From 2f0814840eb08cac2818d6ade6db7fd8046ca036 Mon Sep 17 00:00:00 2001 From: 1cho1ce <1choice4u@proton.me> Date: Thu, 5 Oct 2023 15:56:59 +0000 Subject: [PATCH 1/9] Add Virtual DNS for IPv6 --- qubes/vm/mix/net.py | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/qubes/vm/mix/net.py b/qubes/vm/mix/net.py index 4df2d9a57..d4964c158 100644 --- a/qubes/vm/mix/net.py +++ b/qubes/vm/mix/net.py @@ -247,10 +247,16 @@ def connected_vms(self): def dns(self): '''DNS servers set up for this domain.''' if self.netvm is not None or self.provides_network: - return StrSerializableTuple(( - '10.139.1.1', - '10.139.1.2', - )) + if self.features.check_with_netvm('ipv6', False): + return StrSerializableTuple(( + 'fd09:24ef:4179::a8b:1', + '10.139.1.1', + )) + else: + return StrSerializableTuple(( + '10.139.1.1', + '10.139.1.2', + )) return None From 98b184c183391694f860dea7051361e2f6595fcc Mon Sep 17 00:00:00 2001 From: 1cho1ce <1choice4u@proton.me> Date: Fri, 6 Oct 2023 20:36:44 +0000 Subject: [PATCH 2/9] Add IPv6 DNS if netvm has ipv6 feature enabled. For this there is a need to only add Virtual DNS servers to qubes that have netvm set and don't add DNS to every qube that provides network (sys-net/sys-usb/etc). --- qubes/vm/mix/net.py | 4 ++-- qubes/vm/qubesvm.py | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/qubes/vm/mix/net.py b/qubes/vm/mix/net.py index d4964c158..e1d77949a 100644 --- a/qubes/vm/mix/net.py +++ b/qubes/vm/mix/net.py @@ -246,8 +246,8 @@ def connected_vms(self): @qubes.stateless_property def dns(self): '''DNS servers set up for this domain.''' - if self.netvm is not None or self.provides_network: - if self.features.check_with_netvm('ipv6', False): + if self.netvm is not None: + if self.netvm.features.check_with_netvm('ipv6', False): return StrSerializableTuple(( 'fd09:24ef:4179::a8b:1', '10.139.1.1', diff --git a/qubes/vm/qubesvm.py b/qubes/vm/qubesvm.py index bc0a9cd08..81d30dcd3 100644 --- a/qubes/vm/qubesvm.py +++ b/qubes/vm/qubesvm.py @@ -2251,8 +2251,9 @@ def create_qdb_entries(self): str(self.gateway6)) self.untrusted_qdb.write('/qubes-netvm-netmask', str(self.netmask)) - for i, addr in zip(('primary', 'secondary'), self.dns): - self.untrusted_qdb.write('/qubes-netvm-{}-dns'.format(i), addr) + if self.netvm is not None: + for i, addr in zip(('primary', 'secondary'), self.dns): + self.untrusted_qdb.write('/qubes-netvm-{}-dns'.format(i), addr) if self.netvm is not None: self.untrusted_qdb.write('/qubes-mac', str(self.mac)) From f6b43b33627d4d5715ef7ef13153ae9dfcaf6b38 Mon Sep 17 00:00:00 2001 From: 1cho1ce <1choice4u@proton.me> Date: Tue, 10 Oct 2023 08:43:29 +0000 Subject: [PATCH 3/9] Add IPv6 Virtual DNS support. Also some IPv6 fixes and tests. --- qubes/tests/api_admin.py | 21 ++++++++++++++++++++ qubes/tests/vm/qubesvm.py | 8 ++++++++ qubes/vm/mix/net.py | 41 ++++++++++++++++++++++++++------------- qubes/vm/qubesvm.py | 15 +++++++++++--- 4 files changed, 68 insertions(+), 17 deletions(-) diff --git a/qubes/tests/api_admin.py b/qubes/tests/api_admin.py index e6f6fd8fb..d52217cd3 100644 --- a/qubes/tests/api_admin.py +++ b/qubes/tests/api_admin.py @@ -249,6 +249,13 @@ def test_028_vm_property_get_list(self): b'test-vm1', b'dns') self.assertEqual(value, 'default=True type=str 10.139.1.1 10.139.1.2') + self.template.features['supported-feature.ipv6'] = '1' + self.netvm.features['ipv6'] = '1' + value = self.call_mgmt_func( + b'admin.vm.property.Get', + b'test-vm1', + b'dns6') + self.assertEqual(value, 'default=True type=str fd09:24ef:4179::a8b:1 fd09:24ef:4179::a8b:2') def test_029_vm_property_get_list_none(self): value = self.call_mgmt_func( @@ -256,6 +263,13 @@ def test_029_vm_property_get_list_none(self): b'test-vm1', b'dns') self.assertEqual(value, 'default=True type=str ') + self.template.features['supported-feature.ipv6'] = '1' + self.netvm.features['ipv6'] = '1' + value = self.call_mgmt_func( + b'admin.vm.property.Get', + b'test-vm1', + b'dns6') + self.assertEqual(value, 'default=True type=str ') def test_029_vm_property_get_list_default(self): self.vm.provides_network = True @@ -264,6 +278,13 @@ def test_029_vm_property_get_list_default(self): b'test-vm1', b'dns') self.assertEqual(value, 'type=str 10.139.1.1 10.139.1.2') + self.template.features['supported-feature.ipv6'] = '1' + self.netvm.features['ipv6'] = '1' + value = self.call_mgmt_func( + b'admin.vm.property.GetDefault', + b'test-vm1', + b'dns6') + self.assertEqual(value, 'type=str fd09:24ef:4179::a8b:1 fd09:24ef:4179::a8b:2') def test_030_vm_property_set_vm(self): netvm = self.app.add_new_vm('AppVM', label='red', name='test-net', diff --git a/qubes/tests/vm/qubesvm.py b/qubes/tests/vm/qubesvm.py index 8bd2fb338..3d489ef85 100644 --- a/qubes/tests/vm/qubesvm.py +++ b/qubes/tests/vm/qubesvm.py @@ -1794,6 +1794,8 @@ def test_621_qdb_vm_with_network(self, mock_qubesdb, mock_urandom, qubes.config.qubes_ipv6_prefix.replace(':0000', '') + \ '::a89:3' expected['/qubes-gateway6'] = expected['/qubes-ip6'][:-1] + '2' + expected['/qubes-primary-dns6'] = 'fd09:24ef:4179::a8b:1' + expected['/qubes-secondary-dns6'] = 'fd09:24ef:4179::a8b:2' vm.create_qdb_entries() self.assertEqual(test_qubesdb.data, expected) @@ -1805,6 +1807,8 @@ def test_621_qdb_vm_with_network(self, mock_qubesdb, mock_urandom, qubes.config.qubes_ipv6_prefix.replace(':0000', '') + \ '::a89:3' del expected['/qubes-gateway6'] + del expected['/qubes-primary-dns6'] + del expected['/qubes-secondary-dns6'] vm.create_qdb_entries() self.assertEqual(test_qubesdb.data, expected) @@ -1847,6 +1851,10 @@ def test_621_qdb_vm_with_network(self, mock_qubesdb, mock_urandom, netvm.features['ipv6'] = True ip6 = qubes.config.qubes_ipv6_prefix.replace( ':0000', '') + '::a89:3' + expected['/qubes-primary-dns6'] = 'fd09:24ef:4179::a8b:1' + expected['/qubes-secondary-dns6'] = 'fd09:24ef:4179::a8b:2' + expected['/qubes-netvm-primary-dns6'] = 'fd09:24ef:4179::a8b:1' + expected['/qubes-netvm-secondary-dns6'] = 'fd09:24ef:4179::a8b:2' expected['/qubes-netvm-gateway6'] = ip6[:-1] + '2' expected['/qubes-firewall/' + ip6] = '' expected['/qubes-firewall/' + ip6 + '/0000'] = 'action=accept' diff --git a/qubes/vm/mix/net.py b/qubes/vm/mix/net.py index e1d77949a..5c948d31f 100644 --- a/qubes/vm/mix/net.py +++ b/qubes/vm/mix/net.py @@ -57,6 +57,8 @@ def _default_ip6(self): return None if not self.features.check_with_netvm('ipv6', False): return None + if not self.features.check_with_template("supported-feature.ipv6", False): + return None if self.netvm is not None: return self.netvm.get_ip6_for_vm(self) # pylint: disable=no-member @@ -172,7 +174,9 @@ def visible_gateway(self): @qubes.stateless_property def visible_gateway6(self): '''Default (IPv6) gateway of this domain as seen by the domain.''' - if self.features.check_with_netvm('ipv6', False): + if not self.features.check_with_netvm('ipv6', False): + return None + if self.features.check_with_template("supported-feature.ipv6", False): return self.netvm.gateway6 if self.netvm else None return None @@ -220,7 +224,9 @@ def gateway(self): @qubes.stateless_property def gateway6(self): '''Gateway (IPv6) for other domains that use this domain as netvm.''' - if self.features.check_with_netvm('ipv6', False): + if not self.features.check_with_netvm('ipv6', False): + return None + if self.features.check_with_template("supported-feature.ipv6", False): return self.visible_ip6 if self.provides_network else \ None return None @@ -246,17 +252,24 @@ def connected_vms(self): @qubes.stateless_property def dns(self): '''DNS servers set up for this domain.''' - if self.netvm is not None: - if self.netvm.features.check_with_netvm('ipv6', False): - return