dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #165285 from jpathy/patch-2

Browse Source 
networking.greTunnels: Add ttl option
This commit is contained in:
pennae 2022-03-24 08:10:23 +00:00 committed by GitHub
commit 67281c4d29
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/tasks/network-interfaces-scripted.nix
View File

@ -535,6 +535,7 @@ let
createGreDevice = n: v: nameValuePair "${n}-netdev" createGreDevice = n: v: nameValuePair "${n}-netdev"
(let (let
deps = deviceDependency v.dev; deps = deviceDependency v.dev;
ttlarg = if lib.hasPrefix "ip6" v.type then "hoplimit" else "ttl";
in in
{ description = "GRE Tunnel Interface ${n}"; { description = "GRE Tunnel Interface ${n}";
wantedBy = [ "network-setup.service" (subsystemDevice n) ]; wantedBy = [ "network-setup.service" (subsystemDevice n) ];
@ -551,6 +552,7 @@ let
ip link add name "${n}" type ${v.type} \ ip link add name "${n}" type ${v.type} \
${optionalString (v.remote != null) "remote \"${v.remote}\""} \ ${optionalString (v.remote != null) "remote \"${v.remote}\""} \
${optionalString (v.local != null) "local \"${v.local}\""} \ ${optionalString (v.local != null) "local \"${v.local}\""} \
${optionalString (v.ttl != null) "${ttlarg} ${toString v.ttl}"} \
${optionalString (v.dev != null) "dev \"${v.dev}\""} ${optionalString (v.dev != null) "dev \"${v.dev}\""}
ip link set "${n}" up ip link set "${n}" up
''; '';

2
nixos/modules/tasks/network-interfaces-systemd.nix
View File

@ -318,6 +318,8 @@ in
Remote = gre.remote; Remote = gre.remote;
}) // (optionalAttrs (gre.local != null) { }) // (optionalAttrs (gre.local != null) {
Local = gre.local; Local = gre.local;
}) // (optionalAttrs (gre.ttl != null) {
TTL = gre.ttl;
}); });
}; };
networks = mkIf (gre.dev != null) { networks = mkIf (gre.dev != null) {

11
nixos/modules/tasks/network-interfaces.nix
View File

@ -1020,12 +1020,14 @@ in
local = "10.0.0.22"; local = "10.0.0.22";
dev = "enp4s0f0"; dev = "enp4s0f0";
type = "tap"; type = "tap";
ttl = 255;
}; };
gre6Tunnel = { gre6Tunnel = {
remote = "fd7a:5634::1"; remote = "fd7a:5634::1";
local = "fd7a:5634::2"; local = "fd7a:5634::2";
dev = "enp4s0f0"; dev = "enp4s0f0";
type = "tun6"; type = "tun6";
ttl = 255;
}; };
} }
''; '';
@ -1063,6 +1065,15 @@ in
''; '';
}; };
ttl = mkOption {
type = types.nullOr types.int;
default = null;
example = 255;
description = ''
The time-to-live/hoplimit of the connection to the remote tunnel endpoint.
'';
};
type = mkOption { type = mkOption {
type = with types; enum [ "tun" "tap" "tun6" "tap6" ]; type = with types; enum [ "tun" "tap" "tun6" "tap6" ];
default = "tap"; default = "tap";

12
nixos/tests/networking.nix
View File

@ -514,12 +514,14 @@ let
local = "192.168.2.1"; local = "192.168.2.1";
remote = "192.168.2.2"; remote = "192.168.2.2";
dev = "eth2"; dev = "eth2";
ttl = 225;
type = "tap"; type = "tap";
}; };
gre6Tunnel = { gre6Tunnel = {
local = "fd00:1234:5678:4::1"; local = "fd00:1234:5678:4::1";
remote = "fd00:1234:5678:4::2"; remote = "fd00:1234:5678:4::2";
dev = "eth3"; dev = "eth3";
ttl = 255;
type = "tun6"; type = "tun6";
}; };
}; };
@ -548,12 +550,14 @@ let
local = "192.168.2.2"; local = "192.168.2.2";
remote = "192.168.2.1"; remote = "192.168.2.1";
dev = "eth1"; dev = "eth1";
ttl = 225;
type = "tap"; type = "tap";
}; };
gre6Tunnel = { gre6Tunnel = {
local = "fd00:1234:5678:4::2"; local = "fd00:1234:5678:4::2";
remote = "fd00:1234:5678:4::1"; remote = "fd00:1234:5678:4::1";
dev = "eth3"; dev = "eth3";
ttl = 255;
type = "tun6"; type = "tun6";
}; };
}; };
@ -573,6 +577,7 @@ let
]; ];
testScript = { ... }: testScript = { ... }:
'' ''
import json
start_all() start_all()
with subtest("Wait for networking to be configured"): with subtest("Wait for networking to be configured"):
@ -591,6 +596,13 @@ let
client1.wait_until_succeeds("ping -c 1 fc00::2") client1.wait_until_succeeds("ping -c 1 fc00::2")
client2.wait_until_succeeds("ping -c 1 fc00::1") client2.wait_until_succeeds("ping -c 1 fc00::1")
with subtest("Test GRE tunnel TTL"):
links = json.loads(client1.succeed("ip -details -json link show greTunnel"))
assert links[0]['linkinfo']['info_data']['ttl'] == 225, "ttl not set for greTunnel"
links = json.loads(client2.succeed("ip -details -json link show gre6Tunnel"))
assert links[0]['linkinfo']['info_data']['ttl'] == 255, "ttl not set for gre6Tunnel"
''; '';
}; };
vlan = let vlan = let