Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
bcd0e4935a
core-agent-linux/network/setup-ip
Marek Marczykowski-Górecki 44f8cceb38
network: configure IPv6 when enabled 
If dom0 expose IPv6 address settings, configure it on the interface.
Both backend and frontend side. If no IPv6 configuration is provided,
block IPv6 as it was before.

Fixes QubesOS/qubes-issues#718
2017-12-07 01:30:05 +01:00

128 lines
4.0 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
# Source Qubes library.
# shellcheck disable=SC1091
. /usr/lib/qubes/init/functions
have_qubesdb || exit 0
ip=$(/usr/bin/qubesdb-read /qubes-ip 2> /dev/null)
ip6=$(/usr/bin/qubesdb-read /qubes-ip6 2> /dev/null)
if [ "x$ip" != x ]; then
#netmask=$(/usr/bin/qubesdb-read /qubes-netmask)
gateway=$(/usr/bin/qubesdb-read /qubes-gateway)
gateway6=$(/usr/bin/qubesdb-read /qubes-gateway6)
primary_dns=$(/usr/bin/qubesdb-read /qubes-primary-dns 2>/dev/null || echo "$gateway")
secondary_dns=$(/usr/bin/qubesdb-read /qubes-secondary-dns)
/sbin/ethtool -K "$INTERFACE" sg off
/sbin/ethtool -K "$INTERFACE" tx off
# If NetworkManager is enabled, let it configure the network
if qsvc network-manager ; then
nm_config=/etc/NetworkManager/system-connections/qubes-uplink-$INTERFACE
cat > "$nm_config" <<__EOF__
[802-3-ethernet]
duplex=full
[ethernet]
mac-address=$(ip l show dev "$INTERFACE" |grep link|awk '{print $2}')
[connection]
id=VM uplink $INTERFACE
uuid=de85f79b-8c3d-405f-a652-cb4c10b4f9ef
type=802-3-ethernet
__EOF__
ip4_nm_config=""
ip6_nm_config=""
if ! qsvc disable-dns-server ; then
ip4_nm_config="${ip4_nm_config}
dns=${primary_dns};${secondary_dns}"
fi
if ! qsvc disable-default-route ; then
ip4_nm_config="${ip4_nm_config}
addresses1=$ip;32;$gateway"
if [ -n "$ip6" ]; then
ip6_nm_config="${ip6_nm_config}
addresses1=$ip6;128;$gateway6"
fi
else
ip4_nm_config="${ip4_nm_config}
addresses1=$ip;32"
if [ -n "$ip6" ]; then
ip6_nm_config="${ip6_nm_config}
addresses1=$ip6;128"
fi
fi
if [ -n "$ip4_nm_config" ]; then
cat >> "$nm_config" <<__EOF__
[ipv4]
method=manual
may-fail=false
$ip4_nm_config
__EOF__
else
cat >> "$nm_config" <<__EOF__
[ipv4]
method=ignore
__EOF__
fi
if [ -n "$ip6_nm_config" ]; then
cat >> "$nm_config" <<__EOF__
[ipv6]
method=manual
may-fail=false
$ip6_nm_config
__EOF__
else
cat >> "$nm_config" <<__EOF__
[ipv6]
method=ignore
__EOF__
fi
chmod 600 "$nm_config"
# reload connection
nmcli connection load "$nm_config" || :
else
# No NetworkManager enabled, configure the network manually
/sbin/ifconfig "$INTERFACE" "$ip" netmask 255.255.255.255
if [ -n "$ip6" ]; then
/sbin/ifconfig "$INTERFACE" add "$ip6"/128
fi
/sbin/ifconfig "$INTERFACE" up
/sbin/route add -host "$gateway" dev "$INTERFACE"
if ! qsvc disable-default-route ; then
/sbin/route add default gw "$gateway"
if [ -n "$gateway6" ]; then
/sbin/route -6 add default gw "$gateway6" dev "$INTERFACE"
fi
fi
if ! is_protected_file /etc/resolv.conf ; then
echo > /etc/resolv.conf
if ! qsvc disable-dns-server ; then
echo "nameserver $primary_dns" > /etc/resolv.conf
echo "nameserver $secondary_dns" >> /etc/resolv.conf
fi
fi
fi
network=$(qubesdb-read /qubes-netvm-network 2>/dev/null)
if [ "x$network" != "x" ] && ! qsvc disable-dns-server ; then
gateway=$(qubesdb-read /qubes-netvm-gateway)
#netmask=$(qubesdb-read /qubes-netvm-netmask)
primary_dns=$(qubesdb-read /qubes-netvm-primary-dns 2>/dev/null || echo "$gateway")
secondary_dns=$(qubesdb-read /qubes-netvm-secondary-dns)
echo "NS1=$primary_dns" > /var/run/qubes/qubes-ns
echo "NS2=$secondary_dns" >> /var/run/qubes/qubes-ns
/usr/lib/qubes/qubes-setup-dnat-to-ns
fi
if [ "x$network" != "x" ]; then
if [ -x /rw/config/qubes-ip-change-hook ]; then
/rw/config/qubes-ip-change-hook
fi
# XXX: Backward compatibility
if [ -x /rw/config/qubes_ip_change_hook ]; then
/rw/config/qubes_ip_change_hook
fi
fi
fi
Reference in New Issue View Git Blame Copy Permalink