StrSerializableTuple(( - 'fd09:24ef:4179::a8b:1', - '10.139.1.1', - )) - else: - return StrSerializableTuple(( - '10.139.1.1', - '10.139.1.2', - )) + if self.netvm is not None or self.provides_network: + return StrSerializableTuple(( + '10.139.1.1', + '10.139.1.2', + )) + + return None + + @qubes.stateless_property + def dns6(self): + '''IPv6 DNS servers set up for this domain.''' + if self.features.check_with_netvm('ipv6', False) and \ + self.features.check_with_template("supported-feature.ipv6", \ + False) and (self.netvm is not None or self.provides_network): + return StrSerializableTuple(( + 'fd09:24ef:4179::a8b:1', + 'fd09:24ef:4179::a8b:2', + )) return None @@ -512,7 +525,7 @@ def on_property_set_ip(self, _event, name, newvalue=None, oldvalue=None): vm.fire_event( 'property-reset:visible_gateway', name='visible_gateway') - @qubes.events.handler('property-set:ip6', 'property-reset:ipv6') + @qubes.events.handler('property-set:ip6', 'property-reset:ip6') def on_property_set_ip6(self, _event, name, newvalue=None, oldvalue=None): # pylint: disable=unused-argument if newvalue == oldvalue: diff --git a/qubes/vm/qubesvm.py b/qubes/vm/qubesvm.py index 81d30dcd3..e072b3c9c 100644 --- a/qubes/vm/qubesvm.py +++ b/qubes/vm/qubesvm.py @@ -2251,9 +2251,13 @@ def create_qdb_entries(self): str(self.gateway6)) self.untrusted_qdb.write('/qubes-netvm-netmask', str(self.netmask)) - if self.netvm is not None: - for i, addr in zip(('primary', 'secondary'), self.dns): - self.untrusted_qdb.write('/qubes-netvm-{}-dns'.format(i), addr) + for i, addr in zip(('primary', 'secondary'), self.dns): + self.untrusted_qdb.write('/qubes-netvm-{}-dns'.format(i), \ + str(addr)) + if self.dns6: # pylint: disable=using-constant-test + for i, addr in zip(('primary', 'secondary'), self.dns6): + self.untrusted_qdb.write('/qubes-netvm-{}-dns6'.format(i), \ + str(addr)) if self.netvm is not None: self.untrusted_qdb.write('/qubes-mac', str(self.mac)) @@ -2271,6 +2275,11 @@ def create_qdb_entries(self): if self.visible_gateway6: # pylint: disable=using-constant-test self.untrusted_qdb.write('/qubes-gateway6', str(self.visible_gateway6)) + if self.dns6 and self.netvm.features.check_with_netvm('ipv6', \ + False): # pylint: disable=using-constant-test + for i, addr in zip(('primary', 'secondary'), self.dns6): + self.untrusted_qdb.write('/qubes-{}-dns6'.format(i), \ + str(addr)) tzname = qubes.utils.get_timezone() if tzname: From 4beee6bc8681d36370cbf94dd9263ac465e6aba7 Mon Sep 17 00:00:00 2001 From: 1cho1ce <1choice4u@proton.me> Date: Tue, 10 Oct 2023 09:46:36 +0000 Subject: [PATCH 4/9] Add support for supported-feature.ipv6 template feature in tests --- qubes/tests/integ/network_ipv6.py | 1 + qubes/tests/vm/mix/net.py | 2 ++ qubes/tests/vm/qubesvm.py | 5 +++++ 3 files changed, 8 insertions(+) diff --git a/qubes/tests/integ/network_ipv6.py b/qubes/tests/integ/network_ipv6.py index f326eb509..623b22d3a 100644 --- a/qubes/tests/integ/network_ipv6.py +++ b/qubes/tests/integ/network_ipv6.py @@ -60,6 +60,7 @@ def configure_netvm(self): ''' :type self: qubes.tests.SystemTestCase | VmIPv6NetworkingMixin ''' + self.testnetvm.template.features['supported-feature.ipv6'] = '1' self.testnetvm.features['ipv6'] = True super(VmIPv6NetworkingMixin, self).configure_netvm() diff --git a/qubes/tests/vm/mix/net.py b/qubes/tests/vm/mix/net.py index f7d99032f..ee6df6186 100644 --- a/qubes/tests/vm/mix/net.py +++ b/qubes/tests/vm/mix/net.py @@ -129,6 +129,7 @@ def test_160_ip6(self): vm = self.get_vm() self.setup_netvms(vm) self.assertPropertyDefaultValue(vm, 'ip6', None) + vm.template.features['supported-feature.ipv6'] = '1' vm.netvm.features['ipv6'] = True self.assertPropertyDefaultValue(vm, 'ip6', ipaddress.IPv6Address('{}::a89:{:x}'.format( @@ -139,6 +140,7 @@ def test_160_ip6(self): def