The callback function was partially applied, meaning that it always used
the NAT table that was in use when processing started, even if the OOM
handler had replaced the table by then. This meant that the retry
attempt would always fail, since it tried to add it to the existing full
table, and also prevented that table from being GC'd.
Before, when resetting the NAT table to handle an out-of-memory
condition we tried to allocate the new table while still holding
the reference to the old one. It should be more reliable to drop
the old reference first.
Log showed:
2016-01-31 19:33.47: INF [firewall] added NAT redirect 10.137.3.12:32860 -> 53:firewall:52517 -> 53:net-vm
2016-01-31 19:33.52: WRN [firewall] Out_of_memory adding NAT rule. Dropping NAT table...
--- End dump ---
Fatal error: exception Out of memory
Raised by primitive operation at file "hashtbl.ml", line 63, characters 52-70
Called from file "router.ml", line 47, characters 11-30
Called from file "src/core/lwt.ml", line 907, characters 20-24
Mirage exiting with status 2
Do_exit called!
We don't need the GUI anyway. Error was:
Fatal error: exception Failure("End-of-file from GUId in dom0")
Raised at file "pervasives.ml", line 30, characters 22-33
Called from file "src/core/lwt.ml", line 754, characters 44-47
Mirage exiting with status 2
Do_exit called!
If packet has been NAT'd then we certainly need to recalculate the checksum,
but even for direct pass-through it might have been received with an invalid
checksum due to checksum offload. For now, recalculate full checksum in all
cases.
See #1.
Added explicit NAT target, allowing NAT even within client net and
making it clear that NAT is used externally.
Changed Redirect_to_netvm to NAT_to, and allow specifying any target
host.