commit c1f515547109a7e1845120449676ba6aa9a78fe9 · pyrox.dev/nixpkgs

+6

nixos/doc/manual/from_md/release-notes/rl-2111.section.xml

···

       1548
       1548
        
                 Foo-over-UDP encapsulations.

     

       1549
       1549
        
               </para>

     

       1550
       1550
        
             </listitem>

     

       1551
       1551
       +
             <listitem>

     

       1552
       1552
       +
               <para>

     

       1553
       1553
       +
                 <literal>networking.sits</literal> now supports Foo-over-UDP

     

       1554
       1554
       +
                 encapsulation.

     

       1555
       1555
       +
               </para>

     

       1556
       1556
       +
             </listitem>

     

       1551
       1557
        
           </itemizedlist>

     

       1552
       1558
        
         </section>

     

       1553
       1559
        
       </section>

+2

nixos/doc/manual/release-notes/rl-2111.section.md

···

       447
       447
        
       - The `systemd.network` module has gained support for the FooOverUDP link type.

     

       448
       448
        
       

     

       449
       449
        
       - The `networking` module has a new `networking.fooOverUDP` option to configure Foo-over-UDP encapsulations.

     

       450
       450
       +
       

     

       451
       451
       +
       - `networking.sits` now supports Foo-over-UDP encapsulation.

+6 -1

nixos/modules/tasks/network-interfaces-scripted.nix

···

       519
       519
        
                       ${optionalString (v.remote != null) "remote \"${v.remote}\""} \

     

       520
       520
        
                       ${optionalString (v.local != null) "local \"${v.local}\""} \

     

       521
       521
        
                       ${optionalString (v.ttl != null) "ttl ${toString v.ttl}"} \

     

       522
       522
       -
                       ${optionalString (v.dev != null) "dev \"${v.dev}\""}

     

       522
       522
       +
                       ${optionalString (v.dev != null) "dev \"${v.dev}\""} \

     

       523
       523
       +
                       ${optionalString (v.encapsulation != null)

     

       524
       524
       +
                         "encap ${v.encapsulation.type} encap-dport ${toString v.encapsulation.port} ${

     

       525
       525
       +
                           optionalString (v.encapsulation.sourcePort != null)

     

       526
       526
       +
                             "encap-sport ${toString v.encapsulation.sourcePort}"

     

       527
       527
       +
                         }"}

     

       523
       528
        
                     ip link set "${n}" up

     

       524
       529
        
                   '';

     

       525
       530
        
                   postStop = ''

+11 -1

nixos/modules/tasks/network-interfaces-systemd.nix

···

       227
       227
        
                     Local = sit.local;

     

       228
       228
        
                   }) // (optionalAttrs (sit.ttl != null) {

     

       229
       229
        
                     TTL = sit.ttl;

     

       230
       230
       -
                   });

     

       230
       230
       +
                   }) // (optionalAttrs (sit.encapsulation != null) (

     

       231
       231
       +
                     {

     

       232
       232
       +
                       FooOverUDP = true;

     

       233
       233
       +
                       Encapsulation =

     

       234
       234
       +
                         if sit.encapsulation.type == "fou"

     

       235
       235
       +
                         then "FooOverUDP"

     

       236
       236
       +
                         else "GenericUDPEncapsulation";

     

       237
       237
       +
                       FOUDestinationPort = sit.encapsulation.port;

     

       238
       238
       +
                     } // (optionalAttrs (sit.encapsulation.sourcePort != null) {

     

       239
       239
       +
                       FOUSourcePort = sit.encapsulation.sourcePort;

     

       240
       240
       +
                     })));

     

       231
       241
        
               };

     

       232
       242
        
               networks = mkIf (sit.dev != null) {

     

       233
       243
        
                 "40-${sit.dev}" = (mkMerge [ (genericNetwork (mkOverride 999)) {

+40 -1

nixos/modules/tasks/network-interfaces.nix

···

       10
       10
        
         hasVirtuals = any (i: i.virtual) interfaces;

     

       11
       11
        
         hasSits = cfg.sits != { };

     

       12
       12
        
         hasBonds = cfg.bonds != { };

     

       13
       13
       -
         hasFous = cfg.fooOverUDP != { };

     

       13
       13
       +
         hasFous = cfg.fooOverUDP != { }

     

       14
       14
       +
           || filterAttrs (_: s: s.encapsulation != null) cfg.sits != { };

     

       14
       15
        
       

     

       15
       16
        
         slaves = concatMap (i: i.interfaces) (attrValues cfg.bonds)

     

       16
       17
        
           ++ concatMap (i: i.interfaces) (attrValues cfg.bridges)

     
···

       945
       946
        
                   example = "enp4s0f0";

     

       946
       947
        
                   description = ''

     

       947
       948
        
                     The underlying network device on which the tunnel resides.

