diff --git a/nixos-modules/genode-init.nix b/nixos-modules/genode-init.nix index da46749..1268dd0 100644 --- a/nixos-modules/genode-init.nix +++ b/nixos-modules/genode-init.nix @@ -58,6 +58,16 @@ in { attrsOf (submodule { options = { inherit coreROMs inputs; + + routeToNics = lib.mkOption { + type = with types; listOf str; + default = [ ]; + example = [ "eth0" ]; + description = '' + Grant access to these Nic interfaces. + ''; + }; + configFile = mkOption { type = types.path; description = '' diff --git a/nixos-modules/hardware.nix b/nixos-modules/hardware.nix index ae43eeb..4d776fc 100644 --- a/nixos-modules/hardware.nix +++ b/nixos-modules/hardware.nix @@ -72,8 +72,25 @@ with lib; assertion = lessThan (length interface.ipv4.routes) 2; message = "Genode interfaces do not support multiple routes."; }; - in lib.mapAttrsToList addrCheck config.networking.interfaces - ++ lib.mapAttrsToList routeCheck config.networking.interfaces; + policyCheck = name: interface: + let + clientList = filter (x x != null) (lib.mapAttrsToList + (childName: value: + if any (nic: nic == name) value.routeToNics then + childName + else + null) config.genode.init.children); + in { + assertion = + trace clientList (clientList == [ ] || length clientList == 1); + message = "Multiple routes to Nic ${name}, ${clientList}"; + }; + in lib.lists.concatMap + (f: lib.mapAttrsToList f config.networking.interfaces) [ + addrCheck + routeCheck + policyCheck + ]; hardware.genode.usb.storage.enable = config.genode.boot.storeBackend == "usb"; @@ -139,15 +156,15 @@ with lib; in { inputs = [ binary ]; configFile = let - policies = if interface.genode.stack == null then - "[] : List Init.Config.Policy.Type" - else '' - [ Init.Config.Policy::{ + policy = lib.mapAttrsToList (childName: value: + if any (nic: nic == name) value.routeToNics then '' + Init.Config.Policy::{ , service = "Nic" - , label = Init.LabelSelector.prefix "${name}.sockets" + , label = Init.LabelSelector.prefix "${childName}" } - ] - ''; + '' else + "") config.genode.init.children; + in pkgs.writeText "${name'}.dhall" '' let Genode = env:DHALL_GENODE @@ -166,7 +183,9 @@ with lib; ] , config = Init.Config::{ , attributes = toMap { verbose = "true" } - , policies = ${policies} + , policies = + [ ${toString policy} ] + : List Init.Config.Policy.Type } } ''; @@ -180,11 +199,15 @@ with lib; value = if interface.genode.stack == null then null else { + inputs = with pkgs.genodePackages; { lwip = [ vfs_lwip ]; lxip = [ vfs_lxip ]; }.${interface.genode.stack}; + + routeToNics = [ name ]; + configFile = let binary = "${pkgs.genodePackages.vfs}/bin/vfs"; ram = { @@ -251,6 +274,7 @@ with lib; } } ''; + }; }) config.networking.interfaces; @@ -308,7 +332,9 @@ with lib; , Init.ServiceRoute.parent "IO_PORT" ] , config = Init.Config::{ - , policies = [ ${toString policies} ] + , policies = [ ${ + toString policies + } ] : List Init.Config.Policy.Type } } ''; @@ -361,7 +387,7 @@ with lib; ] } ] - , policies = [ storagePolicy ] + , policies = [ storagePolicy ] : List Init.Config.Policy.Type } } ''; diff --git a/tests/networking.nix b/tests/networking.nix index 67d0d39..56292be 100644 --- a/tests/networking.nix +++ b/tests/networking.nix @@ -9,6 +9,9 @@ networking.interfaces.eth1.genode.stack = null; genode.init.children.ping = { inputs = with pkgs.genodePackages; [ ping ]; + + routeToNics = [ "eth1" ]; + configFile = let ipA = builtins.head config.networking.interfaces.eth1.ipv4.addresses; ipAddrB = with builtins;