Git-Mirrors/qubes-mirage-firewall
1
0
Fork 0
mirror of https://github.com/mirage/qubes-mirage-firewall.git synced 2024-10-01 01:05:39 -04:00
Code Issues Packages Projects Releases Wiki Activity

Handle Out_of_memory adding NAT entries

Browse Source 
Because hash tables resize in big steps, this can happen even if we have
a fair chunk of free memory.
This commit is contained in:
Thomas Leonard 2016-01-03 17:08:33 +00:00
parent 491dbd9323
commit ea7c10ce58
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
firewall.ml
View File

@ -101,6 +101,12 @@ let rec add_nat_rule_and_transmit ?(retries=100) t frame fn fmt logf =
| None ->
Log.warn "No NAT entry, even after adding one!" Logs.unit;
return ()
| exception Out_of_memory ->
(* Because hash tables resize in big steps, this can happen even if we have a fair
chunk of free memory. *)
Log.warn "Out_of_memory adding NAT rule. Dropping NAT table..." Logs.unit;
Router.reset t;
add_nat_rule_and_transmit ~retries:(retries - 1) t frame fn fmt logf
(* Add a NAT rule for the endpoints in this frame, via a random port on the firewall. *)
let add_nat_and_forward_ipv4 t ~frame =