Git-Mirrors/qubes-mirage-firewall
1
0
Fork 0
mirror of https://github.com/mirage/qubes-mirage-firewall.git synced 2025-02-10 20:28:36 -05:00
Code Issues Packages Projects Releases Wiki Activity

Respond to ARP requests for *.*.*.1

Browse Source 
This is a work-around to get DHCP working with HVM domains.
See: https://github.com/QubesOS/qubes-issues/issues/5022
This commit is contained in:
Thomas Leonard 2019-05-05 17:26:56 +01:00
parent 8b4cc6f5a9
commit d7b376d373
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build-with-docker.sh
View File

@ -5,5 +5,5 @@ docker build -t qubes-mirage-firewall .
echo Building Firewall... echo Building Firewall...
docker run --rm -i -v `pwd`:/home/opam/qubes-mirage-firewall qubes-mirage-firewall docker run --rm -i -v `pwd`:/home/opam/qubes-mirage-firewall qubes-mirage-firewall
echo "SHA2 of build: $(sha256sum qubes_firewall.xen)" echo "SHA2 of build: $(sha256sum qubes_firewall.xen)"
echo "SHA2 last known: 765cf16c2e85feb7e5dfd3e409a3013c91c2b07f5680ed9f4e487e27213f1355" echo "SHA2 last known: dbf7460fa628bea5d132a96fe7ba2cd832e3d9da7005ae74f6a124957f4848ea"
echo "(hashes should match for released versions)" echo "(hashes should match for released versions)"

6
client_eth.ml
View File

@ -70,7 +70,11 @@ module ARP = struct
let lookup t ip = let lookup t ip =
if ip = t.net.client_gw then Some t.client_link#my_mac if ip = t.net.client_gw then Some t.client_link#my_mac
else None else if (Ipaddr.V4.to_bytes ip).[3] = '\x01' then (
Log.info (fun f -> f ~header:t.client_link#log_header
"Request for %a is invalid, but pretending it's me (see Qubes issue #5022)" Ipaddr.V4.pp ip);
Some t.client_link#my_mac
) else None
(* We're now treating client networks as point-to-point links, (* We're now treating client networks as point-to-point links,
so we no longer respond on behalf of other clients. *) so we no longer respond on behalf of other clients. *)
(* (*