qubes-mirage-firewall

mirror of https://github.com/mirage/qubes-mirage-firewall.git synced 2024-10-01 01:05:39 -04:00

Author	SHA1	Message	Date
Thomas Leonard	987834f6a6	Use mirage-logs library for log reporter Also, configure Xen debug messages to go to the log ring buffer but not the console (they will be shown only if an error occurs).	2016-01-11 16:40:26 +00:00
Thomas Leonard	4ddb80cd9d	Remove mirage-net-xen pin Version 1.5 has now been released, and includes netback support.	2016-01-11 12:00:57 +00:00
Thomas Leonard	e05a92da50	Update to new Logs API Note: this reintroduces mirage-qubes pin, as that uses Logs too.	2016-01-08 11:40:11 +00:00
Thomas Leonard	54ad568612	Remove pin for mirage-clock-xen New version has been released now.	2016-01-05 18:37:32 +00:00
Thomas Leonard	03aca6b8b9	Respond to WaitForSession commands	2016-01-05 16:50:14 +00:00
Thomas Leonard	13138dc636	Fix OOM check when adding NAT entries	2016-01-05 16:43:07 +00:00
Thomas Leonard	7e68eebbc8	Remove mirage-qubes pin; it's released now	2016-01-05 13:49:16 +00:00
Thomas Leonard	d4775a1fcd	Log SetDateTime messages from dom0	2016-01-05 13:43:02 +00:00
Thomas Leonard	ea7c10ce58	Handle Out_of_memory adding NAT entries Because hash tables resize in big steps, this can happen even if we have a fair chunk of free memory.	2016-01-03 17:10:02 +00:00
Thomas Leonard	491dbd9323	Calculate checksums even for Accept action If packet has been NAT'd then we certainly need to recalculate the checksum, but even for direct pass-through it might have been received with an invalid checksum due to checksum offload. For now, recalculate full checksum in all cases. See #1.	2016-01-03 14:14:00 +00:00
Thomas Leonard	96bc12c591	Log correct destination for redirected packets Before, we always said it was going to "NetVM".	2016-01-02 20:38:38 +00:00
Thomas Leonard	0e8e142337	If we can't find a free port, reset the NAT table	2016-01-02 16:50:16 +00:00
Thomas Leonard	f1ed6ffdd8	Report current memory use to XenStore	2016-01-02 16:14:02 +00:00
Thomas Leonard	425ba26286	Reset NAT table if memory gets low	2016-01-02 15:50:05 +00:00
Thomas Leonard	1779f0fdbe	Removed unused function	2016-01-02 15:27:25 +00:00
Thomas Leonard	61c4c730d4	Link to blog post	2016-01-02 08:34:39 +00:00
Thomas Leonard	7e76123a37	Build also requires patch Reported by William Waites.	2016-01-02 08:30:29 +00:00
Thomas Leonard	a801e538f2	Add 'make tar' build target	2016-01-01 15:49:06 +00:00
Thomas Leonard	aee124338a	Minor cleanup	2016-01-01 13:03:18 +00:00
Thomas Leonard	1da8775814	Provide same actions to client and NetVM rules	2016-01-01 12:54:44 +00:00
Thomas Leonard	d0f4189df8	Turn off XenStore debug logging	2016-01-01 12:37:39 +00:00
Thomas Leonard	2002126b8b	Rationalised firewall rules syntax Added explicit NAT target, allowing NAT even within client net and making it clear that NAT is used externally. Changed Redirect_to_netvm to NAT_to, and allow specifying any target host.	2016-01-01 11:32:57 +00:00
Thomas Leonard	4032a5d776	Simplify code slightly	2016-01-01 10:56:37 +00:00
Thomas Leonard	86b31f7f4b	Process all client frames Before, we only looked at frames with our MAC address, but we may want to handle client-to-client communication too.	2015-12-31 15:56:56 +00:00
Thomas Leonard	0d864d6cde	Minor cleanup	2015-12-31 15:30:32 +00:00
Thomas Leonard	ac0444f1c1	Log packet details when dropping	2015-12-31 09:56:58 +00:00
Thomas Leonard	cd69ce5a86	Move NAT code to router and add DNS redirects	2015-12-30 19:34:04 +00:00
Thomas Leonard	5a2f6f7ce8	Minor cleanups	2015-12-30 14:32:59 +00:00
Thomas Leonard	11e18c0b83	Moved uplink code to its own module	2015-12-30 14:22:46 +00:00
Thomas Leonard	9dc7d01896	Moved client networking to its own module Renamed the old Client_net to Client_eth, as it just handles the Ethernet layer.	2015-12-30 13:52:56 +00:00
Thomas Leonard	f3332ed4da	Split database access into its own module	2015-12-30 12:07:29 +00:00
Thomas Leonard	914b6bbbf6	Initial import	2015-12-30 11:07:17 +00:00

32 Commits