package mirage-nat

  1. Overview
  2. Docs
include Mirage_nat.S
type t
val translate : t -> Nat_packet.t -> (Nat_packet.t, [> `Untranslated | `TTL_exceeded ]) Stdlib.result Lwt.t

Given a lookup table and an ip-level packet, * perform any translation indicated by presence in the table. * If the packet should be forwarded, return the translated packet, * else return Error `Untranslated. * The payload in the result shares the Cstruct with the input, so they should be * treated as read-only.

val add : t -> now:Mirage_nat.time -> Nat_packet.t -> Mirage_nat.endpoint -> [ `NAT | `Redirect of Mirage_nat.endpoint ] -> (unit, [> `Overlap | `Cannot_NAT ]) Stdlib.result Lwt.t

add t ~now packet xl_endpoint mode adds an entry to the table to translate packets on packet's channel according to mode, and another entry to translate the replies back again.

If mode is `NAT then the entries will be of the form:

(packet.src -> packet.dst) becomes (xl_endpoint -> packet.dst) (packet.dst -> xl_endpoint) becomes (packet.dst -> packet.src)

If mode is `Redirect new_dst then the entries will be of the form:

(packet.src -> packet.dst) becomes (xl_endpoint -> new_dst) (new_dst -> xl_endpoint) becomes (packet.dst -> packet.src)

In this case, packet.dst will typically be an endpoint on the NAT itself, to ensure all packets go via the NAT.

now is used to calculate the expiry time for the new entry.

Returns `Overlap if the new entries would partially overlap with an existing entry.

Returns `Cannot_NAT if the packet has a non-Global/Organization source or destination, or is an ICMP packet which is not a query.

val reset : t -> unit Lwt.t

Remove all entries from the table.

val empty : tcp_size:int -> udp_size:int -> icmp_size:int -> t Lwt.t

empty ~tcp_size ~udp_size ~icmp_size is a fresh, empty table with the given limits on the number of entries (LRU will be discarded).

val pp_summary : t Fmt.t
OCaml

Innovation. Community. Security.