Thomas Leonard
cb7078633e
Update dependencies
...
Remove pin on mirage 3.4 - it should now be working with the latest
release.
2019-04-03 12:32:13 +01:00
Mindy Preston
7f10c24232
Merge pull request #46 from hannesm/no-14
...
use Ethernet_wire.sizeof_ethernet instead of a magic '14'
2019-03-25 10:43:13 -05:00
Thomas Leonard
aa405530b4
Merge pull request #45 from yomimono/just-into-cstruct
...
use tcpip 3.7, ethernet, arp, mirage-nat 1.1.0
2019-03-24 13:33:05 +00:00
Hannes Mehnert
3553a7aa93
use Ethernet_wire.sizeof_ethernet instead of a magic '14'
2019-03-24 14:29:21 +01:00
Thomas Leonard
7f99973a02
Update Docker build for Mirage 3.5
2019-03-24 13:21:39 +00:00
Thomas Leonard
f1a946af4e
Merge pull request #44 from xaki23/master
...
update ocaml version (4.05 to 4.07), pin-down mirage version (3.5 to 3.4)
2019-03-23 17:00:18 +00:00
Mindy
0852aa0f43
use tcpip 3.7, ethernet, arp, mirage-nat 1.1.0
2019-03-22 14:27:40 -05:00
Mindy
d7cd4e2961
typo fix
2019-03-17 20:16:35 -05:00
xaki23
04bea6e9ba
update ocaml version (from 4.05 to 4.07), pin-down mirage version (to 3.4, 3.5 is current)
2019-03-06 23:43:49 +01:00
Thomas Leonard
455149249f
Merge pull request #43 from mirage/update-readme
...
Update links from talex5 to mirage
2019-03-01 09:06:31 +00:00
Thomas Leonard
ab88d413c4
Update links from talex5 to mirage
2019-02-26 16:57:40 +00:00
Thomas Leonard
2edb088650
Update to latest Debian and opam
...
Reported by Honzoo.
2019-02-01 09:36:08 +00:00
Thomas Leonard
4526375a19
Note that Git versions might have different hashes
2019-01-19 10:32:27 +00:00
Ahmed Al-Sudani
ef09eb50ac
Update last known build hash
2019-01-16 14:17:09 -05:00
Thomas Leonard
791342d508
Merge pull request #38 from talex5/fix-restart-delay
...
Don't wait for GUI before attaching client VMs
2019-01-10 13:11:44 +00:00
Thomas Leonard
d849a09a25
Don't wait for GUI before attaching client VMs
...
If the firewall is restarted while AppVMs are connected, qubesd tries to
reconnect them before starting the GUI agent. However, the firewall was
waiting for the GUI agent to connect before handling the connections.
This led to a 10s delay on restart for each client VM.
Reported by xaki23.
2019-01-10 12:55:48 +00:00
Thomas Leonard
b123abb1d3
Merge pull request #37 from xaki23/master
...
add stub makefile for qubes-builder
2018-12-01 13:35:15 +00:00
xaki23
184d320a8f
add stub makefile for qubes-builder
2018-11-30 00:08:26 +01:00
Thomas Leonard
8ed4289b2a
Merge pull request #36 from talex5/fix-docker-build
...
Update build instructions for latest Fedora
2018-11-04 14:59:48 +00:00
Thomas Leonard
0d0159b56f
Update build instructions for latest Fedora
...
`yum` no longer exists. Also, show how to create a symlink for
/var/lib/docker on build VMs that aren't standalone.
Reported by xaki23.
2018-11-04 14:36:19 +00:00
Thomas Leonard
d6b4dc6a52
Merge pull request #33 from talex5/fix-docker-build
...
Update Debian base image in Docker build
2018-11-03 18:22:01 +00:00
Thomas Leonard
78e219da8c
Update Debian base image in Docker build
...
Had stopped working:
Err http://security.debian.org/ jessie/updates/main libxenstore3.0 amd64 4.4.1-9+deb8u10
404 Not Found [IP: 128.61.240.73 80]
Updated from Debian 8 to Debian 9, and from opam to opam2.
2018-11-03 17:27:48 +00:00
Thomas Leonard
2fd9e6a136
Merge pull request #27 from talex5/qubes-4-readme
...
Add installation instructions for Qubes 4
2018-01-06 12:35:36 +00:00
Thomas Leonard
b77d91cb20
Add installation instructions for Qubes 4
2018-01-06 12:24:50 +00:00
Thomas Leonard
6e6ff755eb
Update to newly released version of netchannel
2017-12-16 22:37:41 +00:00
Thomas Leonard
aca156f21b
Update to released shared-memory-ring
2017-11-15 17:28:33 +00:00
Thomas Leonard
6fafa2f65a
Merge pull request #17 from talex5/fix-netback
...
