Various fixes and improvements.
- Add TPM2.0 - Fix network creating now needing a small delay between steps. - Change nft chains to lowercase - Have name for bridge and tap devices be (br|tap)-$n where n is the next available integer.
This commit is contained in:
parent
f103af50f6
commit
5ceb706fb0
5 changed files with 67 additions and 26 deletions
|
|
@ -1,4 +1,4 @@
|
|||
-netdev tap,id=net0,br=$BR_NAME,ifname=$TAP_NAME,script=no,downscript=no
|
||||
-device rtl8139,netdev=net0
|
||||
-device e1000,netdev=net0
|
||||
-audiodev pa,id=snd0,server=unix:/run/user/$MYUID/pulse/native
|
||||
-device intel-hda -device hda-duplex,audiodev=snd0
|
||||
|
|
|
|||
|
|
@ -5,6 +5,9 @@
|
|||
-device usb-host,hostbus=1,hostport=11.4
|
||||
-device vfio-pci,host=$GPU_ID,multifunction=on,id=gpu,romfile=$GPU_ROM
|
||||
-device vfio-pci,host=$AUDIO_ID,id=audio
|
||||
-chardev socket,id=chrtpm,path=$TPM_PATH/swtpm-sock
|
||||
-tpmdev emulator,id=tpm0,chardev=chrtpm
|
||||
-device tpm-tis,tpmdev=tpm0
|
||||
-object input-linux,id=kbd11,evdev=/dev/input/by-id/usb-Wooting_WootingTwo_WOOT_001_A01B1852W021H00067-event-if04
|
||||
-object input-linux,id=kbd12,evdev=/dev/input/by-id/usb-Wooting_WootingTwo_WOOT_001_A01B1852W021H00067-if03-event-kbd,grab_all=on,repeat=on
|
||||
-object input-linux,id=mouse11,evdev=/dev/input/by-id/usb-Mad_Catz_Global_MADCATZ_R.A.T._8+_gaming_mouse-event-if01
|
||||
|
|
|
|||
|
|
@ -4,3 +4,7 @@ export GPU_ROM=/opt/vm/1080ti_asus.rom
|
|||
export GPU_ID='0000:65:00.0'
|
||||
export AUDIO_ID='0000:65:00.1'
|
||||
|
||||
export TPM_PATH="/opt/vm/tpm/"
|
||||
mkdir -p "$TPM_PATH$(mktemp --directory)"
|
||||
swtpm socket --tpm2 --tpmstate dir="$TPM_PATH" --ctrl type=unixio,path="$TPM_PATH/swtpm-sock" &
|
||||
disown -h "$!"
|
||||
|
|
|
|||
80
net
80
net
|
|
@ -7,7 +7,7 @@ BASE_BRIDGE_NAME=br-q
|
|||
BASE_TAP_NAME=tap-q
|
||||
|
||||
randstr() {
|
||||
dd if=/dev/urandom count=1 bs=4 2>/dev/null | xxd -p -g 0
|
||||
dd if=/dev/urandom count=1 bs=3 2>/dev/null | xxd -p -g 0
|
||||
}
|
||||
|
||||
default_route() {
|
||||
|
|
@ -114,6 +114,31 @@ nft_rev() {
|
|||
nft "$@"
|
||||
}
|
||||
|
||||
|
||||
get_bridge_name() {
|
||||
for i in {1..255}; do
|
||||
br_name="br$i"
|
||||
link_names="$(ip link list | awk -F:\ '/^[0-9]+: br.*/ {print $2}')"
|
||||
if [[ -z "$link_names" ]] || echo "$link_names" | grep -vq "$br_name"; then
|
||||
echo "$br_name"
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
return 1
|
||||
}
|
||||
|
||||
get_tap_name() {
|
||||
for i in {1..255}; do
|
||||
tap_name="tap$i"
|
||||
link_names="$(ip link list | awk -F:\ '/^[0-9]+: tap.*/ {print $2}')"
|
||||
if [[ -z "$link_names" ]] || echo "$link_names" | grep -vq "$tap_name"; then
|
||||
echo "$tap_name"
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
return 1
|
||||
}
|
||||
|
||||
create() {
|
||||
local next_subnet
|
||||
|
||||
|
|
@ -124,46 +149,53 @@ create() {
|
|||
local dnsmasq_pid
|
||||
|
||||
next_subnet="$(find_next_subnet)"
|
||||
dhcp_subnet="$next_subnet.0.1/16"
|
||||
dhcp_range="$next_subnet.0.2,$next_subnet.255.254"
|
||||
dhcp_subnet="$next_subnet.0.1/24"
|
||||
dhcp_range="$next_subnet.0.100,$next_subnet.0.200"
|
||||
|
||||
bridge_name="$BASE_BRIDGE_NAME-$(randstr)"
|
||||
tap_name="$BASE_TAP_NAME-$(randstr)"
|
||||
bridge_name="$(get_bridge_name)"
|
||||
tap_name="$(get_tap_name)"
|
||||
echo "$bridge_name"
|
||||
echo "$tap_name"
|
||||
|
||||
echo > "$NET_CONF_FILE"
|
||||
|
||||
ip link add name "$bridge_name" type bridge
|
||||
echo "bridge_name='$bridge_name'" >> "$NET_CONF_FILE"
|
||||
ip addr add "$dhcp_subnet" dev "$bridge_name"
|
||||
ip link set dev "$bridge_name" up
|
||||
ip tuntap add "$tap_name" mode tap
|
||||
echo "tap_name='$tap_name'" >> "$NET_CONF_FILE"
|
||||
ip link set "$tap_name" up
|
||||
ip link set dev "$tap_name" master "$bridge_name"
|
||||
dnsmasq -k --interface="$bridge_name" --bind-interface \
|
||||
--dhcp-range="$dhcp_range" &
|
||||
set -x
|
||||
modprobe tun tap
|
||||
ip link add "$bridge_name" type bridge && sleep .1
|
||||
ip tuntap add dev "$tap_name" mode tap && sleep .1
|
||||
ip link set dev "$tap_name" master "$bridge_name" && sleep .1
|
||||
ip link set dev "$bridge_name" up && sleep .1
|
||||
ip link set dev "$tap_name" up && sleep .1
|
||||
ip addr add "$dhcp_subnet" dev "$bridge_name" && sleep .1
|
||||
ip link set dev "$bridge_name" up && sleep .1
|
||||
ip link set dev "$tap_name" up && sleep .1
|
||||
set +x
|
||||
ip addr
|
||||
dnsmasq -d --interface="$bridge_name" --bind-interface --dhcp-range="$dhcp_range" &
|
||||
dnsmasq_pid="$!"
