Netvm reassignment blocks network traffic - 4.0rc4
7 views
Skip to first unread message
Chris Laprise
Mar 2, 2018, 12:05:02 AM3/2/18
to qubes-users
Whenever I try to assign a running appVM to a different (running) netVM,
networking always becomes blocked. I have to restart the appVM in order
for networking to work with the new netVM.... and to do that I have to
kill the appVM first because it won't shutdown after reassignment.
I think this may be a bug. Specifics don't seem to matter, the VMs can
be plain firewall or vpn, debian or fedora on either side.
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
networking always becomes blocked. I have to restart the appVM in order
for networking to work with the new netVM.... and to do that I have to
kill the appVM first because it won't shutdown after reassignment.
I think this may be a bug. Specifics don't seem to matter, the VMs can
be plain firewall or vpn, debian or fedora on either side.
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
awokd
Mar 2, 2018, 12:19:34 AM3/2/18
to Chris Laprise, qubes-users
On Fri, March 2, 2018 5:04 am, Chris Laprise wrote:
> Whenever I try to assign a running appVM to a different (running) netVM,
> networking always becomes blocked. I have to restart the appVM in order for
> networking to work with the new netVM.... and to do that I have to kill
> the appVM first because it won't shutdown after reassignment.
>
> I think this may be a bug. Specifics don't seem to matter, the VMs can
> be plain firewall or vpn, debian or fedora on either side.
Sure it's not a feature? I could see opportunities for leaks to happen if
> Whenever I try to assign a running appVM to a different (running) netVM,
> networking always becomes blocked. I have to restart the appVM in order for
> networking to work with the new netVM.... and to do that I have to kill
> the appVM first because it won't shutdown after reassignment.
>
> I think this may be a bug. Specifics don't seem to matter, the VMs can
> be plain firewall or vpn, debian or fedora on either side.
the firewall ruleset gets swapped out live, depending on ifdown/up etc.
sequence.
Zrubi
Mar 2, 2018, 4:37:39 AM3/2/18
to aw...@danwin1210.me, Chris Laprise, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
No it is a Xen related bug in the kernel version newer than 4.14.12
As I reported here:
https://groups.google.com/d/msgid/qubes-devel/05031ade-b019-986e-e378-32
cc8fff916e%40zrubi.hu
- --
Zrubi
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEw39Thm3rBIO+xeXXGjNaC1SPN2QFAlqZG1UACgkQGjNaC1SP
N2RvbRAAsq5QPJe6U35nmxKvMkQGxEYVN9r3Kl9kncO5y8Btsa9kTFeiYNd7IxcQ
Nocas9RKMSkyqRQHlvz1UC5NbqJkDe1GZFwND8MW+oh85iCSm70jNvED6slgoRSR
H8f0vFf/OvGaS19/xPFfnKWVVZll1Iq3W5fFXz6/DR8FHQfOKKMLXd481YGdB4UO
LT5f67cttc+2biJxUZQMlJy2DLcZtVXhHi7+FjMPSuTkDH2ID5kMwe7E85fGyw2j
E5yeAc3UnLlPqu8UV2nHkkBLmXA6NDkHs1qz6IpS1MBztYPk4hacGKm45+mSmgN7
g86bLKVK4ntMMiofCV3EVHFNwYZzM91rAdqQqL4orA+CfxoEGqK+1XTKeVo+gjkD
EQFnpa5HbCQPzX6lzn5l98uxolRa3L6H1MriEmbXuoL2qrOoO3YbssIJPSCnZe/o
lpQ8gupEqr7XH24t7k81Mkgx4tUi8+M07iVljXVDWYy60a92W8l8wxp9ypH+Yogf
RlBAYIPOzVSndhMkfkINWNfAGj0Iujwb2ocF1KDUN6pwIm0DgwxVtoNNUYSxOZTS
j6fw2TNYMTW40AxoVn5+uS9+ZiLYrEY19XyZOZvnd+gR0iO6SCFR7Eo6qPQpRsic
V+vdwE0eUwrRPoas26J+je9xL1lLIeL2niPsuWXrN1YLgkoORs4=
=NDyY
-----END PGP SIGNATURE-----
Hash: SHA256
As I reported here:
https://groups.google.com/d/msgid/qubes-devel/05031ade-b019-986e-e378-32
cc8fff916e%40zrubi.hu
- --
Zrubi
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEw39Thm3rBIO+xeXXGjNaC1SPN2QFAlqZG1UACgkQGjNaC1SP
N2RvbRAAsq5QPJe6U35nmxKvMkQGxEYVN9r3Kl9kncO5y8Btsa9kTFeiYNd7IxcQ
Nocas9RKMSkyqRQHlvz1UC5NbqJkDe1GZFwND8MW+oh85iCSm70jNvED6slgoRSR
H8f0vFf/OvGaS19/xPFfnKWVVZll1Iq3W5fFXz6/DR8FHQfOKKMLXd481YGdB4UO
LT5f67cttc+2biJxUZQMlJy2DLcZtVXhHi7+FjMPSuTkDH2ID5kMwe7E85fGyw2j
E5yeAc3UnLlPqu8UV2nHkkBLmXA6NDkHs1qz6IpS1MBztYPk4hacGKm45+mSmgN7
g86bLKVK4ntMMiofCV3EVHFNwYZzM91rAdqQqL4orA+CfxoEGqK+1XTKeVo+gjkD
EQFnpa5HbCQPzX6lzn5l98uxolRa3L6H1MriEmbXuoL2qrOoO3YbssIJPSCnZe/o
lpQ8gupEqr7XH24t7k81Mkgx4tUi8+M07iVljXVDWYy60a92W8l8wxp9ypH+Yogf
RlBAYIPOzVSndhMkfkINWNfAGj0Iujwb2ocF1KDUN6pwIm0DgwxVtoNNUYSxOZTS
j6fw2TNYMTW40AxoVn5+uS9+ZiLYrEY19XyZOZvnd+gR0iO6SCFR7Eo6qPQpRsic
V+vdwE0eUwrRPoas26J+je9xL1lLIeL2niPsuWXrN1YLgkoORs4=
=NDyY
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages