qubes-mirage-firewall/router.mli

(* Copyright (C) 2015, Thomas Leonard <thomas.leonard@unikernel.com>
   See the README file for details. *)

(** Routing packets to the right network interface. *)

open Utils

type t = private {
  client_eth : Client_eth.t;
  mutable nat : Nat_lookup.t;
  uplink : interface;
}
(** A routing table. *)

val create :
  client_eth:Client_eth.t ->
  uplink:interface ->
  t
(** [create ~client_eth ~uplink] is a new routing table
    that routes packets outside of [client_eth] via [uplink]. *)

val target : t -> Cstruct.t -> interface option
(** [target t packet] is the interface to which [packet] (an IP packet) should be routed. *)

val add_client : t -> client_link -> unit
(** [add_client t iface] adds a rule for routing packets addressed to [iface].
    The client's IP address must be within the [client_eth] passed to [create]. *)

val remove_client : t -> client_link -> unit

val classify : t -> Ipaddr.t -> Packet.host
val resolve : t -> Packet.host -> Ipaddr.t

val reset : t -> unit
(** Clear the NAT table (to free memory). *)
Initial import 2015-12-30 09:52:24 +00:00			`(* Copyright (C) 2015, Thomas Leonard <thomas.leonard@unikernel.com>`
			`See the README file for details. *)`

			`(** Routing packets to the right network interface. *)`

			`open Utils`

Move NAT code to router and add DNS redirects 2015-12-30 16:07:16 +00:00			`type t = private {`
			`client_eth : Client_eth.t;`
Reset NAT table if memory gets low 2016-01-02 15:50:05 +00:00			`mutable nat : Nat_lookup.t;`
Rationalised firewall rules syntax Added explicit NAT target, allowing NAT even within client net and making it clear that NAT is used externally. Changed Redirect_to_netvm to NAT_to, and allow specifying any target host. 2016-01-01 11:32:57 +00:00			`uplink : interface;`
Move NAT code to router and add DNS redirects 2015-12-30 16:07:16 +00:00			`}`
Initial import 2015-12-30 09:52:24 +00:00			`(** A routing table. *)`

			`val create :`
Moved client networking to its own module Renamed the old Client_net to Client_eth, as it just handles the Ethernet layer. 2015-12-30 13:48:13 +00:00			`client_eth:Client_eth.t ->`
Rationalised firewall rules syntax Added explicit NAT target, allowing NAT even within client net and making it clear that NAT is used externally. Changed Redirect_to_netvm to NAT_to, and allow specifying any target host. 2016-01-01 11:32:57 +00:00			`uplink:interface ->`
Initial import 2015-12-30 09:52:24 +00:00			`t`
Rationalised firewall rules syntax Added explicit NAT target, allowing NAT even within client net and making it clear that NAT is used externally. Changed Redirect_to_netvm to NAT_to, and allow specifying any target host. 2016-01-01 11:32:57 +00:00			`(** [create ~client_eth ~uplink] is a new routing table`
			`that routes packets outside of [client_eth] via [uplink]. *)`
Initial import 2015-12-30 09:52:24 +00:00
			`val target : t -> Cstruct.t -> interface option`
			`(** [target t packet] is the interface to which [packet] (an IP packet) should be routed. *)`

			`val add_client : t -> client_link -> unit`
			`(** [add_client t iface] adds a rule for routing packets addressed to [iface].`
Moved client networking to its own module Renamed the old Client_net to Client_eth, as it just handles the Ethernet layer. 2015-12-30 13:48:13 +00:00			`The client's IP address must be within the [client_eth] passed to [create]. *)`
Initial import 2015-12-30 09:52:24 +00:00
			`val remove_client : t -> client_link -> unit`
Moved client networking to its own module Renamed the old Client_net to Client_eth, as it just handles the Ethernet layer. 2015-12-30 13:48:13 +00:00
Move NAT code to router and add DNS redirects 2015-12-30 16:07:16 +00:00			`val classify : t -> Ipaddr.t -> Packet.host`
Rationalised firewall rules syntax Added explicit NAT target, allowing NAT even within client net and making it clear that NAT is used externally. Changed Redirect_to_netvm to NAT_to, and allow specifying any target host. 2016-01-01 11:32:57 +00:00			`val resolve : t -> Packet.host -> Ipaddr.t`
Reset NAT table if memory gets low 2016-01-02 15:50:05 +00:00
			`val reset : t -> unit`
			`(** Clear the NAT table (to free memory). *)`