mirror of
https://github.com/mirage/qubes-mirage-firewall.git
synced 2025-09-28 22:59:41 -04:00
Mirage 3 support
This commit is contained in:
Thomas Leonard
parent
150208fc72
commit
bb78a726e4
20 changed files with 423 additions and 341 deletions
22
router.ml
22
router.ml
|
|
@ -1,26 +1,21 @@
|
|||
(* Copyright (C) 2015, Thomas Leonard <thomas.leonard@unikernel.com>
|
||||
See the README file for details. *)
|
||||
|
||||
open Utils
|
||||
|
||||
let src = Logs.Src.create "router" ~doc:"Router"
|
||||
module Log = (val Logs.src_log src : Logs.LOG)
|
||||
open Fw_utils
|
||||
|
||||
(* The routing table *)
|
||||
|
||||
type t = {
|
||||
client_eth : Client_eth.t;
|
||||
mutable nat : Nat_lookup.t;
|
||||
nat : My_nat.t;
|
||||
uplink : interface;
|
||||
}
|
||||
|
||||
let create ~client_eth ~uplink =
|
||||
let nat = Nat_lookup.empty () in
|
||||
let create ~client_eth ~uplink ~nat =
|
||||
{ client_eth; nat; uplink }
|
||||
|
||||
let target t buf =
|
||||
let open Wire_structs.Ipv4_wire in
|
||||
let dst_ip = get_ipv4_dst buf |> Ipaddr.V4.of_int32 in
|
||||
let dst_ip = buf.Ipv4_packet.dst in
|
||||
match Client_eth.lookup t.client_eth dst_ip with
|
||||
| Some client_link -> Some (client_link :> interface)
|
||||
| None -> Some t.uplink
|
||||
|
|
@ -37,12 +32,3 @@ let resolve t = function
|
|||
| `Firewall_uplink -> Ipaddr.V4 t.uplink#my_ip
|
||||
| `NetVM -> Ipaddr.V4 t.uplink#other_ip
|
||||
| #Client_eth.host as host -> Client_eth.resolve t.client_eth host
|
||||
|
||||
(* To avoid needing to allocate a new NAT table when we've run out of
|
||||
memory, pre-allocate the new one ahead of time. *)
|
||||
let next_nat = ref (Nat_lookup.empty ())
|
||||
let reset t =
|
||||
t.nat <- !next_nat;
|
||||
(* (at this point, the big old NAT table can be GC'd, so allocating
|
||||
a new one should be OK) *)
|
||||
next_nat := Nat_lookup.empty ()
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue