mirror of
https://github.com/mirage/qubes-mirage-firewall.git
synced 2024-07-01 08:31:18 +00:00
Minor cleanups
This commit is contained in:
parent
11e18c0b83
commit
5a2f6f7ce8
5
dao.ml
5
dao.ml
|
@ -41,7 +41,6 @@ let watch_clients fn =
|
||||||
)
|
)
|
||||||
|
|
||||||
type network_config = {
|
type network_config = {
|
||||||
uplink_prefix : Ipaddr.V4.Prefix.t; (* The network connecting us to NetVM *)
|
|
||||||
uplink_netvm_ip : Ipaddr.V4.t; (* The IP address of NetVM (our gateway) *)
|
uplink_netvm_ip : Ipaddr.V4.t; (* The IP address of NetVM (our gateway) *)
|
||||||
uplink_our_ip : Ipaddr.V4.t; (* The IP address of our interface to NetVM *)
|
uplink_our_ip : Ipaddr.V4.t; (* The IP address of our interface to NetVM *)
|
||||||
|
|
||||||
|
@ -55,8 +54,6 @@ let read_network_config qubesDB =
|
||||||
| None -> raise (error "QubesDB key %S not present" name)
|
| None -> raise (error "QubesDB key %S not present" name)
|
||||||
| Some value -> value in
|
| Some value -> value in
|
||||||
let uplink_our_ip = get "/qubes-ip" |> Ipaddr.V4.of_string_exn in
|
let uplink_our_ip = get "/qubes-ip" |> Ipaddr.V4.of_string_exn in
|
||||||
let uplink_netmask = get "/qubes-netmask" |> Ipaddr.V4.of_string_exn in
|
|
||||||
let uplink_prefix = Ipaddr.V4.Prefix.of_netmask uplink_netmask uplink_our_ip in
|
|
||||||
let uplink_netvm_ip = get "/qubes-gateway" |> Ipaddr.V4.of_string_exn in
|
let uplink_netvm_ip = get "/qubes-gateway" |> Ipaddr.V4.of_string_exn in
|
||||||
let clients_prefix =
|
let clients_prefix =
|
||||||
(* This is oddly named: seems to be the network we provide to our clients *)
|
(* This is oddly named: seems to be the network we provide to our clients *)
|
||||||
|
@ -64,6 +61,6 @@ let read_network_config qubesDB =
|
||||||
let client_netmask = get "/qubes-netvm-netmask" |> Ipaddr.V4.of_string_exn in
|
let client_netmask = get "/qubes-netvm-netmask" |> Ipaddr.V4.of_string_exn in
|
||||||
Ipaddr.V4.Prefix.of_netmask client_netmask client_network in
|
Ipaddr.V4.Prefix.of_netmask client_netmask client_network in
|
||||||
let clients_our_ip = get "/qubes-netvm-gateway" |> Ipaddr.V4.of_string_exn in
|
let clients_our_ip = get "/qubes-netvm-gateway" |> Ipaddr.V4.of_string_exn in
|
||||||
{ uplink_prefix; uplink_netvm_ip; uplink_our_ip; clients_prefix; clients_our_ip }
|
{ uplink_netvm_ip; uplink_our_ip; clients_prefix; clients_our_ip }
|
||||||
|
|
||||||
let set_iptables_error db = Qubes.DB.write db "/qubes-iptables-error"
|
let set_iptables_error db = Qubes.DB.write db "/qubes-iptables-error"
|
||||||
|
|
1
dao.mli
1
dao.mli
|
@ -19,7 +19,6 @@ val client_vifs : int -> client_vif list Lwt.t
|
||||||
(** [client_vif domid] is the list of network interfaces to the client VM [domid]. *)
|
(** [client_vif domid] is the list of network interfaces to the client VM [domid]. *)
|
||||||
|
|
||||||
type network_config = {
|
type network_config = {
|
||||||
uplink_prefix : Ipaddr.V4.Prefix.t; (* The network connecting us to NetVM *)
|
|
||||||
uplink_netvm_ip : Ipaddr.V4.t; (* The IP address of NetVM (our gateway) *)
|
uplink_netvm_ip : Ipaddr.V4.t; (* The IP address of NetVM (our gateway) *)
|
||||||
uplink_our_ip : Ipaddr.V4.t; (* The IP address of our interface to NetVM *)
|
uplink_our_ip : Ipaddr.V4.t; (* The IP address of our interface to NetVM *)
|
||||||
|
|
||||||
|
|
|
@ -34,7 +34,7 @@ let remove_client t = Client_eth.remove_client t.client_eth
|
||||||
let forward_ipv4 router buf =
|
let forward_ipv4 router buf =
|
||||||
match Memory_pressure.status () with
|
match Memory_pressure.status () with
|
||||||
| `Memory_critical -> (* TODO: should happen before copying and async *)
|
| `Memory_critical -> (* TODO: should happen before copying and async *)
|
||||||
print_endline "Memory low - dropping packet";
|
Log.warn "Memory low - dropping packet" Logs.unit;
|
||||||
return ()
|
return ()
|
||||||
| `Ok ->
|
| `Ok ->
|
||||||
match target router buf with
|
match target router buf with
|
||||||
|
|
|
@ -43,11 +43,12 @@ module Make(Clock : V1.CLOCK) = struct
|
||||||
|
|
||||||
let listen t router =
|
let listen t router =
|
||||||
Netif.listen t.net (fun frame ->
|
Netif.listen t.net (fun frame ->
|
||||||
Eth.input
|
(* Handle one Ethernet frame from NetVM *)
|
||||||
|
Eth.input t.eth
|
||||||
~arpv4:(Arp.input t.arp)
|
~arpv4:(Arp.input t.arp)
|
||||||
~ipv4:(unnat t router frame)
|
~ipv4:(unnat t router frame)
|
||||||
~ipv6:(fun _buf -> return ())
|
~ipv6:(fun _buf -> return ())
|
||||||
t.eth frame
|
frame
|
||||||
)
|
)
|
||||||
|
|
||||||
let interface t = t.interface
|
let interface t = t.interface
|
||||||
|
|
Loading…
Reference in New Issue
Block a user