Commit Graph

236 Commits

Author SHA1 Message Date
Thomas Leonard
78e219da8c Update Debian base image in Docker build
Had stopped working:

    Err http://security.debian.org/ jessie/updates/main libxenstore3.0 amd64 4.4.1-9+deb8u10
      404  Not Found [IP: 128.61.240.73 80]

Updated from Debian 8 to Debian 9, and from opam to opam2.
2018-11-03 17:27:48 +00:00
Thomas Leonard
2fd9e6a136
Merge pull request #27 from talex5/qubes-4-readme
Add installation instructions for Qubes 4
2018-01-06 12:35:36 +00:00
Thomas Leonard
b77d91cb20 Add installation instructions for Qubes 4 2018-01-06 12:24:50 +00:00
Thomas Leonard
6e6ff755eb Update to newly released version of netchannel 2017-12-16 22:37:41 +00:00
Thomas Leonard
aca156f21b Update to released shared-memory-ring 2017-11-15 17:28:33 +00:00
Thomas Leonard
6fafa2f65a
Merge pull request #17 from talex5/fix-netback
Use Git master for shared-memory-ring and netchannel
2017-11-09 18:06:21 +00:00
Thomas Leonard
f4a978b13c Update Travis to test with Docker 2017-11-09 17:52:57 +00:00
Thomas Leonard
b114e569f2 Use Git master for shared-memory-ring and netchannel
This adds support for HVM and disposable domains.

Also, update the suggested RAM allocation slightly as 20 MB can be too
small with lots of VMs.
2017-11-09 17:08:59 +00:00
Thomas Leonard
ef0eb56fb8 Merge pull request #15 from talex5/nat
Use released mirage-nat 1.0
2017-10-19 21:01:52 +01:00
Thomas Leonard
997d538a93 Use released mirage-nat 1.0 2017-10-15 15:24:56 +01:00
Thomas Leonard
42fcbdf1ad Merge pull request #14 from talex5/bitrot
Update Dockerfile to use newer Debian base image
2017-09-12 18:36:25 +01:00
Thomas Leonard
d61c2312c1 Fix Travis 2017-09-12 18:25:33 +01:00
Thomas Leonard
794ca35d23 Update Dockerfile to use newer Debian base image
Was failing with

```
E: Failed to fetch http://security.debian.org/pool/updates/main/x/xen/libxenstore3.0_4.4.1-9+deb8u8_amd64.deb  404  Not Found [IP: 212.211.132.32 80]
```
2017-09-12 16:57:01 +01:00
Thomas Leonard
e55c304160 Drop frames if the xmit queue gets too long
With lots of VMs updating, the firewall quit with:

    2017-04-23 20:47:52 -00:00: INF [frameQ] Queue length for 10.137.3.11: incr to 474
    2017-04-23 20:47:52 -00:00: INF [memory_pressure] Writing meminfo: free 2648 / 17504 kB (15.13 %)
    [...]
    Fatal error: out of memory.

The firewall will now drop frames when more than 10 are queued (note
that queuing only starts once the network driver's transmit buffer is
already full).
2017-04-29 12:05:30 +01:00
Thomas Leonard
445b1711cb Show the packet when failing to add a NAT rule
The previous message was just:

    WRN [firewall] Failed to add NAT rewrite rule: Cannot NAT this packet
2017-04-08 13:28:23 +01:00
Thomas Leonard
d8eb7ff387 Merge pull request #13 from talex5/update-readme
Add more detailed installation instructions
2017-04-07 17:05:51 +01:00
Thomas Leonard
f4df389713 Add more detailed installation instructions 2017-04-07 13:10:10 +01:00
Thomas Leonard
78f25ea2c5 Fix build instructions
No need to run `make tar` manually now.
2017-03-27 13:45:06 +01:00
Thomas Leonard
583366b22b Remove non-Docker build instructions
Fedora 24 doesn't work with opam (because the current binary release of
aspcud's clasp binary segfaults, which opam reports as `External solver
failed with inconsistent return value.`).
2017-03-18 17:59:06 +00:00
Thomas Leonard
5158853c30 Update README 2017-03-18 11:34:22 +00:00
Thomas Leonard
55972cca30 Update to Mirage 3 and latest mirage-nat
In particular, this:

- Adds support for ICMP queries and errors.
- Uses an LRU cache to avoid running out of memory and needing to reset
  the table.
- Passes around parsed packets rather than raw ethernet frames.
2017-03-18 11:27:06 +00:00
Thomas Leonard
630304500f Update build for Mirage 3 2017-03-18 10:46:06 +00:00
Thomas Leonard
75dd8503c5 Use LRU cache to prevent out-of-memory errors 2017-03-18 09:56:07 +00:00
Thomas Leonard
0ef60ae767 Update to new mirage-nat API 2017-03-12 15:14:06 +00:00
Thomas Leonard
6f8d83f828 Use new Nat.reset function to clear the table 2017-03-07 16:06:18 +00:00
Thomas Leonard
ac711f4eee Add ICMP ping support 2017-03-07 10:02:54 +00:00
Thomas Leonard
15fb063137 Pin tcpip 2017-03-06 14:31:26 +00:00
Thomas Leonard
e070044fef Add extra logging 2017-03-06 14:30:41 +00:00
Thomas Leonard
b4079ac861 Update to new mirage-nat API 2017-03-05 17:04:05 +00:00
Thomas Leonard
bb78a726e4 Mirage 3 support 2017-03-04 17:22:58 +00:00
Thomas Leonard
150208fc72 Pin Docker base image to a specific hash
Requested by Joanna Rutkowska.
2017-01-31 09:26:57 +00:00
Thomas Leonard
036d92b0ff Update README: you need "sudo docker" by default 2017-01-28 15:19:05 +00:00
Thomas Leonard
07ff3d6147 Fix opam-repository commit for reproducible builds
Also, display the actual and expected SHA hashes after building.
2017-01-28 14:17:27 +00:00
Thomas Leonard
d6074f2271 Add option to build with Docker 2017-01-09 18:44:30 +00:00
Thomas Leonard
312627e078 Monitor set of client interfaces, not client domains
Qubes does not remove the client directory itself when the domain exits.
Combined with 63cbb4bed0, this prevented clients from reconnecting.

