mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-10-15 12:34:55 +00:00
macsec: support the offload property
This commit is contained in:
parent
aa418275cf
commit
010c54dce9
|
@ -1032,6 +1032,9 @@ ipv6.ip6-privacy=0
|
||||||
<term><varname>loopback.mtu</varname></term>
|
<term><varname>loopback.mtu</varname></term>
|
||||||
<listitem><para>If configured explicitly to 0, the MTU is not reconfigured during device activation unless it is required due to IPv6 constraints. If left unspecified, a DHCP/IPv6 SLAAC provided value is used or the MTU is left unspecified on activation.</para></listitem>
|
<listitem><para>If configured explicitly to 0, the MTU is not reconfigured during device activation unless it is required due to IPv6 constraints. If left unspecified, a DHCP/IPv6 SLAAC provided value is used or the MTU is left unspecified on activation.</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term><varname>macsec.offload</varname></term>
|
||||||
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><varname>sriov.autoprobe-drivers</varname></term>
|
<term><varname>sriov.autoprobe-drivers</varname></term>
|
||||||
<listitem><para>If left unspecified, drivers are autoprobed when the SR-IOV VF gets created.</para></listitem>
|
<listitem><para>If left unspecified, drivers are autoprobed when the SR-IOV VF gets created.</para></listitem>
|
||||||
|
|
|
@ -10,6 +10,7 @@
|
||||||
#include <linux/if_ether.h>
|
#include <linux/if_ether.h>
|
||||||
|
|
||||||
#include "nm-act-request.h"
|
#include "nm-act-request.h"
|
||||||
|
#include "nm-config.h"
|
||||||
#include "nm-device-private.h"
|
#include "nm-device-private.h"
|
||||||
#include "libnm-platform/nm-platform.h"
|
#include "libnm-platform/nm-platform.h"
|
||||||
#include "nm-device-factory.h"
|
#include "nm-device-factory.h"
|
||||||
|
@ -190,6 +191,7 @@ build_supplicant_config(NMDeviceMacsec *self, GError **error)
|
||||||
NMConnection *connection;
|
NMConnection *connection;
|
||||||
const char *con_uuid;
|
const char *con_uuid;
|
||||||
guint32 mtu;
|
guint32 mtu;
|
||||||
|
int offload;
|
||||||
|
|
||||||
connection = nm_device_get_applied_connection(NM_DEVICE(self));
|
connection = nm_device_get_applied_connection(NM_DEVICE(self));
|
||||||
|
|
||||||
|
@ -205,7 +207,20 @@ build_supplicant_config(NMDeviceMacsec *self, GError **error)
|
||||||
|
|
||||||
g_return_val_if_fail(s_macsec, NULL);
|
g_return_val_if_fail(s_macsec, NULL);
|
||||||
|
|
||||||
if (!nm_supplicant_config_add_setting_macsec(config, s_macsec, error)) {
|
offload = nm_setting_macsec_get_offload(s_macsec);
|
||||||
|
if (offload == NM_SETTING_MACSEC_OFFLOAD_DEFAULT) {
|
||||||
|
offload = nm_config_data_get_connection_default_int64(NM_CONFIG_GET_DATA,
|
||||||
|
NM_CON_DEFAULT("macsec.offload"),
|
||||||
|
NM_DEVICE(self),
|
||||||
|
NM_SETTING_MACSEC_OFFLOAD_OFF,
|
||||||
|
NM_SETTING_MACSEC_OFFLOAD_MAC,
|
||||||
|
NM_SETTING_MACSEC_OFFLOAD_OFF);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!nm_supplicant_config_add_setting_macsec(config,
|
||||||
|
s_macsec,
|
||||||
|
(NMSettingMacsecOffload) offload,
|
||||||
|
error)) {
|
||||||
g_prefix_error(error, "macsec-setting: ");
