Git-Mirrors/qubes-mirage-firewall
1
0
Fork 0
mirror of https://github.com/mirage/qubes-mirage-firewall.git synced 2025-01-29 15:43:34 -05:00
Code Issues Packages Projects Releases Wiki Activity

Force backend MAC to fe:ff:ff:ff:ff:ff to fix HVM clients

Browse Source 
Xen appears to configure the same MAC address for both the frontend
and backend in XenStore. e.g.

    [tal@dom0 ~]$ xenstore-ls /local/domain/3/backend/vif/19/0
    frontend = "/local/domain/19/device/vif/0"
    mac = "00:16:3e:5e:6c:00"
    [...]

    [tal@dom0 ~]$ xenstore-ls /local/domain/19/device/vif/0
    mac = "00:16:3e:5e:6c:00"

This works if the client uses just a simple ethernet device, but fails
if it connects via a bridge. HVM domains have an associated stub domain
running qemu, which provides an emulated network device. The stub domain
uses a bridge to connect qemu's interface with eth0, and this didn't
work.

Force the use of the fixed version of mirage-net-xen, which no longer
uses XenStore to get the backend MAC, and provides a new function to get
the frontend one.
This commit is contained in:
Thomas Leonard 2019-05-01 10:05:14 +01:00
parent 65b79208a1
commit 0a4dd7413c
3 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@ -7,7 +7,7 @@ FROM ocaml/opam2@sha256:f7125924dd6632099ff98b2505536fe5f5c36bf0beb24779431bb62b
# Pin last known-good version for reproducible builds.
# Remove this line (and the base image pin above) if you want to test with the
# latest versions.
RUN git fetch origin && git reset --hard e77756e92274790668ed1f6f998d66fa2e744fb6 && opam update
RUN git fetch origin && git reset --hard d1b2a1cbc28d43926b37e61f46fc403b48ab9c23 && opam update
RUN sudo apt-get install -y m4 libxen-dev pkg-config
RUN opam pin add -yn cmdliner 'https://github.com/talex5/cmdliner.git#repro-builds'

2
client_net.ml
View File

@ -73,7 +73,7 @@ let add_vif { Dao.ClientVif.domid; device_id } ~client_ip ~router ~cleanup_tasks
Netback.make ~domid ~device_id >>= fun backend ->
Log.info (fun f -> f "Client %d (IP: %s) ready" domid (Ipaddr.V4.to_string client_ip));
ClientEth.connect backend >>= fun eth ->
let client_mac = Netback.mac backend in
let client_mac = Netback.frontend_mac backend in
let client_eth = router.Router.client_eth in
let gateway_ip = Client_eth.client_gw client_eth in
let iface = new client_iface eth ~gateway_ip ~client_ip client_mac in

2
config.ml
View File

@ -27,7 +27,7 @@ let main =
package "ethernet";
package "mirage-protocols";
package "shared-memory-ring" ~min:"3.0.0";
package "netchannel" ~min:"1.10.2";
package "netchannel" ~min:"1.11.0" ~pin:"git+https://github.com/mirage/mirage-net-xen.git";
package "mirage-net-xen";
package "ipaddr" ~min:"3.0.0";
package "mirage-qubes";