mirror of
https://github.com/mirage/qubes-mirage-firewall.git
synced 2025-01-03 19:40:49 -05:00
Fix OOM check when adding NAT entries
This commit is contained in:
parent
7e68eebbc8
commit
13138dc636
12
firewall.ml
12
firewall.ml
@ -84,6 +84,12 @@ let random_user_port () =
|
|||||||
let rec add_nat_rule_and_transmit ?(retries=100) t frame fn fmt logf =
|
let rec add_nat_rule_and_transmit ?(retries=100) t frame fn fmt logf =
|
||||||
let xl_port = random_user_port () in
|
let xl_port = random_user_port () in
|
||||||
match fn xl_port with
|
match fn xl_port with
|
||||||
|
| exception Out_of_memory ->
|
||||||
|
(* Because hash tables resize in big steps, this can happen even if we have a fair
|
||||||
|
chunk of free memory. *)
|
||||||
|
Log.warn "Out_of_memory adding NAT rule. Dropping NAT table..." Logs.unit;
|
||||||
|
Router.reset t;
|
||||||
|
add_nat_rule_and_transmit ~retries:(retries - 1) t frame fn fmt logf
|
||||||
| Nat_rewrite.Overlap when retries < 0 -> return ()
|
| Nat_rewrite.Overlap when retries < 0 -> return ()
|
||||||
| Nat_rewrite.Overlap ->
|
| Nat_rewrite.Overlap ->
|
||||||
if retries = 0 then (
|
if retries = 0 then (
|
||||||
@ -101,12 +107,6 @@ let rec add_nat_rule_and_transmit ?(retries=100) t frame fn fmt logf =
|
|||||||
| None ->
|
| None ->
|
||||||
Log.warn "No NAT entry, even after adding one!" Logs.unit;
|
Log.warn "No NAT entry, even after adding one!" Logs.unit;
|
||||||
return ()
|
return ()
|
||||||
| exception Out_of_memory ->
|
|
||||||
(* Because hash tables resize in big steps, this can happen even if we have a fair
|
|
||||||
chunk of free memory. *)
|
|
||||||
Log.warn "Out_of_memory adding NAT rule. Dropping NAT table..." Logs.unit;
|
|
||||||
Router.reset t;
|
|
||||||
add_nat_rule_and_transmit ~retries:(retries - 1) t frame fn fmt logf
|
|
||||||
|
|
||||||
(* Add a NAT rule for the endpoints in this frame, via a random port on the firewall. *)
|
(* Add a NAT rule for the endpoints in this frame, via a random port on the firewall. *)
|
||||||
let add_nat_and_forward_ipv4 t ~frame =
|
let add_nat_and_forward_ipv4 t ~frame =
|
||||||
|
Loading…
Reference in New Issue
Block a user