Add support for IPv6 Virtual DNS (#462) #592

3nprob · 2025-07-05T01:40:18Z

Add support for IPv6 Virtual DNS #462 resurrected
Fix merge conflicts
Address outstanding review feedback
Unify logic for generating firewall rules for ipv4/ipv6

3nprob · 2025-07-05T02:29:33Z

network/qubes-setup-dnat-to-ns

+                if dest is None or (vm_nameserver == dest and len(qubesdb_dns) == 0):
+                    rules += [
+                        f"ip{ip46} daddr {vm_nameserver} tcp dport 53 reject with icmp{ip46} type host-unreachable",
+                        f"ip{ip46} daddr {vm_nameserver} udp dport 53 reject with icmp{ip46} type host-unreachable",
+                    ]


This logic is new for ipv4. It is carried over from #462. (https://github.com/QubesOS/qubes-core-agent-linux/pull/462/files#r1487256297)
Previous version checked explicitly if /qubes-ip//qubes-netvm-primary-dns6 were specifically defined, rather than checking if any dns servers are defined for the family, as is being done here.

It looks like len(qubesdb_dns) == 0 is always false by this point (due to being inside the outer else) so not confident about the condition being correct here.

Not clear to me under exactly what conditions host-unreachable should be response. Reverted this whole part until there is clarity.

c0c7d42

See the discussion on the original PR: #462
The issue is if you have only IPv4 or only IPv6 DNS - then you wouldn't have address of such kind. And the reject rule is to avoid long timeouts when trying non-existing DNS and immediately fallback to the other one.

If you have a way to test it, try with:

only IPv4 DNS present

only IPv6 DNS present

both present

In all the cases, name resolution should keep working instantly. The tests I added in core-admin PR try to exercise those cases, but I'm not 100% if it will fail on slow fallback...

Ah, got it, thanks for the pointer.

Makes me think maybe this part could also be broken out separately... Presumably it wouldn't make much difference for users by itself concerning only IPv4 networking and should help with any debugging to have them as separate commits on main.

I probably won't be in a good place to test properly myself until after couple of weeks. For completion I guess "neither present" should also be explicitly tested (against leaks).

codecov · 2025-07-05T03:21:06Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 71.10%. Comparing base (4c5c36e) to head (c0c7d42).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #592   +/-   ##
=======================================
  Coverage   71.10%   71.10%           
=======================================
  Files           3        3           
  Lines         481      481           
=======================================
  Hits          342      342           
  Misses        139      139

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

qubes-rpc/post-install.d/10-qubes-core-agent-features.sh

network/qubes-setup-dnat-to-ns

init/functions

* origin/pr/595: chore(network-agent): consistently memoize ip_address stringification perf(network-agent): use cycle instead of manually doubling nameserver list for zip Pull request description: - I guess the existing memoization of `dns_` is for efficiency reasons? This uses the same pattern for the other `ip_address` instance in the string `vm_nameserver`. If nothing else it makes it more consistent. - Use `itertools.cycle` instead of list-doubling to match up `zip` side lengths. - Broken out from #592

marmarek · 2025-07-06T03:17:00Z

Now that the smaller PRs are in (the last one is still going through CI), this will need a rebase (dropping those already merged commits) to resolve conflicts.

3nprob · 2025-07-06T03:37:42Z

Now that the smaller PRs are in (the last one is still going through CI), this will need a rebase (dropping those already merged commits) to resolve conflicts.

Rebased. Ended up squashing all the existing commits on this branch. (lmk if you prefer to retain history during review in situations like this)

marmarek · 2025-07-07T11:23:51Z

openQA run is still in progress, but I already see some failures:
https://openqa.qubes-os.org/tests/145922#step/clipboard_and_web/19

[2025-07-07 07:09:42] [   11.559294] resolvectl[699]: �[0;1;31mFailed to parse DNS server address: �[0m
[2025-07-07 07:09:42] [   11.560408] resolvectl[699]: �[0;1;31mFailed to set DNS configuration: Invalid argument�[0m
[2025-07-07 07:09:42] [   11.563336] systemd[1]: �[0;1;[email protected]: Main process exited, code=exited, status=1/FAILURE�[0m
[2025-07-07 07:09:42] [   11.564178] systemd[1]: �[0;1;38:5:[email protected]: Failed with result 'exit-code'.�[0m
[2025-07-07 07:09:42] [�[0;1;31mFAILED�[0m] Failed to start �[0;1;39mqubes-network-upli…�[0m Qubes network uplink (eth0) setup.

[2025-07-07 07:09:42] [   11.566328] systemd[1]: �[0;1;31mFailed to start [email protected] - Qubes network uplink (eth0) setup.�[0m
[2025-07-07 07:09:42] See 'systemctl status [email protected]' for details.

[2025-07-07 07:09:42] [   11.569483] systemctl[590]: �[0;1;31mJob for [email protected] failed because the control process exited with error code.�[0m
[2025-07-07 07:09:42] [   11.569982] systemctl[590]: �[0;1;31mSee "systemctl status [email protected]" and "journalctl -xeu [email protected]" for details.�[0m
[2025-07-07 07:09:42] [   11.573268] (udev-worker)[387]: �[0;1;38:5:185meth0: Process '/usr/bin/systemctl restart --job-mode=replace [email protected]' failed with exit code 1.�[0m
[2025-07-07 07:09:42] [   11.576306] systemd[1]: �[0;1;39mqubes-network-uplink.service: Main process exited, code=exited, status=1/FAILURE�[0m
[2025-07-07 07:09:42] [�[0;1;31mFAILED�[0m] Failed to start �[0;1;39mqubes-network-upli…ervice�[0m - Qubes network uplink wait.

[2025-07-07 07:09:42] [   11.576905] systemd[1]: �[0;1;38:5:185mqubes-network-uplink.service: Failed with result 'exit-code'.�[0m
[2025-07-07 07:09:42] [   11.577185] systemd[1]: �[0;1;31mFailed to start qubes-network-uplink.service - Qubes network uplink wait.�[0m
[2025-07-07 07:09:42] See 'systemctl status qubes-network-uplink.service' for details.

This job doesn't have IPv6 enabled.

qubesos-bot · 2025-07-07T16:57:29Z

OpenQA test summary

Complete test suite and dependencies: https://openqa.qubes-os.org/tests/overview?distri=qubesos&version=4.3&build=2025070723-4.3&flavor=pull-requests

Test run included the following:

New failures, excluding unstable

Compared to: https://openqa.qubes-os.org/tests/overview?distri=qubesos&version=4.3&build=2025061004-4.3&flavor=update

system_tests_suspend
- suspend: unnamed test (unknown)
- suspend: Failed (test died)
  # Test died: no candidate needle with tag(s) 'xscreensaver-prompt-w...
- suspend: wait_serial (wait serial expected)
  # wait_serial expected: qr/2E8vz-\d+-/...
system_tests_network
- VmNetworking_fedora-42-xfce: test_010_simple_proxyvm (failure)
  AssertionError: 2 != 0 : Ping by IP from AppVM failed
- VmNetworking_fedora-42-xfce: test_030_firewallvm_firewall (failure)
  AssertionError: 2 != 0 : Ping by name failed (should be allowed now)
- VmNetworking_fedora-42-xfce: test_202_fake_ip_firewall (failure)
  AssertionError: 2 != 0 : Ping by name should be allowed
- VmNetworking_fedora-42-xfce: test_204_fake_ip_proxy (failure)
  ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^... AssertionError: 2 != 0
- VmNetworking_fedora-42-xfce: test_211_custom_ip_proxy (failure)
  ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^... AssertionError: 2 != 0
- VmNetworking_fedora-42-xfce: test_212_custom_ip_firewall (failure)
  AssertionError: 2 != 0 : Ping by name should be allowed
system_tests_pvgrub_salt_storage
- TC_40_PVGrub_debian-12-xfce: test_000_standalone_vm (failure)
  AssertionError: Failed command: apt-get update && apt-get install -...
- TC_40_PVGrub_debian-12-xfce: test_001_standalone_vm_dracut (failure)
  AssertionError: Failed command: apt-get update && apt-get install -...
- TC_41_HVMGrub_debian-12-xfce: test_000_standalone_vm (failure)
  AssertionError: Failed command: apt-get update && apt-get install -...
- TC_41_HVMGrub_debian-12-xfce: test_001_standalone_vm_dracut (failure)
  AssertionError: Failed command: apt-get update && apt-get install -...
- TC_41_HVMGrub_fedora-42-xfce: test_000_standalone_vm (failure + timed out)
  AssertionError: Failed command: dnf clean expire-cache && dnf insta...
- TC_42_PVHGrub_debian-12-xfce: test_000_standalone_vm (failure)
  AssertionError: Failed command: apt-get update && apt-get install -...
- TC_42_PVHGrub_debian-12-xfce: test_001_standalone_vm_dracut (failure)
  AssertionError: Failed command: apt-get update && apt-get install -...
- TC_42_PVHGrub_fedora-42-xfce: test_000_standalone_vm (failure + timed out)
