Noticed a strange thing: if I do not run new dispVMs for a while, “old” preloaded dispVMs appear with non-functional networking. I can ping internal qubes network, but outside connectivity does not work – seemingly NAT rules for them expire somehow.
Did you do anything special in the meantime, like suspend / resume, changing a netvm, etc… ?
apparently, no! however, could restart netvm. will try to reproduce.
Please ping me once you can reproduce it (I won’t get notified otherwise).
Also, don’t turn off the disposables once that happens, I will try to provide guidance once that happens.
For now, I’d say, when that happens:
Are you using IPv6?
On the disposable that was preloaded:
ip r
ip -4 a show dev eth0
# if the last command doesn't show enough
ip a
On the netvm:
ip r
Can you see the IP of the disposable in the netvm?
My uplink is v4-only. Did not manage to reproduce the bug yet.
This might fix it:
3 Likes
Has this worked its way into rc3 because I have a similar problem but only when a restart, after an upgrade, is needed. After an upgrade and a restart the remaining (in my case 2) preloaded disposables - once started will not connect to the internet.
Yes. This seems like a different issue.
Can you explain in steps this again?
- Configured to preload 2 disposable
- Updated using the Updater GUI
- In the end, when it shuts down the template, it restart the preloaded disposables, but attempting to use them result in lack of networking
This is what I understand, please add more details if necessary. Can you attempt the same using a disposable template without preloaded disposables?
- Clone
default-dvmtodefault-dvm-test - Disable preloading (set to 0) for
default-dvm-test - Update a template
- Check if there is networking on disposables based of each disposable template:
qvm-run -p --dispvm=default-dvm -- 'ip r; ping qubes-os.org'qvm-run -p --dispvm=default-dvm-test -- 'ip r; ping qubes-os.org'- You may also launch Firefox from the app menu to test networking, but
ip rstill has to be run from the terminal
- On another terminal in dom0, watch the qubesd logs, it might tell if there was a net device attach/detach failure:
sudo journalctl -fu qubesd
So to the first part of your answer
Its actually the resarting of sys-firewall, sys-net, syd-usb that triggers the issue. So on starting the next x preloaded disposable qube it cannot access the internet. Normal non disposable qubes will connect to the internet. It seems that after the pre defined preloaded qubes are flushed out then networking restarts on the next disposable that are started.
HTH
Will try the second part and reply asap
default-dvm does not have networking
default-dvm-test has networking
WARNING: vm.disp7295: Deferred attaching libvirt net device because qube is paused
I get one of the above warnings for every preloaded qube.
HTH
Confirmed. Can you please open an issue on Github?
ip rorip adoesn’t show any issue- the qube has the correct gateway in
qubesdb, but the gateway has not registered the client in the routing table - after disconnecting
netvmproperty (setting to ‘’) and reverting to the default ofsys-firewall, the gateway routing table is updated and the qube can connect
@marmarek have you seen this?
This is fine. You may also see vm.disp7295: Deferred detaching ....
The easiest way to get to the issue is:
- Preload
- Restart its netvm
- Try to ping
I believe the issue is, when it connects to the same netvm it already has, it doesn’t try to reattach because I was thinking of switching between netvms and then switching back to the original netvm. But in this case, because the netvm shuts down, it clears the routing table, and as it doesn’t try to reatach, the netvm is not notified that the client exists.
Seems to be related to never setting the deferred-netvm-original as it is only called if the netvm property has changed.
could be related to Apply fix for quick network reconnect after backend destroy by marmarek · Pull Request #1193 · QubesOS/qubes-linux-kernel · GitHub maybe? The patch wasn’t merged upstream yet.
After trying a few combinations it seems for me at least, that it is not restarting sys-net that causes the issue, it is restarting sys-firewall.
The issue was the deferred netvm feature was not being set on current netvm shutdown. This should fix it for current netvm shutdown or restart.