package mirage-nat

  1. Overview
  2. Docs

Parameters

Signature

type t = Table.t
val translate : t -> Nat_packet.t -> (Nat_packet.t, [> `Untranslated | `TTL_exceeded ]) Stdlib.result Lwt.t

Given a lookup table and an ip-level packet, * perform any translation indicated by presence in the table. * If the packet should be forwarded, return the translated packet, * else return Error `Untranslated. * The payload in the result shares the Cstruct with the input, so they should be * treated as read-only.

val add : t -> now:Mirage_nat.time -> Nat_packet.t -> Mirage_nat.endpoint -> [ `NAT | `Redirect of Mirage_nat.endpoint ] -> (unit, [> `Overlap | `Cannot_NAT ]) Stdlib.result Lwt.t

add t ~now packet xl_endpoint mode adds an entry to the table to translate packets on packet's channel according to mode, and another entry to translate the replies back again.

If mode is `NAT then the entries will be of the form:

(packet.src -> packet.dst) becomes (xl_endpoint -> packet.dst) (packet.dst -> xl_endpoint) becomes (packet.dst -> packet.src)

If mode is `Redirect new_dst then the entries will be of the form:

(packet.src -> packet.dst) becomes (xl_endpoint -> new_dst) (new_dst -> xl_endpoint) becomes (packet.dst -> packet.src)

In this case, packet.dst will typically be an endpoint on the NAT itself, to ensure all packets go via the NAT.

now is used to calculate the expiry time for the new entry.

Returns `Overlap if the new entries would partially overlap with an existing entry.

Returns `Cannot_NAT if the packet has a non-Global/Organization source or destination, or is an ICMP packet which is not a query.

val reset : t -> unit Lwt.t

Remove all entries from the table.

OCaml

Innovation. Community. Security.