| Lorenz Brun | 0672ecc | 2023-02-21 11:00:59 +0100 | [diff] [blame] | 1 | syntax = "proto3"; |
| 2 | |
| 3 | // This package provides a configuration format for configuring IP-based |
| 4 | // networking on Linux. This is going to be used in cases where automatic |
| 5 | // configuration by Monogon's network stack is infeasible or network |
| 6 | // configuration information needs to be provided to non-Monogon systems. |
| 7 | // It's kept human-readable as it may be written by humans directly when |
| 8 | // configuring Monogon systems. |
| 9 | package net.proto; |
| 10 | option go_package = "source.monogon.dev/net/proto"; |
| 11 | |
| 12 | // Device references one or more network adapters, i.e. network devices which |
| 13 | // connect this kernel to an outside system. |
| 14 | // All conditions which are set in the message are ANDed together. |
| 15 | message Device { |
| 16 | // Matches the permanent hardware address of the interface. The raw address |
| 17 | // is hex-encoded and colons are inserted between every byte boundary. |
| 18 | // This is the MAC address on Ethernet interfaces. |
| 19 | string hardware_address = 1; |
| 20 | // Matches the Linux driver of the network interface |
| 21 | string driver = 2; |
| 22 | // In case of multiple matches, use the n-th interface instead of the first. |
| 23 | int32 index = 3; |
| 24 | } |
| 25 | // Bond defines an aggregate of physical layer 2 links which behave as one |
| 26 | // virtual layer 2 link. This includes active-passive as well as active- |
| 27 | // active configurations with two or more links. |
| 28 | message Bond { |
| 29 | // List of interface names which are a member of this bond. It's recommended |
| 30 | // to only use Device-type interfaces here as others might behave |
| 31 | // unexpectedly (Bond on VLAN interfaces) or fail to be configured entirely |
| 32 | // (Bond on Bond). All interface names listed here must exist as part of the |
| 33 | // same Net message as this Bond interface. |
| 34 | repeated string member_interface = 1; |
| 35 | // Minimum number of links to be up to consider the bond to be up. |
| 36 | // Can be used in case expected bandwith is more than a single interface |
| 37 | // can take in which case it might be preferable to not pass any traffic |
| 38 | // over causing significant packet loss. |
| 39 | int32 min_links = 2; |
| 40 | message CarrierMonitor { |
| 41 | // Interval at which the PCS is polled for physical link status if Linux's |
| 42 | // carrier monitoring is not available. |
| 43 | int32 polling_interval_ms = 1; |
| 44 | // Disable the use of Linux's carrier monitoring which can use interrupts |
| 45 | // and force polling in all cases. |
| 46 | bool force_polling = 4; |
| 47 | // Amount of time to delay marking the link as down in the bond after the |
| 48 | // carrier has been lost. Should be a multiple of polling_interval_ms. |
| 49 | int32 down_delay_ms = 2; |
| 50 | // Amount of time to delay marking the link as up in the bond after the |
| 51 | // carrier is available. Should be a multiple of polling_interval_ms. |
| 52 | int32 up_delay_ms = 3; |
| 53 | } |
| 54 | oneof link_monitor { |
| 55 | CarrierMonitor carrier_monitor = 3; |
| 56 | // TODO(#186): Support ARP monitor for other modes |
| 57 | } |
| 58 | enum TransmitHashPolicy { |
| 59 | // Layer 2 MAC address |
| 60 | LAYER2 = 0; |
| 61 | // IP address, protocol and port |
| 62 | LAYER3_4 = 1; |
| 63 | // MAC address and IP address |
| 64 | LAYER2_3 = 2; |
| 65 | // Encapsulated MAC address and IP address |
| 66 | ENCAP_LAYER2_3 = 3; |
| 67 | // Encapsulated IP address, protocol and port |
| 68 | ENCAP_LAYER3_4 = 4; |
| 69 | // VLAN ID and source MAC |
| 70 | VLAN_SRCMAC = 5; |
| 71 | } |
| 72 | TransmitHashPolicy transmit_hash_policy = 4; |
| 73 | // Use the Link Aggregation Control Protocol to automatically use the |
| 74 | // available links as best as possible. |
| 75 | message LACP { |
| 76 | enum Rate { |
| 77 | // LACP slow rate, one packet every 30s |
| 78 | SLOW = 0; |
| 79 | // LACP fast rate, one packet every 1s |
| 80 | FAST = 1; |
| 81 | } |
| 82 | Rate rate = 1; |
| 83 | enum SelectionLogic { |
| 84 | STABLE = 0; |
| 85 | BANDWIDTH = 1; |
| 86 | COUNT = 2; |
| 87 | } |
| 88 | SelectionLogic selection_logic = 2; |
| 89 | int32 actor_system_priority = 3; |
| 90 | int32 user_port_key = 4; |
| 91 | string actor_system_mac = 5; |
| 92 | } |
| 93 | message ActiveBackup { |
| 94 | // TODO(#186): More settings |
| 95 | } |
| 96 | oneof mode { |
| 97 | LACP lacp = 5; |
| 98 | ActiveBackup active_backup = 6; |
| 99 | } |
| 100 | } |
| 101 | |
| 102 | message VLAN { |
| 103 | // Name of the parent interface passing tagged packets. The interface |
| 104 | // referenced here must exist in the same Net message as this VLAN |
| 105 | // interface. |
| 106 | string parent = 1; |
| 107 | // VLAN ID (1-4094) |
| 108 | int32 id = 2; |
| 109 | enum Protocol { |