  AssertionError: Failed command: dnf clean expire-cache && dnf insta...
system_tests_gui_interactive
- clipboard_and_web: unnamed test (unknown)
- clipboard_and_web: Failed (test died)
  # Test died: no candidate needle with tag(s) 'qubes-website' matche...
system_tests_guivm_gui_interactive
- clipboard_and_web: unnamed test (unknown)
- clipboard_and_web: Failed (test died)
  # Test died: no candidate needle with tag(s) 'qubes-website' matche...
system_tests_network_ipv6
- VmIPv6Networking_debian-12-xfce: test_530_ipv6_firewallvm_firewall (failure)
  AssertionError: 1 != 0 : TCP (IPv4) connection failed (should be al...
- VmIPv6Networking_debian-12-xfce: test_560_ipv6_dns_only (failure)
  ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^... AssertionError: 2 != 0
system_tests_dispvm
- TC_20_DispVM_fedora-42-xfce: test_012_preload_low_mem (failure)
  ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^... AssertionError: 1 != 0
- TC_20_DispVM_fedora-42-xfce: test_013_preload_gui (error)
  raise KeyError(key)... KeyError: 'disp5974'
- TC_20_DispVM_fedora-42-xfce: test_014_preload_nogui (error + cleanup)
  raise TimeoutError from exc_val... TimeoutError
- TC_20_DispVM_fedora-42-xfce: test_015_preload_race_more (error + cleanup)
  raise KeyError(key)... KeyError: 'disp8020'
- TC_20_DispVM_fedora-42-xfce: test_016_preload_race_less (failure + cleanup)
  ^^^^^^^^^^^^^^^^^^^^^^... AssertionError
- TC_20_DispVM_fedora-42-xfce: test_017_preload_autostart (error)
  raise KeyError(key)... KeyError: 'disp9914'
- TC_20_DispVM_fedora-42-xfce: test_018_preload_global (error)
  raise KeyError(key)... KeyError: 'disp1020'
system_tests_kde_gui_interactive
- clipboard_and_web: unnamed test (unknown)
- clipboard_and_web: Failed (test died)
  # Test died: no candidate needle with tag(s) 'qubes-website' matche...
system_tests_guivm_vnc_gui_interactive
- guivm_manager: unnamed test (unknown)
- guivm_manager: Failed (test died)
  # Test died: no candidate needle with tag(s) 'menu-qubes-tools-subm...
system_tests_qwt_win10@hw13
- windows_install: Failed (test died)
  # Test died: command './install.sh' failed at /usr/lib/os-autoinst/...
system_tests_qwt_win10_seamless@hw13
- windows_install: Failed (test died)
  # Test died: command './install.sh' failed at /usr/lib/os-autoinst/...
system_tests_qwt_win11@hw13
- windows_install: Failed (test died)
  # Test died: command './install.sh' failed at /usr/lib/os-autoinst/...
system_tests_gui_interactive_preloaded
- clipboard_and_web: unnamed test (unknown)
- clipboard_and_web: Failed (test died)
  # Test died: no candidate needle with tag(s) 'qubes-website' matche...
system_tests_basic_vm_qrexec_gui_xfs
- startup: wait_serial (wait serial expected + timed out)
  # wait_serial expected: "# "...
- startup: wait_serial (wait serial expected)
  # wait_serial expected: qr/xE1Ra-\d+-/...
- startup: Failed (test died + timed out)
  # Test died: command 'export TERM=dumb; stty cols 2048 rows 25' tim...
- startup: wait_serial (wait serial expected)
  # wait_serial expected: "# "...
- startup: wait_serial (wait serial expected)
  # wait_serial expected: qr/2E8vz-\d+-/...
system_tests_suspend@hw1
- suspend: wait_serial (wait serial expected)
  # wait_serial expected: qr/pP8pL-\d+-/...
- suspend: Failed (test died + timed out)
  # Test died: command '. curl-wrapper.sh' timed out at qubesos/tests...
system_tests_guivm_gpu_gui_interactive@hw13
- update_guivm: Failed (test died)
  # Test died: command '(set -o pipefail; qubesctl --all --show-outpu...
install_default_upload@hw7
- install_startup: unnamed test (unknown)
- install_startup: Failed (test died)
  # Test died: no candidate needle with tag(s) 'installer' matched...

