Commit Graph

108 Commits

Author SHA1 Message Date
Thomas Leonard
b4079ac861 Update to new mirage-nat API 2017-03-05 17:04:05 +00:00
Thomas Leonard
bb78a726e4 Mirage 3 support 2017-03-04 17:22:58 +00:00
Thomas Leonard
150208fc72 Pin Docker base image to a specific hash
Requested by Joanna Rutkowska.
2017-01-31 09:26:57 +00:00
Thomas Leonard
036d92b0ff Update README: you need "sudo docker" by default 2017-01-28 15:19:05 +00:00
Thomas Leonard
07ff3d6147 Fix opam-repository commit for reproducible builds
Also, display the actual and expected SHA hashes after building.
2017-01-28 14:17:27 +00:00
Thomas Leonard
d6074f2271 Add option to build with Docker 2017-01-09 18:44:30 +00:00
Thomas Leonard
312627e078 Monitor set of client interfaces, not client domains
Qubes does not remove the client directory itself when the domain exits.
Combined with 63cbb4bed0, this prevented clients from reconnecting.

This may also make it possible to connect clients to the firewall via
multiple interfaces, although this doesn't seem useful.
2016-10-01 16:11:16 +01:00
Thomas Leonard
79092e1463 Avoid using Lwt.join on listening threads
Lwt.join only reports an error if *both* threads fail.
2016-10-01 10:47:19 +01:00
Thomas Leonard
9c33da3bfd Handle errors writing to client
mirage-net-xen would report Netback_shutdown if we tried to write to a
client after it had disconnected. Now we just log this and continue.
2016-09-25 16:36:18 +01:00
Thomas Leonard
63cbb4bed0 Ensure that old client has quit before adding new one
Not sure if this can happen, but it removes a TODO from the code.
2016-09-25 16:36:18 +01:00
Thomas Leonard
a7001a70d2 Allow clients to have any IP address
We previously assumed that Qubes would always give clients IP addresses
on a particular network. However, it is not required to do this and in
fact uses a different network for disposable VMs.

With this change:

- We no longer reject clients with unknown IP addresses
- The `Unknown_client` classification is gone; we have no way to tell
  the difference between a client that isn't connected and an external
  address.
- We now consider every client to be on a point-to-point link and do not
  answer ARP requests on behalf of other clients. Clients should assume
  their netmask is 255.255.255.255 (and ignore /qubes-netmask).

This is a partial fix for #9. It allows disposable VMs to connect to the
firewall but for some reason they don't process any frames we send them
(we get their ARP requests but they don't get our replies). Taking eth0
down in the disp VM, then bringing it back up (and re-adding the routes)
allows it to work.
2016-09-25 16:34:22 +01:00
Thomas Leonard
c11f245d64 Cope with writing a frame failing
If a client disconnects suddenly then we may get an error trying to map
its grant to send the frame.

Fixes #8.
2016-06-26 12:10:07 +01:00
Thomas Leonard
0230cfaf1e Updates for mirage 2.9.0
- Unpin bootvar and use register ~argv:no_argv` instead.
- Use new name for uplink device ("0", not "tap0").
- Don't configure logging - mirage does that for us now.
2016-05-14 10:44:57 +01:00
Thomas Leonard
1134b64f5e Remove tcpip pin
The 2.7.0 release has the checksum feature we need.
2016-03-23 14:53:01 +00:00
Thomas Leonard
74ae5b6078 Remove mirage-xen pin
mirage-xen 2.4.0 has been released with the required features.

(also fixes indentation problem reported by @cfcs in #6)
2016-03-19 20:14:23 +00:00
Thomas Leonard
368d6e96c5 Add ncurses-dev to required yum packages
The ocamlfind package has started listing this as a required dependency
for some reason, although it appears not to need it.

Fixes #4, reported by cyrinux.
2016-03-05 11:54:58 +00:00
Thomas Leonard
08bc6e2b00 Add work-around for Qubes passing Linux kernel arguments
With the new Functoria release of Mirage, these unrecognised arguments
prevented the unikernel from booting.

See: https://github.com/mirage/mirage/issues/493
2016-03-01 09:41:43 +00:00
Thomas Leonard
0826f046d2 Improve OOM handling when adding a NAT forward entry
The callback function was partially applied, meaning that it always used
the NAT table that was in use when processing started, even if the OOM
handler had replaced the table by then. This meant that the retry
attempt would always fail, since it tried to add it to the existing full
table, and also prevented that table from being GC'd.
2016-02-27 12:48:32 +00:00
Thomas Leonard
cd917bab7f Fix travis 2016-02-23 11:48:13 +00:00
Thomas Leonard
70d7fe5d1b Remove mirage-logs pin
Now available from the main repository.
2016-02-19 09:47:44 +00:00
Thomas Leonard
606afb53ea Reduce logging verbosity 2016-02-10 08:34:17 +00:00
Thomas Leonard
62aec06be9 Try to avoid running out of memory on NAT reset
Before, when resetting the NAT table to handle an out-of-memory
condition we tried to allocate the new table while still holding
the reference to the old one. It should be more reliable to drop
the old reference first.

