Home Explore Help
Sign In
Qubes
/
gsoc
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 76b877f65b
Branches Tags
gsoc
/
mails
/
20210623-Re_GSoC Port Forwarding-13708.html

20210623-Re_GSoC Port Forwarding-13708.html 4.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354 
  1. <html>
    2. 

  2. <head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    3. 

  3. <title>Re: GSoC Port Forwarding</title>
    4. 

  4. <link rel="important stylesheet" href="">
    5. 

  5. <style>div.headerdisplayname {font-weight:bold;}
    6. 

  6. </style></head>
    7. 

  7. <body>
    8. 

  8. <table border=0 cellspacing=0 cellpadding=0 width="100%" class="header-part1"><tr><td><div class="headerdisplayname" style="display:inline;">Oggetto: </div>Re: GSoC Port Forwarding</td></tr><tr><td><div class="headerdisplayname" style="display:inline;">Mittente: </div>Marek Marczykowski-Górecki &lt;marmarek@invisiblethingslab.com&gt;</td></tr><tr><td><div class="headerdisplayname" style="display:inline;">Data: </div>23/06/2021, 23:11</td></tr></table><table border=0 cellspacing=0 cellpadding=0 width="100%" class="header-part2"><tr><td><div class="headerdisplayname" style="display:inline;">A: </div>Giulio <giulio@gmx.com></td></tr><tr><td><div class="headerdisplayname" style="display:inline;">CC: </div>Frédéric Pierret &lt;frederic.pierret@qubes-os.org&gt;</td></tr></table><br>
    9. 

  9. <div class="moz-text-plain" wrap=true graphical-quote=true style="font-family: -moz-fixed; font-size: 14px;" lang="x-unicode"><pre wrap class="moz-quote-pre">
    10. 

  10. On Wed, Jun 23, 2021 at 04:37:20PM +0200, Giulio wrote:
    11. 

  11. </pre><blockquote type=cite style="color: #007cff;"><pre wrap class="moz-quote-pre">
    12. 

  12. <span class="moz-txt-citetags">&gt; </span>Hello,
    13. 

  13. <span class="moz-txt-citetags">&gt; </span>thank you again for your time and the explanations, as well as the
    14. 

  14. <span class="moz-txt-citetags">&gt; </span>network graph. I have now a better understanding of the overall design
    15. 

  15. <span class="moz-txt-citetags">&gt; </span>and I am moving myself trhough the source code in order to think what to
    16. 

  16. <span class="moz-txt-citetags">&gt; </span>place where.
    17. 

  17. <span class="moz-txt-citetags">&gt; </span>
    18. 

  18. <span class="moz-txt-citetags">&gt; </span>So, in order to translate what we discussed in practice and also check
    19. 

  19. <span class="moz-txt-citetags">&gt; </span>my understanding of the code so far:
    20. 

  20. <span class="moz-txt-citetags">&gt; </span>
    21. 

  21. <span class="moz-txt-citetags">&gt; </span>1) In core-admin-client/qubesadmin/firewall.py firewall.py &gt; The code
    22. 

  22. <span class="moz-txt-citetags">&gt; </span>needs to support the new options for the rule (action=forward
    23. 

  23. <span class="moz-txt-citetags">&gt; </span>frowardtype=&lt;internal/external&gt; srcports=443-443 srchosts=0.0.0.0/0
    24. 

  24. <span class="moz-txt-citetags">&gt; </span>2) In core-admin/qubes/firewall.py -&gt; The code needs to support the same
    25. 

  25. <span class="moz-txt-citetags">&gt; </span>options as the point above
    26. 

  26. <span class="moz-txt-citetags">&gt; </span>3) In core-admin/qubes/vm/mix/net.py -&gt; The most important logic goes
    27. 

  27. <span class="moz-txt-citetags">&gt; </span>here. Here there is the need to resolve the full network chain for
    28. 

  28. <span class="moz-txt-citetags">&gt; </span>external port forwarding. From here it is possible to add the respective
    29. 

  29. <span class="moz-txt-citetags">&gt; </span>rules to the QubesDB of each netvm in he chain and trigger a reload event.
    30. 

  30. <span class="moz-txt-citetags">&gt; </span>4) in core-agent-linux/qubesagent/firewall.py -&gt; Here goes the logic for
    31. 

  31. <span class="moz-txt-citetags">&gt; </span>building the correct syntax for iptables or nft and the actual execution
    32. 

  32. <span class="moz-txt-citetags">&gt; </span>
    33. 

  33. <span class="moz-txt-citetags">&gt; </span>Does it makes sense for you?
    34. 

  34. </pre></blockquote><pre wrap class="moz-quote-pre">
    35. 

  35. 

  36. Yes, I think you got this perfectly correct.
    37. 

  37. 

  38. </pre><blockquote type=cite style="color: #007cff;"><pre wrap class="moz-quote-pre">
    39. 

  39. <span class="moz-txt-citetags">&gt; </span>I now totally understand your doubts, and I think the simplest solution
    40. 

  40. <span class="moz-txt-citetags">&gt; </span>then would be a time/date picker, so if the user is planning anything
    41. 

  41. <span class="moz-txt-citetags">&gt; </span>specific he can configure all the set of rules to the same expiration
    42. 

  42. <span class="moz-txt-citetags">&gt; </span>timewithout  incurring in the synchronization issues you mentioned.
    43. 

  43. </pre></blockquote><pre wrap class="moz-quote-pre">
    44. 

  44. 

  45. Yes, that could work, with some easy way to use the same time for
    46. 

  46. multiple rules (for example default to the last choice).
    47. 

  47. 

  48. <div class="moz-txt-sig">-- 
    49. 

  49. Best Regards,
    50. 

  50. Marek Marczykowski-Górecki
    51. 

  51. Invisible Things Lab
    52. 

  52. </div></pre></div></body>
    53. 

  53. </html>
    54. 

  54. </table></div>
    55.