Merge pull request #95 from hannesm/mirage-nat.2.1.0

mirage-nat.2.1.0
2024-10-01 01:05:39 -04:00 · 2020-02-19 14:27:41 +00:00 · 2020-02-19 14:27:41 +00:00 · 02e515d27c
commit 02e515d27c
parent 0ced0ee901 65324b4197
5 changed files with 14 additions and 18 deletions
--- a/2
+++ b/2
@ -7,7 +7,7 @@ FROM ocurrent/opam@sha256:3f3ce7e577a94942c7f9c63cbdd1ecbfe0ea793f581f69047f3155
 # Pin last known-good version for reproducible builds.
 # Remove this line (and the base image pin above) if you want to test with the
 # latest versions.
-RUN cd ~/opam-repository && git fetch origin master && git reset --hard d205c265cee9a86869259180fd2238da98370430 && opam update
+RUN cd ~/opam-repository && git fetch origin master && git reset --hard ebac42783217016bd2c4108bbbef102aab56cdde && opam update

 RUN opam depext -i -y mirage.3.7.4 lwt.4.5.0
 RUN mkdir /home/opam/qubes-mirage-firewall
--- a/build-with-docker.sh
+++ b/build-with-docker.sh
@ -5,5 +5,5 @@ docker build -t qubes-mirage-firewall .
 echo Building Firewall...
 docker run --rm -i -v `pwd`:/home/opam/qubes-mirage-firewall qubes-mirage-firewall
 echo "SHA2 of build:   $(sha256sum qubes_firewall.xen)"
-echo "SHA2 last known: 91c5bf44a85339aaf14e4763a29c2b64537f5bc41cd7dc2571af954ec9dd3cad"
+echo "SHA2 last known: 83b96bd453c3c3cfb282076be81055026eca437b621b3ef3f2642af04ad782e2"
 echo "(hashes should match for released versions)"
--- a/client_net.ml
+++ b/client_net.ml
@ -57,7 +57,9 @@ let input_arp ~fixed_arp ~iface request =

 (** Handle an IPv4 packet from the client. *)
 let input_ipv4 get_ts cache ~iface ~router packet =
-  match Nat_packet.of_ipv4_packet cache ~now:(get_ts ()) packet with
+  let cache', r = Nat_packet.of_ipv4_packet !cache ~now:(get_ts ()) packet in
+  cache := cache';
+  match r with
  | Error e ->
    Log.warn (fun f -> f "Ignored unknown IPv4 message: %a" Nat_packet.pp_error e);
    Lwt.return_unit
@ -84,14 +86,9 @@ let add_vif get_ts { Dao.ClientVif.domid; device_id } ~client_ip ~router ~cleanu
  Router.add_client router iface >>= fun () ->
  Cleanup.on_cleanup cleanup_tasks (fun () -> Router.remove_client router iface);
  let fixed_arp = Client_eth.ARP.create ~net:client_eth iface in
-  let fragment_cache = Fragments.Cache.create (256 * 1024) in
+  let fragment_cache = ref (Fragments.Cache.empty (256 * 1024)) in
  Netback.listen backend ~header_size:Ethernet_wire.sizeof_ethernet (fun frame ->
    match Ethernet_packet.Unmarshal.of_cstruct frame with
-    | exception ex ->
-      Log.err (fun f -> f "Error unmarshalling ethernet frame from client: %s@.%a" (Printexc.to_string ex)
-                  Cstruct.hexdump_pp frame
-              );
-      Lwt.return_unit
    | Error err -> Log.warn (fun f -> f "Invalid Ethernet frame: %s" err); Lwt.return_unit
    | Ok (eth, payload) ->
        match eth.Ethernet_packet.ethertype with
--- a/config.ml
+++ b/config.ml
@ -31,7 +31,7 @@ let main =
      package "mirage-net-xen";
      package "ipaddr" ~min:"4.0.0";
      package "mirage-qubes" ~min:"0.8.0";
-      package "mirage-nat" ~min:"2.0.0";
+      package "mirage-nat" ~min:"2.1.0";
      package "mirage-logs";
      package "mirage-xen" ~min:"5.0.0";
    ]
--- a/uplink.ml
+++ b/uplink.ml
@ -16,7 +16,7 @@ type t = {
  eth : Eth.t;
  arp : Arp.t;
  interface : interface;
-  fragments : Fragments.Cache.t;
+  mutable fragments : Fragments.Cache.t;
 }

 class netvm_iface eth mac ~my_ip ~other_ip : interface = object
@ -37,12 +37,11 @@ let listen t get_ts router =
      Eth.input t.eth
        ~arpv4:(Arp.input t.arp)
        ~ipv4:(fun ip ->
-            match Nat_packet.of_ipv4_packet t.fragments ~now:(get_ts ()) ip with
-            | exception ex ->
-              Log.err (fun f -> f "Error unmarshalling ethernet frame from uplink: %s@.%a" (Printexc.to_string ex)
-                          Cstruct.hexdump_pp frame
-                      );
-              Lwt.return_unit
+            let cache, r =
+              Nat_packet.of_ipv4_packet t.fragments ~now:(get_ts ()) ip
+            in
+            t.fragments <- cache;
+            match r with
            | Error e ->
              Log.warn (fun f -> f "Ignored unknown IPv4 message from uplink: %a" Nat_packet.pp_error e);
              Lwt.return_unit
@ -68,5 +67,5 @@ let connect config =
  let interface = new netvm_iface eth netvm_mac
    ~my_ip:ip
    ~other_ip:config.Dao.uplink_netvm_ip in
-  let fragments = Fragments.Cache.create (256 * 1024) in
+  let fragments = Fragments.Cache.empty (256 * 1024) in
  Lwt.return { net; eth; arp; interface ; fragments }