remove_connections t ip removes all connections of
val translate : t -> Nat_packet.t -> ( Nat_packet.t, [> `Untranslated | `TTL_exceeded ] ) result Lwt.t
Given a lookup table and an ip-level packet, * perform any translation indicated by presence in the table. * If the packet should be forwarded, return the translated packet, * else return
Error `Untranslated. * The payload in the result shares the Cstruct with the input, so they should be * treated as read-only.
val add : t -> Nat_packet.t -> Mirage_nat.endpoint -> [ `NAT | `Redirect of Mirage_nat.endpoint ] -> ( unit, [> `Overlap | `Cannot_NAT ] ) result Lwt.t
add t ~now packet xl_endpoint mode adds an entry to the table to translate packets on
packet's channel according to
mode, and another entry to translate the replies back again.
`NAT then the entries will be of the form:
(packet.src -> packet.dst) becomes (xl_endpoint -> packet.dst) (packet.dst -> xl_endpoint) becomes (packet.dst -> packet.src)
`Redirect new_dst then the entries will be of the form:
(packet.src -> packet.dst) becomes (xl_endpoint -> new_dst) (new_dst -> xl_endpoint) becomes (packet.dst -> packet.src)
In this case,
packet.dst will typically be an endpoint on the NAT itself, to ensure all packets go via the NAT.
now is used to calculate the expiry time for the new entry.
`Overlap if the new entries would partially overlap with an existing entry.
`Cannot_NAT if the packet has a non-Global/Organization source or destination, or is an ICMP packet which is not a query.
empty ~tcp_size ~udp_size ~icmp_size is a fresh, empty table with the given limits on the number of entries (LRU will be discarded).