| 110 | // C-VLAN, also known as "standard" VLAN inserts a header with the |
| 111 | // VLAN ID (VID) right before the EtherType. |
| 112 | CVLAN = 0; |
| 113 | // S-VLAN, also known as QinQ or 802.1ad (obsolete) inserts a second VLAN ID |
| 114 | // before the C-VLAN header. This allows stacking two VLANs. The ID |
| 115 | // specified here is just for the outer VLAN, the inner one can be set by |
| 116 | // creating another VLAN interface and setting this one to be its parent. |
| 117 | SVLAN = 1; |
| 118 | } |
| 119 | Protocol protocol = 3; |
| 120 | } |
| 121 | |
| 122 | // IPv4Autoconfig contains settings for the automatic configuration of IPv4 |
| 123 | // addresses, routes and further network information via DHCPv4. |
| 124 | message IPv4Autoconfig {} |
| 125 | |
| 126 | // IPv6Autoconfig contains settings for the automatic configuration of IPv6 |
| 127 | // addreses, routes and further network information via ICMPv6 Router |
| 128 | // Advertisements and optionally DHCPv6 if indicated by the Router |
| 129 | // Advertisement. |
| 130 | message IPv6Autoconfig { |
| 131 | enum Privacy { |
| 132 | // Do not generate privacy addresses. |
| 133 | DISABLE = 0; |
| 134 | // Generate privacy addresses, but prefer non-privacy addresses. |
| 135 | AVOID = 1; |
| 136 | // Generate privacy addresses and use them over other non-privacy |
| 137 | // addresses. |
| 138 | PREFER = 2; |
| 139 | } |
| 140 | // privacy controls if and how privacy addresses (see RFC 4941) are used if |
| 141 | // DHCPv6 is not used for addressing. If DHCPv6 is used for addressing |
| 142 | // any privacy considerations lie with the DHCPv6 server. |
| 143 | Privacy privacy = 1; |
| 144 | } |
| 145 | |
| 146 | message Interface { |
| 147 | // Name of the interface. Used as a reference in this config as well as for |
| 148 | // the name of the kernel interface. Must not be empty, less than 16 UTF-8 |
| 149 | // bytes long and cannot contain spaces, forward slashes, colons or percent |
| 150 | // signs. The UTF-8 encoding can also not include 0xa0 which is interpreted |
| 151 | // as a space by Linux since its ctype database is based on Latin1. |
| 152 | string name = 1; |
| 153 | |
| 154 | // Type of interface |
| 155 | oneof type { |
| 156 | Device device = 3; |
| 157 | Bond bond = 4; |
| 158 | VLAN vlan = 5; |
| 159 | } |
| 160 | // Enable automatic IPv4 network configuration via DHCPv4. |
| 161 | IPv4Autoconfig ipv4_autoconfig = 10; |
| 162 | |
| 163 | // Enable automatic IPv6 network configuration via router advertisements and |
| 164 | // DHCPv6. |
| 165 | IPv6Autoconfig ipv6_autoconfig = 11; |
| 166 | |
| 167 | // IP addresses to be statically configured. These can either be single |
| 168 | // IP addresses (both IPv4 and IPv6) as well as CIDR-style networks for |
| 169 | // which a corresponding route is automatically added. If single IP addreses |
| 170 | // are used, a corresponding route must be added, otherwise no traffic will |
| 171 | // be routed out of the interface. |
| 172 | repeated string address = 12; |
| 173 | |
| 174 | message Route { |
| 175 | // Destination in CIDR form or as a single IP. |
| 176 | string destination = 1; |
| 177 | |
| 178 | // If set, the destination network is not directly on-link, but reachable |
| 179 | // via a gateway which is on-link. On point-to-point networks without |
| 180 | // ARP/NDP this doesn't do anything should never be set. |
| 181 | // Note that here, different from other network configs, the gateway IP (if |
| 182 | // configured) is assumed to be on-link for the interface it's configured |
| 183 | // under. Configuring a route with a gateway IP which is routed to another |
| 184 | // interface is invalid. |
| 185 | string gateway_ip = 2; |
| 186 | |
| 187 | // An optional hint to the kernel which source address to prefer when using |
| 188 | // this route. |
| 189 | string source_ip = 3; |
| 190 | |
| 191 | // Metric of this interface route. A lower metric route wins over one with a |
| 192 | // higher metric. If unset, defaults to 0 which is the default metric in |
| 193 | // Linux. |
| 194 | int32 metric = 4; |
| 195 | } |
| 196 | // List of routes which direct traffic into this interface. |
| 197 | repeated Route route = 14; |
| 198 | |
| 199 | // Maximum transmission unit of the interface. If unset it will be |
| 200 | // automatically configured by DHCP or LLDP or left at the interface default |
| 201 | // value. Minimum value is 1280 bytes as required by IPv6. |
| 202 | int32 mtu = 13; |
| 203 | } |
| 204 | |
| 205 | message Nameserver { |
| 206 | // The IP address of the nameserver in string form. |
| 207 | string ip = 1; |
| 208 | } |
| 209 | |
| 210 | // Net contains a network configuration for a single network namespace. |
| 211 | // |
| 212 | // This is effectively the top-level configuration message for a machine. |
| 213 | message Net { |
| 214 | repeated Interface interface = 1; |
| 215 | repeated Nameserver nameserver = 3; |
| 216 | } |