Connect linux guest to internet
67 views
Skip to first unread message
Sebastian Walla
Apr 1, 2018, 8:44:28 AM4/1/18
to S2E Developer Forum
Hi all,
I'm trying to connect the debian-9.2.1-x86_64 guest to the internet. For windows-10ent1703-x86-64 I just deleted the -net none -net nic,model=e1000 part from the launch-s2e.sh to activate user mode networking of qemu, and it worked. However this does not work for the debian guest. I also tried to connect the guest using a tap device, but that also did not seem to work. Do you have any idea why this could be the case and how it could be resolved? It confuses me, that the user mode networking worked for windows but not for the debian guest. The debian guest does not seem to get any IP assigned since ifconfig in the guest gives me no interface which has an ip, although I'm in a network with a dhcp server.
Best regards
Sebastian
I'm trying to connect the debian-9.2.1-x86_64 guest to the internet. For windows-10ent1703-x86-64 I just deleted the -net none -net nic,model=e1000 part from the launch-s2e.sh to activate user mode networking of qemu, and it worked. However this does not work for the debian guest. I also tried to connect the guest using a tap device, but that also did not seem to work. Do you have any idea why this could be the case and how it could be resolved? It confuses me, that the user mode networking worked for windows but not for the debian guest. The debian guest does not seem to get any IP assigned since ifconfig in the guest gives me no interface which has an ip, although I'm in a network with a dhcp server.
Best regards
Sebastian
Vitaly Chipounov
Apr 1, 2018, 10:39:03 AM4/1/18
to s2e...@googlegroups.com, Sebastian Walla
Hi,
We do not officially support guest networking during symbolic execution.
The "-net user" option will definitely not work (it causes memory corruptions during symbolic execution). S2E 1.0 used to check for this option and abort if it was present. We did not port this safety check to S2E 2.0 yet.
Your best option is to use the tap device. I would recommend that you make it work in vanilla QEMU first and then port the switches to S2E.
Regarding Linux vs. Debian difference, check that guest drivers are properly installed and enabled and the firewall is configured properly on the host.
Vitaly
We do not officially support guest networking during symbolic execution.
The "-net user" option will definitely not work (it causes memory corruptions during symbolic execution). S2E 1.0 used to check for this option and abort if it was present. We did not port this safety check to S2E 2.0 yet.
Your best option is to use the tap device. I would recommend that you make it work in vanilla QEMU first and then port the switches to S2E.
Regarding Linux vs. Debian difference, check that guest drivers are properly installed and enabled and the firewall is configured properly on the host.
Vitaly
--
--
You received this message because you are a member of the S2E Developer Forum.
To post to this group, send email to s2e...@googlegroups.com
To unsubscribe from this group, send email to s2e-dev+u...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/s2e-dev
---
You received this message because you are subscribed to the Google Groups "S2E Developer Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to s2e-dev+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Sebastian Walla
Apr 1, 2018, 5:24:24 PM4/1/18
to S2E Developer Forum
I got it running by adding the following to launch-s2e.sh before the vm is started, which creates and configures a bridge and tap device on the host:
# the following lines set up the tap device on the host for network connectivity
# http://blog.elastocloud.org/2015/07/qemukvm-bridged-network-with-tap.html
# enp9s0 is the ethernet adapter interface
sudo ip link add br0 type bridge
sudo ip addr flush dev enp9s0
sudo ip link set enp9s0 master br0
sudo ip tuntap add dev tap0 mode tap user bastiubuntu
sudo ip link set tap0 master br0
sudo ip link set dev br0 up
sudo ip link set dev tap0 up
# deactivate filtering on bridge
sudo sysctl -p /etc/sysctl.conf
For the guest configuration I had to add the following lines before the binary is executed:
# the next lines are just for guest side config for network connectivity
sudo bash -c 'echo "auto enp0s3" >>/etc/network/interfaces'
sudo bash -c 'echo "iface enp0s3 inet dhcp" >>/etc/network/interfaces'
sudo bash -c 'echo "nameserver 8.8.8.8" >>/etc/resolv.conf'
sudo bash -c 'echo "nameserver 8.8.4.4" >>/etc/resolv.conf'
sudo ip link set dev enp0s3 down
sudo ip link set dev enp0s3 up
sudo /etc/init.d/networking stop
sudo /etc/init.d/networking start
# the following lines set up the tap device on the host for network connectivity
# http://blog.elastocloud.org/2015/07/qemukvm-bridged-network-with-tap.html
# enp9s0 is the ethernet adapter interface
sudo ip link add br0 type bridge
sudo ip addr flush dev enp9s0
sudo ip link set enp9s0 master br0
sudo ip tuntap add dev tap0 mode tap user bastiubuntu
sudo ip link set tap0 master br0
sudo ip link set dev br0 up
sudo ip link set dev tap0 up
# deactivate filtering on bridge
sudo sysctl -p /etc/sysctl.conf
For the guest configuration I had to add the following lines before the binary is executed:
# the next lines are just for guest side config for network connectivity
sudo bash -c 'echo "auto enp0s3" >>/etc/network/interfaces'
sudo bash -c 'echo "iface enp0s3 inet dhcp" >>/etc/network/interfaces'
sudo bash -c 'echo "nameserver 8.8.8.8" >>/etc/resolv.conf'
sudo bash -c 'echo "nameserver 8.8.4.4" >>/etc/resolv.conf'
sudo ip link set dev enp0s3 down
sudo ip link set dev enp0s3 up
sudo /etc/init.d/networking stop
sudo /etc/init.d/networking start
Sebastian Walla
Apr 1, 2018, 5:27:12 PM4/1/18
to S2E Developer Forum
The guest will be configured to use dhcp and the google dns servers are added for host name resolution. On the host one also had to deactivate netfiltering on the bridge by adding this lines to /etc/sysctl.conf:
net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0
I just wanted to give this for future refernce, in case anyone else is trying to achieve the same.
Reply all
Reply to author
Forward
0 new messages