|
||||
echo "bridge_name='$bridge_name'" >> "$NET_CONF_FILE"
|
||||
echo "tap_name='$tap_name'" >> "$NET_CONF_FILE"
|
||||
echo "dnsmasq_pid='$dnsmasq_pid'" >> "$NET_CONF_FILE"
|
||||
disown -h "$dnsmasq_pid"
|
||||
|
||||
echo "nft_ruleset='$(nft -s list ruleset)'" >> "$NET_CONF_FILE"
|
||||
|
||||
# dhcp
|
||||
nft_rev add rule ip filter INPUT udp dport 67 accept
|
||||
nft_rev add rule ip filter INPUT tcp dport 67 accept
|
||||
nft_rev add rule ip filter input udp dport 67 accept
|
||||
nft_rev add rule ip filter input tcp dport 67 accept
|
||||
# dns
|
||||
nft_rev add rule ip filter INPUT udp dport 53 accept
|
||||
nft_rev add rule ip filter INPUT tcp dport 53 accept
|
||||
nft_rev add rule ip filter input udp dport 53 accept
|
||||
nft_rev add rule ip filter input tcp dport 53 accept
|
||||
# scream
|
||||
nft_rev add rule ip filter INPUT udp dport 4010 accept
|
||||
nft_rev add rule ip filter INPUT tcp dport 4010 accept
|
||||
nft_rev add rule ip filter input udp dport 4010 accept
|
||||
nft_rev add rule ip filter input tcp dport 4010 accept
|
||||
|
||||
# forward bridge
|
||||
nft_rev add rule ip filter FORWARD iifname "$bridge_name" \
|
||||
nft_rev add rule ip filter forward iifname "$bridge_name" \
|
||||
counter packets 0 bytes 0 accept
|
||||
nft_rev add rule ip filter FORWARD oifname "$bridge_name" \
|
||||
nft_rev add rule ip filter forward oifname "$bridge_name" \
|
||||
counter packets 0 bytes 0 accept
|
||||
nft_rev add rule ip nat POSTROUTING oifname "$(default_route)" \
|
||||
nft_rev add rule ip nat postrouting oifname "$(default_route)" \
|
||||
counter masquerade
|
||||
}
|
||||
|
||||
|
|
|
|||
4
start
4
start
|
|
@ -61,7 +61,7 @@ IFS="$old_IFS"
|
|||
# efi variables
|
||||
EFI_VARS="$(mktemp)"
|
||||
cp /usr/share/ovmf/x64/OVMF_VARS.fd "$EFI_VARS"
|
||||
EFI_FIRMWARE=/usr/share/ovmf/x64/OVMF_CODE.fd
|
||||
EFI_FIRMWARE=/usr/share/ovmf/x64/OVMF_CODE.secboot.fd
|
||||
|
||||
source config.conf
|
||||
|
||||
|
|
@ -132,6 +132,7 @@ read -ra specific_arguments -d '' < "$o_specific_path" || true
|
|||
|
||||
# preven host from using vm cpus
|
||||
|
||||
set -x
|
||||
$SUDO qemu-system-x86_64 \
|
||||
-name "$VMNAME,process=VMNAME,debug-threads=on" \
|
||||
-daemonize -pidfile "$PIDFILE" \
|
||||
|
|
@ -142,6 +143,7 @@ $SUDO qemu-system-x86_64 \
|
|||
"${default_arguments[@]}" \
|
||||
"${hardware_arguments[@]}" \
|
||||
"${specific_arguments[@]}" || true
|
||||
set +x
|
||||
$SUDO cat "$PIDFILE"
|
||||
$SUDO qemu-affinity \
|
||||
-k $(./cpus decompress_seq "$(./cpus compute_vm $NUM_PROCESSORS)") \
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue