qubes-mirage-firewall/client_net.ml

110 lines
4.2 KiB
OCaml
Raw Normal View History

2015-12-30 04:52:24 -05:00
(* Copyright (C) 2015, Thomas Leonard <thomas.leonard@unikernel.com>
See the README file for details. *)
open Lwt.Infix
2015-12-30 04:52:24 -05:00
open Utils
module Netback = Netchannel.Backend.Make(Netchannel.Xenstore.Make(OS.Xs))
module ClientEth = Ethif.Make(Netback)
2015-12-30 04:52:24 -05:00
let src = Logs.Src.create "net" ~doc:"Client networking"
module Log = (val Logs.src_log src : Logs.LOG)
2015-12-30 04:52:24 -05:00
class client_iface eth ~gateway_ip ~client_ip client_mac : client_link = object
val queue = FrameQ.create (Ipaddr.V4.to_string client_ip)
method my_mac = ClientEth.mac eth
method other_mac = client_mac
method my_ip = gateway_ip
method other_ip = client_ip
method writev ip =
FrameQ.send queue (fun () ->
let eth_hdr = eth_header_ipv4 ~src:(ClientEth.mac eth) ~dst:client_mac in
ClientEth.writev eth (fixup_checksums (Cstruct.concat (eth_hdr :: ip)))
)
2015-12-30 04:52:24 -05:00
end
let clients : Cleanup.t IntMap.t ref = ref IntMap.empty
2015-12-31 09:56:24 -05:00
(** Handle an ARP message from the client. *)
let input_arp ~fixed_arp ~eth request =
match Client_eth.ARP.input fixed_arp request with
2015-12-31 09:56:24 -05:00
| None -> return ()
| Some response -> ClientEth.write eth response
2015-12-31 09:56:24 -05:00
(** Handle an IPv4 packet from the client. *)
let input_ipv4 ~client_ip ~router frame packet =
let src = Wire_structs.Ipv4_wire.get_ipv4_src packet |> Ipaddr.V4.of_int32 in
2016-01-01 05:55:34 -05:00
if src = client_ip then Firewall.ipv4_from_client router frame
2015-12-31 09:56:24 -05:00
else (
Log.warn (fun f -> f "Incorrect source IP %a in IP packet from %a (dropping)"
Ipaddr.V4.pp_hum src Ipaddr.V4.pp_hum client_ip);
2015-12-31 09:56:24 -05:00
return ()
)
(** Connect to a new client's interface and listen for incoming frames. *)
let add_vif { Dao.domid; device_id; client_ip } ~router ~cleanup_tasks =
Netback.make ~domid ~device_id >>= fun backend ->
Log.info (fun f -> f "Client %d (IP: %s) ready" domid (Ipaddr.V4.to_string client_ip));
2015-12-31 09:56:24 -05:00
ClientEth.connect backend >>= or_fail "Can't make Ethernet device" >>= fun eth ->
let client_mac = Netback.mac backend in
let client_eth = router.Router.client_eth in
let gateway_ip = Client_eth.client_gw client_eth in
let iface = new client_iface eth ~gateway_ip ~client_ip client_mac in
2015-12-31 09:56:24 -05:00
Router.add_client router iface;
Cleanup.on_cleanup cleanup_tasks (fun () -> Router.remove_client router iface);
let fixed_arp = Client_eth.ARP.create ~net:client_eth iface in
2015-12-31 09:56:24 -05:00
Netback.listen backend (fun frame ->
match Wire_structs.parse_ethernet_frame frame with
| None -> Log.warn (fun f -> f "Invalid Ethernet frame"); return ()
| Some (typ, _destination, payload) ->
match typ with
| Some Wire_structs.ARP -> input_arp ~fixed_arp ~eth payload
| Some Wire_structs.IPv4 -> input_ipv4 ~client_ip ~router frame payload
| Some Wire_structs.IPv6 -> return ()
| None -> Logs.warn (fun f -> f "Unknown Ethernet type"); Lwt.return_unit
2015-12-31 09:56:24 -05:00
)
(** A new client VM has been found in XenStore. Find its interface and connect to it. *)
let add_client ~router domid =
let cleanup_tasks = Cleanup.create () in
Log.info (fun f -> f "add client domain %d" domid);
Lwt.async (fun () ->
Lwt.catch (fun () ->
2015-12-31 09:56:24 -05:00
Dao.client_vifs domid >>= function
| [] ->
Log.warn (fun f -> f "Client has no interfaces");
2015-12-31 09:56:24 -05:00
return ()
| vif :: others ->
if others <> [] then Log.warn (fun f -> f "Client has multiple interfaces; using first");
2015-12-31 09:56:24 -05:00
add_vif vif ~router ~cleanup_tasks
)
(fun ex ->
Log.warn (fun f -> f "Error connecting client domain %d: %s"
domid (Printexc.to_string ex));
return ()
)
);
cleanup_tasks
2015-12-31 09:56:24 -05:00
(** Watch XenStore for notifications of new clients. *)
let listen router =
let backend_vifs = "backend/vif" in
Log.info (fun f -> f "Watching %s" backend_vifs);
Dao.watch_clients (fun new_set ->
(* Check for removed clients *)
!clients |> IntMap.iter (fun key cleanup ->
if not (IntSet.mem key new_set) then (
clients := !clients |> IntMap.remove key;
Log.info (fun f -> f "client %d has gone" key);
Cleanup.cleanup cleanup
)
);
(* Check for added clients *)
new_set |> IntSet.iter (fun key ->
if not (IntMap.mem key !clients) then (
2015-12-31 09:56:24 -05:00
let cleanup = add_client ~router key in
clients := !clients |> IntMap.add key cleanup
)
)
)