Add network library with IPv4 conversion functions.

[djacu]

Description of changes

Adds a network library to lib with functions for IPv4 conversions. Many core and supplementary modules can benefit from simple Nix functions that do IPv4 cidr/address/mask conversions. Examples include:

• dhcpd
  • https://github.com/NixOS/nixpkgs/blob/nixos-23.05/nixos/modules/services/networking/dhcpd.nix#L114
• networking.interfaces
  • https://github.com/NixOS/nixpkgs/blob/nixos-23.05/nixos/modules/tasks/network-interfaces.nix#L199
  • https://github.com/NixOS/nixpkgs/blob/nixos-23.05/nixos/modules/tasks/network-interfaces.nix#L223
• flannel
  • https://github.com/NixOS/nixpkgs/blob/nixos-23.05/nixos/modules/services/networking/flannel.nix#L44
  • https://github.com/NixOS/nixpkgs/blob/nixos-23.05/nixos/modules/services/networking/flannel.nix#L106
  • https://github.com/NixOS/nixpkgs/blob/nixos-23.05/nixos/modules/services/networking/flannel.nix#L116
  • https://github.com/NixOS/nixpkgs/blob/nixos-23.05/nixos/modules/services/networking/flannel.nix#L125
• fail2ban
• postgrey
• tinc

Example of how configuration can be improved using the new network library. This helps minimize the chance for typographical errors.

# before
services.dhcpd4.extraConfig = ''
  option subnet-mask 255.255.255.0;
  option broadcast-address 192.168.1.255;
  option routers 192.168.1.5;
  subnet 192.168.1.0 netmask 255.255.255.0 {
    range 192.168.1.100 192.168.1.200;
  }
''

# after
services.dhcpd4.extraConfig = let
  props = lib.networking.ipv4.getNetworkProperties "192.168.1.5/24";
in
  ''
    option subnet-mask ${props.subnetMask};
    option broadcast-address ${props.broadcast};
    option routers ${props.ipAddress};
    subnet ${props.networkId} netmask ${props.subnetMask} {
      range ${props.firstUsableIp} ${props.lastUsableIp};
    }
  ''

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 23.11 Release Notes (or backporting 23.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

[ajs124]

what about ipv6?

[djacu]

what about ipv6?

• This PR is already quite large.
• It is complete for v4 (at least as much as I could consider).
• I didn't want to write for both if this was going to be rejected.

In short; next PR. Or someone else can add it if they feel inclined. :)

[infinisil]

Nice, this would be very handy!

I think it's a bit too big all together though, could you split this into smaller PRs? That would make incremental reviews and merges much easier.

Ideally we'd also have a design document like we have for the path library and the fileset library. This would include arguments for why the library is design the way it is, such as why these specific functios were chosen, that alternatives would be worse, etc.

In particular I feel like the amount of conversion functions is a bit too much, could this be improved?

[nixos-discourse]

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/manipulate-ip-addresses-in-nix-lang/33363/5

[djacu]

Nice, this would be very handy!

I think it's a bit too big all together though, could you split this into smaller PRs? That would make incremental reviews and merges much easier.

Ideally we'd also have a design document like we have for the path library and the fileset library. This would include arguments for why the library is design the way it is, such as why these specific functios were chosen, that alternatives would be worse, etc.

In particular I feel like the amount of conversion functions is a bit too much, could this be improved?

Sure I'm happy to break it into multiple PRs and add a design document. How many chunks should I split it into or how small should I make the PRs?

I worked with @kylerisse on designing the library. All the functions that go into getNetworkProperties are useful and necessary for people in networking (so all the cidrTo* functions). So everything but ipAndBitMaskToCidr and ipAndSubnetMaskToCidr are necesarry; these functions let you go in reverse which might be helpful to others.

[infinisil]

How many chunks should I split it into or how small should I make the PRs?

The smallest chunks possible such that each still has a good use case (and explain that use case in the PR).

[astro]

How certain are you about the term bitmask? I would expect "11111111111111110000000000000000".

In IPv6 lingo that number after the slash is named prefix length.

[djacu]

Not very. Prefix length is better. I think it's same in both ipv4 and ipv6, no?

[yu-re-ka]

A very hacky ipv4 and ipv6 library can be found here:
https://cyberchaos.dev/cyberchaoscreatures/nixlib/-/blob/main/lib/ipUtil/default.nix?ref_type=heads

[aanderse]

@djacu any chance you are still working on this? ❤️

[djacu]

@djacu any chance you are still working on this? ❤️

Hey sorry

I got swamped helping plan scale and nixcon na. I started working on a design document. I was hoping to get back to it next week.

[djacu]

At the request of @infinisil, I have created a new (smaller) PR with a design document.
Additionally, I think the new implementation is better.
See -> #299409