Qubes networking interface

hello

i am looking for where to find the networking interfaces for the virtual interfaces and details of them.

how do i disable internal handout of ip addresses to guests that are ‘behind’ other machines?

i have machine with 12 threads but pc says i only have 6 cores can i not tell it to use all 12 threads?

how do i set up different pools of threads for different guests to use please?

thanking you

What do you want to achieve?
Why not just set the net qube to none?

i want to set up for multiple network cards coming in.
have the 2 interfaces come to one point behind the 2 different firewalls but one card will go through several other guests before reaching that machine that will be providing the dhcp for the vif internally connected.

if this is intel issue why is it disable on amd?

very interesting, good to know thanks

i will try to get this all going and make it work
i do not know why any of these did not show when searching for it as it contains all the keywords i used. thanks

I couldn’t understand the setup that you want from your description. Can you create a flowchart or describe in more details which qubes will have network cards passthrough to them and how will they interconnect with other qubes?

Quote from the linked QSB-43:

However, we believe there is a risk
that similar issues will be discovered in the future, and that having
hyper-threading disabled may mitigate those issues, as it does this one.
Therefore, we recommend that most users leave hyper-threading disabled
regardless of whether they use HVM qubes.

i think that this will be a reasonable example of what i am meaning


in this diagram…

  • sys-fw give ip addresses to 2 guests.
  • sys-comms will provide connection to the 2 of the guests as well which is completely static addresses
  • machine 3 is behind sys-comms which gets the ip from sys-comms as vm1 and vm2 will do for their secondary nics as well.
  • sys-fw-2 also connects to sys-comms and sys-fw-2 doe not provide ip to sys-comms and is just a connection

does this make sense?

i can not find that paragraph in either of the pages to be able to determine if that relates to what and how.
any chance of direct link please?

You can connect the qube to the multiple other qubes by editing its Xen config in dom0.
Custom libvirt config — core-admin v4.3.11-0-gdef2249 documentation
Create /etc/qubes/templates/libvirt/xen-user.xml file with this content:

<!-- import default template-->
{% extends 'libvirt/xen.xml' %}
<!-- we wanna alter the devices block -->
{% block devices %}
    <!-- import default device block -->
    {{ super() }}
    <!-- First network interface will be connected to the net qube defined in this qube Settings -->
    <!-- Add second interface that will be connected to e.g. sys-firewall2 -->
    <!-- The default MAC address of the first interface is 00:16:3e:5e:6c:00 so set the MAC address of the secind interface to the different one e.g. 00:16:3e:5e:6c:01  -->
    <!-- Set the interface IP to some value that won't overlap with the IP assigned to qubes by default e.g. 10.137.254.254 -->
    {% if vm.name == 'YourQubeName' -%}
        <interface type='ethernet'>
          <mac address='00:16:3e:5e:6c:01'/>
          <ip address='10.137.254.254' family='ipv4'/>
          <script path='vif-route-qubes'/>
          <backenddomain name='sys-firewall2'/>
        </interface>
    {% endif -%}
{% endblock %}

This will create two network interfaces in YourQubeName qube.
But you’ll need to edit the network configurations scripts in YourQubeName qube to configure second interface properly.
You can start with looking at this scrpit /usr/lib/qubes/setup-ip to see how can you modify it or some other related script to configure the second interface properly.

QSB #43: L1 Terminal Fault speculative side channel (XSA-273) | Qubes OS

That makes it very easy to do thanks.
If tha is all that is needed then I should have no issues with setting up any form of networking that I need.

Much appreciated.

That is interesting.

I have never had any issues when having hyper threading enabled even in version 3. Or 2 or 1.

Maybe I was lucky with it all?