Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'qubesos/pr/159'

Browse Source 
* qubesos/pr/159:
  setup-ip: handle default conf if /qubes-mac returns empty value
  setup-ip: only assign IP configuration of Qubes managed iface
  Handle default value for get_iface_from_mac
  Handle default value for get_qubes_managed_iface
  Make ShellCheck happy
  Handle non-default 'eth0' Qubes managed interface
This commit is contained in:
Marek Marczykowski-Górecki 2019-05-25 22:46:28 +02:00
commit da33d87c23
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
6 changed files with 134 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
init/functions
View File

@ -128,6 +128,36 @@ umount_retry() {
return 0 return 0
} }
get_mac_from_iface() {
local iface="$1"
local mac
if [ "x$iface" != "x" ]; then
mac="$(cat "/sys/class/net/$iface/address")"
fi
echo "$mac"
}
get_iface_from_mac() {
local mac="$1"
local iface
if [ "x$mac" != "x" ]; then
iface="$(ip -o link | grep -i "$mac" | awk '{print $2}' | cut -d ':' -f1)"
fi
echo "$iface"
}
get_qubes_managed_iface() {
local mac
local qubes_iface
mac="$(qubesdb-read /qubes-mac)"
qubes_iface="$(get_iface_from_mac "$mac")"
if [ "x$qubes_iface" != "x" ]; then
echo "$qubes_iface"
else
echo eth0
fi
}
initialize_home() { initialize_home() {
local home_root local home_root
local mode local mode

11
network/network-manager-prepare-conf-dir
View File

@ -1,5 +1,9 @@
#!/bin/sh #!/bin/sh
# Source Qubes library.
# shellcheck source=init/functions
. /usr/lib/qubes/init/functions
NM_CONFIG_DIR=/etc/NetworkManager/system-connections NM_CONFIG_DIR=/etc/NetworkManager/system-connections
if [ -d $NM_CONFIG_DIR ] && [ ! -h $NM_CONFIG_DIR ]; then if [ -d $NM_CONFIG_DIR ] && [ ! -h $NM_CONFIG_DIR ]; then
mkdir -p /rw/config/NM-system-connections mkdir -p /rw/config/NM-system-connections
@ -20,10 +24,11 @@ sed -r -i -e "s/^#?plugins=.*/plugins=keyfile/" /etc/NetworkManager/NetworkManag
# starting NetworkManager, otherwise it will try default DHCP configuration # starting NetworkManager, otherwise it will try default DHCP configuration
# first and only after a timeout fallback to static one - introducing delay in # first and only after a timeout fallback to static one - introducing delay in
# network connectivity # network connectivity
export INTERFACE=eth0 INTERFACE="$(get_qubes_managed_iface)"
export INTERFACE
if qubesdb-read /qubes-ip >/dev/null 2>/dev/null && if qubesdb-read /qubes-ip >/dev/null 2>/dev/null &&
[ -e /sys/class/net/$INTERFACE ] && [ -e "/sys/class/net/$INTERFACE" ] &&
[ ! -r /etc/NetworkManager/system-connections/qubes-uplink-$INTERFACE ]; then [ ! -r "/etc/NetworkManager/system-connections/qubes-uplink-$INTERFACE" ]; then
/usr/lib/qubes/setup-ip /usr/lib/qubes/setup-ip
fi fi

