Commit Graph

23 Commits

Author SHA1 Message Date
Thomas Leonard
3dbb9ecb27 BROKEN: Upgrade to Mirage 6 for solo5 PVH support
For me, this mostly hangs at:
```
2020-10-26 11:16:31 -00:00: INF [qubes.rexec] waiting for client...
2020-10-26 11:16:31 -00:00: INF [qubes.gui] waiting for client...
2020-10-26 11:16:31 -00:00: INF [qubes.db] connecting to server...
```

Sometimes it gets a bit further:
```
2020-10-26 11:14:19 -00:00: INF [qubes.rexec] waiting for client...
2020-10-26 11:14:19 -00:00: INF [qubes.gui] waiting for client...
2020-10-26 11:14:19 -00:00: INF [qubes.db] connecting to server...
2020-10-26 11:14:19 -00:00: INF [qubes.db] connected
2020-10-26 11:14:19 -00:00: INF [qubes.rexec] client connected, using protocol version 2
2020-10-26 11:14:19 -00:00: INF [qubes.gui] client connected (screen size: 3840x2160 depth: 24 mem: 32401x)
2020-10-26 11:14:19 -00:00: INF [unikernel] GUI agent connected
```
2020-10-26 15:38:41 +00:00
linse
2d78d47591 Support firewall rules with hostnames.
Co-Authored-By: Mindy Preston <yomimono@users.noreply.github.com>
Co-Authored-By: Olle Jonsson <olle.jonsson@gmail.com>
Co-Authored-By: hannes <hannes@mehnert.org>
Co-Authored-By: cfcs <cfcs@users.noreply.github.com>
2020-05-15 16:25:46 +02:00
linse
87df5bdcc0 Read firewall rules from QubesDB. The module Rules contains a rule matcher instead of hardcoded rules now.
Co-Authored-By: Mindy Preston <yomimono@users.noreply.github.com>
2020-05-15 16:25:46 +02:00
Hannes Mehnert
88fec9fa49 adapt to mirage-nat 2.1.0 API (Nat_packet returns a Fragments.Cache.t - which is now a Lru.F.t) 2020-02-08 15:58:37 +01:00
Hannes Mehnert
3fc418e80c qualify all return with Lwt, use Lwt.return_unit where possible 2020-01-11 15:44:30 +01:00
Hannes Mehnert
c66ee54a9f revert bc7706cc97, mirage-xen since 5.0.0 reverted the split of OS into Os_xen 2020-01-11 14:34:25 +01:00
Thomas Leonard
49195ed5e1 Update Docker build for new mirage-xen
Also, switched to the experimental new OCurrent images, as they are much
smaller:

- Before: 1 GB (ocaml/opam2:debian-10-ocaml-4.08)
- Now:  309 MB (ocurrent/opam:alpine-3.10-ocaml-4.08)
2019-08-25 19:01:22 +01:00
xaki23
16231e2e52 Adjust to ipaddr-4.0.0 renaming _bytes to _octets 2019-07-28 16:49:04 +01:00
Thomas Leonard
f9856a3605 Remove netchannel pin
Version 1.11.0 has been released now, and the current trunk doesn't
build without updating other things. The error was:

    File "lib/xenstore.ml", line 165, characters 19-34:
    Error: The module OS is an alias for module Os_xen, which is missing
        ocamlopt lib/.netchannel.objs/native/netchannel__Backend.{cmx,o} (exit 2)
    (cd _build/default && /home/opam/.opam/4.07/bin/ocamlopt.opt -w -40 -g -I lib/.netchannel.objs/byte -I lib/.netchannel.objs/native -I /home/opam/.opam/4.07/lib/base/caml -I /home/opam/.opam/4.07/lib/bigarray-compat -I /home/opam/.opam/4.07/lib/bytes -I /home/opam/.opam/4.07/lib/cstruct -I /home/opam/.opam/4.07/lib/fmt -I /home/opam/.opam/4.07/lib/io-page -I /home/opam/.opam/4.07/lib/io-page-x[...]
    File "lib/backend.ml", line 23, characters 16-29:
    Error: The module OS is an alias for module Os_xen, which is missing

Reported by ronpunz in https://groups.google.com/forum/#!topic/qubes-users/PsYUXvypPDs
2019-06-22 14:57:04 +01:00
Thomas Leonard
0a4dd7413c Force backend MAC to fe:ff:ff:ff:ff:ff to fix HVM clients
Xen appears to configure the same MAC address for both the frontend
and backend in XenStore. e.g.

    [tal@dom0 ~]$ xenstore-ls /local/domain/3/backend/vif/19/0
    frontend = "/local/domain/19/device/vif/0"
    mac = "00:16:3e:5e:6c:00"
    [...]

    [tal@dom0 ~]$ xenstore-ls /local/domain/19/device/vif/0
    mac = "00:16:3e:5e:6c:00"

This works if the client uses just a simple ethernet device, but fails
if it connects via a bridge. HVM domains have an associated stub domain
running qemu, which provides an emulated network device. The stub domain
uses a bridge to connect qemu's interface with eth0, and this didn't
work.

Force the use of the fixed version of mirage-net-xen, which no longer
uses XenStore to get the backend MAC, and provides a new function to get
the frontend one.
2019-05-06 09:52:46 +01:00
Thomas Leonard
9d2723a08a Require mirage-nat >= 1.2.0 for ICMP support 2019-04-28 16:10:02 +01:00
Thomas Leonard
cb7078633e Update dependencies
Remove pin on mirage 3.4 - it should now be working with the latest
release.
2019-04-03 12:32:13 +01:00
Mindy
0852aa0f43 use tcpip 3.7, ethernet, arp, mirage-nat 1.1.0 2019-03-22 14:27:40 -05:00
Thomas Leonard
2edb088650 Update to latest Debian and opam
Reported by Honzoo.
2019-02-01 09:36:08 +00:00
Thomas Leonard
6e6ff755eb Update to newly released version of netchannel 2017-12-16 22:37:41 +00:00
Thomas Leonard
aca156f21b Update to released shared-memory-ring 2017-11-15 17:28:33 +00:00
Thomas Leonard
997d538a93 Use released mirage-nat 1.0 2017-10-15 15:24:56 +01:00
Thomas Leonard
630304500f Update build for Mirage 3 2017-03-18 10:46:06 +00:00
Thomas Leonard
75dd8503c5 Use LRU cache to prevent out-of-memory errors 2017-03-18 09:56:07 +00:00
Thomas Leonard
bb78a726e4 Mirage 3 support 2017-03-04 17:22:58 +00:00
Thomas Leonard
0230cfaf1e Updates for mirage 2.9.0
- Unpin bootvar and use register ~argv:no_argv` instead.
- Use new name for uplink device ("0", not "tap0").
- Don't configure logging - mirage does that for us now.
2016-05-14 10:44:57 +01:00
Thomas Leonard
987834f6a6 Use mirage-logs library for log reporter
Also, configure Xen debug messages to go to the log ring buffer but not
the console (they will be shown only if an error occurs).
2016-01-11 16:40:26 +00:00
Thomas Leonard
914b6bbbf6 Initial import 2015-12-30 11:07:17 +00:00