El jueves, 18 de agosto de 2016, 10:50:14 (UTC-6), Marek Marczykowski-Górecki escribió: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On Thu, Aug 18, 2016 at 09:12:35AM -0700, Adrian Rocha wrote: > > El jueves, 18 de agosto de 2016, 9:45:44 (UTC-6), Marek > > Marczykowski-Górecki escribió: > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA256 > > > > > > On Thu, Aug 18, 2016 at 08:25:34AM -0700, Adrian Rocha wrote: > > > > El viernes, 12 de agosto de 2016, 2:34:52 (UTC-6), Marek > > > > Marczykowski-Górecki escribió: > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > > Hash: SHA256 > > > > > > > > > > On Thu, Aug 11, 2016 at 11:07:54AM -0700, Adrian Rocha wrote: > > > > > > Hi, > > > > > > > > > > > > I have two network devices and one only USB controller, so both > > > > > > devices are in the same VM (sys-usb). I want to route some app-VMs > > > > > > by one network and the rest by the other network, for that I have > > > > > > created two firewall VMs but both are connected to the same network > > > > > > VMs because, as I commented, I can not divide the network devices > > > > > > in different VMs. > > > > > > By default all the traffic is going by only one network device. > > > > > > This is the configuration in my sys-usb: > > > > > > > > > > > > [user@sys-usb ~]$ ip route list > > > > > > default via 172.20.1.1 dev enp0s0u2 proto static metric 100 > > > > > > default via 192.168.8.1 dev enp0s0u3 proto static metric 101 > > > > > > 10.137.4.8 dev vif2.0 scope link metric 32750 > > > > > > 10.137.4.29 dev vif9.0 scope link metric 32743 > > > > > > 172.20.0.0/21 dev enp0s0u2 proto kernel scope link src > > > > > > 172.20.2.255 metric 100 > > > > > > 192.168.8.0/24 dev enp0s0u3 proto kernel scope link src > > > > > > 192.168.8.100 metric 100 > > > > > > > > > > > > The firewall IPs are 10.137.4.8 and 10.137.4.29 > > > > > > > > > > > > I know how to route a traffic to an specific IP using "ip route > > > > > > add" to a determined device network, but How can I route the > > > > > > complete traffic from one firewall VM by one device network and the > > > > > > traffic from other firewall VM by the other device network? > > > > > > > > > > Source based-routing is tricky in Linux in general. You can search for > > > > > some guides on the internet. > > > > > > > > > > But alternatively, on Qubes R3.2, you can assign one of those USB > > > > > devices to different VM - some separate netvm, or even one of those > > > > > firewallvms directly (and do not attach this firewallvm to any netvm). > > > > > It may work slightly slower, but should be much easier. > > > > > > > > Thanks for your tip Marek, but I am having an error with the USB assign: > > > > > > > > The ethernet adapter in the sys-usb VM: > > > > [user@sys-usb ~]$ lsusb > > > > ... > > > > Bus 005 Device 002: ID 0b95:1790 ASIX Electronics Corp. AX88179 Gigabit > > > > Ethernet > > > > ... > > > > > > > > And when I try to assing them to the sys-net VM in dom0: > > > > [user@dom0 ~]$ qvm-usb > > > > sys-usb:4-6 06cb:1ac3 SYNAPTICS_Synaptics_Large_Touch_Screen > > > > sys-usb:5-2 0b95:1790 ASIX_Elec._Corp._AX88179_000000000000:9 > > > > sys-usb:4-9 8087:07dc 8087_07dc > > > > sys-usb:4-11 0bda:573c > > > > CN0Y2TKG7248741DA3RDA00_Integrated_Webcam_HD_200901010001 > > > > [user@dom0 ~]$ qvm-usb -a sys-net sys-usb:5-2 > > > > ERROR: Device attach failed: /usr/lib/qubes/usb-import: line 51: > > > > printf: write error: Invalid argument > > > > > > > > Any idea or a detailed reference about this