mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-10-15 12:34:55 +00:00
macsec: support the offload property
This commit is contained in:
parent
aa418275cf
commit
010c54dce9
|
@ -1032,6 +1032,9 @@ ipv6.ip6-privacy=0
|
|||
<term><varname>loopback.mtu</varname></term>
|
||||
<listitem><para>If configured explicitly to 0, the MTU is not reconfigured during device activation unless it is required due to IPv6 constraints. If left unspecified, a DHCP/IPv6 SLAAC provided value is used or the MTU is left unspecified on activation.</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>macsec.offload</varname></term>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>sriov.autoprobe-drivers</varname></term>
|
||||
<listitem><para>If left unspecified, drivers are autoprobed when the SR-IOV VF gets created.</para></listitem>
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
#include <linux/if_ether.h>
|
||||
|
||||
#include "nm-act-request.h"
|
||||
#include "nm-config.h"
|
||||
#include "nm-device-private.h"
|
||||
#include "libnm-platform/nm-platform.h"
|
||||
#include "nm-device-factory.h"
|
||||
|
@ -190,6 +191,7 @@ build_supplicant_config(NMDeviceMacsec *self, GError **error)
|
|||
NMConnection *connection;
|
||||
const char *con_uuid;
|
||||
guint32 mtu;
|
||||
int offload;
|
||||
|
||||
connection = nm_device_get_applied_connection(NM_DEVICE(self));
|
||||
|
||||
|
@ -205,7 +207,20 @@ build_supplicant_config(NMDeviceMacsec *self, GError **error)
|
|||
|
||||
g_return_val_if_fail(s_macsec, NULL);
|
||||
|
||||
if (!nm_supplicant_config_add_setting_macsec(config, s_macsec, error)) {
|
||||
offload = nm_setting_macsec_get_offload(s_macsec);
|
||||
if (offload == NM_SETTING_MACSEC_OFFLOAD_DEFAULT) {
|
||||
offload = nm_config_data_get_connection_default_int64(NM_CONFIG_GET_DATA,
|
||||
NM_CON_DEFAULT("macsec.offload"),
|
||||
NM_DEVICE(self),
|
||||
NM_SETTING_MACSEC_OFFLOAD_OFF,
|
||||
NM_SETTING_MACSEC_OFFLOAD_MAC,
|
||||
NM_SETTING_MACSEC_OFFLOAD_OFF);
|
||||
}
|
||||
|
||||
if (!nm_supplicant_config_add_setting_macsec(config,
|
||||
s_macsec,
|
||||
(NMSettingMacsecOffload) offload,
|
||||
error)) {
|
||||
g_prefix_error(error, "macsec-setting: ");
|
||||
return NULL;
|
||||
}
|
||||
|
|
|
@ -396,14 +396,16 @@ again:
|
|||
}
|
||||
|
||||
gboolean
|
||||
nm_supplicant_config_add_setting_macsec(NMSupplicantConfig *self,
|
||||
NMSettingMacsec *setting,
|
||||
GError **error)
|
||||
nm_supplicant_config_add_setting_macsec(NMSupplicantConfig *self,
|
||||
NMSettingMacsec *setting,
|
||||
NMSettingMacsecOffload offload,
|
||||
GError **error)
|
||||
{
|
||||
const char *value;
|
||||
char buf[32];
|
||||
int port;
|
||||
gsize key_len;
|
||||
const char *offload_str = NULL;
|
||||
|
||||
g_return_val_if_fail(NM_IS_SUPPLICANT_CONFIG(self), FALSE);
|
||||
g_return_val_if_fail(setting != NULL, FALSE);
|
||||
|
@ -472,6 +474,28 @@ nm_supplicant_config_add_setting_macsec(NMSupplicantConfig *self,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
switch (offload) {
|
||||
case NM_SETTING_MACSEC_OFFLOAD_OFF:
|
||||
/* This is the default in wpa_supplicant. Don't set the option,
|
||||
* so that if user doesn't enable offload, the connection still
|
||||
* works with previous versions of the supplicant.
|
||||
*/
|
||||
break;
|
||||
case NM_SETTING_MACSEC_OFFLOAD_PHY:
|
||||
offload_str = "1";
|
||||
break;
|
||||
case NM_SETTING_MACSEC_OFFLOAD_MAC:
|
||||
offload_str = "2";
|
||||
break;
|
||||
case NM_SETTING_MACSEC_OFFLOAD_DEFAULT:
|
||||
nm_assert_not_reached();
|
||||
break;
|
||||
}
|
||||
if (offload_str
|
||||
&& !nm_supplicant_config_add_option(self, "macsec_offload", offload_str, -1, NULL, error)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
|
|
@ -68,9 +68,10 @@ gboolean nm_supplicant_config_add_setting_8021x(NMSupplicantConfig *self,
|
|||
gboolean wired,
|
||||
GError **error);
|
||||
|
||||
gboolean nm_supplicant_config_add_setting_macsec(NMSupplicantConfig *self,
|
||||
NMSettingMacsec *setting,
|
||||
GError **error);
|
||||
gboolean nm_supplicant_config_add_setting_macsec(NMSupplicantConfig *self,
|
||||
NMSettingMacsec *setting,
|
||||
NMSettingMacsecOffload offload,
|
||||
GError **error);
|
||||
|
||||
gboolean nm_supplicant_config_enable_pmf_akm(NMSupplicantConfig *self, GError **error);
|
||||
|
||||
|
|
|
@ -87,6 +87,7 @@ static const struct Opt opt_table[] = {
|
|||
"OWE",
|
||||
"NONE", )),
|
||||
OPT_INT("macsec_integ_only", 0, 1),
|
||||
OPT_INT("macsec_offload", 0, 2),
|
||||
OPT_INT("macsec_policy", 0, 1),
|
||||
OPT_INT("macsec_port", 1, 65534),
|
||||
OPT_BYTES("mka_cak", 65536),
|
||||
|
|
Loading…
Reference in a new issue