32 lines
974 B
Bash
Executable File
32 lines
974 B
Bash
Executable File
#!/bin/bash
|
|
set -e
|
|
|
|
PIDFILE=/var/run/qubes/qubes_netwatcher.pid
|
|
CURR_NETCFG=""
|
|
|
|
# PIDfile handling
|
|
[[ -e $PIDFILE ]] && kill -s 0 $(<$PIDFILE) 2>/dev/null && exit 0
|
|
echo $$ >$PIDFILE
|
|
|
|
trap 'exit 0' SIGTERM
|
|
|
|
while true; do
|
|
NET_DOMID=$(/usr/bin/xenstore-read qubes_netvm_domid || :)
|
|
if [[ -n "$NET_DOMID" ]] && [[ $NET_DOMID -gt 0 ]]; then
|
|
UNTRUSTED_NETCFG=$(/usr/bin/xenstore-read /local/domain/$NET_DOMID/qubes_netvm_external_ip || :)
|
|
# UNTRUSTED_NETCFG is not parsed in any way
|
|
# thus, no sanitization ready
|
|
# but be careful when passing it to other shell scripts
|
|
if [[ "$UNTRUSTED_NETCFG" != "$CURR_NETCFG" ]]; then
|
|
/sbin/service qubes-firewall stop
|
|
/sbin/service qubes-firewall start
|
|
CURR_NETCFG="$UNTRUSTED_NETCFG"
|
|
/usr/bin/xenstore-write qubes_netvm_external_ip "$CURR_NETCFG"
|
|
fi
|
|
|
|
/usr/bin/xenstore-watch -n 3 /local/domain/$NET_DOMID/qubes_netvm_external_ip qubes_netvm_domid
|
|
else
|
|
/usr/bin/xenstore-watch -n 2 qubes_netvm_domid
|
|
fi
|
|
done
|