Use Git master for shared-memory-ring and netchannel
2017-11-09 18:06:21 +00:00
Thomas Leonard
f4a978b13c
Update Travis to test with Docker
2017-11-09 17:52:57 +00:00
Thomas Leonard
b114e569f2
Use Git master for shared-memory-ring and netchannel
...
This adds support for HVM and disposable domains.
Also, update the suggested RAM allocation slightly as 20 MB can be too
small with lots of VMs.
2017-11-09 17:08:59 +00:00
Thomas Leonard
ef0eb56fb8
Merge pull request #15 from talex5/nat
...
Use released mirage-nat 1.0
2017-10-19 21:01:52 +01:00
Thomas Leonard
997d538a93
Use released mirage-nat 1.0
2017-10-15 15:24:56 +01:00
Thomas Leonard
42fcbdf1ad
Merge pull request #14 from talex5/bitrot
...
Update Dockerfile to use newer Debian base image
2017-09-12 18:36:25 +01:00
Thomas Leonard
d61c2312c1
Fix Travis
2017-09-12 18:25:33 +01:00
Thomas Leonard
794ca35d23
Update Dockerfile to use newer Debian base image
...
Was failing with
```
E: Failed to fetch http://security.debian.org/pool/updates/main/x/xen/libxenstore3.0_4.4.1-9+deb8u8_amd64.deb 404 Not Found [IP: 212.211.132.32 80]
```
2017-09-12 16:57:01 +01:00
Thomas Leonard
e55c304160
Drop frames if the xmit queue gets too long
...
With lots of VMs updating, the firewall quit with:
2017-04-23 20:47:52 -00:00: INF [frameQ] Queue length for 10.137.3.11: incr to 474
2017-04-23 20:47:52 -00:00: INF [memory_pressure] Writing meminfo: free 2648 / 17504 kB (15.13 %)
[...]
Fatal error: out of memory.
The firewall will now drop frames when more than 10 are queued (note
that queuing only starts once the network driver's transmit buffer is
already full).
2017-04-29 12:05:30 +01:00
Thomas Leonard
445b1711cb
Show the packet when failing to add a NAT rule
...
The previous message was just:
WRN [firewall] Failed to add NAT rewrite rule: Cannot NAT this packet
2017-04-08 13:28:23 +01:00
Thomas Leonard
d8eb7ff387
Merge pull request #13 from talex5/update-readme
...
Add more detailed installation instructions
2017-04-07 17:05:51 +01:00
Thomas Leonard
f4df389713
Add more detailed installation instructions
2017-04-07 13:10:10 +01:00
Thomas Leonard
78f25ea2c5
Fix build instructions
...
No need to run `make tar` manually now.
2017-03-27 13:45:06 +01:00
Thomas Leonard
583366b22b
Remove non-Docker build instructions
...
Fedora 24 doesn't work with opam (because the current binary release of
aspcud's clasp binary segfaults, which opam reports as `External solver
failed with inconsistent return value.`).
2017-03-18 17:59:06 +00:00
Thomas Leonard
5158853c30
Update README
2017-03-18 11:34:22 +00:00
Thomas Leonard
55972cca30
Update to Mirage 3 and latest mirage-nat
...
In particular, this:
- Adds support for ICMP queries and errors.
- Uses an LRU cache to avoid running out of memory and needing to reset
the table.
- Passes around parsed packets rather than raw ethernet frames.
2017-03-18 11:27:06 +00:00
Thomas Leonard
630304500f
Update build for Mirage 3
2017-03-18 10:46:06 +00:00
Thomas Leonard
75dd8503c5
Use LRU cache to prevent out-of-memory errors
2017-03-18 09:56:07 +00:00
Thomas Leonard
0ef60ae767
Update to new mirage-nat API
2017-03-12 15:14:06 +00:00
Thomas Leonard
6f8d83f828
Use new Nat.reset function to clear the table
2017-03-07 16:06:18 +00:00
Thomas Leonard
ac711f4eee
Add ICMP ping support
2017-03-07 10:02:54 +00:00
Thomas Leonard
15fb063137
Pin tcpip
2017-03-06 14:31:26 +00:00
Thomas Leonard
e070044fef
Add extra logging
2017-03-06 14:30:41 +00:00
Thomas Leonard
b4079ac861
Update to new mirage-nat API
2017-03-05 17:04:05 +00:00