Git-Mirrors/qubes-mirage-firewall
1
0
Fork 0
mirror of https://github.com/mirage/qubes-mirage-firewall.git synced 2025-02-06 10:25:22 -05:00
Code Issues Packages Projects Releases Wiki Activity

If we can't find a free port, reset the NAT table

Browse Source
This commit is contained in:
Thomas Leonard 2016-01-02 16:50:16 +00:00
parent f1ed6ffdd8
commit 0e8e142337
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
firewall.ml
View File

@ -78,10 +78,16 @@ let translate t frame =
let random_user_port () = let random_user_port () =
1024 + Random.int (0xffff - 1024) 1024 + Random.int (0xffff - 1024)
let rec add_nat_rule_and_transmit t frame fn fmt logf = let rec add_nat_rule_and_transmit ?(retries=100) t frame fn fmt logf =
let xl_port = random_user_port () in let xl_port = random_user_port () in
match fn xl_port with match fn xl_port with
| Nat_rewrite.Overlap -> add_nat_rule_and_transmit t frame fn fmt logf (* Try a different port *) | Nat_rewrite.Overlap when retries < 0 -> return ()
| Nat_rewrite.Overlap ->
if retries = 0 then (
Log.warn "Failed to find a free port; resetting NAT table" Logs.unit;
Router.reset t;
);
add_nat_rule_and_transmit ~retries:(retries - 1) t frame fn fmt logf (* Try a different port *)
| Nat_rewrite.Unparseable -> | Nat_rewrite.Unparseable ->
Log.warn "Failed to add NAT rule: Unparseable" Logs.unit; Log.warn "Failed to add NAT rule: Unparseable" Logs.unit;
return () return ()