Commit Graph

292 Commits

Author SHA1 Message Date
Thomas Leonard
08bc6e2b00 Add work-around for Qubes passing Linux kernel arguments
With the new Functoria release of Mirage, these unrecognised arguments
prevented the unikernel from booting.

See: https://github.com/mirage/mirage/issues/493
2016-03-01 09:41:43 +00:00
Thomas Leonard
0826f046d2 Improve OOM handling when adding a NAT forward entry
The callback function was partially applied, meaning that it always used
the NAT table that was in use when processing started, even if the OOM
handler had replaced the table by then. This meant that the retry
attempt would always fail, since it tried to add it to the existing full
table, and also prevented that table from being GC'd.
2016-02-27 12:48:32 +00:00
Thomas Leonard
cd917bab7f Fix travis 2016-02-23 11:48:13 +00:00
Thomas Leonard
70d7fe5d1b Remove mirage-logs pin
Now available from the main repository.
2016-02-19 09:47:44 +00:00
Thomas Leonard
606afb53ea Reduce logging verbosity 2016-02-10 08:34:17 +00:00
Thomas Leonard
62aec06be9 Try to avoid running out of memory on NAT reset
Before, when resetting the NAT table to handle an out-of-memory
condition we tried to allocate the new table while still holding
the reference to the old one. It should be more reliable to drop
the old reference first.

Log showed:

    2016-01-31 19:33.47: INF [firewall] added NAT redirect 10.137.3.12:32860 -> 53:firewall:52517 -> 53:net-vm
    2016-01-31 19:33.52: WRN [firewall] Out_of_memory adding NAT rule. Dropping NAT table...
    --- End dump ---
    Fatal error: exception Out of memory
    Raised by primitive operation at file "hashtbl.ml", line 63, characters 52-70
    Called from file "router.ml", line 47, characters 11-30
    Called from file "src/core/lwt.ml", line 907, characters 20-24
    Mirage exiting with status 2
    Do_exit called!
2016-01-31 21:03:35 +00:00
Thomas Leonard
26adeee1da Remove mirage-qubes pin
mirage-qubes 0.2 has been released, and supports the latests Logs API.
2016-01-20 12:02:36 +00:00
Thomas Leonard
221c797241 Survive death of GUId connection
We don't need the GUI anyway. Error was:

    Fatal error: exception Failure("End-of-file from GUId in dom0")
    Raised at file "pervasives.ml", line 30, characters 22-33
    Called from file "src/core/lwt.ml", line 754, characters 44-47
    Mirage exiting with status 2
    Do_exit called!
2016-01-17 13:19:40 +00:00
Thomas Leonard
3409a19792 Keep track of transmit queue lengths
Log if we have to wait to send a frame.
2016-01-17 11:42:40 +00:00
Thomas Leonard
6fd7b01c65 Remove XenStore debug code
Was causing a Not_found error when used with the released version of
XenStore, which doesn't provide a log.

Reported by Cyril Levis.
2016-01-16 20:12:58 +00:00
Thomas Leonard
987834f6a6 Use mirage-logs library for log reporter
Also, configure Xen debug messages to go to the log ring buffer but not
the console (they will be shown only if an error occurs).
2016-01-11 16:40:26 +00:00
Thomas Leonard
4ddb80cd9d Remove mirage-net-xen pin
Version 1.5 has now been released, and includes netback support.
2016-01-11 12:00:57 +00:00
Thomas Leonard
e05a92da50 Update to new Logs API
Note: this reintroduces mirage-qubes pin, as that uses Logs too.
2016-01-08 11:40:11 +00:00
Thomas Leonard
54ad568612 Remove pin for mirage-clock-xen
New version has been released now.
2016-01-05 18:37:32 +00:00
Thomas Leonard
03aca6b8b9 Respond to WaitForSession commands 2016-01-05 16:50:14 +00:00
Thomas Leonard
13138dc636 Fix OOM check when adding NAT entries 2016-01-05 16:43:07 +00:00
Thomas Leonard
7e68eebbc8 Remove mirage-qubes pin; it's released now 2016-01-05 13:49:16 +00:00
Thomas Leonard
d4775a1fcd Log SetDateTime messages from dom0 2016-01-05 13:43:02 +00:00
Thomas Leonard
ea7c10ce58 Handle Out_of_memory adding NAT entries
Because hash tables resize in big steps, this can happen even if we have
a fair chunk of free memory.
2016-01-03 17:10:02 +00:00
Thomas Leonard
491dbd9323 Calculate checksums even for Accept action
If packet has been NAT'd then we certainly need to recalculate the checksum,
but even for direct pass-through it might have been received with an invalid
checksum due to checksum offload. For now, recalculate full checksum in all
cases.

See #1.
2016-01-03 14:14:00 +00:00
Thomas Leonard
96bc12c591 Log correct destination for redirected packets
Before, we always said it was going to "NetVM".
2016-01-02 20:38:38 +00:00
Thomas Leonard
0e8e142337 If we can't find a free port, reset the NAT table 2016-01-02 16:50:16 +00:00
Thomas Leonard
f1ed6ffdd8 Report current memory use to XenStore 2016-01-02 16:14:02 +00:00
Thomas Leonard
425ba26286 Reset NAT table if memory gets low 2016-01-02 15:50:05 +00:00
Thomas Leonard
1779f0fdbe Removed unused function 2016-01-02 15:27:25 +00:00
Thomas Leonard
61c4c730d4 Link to blog post 2016-01-02 08:34:39 +00:00
Thomas Leonard
7e76123a37 Build also requires patch
Reported by William Waites.
2016-01-02 08:30:29 +00:00
Thomas Leonard
a801e538f2 Add 'make tar' build target 2016-01-01 15:49:06 +00:00
Thomas Leonard
aee124338a Minor cleanup 2016-01-01 13:03:18 +00:00
Thomas Leonard
1da8775814 Provide same actions to client and NetVM rules 2016-01-01 12:54:44 +00:00
Thomas Leonard
d0f4189df8 Turn off XenStore debug logging 2016-01-01 12:37:39 +00:00
Thomas Leonard
2002126b8b Rationalised firewall rules syntax
Added explicit NAT target, allowing NAT even within client net and
making it clear that NAT is used externally.

Changed Redirect_to_netvm to NAT_to, and allow specifying any target
host.
2016-01-01 11:32:57 +00:00
Thomas Leonard
4032a5d776 Simplify code slightly 2016-01-01 10:56:37 +00:00
Thomas Leonard
86b31f7f4b Process all client frames
Before, we only looked at frames with our MAC address, but we may want
to handle client-to-client communication too.
2015-12-31 15:56:56 +00:00
Thomas Leonard
0d864d6cde Minor cleanup 2015-12-31 15:30:32 +00:00
Thomas Leonard
ac0444f1c1 Log packet details when dropping 2015-12-31 09:56:58 +00:00
Thomas Leonard
cd69ce5a86 Move NAT code to router and add DNS redirects 2015-12-30 19:34:04 +00:00
Thomas Leonard
5a2f6f7ce8 Minor cleanups 2015-12-30 14:32:59 +00:00
Thomas Leonard
11e18c0b83 Moved uplink code to its own module 2015-12-30 14:22:46 +00:00
Thomas Leonard
9dc7d01896 Moved client networking to its own module
Renamed the old Client_net to Client_eth, as it just handles the
Ethernet layer.
2015-12-30 13:52:56 +00:00
Thomas Leonard
f3332ed4da Split database access into its own module 2015-12-30 12:07:29 +00:00
Thomas Leonard
914b6bbbf6 Initial import 2015-12-30 11:07:17 +00:00