mirror of
https://github.com/mirage/qubes-mirage-firewall.git
synced 2025-01-03 11:30:55 -05:00
read DNS resolver IP addresses from QubesDB
as specified in https://www.qubes-os.org/doc/vm-interface/
This commit is contained in:
parent
65ff2a9203
commit
7e3303a8d6
14
dao.ml
14
dao.ml
@ -125,11 +125,11 @@ type network_config = {
|
|||||||
uplink_our_ip : Ipaddr.V4.t; (* The IP address of our interface to NetVM *)
|
uplink_our_ip : Ipaddr.V4.t; (* The IP address of our interface to NetVM *)
|
||||||
|
|
||||||
clients_our_ip : Ipaddr.V4.t; (* The IP address of our interface to our client VMs (their gateway) *)
|
clients_our_ip : Ipaddr.V4.t; (* The IP address of our interface to our client VMs (their gateway) *)
|
||||||
|
dns : Ipaddr.V4.t list;
|
||||||
}
|
}
|
||||||
|
|
||||||
exception Missing_key of string
|
exception Missing_key of string
|
||||||
|
|
||||||
(* TODO: /qubes-secondary-dns *)
|
|
||||||
let try_read_network_config db =
|
let try_read_network_config db =
|
||||||
let get name =
|
let get name =
|
||||||
match DB.KeyMap.find_opt name db with
|
match DB.KeyMap.find_opt name db with
|
||||||
@ -138,14 +138,20 @@ let try_read_network_config db =
|
|||||||
let uplink_our_ip = get "/qubes-ip" |> Ipaddr.V4.of_string_exn in
|
let uplink_our_ip = get "/qubes-ip" |> Ipaddr.V4.of_string_exn in
|
||||||
let uplink_netvm_ip = get "/qubes-gateway" |> Ipaddr.V4.of_string_exn in
|
let uplink_netvm_ip = get "/qubes-gateway" |> Ipaddr.V4.of_string_exn in
|
||||||
let clients_our_ip = get "/qubes-netvm-gateway" |> Ipaddr.V4.of_string_exn in
|
let clients_our_ip = get "/qubes-netvm-gateway" |> Ipaddr.V4.of_string_exn in
|
||||||
|
let dns =
|
||||||
|
[ get "/qubes-primary-dns" |> Ipaddr.V4.of_string_exn ;
|
||||||
|
get "/qubes-secondary-dns" |> Ipaddr.V4.of_string_exn ]
|
||||||
|
in
|
||||||
Log.info (fun f -> f "@[<v2>Got network configuration from QubesDB:@,\
|
Log.info (fun f -> f "@[<v2>Got network configuration from QubesDB:@,\
|
||||||
NetVM IP on uplink network: %a@,\
|
NetVM IP on uplink network: %a@,\
|
||||||
Our IP on uplink network: %a@,\
|
Our IP on uplink network: %a@,\
|
||||||
Our IP on client networks: %a@]"
|
Our IP on client networks: %a@,\
|
||||||
|
DNS resolvers: %a@]"
|
||||||
Ipaddr.V4.pp uplink_netvm_ip
|
Ipaddr.V4.pp uplink_netvm_ip
|
||||||
Ipaddr.V4.pp uplink_our_ip
|
Ipaddr.V4.pp uplink_our_ip
|
||||||
Ipaddr.V4.pp clients_our_ip);
|
Ipaddr.V4.pp clients_our_ip
|
||||||
{ uplink_netvm_ip; uplink_our_ip; clients_our_ip }
|
Fmt.(list ~sep:(any ", ") Ipaddr.V4.pp) dns);
|
||||||
|
{ uplink_netvm_ip; uplink_our_ip; clients_our_ip ; dns }
|
||||||
|
|
||||||
let read_network_config qubesDB =
|
let read_network_config qubesDB =
|
||||||
let rec aux bindings =
|
let rec aux bindings =
|
||||||
|
1
dao.mli
1
dao.mli
@ -24,6 +24,7 @@ type network_config = {
|
|||||||
uplink_our_ip : Ipaddr.V4.t; (* The IP address of our interface to NetVM *)
|
uplink_our_ip : Ipaddr.V4.t; (* The IP address of our interface to NetVM *)
|
||||||
|
|
||||||
clients_our_ip : Ipaddr.V4.t; (* The IP address of our interface to our client VMs (their gateway) *)
|
clients_our_ip : Ipaddr.V4.t; (* The IP address of our interface to our client VMs (their gateway) *)
|
||||||
|
dns : Ipaddr.V4.t list;
|
||||||
}
|
}
|
||||||
|
|
||||||
val read_network_config : Qubes.DB.t -> network_config Lwt.t
|
val read_network_config : Qubes.DB.t -> network_config Lwt.t
|
||||||
|
@ -34,7 +34,7 @@ module Transport (R : Mirage_random.S) (C : Mirage_clock.MCLOCK) = struct
|
|||||||
let open Router in
|
let open Router in
|
||||||
let open My_nat in
|
let open My_nat in
|
||||||
let nslist = snd ctx.t.nameservers in
|
let nslist = snd ctx.t.nameservers in
|
||||||
let dst, dst_port = List.hd(nslist) in
|
let dst, dst_port = List.hd nslist in
|
||||||
let router, send_udp, _ = ctx.t.stack in
|
let router, send_udp, _ = ctx.t.stack in
|
||||||
let src_port = Ports.pick_free_port ~consult:router.ports.nat_udp router.ports.dns_udp in
|
let src_port = Ports.pick_free_port ~consult:router.ports.nat_udp router.ports.dns_udp in
|
||||||
ctx.src_port <- src_port;
|
ctx.src_port <- src_port;
|
||||||
|
@ -81,7 +81,8 @@ module Main (R : Mirage_random.S)(Clock : Mirage_clock.MCLOCK) = struct
|
|||||||
|
|
||||||
let send_dns_query = Uplink.send_dns_client_query uplink in
|
let send_dns_query = Uplink.send_dns_client_query uplink in
|
||||||
let dns_mvar = Lwt_mvar.create_empty () in
|
let dns_mvar = Lwt_mvar.create_empty () in
|
||||||
let dns_client = Dns_client.create (router, send_dns_query, dns_mvar) in
|
let nameservers = `Udp, List.map (fun ip -> ip, 53) config.Dao.dns in
|
||||||
|
let dns_client = Dns_client.create ~nameservers (router, send_dns_query, dns_mvar) in
|
||||||
|
|
||||||
let net_listener = network (Dns_client.getaddrinfo dns_client Dns.Rr_map.A) dns_mvar uplink qubesDB router in
|
let net_listener = network (Dns_client.getaddrinfo dns_client Dns.Rr_map.A) dns_mvar uplink qubesDB router in
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user