...

vm.py

@@ -356,9 +356,12 @@ def has_write_acces(ucred, vm: str):
 ########################
 
 @internal_cmd
-def get_ip(vm: str) -> str:
+def get_ip(vm: str) -> Optional[str]:
     network_dir = vm_dir(vm)+"network/"
+    try:
         net_id = open(network_dir+"net_id").read().strip()
+    except FileNotFoundError:
+        return None
     return f'{net_prefix}.{net_id}.150'
 
 @internal_cmd
@@ -503,8 +506,8 @@ def kill(ucred, vm: str):
 
 @cmd
 @daemon()
-def pause(ucred, vm: str):
-    vm = name_to_id(vm)
+def pause(ucred, vm: Identification):
+    vm, user = ident
     assert has_write_acces(ucred, vm)
 
     if backend == backend_vbox:
@@ -515,8 +518,8 @@ def pause(ucred, vm: str):
         raise NotImplementedError()
 @cmd
 @daemon()
-def resume(ucred, vm: str):
-    vm = name_to_id(vm)
+def resume(ucred, ident: Identification):
+    vm, user = ident
     assert has_write_acces(ucred, vm)
 
     if backend == backend_vbox:
@@ -739,10 +742,11 @@ def create_net(ucred, vm: str):
         add chain inet filter input_from_{interface}
         add chain inet filter forward_from_{interface}
         add chain inet filter forward_to_{interface}
+        add chain inet filter forward_from_{interface}
 
-        insert rule inet filter input iifname {interface} jump input_from_{interface}
-        insert rule inet filter forward iifname {interface} jump forward_from_{interface}
-        insert rule inet filter forward oifname {interface} jump forward_to_{interface}
+        insert rule inet filter input_from_vm iifname {interface} jump input_from_{interface}
+        insert rule inet filter forward_from_vm iifname {interface} jump forward_from_{interface}
+        insert rule inet filter forward_to_vm oifname {interface} jump forward_to_{interface}
     """)
     modify_net(ucred, vm)
     #nft("add rule inet filter forward iifname wlp1s0 accept")
@@ -769,6 +773,7 @@ def create_net(ucred, vm: str):
             f.write(S-f"""
             #!/bin/sh
             ifconfig {interface} {net_prefix}.{net_id}.1 netmask 255.255.255.0 up
+            ip route add {net_prefix}.{net_id}.0/24 dev {interface} table 38
             dhcpd -4 -cf network/dhcp.config -pf network/dhcp.pid -lf network/dhcp.lp {interface}
             """)
         with open(network_dir+"down.sh", "w") as f:
@@ -779,7 +784,7 @@ def create_net(ucred, vm: str):
 
 @internal_cmd
 @daemon()
-def modify_net(ucred, vm: str, wan: bool = False, lan: bool = False, pc: bool = False, pc_all: bool =  False):
+def modify_net(ucred, vm: str, wan: bool = False, lan: bool = False, pc: bool = False, pc_all: bool =  False, route_table: int = 6, route_blackhole: bool = True):
     vm = name_to_id(vm)
     assert has_write_acces(ucred, vm)
     assert not (pc_all and not pc)
@@ -793,7 +798,9 @@ def modify_net(ucred, vm: str, wan: bool = False, lan: bool = False, pc: bool =
         pass
     todo = [f"flush chain inet filter input_from_{interface}",
             f"flush chain inet filter forward_from_{interface}",
-            f"flush chain inet filter forward_to_{interface}"]
+            f"flush chain inet filter forward_to_{interface}",
+            # f"flush chain inet route forward_from_{interface}",
+            ]
     todo.append(f"add rule inet filter input_from_{interface} ct state {{ established, related }} accept")
     if not pc:
         todo.append(f"add rule inet filter input_from_{interface} drop")
@@ -816,8 +823,12 @@ def modify_net(ucred, vm: str, wan: bool = False, lan: bool = False, pc: bool =
         todo.append(f"add rule inet filter forward_from_{interface} drop")
 
     todo.append(f"add rule inet filter forward_to_{interface} drop")
+
+    # todo.append(f"add rule inet route forward_from_{interface} meta mark set {fwmark}")
     nft("\n".join(todo))
 
+    r("ip-man", "replace_rule", "--iif", interface, *[ "--blackhole" for _ in [1] if route_blackhole], "--priority_base", "100", str(route_table))
+
 
 ########################
 # Using vm             #
@@ -938,7 +949,7 @@ def vncapp(ident: Identification, cmd: str, wayland: bool = False):
     unit_id = random.randint(100000, 999999)
     vnc_server, ident = start_vnc_server(ident, f"vncapp-vnc-{unit_id}", wayland=wayland)
     time.sleep(1)
-    app = subprocess.Popen(ssh_args(ident, f"systemd-run --unit vncapp-app-{unit_id} --user -P -E DISPLAY={ident.display} -E WAYLAND_DISPLAY={ident.wayland_display} bash  -c {escape_sh(cmd)}"));
+    app = subprocess.Popen(ssh_args(ident, f"{'swaymsg' if wayland else 'i3-msg'} bar mode invisible; systemd-run --unit vncapp-app-{unit_id} --user -P -E DISPLAY={ident.display} -E WAYLAND_DISPLAY={ident.wayland_display} bash  -c {escape_sh(cmd)}"));
     vnc_client = start_vnc_client(ident)
 
     def on_terminate(proc):
@@ -1022,7 +1033,6 @@ def get_ident_by_window(win_id: int = None):
 ########################
 
 def terminal_len(val: str) -> int:
-    # TODO
     return len(val)
 
 def format_table(table):
@@ -1047,7 +1057,7 @@ def index(color: bool = True):
             else:
                 out_state += " (NO PING)"
         out_rw = ('w' if has_write_acces(vm) else 'r') if has_read_acces(vm) else '-' 
-        out.append([vm, out_rw, name(vm), out_state, get_permanency(vm)])
+        out.append([vm, out_rw, name(vm), out_state, get_permanency(vm), get_ip(vm) or "None"])
     return format_table(out)
 
 
@@ -1257,7 +1267,13 @@ def extended_name(name: str) -> tuple[str, str]:
             else:
                 resume(vm)
     if net_options is not None:
-        modify_net(vm, wan="w" in net_options, lan="l" in net_options, pc="p" in net_options or "P" in net_options, pc_all="P" in net_options)
+        if any(ch.isnumeric() for ch in net_options):
+            route_table_ind = min(i for i, ch in enumerate(net_options) if ch.isnumeric())
+            route_table = int(net_options[route_table_ind:])
+            net_options = net_options[:route_table_ind]
+        else:
+            route_table = 6
+        modify_net(vm, wan="w" in net_options, lan="l" in net_options, pc="p" in net_options or "P" in net_options, pc_all="P" in net_options, route_table=route_table, route_blackhole="B" not in net_options)
     if permanency is not None:
         set_permanency(vm, permanency or "stable")