sys-net interfaces

[tetra...@danwin1210.me]

I haven't been able to find any documentation for what network
interfaces sys-net is expected to expose internally. If I want to create
my own sys-net from scratch, how does Xen/Qubes send network traffic to
sys-net, to be sent onwards to my NIC?

[awokd]

tetrahedra via qubes-users:

There's a brief discussion at https://www.qubes-os.org/doc/networking/,
but there may be more detailed notes in the source code for Qubes' VM
networking components. Qubes uses Xen's networking, so that might be the
best place to begin research.

--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

[tetra...@danwin1210.me]

On Thu, Dec 26, 2019 at 11:47:37AM +0000, 'awokd' via qubes-users wrote:
>tetrahedra via qubes-users:
>> I haven't been able to find any documentation for what network
>> interfaces sys-net is expected to expose internally. If I want to create
>> my own sys-net from scratch, how does Xen/Qubes send network traffic to
>> sys-net, to be sent onwards to my NIC?
>>
>There's a brief discussion at https://www.qubes-os.org/doc/networking/,
>but there may be more detailed notes in the source code for Qubes' VM
>networking components. Qubes uses Xen's networking, so that might be the
>best place to begin research.

Thanks, that's very helpful.

[tetra...@danwin1210.me]

On Thu, Dec 26, 2019 at 11:47:37AM +0000, 'awokd' via qubes-users wrote:

>There's a brief discussion at https://www.qubes-os.org/doc/networking/,
>but there may be more detailed notes in the source code for Qubes' VM
>networking components. Qubes uses Xen's networking, so that might be the
>best place to begin research.

What responsibilties does sys-net have in terms of forwarding DNS? The
documentation specifies how things work for AppVMs, and it says there is
no DNS server in the "network driver domain" (sys-net), but it does not
say what sys-net actually has to do.

Also, the docs don't appear to be entirely accurate. The documentation
specifies a fairly complex set of routing tabels for the "network driver
domain" (sys-net, I assume), but the actual routing table on my sys-net
is fairly simple

The table from the documentation:
Destination Gateway Genmask Flags Metric Ref Use Iface
10.137.0.16 0.0.0.0 255.255.255.255 UH 0 0 0 vif4.0
10.137.0.7 0.0.0.0 255.255.255.255 UH 0 0 0 vif10.0
10.137.0.9 0.0.0.0 255.255.255.255 UH 0
[... many lines removed ...]
192.168.0.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0

The table from my sys-net:
[user@sys-net ~]$ sudo ip route
[user@sys-net ~]$ sudo route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 600 0 0 wls7
10.137.0.5 0.0.0.0 255.255.255.255 UH 32747 0 0 vif5.0
192.168.0.0 0.0.0.0 255.255.255.0 U 600 0 0 wls7


It looks like the documentation is assuming sys-net has many more
virtual NICs than it actually does?

[awokd]

tetrahedra via qubes-users:

Did you check the Qubes source code responsible for setting these up?
The qubes-devel mailing list might also be appropriate here...

[tetra...@danwin1210.me]

On Fri, Dec 27, 2019 at 08:46:35AM +0000, 'awokd' via qubes-users wrote:
>> What responsibilties does sys-net have in terms of forwarding DNS? The
>> documentation specifies how things work for AppVMs, and it says there is
>> no DNS server in the "network driver domain" (sys-net), but it does not
>> say what sys-net actually has to do.
>>

>> It looks like the documentation is assuming sys-net has many more
>> virtual NICs than it actually does?
>>
>Did you check the Qubes source code responsible for setting these up?
>The qubes-devel mailing list might also be appropriate here...

The documentation mentions the vif-route-qubes utility, but I can't tell
if dom0 runs this on sys-net (to set up routing to serve AppVMs) or runs
it on AppVMs / etc ... the documentation does not mention any other
source code (which would be used to e.g set up DNS forwarding).

I will ask on qubes-devel.