Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add permanent neighbor entries

Browse Source 
This allows network traffic to flow even if ARP and NDP do not work or
ave explicitly been disabled.
This commit is contained in:
Demi Marie Obenour 2020-11-10 16:28:53 -05:00
parent 74f5fb5ac7
commit aa71677cbd
No known key found for this signature in database
GPG Key ID: 28A45C93B0B5B6E0
2 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
network/setup-ip
View File

@ -4,6 +4,14 @@
# shellcheck disable=SC1091
. /usr/lib/qubes/init/functions
add_host_route () {
/sbin/ip -- route replace to unicast "$1" dev "$2" onlink scope host
}
add_default_route () {
/sbin/ip -- route replace to unicast default via "$1" dev "$2" onlink
}
configure_network() {
local MAC="$1"
local INTERFACE="$2"
@ -17,20 +25,24 @@ configure_network() {
local secondary_dns="${10}"
/sbin/ifconfig "$INTERFACE" "$ip" netmask "$netmask"
/sbin/ip -- neighbour replace to "$ip" dev "$INTERFACE" \
lladdr "$MAC" nud permanent
if [ -n "$ip6" ]; then
/sbin/ifconfig "$INTERFACE" add "$ip6/$netmask6"
/sbin/ip -- neighbour replace to "$ip6" dev "$INTERFACE" \
lladdr "$MAC" nud permanent
fi
/sbin/ifconfig "$INTERFACE" up
if [ -n "$gateway" ]; then
/sbin/route add -host "$gateway" dev "$INTERFACE"
if [ -n "$gateway6" ] && ! echo "$gateway6" | grep -q "^fe80:"; then
/sbin/route -6 add "$gateway6/$netmask6" dev "$INTERFACE"
add_route "$gateway6/$netmask6" "$INTERFACE"
fi
if ! qsvc disable-default-route ; then
/sbin/route add default gw "$gateway"
add_default_route "$gateway" "$INTERFACE"
if [ -n "$gateway6" ]; then
/sbin/route -6 add default gw "$gateway6" dev "$INTERFACE"
add_default_route "$gateway6" "$INTERFACE"
fi
fi
fi

6
network/vif-route-qubes
View File

@ -134,6 +134,10 @@ if [ "${ip}" ]; then
"$iptables_cmd ! -i vif+ -s ${addr} -j DROP" \
"COMMIT" | \
${cmdprefix} $ipt --noflush $ipt_arg
if [[ "$command" = 'online' ]]; then
ip neighbour "${ipcmd}" to "${addr}" \
dev "${vif}" lladdr 00:16:3e:5e:6c:6c:00 nud permanent
fi
done
# if no IPv6 is assigned, block all IPv6 traffic on that interface
if ! [[ "$ip" = *:* ]]; then
@ -155,7 +159,7 @@ if [ "${ip}" ]; then
log error "Cannot set IPv6 route to ${addr}, IPv6 disabled in the kernel"
continue
fi
${cmdprefix} ip route "${ipcmd}" "${addr}" dev "${vif}" metric "$metric"
${cmdprefix} ip route "${ipcmd}" "${addr}" dev "${vif}" metric "$metric" onlink
network_hooks "${command}" "${vif}" "${addr}"
done