Failed tests

50 failures

system_tests_suspend
- suspend: unnamed test (unknown)
- suspend: Failed (test died)
  # Test died: no candidate needle with tag(s) 'xscreensaver-prompt-w...
- suspend: wait_serial (wait serial expected)
  # wait_serial expected: qr/2E8vz-\d+-/...
system_tests_network
- VmNetworking_fedora-42-xfce: test_010_simple_proxyvm (failure)
  AssertionError: 2 != 0 : Ping by IP from AppVM failed
- VmNetworking_fedora-42-xfce: test_030_firewallvm_firewall (failure)
  AssertionError: 2 != 0 : Ping by name failed (should be allowed now)
- VmNetworking_fedora-42-xfce: test_202_fake_ip_firewall (failure)
  AssertionError: 2 != 0 : Ping by name should be allowed
- VmNetworking_fedora-42-xfce: test_204_fake_ip_proxy (failure)
  ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^... AssertionError: 2 != 0
- VmNetworking_fedora-42-xfce: test_211_custom_ip_proxy (failure)
  ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^... AssertionError: 2 != 0
- VmNetworking_fedora-42-xfce: test_212_custom_ip_firewall (failure)
  AssertionError: 2 != 0 : Ping by name should be allowed
system_tests_pvgrub_salt_storage
- TC_40_PVGrub_debian-12-xfce: test_000_standalone_vm (failure)
  AssertionError: Failed command: apt-get update && apt-get install -...
- TC_40_PVGrub_debian-12-xfce: test_001_standalone_vm_dracut (failure)
  AssertionError: Failed command: apt-get update && apt-get install -...
- TC_41_HVMGrub_debian-12-xfce: test_000_standalone_vm (failure)
  AssertionError: Failed command: apt-get update && apt-get install -...
- TC_41_HVMGrub_debian-12-xfce: test_001_standalone_vm_dracut (failure)
  AssertionError: Failed command: apt-get update && apt-get install -...
- TC_41_HVMGrub_fedora-42-xfce: test_000_standalone_vm (failure + timed out)
  AssertionError: Failed command: dnf clean expire-cache && dnf insta...
- TC_42_PVHGrub_debian-12-xfce: test_000_standalone_vm (failure)
  AssertionError: Failed command: apt-get update && apt-get install -...
- TC_42_PVHGrub_debian-12-xfce: test_001_standalone_vm_dracut (failure)
  AssertionError: Failed command: apt-get update && apt-get install -...
- TC_42_PVHGrub_fedora-42-xfce: test_000_standalone_vm (failure + timed out)
  AssertionError: Failed command: dnf clean expire-cache && dnf insta...
system_tests_extra
- TC_00_QVCTest_whonix-workstation-17: test_010_screenshare (failure)
  AssertionError: 1 != 0 : Timeout waiting for /dev/video0 in test-in...
system_tests_gui_interactive
- clipboard_and_web: unnamed test (unknown)
- clipboard_and_web: Failed (test died)
  # Test died: no candidate needle with tag(s) 'qubes-website' matche...
system_tests_guivm_gui_interactive
- clipboard_and_web: unnamed test (unknown)
- clipboard_and_web: Failed (test died)
  # Test died: no candidate needle with tag(s) 'qubes-website' matche...
system_tests_network_ipv6
- VmIPv6Networking_debian-12-xfce: test_530_ipv6_firewallvm_firewall (failure)
  AssertionError: 1 != 0 : TCP (IPv4) connection failed (should be al...
- VmIPv6Networking_debian-12-xfce: test_560_ipv6_dns_only (failure)
  ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^... AssertionError: 2 != 0
system_tests_dispvm
- TC_20_DispVM_fedora-42-xfce: test_012_preload_low_mem (failure)
  ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^... AssertionError: 1 != 0
- TC_20_DispVM_fedora-42-xfce: test_013_preload_gui (error)
  raise KeyError(key)... KeyError: 'disp5974'
- TC_20_DispVM_fedora-42-xfce: test_014_preload_nogui (error + cleanup)
  raise TimeoutError from exc_val... TimeoutError
- TC_20_DispVM_fedora-42-xfce: test_015_preload_race_more (error + cleanup)
  raise KeyError(key)... KeyError: 'disp8020'
- TC_20_DispVM_fedora-42-xfce: test_016_preload_race_less (failure + cleanup)
  ^^^^^^^^^^^^^^^^^^^^^^... AssertionError
- TC_20_DispVM_fedora-42-xfce: test_017_preload_autostart (error)
  raise KeyError(key)... KeyError: 'disp9914'
- TC_20_DispVM_fedora-42-xfce: test_018_preload_global (error)
  raise KeyError(key)... KeyError: 'disp1020'
system_tests_kde_gui_interactive
- clipboard_and_web: unnamed test (unknown)
- clipboard_and_web: Failed (test died)
  # Test died: no candidate needle with tag(s) 'qubes-website' matche...
system_tests_guivm_vnc_gui_interactive
- guivm_manager: unnamed test (unknown)
- guivm_manager: Failed (test died)
  # Test died: no candidate needle with tag(s) 'menu-qubes-tools-subm...
system_tests_qwt_win10@hw13
- windows_install: Failed (test died)
  # Test died: command './install.sh' failed at /usr/lib/os-autoinst/...
system_tests_qwt_win10_seamless@hw13
- windows_install: Failed (test died)
  # Test died: command './install.sh' failed at /usr/lib/os-autoinst/...
system_tests_qwt_win11@hw13
- windows_install: Failed (test died)
  # Test died: command './install.sh' failed at /usr/lib/os-autoinst/...
system_tests_gui_interactive_preloaded
- clipboard_and_web: unnamed test (unknown)
- clipboard_and_web: Failed (test died)
  # Test died: no candidate needle with tag(s) 'qubes-website' matche...
system_tests_basic_vm_qrexec_gui_xfs
- startup: wait_serial (wait serial expected + timed out)
  # wait_serial expected: "# "...
- startup: wait_serial (wait serial expected)
  # wait_serial expected: qr/xE1Ra-\d+-/...
- startup: Failed (test died + timed out)
  # Test died: command 'export TERM=dumb; stty cols 2048 rows 25' tim...
- startup: wait_serial (wait serial expected)
  # wait_serial expected: "# "...
- startup: wait_serial (wait serial expected)
  # wait_serial expected: qr/2E8vz-\d+-/...
system_tests_suspend@hw1
- suspend: wait_serial (wait serial expected)
  # wait_serial expected: qr/pP8pL-\d+-/...
- suspend: Failed (test died + timed out)
  # Test died: command '. curl-wrapper.sh' timed out at qubesos/tests...
system_tests_guivm_gpu_gui_interactive@hw13
- update_guivm: Failed (test died)
  # Test died: command '(set -o pipefail; qubesctl --all --show-outpu...
install_default_upload@hw7
- install_startup: unnamed test (unknown)
- install_startup: Failed (test died)
  # Test died: no candidate needle with tag(s) 'installer' matched...

