nixos: genode.init.children.<…>.routeToNics
Allow init children to route to Nic servers.
This commit is contained in:
parent
46226ebac8
commit
516736144b
|
@ -58,6 +58,16 @@ in {
|
|||
attrsOf (submodule {
|
||||
options = {
|
||||
inherit coreROMs inputs;
|
||||
|
||||
routeToNics = lib.mkOption {
|
||||
type = with types; listOf str;
|
||||
default = [ ];
|
||||
example = [ "eth0" ];
|
||||
description = ''
|
||||
Grant access to these Nic interfaces.
|
||||
'';
|
||||
};
|
||||
|
||||
configFile = mkOption {
|
||||
type = types.path;
|
||||
description = ''
|
||||
|
|
|
@ -35,8 +35,25 @@ with lib;
|
|||
assertion = lessThan (length interface.ipv4.routes) 2;
|
||||
message = "Genode interfaces do not support multiple routes.";
|
||||
};
|
||||
in lib.mapAttrsToList addrCheck config.networking.interfaces
|
||||
++ lib.mapAttrsToList routeCheck config.networking.interfaces;
|
||||
policyCheck = name: interface:
|
||||
let
|
||||
clientList = filter (x x != null) (lib.mapAttrsToList
|
||||
(childName: value:
|
||||
if any (nic: nic == name) value.routeToNics then
|
||||
childName
|
||||
else
|
||||
null) config.genode.init.children);
|
||||
in {
|
||||
assertion =
|
||||
trace clientList (clientList == [ ] || length clientList == 1);
|
||||
message = "Multiple routes to Nic ${name}, ${clientList}";
|
||||
};
|
||||
in lib.lists.concatMap
|
||||
(f: lib.mapAttrsToList f config.networking.interfaces) [
|
||||
addrCheck
|
||||
routeCheck
|
||||
policyCheck
|
||||
];
|
||||
|
||||
hardware.genode.platform.policies = lib.lists.imap0 (i: name:
|
||||
builtins.toFile (name + ".platform-policy.dhall") ''
|
||||
|
@ -72,15 +89,15 @@ with lib;
|
|||
in {
|
||||
inputs = [ binary ];
|
||||
configFile = let
|
||||
policies = if interface.genode.stack == null then
|
||||
"[] : List Init.Config.Policy.Type"
|
||||
else ''
|
||||
[ Init.Config.Policy::{
|
||||
, service = "Nic"
|
||||
, label = Init.LabelSelector.prefix "${name}.sockets"
|
||||
}
|
||||
]
|
||||
'';
|
||||
policy = lib.mapAttrsToList (childName: value:
|
||||
if any (nic: nic == name) value.routeToNics then ''
|
||||
Init.Config.Policy::{
|
||||
, service = "Nic"
|
||||
, label = Init.LabelSelector.prefix "${childName}"
|
||||
}
|
||||
'' else
|
||||
"") config.genode.init.children;
|
||||
|
||||
in pkgs.writeText "${name'}.dhall" ''
|
||||
let Genode = env:DHALL_GENODE
|
||||
|
||||
|
@ -90,14 +107,13 @@ with lib;
|
|||
Init.Child.Attributes::{
|
||||
, binary = "${binary.pname}"
|
||||
, provides = [ "Nic" ]
|
||||
, resources = Init.Resources::{
|
||||
, caps = 128
|
||||
, ram = Genode.units.MiB 4
|
||||
}
|
||||
, resources = Init.Resources::{ caps = 128, ram = Genode.units.MiB 4 }
|
||||
, routes = [ Init.ServiceRoute.parent "IO_MEM" ]
|
||||
, config = Init.Config::{
|
||||
, attributes = toMap { verbose = "true" }
|
||||
, policies = ${policies}
|
||||
, policies = [ ${
|
||||
toString policy
|
||||
} ] : List Init.Config.Policy.Type
|
||||
}
|
||||
}
|
||||
'';
|
||||
|
@ -116,6 +132,9 @@ with lib;
|
|||
lwip = [ vfs_lwip ];
|
||||
lxip = [ vfs_lxip ];
|
||||
}.${interface.genode.stack};
|
||||
|
||||
routeToNics = [ name ];
|
||||
|
||||
configFile = let
|
||||
binary = "${pkgs.genodePackages.vfs}/bin/vfs";
|
||||
ram = {
|
||||
|
|
|
@ -35,7 +35,7 @@ in {
|
|||
|
||||
virtualisation.qemu.options =
|
||||
lib.optionals (!config.virtualisation.useBootLoader) [
|
||||
"-kernel '${pkgs.genodePackages.bender}/bender'"
|
||||
"-kernel '${pkgs.genodePackages.bender}/share/bender/bender'"
|
||||
"-initrd '${pkgs.genodePackages.NOVA}/hypervisor-x86_64 arg=iommu logmem novpid serial,${config.genode.boot.image}/image.elf'"
|
||||
];
|
||||
|
||||
|
|
|
@ -8,6 +8,9 @@
|
|||
networking.interfaces.eth1.genode.stack = null;
|
||||
genode.init.children.ping = {
|
||||
inputs = with pkgs.genodePackages; [ ping ];
|
||||
|
||||
routeToNics = [ "eth1" ];
|
||||
|
||||
configFile = let
|
||||
ipA = builtins.head config.networking.interfaces.eth1.ipv4.addresses;
|
||||
ipAddrB = with builtins;
|
||||
|
|
Loading…
Reference in New Issue