xaki23
commented
4 years ago this is very confusing. i just built this...
- from a clean buildvm (so no old ocaml/opam anything),
- with qubes-builder https://github.com/QubesOS/qubes-builder/blob/master/example-configs/mirage.conf
- swapped out the repo/branch for roburio/mirage-3.7
- swapped mirage pin in Makefile.builder to 3.7.4 (as in Dockerfile)
- build finished within <10 min including "have to install opam + ocaml + a lot of modules first"
- didnt spew the usual bulk text about actualy building firewall itself (that looks very different from opam-is-installing-modules)
- got a reasonable looking ~5-6MB mirage-firewall.xen
- templated + installed + set it to be used for my backup sync process ...
... and it just seems to work.
this is actualy so smooth i am not sure i am looking at the right thing. could we get some versions in the during-startup debugprints or so? (yes, no timestamps because reprobuilds, but versions should be ok for that)
will deploy it to some more roles tomorrow and watch it for a few days. i dont have strong active testing for this, but things tend to blow up quickly for me during use.
talex5
The main improvement is fragmentation and reassembly support in mirage-nat 2.0.0, which fixes #73 //cc @xaki23.
Other changes include:
Fragmentation and reassembly: each network interface now has a reassembly cache, a LRU, its size is hardcoded to 256 * 1024 bytes. I am not sure whether this should instead (a) be user-configurable (b) default to a smaller size. Maybe the individual client networks (Client_net) should have a smaller cache, and the Uplink a slightly larger?