test_161_ip6_invalid(self): vm = self.get_vm() self.setup_netvms(vm) + vm.template.features['supported-feature.ipv6'] = '1' vm.netvm.features['ipv6'] = True self.assertPropertyInvalidValue(vm, 'ip', 'zzzz') self.assertPropertyInvalidValue(vm, 'ip', diff --git a/qubes/tests/vm/qubesvm.py b/qubes/tests/vm/qubesvm.py index 3d489ef85..07a27a50a 100644 --- a/qubes/tests/vm/qubesvm.py +++ b/qubes/tests/vm/qubesvm.py @@ -1495,6 +1495,7 @@ def test_610_libvirt_xml_network(self): self.assertXMLEqual(lxml.etree.XML(libvirt_xml), lxml.etree.XML(expected.format(extra_ip=''))) with self.subTest('ipv6'): + vm.template.features['supported-feature.ipv6'] = '1' netvm.features['ipv6'] = True libvirt_xml = vm.create_config_file() self.assertXMLEqual(lxml.etree.XML(libvirt_xml), @@ -1789,6 +1790,7 @@ def test_621_qdb_vm_with_network(self, mock_qubesdb, mock_urandom, test_qubesdb.data.clear() with self.subTest('ipv6'): + vm.template.features['supported-feature.ipv6'] = '1' netvm.features['ipv6'] = True expected['/qubes-ip6'] = \ qubes.config.qubes_ipv6_prefix.replace(':0000', '') + \ @@ -1801,6 +1803,7 @@ def test_621_qdb_vm_with_network(self, mock_qubesdb, mock_urandom, test_qubesdb.data.clear() with self.subTest('ipv6_just_appvm'): + vm.template.features['supported-feature.ipv6'] = '1' del netvm.features['ipv6'] vm.features['ipv6'] = True expected['/qubes-ip6'] = \ @@ -1814,6 +1817,7 @@ def test_621_qdb_vm_with_network(self, mock_qubesdb, mock_urandom, test_qubesdb.data.clear() with self.subTest('proxy_ipv4'): + del vm.template.features['supported-feature.ipv6'] del vm.features['ipv6'] expected['/name'] = 'test-inst-netvm' expected['/qubes-vm-type'] = 'NetVM' @@ -1848,6 +1852,7 @@ def test_621_qdb_vm_with_network(self, mock_qubesdb, mock_urandom, test_qubesdb.data.clear() with self.subTest('proxy_ipv6'): + vm.template.features['supported-feature.ipv6'] = '1' netvm.features['ipv6'] = True ip6 = qubes.config.qubes_ipv6_prefix.replace( ':0000', '') + '::a89:3' From 4495d21b71e8965f2f83773a873a98f100c06b05 Mon Sep 17 00:00:00 2001 From: 1cho1ce <1choice4u@proton.me> Date: Tue, 10 Oct 2023 10:51:25 +0000 Subject: [PATCH 5/9] Fix tests --- qubes/tests/api_admin.py | 12 ++++++------ qubes/tests/vm/mix/net.py | 4 ++-- qubes/tests/vm/qubesvm.py | 10 +++++----- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/qubes/tests/api_admin.py b/qubes/tests/api_admin.py index d52217cd3..021562d59 100644 --- a/qubes/tests/api_admin.py +++ b/qubes/tests/api_admin.py @@ -243,14 +243,14 @@ def test_027_vm_property_get_all(self): self.assertEqual(value, expected) def test_028_vm_property_get_list(self): + self.vm.features['supported-feature.ipv6'] = '1' + self.vm.features['ipv6'] = '1' self.vm.provides_network = True value = self.call_mgmt_func( b'admin.vm.property.Get', b'test-vm1', b'dns') self.assertEqual(value, 'default=True type=str 10.139.1.1 10.139.1.2') - self.template.features['supported-feature.ipv6'] = '1' - self.netvm.features['ipv6'] = '1' value = self.call_mgmt_func( b'admin.vm.property.Get', b'test-vm1', @@ -258,13 +258,13 @@ def test_028_vm_property_get_list(self): self.assertEqual(value, 'default=True type=str fd09:24ef:4179::a8b:1 fd09:24ef:4179::a8b:2') def test_029_vm_property_get_list_none(self): + self.vm.features['supported-feature.ipv6'] = '1' + self.vm.features['ipv6'] = '1' value = self.call_mgmt_func( b'admin.vm.property.Get', b'test-vm1', b'dns') self.assertEqual(value, 'default=True type=str ') - self.template.features['supported-feature.ipv6'] = '1' - self.netvm.features['ipv6'] = '1' value = self.call_mgmt_func( b'admin.vm.property.Get', b'test-vm1', @@ -272,14 +272,14 @@ def test_029_vm_property_get_list_none(self): self.assertEqual(value, 'default=True type=str ') def