v0.2

Build:

• Add option to build with Docker. This fixes opam-repository to a known commit for reproducible builds. It also displays the actual and expected SHA hashes after building.

Bug fixes:

• Updated README: the build also requires "patch". Reported by William Waites.
• Monitor set of client interfaces, not client domains. Qubes does not remove the client directory itself when the domain exits. This prevented clients from reconnecting. This may also make it possible to connect clients to the firewall via multiple interfaces, although this doesn't seem useful.
• Handle errors writing to client. mirage-net-xen would report Netback_shutdown if we tried to write to a client after it had disconnected. Now we just log this and continue.
• Ensure that old client has quit before adding new one. Not sure if this can happen, but it removes a TODO from the code.
• Allow clients to have any IP address. We previously assumed that Qubes would always give clients IP addresses on a particular network. However, it is not required to do this and in fact uses a different network for disposable VMs. With this change:
  • We no longer reject clients with unknown IP addresses.
  • The Unknown_client classification is gone; we have no way to tell the difference between a client that isn't connected and an external address.
  • We now consider every client to be on a point-to-point link and do not answer ARP requests on behalf of other clients. Clients should assume their netmask is 255.255.255.255 (and ignore /qubes-netmask). This allows disposable VMs to connect to the firewall but for some reason they don't process any frames we send them (we get their ARP requests but they don't get our replies). Taking eth0 down in the disp VM, then bringing it back up (and re-adding the routes) allows it to work.
• Cope with writing a frame failing. If a client disconnects suddenly then we may get an error trying to map its grant to send the frame.
• Survive death of our GUId connection to dom0. We don't need the GUI anyway.
• Handle Out_of_memory adding NAT entries. Because hash tables resize in big steps, this can happen even if we have a fair chunk of free memory.
• Calculate checksums even for Accept action. If packet has been NAT'd then we certainly need to recalculate the checksum, but even for direct pass-through it might have been received with an invalid checksum due to checksum offload. For now, recalculate full checksum in all cases.
• Log correct destination for redirected packets. Before, we always said it was going to "NetVM".
• If we can't find a free port, reset the NAT table.
• Reset NAT table if memory gets low.

Other changes:

• Report current memory use to XenStore.
• Reduce logging verbosity.
• Avoid using Lwt.join on listening threads. Lwt.join only reports an error if both threads fail.
• Keep track of transmit queue lengths. Log if we have to wait to send a frame.
• Use mirage-logs library for log reporter.
• Respond to WaitForSession commands (we're always ready!).
• Log SetDateTime messages from dom0 (we still don't actually update our clock, though).

Updates for upstream library changes:

• Updates for mirage 2.9.0.
  • Use new name for uplink device ("0", not "tap0").
  • Don't configure logging - mirage does that for us now.
• Remove tcpip pin. The 2.7.0 release has the checksum feature we need.
• Remove mirage-xen pin. mirage-xen 2.4.0 has been released with the required features (also fixes indentation problem reported by @cfcs).
• Add ncurses-dev to required yum packages. The ocamlfind package has started listing this as a required dependency for some reason, although it appears not to need it. Reported by cyrinux.
• Add work-around for Qubes passing Linux kernel arguments. With the new Functoria release of Mirage, these unrecognised arguments prevented the unikernel from booting. See: mirage/mirage#493
• Remove mirage-logs pin. Now available from the main repository.
• Remove mirage-qubes pin. mirage-qubes 0.2 has been released, and supports the latests Logs API.
• Remove mirage-net-xen pin. Version 1.5 has now been released, and includes netback support.
• Update to new Logs API.
• Remove pin for mirage-clock-xen. New version has been released now.