package mirage-nat

  1. Overview
  2. Docs
type t
val remove_connections : t -> Ipaddr.V4.t -> ports

remove_connections t ip removes all connections of ip in t.

val translate : t -> Nat_packet.t -> (Nat_packet.t, [> `Untranslated | `TTL_exceeded ]) result

Given a lookup table and an ip-level packet, perform any translation indicated by presence in the table.

If the packet should be forwarded, return the translated packet, else return Error `Untranslated. The payload in the result shares the Cstruct with the input, so they should be treated as read-only.

val is_port_free : t -> [ `Udp | `Tcp | `Icmp ] -> src:Ipaddr.V4.t -> dst:Ipaddr.V4.t -> src_port:int -> dst_port:int -> bool

is_port_free t protocol ~src ~dst ~src_port ~dst_port is true if it is not taken yet.

val add : t -> Nat_packet.t -> Ipaddr.V4.t -> (unit -> int option) -> [ `NAT | `Redirect of endpoint ] -> (unit, [> `Overlap | `Cannot_NAT ]) result

add t packet xl_host port_generator mode adds an entry to the table to translate packets on packet's channel according to mode, and another entry to translate the replies back again. The port_generator may be called multiple times (at most 100 times) to find a free port.

If mode is `NAT then the entries will be of the form:

(packet.src -> packet.dst) becomes (xl_endpoint -> packet.dst) (packet.dst -> xl_endpoint) becomes (packet.dst -> packet.src)

If mode is `Redirect new_dst then the entries will be of the form:

(packet.src -> packet.dst) becomes (xl_endpoint -> new_dst) (new_dst -> xl_endpoint) becomes (packet.dst -> packet.src)

In this case, packet.dst will typically be an endpoint on the NAT itself, to ensure all packets go via the NAT.

Returns `Overlap if the new entries would partially overlap with an existing entry.

Returns `Cannot_NAT if the packet has a non-Global/Organization source or destination, or is an ICMP packet which is not a query.

val reset : t -> unit

Remove all entries from the table.

OCaml

Innovation. Community. Security.