This may also make it possible to connect clients to the firewall via
multiple interfaces, although this doesn't seem useful.
2016-10-01 16:11:16 +01:00
Thomas Leonard
79092e1463 Avoid using Lwt.join on listening threads
Lwt.join only reports an error if *both* threads fail.
2016-10-01 10:47:19 +01:00
Thomas Leonard
9c33da3bfd Handle errors writing to client
mirage-net-xen would report Netback_shutdown if we tried to write to a
client after it had disconnected. Now we just log this and continue.
2016-09-25 16:36:18 +01:00
Thomas Leonard
63cbb4bed0 Ensure that old client has quit before adding new one
Not sure if this can happen, but it removes a TODO from the code.
2016-09-25 16:36:18 +01:00
Thomas Leonard
a7001a70d2 Allow clients to have any IP address
We previously assumed that Qubes would always give clients IP addresses
on a particular network. However, it is not required to do this and in
fact uses a different network for disposable VMs.

With this change:

- We no longer reject clients with unknown IP addresses
- The `Unknown_client` classification is gone; we have no way to tell
  the difference between a client that isn't connected and an external
  address.
- We now consider every client to be on a point-to-point link and do not
  answer ARP requests on behalf of other clients. Clients should assume
  their netmask is 255.255.255.255 (and ignore /qubes-netmask).

This is a partial fix for #9. It allows disposable VMs to connect to the
firewall but for some reason they don't process any frames we send them
(we get their ARP requests but they don't get our replies). Taking eth0
down in the disp VM, then bringing it back up (and re-adding the routes)
allows it to work.
2016-09-25 16:34:22 +01:00
Thomas Leonard
c11f245d64 Cope with writing a frame failing
If a client disconnects suddenly then we may get an error trying to map
its grant to send the frame.

Fixes #8.
2016-06-26 12:10:07 +01:00
Thomas Leonard
0230cfaf1e Updates for mirage 2.9.0
- Unpin bootvar and use register ~argv:no_argv` instead.
- Use new name for uplink device ("0", not "tap0").
- Don't configure logging - mirage does that for us now.
2016-05-14 10:44:57 +01:00
Thomas Leonard
1134b64f5e Remove tcpip pin
The 2.7.0 release has the checksum feature we need.
2016-03-23 14:53:01 +00:00
Thomas Leonard
74ae5b6078 Remove mirage-xen pin
mirage-xen 2.4.0 has been released with the required features.

(also fixes indentation problem reported by @cfcs in #6)
2016-03-19 20:14:23 +00:00
Thomas Leonard
368d6e96c5 Add ncurses-dev to required yum packages
The ocamlfind package has started listing this as a required dependency
for some reason, although it appears not to need it.

Fixes #4, reported by cyrinux.
2016-03-05 11:54:58 +00:00
Thomas Leonard
08bc6e2b00 Add work-around for Qubes passing Linux kernel arguments
With the new Functoria release of Mirage, these unrecognised arguments
prevented the unikernel from booting.

See: https://github.com/mirage/mirage/issues/493
2016-03-01 09:41:43 +00:00
Thomas Leonard
0826f046d2 Improve OOM handling when adding a NAT forward entry
The callback function was partially applied, meaning that it always used
the NAT table that was in use when processing started, even if the OOM
handler had replaced the table by then. This meant that the retry
attempt would always fail, since it tried to add it to the existing full
table, and also prevented that table from being GC'd.
2016-02-27 12:48:32 +00:00
Thomas Leonard
cd917bab7f Fix travis 2016-02-23 11:48:13 +00:00
Thomas Leonard
70d7fe5d1b Remove mirage-logs pin
Now available from the main repository.
2016-02-19 09:47:44 +00:00
Thomas Leonard
606afb53ea Reduce logging verbosity 2016-02-10 08:34:17 +00:00
Thomas Leonard
62aec06be9 Try to avoid running out of memory on NAT reset
Before, when resetting the NAT table to handle an out-of-memory
condition we tried to allocate the new table while still holding
the reference to the old one. It should be more reliable to drop
the old reference first.

Log showed:

    2016-01-31 19:33.47: INF [firewall] added NAT redirect 10.137.3.12:32860 -> 53:firewall:52517 -> 53:net-vm
    2016-01-31 19:33.52: WRN [firewall] Out_of_memory adding NAT rule. Dropping NAT table...
    --- End dump ---
    Fatal error: exception Out of memory
    Raised by primitive operation at file "hashtbl.ml", line 63, characters 52-70
    Called from file "router.ml", line 47, characters 11-30
    Called from file "src/core/lwt.ml", line 907, characters 20-24
    Mirage exiting with status 2
    Do_exit called!
2016-01-31 21:03:35 +00:00