Show the packet when failing to add a NAT rule

The previous message was just:

    WRN [firewall] Failed to add NAT rewrite rule: Cannot NAT this packet
This commit is contained in:
Thomas Leonard 2017-04-08 13:12:38 +01:00
parent d8eb7ff387
commit 445b1711cb

View File

@ -77,6 +77,17 @@ let pp_packet fmt {src; dst; proto; packet = _} =
pp_host dst pp_host dst
pp_proto proto pp_proto proto
let pp_transport_headers f = function
| `ICMP (h, _) -> Icmpv4_packet.pp f h
| `TCP (h, _) -> Tcp.Tcp_packet.pp f h
| `UDP (h, _) -> Udp_packet.pp f h
let pp_header f = function
| `IPv4 (ip, transport) ->
Fmt.pf f "%a %a"
Ipv4_packet.pp ip
pp_transport_headers transport
(* NAT *) (* NAT *)
let translate t packet = let translate t packet =
@ -88,7 +99,7 @@ let add_nat_and_forward_ipv4 t packet =
My_nat.add_nat_rule_and_translate t.Router.nat ~xl_host `NAT packet >>= function My_nat.add_nat_rule_and_translate t.Router.nat ~xl_host `NAT packet >>= function
| Ok packet -> forward_ipv4 t packet | Ok packet -> forward_ipv4 t packet
| Error e -> | Error e ->
Log.warn (fun f -> f "Failed to add NAT rewrite rule: %s" e); Log.warn (fun f -> f "Failed to add NAT rewrite rule: %s (%a)" e pp_header packet);
Lwt.return () Lwt.return ()
(* Add a NAT rule to redirect this conversation to [host:port] instead of us. *) (* Add a NAT rule to redirect this conversation to [host:port] instead of us. *)
@ -100,7 +111,7 @@ let nat_to t ~host ~port packet =
My_nat.add_nat_rule_and_translate t.Router.nat ~xl_host (`Redirect (target, port)) packet >>= function My_nat.add_nat_rule_and_translate t.Router.nat ~xl_host (`Redirect (target, port)) packet >>= function
| Ok packet -> forward_ipv4 t packet | Ok packet -> forward_ipv4 t packet
| Error e -> | Error e ->
Log.warn (fun f -> f "Failed to add NAT redirect rule: %s" e); Log.warn (fun f -> f "Failed to add NAT redirect rule: %s (%a)" e pp_header packet);
Lwt.return () Lwt.return ()
(* Handle incoming packets *) (* Handle incoming packets *)