Git-Mirrors/qubes-mirage-firewall
1
0
Fork 0
mirror of https://github.com/mirage/qubes-mirage-firewall.git synced 2024-09-06 00:52:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
73 Commits 1 Branch 18 Tags 1 MiB
e55c304160
Commit Graph

73 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Leonard
491dbd9323 Calculate checksums even for Accept action 
If packet has been NAT'd then we certainly need to recalculate the checksum,
but even for direct pass-through it might have been received with an invalid
checksum due to checksum offload. For now, recalculate full checksum in all
cases.

See #1.
 2016-01-03 14:14:00 +00:00
Thomas Leonard
96bc12c591 Log correct destination for redirected packets 
Before, we always said it was going to "NetVM".
 2016-01-02 20:38:38 +00:00
Thomas Leonard
0e8e142337 If we can't find a free port, reset the NAT table 2016-01-02 16:50:16 +00:00
Thomas Leonard
f1ed6ffdd8 Report current memory use to XenStore 2016-01-02 16:14:02 +00:00
Thomas Leonard
425ba26286 Reset NAT table if memory gets low 2016-01-02 15:50:05 +00:00
Thomas Leonard
1779f0fdbe Removed unused function 2016-01-02 15:27:25 +00:00
Thomas Leonard
61c4c730d4 Link to blog post 2016-01-02 08:34:39 +00:00
Thomas Leonard
7e76123a37 Build also requires patch 
Reported by William Waites.
 2016-01-02 08:30:29 +00:00
Thomas Leonard
a801e538f2 Add 'make tar' build target 2016-01-01 15:49:06 +00:00
Thomas Leonard
aee124338a Minor cleanup 2016-01-01 13:03:18 +00:00
Thomas Leonard
1da8775814 Provide same actions to client and NetVM rules 2016-01-01 12:54:44 +00:00
Thomas Leonard
d0f4189df8 Turn off XenStore debug logging 2016-01-01 12:37:39 +00:00
Thomas Leonard
2002126b8b Rationalised firewall rules syntax 
Added explicit NAT target, allowing NAT even within client net and
making it clear that NAT is used externally.

Changed Redirect_to_netvm to NAT_to, and allow specifying any target
host.
 2016-01-01 11:32:57 +00:00
Thomas Leonard
4032a5d776 Simplify code slightly 2016-01-01 10:56:37 +00:00
Thomas Leonard
86b31f7f4b Process all client frames 
Before, we only looked at frames with our MAC address, but we may want
to handle client-to-client communication too.
 2015-12-31 15:56:56 +00:00
Thomas Leonard
0d864d6cde Minor cleanup 2015-12-31 15:30:32 +00:00
Thomas Leonard
ac0444f1c1 Log packet details when dropping 2015-12-31 09:56:58 +00:00
Thomas Leonard
cd69ce5a86 Move NAT code to router and add DNS redirects 2015-12-30 19:34:04 +00:00
Thomas Leonard
5a2f6f7ce8 Minor cleanups 2015-12-30 14:32:59 +00:00
Thomas Leonard
11e18c0b83 Moved uplink code to its own module 2015-12-30 14:22:46 +00:00
Thomas Leonard
9dc7d01896 Moved client networking to its own module 
Renamed the old Client_net to Client_eth, as it just handles the
Ethernet layer.
 2015-12-30 13:52:56 +00:00
Thomas Leonard
f3332ed4da Split database access into its own module 2015-12-30 12:07:29 +00:00
Thomas Leonard
914b6bbbf6 Initial import 2015-12-30 11:07:17 +00:00