Fixed failures

Compared to: https://openqa.qubes-os.org/tests/142375#dependencies

12 fixed

system_tests_splitgpg
- TC_10_Thunderbird_whonix-workstation-17: test_000_send_receive_default (failure)
  dogtail.tree.SearchError: descendent of [application | Thunderbird]...
- TC_10_Thunderbird_whonix-workstation-17: test_010_send_receive_inline_signed_only (failure)
  dogtail.tree.SearchError: descendent of [application | Thunderbird]...
- TC_10_Thunderbird_whonix-workstation-17: test_020_send_receive_inline_with_attachment (failure)
  dogtail.tree.SearchError: descendent of [application | Thunderbird]...
system_tests_extra
- TC_10_Thunderbird_whonix-workstation-17: test_000_send_receive_default (failure)
  dogtail.tree.SearchError: descendent of [application | Thunderbird]...
- TC_10_Thunderbird_whonix-workstation-17: test_010_send_receive_inline_signed_only (failure)
  dogtail.tree.SearchError: descendent of [application | Thunderbird]...
- TC_10_Thunderbird_whonix-workstation-17: test_020_send_receive_inline_with_attachment (failure)
  dogtail.tree.SearchError: descendent of [application | Thunderbird]...
system_tests_kde_gui_interactive
- gui_keyboard_layout: wait_serial (wait serial expected)
  # wait_serial expected: "echo -e '[Layout]\nLayoutList=us,de' | sud...
- gui_keyboard_layout: Failed (test died)
  # Test died: command 'test "$(cd ~user;ls e1*)" = "$(qvm-run -p wor...
system_tests_guivm_vnc_gui_interactive
- simple_gui_apps: unnamed test (unknown)
- simple_gui_apps: Failed (test died)
  # Test died: no candidate needle with tag(s) 'vm-settings-applicati...
system_tests_audio
- TC_20_AudioVM_Pulse_debian-12-xfce: test_252_audio_playback_audiovm_switch_hvm (failure)
  AssertionError: only silence detected, no useful audio data
- TC_20_AudioVM_Pulse_whonix-workstation-17: test_225_audio_rec_unmuted_hvm (failure)
  AssertionError: too short audio, expected 10s, got 7.95233560090703...

Unstable tests

Performance Tests

Performance degradation:

7 performance degradations

debian-12-xfce_exec-data-simplex: 72.55 🔺 ( previous job: 65.51, degradation: 110.74%)
debian-12-xfce_exec-data-duplex-root: 83.11 🔺 ( previous job: 70.01, degradation: 118.72%)
dom0_root_seq1m_q1t1_write 3:write_bandwidth_kb: 8400.00 :small_red_triangle: ( previous job: 32696.00, degradation: 25.69%)
dom0_root_rnd4k_q32t1_read 3:read_bandwidth_kb: 12515.00 :small_red_triangle: ( previous job: 17102.00, degradation: 73.18%)
dom0_root_rnd4k_q1t1_write 3:write_bandwidth_kb: 570.00 :small_red_triangle: ( previous job: 1840.00, degradation: 30.98%)
dom0_varlibqubes_rnd4k_q32t1_read 3:read_bandwidth_kb: 97707.00 :small_red_triangle: ( previous job: 108760.00, degradation: 89.84%)
dom0_varlibqubes_rnd4k_q1t1_write 3:write_bandwidth_kb: 3319.00 :small_red_triangle: ( previous job: 4420.00, degradation: 75.09%)

Remaining performance tests:

