Commit graph

Select branches

Hide pull requests

main

#10

#100

#101

#102

#103

#109

#110

#112

#116

#117

#118

#12

#121

#122

#129

#13

#135

#136

#137

#14

#140

#141

#142

#144

#145

#147

#149

#15

#150

#151

#152

#154

#159

#160

#161

#162

#163

#164

#167

#169

#169

#17

#175

#176

#178

#179

#180

#181

#185

#189

#19

#190

#191

#192

#193

#194

#197

#199

#201

#202

#203

#204

#205

#207

#209

#211

#213

#214

#215

#216

#217

#218

#219

#22

#221

#26

#26

#27

#28

#28

#33

#36

#37

#38

#39

#42

#43

#44

#45

#46

#47

#48

#49

#51

#52

#54

#55

#58

#6

#6

#60

#61

#64

#66

#67

#68

#69

#71

#72

#74

#75

#76

#77

#79

#80

#81

#82

#83

#85

#88

#89

#90

#91

#95

#96

#98

#99

0.1

0.7.1

flambda-test

v0.2

v0.3

v0.4

v0.5

v0.6

v0.7

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.8.4

v0.8.5

v0.8.6

v0.9.0

v0.9.1

v0.9.2

v0.9.3

v0.9.4

Mono Color

• 81fb9c8183 use released dns and pf-qubes Hannes Mehnert 2019-12-23 15:10:00 +01:00
• dab790cb68
  Merge pull request #83 from marmot1791/marmot1791-patch-readme Thomas Leonard 2019-12-14 12:05:46 +00:00
• dad1f6a723
  Update per review Snowy Marmot 2019-12-14 00:24:55 +00:00
• 315fe4681e
  Note that AppVM Size may need to increase Snowy Marmot 2019-11-27 16:01:58 +00:00
• 0aeea267af Use patched XenStore to debug unwatch crash Thomas Leonard 2019-11-22 11:32:20 +00:00
• 706be3d823
  Merge pull request #81 from talex5/upstream-updates Thomas Leonard 2019-11-18 09:46:14 +00:00
• 930d209cdb Fix build Thomas Leonard 2019-11-17 14:25:42 +00:00
• 2bab775222 Update the firewall to olles changes to dns_client. linse 2019-09-28 17:56:01 +02:00
• 7b705a3e68 Rule matching engine needs to be in Lwt.t linse 2019-09-28 16:18:41 +02:00
• 0f5173c84e Refactor some more. Mindy 2019-09-20 11:01:36 -05:00
• 33180cfa66 Simplify classify_client_packet. Mindy 2019-09-20 10:42:45 -05:00
• cf17f9e403 Removede all warnings. Mindy 2019-09-20 10:15:05 -05:00
• 319282c560 update TODO with state from our brains Mindy 2019-09-20 09:35:28 -05:00
• 7ebe7c2fb5 replace mvar with condition Mindy 2019-09-19 11:10:02 -05:00
• 5355237365 update TODO Mindy 2019-09-19 10:51:17 -05:00
• b0499aa3ed wip: proper nxdomain handling Mindy 2019-09-19 10:49:37 -05:00
• ef5261bf17 Wip Friday. linse 2019-09-13 18:05:54 +02:00
• 4a7c63b54a un-de-reference Resolver.resolver, and leave a note about why Mindy 2019-09-12 19:01:27 -05:00
• d9bdbbb435 Wip 2. linse 2019-09-12 18:09:37 +02:00
• 8c9265f3d3 wip: behavior in :( dns cases linse 2019-09-12 17:29:07 +02:00
• c2bcf89057 :x linse 2019-09-11 19:42:31 +02:00
• 2d34e7f533 Tidy resolver. linse 2019-09-11 19:27:27 +02:00
• f485e36527 Tidy rules. linse 2019-09-11 19:02:53 +02:00
• 574d739fef remove unused variables Mindy 2019-09-11 11:17:30 -05:00
• 4e27b49378 Attempt to make port tracking pure, add a note that this will not work. linse 2019-09-09 18:17:34 +02:00
• a4a61c6531 Revert "Trying to make dns and nat port tracking stateless / pure . It does not" linse 2019-09-09 18:15:01 +02:00
• 526fa5db35 Trying to make dns and nat port tracking stateless / pure . It does not work. linse 2019-09-09 18:13:58 +02:00
• 91d92a58ff Update test script to released ocaml-dns, remove ref in resolver state. linse 2019-09-09 17:19:14 +02:00
