Git-Mirrors/qubes-mirage-firewall
1
0
Fork 0
mirror of https://github.com/mirage/qubes-mirage-firewall.git synced 2024-10-01 01:05:39 -04:00
Code Issues Packages Projects Releases Wiki Activity
98 Commits 1 Branch 18 Tags 1 MiB
0852aa0f43
Commit Graph

18 Commits

Author SHA1 Message Date
Mindy
0852aa0f43 use tcpip 3.7, ethernet, arp, mirage-nat 1.1.0 2019-03-22 14:27:40 -05:00
Thomas Leonard
2edb088650 Update to latest Debian and opam 
Reported by Honzoo.
 2019-02-01 09:36:08 +00:00
Thomas Leonard
b114e569f2 Use Git master for shared-memory-ring and netchannel 
This adds support for HVM and disposable domains.

Also, update the suggested RAM allocation slightly as 20 MB can be too
small with lots of VMs.
 2017-11-09 17:08:59 +00:00
Thomas Leonard
e070044fef Add extra logging 2017-03-06 14:30:41 +00:00
Thomas Leonard
b4079ac861 Update to new mirage-nat API 2017-03-05 17:04:05 +00:00
Thomas Leonard
bb78a726e4 Mirage 3 support 2017-03-04 17:22:58 +00:00
Thomas Leonard
312627e078 Monitor set of client interfaces, not client domains 
Qubes does not remove the client directory itself when the domain exits.
Combined with 63cbb4bed0, this prevented clients from reconnecting.

This may also make it possible to connect clients to the firewall via
multiple interfaces, although this doesn't seem useful.
 2016-10-01 16:11:16 +01:00
Thomas Leonard
9c33da3bfd Handle errors writing to client 
mirage-net-xen would report Netback_shutdown if we tried to write to a
client after it had disconnected. Now we just log this and continue.
 2016-09-25 16:36:18 +01:00
Thomas Leonard
63cbb4bed0 Ensure that old client has quit before adding new one 
Not sure if this can happen, but it removes a TODO from the code.
 2016-09-25 16:36:18 +01:00
Thomas Leonard
3409a19792 Keep track of transmit queue lengths 
Log if we have to wait to send a frame.
 2016-01-17 11:42:40 +00:00
Thomas Leonard
e05a92da50 Update to new Logs API 
Note: this reintroduces mirage-qubes pin, as that uses Logs too.
 2016-01-08 11:40:11 +00:00
Thomas Leonard
2002126b8b Rationalised firewall rules syntax 
Added explicit NAT target, allowing NAT even within client net and
making it clear that NAT is used externally.

Changed Redirect_to_netvm to NAT_to, and allow specifying any target
host.
 2016-01-01 11:32:57 +00:00
Thomas Leonard
4032a5d776 Simplify code slightly 2016-01-01 10:56:37 +00:00
Thomas Leonard
86b31f7f4b Process all client frames 
Before, we only looked at frames with our MAC address, but we may want
to handle client-to-client communication too.
 2015-12-31 15:56:56 +00:00
Thomas Leonard
0d864d6cde Minor cleanup 2015-12-31 15:30:32 +00:00
Thomas Leonard
cd69ce5a86 Move NAT code to router and add DNS redirects 2015-12-30 19:34:04 +00:00
Thomas Leonard
9dc7d01896 Moved client networking to its own module 
Renamed the old Client_net to Client_eth, as it just handles the
Ethernet layer.
 2015-12-30 13:52:56 +00:00
Thomas Leonard
914b6bbbf6 Initial import 2015-12-30 11:07:17 +00:00