gaschz/qubes-network-server
1
0
Fork 0
mirror of https://github.com/Rudd-O/qubes-network-server.git synced 2025-03-01 14:22:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
qubes-network-server/TODO
Manuel Amador (Rudd-O) d88a8f9d12 Add more TODO notes.
2016-10-12 17:09:10 +00:00

38 lines
1.7 KiB
Plaintext
Raw Permalink Blame History

To do list:
* Make the system do the right thing (withdraw ip neigh /
ip route / iptables rules) when VMs power off or when
their network gets detached.
Right now the rules are only reconfigured when:
* a VM starts (ancestor VMs get reconfigured)
* a VM gets unpaused (same as before)
* a VM network gets attached (same as before)
* a VM's FW rules get altered (parent ProxyVM and sibling
VMs get reconfigured, and this reconfiguration only
affects iptables rules)
* Make the system do the right thing when `static_ip`
is changed / enabled / disabled, without requiring a
VM restart.
* Key point (but not only point): appvm fwrules that
were setup need to be un-setup, which means that
our current algorithm "look at VMs with static_ip"
will not work to un-setup those fwrules.
* Define very clearly when fw state is modified
for appvm, as that requires execution of code
in the appvm, and tracking how and when to
undo that state transition.
* VM's entire IP and everything will be different,
and this setup only occurs during initial boot of the
VM, so it may be inevitable to force a restart of
the VM. It depends on what kind of stuff depends on
the IP being set early on boot. VM rounting tables,
ifconfig, stuff like ip neigh on the ancestor VMS,
firewall rules, et cetera.
* Evaluate network access permissions when appvm
is attached to netvm, vs attached to proxyvm to netvm,
vs attached to proxyvm to proxyvm to netvm.
* Prolly need to write some important automated tests.
* Document entry points of the plugin that activate
code from the plugin, and under which circumstances / events
these pieces of code run.
Reference in New Issue View Git Blame Copy Permalink