• 13abef8a42 Add random to update ocaml-dns to 4.0.0. linse 2019-09-09 16:42:13 +02:00
• 78de5f3389 Revert "wip use dns-client and its API" linse 2019-09-09 16:10:41 +02:00
• fe7ad5feec Revert "try to use dns client interface. the firewall did not send dns requests" linse 2019-09-09 16:10:26 +02:00
• 35a7bb98d2 try to use dns client interface. the firewall did not send dns requests after this change. linse 2019-09-09 16:08:20 +02:00
• ad21e8a1da wip use dns-client and its API linse 2019-09-06 17:48:49 +02:00
• 1b11458675 WIP linse 2019-09-04 18:53:42 +02:00
• cf9a30c18e Empty the nat table. Drop existing connections on rule update. linse 2019-09-04 18:23:39 +02:00
• 066bd01f78 We are actually done, everything is cached in the resolver. linse 2019-09-04 16:36:57 +02:00
• 04fd88fcb7 Where to go from the good news. linse 2019-09-04 14:15:31 +02:00
• 4d2e00bcfe Extract lookup_and_retry function. linse 2019-09-04 14:01:42 +02:00
• 32e4b8a31a
  Merge pull request #80 from talex5/upstream-updates Thomas Leonard 2019-08-25 19:09:54 +01:00
• 49195ed5e1 Update Docker build for new mirage-xen Thomas Leonard 2019-08-25 18:41:09 +01:00
• bc7706cc97
  rename things for newer mirage-xen versions xaki23 2019-08-25 18:12:59 +02:00
• 3fefba21a7
  bump OCAML_VERSION to 4.08.1 xaki23 2019-08-25 18:12:17 +02:00
• ca43f12f47 good news, everyone! linse 2019-08-16 18:15:05 +02:00
• 1d6bb5f594 Merge branch 'static-pf-rules' of github.com:yomimono/qubes-mirage-firewall into static-pf-rules Mindy 2019-08-14 11:06:42 -05:00
• 3636add88e WIP, porting mvar stuff from toy example. Do we still wait and retry? Mindy 2019-08-14 11:01:45 -05:00
• 407ca4403b re-enable tests Mindy 2019-08-14 10:19:52 -05:00
• 2421cd57ac The tcp/udp nameserver mystery. linse 2019-08-13 18:13:14 +02:00
• 6f133242ea fix a lot more compiler warnings Mindy 2019-08-14 09:14:14 -05:00
• 957ba45033 The tcp/udp nameserver mystery. linse 2019-08-13 18:13:14 +02:00
• 983da2bb9d fix hardcoded robur.io in handle_answers Mindy 2019-08-07 12:10:30 -05:00
• acb53698c4 fix some compiler warnings Mindy 2019-08-07 12:07:34 -05:00
• 8601fc3a89 use Domain_name.t map for outstanding dns requests Mindy 2019-08-07 11:30:20 -05:00
• 27f0d1fee1 WIP: new DNS interface linse 2019-08-07 18:06:27 +02:00
• 1f76f646e1 Add an upper bound for mirage-xen Reynir Björnsson 2019-08-05 15:38:03 +02:00
• c9dbc5b68e Add lower constraint on mirage-xen Reynir Björnsson 2019-08-05 15:34:14 +02:00
• 6e848fa50d Changes required for mirage-xen >= 4.0.0 Reynir Björnsson 2019-08-05 15:29:19 +02:00
• bbfa28f474 Re-enable tests (its slow tho) linse 2019-07-31 17:26:43 +02:00
• 524b09b58e We are passing on the dns result. linse 2019-07-31 17:19:17 +02:00
• 99e2e1750c We got a resolution. linse 2019-07-31 16:55:39 +02:00
• e175e7835a wip Mindy 2019-07-30 11:06:22 -05:00
• 8a55bcfab5 wip: resolving dns and applying rules Mindy 2019-07-30 09:24:21 -05:00
• 15e2f2fc3b WIP linse 2019-07-29 17:58:39 +02:00
• b8a310dfa6
  Merge pull request #75 from talex5/upstream-updates Thomas Leonard 2019-07-28 17:48:09 +01:00
• cac3e53be1 README: create the symlink-redirected docker dir xaki23 2019-07-28 13:33:43 +02:00
• ce29c09f0f Show final sha256 checksum in Travis output Thomas Leonard 2019-07-28 17:01:23 +01:00
