mirror of
https://github.com/mirage/qubes-mirage-firewall.git
synced 2024-10-01 01:05:39 -04:00
b60d098e96
Before, the packet passed to rules.ml could have any host as its src. Now, `from_client` knows that `src` must be a `Client`, and `from_netvm` knows that `src` is `External` or `NetVM`.
12 lines
532 B
OCaml
12 lines
532 B
OCaml
(* Copyright (C) 2015, Thomas Leonard <thomas.leonard@unikernel.com>
|
|
See the README file for details. *)
|
|
|
|
(** Classify IP packets, apply rules and send as appropriate. *)
|
|
|
|
val ipv4_from_netvm : Router.t -> Nat_packet.t -> unit Lwt.t
|
|
(** Handle a packet from the outside world (this module will validate the source IP). *)
|
|
|
|
val ipv4_from_client : Router.t -> src:Fw_utils.client_link -> Nat_packet.t -> unit Lwt.t
|
|
(** Handle a packet from a client. Caller must check the source IP matches the client's
|
|
before calling this. *)
|