65 tests

debian-12-xfce_exec: 5.56 🟢 ( previous job: 8.63, improvement: 64.43%)
debian-12-xfce_exec-root: 28.75 🟢 ( previous job: 29.44, improvement: 97.66%)
debian-12-xfce_socket: 8.35 🟢 ( previous job: 8.50, improvement: 98.19%)
debian-12-xfce_socket-root: 8.61 🔺 ( previous job: 8.31, degradation: 103.52%)
debian-12-xfce_exec-data-duplex: 70.29 🟢 ( previous job: 73.55, improvement: 95.58%)
debian-12-xfce_socket-data-duplex: 154.96 🟢 ( previous job: 161.35, improvement: 96.04%)
fedora-42-xfce_exec: 9.01
fedora-42-xfce_exec-root: 59.20
fedora-42-xfce_socket: 7.70
fedora-42-xfce_socket-root: 8.10
fedora-42-xfce_exec-data-simplex: 67.99
fedora-42-xfce_exec-data-duplex: 66.52
fedora-42-xfce_exec-data-duplex-root: 93.32
fedora-42-xfce_socket-data-duplex: 155.82
whonix-gateway-17_exec: 6.85 🟢 ( previous job: 7.34, improvement: 93.33%)
whonix-gateway-17_exec-root: 38.45 🟢 ( previous job: 39.57, improvement: 97.16%)
whonix-gateway-17_socket: 7.72 🟢 ( previous job: 7.85, improvement: 98.34%)
whonix-gateway-17_socket-root: 7.83 🟢 ( previous job: 7.89, improvement: 99.22%)
whonix-gateway-17_exec-data-simplex: 81.18 🔺 ( previous job: 77.76, degradation: 104.39%)
whonix-gateway-17_exec-data-duplex: 79.43 🔺 ( previous job: 78.39, degradation: 101.34%)
whonix-gateway-17_exec-data-duplex-root: 89.60 🟢 ( previous job: 90.74, improvement: 98.75%)
whonix-gateway-17_socket-data-duplex: 171.61 🔺 ( previous job: 161.95, degradation: 105.96%)
whonix-workstation-17_exec: 7.97 🟢 ( previous job: 8.27, improvement: 96.37%)
whonix-workstation-17_exec-root: 59.53 🔺 ( previous job: 57.61, degradation: 103.34%)
whonix-workstation-17_socket: 8.51 🟢 ( previous job: 8.97, improvement: 94.84%)
whonix-workstation-17_socket-root: 9.06 🟢 ( previous job: 9.46, improvement: 95.77%)
whonix-workstation-17_exec-data-simplex: 78.04 🔺 ( previous job: 74.54, degradation: 104.69%)
whonix-workstation-17_exec-data-duplex: 77.25 🔺 ( previous job: 74.84, degradation: 103.23%)
whonix-workstation-17_exec-data-duplex-root: 92.19 🔺 ( previous job: 86.00, degradation: 107.19%)
whonix-workstation-17_socket-data-duplex: 167.19 🔺 ( previous job: 160.20, degradation: 104.36%)
dom0_root_seq1m_q8t1_read 3:read_bandwidth_kb: 422983.00 :green_circle: ( previous job: 289982.00, improvement: 145.87%)
dom0_root_seq1m_q8t1_write 3:write_bandwidth_kb: 97195.00 :small_red_triangle: ( previous job: 101988.00, degradation: 95.30%)
dom0_root_seq1m_q1t1_read 3:read_bandwidth_kb: 26737.00 :green_circle: ( previous job: 14284.00, improvement: 187.18%)
dom0_root_rnd4k_q32t1_write 3:write_bandwidth_kb: 1080.00 :small_red_triangle: ( previous job: 1091.00, degradation: 98.99%)
dom0_root_rnd4k_q1t1_read 3:read_bandwidth_kb: 11953.00 :green_circle: ( previous job: 11086.00, improvement: 107.82%)
dom0_varlibqubes_seq1m_q8t1_read 3:read_bandwidth_kb: 408960.00 :green_circle: ( previous job: 289182.00, improvement: 141.42%)
dom0_varlibqubes_seq1m_q8t1_write 3:write_bandwidth_kb: 138385.00 :green_circle: ( previous job: 122848.00, improvement: 112.65%)
dom0_varlibqubes_seq1m_q1t1_read 3:read_bandwidth_kb: 393757.00 :small_red_triangle: ( previous job: 433654.00, degradation: 90.80%)
dom0_varlibqubes_seq1m_q1t1_write 3:write_bandwidth_kb: 177615.00 :green_circle: ( previous job: 167872.00, improvement: 105.80%)
dom0_varlibqubes_rnd4k_q32t1_write 3:write_bandwidth_kb: 8790.00 :small_red_triangle: ( previous job: 8874.00, degradation: 99.05%)
dom0_varlibqubes_rnd4k_q1t1_read 3:read_bandwidth_kb: 7460.00 :green_circle: ( previous job: 6356.00, improvement: 117.37%)
fedora-42-xfce_root_seq1m_q8t1_read 3:read_bandwidth_kb: 387930.00
fedora-42-xfce_root_seq1m_q8t1_write 3:write_bandwidth_kb: 223815.00
fedora-42-xfce_root_seq1m_q1t1_read 3:read_bandwidth_kb: 294875.00
fedora-42-xfce_root_seq1m_q1t1_write 3:write_bandwidth_kb: 77259.00
fedora-42-xfce_root_rnd4k_q32t1_read 3:read_bandwidth_kb: 85019.00
fedora-42-xfce_root_rnd4k_q32t1_write 3:write_bandwidth_kb: 2233.00
fedora-42-xfce_root_rnd4k_q1t1_read 3:read_bandwidth_kb: 8040.00
fedora-42-xfce_root_rnd4k_q1t1_write 3:write_bandwidth_kb: 1458.00
fedora-42-xfce_private_seq1m_q8t1_read 3:read_bandwidth_kb: 386073.00
fedora-42-xfce_private_seq1m_q8t1_write 3:write_bandwidth_kb: 160638.00
fedora-42-xfce_private_seq1m_q1t1_read 3:read_bandwidth_kb: 311334.00
fedora-42-xfce_private_seq1m_q1t1_write 3:write_bandwidth_kb: 53947.00
fedora-42-xfce_private_rnd4k_q32t1_read 3:read_bandwidth_kb: 89747.00
fedora-42-xfce_private_rnd4k_q32t1_write 3:write_bandwidth_kb: 2573.00
fedora-42-xfce_private_rnd4k_q1t1_read 3:read_bandwidth_kb: 5333.00
fedora-42-xfce_private_rnd4k_q1t1_write 3:write_bandwidth_kb: 979.00
fedora-42-xfce_volatile_seq1m_q8t1_read 3:read_bandwidth_kb: 333728.00
fedora-42-xfce_volatile_seq1m_q8t1_write 3:write_bandwidth_kb: 52384.00
fedora-42-xfce_volatile_seq1m_q1t1_read 3:read_bandwidth_kb: 319395.00
fedora-42-xfce_volatile_seq1m_q1t1_write 3:write_bandwidth_kb: 121865.00
fedora-42-xfce_volatile_rnd4k_q32t1_read 3:read_bandwidth_kb: 74516.00
fedora-42-xfce_volatile_rnd4k_q32t1_write 3:write_bandwidth_kb: 2761.00
fedora-42-xfce_volatile_rnd4k_q1t1_read 3:read_bandwidth_kb: 8455.00
fedora-42-xfce_volatile_rnd4k_q1t1_write 3:write_bandwidth_kb: 2138.00

