diff --git a/Dockerfile b/Dockerfile index 4c11bc1..c903ce6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,7 +7,7 @@ FROM ocurrent/opam@sha256:fce44a073ff874166b51c33a4e37782286d48dbba1b5aa43563a0d # Pin last known-good version for reproducible builds. # Remove this line (and the base image pin above) if you want to test with the # latest versions. -RUN cd ~/opam-repository && git fetch origin master && git reset --hard 295910defa4dedc27af45ca64d63e8927f8261ff && opam update +RUN cd ~/opam-repository && git fetch origin master && git reset --hard 479a47921a489d11833e03cf949bfb612bd65e41 && opam update RUN opam depext -i -y mirage RUN mkdir /home/opam/qubes-mirage-firewall diff --git a/build-with-docker.sh b/build-with-docker.sh index fc10431..ebacfca 100755 --- a/build-with-docker.sh +++ b/build-with-docker.sh @@ -5,5 +5,5 @@ docker build -t qubes-mirage-firewall . echo Building Firewall... docker run --rm -i -v `pwd`:/home/opam/qubes-mirage-firewall qubes-mirage-firewall echo "SHA2 of build: $(sha256sum qubes_firewall.xen)" -echo "SHA2 last known: 4f4b21a8f9d131486700f8be9bd15067878907313b2ebc7a048c27af8a918e1e" +echo "SHA2 last known: e2af3718b7f40ba533f378d1402a41008c3520fe84d991ab58d3230772cc824c" echo "(hashes should match for released versions)" diff --git a/client_net.ml b/client_net.ml index 8f0f975..a493f9b 100644 --- a/client_net.ml +++ b/client_net.ml @@ -116,11 +116,11 @@ let add_vif get_ts { Dao.ClientVif.domid; device_id } dns_client ~client_ip ~rou let listener = Lwt.catch (fun () -> - Netback.listen backend ~header_size:Ethernet_wire.sizeof_ethernet (fun frame -> - match Ethernet_packet.Unmarshal.of_cstruct frame with + Netback.listen backend ~header_size:Ethernet.Packet.sizeof_ethernet (fun frame -> + match Ethernet.Packet.of_cstruct frame with | Error err -> Log.warn (fun f -> f "Invalid Ethernet frame: %s" err); Lwt.return_unit | Ok (eth, payload) -> - match eth.Ethernet_packet.ethertype with + match eth.Ethernet.Packet.ethertype with | `ARP -> input_arp ~fixed_arp ~iface payload | `IPv4 -> input_ipv4 get_ts fragment_cache ~iface ~router dns_client payload | `IPv6 -> Lwt.return_unit (* TODO: oh no! *) diff --git a/config.ml b/config.ml index 452a165..2363eb5 100644 --- a/config.ml +++ b/config.ml @@ -23,8 +23,7 @@ let main = package "astring"; package "tcpip" ~min:"3.7.0"; package ~min:"2.3.0" ~sublibs:["mirage"] "arp"; - package "ethernet"; - package "mirage-protocols"; + package ~min:"3.0.0" "ethernet"; package "shared-memory-ring" ~min:"3.0.0"; package "netchannel" ~min:"1.11.0"; package "mirage-net-xen"; diff --git a/fw_utils.ml b/fw_utils.ml index e4a1789..3d547af 100644 --- a/fw_utils.ml +++ b/fw_utils.ml @@ -21,7 +21,7 @@ module IntMap = Map.Make(Int) (** An Ethernet interface. *) class type interface = object method my_mac : Macaddr.t - method writev : Mirage_protocols.Ethernet.proto -> (Cstruct.t -> int) -> unit Lwt.t + method writev : Ethernet.Packet.proto -> (Cstruct.t -> int) -> unit Lwt.t method my_ip : Ipaddr.V4.t method other_ip : Ipaddr.V4.t end @@ -37,7 +37,7 @@ end (** An Ethernet header from [src]'s MAC address to [dst]'s with an IPv4 payload. *) let eth_header ethertype ~src ~dst = - Ethernet_packet.Marshal.make_cstruct { Ethernet_packet.source = src; destination = dst; ethertype } + Ethernet.Packet.make_cstruct { Ethernet.Packet.source = src; destination = dst; ethertype } let error fmt = let err s = Failure s in diff --git a/uplink.ml b/uplink.ml index 683f006..c058d54 100644 --- a/uplink.ml +++ b/uplink.ml @@ -53,7 +53,7 @@ end | _ -> Firewall.ipv4_from_netvm router (`IPv4 (ip_header, ip_packet)) in - Netif.listen t.net ~header_size:Ethernet_wire.sizeof_ethernet (fun frame -> + Netif.listen t.net ~header_size:Ethernet.Packet.sizeof_ethernet (fun frame -> (* Handle one Ethernet frame from NetVM *) Eth.input t.eth ~arpv4:(Arp.input t.arp)