     

       949
       949
       +
                   '';

     

       950
       950
       +
                 };

     

       951
       951
       +
       

     

       952
       952
       +
                 encapsulation = with types; mkOption {

     

       953
       953
       +
                   type = nullOr (submodule {

     

       954
       954
       +
                     options = {

     

       955
       955
       +
                       type = mkOption {

     

       956
       956
       +
                         type = enum [ "fou" "gue" ];

     

       957
       957
       +
                         description = ''

     

       958
       958
       +
                           Selects encapsulation type. See

     

       959
       959
       +
                           <citerefentry><refentrytitle>ip-link</refentrytitle>

     

       960
       960
       +
                           <manvolnum>8</manvolnum></citerefentry> for details.

     

       961
       961
       +
                         '';

     

       962
       962
       +
                       };

     

       963
       963
       +
       

     

       964
       964
       +
                       port = mkOption {

     

       965
       965
       +
                         type = port;

     

       966
       966
       +
                         example = 9001;

     

       967
       967
       +
                         description = ''

     

       968
       968
       +
                           Destination port for encapsulated packets.

     

       969
       969
       +
                         '';

     

       970
       970
       +
                       };

     

       971
       971
       +
       

     

       972
       972
       +
                       sourcePort = mkOption {

     

       973
       973
       +
                         type = nullOr types.port;

     

       974
       974
       +
                         default = null;

     

       975
       975
       +
                         example = 9002;

     

       976
       976
       +
                         description = ''

     

       977
       977
       +
                           Source port for encapsulated packets. Will be chosen automatically by

     

       978
       978
       +
                           the kernel if unset.

     

       979
       979
       +
                         '';

     

       980
       980
       +
                       };

     

       981
       981
       +
                     };

     

       982
       982
       +
                   });

     

       983
       983
       +
                   default = null;

     

       984
       984
       +
                   example = { type = "fou"; port = 9001; };

     

       985
       985
       +
                   description = ''

     

       986
       986
       +
                     Configures encapsulation in UDP packets.

     

       948
       987
        
                   '';

     

       949
       988
        
                 };

     

       950
       989

+24 -3

nixos/tests/networking.nix

···

       431
       431
        
               virtualisation.vlans = [ 1 ];

     

       432
       432
        
               networking = {

     

       433
       433
        
                 useNetworkd = networkd;

     

       434
       434
       -
                 firewall.enable = false;

     

       435
       434
        
                 useDHCP = false;

     

       436
       435
        
                 sits.sit = {

     

       437
       436
        
                   inherit remote;

     
···

       446
       445
        
             };

     

       447
       446
        
           in {

     

       448
       447
        
             name = "Sit";

     

       449
       449
       -
             nodes.client1 = node { address4 = "192.168.1.1"; remote = "192.168.1.2"; address6 = "fc00::1"; };

     

       450
       450
       -
             nodes.client2 = node { address4 = "192.168.1.2"; remote = "192.168.1.1"; address6 = "fc00::2"; };

     

       448
       448
       +
             # note on firewalling: the two nodes are explicitly asymmetric.

     

       449
       449
       +
             # client1 sends SIT packets in UDP, but accepts only proto-41 incoming.

     

       450
       450
       +
             # client2 does the reverse, sending in proto-41 and accepting only UDP incoming.

     

       451
       451
       +
             # that way we'll notice when either SIT itself or FOU breaks.

     

       452
       452
       +
             nodes.client1 = args@{ pkgs, ... }:

     

       453
       453
       +
               mkMerge [

     

       454
       454
       +
                 (node { address4 = "192.168.1.1"; remote = "192.168.1.2"; address6 = "fc00::1"; } args)

     

       455
       455
       +
                 {

     

       456
       456
       +
                   networking = {

     

       457
       457
       +
                     firewall.extraCommands = "iptables -A INPUT -p 41 -j ACCEPT";

     

       458
       458
       +
                     sits.sit.encapsulation = { type = "fou"; port = 9001; };

     

       459
       459
       +
                   };

     

       460
       460
       +
                 }

     

       461
       461
       +
               ];

     

       462
       462
       +
             nodes.client2 = args@{ pkgs, ... }:

     

       463
       463
       +
               mkMerge [

     

       464
       464
       +
                 (node { address4 = "192.168.1.2"; remote = "192.168.1.1"; address6 = "fc00::2"; } args)

     

       465
       465
       +
                 {

     

       466
       466
       +
                   networking = {

     

       467
       467
       +
                     firewall.allowedUDPPorts = [ 9001 ];

     

       468
       468
       +
                     fooOverUDP.fou1 = { port = 9001; protocol = 41; };

     

       469
       469
       +
                   };

     

       470
       470
       +
                 }

     

       471
       471
       +
               ];

     

       451
       472
        
             testScript = { ... }:

     

       452
       473
        
               ''

     

       453
       474
        
                 start_all()