Log showed:

    2016-01-31 19:33.47: INF [firewall] added NAT redirect 10.137.3.12:32860 -> 53:firewall:52517 -> 53:net-vm
    2016-01-31 19:33.52: WRN [firewall] Out_of_memory adding NAT rule. Dropping NAT table...
    --- End dump ---
    Fatal error: exception Out of memory
    Raised by primitive operation at file "hashtbl.ml", line 63, characters 52-70
    Called from file "router.ml", line 47, characters 11-30
    Called from file "src/core/lwt.ml", line 907, characters 20-24
    Mirage exiting with status 2
    Do_exit called!
2016-01-31 21:03:35 +00:00
Thomas Leonard
26adeee1da Remove mirage-qubes pin
mirage-qubes 0.2 has been released, and supports the latests Logs API.
2016-01-20 12:02:36 +00:00
Thomas Leonard
221c797241 Survive death of GUId connection
We don't need the GUI anyway. Error was:

    Fatal error: exception Failure("End-of-file from GUId in dom0")
    Raised at file "pervasives.ml", line 30, characters 22-33
    Called from file "src/core/lwt.ml", line 754, characters 44-47
    Mirage exiting with status 2
    Do_exit called!
2016-01-17 13:19:40 +00:00
Thomas Leonard
3409a19792 Keep track of transmit queue lengths
Log if we have to wait to send a frame.
2016-01-17 11:42:40 +00:00
Thomas Leonard
6fd7b01c65 Remove XenStore debug code
Was causing a Not_found error when used with the released version of
XenStore, which doesn't provide a log.

Reported by Cyril Levis.
2016-01-16 20:12:58 +00:00
Thomas Leonard
987834f6a6 Use mirage-logs library for log reporter
Also, configure Xen debug messages to go to the log ring buffer but not
the console (they will be shown only if an error occurs).
2016-01-11 16:40:26 +00:00
Thomas Leonard
4ddb80cd9d Remove mirage-net-xen pin
Version 1.5 has now been released, and includes netback support.
2016-01-11 12:00:57 +00:00
Thomas Leonard
e05a92da50 Update to new Logs API
Note: this reintroduces mirage-qubes pin, as that uses Logs too.
2016-01-08 11:40:11 +00:00
Thomas Leonard
54ad568612 Remove pin for mirage-clock-xen
New version has been released now.
2016-01-05 18:37:32 +00:00
Thomas Leonard
03aca6b8b9 Respond to WaitForSession commands 2016-01-05 16:50:14 +00:00
Thomas Leonard
13138dc636 Fix OOM check when adding NAT entries 2016-01-05 16:43:07 +00:00
Thomas Leonard
7e68eebbc8 Remove mirage-qubes pin; it's released now 2016-01-05 13:49:16 +00:00
Thomas Leonard
d4775a1fcd Log SetDateTime messages from dom0 2016-01-05 13:43:02 +00:00
Thomas Leonard
ea7c10ce58 Handle Out_of_memory adding NAT entries
Because hash tables resize in big steps, this can happen even if we have
a fair chunk of free memory.
2016-01-03 17:10:02 +00:00
Thomas Leonard
491dbd9323 Calculate checksums even for Accept action
If packet has been NAT'd then we certainly need to recalculate the checksum,
but even for direct pass-through it might have been received with an invalid
checksum due to checksum offload. For now, recalculate full checksum in all
cases.

See #1.
2016-01-03 14:14:00 +00:00
Thomas Leonard
96bc12c591 Log correct destination for redirected packets
Before, we always said it was going to "NetVM".
2016-01-02 20:38:38 +00:00
Thomas Leonard
0e8e142337 If we can't find a free port, reset the NAT table 2016-01-02 16:50:16 +00:00
Thomas Leonard
f1ed6ffdd8 Report current memory use to XenStore 2016-01-02 16:14:02 +00:00
Thomas Leonard
425ba26286 Reset NAT table if memory gets low 2016-01-02 15:50:05 +00:00
Thomas Leonard
1779f0fdbe Removed unused function 2016-01-02 15:27:25 +00:00
Thomas Leonard
61c4c730d4 Link to blog post 2016-01-02 08:34:39 +00:00
Thomas Leonard
7e76123a37 Build also requires patch
Reported by William Waites.
2016-01-02 08:30:29 +00:00
Thomas Leonard
a801e538f2 Add 'make tar' build target 2016-01-01 15:49:06 +00:00
Thomas Leonard
aee124338a Minor cleanup 2016-01-01 13:03:18 +00:00
Thomas Leonard
1da8775814 Provide same actions to client and NetVM rules 2016-01-01 12:54:44 +00:00
Thomas Leonard
d0f4189df8 Turn off XenStore debug logging 2016-01-01 12:37:39 +00:00
Thomas Leonard
2002126b8b Rationalised firewall rules syntax
Added explicit NAT target, allowing NAT even within client net and
making it clear that NAT is used externally.

Changed Redirect_to_netvm to NAT_to, and allow specifying any target
host.
2016-01-01 11:32:57 +00:00
Thomas Leonard
4032a5d776 Simplify code slightly 2016-01-01 10:56:37 +00:00
Thomas Leonard
86b31f7f4b Process all client frames
Before, we only looked at frames with our MAC address, but we may want
to handle client-to-client communication too.
2015-12-31 15:56:56 +00:00