On Thursday, November 9, 2017 at 4:18:13 AM UTC, Jean-Philippe Ouellet wrote: > On Wed, Nov 8, 2017 at 3:09 PM, Thomas Leonard wrote: > > On Thursday, April 13, 2017 at 1:33:53 PM UTC+1, Thomas Leonard wrote: > >> On Thursday, April 13, 2017 at 11:08:11 AM UTC+1, Foppe de Haan wrote: > >> > On Thursday, April 13, 2017 at 10:00:20 AM UTC+2, Thomas Leonard wrote: > >> > > On Wednesday, April 12, 2017 at 10:32:11 PM UTC+1, Foppe de Haan wrote: > >> > > > Any clue why Windows 7 won't boot when I have MirageOS selected as > >> > > > the firewall? > >> > > > >> > > I've never tried it. Do the mirage-firewall logs show anything > >> > > interesting when you try to boot Windows? > >> > > >> > No, but I do have this log (guest-windows-dm). First log doesn't boot > >> > (MirageOS), 2nd does (sys-firewall). Is that of any use? > >> > >> Oh, that's more useful than I was expecting! Looks like the Windows boot > >> process starts by running MiniOS! It's hanging at > >> > >> close network: backend at /local/domain/4/backend/vif/79/0 > >> > >> I guess it asked the firewall to close the network, and never got a reply > >> (because the firewall doesn't have any code to do that). > > > > OK, I finally got some time to look into this. I think this patch should > > fix it (works for Linux HVM anyway): > > > > https://github.com/mirage/mirage-net-xen/pull/67 > > > > I also made a patch that seems to let the firewall work with disposable VMs: > > > > https://github.com/mirage/mirage-net-xen/pull/68 > > Sweet :) > > > Both are based on guesswork though - is the Xen netback protocol documented > > somewhere? > > In xen src: > http://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=xen/include/public/io/netif.h;hb=refs/heads/master > > netfront / netback in linux: > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/net/xen-netfront.c > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/net/xen-netback > > And a somewhat outdated but much more approachable introduction in > section 9.2 (starting p.169) of "The Definitive Guide to the Xen > Hypervisor" book in case you have access to it.
Thanks. Is there anything about the setup protocol, though? This file seems less well commented: http://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=xen/include/public/io/xenbus.h;h=927f9db5528798fca00455fdd687662d68b18b2e;hb=refs/heads/master BTW, I've updated the Dockerfile to build with the patches applied now, if anyone wants to test it: https://github.com/talex5/qubes-mirage-firewall/ I've had one report from a Qubes 4.0rc1 user that it now works for them (for HVM Linux). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e4a1ff93-2c9f-470b-b2da-0cc69f79ba3d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.