nixos/networkd: allow RoutingPolicyRule port ranges
Linux and Systemd allow port ranges to be used in routing policy rules. https://www.freedesktop.org/software/systemd/man/latest/systemd.network.html#SourcePort=
This commit is contained in:
parent
4f8234318e
commit
f753e58e6e
|
@ -73,13 +73,26 @@ in rec {
|
||||||
optional (attr ? ${name} && (! isMacAddress attr.${name} && attr.${name} != "none"))
|
optional (attr ? ${name} && (! isMacAddress attr.${name} && attr.${name} != "none"))
|
||||||
"Systemd ${group} field `${name}` must be a valid MAC address or the special value `none`.";
|
"Systemd ${group} field `${name}` must be a valid MAC address or the special value `none`.";
|
||||||
|
|
||||||
|
isNumberOrRangeOf = check: v:
|
||||||
|
if isInt v
|
||||||
|
then check v
|
||||||
|
else let
|
||||||
|
parts = splitString "-" v;
|
||||||
|
lower = toIntBase10 (head parts);
|
||||||
|
upper = if tail parts != [] then toIntBase10 (head (tail parts)) else lower;
|
||||||
|
in
|
||||||
|
length parts <= 2 && lower <= upper && check lower && check upper;
|
||||||
isPort = i: i >= 0 && i <= 65535;
|
isPort = i: i >= 0 && i <= 65535;
|
||||||
|
isPortOrPortRange = isNumberOrRangeOf isPort;
|
||||||
|
|
||||||
assertPort = name: group: attr:
|
assertPort = name: group: attr:
|
||||||
optional (attr ? ${name} && ! isPort attr.${name})
|
optional (attr ? ${name} && ! isPort attr.${name})
|
||||||
"Error on the systemd ${group} field `${name}': ${attr.name} is not a valid port number.";
|
"Error on the systemd ${group} field `${name}': ${attr.name} is not a valid port number.";
|
||||||
|
|
||||||
|
assertPortOrPortRange = name: group: attr:
|
||||||
|
optional (attr ? ${name} && ! isPortOrPortRange attr.${name})
|
||||||
|
"Error on the systemd ${group} field `${name}': ${attr.name} is not a valid port number or range of port numbers.";
|
||||||
|
|
||||||
assertValueOneOf = name: values: group: attr:
|
assertValueOneOf = name: values: group: attr:
|
||||||
optional (attr ? ${name} && !elem attr.${name} values)
|
optional (attr ? ${name} && !elem attr.${name} values)
|
||||||
"Systemd ${group} field `${name}' cannot have value `${toString attr.${name}}'.";
|
"Systemd ${group} field `${name}' cannot have value `${toString attr.${name}}'.";
|
||||||
|
|
|
@ -729,8 +729,8 @@ let
|
||||||
(assertInt "FirewallMark")
|
(assertInt "FirewallMark")
|
||||||
(assertRange "FirewallMark" 1 4294967295)
|
(assertRange "FirewallMark" 1 4294967295)
|
||||||
(assertInt "Priority")
|
(assertInt "Priority")
|
||||||
(assertPort "SourcePort")
|
(assertPortOrPortRange "SourcePort")
|
||||||
(assertPort "DestinationPort")
|
(assertPortOrPortRange "DestinationPort")
|
||||||
(assertValueOneOf "InvertRule" boolValues)
|
(assertValueOneOf "InvertRule" boolValues)
|
||||||
(assertValueOneOf "Family" ["ipv4" "ipv6" "both"])
|
(assertValueOneOf "Family" ["ipv4" "ipv6" "both"])
|
||||||
(assertInt "SuppressPrefixLength")
|
(assertInt "SuppressPrefixLength")
|
||||||
|
|
Loading…
Reference in New Issue
Block a user