Marek Marczykowski-Górecki
696a0918d5
Revert "network: disable proxy_arp"
...
Proxy ARP apparently is still needed for HVMs.
This reverts commit fa8b05a83c
.
Fixes QubesOS/qubes-issues#1421
2016-10-30 20:42:00 +01:00
Marek Marczykowski-Górecki
fa8b05a83c
network: disable proxy_arp
...
Since both sides have proper routing tables set, it isn't required to
set it anymore.
Fixes QubesOS/qubes-issues#1421
2015-11-15 04:04:06 +01:00
Patrick Schleizer
2eb0ed2be1
removed trailing spaces
2015-10-15 04:34:55 +02:00
Marek Marczykowski-Górecki
4e44008607
network: disable tx csum offload on vif interfaces
...
It doesn't work with HVMs - more precisely with (ancient) qemu in
stubdomain.
2015-07-01 04:53:31 +02:00
Marek Marczykowski-Górecki
13c078ddbd
network: guard iptables call with manual lock
...
Apparently even iptables-restore does not handle concurrent firewall
updates. This is especially a problem in case of HVM, which have two
network interfaces (one through stubom and the other direct) added at
the same time.
2015-07-01 01:25:00 +02:00
Marek Marczykowski-Górecki
2bfc6edddc
network: use iptables-restore instead of iptables --wait
...
The later one is present only in latest iptables version - especially
debian does not have it. But we need to handle "Device or resources
busy" problem somehow.
2015-06-27 04:55:56 +02:00
Marek Marczykowski-Górecki
7adbc3fd59
Use iptables --wait only when it is supported
2015-04-28 00:51:05 +02:00
Marek Marczykowski-Górecki
c49d9283f0
network: wait for iptables lock instead of aborting
...
vif-route-qubes can be called simultaneously, for example in case of:
- multiple domains startup
- HVM startup (two interfaces: one to the target domain, second one to
stubdom)
If that happens, one of calls can fail because of iptables lock.
2015-04-21 04:41:57 +02:00
Marek Marczykowski
db35abadc8
Use Qubes DB instead of Xenstore
2014-11-19 15:34:33 +01:00
Marek Marczykowski-Górecki
53b0d8ab17
network: fix IP address of backend network interface
...
Get it from settings provided by dom0, do not calculate itself. This
makes a difference for DispVMs.
2014-08-13 09:23:51 +02:00
Marek Marczykowski
c18cb08f8c
dom0+vm/vif-script: setup IP address of net backend interface
...
This is needed to connect to ProxyVM/NetVM, not only pass traffic ahead. Still
firewall rules applies.
2012-05-31 03:11:43 +02:00
Marek Marczykowski
f290b2e939
vm+dom0/vif-script: indent fix
2012-05-31 03:11:43 +02:00
Marek Marczykowski
2b3939ab64
vm/network: use metric to allow multiple routes to same VM
...
This is required when VM has multiple interfaces (eg HVM: PV and stubdom).
Prefer the later one.
2012-03-08 14:57:10 +01:00
Marek Marczykowski
8a7906a016
vm/network: really place anti-spoof rules in 'raw' table
...
This fixes commit:
4d68998 vm/network: place anti-spoof rules in 'raw' table
2012-03-08 14:56:39 +01:00
Marek Marczykowski
23e1e1db1f
vm/network: place anti-spoof rules in 'raw' table
2012-03-03 01:30:04 +01:00
Marek Marczykowski
6610b22f97
vm/network: replace route in more elegant way
2012-03-03 01:26:06 +01:00
Marek Marczykowski
41a0366719
vm/network: do not fail when route already exists - override it
2012-02-24 17:10:16 +01:00
Marek Marczykowski
240d35259f
vm(+dom0): major rearrage VM files in repo; merge core-*vm packages
2012-01-06 21:31:12 +01:00