Re: [Tails-dev] Please review and merge bugfix/disable-IPv6

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Please review and merge bugfix/disable-IPv6
Hi,

anonym wrote (30 Nov 2012 16:36:28 GMT) :
> I merged this branch any way since it still makes sense.


Great. I'll take care of splitting the remaining tasks out into
tickets that won't get closed with 0.16.

>>    I could reproduce it neither with nor without the bugfix branch.
> Assuming you too use libvirt, what is your network setup


Probably a bit more complicated than the default bridge setup.

I don't like to see a bridge shared between my guests, and filtering
at this level, so I'm using a virtual routed network, with NAT and
forwarding deal with by shorewall on the host; simplified config:

<network>
  <name>routed</name>
  <uuid>obfuscated</uuid>
  <forward mode='route'/>
  <bridge name='vmz0' stp='on' delay='0' />
  <mac address='52:54:00:xx:xx:xx'/>
  <domain name='lan'/>
  <ip address='obfuscated' netmask='255.255.255.224'>
    <dhcp>
      <range start='obfuscated' end='obfuscated' />
    </dhcp>
  </ip>
</network>


> and sniffer setup?


Exactly the one that's documented on our test process:

  $ sudo tcpdump -n -i vnet0 -w dump                      


(vnet0 being the virtual network interface, on the host, that's
"connected with a direct cable" with the guest's own virtual network
interface. Another virtual network interface, on the host, is used to
act as a router / DHCP server / etc.)

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc