Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add NetVM-facing neighbor entry in NAT namespace

Browse Source 
Since AppVMs will have their own NetVM-facing neighbor entries, a user
might (correctly) conclude that NetVMs do not need ARP or NDP enabled.
For this to work with NAT namespaces, they need their own neighbor
entries.
This commit is contained in:
Demi Marie Obenour 2020-11-19 12:16:15 -05:00
parent 097342bd08
commit e4eeb2ee1b
No known key found for this signature in database
GPG Key ID: 28A45C93B0B5B6E0
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
network/vif-qubes-nat.sh
View File

@ -26,6 +26,7 @@ netns_appvm_if="${vif}"
# '----------------------------------'
#
readonly netvm_mac=fe:ff:ff:ff:ff:ff
function run
{
@ -55,7 +56,7 @@ if test "$command" == online; then
# for the peer interface, make sure that it has the same MAC address
# as the actual VM, so that our neighbor entry works.
run ip link add name "$netns_netvm_if" address "$mac" type veth \
peer name "$netvm_if" address fe:ff:ff:ff:ff:ff
peer name "$netvm_if" address "$netvm_mac"
run ip link set dev "$netns_netvm_if" netns "$netns"
netns ip6tables -t raw -I PREROUTING -j DROP
@ -94,6 +95,7 @@ if test "$command" == online; then
fi
netns ip neighbour add to "$appvm_ip" dev "$netns_appvm_if" lladdr "$mac" nud permanent
netns ip neighbour add to "$netvm_ip" dev "$netns_netvm_if" lladdr "$netvm_mac" nud permanent
netns ip addr add "$netvm_ip" dev "$netns_netvm_if"
netns ip addr add "$appvm_gw_ip" dev "$netns_appvm_if"