mirror of
https://github.com/mirage/qubes-mirage-firewall.git
synced 2024-10-01 01:05:39 -04:00
Improve OOM handling when adding a NAT forward entry
The callback function was partially applied, meaning that it always used the NAT table that was in use when processing started, even if the OOM handler had replaced the table by then. This meant that the retry attempt would always fail, since it tried to add it to the existing full table, and also prevented that table from being GC'd.
This commit is contained in:
parent
cd917bab7f
commit
0826f046d2
@ -112,7 +112,8 @@ let rec add_nat_rule_and_transmit ?(retries=100) t frame fn logf =
|
|||||||
let add_nat_and_forward_ipv4 t ~frame =
|
let add_nat_and_forward_ipv4 t ~frame =
|
||||||
let xl_host = Ipaddr.V4 t.Router.uplink#my_ip in
|
let xl_host = Ipaddr.V4 t.Router.uplink#my_ip in
|
||||||
add_nat_rule_and_transmit t frame
|
add_nat_rule_and_transmit t frame
|
||||||
(Nat_rewrite.make_nat_entry t.Router.nat frame xl_host)
|
(* Note: DO NOT partially apply; [t.nat] may change between calls *)
|
||||||
|
(fun xl_port -> Nat_rewrite.make_nat_entry t.Router.nat frame xl_host xl_port)
|
||||||
(fun xl_port f ->
|
(fun xl_port f ->
|
||||||
match Nat_rewrite.layers frame with
|
match Nat_rewrite.layers frame with
|
||||||
| None -> assert false
|
| None -> assert false
|
||||||
|
Loading…
Reference in New Issue
Block a user