functionality? > > > > > > Check kernel messages in sys-net. It looks like kernel driver rejects > > > this device for some reason. > > > > > > > This is the message in sys-net: > > [ 3116.501714] vhci_hcd: Failed attach request for unsupported USB speed: > > super-speed > > > > And I see this in sys-usb: > > [ 3095.918081] usbip-host 5-2: stub up > > [ 3095.920893] usbip-host 5-2: recv a header, 0 > > [ 3096.023678] usbip-host 5-2: reset SuperSpeed USB device number 2 using > > xhci_hcd > > [ 3096.038562] usbip-host 5-2: device reset > > Ok, so the reason is the device being USB3.0, which isn't supported by > the driver, unfortunately. Try plugging it into USB2.0 port. > > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJXtec+AAoJENuP0xzK19csRRQH/3RZvDbnNoPIDu27fOQz4Ef3 > acENkrr6Or7Pw09eRLitxG+RfrNsAAVsCs0ohpm7qrlXYZW0F0D3xFsHwAeDEs94 > QzAqdMjUfQorDJRqriPQwoGiBENKbp0pyDPGh8i25j4GdJV86A/2in+3dgCkeLT9 > MX++fId0aQKVfu+4NTsF9dbizNWF3y12kpjCEyam12exT9n+4Zj1+Uc2XBfAW2B6 > OAlzYfnOslaTKk+dn/gsDJlsBfrkUh+3z1FQodFOOf41HfCsN7rYuoJF5KUcA3vM > WFCfXBKa0pEpnXPwJkdGnvf3Yk9rb03oB84cvRjuQfGmAI9+USro9hpjxjMrdI8= > =Gqjj > -----END PGP SIGNATURE-----
Ahh ok, I tried in the USB 2.0 port, and now I can assign it. But I see in the sys-net that it is recognized for a while but never connects to the network. After a few seconds the device returns to the sys-usb VM. This are de messages in sys-net VM: [ 7277.118612] vhci_hcd vhci_hcd: rhport(0) sockfd(0) devid(262154) speed(3) speed_str(high-speed) [ 7277.321126] usb 2-1: new high-speed USB device number 2 using vhci_hcd [ 7277.526125] usb 2-1: new high-speed USB device number 3 using vhci_hcd [ 7277.731179] usb 2-1: new high-speed USB device number 4 using vhci_hcd [ 7277.731224] usb 2-1: SetAddress Request (4) to port 0 [ 7277.754530] usb 2-1: New USB device found, idVendor=0b95, idProduct=1790 [ 7277.754571] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 7277.754598] usb 2-1: Product: AX88179 [ 7277.754617] usb 2-1: Manufacturer: ASIX Elec. Corp. [ 7277.754629] usb 2-1: SerialNumber: 000000000000:9 [ 7279.201825] ax88179_178a 2-1:1.0 eth0: register 'ax88179_178a' at usb-vhci_hcd-1, ASIX AX88179 USB 3.0 Gigabit Ethernet, a0:ce:c8:01:9d:5a [ 7279.201937] usbcore: registered new interface driver ax88179_178a [ 7279.232276] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready [ 7279.582818] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready [ 7282.764712] ax88179_178a 2-1:1.0 eth0: ax88179 - Link status is: 1 [ 7282.773797] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready [ 7323.025920] vhci_hcd: connection closed [ 7323.025957] vhci_hcd: stop threads [ 7323.025964] vhci_hcd: release socket [ 7323.025968] vhci_hcd: disconnect device [ 7323.025996] usb 2-1: USB disconnect, device number 4 [ 7323.026060] vhci_hcd: dequeue a urb ffff88000bfff6c0 [ 7323.026065] vhci_hcd: device ffff880007b3c298 seems to be disconnected [ 7323.026069] vhci_hcd: gives back urb ffff88000bfff6c0 [ 7323.026072] vhci_hcd: dequeue a urb ffff88000539f9c0 [ 7323.026076] vhci_hcd: device ffff880007b3c298 seems to be disconnected [ 7323.026079] vhci_hcd: gives back urb ffff88000539f9c0 [ 7323.026083] vhci_hcd: dequeue a urb ffff88000539f180 [ 7323.026086] vhci_hcd: device ffff880007b3c298 seems to be disconnected [ 7323.026090] vhci_hcd: gives back urb ffff88000539f180 [ 7323.026093] vhci_hcd: dequeue a urb ffff88000539f0c0 [ 7323.026096] vhci_hcd: device ffff880007b3c298 seems to be disconnected [ 7323.026099] vhci_hcd: gives back urb ffff88000539f0c0 [ 7323.026116] vhci_hcd: dequeue a urb ffff8800079d56c0 [ 7323.026119] vhci_hcd: device ffff880007b3c298 seems to be disconnected [ 7323.026122] vhci_hcd: gives back urb ffff8800079d56c0 [ 7323.026127] vhci_hcd: dequeue a urb ffff8800079d5240 [ 7323.026130] vhci_hcd: device ffff880007b3c298 seems to be disconnected [ 7323.026134] vhci_hcd: gives back urb ffff8800079d5240 [ 7323.026137] vhci_hcd: dequeue a urb ffff8800079d53c0 [ 7323.026140] vhci_hcd: device ffff880007b3c298 seems to be disconnected [ 7323.026143] vhci_hcd: gives back urb ffff8800079d53c0 [ 7323.026146] vhci_hcd: dequeue a urb ffff8800079d5600 [ 7323.026149] vhci_hcd: device ffff880007b3c298 seems to be disconnected [ 7323.026153] vhci_hcd: gives back urb ffff8800079d5600 [ 7323.026156] vhci_hcd: dequeue a urb ffff8800079d5780 [ 7323.026159] vhci_hcd: device ffff880007b3c298 seems to be disconnected [ 7323.026163] vhci_hcd: gives back urb ffff8800079d5780 [ 7323.026166] vhci_hcd: dequeue a urb ffff8800079d5e40 [ 7323.026169] vhci_hcd: device ffff880007b3c298 seems to be disconnected [ 7323.026172] vhci_hcd: gives back urb ffff8800079d5e40 [ 7323.026176] vhci_hcd: dequeue a urb ffff88000099d6c0 [ 7323.026179] vhci_hcd: device ffff880007b3c298 seems to be disconnected [ 7323.026182] vhci_hcd: gives back urb ffff88000099d6c0 [ 7323.026185] vhci_hcd: dequeue a urb ffff8800079d5cc0 [ 7323.026190] vhci_hcd: device ffff880007b3c298 seems to be disconnected [ 7323.026194] vhci_hcd: gives back urb ffff8800079d5cc0 [ 7323.026197] vhci_hcd: dequeue a urb ffff8800079d5b40 [ 7323.026200] vhci_hcd: device ffff880007b3c298 seems to be disconnected [ 7323.026203] vhci_hcd: gives back urb ffff8800079d5b40 [ 7323.026206] vhci_hcd: dequeue a urb ffff88000b2eed80 [ 7323.026209] vhci_hcd: device ffff880007b3c298 seems to be disconnected [ 7323.026212] vhci_hcd: gives back urb ffff88000b2eed80 [ 7323.026225] ax88179_178a 2-1:1.0 eth0: unregister 'ax88179_178a' usb-vhci_hcd-1, ASIX AX88179 USB 3.0 Gigabit Ethernet [ 7323.026250] ax88179_178a 2-1:1.0 eth0: Failed to read reg index 0x0002: -19 [ 7323.026256] ax88179_178a 2-1:1.0 eth0: Failed to write reg index 0x0002: -19 [ 7323.030710] ax88179_178a 2-1:1.0 eth0 (unregistered): Failed to write reg index 0x0002: -19 [ 7323.030720] ax88179_178a 2-1:1.0 eth0 (unregistered): Failed to write reg index 0x0001: -19 [ 7323.030726] ax88179_178a 2-1:1.0 eth0 (unregistered): Failed to write reg index 0x0002: -19 It's like a restart in the module. This is that I see from dom0: [user@dom0 ~]$ qvm-usb sys-usb:4-6 06cb:1ac3 SYNAPTICS_Synaptics_Large_Touch_Screen sys-usb:4-3 0b95:1790 ASIX_Elec._Corp._AX88179_000000000000:9 sys-usb:4-9 8087:07dc 8087_07dc sys-usb:4-11 0bda:573c CN0Y2TKG7248741DA3RDA00_Integrated_Webcam_HD_200901010001 [user@dom0 ~]$ qvm-usb -a sys-net sys-usb:4-3 [user@dom0 ~]$ qvm-usb sys-usb:4-6 06cb:1ac3 SYNAPTICS_Synaptics_Large_Touch_Screen sys-usb:4-3 0b95:1790 ASIX_Elec._Corp._AX88179_000000000000:9 (attached to sys-net) sys-usb:4-9 8087:07dc 8087_07dc sys-usb:4-11 0bda:573c CN0Y2TKG7248741DA3RDA00_Integrated_Webcam_HD_200901010001 [user@dom0 ~]$ qvm-usb [user@dom0 ~]$ qvm-usb sys-usb:3-3 0b95:1790 ASIX_Elec._Corp._AX88179_000000000000:9 sys-usb:3-9 8087:07dc 8087_07dc sys-usb:3-6 06cb:1ac3 SYNAPTICS_Synaptics_Large_Touch_Screen sys-usb:3-11 0bda:573c CN0Y2TKG7248741DA3RDA00_Integrated_Webcam_HD_200901010001 [user@dom0 ~]$ Best Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d6dd13c3-9061-4ba8-a11b-7708516b20b7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
