On Thursday, November 9, 2017 at 4:18:13 AM UTC, Jean-Philippe Ouellet wrote:
> On Wed, Nov 8, 2017 at 3:09 PM, Thomas Leonard wrote:
> > On Thursday, April 13, 2017 at 1:33:53 PM UTC+1, Thomas Leonard wrote:
> >> On Thursday, April 13, 2017 at 11:08:11 AM UTC+1, Foppe de Haan wrote:
> >> > On Thursday, April 13, 2017 at 10:00:20 AM UTC+2, Thomas Leonard wrote:
> >> > > On Wednesday, April 12, 2017 at 10:32:11 PM UTC+1, Foppe de Haan wrote:
> >> > > > Any clue why Windows 7 won't boot when I have MirageOS selected as 
> >> > > > the firewall?
> >> > >
> >> > > I've never tried it. Do the mirage-firewall logs show anything 
> >> > > interesting when you try to boot Windows?
> >> >
> >> > No, but I do have this log (guest-windows-dm). First log doesn't boot 
> >> > (MirageOS), 2nd does (sys-firewall). Is that of any use?
> >>
> >> Oh, that's more useful than I was expecting! Looks like the Windows boot 
> >> process starts by running MiniOS! It's hanging at
> >>
> >> close network: backend at /local/domain/4/backend/vif/79/0
> >>
> >> I guess it asked the firewall to close the network, and never got a reply 
> >> (because the firewall doesn't have any code to do that).
> >
> > OK, I finally got some time to look into this. I think this patch should 
> > fix it (works for Linux HVM anyway):
> >
> > https://github.com/mirage/mirage-net-xen/pull/67
> >
> > I also made a patch that seems to let the firewall work with disposable VMs:
> >
> > https://github.com/mirage/mirage-net-xen/pull/68
> 
> Sweet :)
> 
> > Both are based on guesswork though - is the Xen netback protocol documented 
> > somewhere?
> 
> In xen src:
> http://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=xen/include/public/io/netif.h;hb=refs/heads/master
> 
> netfront / netback in linux:
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/net/xen-netfront.c
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/net/xen-netback
> 
> And a somewhat outdated but much more approachable introduction in
> section 9.2 (starting p.169) of "The Definitive Guide to the Xen
> Hypervisor" book in case you have access to it.

Thanks. Is there anything about the setup protocol, though? This file seems 
less well commented:

http://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=xen/include/public/io/xenbus.h;h=927f9db5528798fca00455fdd687662d68b18b2e;hb=refs/heads/master

BTW, I've updated the Dockerfile to build with the patches applied now, if 
anyone wants to test it:

https://github.com/talex5/qubes-mirage-firewall/

I've had one report from a Qubes 4.0rc1 user that it now works for them (for 
HVM Linux).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e4a1ff93-2c9f-470b-b2da-0cc69f79ba3d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to