Library
Module
Module type
Parameter
Class
Class type
module Table : Mirage_nat.TABLE
type t = Table.t
val translate :
t ->
Nat_packet.t ->
(Nat_packet.t, [> `Untranslated | `TTL_exceeded ]) result Lwt.t
Given a lookup table and an ip-level packet, * perform any translation indicated by presence in the table. * If the packet should be forwarded, return the translated packet, * else return Error `Untranslated
. * The payload in the result shares the Cstruct with the input, so they should be * treated as read-only.
val add :
t ->
Nat_packet.t ->
Mirage_nat.endpoint ->
[ `NAT | `Redirect of Mirage_nat.endpoint ] ->
(unit, [> `Overlap | `Cannot_NAT ]) result Lwt.t
add t ~now packet xl_endpoint mode
adds an entry to the table to translate packets on packet
's channel according to mode
, and another entry to translate the replies back again.
If mode
is `NAT
then the entries will be of the form:
(packet.src -> packet.dst) becomes (xl_endpoint -> packet.dst) (packet.dst -> xl_endpoint) becomes (packet.dst -> packet.src)
If mode
is `Redirect new_dst
then the entries will be of the form:
(packet.src -> packet.dst) becomes (xl_endpoint -> new_dst) (new_dst -> xl_endpoint) becomes (packet.dst -> packet.src)
In this case, packet.dst
will typically be an endpoint on the NAT itself, to ensure all packets go via the NAT.
now
is used to calculate the expiry time for the new entry.
Returns `Overlap
if the new entries would partially overlap with an existing entry.
Returns `Cannot_NAT
if the packet has a non-Global/Organization source or destination, or is an ICMP packet which is not a query.