test_029_vm_property_get_list_default(self): + self.vm.features['supported-feature.ipv6'] = '1' + self.vm.features['ipv6'] = '1' self.vm.provides_network = True value = self.call_mgmt_func( b'admin.vm.property.GetDefault', b'test-vm1', b'dns') self.assertEqual(value, 'type=str 10.139.1.1 10.139.1.2') - self.template.features['supported-feature.ipv6'] = '1' - self.netvm.features['ipv6'] = '1' value = self.call_mgmt_func( b'admin.vm.property.GetDefault', b'test-vm1', diff --git a/qubes/tests/vm/mix/net.py b/qubes/tests/vm/mix/net.py index ee6df6186..ed48cf6d2 100644 --- a/qubes/tests/vm/mix/net.py +++ b/qubes/tests/vm/mix/net.py @@ -129,7 +129,7 @@ def test_160_ip6(self): vm = self.get_vm() self.setup_netvms(vm) self.assertPropertyDefaultValue(vm, 'ip6', None) - vm.template.features['supported-feature.ipv6'] = '1' + vm.features['supported-feature.ipv6'] = '1' vm.netvm.features['ipv6'] = True self.assertPropertyDefaultValue(vm, 'ip6', ipaddress.IPv6Address('{}::a89:{:x}'.format( @@ -140,7 +140,7 @@ def test_160_ip6(self): def test_161_ip6_invalid(self): vm = self.get_vm() self.setup_netvms(vm) - vm.template.features['supported-feature.ipv6'] = '1' + vm.features['supported-feature.ipv6'] = '1' vm.netvm.features['ipv6'] = True self.assertPropertyInvalidValue(vm, 'ip', 'zzzz') self.assertPropertyInvalidValue(vm, 'ip', diff --git a/qubes/tests/vm/qubesvm.py b/qubes/tests/vm/qubesvm.py index 07a27a50a..266b1c83f 100644 --- a/qubes/tests/vm/qubesvm.py +++ b/qubes/tests/vm/qubesvm.py @@ -1495,7 +1495,7 @@ def test_610_libvirt_xml_network(self): self.assertXMLEqual(lxml.etree.XML(libvirt_xml), lxml.etree.XML(expected.format(extra_ip=''))) with self.subTest('ipv6'): - vm.template.features['supported-feature.ipv6'] = '1' + vm.features['supported-feature.ipv6'] = '1' netvm.features['ipv6'] = True libvirt_xml = vm.create_config_file() self.assertXMLEqual(lxml.etree.XML(libvirt_xml), @@ -1790,7 +1790,7 @@ def test_621_qdb_vm_with_network(self, mock_qubesdb, mock_urandom, test_qubesdb.data.clear() with self.subTest('ipv6'): - vm.template.features['supported-feature.ipv6'] = '1' + template.features['supported-feature.ipv6'] = '1' netvm.features['ipv6'] = True expected['/qubes-ip6'] = \ qubes.config.qubes_ipv6_prefix.replace(':0000', '') + \ @@ -1803,7 +1803,7 @@ def test_621_qdb_vm_with_network(self, mock_qubesdb, mock_urandom, test_qubesdb.data.clear() with self.subTest('ipv6_just_appvm'): - vm.template.features['supported-feature.ipv6'] = '1' + template.features['supported-feature.ipv6'] = '1' del netvm.features['ipv6'] vm.features['ipv6'] = True expected['/qubes-ip6'] = \ @@ -1817,7 +1817,7 @@ def test_621_qdb_vm_with_network(self, mock_qubesdb, mock_urandom, test_qubesdb.data.clear() with self.subTest('proxy_ipv4'): - del vm.template.features['supported-feature.ipv6'] + del template.features['supported-feature.ipv6'] del vm.features['ipv6'] expected['/name'] = 'test-inst-netvm' expected['/qubes-vm-type'] = 'NetVM' @@ -1852,7 +1852,7 @@ def test_621_qdb_vm_with_network(self, mock_qubesdb, mock_urandom, test_qubesdb.data.clear() with self.subTest('proxy_ipv6'): - vm.template.features['supported-feature.ipv6'] = '1' + template.features['supported-feature.ipv6'] = '1' netvm.features['ipv6'] = True ip6 = qubes.config.qubes_ipv6_prefix.replace( ':0000', '') + '::a89:3' From 58a884d8655178c4f4870289758421572cda57ae Mon Sep 17 00:00:00 2001 From: 1cho1ce <1choice4u@proton.me> Date: Tue, 10 Oct 2023 11:59:55 +0000 Subject: [PATCH 6/9] Fix test --- qubes/tests/vm/qubesvm.