Git-Mirrors/qubes-mirage-firewall
1
0
Fork 0
mirror of https://github.com/mirage/qubes-mirage-firewall.git synced 2024-06-28 15:12:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
30 Commits 1 Branch 18 Tags 1 MiB
e05a92da50
Commit Graph

30 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Leonard
e05a92da50 Update to new Logs API 
Note: this reintroduces mirage-qubes pin, as that uses Logs too.
 2016-01-08 11:40:11 +00:00
Thomas Leonard
54ad568612 Remove pin for mirage-clock-xen 
New version has been released now.
 2016-01-05 18:37:32 +00:00
Thomas Leonard
03aca6b8b9 Respond to WaitForSession commands 2016-01-05 16:50:14 +00:00
Thomas Leonard
13138dc636 Fix OOM check when adding NAT entries 2016-01-05 16:43:07 +00:00
Thomas Leonard
7e68eebbc8 Remove mirage-qubes pin; it's released now 2016-01-05 13:49:16 +00:00
Thomas Leonard
d4775a1fcd Log SetDateTime messages from dom0 2016-01-05 13:43:02 +00:00
Thomas Leonard
ea7c10ce58 Handle Out_of_memory adding NAT entries 
Because hash tables resize in big steps, this can happen even if we have
a fair chunk of free memory.
 2016-01-03 17:10:02 +00:00
Thomas Leonard
491dbd9323 Calculate checksums even for Accept action 
If packet has been NAT'd then we certainly need to recalculate the checksum,
but even for direct pass-through it might have been received with an invalid
checksum due to checksum offload. For now, recalculate full checksum in all
cases.

See #1.
 2016-01-03 14:14:00 +00:00
Thomas Leonard
96bc12c591 Log correct destination for redirected packets 
Before, we always said it was going to "NetVM".
 2016-01-02 20:38:38 +00:00
Thomas Leonard
0e8e142337 If we can't find a free port, reset the NAT table 2016-01-02 16:50:16 +00:00
Thomas Leonard
f1ed6ffdd8 Report current memory use to XenStore 2016-01-02 16:14:02 +00:00
Thomas Leonard
425ba26286 Reset NAT table if memory gets low 2016-01-02 15:50:05 +00:00
Thomas Leonard
1779f0fdbe Removed unused function 2016-01-02 15:27:25 +00:00
Thomas Leonard
61c4c730d4 Link to blog post 2016-01-02 08:34:39 +00:00
Thomas Leonard
7e76123a37 Build also requires patch 
Reported by William Waites.
 2016-01-02 08:30:29 +00:00
Thomas Leonard
a801e538f2 Add 'make tar' build target 2016-01-01 15:49:06 +00:00
Thomas Leonard
aee124338a Minor cleanup 2016-01-01 13:03:18 +00:00
Thomas Leonard
1da8775814 Provide same actions to client and NetVM rules 2016-01-01 12:54:44 +00:00
Thomas Leonard
d0f4189df8 Turn off XenStore debug logging 2016-01-01 12:37:39 +00:00
Thomas Leonard
2002126b8b Rationalised firewall rules syntax 
Added explicit NAT target, allowing NAT even within client net and
making it clear that NAT is used externally.

Changed Redirect_to_netvm to NAT_to, and allow specifying any target
host.
 2016-01-01 11:32:57 +00:00
Thomas Leonard
4032a5d776 Simplify code slightly 2016-01-01 10:56:37 +00:00
Thomas Leonard
86b31f7f4b Process all client frames 
Before, we only looked at frames with our MAC address, but we may want
to handle client-to-client communication too.
 2015-12-31 15:56:56 +00:00
Thomas Leonard
0d864d6cde Minor cleanup 2015-12-31 15:30:32 +00:00
Thomas Leonard
ac0444f1c1 Log packet details when dropping 2015-12-31 09:56:58 +00:00
Thomas Leonard
cd69ce5a86 Move NAT code to router and add DNS redirects 2015-12-30 19:34:04 +00:00
Thomas Leonard
5a2f6f7ce8 Minor cleanups 2015-12-30 14:32:59 +00:00
Thomas Leonard
11e18c0b83 Moved uplink code to its own module 2015-12-30 14:22:46 +00:00
Thomas Leonard
9dc7d01896 Moved client networking to its own module 
Renamed the old Client_net to Client_eth, as it just handles the
Ethernet layer.
 2015-12-30 13:52:56 +00:00
Thomas Leonard
f3332ed4da Split database access into its own module 2015-12-30 12:07:29 +00:00
Thomas Leonard
914b6bbbf6 Initial import 2015-12-30 11:07:17 +00:00