Reset NAT table if memory gets low
This commit is contained in:
Thomas Leonard
parent
1779f0fdbe
commit
425ba26286
18
firewall.ml
18
firewall.ml
|
|
@ -145,11 +145,17 @@ let apply_rules t rules info =
|
|||
Log.info "Dropped packet (%s) %a" (fun f -> f reason pp_packet info);
|
||||
return ()
|
||||
|
||||
let ipv4_from_client t frame =
|
||||
let handle_low_memory t =
|
||||
match Memory_pressure.status () with
|
||||
| `Memory_critical -> (* TODO: should happen before copying and async *)
|
||||
Log.warn "Memory low - dropping packet" Logs.unit;
|
||||
return ()
|
||||
Log.warn "Memory low - dropping packet and resetting NAT table" Logs.unit;
|
||||
Router.reset t;
|
||||
`Memory_critical
|
||||
| `Ok -> `Ok
|
||||
|
||||
let ipv4_from_client t frame =
|
||||
match handle_low_memory t with
|
||||
| `Memory_critical -> return ()
|
||||
| `Ok ->
|
||||
(* Check for existing NAT entry for this packet *)
|
||||
match translate t frame with
|
||||
|
|
@ -161,10 +167,8 @@ let ipv4_from_client t frame =
|
|||
| Some info -> apply_rules t Rules.from_client info
|
||||
|
||||
let ipv4_from_netvm t frame =
|
||||
match Memory_pressure.status () with
|
||||
| `Memory_critical -> (* TODO: should happen before copying and async *)
|
||||
Log.warn "Memory low - dropping packet" Logs.unit;
|
||||
return ()
|
||||
match handle_low_memory t with
|
||||
| `Memory_critical -> return ()
|
||||
| `Ok ->
|
||||
match classify t frame with
|
||||
| None -> return ()
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ module Log = (val Logs.src_log src : Logs.LOG)
|
|||
|
||||
type t = {
|
||||
client_eth : Client_eth.t;
|
||||
nat : Nat_lookup.t;
|
||||
mutable nat : Nat_lookup.t;
|
||||
uplink : interface;
|
||||
}
|
||||
|
||||
|
|
@ -42,3 +42,6 @@ let resolve t = function
|
|||
| `Firewall_uplink -> Ipaddr.V4 t.uplink#my_ip
|
||||
| `NetVM -> Ipaddr.V4 t.uplink#other_ip
|
||||
| #Client_eth.host as host -> Client_eth.resolve t.client_eth host
|
||||
|
||||
let reset t =
|
||||
t.nat <- Nat_lookup.empty ()
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ open Utils
|
|||
|
||||
type t = private {
|
||||
client_eth : Client_eth.t;
|
||||
nat : Nat_lookup.t;
|
||||
mutable nat : Nat_lookup.t;
|
||||
uplink : interface;
|
||||
}
|
||||
(** A routing table. *)
|
||||
|
|
@ -30,3 +30,6 @@ val remove_client : t -> client_link -> unit
|
|||
|
||||
val classify : t -> Ipaddr.t -> Packet.host
|
||||
val resolve : t -> Packet.host -> Ipaddr.t
|
||||
|
||||
val reset : t -> unit
|
||||
(** Clear the NAT table (to free memory). *)
|
||||
|
|
|
|||
Loading…
Reference in New Issue