-
-
Notifications
You must be signed in to change notification settings - Fork 13.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4 changed files
with
119 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
{ config, lib, pkgs, ... }: | ||
|
||
with lib; | ||
|
||
let | ||
cfg = config.services.corerad; | ||
in { | ||
meta = { | ||
maintainers = with maintainers; [ mdlayher ]; | ||
}; | ||
|
||
options.services.corerad = { | ||
enable = mkEnableOption "CoreRAD IPv6 NDP RA daemon"; | ||
|
||
configFile = mkOption { | ||
type = types.path; | ||
example = literalExample "\"\${pkgs.corerad}/etc/corerad/corerad.toml\""; | ||
description = "Path to CoreRAD TOML configuration file."; | ||
}; | ||
|
||
package = mkOption { | ||
default = pkgs.corerad; | ||
defaultText = literalExample "pkgs.corerad"; | ||
type = types.package; | ||
description = "CoreRAD package to use."; | ||
}; | ||
}; | ||
|
||
config = mkIf cfg.enable { | ||
systemd.services.corerad = { | ||
description = "CoreRAD IPv6 NDP RA daemon"; | ||
after = [ "network.target" ]; | ||
wantedBy = [ "multi-user.target" ]; | ||
serviceConfig = { | ||
LimitNPROC = 512; | ||
LimitNOFILE = 1048576; | ||
CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_RAW"; | ||
AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_RAW"; | ||
NoNewPrivileges = true; | ||
DynamicUser = true; | ||
ExecStart = "${getBin cfg.package}/bin/corerad -c=${cfg.configFile}"; | ||
Restart = "on-failure"; | ||
}; | ||
}; | ||
}; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
import ./make-test-python.nix ( | ||
{ | ||
nodes = { | ||
router = {config, pkgs, ...}: { | ||
config = { | ||
# This machines simulates a router with IPv6 forwarding and a static IPv6 address. | ||
boot.kernel.sysctl = { | ||
"net.ipv6.conf.all.forwarding" = true; | ||
}; | ||
networking.interfaces.eth1 = { | ||
ipv6.addresses = [ { address = "fd00:dead:beef:dead::1"; prefixLength = 64; } ]; | ||
}; | ||
services.corerad = { | ||
enable = true; | ||
# Serve router advertisements to the client machine with prefix information matching | ||
# any IPv6 /64 prefixes configured on this interface. | ||
configFile = pkgs.writeText "corerad.toml" '' | ||
[[interfaces]] | ||
name = "eth1" | ||
send_advertisements = true | ||
[[interfaces.plugins]] | ||
name = "prefix" | ||
prefix = "::/64" | ||
''; | ||
}; | ||
}; | ||
}; | ||
client = {config, pkgs, ...}: { | ||
# Use IPv6 SLAAC from router advertisements, and install rdisc6 so we can | ||
# trigger one immediately. | ||
config = { | ||
boot.kernel.sysctl = { | ||
"net.ipv6.conf.all.autoconf" = true; | ||
}; | ||
environment.systemPackages = with pkgs; [ | ||
ndisc6 | ||
]; | ||
}; | ||
}; | ||
}; | ||
|
||
testScript = '' | ||
start_all() | ||
with subtest("Wait for CoreRAD and network ready"): | ||
# Ensure networking is online and CoreRAD is ready. | ||
router.wait_for_unit("network-online.target") | ||
client.wait_for_unit("network-online.target") | ||
router.wait_for_unit("corerad.service") | ||
# Ensure the client can reach the router. | ||
client.wait_until_succeeds("ping -c 1 fd00:dead:beef:dead::1") | ||
with subtest("Verify SLAAC on client"): | ||
# Trigger a router solicitation and verify a SLAAC address is assigned from | ||
# the prefix configured on the router. | ||
client.wait_until_succeeds("rdisc6 -1 -r 10 eth1") | ||
client.wait_until_succeeds( | ||
"ip -6 addr show dev eth1 | grep -q 'fd00:dead:beef:dead:'" | ||
) | ||
addrs = client.succeed("ip -6 addr show dev eth1") | ||
assert ( | ||
"fd00:dead:beef:dead:" in addrs | ||
), "SLAAC prefix was not found in client addresses after router advertisement" | ||
assert ( | ||
"/64 scope global temporary" in addrs | ||
), "SLAAC temporary address was not configured on client after router advertisement" | ||
''; | ||
}) |