Git-Mirrors/qubes-mirage-firewall
1
0
Fork 0
mirror of https://github.com/mirage/qubes-mirage-firewall.git synced 2025-03-03 12:29:15 -05:00
Code Issues Packages Projects Releases Wiki Activity

prevent usage of both command line options and netvm property

Browse Source
This commit is contained in:
palainp 2023-07-01 10:46:55 +02:00
parent e99e80b150
commit 7f5729a12d
1 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
unikernel.ml
View File

@ -54,27 +54,33 @@ module Main (R : Mirage_random.S)(Clock : Mirage_clock.MCLOCK)(Time : Mirage_tim
Dao.read_network_config qubesDB >>= fun config ->
(* config.netvm_ip might be 0.0.0.0 if there's no netvm provided via Qubes *)
let zero_ip = (Ipaddr.V4.make 0 0 0 0) in
let connect_if_netvm =
if config.netvm_ip <> (Ipaddr.V4.make 0 0 0 0) then (
let netvm_ip = Ipaddr.V4.of_string_exn (Key_gen.ipv4_gw ()) in
let our_ip = Ipaddr.V4.of_string_exn (Key_gen.ipv4 ()) in
let dns = Ipaddr.V4.of_string_exn (Key_gen.ipv4_dns ()) in
let dns2 = Ipaddr.V4.of_string_exn (Key_gen.ipv4_dns2 ()) in
let default_config:Dao.network_config = {netvm_ip; our_ip; dns; dns2} in
if config.netvm_ip <> zero_ip then (
if (netvm_ip <> zero_ip || our_ip <> zero_ip) then begin
Log.err (fun f -> f "You must not specify --ipv4 or --ipv4-gw when using the netvm property: discard command line options")
end ;
Uplink.connect config >>= fun uplink ->
Lwt.return (config, Some uplink)
) else (
(* If we have no netvm IP address we must not try to Uplink.connect and we can update the config
with command option (if any) *)
let netvm_ip = Ipaddr.V4.of_string_exn (Key_gen.ipv4_gw ()) in
let our_ip = Ipaddr.V4.of_string_exn (Key_gen.ipv4 ()) in
let dns = Ipaddr.V4.of_string_exn (Key_gen.ipv4_dns ()) in
let dns2 = Ipaddr.V4.of_string_exn (Key_gen.ipv4_dns2 ()) in
let default_config:Dao.network_config = {netvm_ip; our_ip; dns; dns2} in
Dao.update_network_config config default_config >>= fun config ->
Lwt.return (config, None)
)
in
connect_if_netvm >>= fun (config, uplink) ->
(* We now must have a valid netvm IP address or crash *)
(* We now must have a valid netvm IP address and our IP address or crash *)
Dao.print_network_config config ;
assert(config.netvm_ip <> (Ipaddr.V4.make 0 0 0 0));
assert(config.netvm_ip <> zero_ip && config.our_ip <> zero_ip);
(* Set up client-side networking *)
Client_eth.create config >>= fun clients ->