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qubes/tests/vm/qubesvm.py b/qubes/tests/vm/qubesvm.py index 266b1c83f..195860f31 100644 --- a/qubes/tests/vm/qubesvm.py +++ b/qubes/tests/vm/qubesvm.py @@ -1856,8 +1856,8 @@ def test_621_qdb_vm_with_network(self, mock_qubesdb, mock_urandom, netvm.features['ipv6'] = True ip6 = qubes.config.qubes_ipv6_prefix.replace( ':0000', '') + '::a89:3' - expected['/qubes-primary-dns6'] = 'fd09:24ef:4179::a8b:1' - expected['/qubes-secondary-dns6'] = 'fd09:24ef:4179::a8b:2' + del expected['/qubes-primary-dns6'] + del expected['/qubes-secondary-dns6'] expected['/qubes-netvm-primary-dns6'] = 'fd09:24ef:4179::a8b:1' expected['/qubes-netvm-secondary-dns6'] = 'fd09:24ef:4179::a8b:2' expected['/qubes-netvm-gateway6'] = ip6[:-1] + '2' From 9b21f783f8f4131ca05e444a18c59c417ed9f79e Mon Sep 17 00:00:00 2001 From: 1cho1ce <1choice4u@proton.me> Date: Tue, 10 Oct 2023 13:13:12 +0000 Subject: [PATCH 7/9] Fix test --- qubes/tests/vm/qubesvm.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/qubes/tests/vm/qubesvm.py b/qubes/tests/vm/qubesvm.py index 195860f31..0aff299d4 100644 --- a/qubes/tests/vm/qubesvm.py +++ b/qubes/tests/vm/qubesvm.py @@ -1856,8 +1856,6 @@ def test_621_qdb_vm_with_network(self, mock_qubesdb, mock_urandom, netvm.features['ipv6'] = True ip6 = qubes.config.qubes_ipv6_prefix.replace( ':0000', '') + '::a89:3' - del expected['/qubes-primary-dns6'] - del expected['/qubes-secondary-dns6'] expected['/qubes-netvm-primary-dns6'] = 'fd09:24ef:4179::a8b:1' expected['/qubes-netvm-secondary-dns6'] = 'fd09:24ef:4179::a8b:2' expected['/qubes-netvm-gateway6'] = ip6[:-1] + '2' From 75503a19ac7d164084652ea78fe31e1c422a7ca2 Mon Sep 17 00:00:00 2001 From: 1cho1ce <1choice4u@proton.me> Date: Tue, 10 Oct 2023 14:22:21 +0000 Subject: [PATCH 8/9] Remove feature supported-feature.ipv6 and add feature supported-feature.ipv6dns --- qubes/tests/api_admin.py | 23 +++++++++++++++++++---- qubes/tests/integ/network_ipv6.py | 1 - qubes/tests/vm/mix/net.py | 2 -- qubes/tests/vm/qubesvm.py | 28 +++++++++++++++++++++------- qubes/vm/mix/net.py | 12 +++--------- 5 files changed, 43 insertions(+), 23 deletions(-) diff --git a/qubes/tests/api_admin.py b/qubes/tests/api_admin.py index 021562d59..61b8f7414 100644 --- a/qubes/tests/api_admin.py +++ b/qubes/tests/api_admin.py @@ -243,7 +243,6 @@ def test_027_vm_property_get_all(self): self.assertEqual(value, expected) def test_028_vm_property_get_list(self): - self.vm.features['supported-feature.ipv6'] = '1' self.vm.features['ipv6'] = '1' self.vm.provides_network = True value = self.call_mgmt_func( @@ -251,6 +250,12 @@ def test_028_vm_property_get_list(self): b'test-vm1', b'dns') self.assertEqual(value, 'default=True type=str 10.139.1.1 10.139.1.2') + value = self.call_mgmt_func( + b'admin.vm.property.Get', + b'test-vm1', + b'dns6') + self.assertEqual(value, 'default=True type=str ') + self.vm.features['supported-feature.ipv6dns'] = '1' value = self.call_mgmt_func( b'admin.vm.property.Get', b'test-vm1', @@ -258,7 +263,6 @@ def test_028_vm_property_get_list(self): self.assertEqual(value, 'default=True type=str fd09:24ef:4179::a8b:1 fd09:24ef:4179::a8b:2') def test_029_vm_property_get_list_none(self): - self.vm.features['supported-feature.ipv6'] = '1' self.vm.features['ipv6'] = '1' value = self.call_mgmt_func( b'admin.vm.property.Get', @@ -270,9 +274,14 @@ def test_029_vm_property_get_list_none(self): b'test-vm1', b'dns6') self.assertEqual(value, 'default=True type=str ') + self.vm.features['supported-feature.ipv6dns'] = '1' + value = self.call_mgmt_func( + b'admin.vm.property.Get', + b'test-vm1', + b'dns6') + self.assertEqual(value, 'default=True type=str ') def test_029_vm_property_get_list_default(self): - self.vm.features['supported-feature.ipv6'] = '1' self.vm.features['ipv6'] = '1' self.vm.provides_network = True value = self.call_mgmt_func( @@ -284,7 +293,13 @@ def test_029_vm_property_get_list_default(self): b'admin.vm.property.GetDefault', b'test-vm1', b'dns6') - self.assertEqual(value, 'type=str fd09:24ef:4179::a8b:1 fd09:24ef:4179::a8b:2') + self.assertEqual(value, 'default=True type=str ') + self.vm.features['supported-feature.ipv6dns'] = '1' + value = self.call_mgmt_func( + b'admin.vm.property.Get', + b'test-vm1', + b'dns6') + self.assertEqual(value, 'default=True type=str fd09:24ef:4179::a8b:1 fd09:24ef:4179::a8b:2') def test_030_vm_property_set_vm(self): netvm = self.app.add_new_vm('AppVM', label='red', name='test-net', diff --git a/qubes/tests/integ/network_ipv6.py b/qubes/tests/integ/network_ipv6.py index 623b22d3a..f326eb509 100644 --- a/qubes/tests/integ/network_ipv6.py +++ b/qubes/tests/integ/network_ipv6.py @@ -60,7 +60,6 @@ def configure_netvm(self): ''' :type self: qubes.tests.SystemTestCase | VmIPv6NetworkingMixin ''' - self.testnetvm.template.features['supported-feature.ipv6'] = '1' self.testnetvm.features['ipv6'] = True super(VmIPv6NetworkingMixin, self).configure_netvm() diff --git a/qubes/tests/vm/mix/net.py b/qubes/tests/vm/mix/net.py index ed48cf6d2..f7d99032f 100644 --- a/qubes/tests/vm/mix/net.py +++ b/qubes/tests/vm/mix/net.py @@ -129,7 +129,6 @@ def test_160_ip6(self): vm = self.get_vm() self.setup_netvms(vm) self.assertPropertyDefaultValue(vm, 'ip6', None) - vm.features['supported-feature.ipv6'] = '1' vm.netvm.features['ipv6'] = True self.assertPropertyDefaultValue(vm, 'ip6', ipaddress.IPv6Address('{}::a89:{:x}'.format( @@ -140,7 +139,6 @@ def test_160_ip6(self): def test_161_ip6_invalid(self): vm = self.get_vm() self.setup_netvms(vm) - vm.features['supported-feature.ipv6'] = '1' vm.netvm.features['ipv6'] = True self.assertPropertyInvalidValue(vm, 'ip', 'zzzz') self.assertPropertyInvalidValue(vm, 'ip', diff --git a/qubes/tests/vm/qubesvm.py b/qubes/tests/vm/qubesvm.py index 0aff299d4..cf4df4133 100644 --- a/qubes/tests/vm/qubesvm.py +++ b/qubes/tests/vm/qubesvm.py @@ -1495,7 +1495,6 @@ def test_610_libvirt_xml_network(self): self.assertXMLEqual(lxml.etree.XML(libvirt_xml), lxml.etree.XML(expected.format(extra_ip=''))) with self.subTest('ipv6'): - vm.features['supported-feature.ipv6'] = '1' netvm.features['ipv6'] = True libvirt_xml = vm.create_config_file() self.assertXMLEqual(lxml.etree.XML(libvirt_xml), @@ -1790,12 +1789,18 @@ def test_621_qdb_vm_with_network(self, mock_qubesdb, mock_urandom, test_qubesdb.data.clear() with self.subTest('ipv6'): - template.features['supported-feature.ipv6'] = '1' netvm.features['ipv6'] = True expected['/qubes-ip6'] = \ qubes.config.qubes_ipv6_prefix.replace(':0000', '') + \ '::a89:3' expected['/qubes-gateway6'] = expected['/qubes-ip6'][:-1] + '2' + vm.create_qdb_entries() + self.assertEqual(test_qubesdb.data, expected) + + test_qubesdb.data.clear() + with self.subTest('ipv6_dns'): + template.features['supported-feature.ipv6dns'] = '1' + netvm.features['ipv6'] = True expected['/qubes-primary-dns6'] = 'fd09:24ef:4179::a8b:1' expected['/qubes-secondary-dns6'] = 'fd09:24ef:4179::a8b:2' vm.create_qdb_entries() @@ -1803,7 +1808,7 @@ def test_621_qdb_vm_with_network(self, mock_qubesdb, mock_urandom, test_qubesdb.data.clear() with self.subTest('ipv6_just_appvm'): - template.features['supported-feature.ipv6'] = '1' + template.features['supported-feature.ipv6dns'] = '1' del netvm.features['ipv6'] vm.features['ipv6'] = True expected['/qubes-ip6'] = \ @@ -1817,7 +1822,7 @@ def test_621_qdb_vm_with_network(self, mock_qubesdb, mock_urandom, test_qubesdb.data.clear() with self.subTest('proxy_ipv4'): - del template.features['supported-feature.ipv6'] + del template.features['supported-feature.ipv6dns'] del vm.features['ipv6'] expected['/name'] = 'test-inst-netvm' expected['/qubes-vm-type'] = 'NetVM' @@ -1852,12 +1857,9 @@ def test_621_qdb_vm_with_network(self, mock_qubesdb, mock_urandom, test_qubesdb.data.clear() with self.subTest('proxy_ipv6'): - template.features['supported-feature.ipv6'] = '1' netvm.features['ipv6'] = True ip6 = qubes.config.qubes_ipv6_prefix.replace( ':0000', '') + '::a89:3' - expected['/qubes-netvm-primary-dns6'] = 