167
network/setup-ip
View File

@ -6,20 +6,24 @@
have_qubesdb || exit 0 have_qubesdb || exit 0
ip=$(/usr/bin/qubesdb-read /qubes-ip 2> /dev/null) mac="$(/usr/bin/qubesdb-read /qubes-mac 2> /dev/null)"
ip6=$(/usr/bin/qubesdb-read /qubes-ip6 2> /dev/null) current_mac="$(get_mac_from_iface "$INTERFACE")"
if [ "x$ip" != x ]; then
#netmask=$(/usr/bin/qubesdb-read /qubes-netmask) if [ "$mac" = "$current_mac" ] || [ "x$mac" = "x" ] ; then
gateway=$(/usr/bin/qubesdb-read /qubes-gateway) ip="$(/usr/bin/qubesdb-read /qubes-ip 2> /dev/null)"
gateway6=$(/usr/bin/qubesdb-read /qubes-gateway6) ip6="$(/usr/bin/qubesdb-read /qubes-ip6 2> /dev/null)"
primary_dns=$(/usr/bin/qubesdb-read /qubes-primary-dns 2>/dev/null || echo "$gateway") if [ "x$ip" != x ]; then
secondary_dns=$(/usr/bin/qubesdb-read /qubes-secondary-dns) #netmask=$(/usr/bin/qubesdb-read /qubes-netmask)
/sbin/ethtool -K "$INTERFACE" sg off gateway=$(/usr/bin/qubesdb-read /qubes-gateway)
/sbin/ethtool -K "$INTERFACE" tx off gateway6=$(/usr/bin/qubesdb-read /qubes-gateway6)
# If NetworkManager is enabled, let it configure the network primary_dns=$(/usr/bin/qubesdb-read /qubes-primary-dns 2>/dev/null || echo "$gateway")
if qsvc network-manager ; then secondary_dns=$(/usr/bin/qubesdb-read /qubes-secondary-dns)
nm_config=/etc/NetworkManager/system-connections/qubes-uplink-$INTERFACE /sbin/ethtool -K "$INTERFACE" sg off
cat > "$nm_config" <<__EOF__ /sbin/ethtool -K "$INTERFACE" tx off
# If NetworkManager is enabled, let it configure the network
if qsvc network-manager ; then
nm_config="/etc/NetworkManager/system-connections/qubes-uplink-$INTERFACE"
cat > "$nm_config" <<__EOF__
[802-3-ethernet] [802-3-ethernet]
duplex=full duplex=full
@ -31,100 +35,101 @@ id=VM uplink $INTERFACE
uuid=de85f79b-8c3d-405f-a652-cb4c10b4f9ef uuid=de85f79b-8c3d-405f-a652-cb4c10b4f9ef
type=802-3-ethernet type=802-3-ethernet
__EOF__ __EOF__
ip4_nm_config="" ip4_nm_config=""
ip6_nm_config="" ip6_nm_config=""
if ! qsvc disable-dns-server ; then if ! qsvc disable-dns-server ; then
ip4_nm_config="${ip4_nm_config} ip4_nm_config="${ip4_nm_config}
dns=${primary_dns};${secondary_dns}" dns=${primary_dns};${secondary_dns}"
fi fi
if ! qsvc disable-default-route ; then if ! qsvc disable-default-route ; then
ip4_nm_config="${ip4_nm_config} ip4_nm_config="${ip4_nm_config}
addresses1=$ip;32;$gateway" addresses1=$ip;32;$gateway"
if [ -n "$ip6" ]; then if [ -n "$ip6" ]; then
ip6_nm_config="${ip6_nm_config} ip6_nm_config="${ip6_nm_config}
addresses1=$ip6;128;$gateway6" addresses1=$ip6;128;$gateway6"
fi fi
else else
ip4_nm_config="${ip4_nm_config} ip4_nm_config="${ip4_nm_config}
addresses1=$ip;32" addresses1=$ip;32"
if [ -n "$ip6" ]; then if [ -n "$ip6" ]; then
ip6_nm_config="${ip6_nm_config} ip6_nm_config="${ip6_nm_config}
addresses1=$ip6;128" addresses1=$ip6;128"
fi
fi fi
fi if [ -n "$ip4_nm_config" ]; then
if [ -n "$ip4_nm_config" ]; then cat >> "$nm_config" <<__EOF__
cat >> "$nm_config" <<__EOF__
[ipv4] [ipv4]
method=manual method=manual
may-fail=false may-fail=false
$ip4_nm_config $ip4_nm_config
__EOF__ __EOF__
else else
cat >> "$nm_config" <<__EOF__ cat >> "$nm_config" <<__EOF__
[ipv4] [ipv4]
method=ignore method=ignore
__EOF__ __EOF__
fi fi
if [ -n "$ip6_nm_config" ]; then if [ -n "$ip6_nm_config" ]; then
cat >> "$nm_config" <<__EOF__ cat >> "$nm_config" <<__EOF__
[ipv6] [ipv6]
method=manual method=manual
may-fail=false may-fail=false
$ip6_nm_config $ip6_nm_config
__EOF__ __EOF__
else else
cat >> "$nm_config" <<__EOF__ cat >> "$nm_config" <<__EOF__
[ipv6] [ipv6]
method=ignore method=ignore
__EOF__ __EOF__
fi fi
chmod 600 "$nm_config" chmod 600 "$nm_config"
# reload connection # reload connection
nmcli connection load "$nm_config" || : nmcli connection load "$nm_config" || :
else else
# No NetworkManager enabled, configure the network manually # No NetworkManager enabled, configure the network manually
/sbin/ifconfig "$INTERFACE" "$ip" netmask 255.255.255.255 /sbin/ifconfig "$INTERFACE" "$ip" netmask 255.255.255.255
if [ -n "$ip6" ]; then if [ -n "$ip6" ]; then
/sbin/ifconfig "$INTERFACE" add "$ip6"/128 /sbin/ifconfig "$INTERFACE" add "$ip6"/128
fi fi
/sbin/ifconfig "$INTERFACE" up /sbin/ifconfig "$INTERFACE" up
/sbin/route add -host "$gateway" dev "$INTERFACE" /sbin/route add -host "$gateway" dev "$INTERFACE"
if [ -n "$gateway6" ] && ! echo "$gateway6" | grep -q "^fe80:"; then if [ -n "$gateway6" ] && ! echo "$gateway6" | grep -q "^fe80:"; then
/sbin/route -6 add "$gateway6/128" dev "$INTERFACE" /sbin/route -6 add "$gateway6/128" dev "$INTERFACE"
fi fi
if ! qsvc disable-default-route ; then if ! qsvc disable-default-route ; then
/sbin/route add default gw "$gateway" /sbin/route add default gw "$gateway"
if [ -n "$gateway6" ]; then if [ -n "$gateway6" ]; then
/sbin/route -6 add default gw "$gateway6" dev "$INTERFACE" /sbin/route -6 add default gw "$gateway6" dev "$INTERFACE"
fi
fi
if ! is_protected_file /etc/resolv.conf ; then
echo > /etc/resolv.conf
if ! qsvc disable-dns-server ; then
echo "nameserver $primary_dns" > /etc/resolv.conf
echo "nameserver $secondary_dns" >> /etc/resolv.conf
fi
fi fi
fi fi
if ! is_protected_file /etc/resolv.conf ; then network=$(qubesdb-read /qubes-netvm-network 2>/dev/null)
echo > /etc/resolv.conf if [ "x$network" != "x" ] && ! qsvc disable-dns-server ; then
if ! qsvc disable-dns-server ; then gateway=$(qubesdb-read /qubes-netvm-gateway)
echo "nameserver $primary_dns" > /etc/resolv.conf #netmask=$(qubesdb-read /qubes-netvm-netmask)
echo "nameserver $secondary_dns" >> /etc/resolv.conf primary_dns=$(qubesdb-read /qubes-netvm-primary-dns 2>/dev/null || echo "$gateway")
secondary_dns=$(qubesdb-read /qubes-netvm-secondary-dns)
echo "NS1=$primary_dns" > /var/run/qubes/qubes-ns
echo "NS2=$secondary_dns" >> /var/run/qubes/qubes-ns
/usr/lib/qubes/qubes-setup-dnat-to-ns
fi
if [ "x$network" != "x" ]; then
if [ -x /rw/config/qubes-ip-change-hook ]; then
/rw/config/qubes-ip-change-hook
fi
# XXX: Backward compatibility
if [ -x /rw/config/qubes_ip_change_hook ]; then
/rw/config/qubes_ip_change_hook
fi fi
fi
fi
network=$(qubesdb-read /qubes-netvm-network 2>/dev/null)
if [ "x$network" != "x" ] && ! qsvc disable-dns-server ; then
gateway=$(qubesdb-read /qubes-netvm-gateway)
#netmask=$(qubesdb-read /qubes-netvm-netmask)
primary_dns=$(qubesdb-read /qubes-netvm-primary-dns 2>/dev/null || echo "$gateway")
secondary_dns=$(qubesdb-read /qubes-netvm-secondary-dns)
echo "NS1=$primary_dns" > /var/run/qubes/qubes-ns
echo "NS2=$secondary_dns" >> /var/run/qubes/qubes-ns
/usr/lib/qubes/qubes-setup-dnat-to-ns
fi
if [ "x$network" != "x" ]; then
if [ -x /rw/config/qubes-ip-change-hook ]; then
/rw/config/qubes-ip-change-hook
fi
# XXX: Backward compatibility
if [ -x /rw/config/qubes_ip_change_hook ]; then
/rw/config/qubes_ip_change_hook
fi fi
fi fi
fi fi

2
vm-init.d/qubes-firewall
View File

@ -19,7 +19,7 @@ start()
if qsvc qubes-firewall ; then if qsvc qubes-firewall ; then
echo -n $"Starting Qubes Firewall monitor:" echo -n $"Starting Qubes Firewall monitor:"
/sbin/ethtool -K eth0 sg off /sbin/ethtool -K "$(get_qubes_managed_iface)" sg off
/usr/sbin/qubes-firewall & /usr/sbin/qubes-firewall &
success success
echo "" echo ""

5
vm-systemd/misc-post.sh
View File

@ -15,7 +15,10 @@ fi
# DispVM (to override DispVM-template IP) and in case when qubes-ip was # DispVM (to override DispVM-template IP) and in case when qubes-ip was
# called by udev before loading evtchn kernel module - in which case # called by udev before loading evtchn kernel module - in which case
# qubesdb-read fails # qubesdb-read fails
INTERFACE=eth0 /usr/lib/qubes/setup-ip QUBES_MANAGED_IFACE="$(get_qubes_managed_iface)"
if [ "x$QUBES_MANAGED_IFACE" != "x" ]; then
INTERFACE="$QUBES_MANAGED_IFACE" /usr/lib/qubes/setup-ip
fi
if [ -x /rw/config/rc.local ] ; then if [ -x /rw/config/rc.local ] ; then
/rw/config/rc.local /rw/config/rc.local

6
vm-systemd/network-proxy-setup.sh
View File

@ -1,5 +1,9 @@
#!/bin/sh #!/bin/sh
# Source Qubes library.
# shellcheck source=init/functions
. /usr/lib/qubes/init/functions
# Setup gateway for all the VMs this netVM is serviceing... # Setup gateway for all the VMs this netVM is serviceing...
network=$(qubesdb-read /qubes-netvm-network 2>/dev/null) network=$(qubesdb-read /qubes-netvm-network 2>/dev/null)
if [ "x$network" != "x" ]; then if [ "x$network" != "x" ]; then
@ -24,5 +28,5 @@ if [ "x$network" != "x" ]; then
if [ -n "$gateway6" ]; then if [ -n "$gateway6" ]; then
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
fi fi
/sbin/ethtool -K eth0 sg off || true /sbin/ethtool -K "$(get_qubes_managed_iface)" sg off || true
fi fi