|
g_prefix_error(error, "macsec-setting: ");
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
|
@ -396,14 +396,16 @@ again:
|
||||||
}
|
}
|
||||||
|
|
||||||
gboolean
|
gboolean
|
||||||
nm_supplicant_config_add_setting_macsec(NMSupplicantConfig *self,
|
nm_supplicant_config_add_setting_macsec(NMSupplicantConfig *self,
|
||||||
NMSettingMacsec *setting,
|
NMSettingMacsec *setting,
|
||||||
GError **error)
|
NMSettingMacsecOffload offload,
|
||||||
|
GError **error)
|
||||||
{
|
{
|
||||||
const char *value;
|
const char *value;
|
||||||
char buf[32];
|
char buf[32];
|
||||||
int port;
|
int port;
|
||||||
gsize key_len;
|
gsize key_len;
|
||||||
|
const char *offload_str = NULL;
|
||||||
|
|
||||||
g_return_val_if_fail(NM_IS_SUPPLICANT_CONFIG(self), FALSE);
|
g_return_val_if_fail(NM_IS_SUPPLICANT_CONFIG(self), FALSE);
|
||||||
g_return_val_if_fail(setting != NULL, FALSE);
|
g_return_val_if_fail(setting != NULL, FALSE);
|
||||||
|
@ -472,6 +474,28 @@ nm_supplicant_config_add_setting_macsec(NMSupplicantConfig *self,
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
switch (offload) {
|
||||||
|
case NM_SETTING_MACSEC_OFFLOAD_OFF:
|
||||||
|
/* This is the default in wpa_supplicant. Don't set the option,
|
||||||
|
* so that if user doesn't enable offload, the connection still
|
||||||
|
* works with previous versions of the supplicant.
|
||||||
|
*/
|
||||||
|
break;
|
||||||
|
case NM_SETTING_MACSEC_OFFLOAD_PHY:
|
||||||
|
offload_str = "1";
|
||||||
|
break;
|
||||||
|
case NM_SETTING_MACSEC_OFFLOAD_MAC:
|
||||||
|
offload_str = "2";
|
||||||
|
break;
|
||||||
|
case NM_SETTING_MACSEC_OFFLOAD_DEFAULT:
|
||||||
|
nm_assert_not_reached();
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
if (offload_str
|
||||||
|
&& !nm_supplicant_config_add_option(self, "macsec_offload", offload_str, -1, NULL, error)) {
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -68,9 +68,10 @@ gboolean nm_supplicant_config_add_setting_8021x(NMSupplicantConfig *self,
|
||||||
gboolean wired,
|
gboolean wired,
|
||||||
GError **error);
|
GError **error);
|
||||||
|
|
||||||
gboolean nm_supplicant_config_add_setting_macsec(NMSupplicantConfig *self,
|
gboolean nm_supplicant_config_add_setting_macsec(NMSupplicantConfig *self,
|
||||||
NMSettingMacsec *setting,
|
NMSettingMacsec *setting,
|
||||||
GError **error);
|
NMSettingMacsecOffload offload,
|
||||||
|
GError **error);
|
||||||
|
|
||||||
gboolean nm_supplicant_config_enable_pmf_akm(NMSupplicantConfig *self, GError **error);
|
gboolean nm_supplicant_config_enable_pmf_akm(NMSupplicantConfig *self, GError **error);
|
||||||
|
|
||||||
|
|
|
@ -87,6 +87,7 @@ static const struct Opt opt_table[] = {
|
||||||
"OWE",
|
"OWE",
|
||||||
"NONE", )),
|
"NONE", )),
|
||||||
OPT_INT("macsec_integ_only", 0, 1),
|
OPT_INT("macsec_integ_only", 0, 1),
|
||||||
|
OPT_INT("macsec_offload", 0, 2),
|
||||||
OPT_INT("macsec_policy", 0, 1),
|
OPT_INT("macsec_policy", 0, 1),
|
||||||
OPT_INT("macsec_port", 1, 65534),
|
OPT_INT("macsec_port", 1, 65534),
|
||||||
OPT_BYTES("mka_cak", 65536),
|
OPT_BYTES("mka_cak", 65536),
|
||||||
|
|
Loading…
Reference in a new issue