'fd09:24ef:4179::a8b:1' - expected['/qubes-netvm-secondary-dns6'] = 'fd09:24ef:4179::a8b:2' expected['/qubes-netvm-gateway6'] = ip6[:-1] + '2' expected['/qubes-firewall/' + ip6] = '' expected['/qubes-firewall/' + ip6 + '/0000'] = 'action=accept' @@ -1869,6 +1871,18 @@ def test_621_qdb_vm_with_network(self, mock_qubesdb, mock_urandom, netvm.create_qdb_entries() self.assertEqual(test_qubesdb.data, expected) + test_qubesdb.data.clear() + with self.subTest('proxy_ipv6_dns'): + template.features['supported-feature.ipv6dns'] = '1' + netvm.features['ipv6'] = True + expected['/qubes-netvm-primary-dns6'] = 'fd09:24ef:4179::a8b:1' + expected['/qubes-netvm-secondary-dns6'] = 'fd09:24ef:4179::a8b:2' + + with unittest.mock.patch('qubes.vm.qubesvm.QubesVM.is_running', + lambda _: True): + netvm.create_qdb_entries() + self.assertEqual(test_qubesdb.data, expected) + @unittest.mock.patch('qubes.utils.get_timezone') @unittest.mock.patch('qubes.utils.urandom') @unittest.mock.patch('qubes.vm.qubesvm.QubesVM.untrusted_qdb') diff --git a/qubes/vm/mix/net.py b/qubes/vm/mix/net.py index 5c948d31f..19bdb922d 100644 --- a/qubes/vm/mix/net.py +++ b/qubes/vm/mix/net.py @@ -57,8 +57,6 @@ def _default_ip6(self): return None if not self.features.check_with_netvm('ipv6', False): return None - if not self.features.check_with_template("supported-feature.ipv6", False): - return None if self.netvm is not None: return self.netvm.get_ip6_for_vm(self) # pylint: disable=no-member @@ -174,9 +172,7 @@ def visible_gateway(self): @qubes.stateless_property def visible_gateway6(self): '''Default (IPv6) gateway of this domain as seen by the domain.''' - if not self.features.check_with_netvm('ipv6', False): - return None - if self.features.check_with_template("supported-feature.ipv6", False): + if self.features.check_with_netvm('ipv6', False): return self.netvm.gateway6 if self.netvm else None return None @@ -224,9 +220,7 @@ def gateway(self): @qubes.stateless_property def gateway6(self): '''Gateway (IPv6) for other domains that use this domain as netvm.''' - if not self.features.check_with_netvm('ipv6', False): - return None - if self.features.check_with_template("supported-feature.ipv6", False): + if self.features.check_with_netvm('ipv6', False): return self.visible_ip6 if self.provides_network else \ None return None @@ -264,7 +258,7 @@ def dns(self): def dns6(self): '''IPv6 DNS servers set up for this domain.''' if self.features.check_with_netvm('ipv6', False) and \ - self.features.check_with_template("supported-feature.ipv6", \ + self.features.check_with_template("supported-feature.ipv6dns", \ False) and (self.netvm is not None or self.provides_network): return StrSerializableTuple(( 'fd09:24ef:4179::a8b:1', From 751518b616a0999ca358cb8042c74c109dcf601c Mon Sep 17 00:00:00 2001 From: 1cho1ce <1choice4u@proton.me> Date: Tue, 10 Oct 2023 15:19:53 +0000 Subject: [PATCH 9/9] Fix test --- qubes/tests/api_admin.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes/tests/api_admin.py b/qubes/tests/api_admin.py index 61b8f7414..6510ca797 100644 --- a/qubes/tests/api_admin.py +++ b/qubes/tests/api_admin.py @@ -293,13 +293,13 @@ def test_029_vm_property_get_list_default(self): b'admin.vm.property.GetDefault', b'test-vm1', b'dns6') - self.assertEqual(value, 'default=True type=str ') + self.assertEqual(value, 'type=str ') self.vm.features['supported-feature.ipv6dns'] = '1' value = self.call_mgmt_func( - b'admin.vm.property.Get', + b'admin.vm.property.GetDefault', b'test-vm1', b'dns6') - self.assertEqual(value, 'default=True type=str fd09:24ef:4179::a8b:1 fd09:24ef:4179::a8b:2') + self.assertEqual(value, 'type=str fd09:24ef:4179::a8b:1 fd09:24ef:4179::a8b:2') def test_030_vm_property_set_vm(self): netvm = self.app.add_new_vm('AppVM', label='red', name='test-net',