mirror of
https://github.com/mirage/qubes-mirage-firewall.git
synced 2025-01-14 00:29:27 -05:00
12ed2b268d
We currently try to spawn 2 fibers [qubes_updated] and [listener] per clients and we already finalise them correctly if the client is disconnected. However, the Lwt.async is localized into add_client instead of where we attach a finalisers for these tasks. The first objective of this patch is to be sure that the Lwt.async is near where we registerd cancellation of these tasks. The second part is to localize the global clients to avoid the ability to read/write on it somewhere else. Only Dispatcher.watch_clients uses it - so it corresponds to a free variable of the Dispatcher.watch_clients closure.
44 lines
1.6 KiB
OCaml
44 lines
1.6 KiB
OCaml
(* Copyright (C) 2015, Thomas Leonard <thomas.leonard@unikernel.com>
|
|
See the README file for details. *)
|
|
|
|
(** Wrapper for XenStore and QubesDB databases. *)
|
|
|
|
module ClientVif : sig
|
|
type t = {
|
|
domid : int;
|
|
device_id : int;
|
|
}
|
|
val pp : t Fmt.t
|
|
end
|
|
module VifMap : sig
|
|
include Map.S with type key = ClientVif.t
|
|
val find : key -> 'a t -> 'a option
|
|
end
|
|
|
|
val watch_clients : (Ipaddr.V4.t VifMap.t -> unit Lwt.t) -> 'a Lwt.t
|
|
(** [watch_clients fn] calls [fn clients] with the list of backend clients
|
|
in XenStore, and again each time XenStore updates. *)
|
|
|
|
type network_config = {
|
|
from_cmdline : bool; (* Specify if we have network configuration from command line or from qubesDB*)
|
|
netvm_ip : Ipaddr.V4.t; (* The IP address of NetVM (our gateway) *)
|
|
our_ip : Ipaddr.V4.t; (* The IP address of our interface to NetVM *)
|
|
dns : Ipaddr.V4.t;
|
|
dns2 : Ipaddr.V4.t;
|
|
}
|
|
|
|
val read_network_config : Qubes.DB.t -> network_config Lwt.t
|
|
(** [read_network_config db] fetches the configuration from QubesDB.
|
|
If it isn't there yet, it waits until it is. *)
|
|
|
|
val db_root : Ipaddr.V4.t -> string
|
|
(** Returns the root path of the firewall rules in the QubesDB for a given IP address. *)
|
|
|
|
val read_rules : string Qubes.DB.KeyMap.t -> Ipaddr.V4.t -> Pf_qubes.Parse_qubes.rule list
|
|
(** [read_rules bindings ip] extracts firewall rule information for [ip] from [bindings].
|
|
If any rules fail to parse, it will return only one rule denying all traffic. *)
|
|
|
|
val print_network_config : network_config -> unit
|
|
|
|
val set_iptables_error : Qubes.DB.t -> string -> unit Lwt.t
|