Commit Graph

18 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
696a0918d5
Revert "network: disable proxy_arp"
Proxy ARP apparently is still needed for HVMs.
This reverts commit fa8b05a83c.

Fixes QubesOS/qubes-issues#1421
2016-10-30 20:42:00 +01:00
Marek Marczykowski-Górecki
fa8b05a83c
network: disable proxy_arp
Since both sides have proper routing tables set, it isn't required to
set it anymore.

Fixes QubesOS/qubes-issues#1421
2015-11-15 04:04:06 +01:00
Patrick Schleizer
2eb0ed2be1
removed trailing spaces 2015-10-15 04:34:55 +02:00
Marek Marczykowski-Górecki
4e44008607 network: disable tx csum offload on vif interfaces
It doesn't work with HVMs - more precisely with (ancient) qemu in
stubdomain.
2015-07-01 04:53:31 +02:00
Marek Marczykowski-Górecki
13c078ddbd network: guard iptables call with manual lock
Apparently even iptables-restore does not handle concurrent firewall
updates. This is especially a problem in case of HVM, which have two
network interfaces (one through stubom and the other direct) added at
the same time.
2015-07-01 01:25:00 +02:00
Marek Marczykowski-Górecki
2bfc6edddc network: use iptables-restore instead of iptables --wait
The later one is present only in latest iptables version - especially
debian does not have it. But we need to handle "Device or resources
busy" problem somehow.
2015-06-27 04:55:56 +02:00
Marek Marczykowski-Górecki
7adbc3fd59 Use iptables --wait only when it is supported 2015-04-28 00:51:05 +02:00
Marek Marczykowski-Górecki
c49d9283f0 network: wait for iptables lock instead of aborting
vif-route-qubes can be called simultaneously, for example in case of:
 - multiple domains startup
 - HVM startup (two interfaces: one to the target domain, second one to
   stubdom)
If that happens, one of calls can fail because of iptables lock.
2015-04-21 04:41:57 +02:00
Marek Marczykowski
db35abadc8 Use Qubes DB instead of Xenstore 2014-11-19 15:34:33 +01:00
Marek Marczykowski-Górecki
53b0d8ab17 network: fix IP address of backend network interface
Get it from settings provided by dom0, do not calculate itself. This
makes a difference for DispVMs.
2014-08-13 09:23:51 +02:00
Marek Marczykowski
c18cb08f8c dom0+vm/vif-script: setup IP address of net backend interface
This is needed to connect to ProxyVM/NetVM, not only pass traffic ahead. Still
firewall rules applies.
2012-05-31 03:11:43 +02:00
Marek Marczykowski
f290b2e939 vm+dom0/vif-script: indent fix 2012-05-31 03:11:43 +02:00
Marek Marczykowski
2b3939ab64 vm/network: use metric to allow multiple routes to same VM
This is required when VM has multiple interfaces (eg HVM: PV and stubdom).
Prefer the later one.
2012-03-08 14:57:10 +01:00
Marek Marczykowski
8a7906a016 vm/network: really place anti-spoof rules in 'raw' table
This fixes commit:
4d68998 vm/network: place anti-spoof rules in 'raw' table
2012-03-08 14:56:39 +01:00
Marek Marczykowski
23e1e1db1f vm/network: place anti-spoof rules in 'raw' table 2012-03-03 01:30:04 +01:00
Marek Marczykowski
6610b22f97 vm/network: replace route in more elegant way 2012-03-03 01:26:06 +01:00
Marek Marczykowski
41a0366719 vm/network: do not fail when route already exists - override it 2012-02-24 17:10:16 +01:00
Marek Marczykowski
240d35259f vm(+dom0): major rearrage VM files in repo; merge core-*vm packages 2012-01-06 21:31:12 +01:00