marmarek · 2025-07-07T17:19:21Z

Not all of the failures are caused by this PR (or the core-admin one), but it seems most of them are.

3nprob · 2025-07-07T22:43:29Z

TypeError: sequence item 0: expected str instance, list found

Fixed in 7658b78. I guess I would expect this one to have been caught in run-tests. This looks like a good regression case to check for if anyone is ever adding unit tests here (I guess separate from this PR).

Also added in a little bit of typings for this here.

marmarek · 2025-07-08T01:52:13Z

openQA run is still in progress, but I already see some failures: https://openqa.qubes-os.org/tests/145922#step/clipboard_and_web/19

[2025-07-07 07:09:42] [   11.559294] resolvectl[699]: �[0;1;31mFailed to parse DNS server address: �[0m
[2025-07-07 07:09:42] [   11.560408] resolvectl[699]: �[0;1;31mFailed to set DNS configuration: Invalid argument�[0m
[2025-07-07 07:09:42] [   11.563336] systemd[1]: �[0;1;[email protected]: Main process exited, code=exited, status=1/FAILURE�[0m
[2025-07-07 07:09:42] [   11.564178] systemd[1]: �[0;1;38:5:[email protected]: Failed with result 'exit-code'.�[0m
[2025-07-07 07:09:42] [�[0;1;31mFAILED�[0m] Failed to start �[0;1;39mqubes-network-upli…�[0m Qubes network uplink (eth0) setup.

[2025-07-07 07:09:42] [   11.566328] systemd[1]: �[0;1;31mFailed to start [email protected] - Qubes network uplink (eth0) setup.�[0m
[2025-07-07 07:09:42] See 'systemctl status [email protected]' for details.

[2025-07-07 07:09:42] [   11.569483] systemctl[590]: �[0;1;31mJob for [email protected] failed because the control process exited with error code.�[0m
[2025-07-07 07:09:42] [   11.569982] systemctl[590]: �[0;1;31mSee "systemctl status [email protected]" and "journalctl -xeu [email protected]" for details.�[0m
[2025-07-07 07:09:42] [   11.573268] (udev-worker)[387]: �[0;1;38:5:185meth0: Process '/usr/bin/systemctl restart --job-mode=replace [email protected]' failed with exit code 1.�[0m
[2025-07-07 07:09:42] [   11.576306] systemd[1]: �[0;1;39mqubes-network-uplink.service: Main process exited, code=exited, status=1/FAILURE�[0m
[2025-07-07 07:09:42] [�[0;1;31mFAILED�[0m] Failed to start �[0;1;39mqubes-network-upli…ervice�[0m - Qubes network uplink wait.

[2025-07-07 07:09:42] [   11.576905] systemd[1]: �[0;1;38:5:185mqubes-network-uplink.service: Failed with result 'exit-code'.�[0m
[2025-07-07 07:09:42] [   11.577185] systemd[1]: �[0;1;31mFailed to start qubes-network-uplink.service - Qubes network uplink wait.�[0m
[2025-07-07 07:09:42] See 'systemctl status qubes-network-uplink.service' for details.

This job doesn't have IPv6 enabled.

This one is still the case.

- Merge '1cho1ce/add-ipv6-dnat-to-ns' into master - QubesOS#462 - fix: properly assign primary/secondary DNS - fix: check ipv4 dns presence by qdb /qubes-primary-dns instead of /qubes-ip - qubes-setup-dnat-to-ns: unify ipv4/ipv6 firewall rule generation Part of QubesOS/qubes-issues#10038

3nprob mentioned this pull request Jul 5, 2025

Add support for IPv6 Virtual DNS #462

Open

3nprob commented Jul 5, 2025

View reviewed changes

3nprob force-pushed the add-ipv6-dnat-to-dns branch from 5c98be5 to 1efe22a Compare July 5, 2025 02:38

3nprob commented Jul 5, 2025

View reviewed changes

qubes-rpc/post-install.d/10-qubes-core-agent-features.sh Show resolved Hide resolved

3nprob commented Jul 5, 2025

View reviewed changes

network/qubes-setup-dnat-to-ns Show resolved Hide resolved

This was referenced Jul 5, 2025

fix(qubes-setup-dnat-to-ns): handle null dns dbus response #593

Merged

network lint fixes #594

Merged

This comment was marked as resolved.

