6 disabled in the kernel"
 
             continue
 
         fi
 
-        ${cmdprefix} ip route "${ipcmd}" "${addr}" dev "${vif}" metric "$metric"
 
+        ${cmdprefix} ip route "${ipcmd}" "${addr}" dev "${vif}" metric "$metric" onlink
 
 
         network_hooks "${command}" "${vif}" "${addr}"
 
     done