fallback to the command line specified uplink interface if no netvm interface

2025-04-16 05:23:02 -04:00 · 2023-07-01 11:56:14 +02:00 · 2023-07-01 11:56:14 +02:00 · ee2409dc61
commit ee2409dc61
parent 7f5729a12d
2 changed files with 32 additions and 16 deletions
--- a/firewall.ml
+++ b/firewall.ml
@ -91,21 +91,6 @@ let apply_rules t (rules : ('a, 'b) Packet.t -> Packet.action Lwt.t) ~dst (annot
      Log.debug (fun f -> f "Dropped packet (%s) %a" reason Nat_packet.pp packet);
      Lwt.return_unit

-let ipv4_from_client resolver dns_servers t ~src packet =
-  match Memory_pressure.status () with
-  | `Memory_critical -> Lwt.return_unit
-  | `Ok ->
-  (* Check for existing NAT entry for this packet *)
-    match translate t packet with
-    | Some frame -> forward_ipv4 t frame  (* Some existing connection or redirect *)
-    | None ->
-      (* No existing NAT entry. Check the firewall rules. *)
-      let `IPv4 (ip, _transport) = packet in
-      let dst = Router.classify t (Ipaddr.V4 ip.Ipv4_packet.dst) in
-      match of_mirage_nat_packet ~src:(`Client src) ~dst packet with
-      | None -> Lwt.return_unit
-      | Some firewall_packet -> apply_rules t (Rules.from_client resolver dns_servers) ~dst firewall_packet
-
 let ipv4_from_netvm t packet =
  match Memory_pressure.status () with
  | `Memory_critical -> Lwt.return_unit
@ -127,3 +112,25 @@ let ipv4_from_netvm t packet =
          match Packet.of_mirage_nat_packet ~src ~dst packet with
          | None -> Lwt.return_unit
          | Some packet -> apply_rules t Rules.from_netvm ~dst packet
+
+let ipv4_from_client resolver dns_servers t ~src packet =
+  match Memory_pressure.status () with
+  | `Memory_critical -> Lwt.return_unit
+  | `Ok ->
+  (* Check for existing NAT entry for this packet *)
+    match translate t packet with
+    | Some frame -> forward_ipv4 t frame  (* Some existing connection or redirect *)
+    | None ->
+      (* No existing NAT entry. Check the firewall rules. *)
+      let `IPv4 (ip, _transport) = packet in
+      match Router.classify t (Ipaddr.V4 ip.Ipv4_packet.src) with
+      | `Client _ | `Firewall -> (
+        let dst = Router.classify t (Ipaddr.V4 ip.Ipv4_packet.dst) in
+        match of_mirage_nat_packet ~src:(`Client src) ~dst packet with
+        | None -> Lwt.return_unit
+        | Some firewall_packet -> apply_rules t (Rules.from_client resolver dns_servers) ~dst firewall_packet
+      )
+      | `NetVM -> ipv4_from_netvm t packet
+      | `External _ ->
+        Log.warn (fun f -> f "Frame from Inside has external source IP address! %a" Nat_packet.pp packet);
+        Lwt.return_unit
--- a/router.ml
+++ b/router.ml
@ -4,6 +4,8 @@
 open Fw_utils

 (* The routing table *)
+let src = Logs.Src.create "router" ~doc:"Packet router"
+module Log = (val Logs.src_log src : Logs.LOG)

 type t = {
  config : Dao.network_config;
@ -19,7 +21,14 @@ let target t buf =
  let dst_ip = buf.Ipv4_packet.dst in
  match Client_eth.lookup t.clients dst_ip with
  | Some client_link -> Some (client_link :> interface)
-  | None -> t.uplink
+  | None -> begin match t.uplink with
+    | None -> (
+      match Client_eth.lookup t.clients t.config.netvm_ip with
+      | Some uplink -> Some (uplink :> interface)
+      | None -> None
+    )
+    | uplink -> uplink
+  end

 let add_client t = Client_eth.add_client t.clients
 let remove_client t = Client_eth.remove_client t.clients