mirror of
https://github.com/mirage/qubes-mirage-firewall.git
synced 2025-01-15 00:57:06 -05:00
40 lines
1.4 KiB
OCaml
40 lines
1.4 KiB
OCaml
|
type port = int
|
||
|
|
||
|
type host =
|
||
|
[ `Client of Fw_utils.client_link (** an IP address on the private network *)
|
||
|
| `Firewall (** the firewall's IP on the private network *)
|
||
|
| `NetVM (** the IP of the firewall's default route *)
|
||
|
| `External of Ipaddr.t (** an IP on the public network *)
|
||
|
]
|
||
|
|
||
|
type transport_header = [`TCP of Tcp.Tcp_packet.t
|
||
|
|`UDP of Udp_packet.t
|
||
|
|`ICMP of Icmpv4_packet.t]
|
||
|
|
||
|
type ('src, 'dst) t = {
|
||
|
ipv4_header : Ipv4_packet.t;
|
||
|
transport_header : transport_header;
|
||
|
transport_payload : Cstruct.t;
|
||
|
src : 'src;
|
||
|
dst : 'dst;
|
||
|
}
|
||
|
|
||
|
val pp_transport_header : Format.formatter -> transport_header -> unit
|
||
|
|
||
|
val pp_host : Format.formatter -> host -> unit
|
||
|
|
||
|
val to_mirage_nat_packet : ('a, 'b) t -> Nat_packet.t
|
||
|
|
||
|
val of_mirage_nat_packet : src:'a -> dst:'b -> Nat_packet.t -> ('a, 'b) t option
|
||
|
|
||
|
(* possible actions to take for a packet: *)
|
||
|
type action = [
|
||
|
| `Accept (* Send to destination, unmodified. *)
|
||
|
| `NAT (* Rewrite source field to the firewall's IP, with a fresh source port.
|
||
|
Also, add translation rules for future traffic in both directions,
|
||
|
between these hosts on these ports, and corresponding ICMP error traffic. *)
|
||
|
| `NAT_to of host * port (* As for [`NAT], but also rewrite the packet's
|
||
|
destination fields so it will be sent to [host:port]. *)
|
||
|
| `Drop of string (* Drop packet for this reason. *)
|
||
|
]
|