Sign in to view

3nprob mentioned this pull request Jul 5, 2025

install_firewall_rules: minor performance improvement #595

Merged

3nprob commented Jul 5, 2025

View reviewed changes

init/functions Outdated Show resolved Hide resolved

3nprob force-pushed the add-ipv6-dnat-to-dns branch from e145853 to 982add7 Compare July 6, 2025 03:35

3nprob marked this pull request as ready for review July 6, 2025 10:33

3nprob marked this pull request as draft July 6, 2025 10:38

3nprob force-pushed the add-ipv6-dnat-to-dns branch 2 times, most recently from a89ef8f to 77e4542 Compare July 6, 2025 20:04

3nprob mentioned this pull request Jul 7, 2025

Add Virtual DNS for IPv6 (#558) QubesOS/qubes-core-admin#695

Draft

marmarek added the openqa-pending label Jul 7, 2025

This was referenced Jul 7, 2025

Add Arch packaging QubesOS/qubes-core-admin-client#332

Open

Improve device category description QubesOS/qubes-core-admin-client#362

Merged

marmarek added openqa-group-2 and removed openqa-pending labels Jul 7, 2025

3nprob force-pushed the add-ipv6-dnat-to-dns branch from 77e4542 to 7658b78 Compare July 7, 2025 22:04

This was referenced Jul 8, 2025

updater: dom0 non-iteractive updater QubesOS/qubes-core-admin-linux#191

Open

updater: split qubes-download-dom0-updates.sh #576

Open

updater: use qubes-vm-update to update dom0 non-interactively QubesOS/qubes-desktop-linux-manager#264

Open

3nprob force-pushed the add-ipv6-dnat-to-dns branch from 7658b78 to 33f80a9 Compare July 10, 2025 19:47

3np added 5 commits July 10, 2025 19:49

setup-ip: oneshot resolv.conf update

5f232ea

chore: remove unused argument to install_firewall_rules

3fdf341

fix nft_cmd construction, adding typing annotation

f0f9551

revert conditional insertion of host-unreachable response

c0c7d42

3nprob force-pushed the add-ipv6-dnat-to-dns branch from 33f80a9 to c0c7d42 Compare July 10, 2025 19:52

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Add support for IPv6 Virtual DNS (#462) #592

Add support for IPv6 Virtual DNS (#462) #592

Uh oh!

3nprob commented Jul 5, 2025 •

edited by marmarek

Loading

Uh oh!

3nprob Jul 5, 2025 •

edited

Loading

Uh oh!

3nprob Jul 10, 2025

Uh oh!

marmarek Jul 12, 2025

Uh oh!

3nprob Jul 15, 2025 •

edited

Loading

Uh oh!

codecov bot commented Jul 5, 2025 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

This comment was marked as resolved.

Uh oh!

marmarek commented Jul 6, 2025

Uh oh!

3nprob commented Jul 6, 2025

Uh oh!

marmarek commented Jul 7, 2025

Uh oh!

qubesos-bot commented Jul 7, 2025 •

edited

Loading

Uh oh!

marmarek commented Jul 7, 2025

Uh oh!

3nprob commented Jul 7, 2025 •

edited

Loading

Uh oh!

marmarek commented Jul 8, 2025

Uh oh!

Uh oh!

Uh oh!

Add support for IPv6 Virtual DNS (#462) #592

Are you sure you want to change the base?

Add support for IPv6 Virtual DNS (#462) #592

Uh oh!

Conversation

3nprob commented Jul 5, 2025 • edited by marmarek Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

3nprob Jul 5, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

3nprob Jul 10, 2025

Choose a reason for hiding this comment

Uh oh!

marmarek Jul 12, 2025

Choose a reason for hiding this comment

Uh oh!

3nprob Jul 15, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

codecov bot commented Jul 5, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

Uh oh!

Uh oh!

This comment was marked as resolved.

Uh oh!

marmarek commented Jul 6, 2025

Uh oh!

3nprob commented Jul 6, 2025

Uh oh!

marmarek commented Jul 7, 2025

Uh oh!

qubesos-bot commented Jul 7, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

OpenQA test summary

New failures, excluding unstable

Failed tests

Fixed failures

Unstable tests

Performance Tests

Performance degradation:

Remaining performance tests:

Uh oh!

marmarek commented Jul 7, 2025

Uh oh!

3nprob commented Jul 7, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

marmarek commented Jul 8, 2025

Uh oh!

Uh oh!

3nprob commented Jul 5, 2025 •

edited by marmarek

Loading

3nprob Jul 5, 2025 •

edited

Loading

3nprob Jul 15, 2025 •

edited

Loading

codecov bot commented Jul 5, 2025 •

edited

Loading

qubesos-bot commented Jul 7, 2025 •

edited

Loading

3nprob commented Jul 7, 2025 •

edited

Loading