From e4eeb2ee1bc8e69e25f7333961ff4da64b511f2b Mon Sep 17 00:00:00 2001 From: Demi Marie Obenour Date: Thu, 19 Nov 2020 12:16:15 -0500 Subject: [PATCH] Add NetVM-facing neighbor entry in NAT namespace Since AppVMs will have their own NetVM-facing neighbor entries, a user might (correctly) conclude that NetVMs do not need ARP or NDP enabled. For this to work with NAT namespaces, they need their own neighbor entries. --- network/vif-qubes-nat.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/network/vif-qubes-nat.sh b/network/vif-qubes-nat.sh index 672f407..058d8a3 100755 --- a/network/vif-qubes-nat.sh +++ b/network/vif-qubes-nat.sh @@ -26,6 +26,7 @@ netns_appvm_if="${vif}" # '----------------------------------' # +readonly netvm_mac=fe:ff:ff:ff:ff:ff function run { @@ -55,7 +56,7 @@ if test "$command" == online; then # for the peer interface, make sure that it has the same MAC address # as the actual VM, so that our neighbor entry works. run ip link add name "$netns_netvm_if" address "$mac" type veth \ - peer name "$netvm_if" address fe:ff:ff:ff:ff:ff + peer name "$netvm_if" address "$netvm_mac" run ip link set dev "$netns_netvm_if" netns "$netns" netns ip6tables -t raw -I PREROUTING -j DROP @@ -94,6 +95,7 @@ if test "$command" == online; then fi netns ip neighbour add to "$appvm_ip" dev "$netns_appvm_if" lladdr "$mac" nud permanent + netns ip neighbour add to "$netvm_ip" dev "$netns_netvm_if" lladdr "$netvm_mac" nud permanent netns ip addr add "$netvm_ip" dev "$netns_netvm_if" netns ip addr add "$appvm_gw_ip" dev "$netns_appvm_if"