• 8b411db751 Removed some hard-coded installs from Dockerfile Thomas Leonard 2019-07-28 16:49:16 +01:00
• 16231e2e52 Adjust to ipaddr-4.0.0 renaming _bytes to _octets xaki23 2019-07-28 13:08:15 +02:00
• cb6d03d83d Use OCaml 4.08.0 for qubes-builder builds (was 4.07.1) xaki23 2019-07-28 13:07:09 +02:00
• 8e833b7995
  update docker build path to current opam-repository, declare new ipaddr min version, update build hash xaki23 2019-07-28 15:22:56 +02:00
• 15ede4e359
  actualy create the symlink-redirected docker dir so the installer wont remove the dangling symlink xaki23 2019-07-28 13:33:43 +02:00
• 8d0bd98805
  adjust to ipaddr-4.0.0 renaming _bytes to _octets in their api xaki23 2019-07-28 13:08:15 +02:00
• a72738aa01
  use ocaml 4.08.0 for qubes-builder builds (was 4.07.1) xaki23 2019-07-28 13:07:09 +02:00
• 17c6ec491f actually send dns packets./test.sh ! \o/ linse 2019-07-24 18:27:23 +02:00
• e01cdfcdda WIP calling the dns request function. linse 2019-07-23 17:59:57 +02:00
• 2b8362e007 Dummy send_dns_request function. linse 2019-07-23 17:42:53 +02:00
• 369ebfcfd6 Set up for sending dns packets. linse 2019-07-23 17:25:39 +02:00
• 15d9e78ae5 Get a non-faked src_port. linse 2019-07-23 16:59:43 +02:00
• afeb2cf970 continue plumbing in dns... linse 2019-07-22 19:02:49 +02:00
• a4af18c5c3 Make port list mutable. linse 2019-07-17 22:21:46 +02:00
• f69485850b Add PortSet in random_user_port. linse 2019-07-17 22:07:44 +02:00
• ec901f1f1f Add PortSet. linse 2019-07-17 21:52:07 +02:00
• 0eb62fff0a Make a dns resolver. linse 2019-07-17 21:31:04 +02:00
• 7b6a946f7a fix another overly permissive specialtarget=dns case Mindy 2019-07-02 19:08:21 -05:00
• b6bbd68cae add a should-fail DNS lookup test for an active nameserver that isn't allowed Mindy 2019-07-02 14:24:32 -05:00
• 2bae843c94 Merge branch 'static-pf-rules' of github.com:yomimono/qubes-mirage-firewall into static-pf-rules Mindy 2019-07-02 09:14:36 -05:00
• 39a0fdeaa7 deny rules for dsthost testing Mindy 2019-07-02 09:14:31 -05:00
• cf10315c23 Icmp error type tests are complete and pass. linse 2019-07-01 17:16:37 +02:00
• c2a4af3455 New ICMP error type test. linse 2019-06-27 18:01:51 +02:00
• 42f504c1c4 We check nat table first and then firewall rules if we don't find anything in the nat table. linse 2019-06-27 18:01:13 +02:00
• 7527ff9672 Use new alcotest-mirage. linse 2019-06-27 17:09:32 +02:00
• aeaab0f078
  Merge pull request #72 from talex5/unpin-netchannel Thomas Leonard 2019-06-22 15:34:30 +01:00
• f9856a3605 Remove netchannel pin Thomas Leonard 2019-06-22 14:53:25 +01:00
• e7eb4412ed
  Merge pull request #71 from talex5/remove-cmdliner-pin Thomas Leonard 2019-06-22 14:40:44 +01:00
• 0b83ce2c8c Pretest to check for echo services. linse 2019-06-21 17:34:00 +02:00
• 8a4743fcbe WIP linse 2019-06-20 17:59:14 +02:00
• 41e0d0083c Refactor ping listener. linse 2019-06-20 17:42:50 +02:00
• 802936c355 Add info string msg also to tcp_connect. linse 2019-06-20 17:13:57 +02:00
• 37375e83c1 Test the upper and lower bounds of a port range. linse 2019-06-20 16:59:58 +02:00
• 209b3634a5 Merge branch 'static-pf-rules' of github.com:yomimono/qubes-mirage-firewall into static-pf-rules Mindy 2019-06-20 09:07:00 -05:00
• 57bff8ceb9 fix explainer comment Mindy 2019-06-20 09:06:36 -05:00