Git-Mirrors/qubes-mirage-firewall
1
0
Fork 0
mirror of https://github.com/mirage/qubes-mirage-firewall.git synced 2024-06-28 23:22:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix OOM check when adding NAT entries

Browse Source
This commit is contained in:
Thomas Leonard 2016-01-05 16:43:07 +00:00
parent 7e68eebbc8
commit 13138dc636
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
firewall.ml
View File

@ -84,6 +84,12 @@ let random_user_port () =
let rec add_nat_rule_and_transmit ?(retries=100) t frame fn fmt logf =
let xl_port = random_user_port () in
match fn xl_port with
| exception Out_of_memory ->
(* Because hash tables resize in big steps, this can happen even if we have a fair
chunk of free memory. *)
Log.warn "Out_of_memory adding NAT rule. Dropping NAT table..." Logs.unit;
Router.reset t;
add_nat_rule_and_transmit ~retries:(retries - 1) t frame fn fmt logf
| Nat_rewrite.Overlap when retries < 0 -> return ()
| Nat_rewrite.Overlap ->
if retries = 0 then (
@ -101,12 +107,6 @@ let rec add_nat_rule_and_transmit ?(retries=100) t frame fn fmt logf =
| None ->
Log.warn "No NAT entry, even after adding one!" Logs.unit;
return ()
| exception Out_of_memory ->
(* Because hash tables resize in big steps, this can happen even if we have a fair
chunk of free memory. *)
Log.warn "Out_of_memory adding NAT rule. Dropping NAT table..." Logs.unit;
Router.reset t;
add_nat_rule_and_transmit ~retries:(retries - 1) t frame fn fmt logf
(* Add a NAT rule for the endpoints in this frame, via a random port on the firewall. *)
let add_nat_and_forward_ipv4 t ~frame =