system/NetworkManager
system/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager synced 2024-07-08 19:55:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

core,libnm: introduce NMDeviceMacsec

Browse Source 
At the moment the device only exposes the current link status, but
cannot create new links.
This commit is contained in:
Beniamino Galvani 2016-06-30 18:20:22 +02:00 committed by Thomas Haller
parent 85103656e9
commit 67adbda83e
15 changed files with 1309 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Makefile.am
View File

@ -195,6 +195,8 @@ introspection_sources = \
introspection/org.freedesktop.NetworkManager.Device.Infiniband.h \
introspection/org.freedesktop.NetworkManager.Device.IPTunnel.c \
introspection/org.freedesktop.NetworkManager.Device.IPTunnel.h \
introspection/org.freedesktop.NetworkManager.Device.Macsec.c \
introspection/org.freedesktop.NetworkManager.Device.Macsec.h \
introspection/org.freedesktop.NetworkManager.Device.Macvlan.c \
introspection/org.freedesktop.NetworkManager.Device.Macvlan.h \
introspection/org.freedesktop.NetworkManager.Device.Modem.c \
@ -262,6 +264,7 @@ DBUS_INTERFACE_DOCS = \
docs/api/dbus-org.freedesktop.NetworkManager.Device.Vxlan.xml \
docs/api/dbus-org.freedesktop.NetworkManager.Settings.Connection.xml \
docs/api/dbus-org.freedesktop.NetworkManager.Device.Bond.xml \
docs/api/dbus-org.freedesktop.NetworkManager.Device.Macsec.xml \
docs/api/dbus-org.freedesktop.NetworkManager.Device.Macvlan.xml \
docs/api/dbus-org.freedesktop.NetworkManager.PPP.xml \
docs/api/dbus-org.freedesktop.NetworkManager.Device.Vlan.xml \
@ -313,6 +316,7 @@ dbusinterfaces_DATA = \
introspection/org.freedesktop.NetworkManager.Device.Generic.xml \
introspection/org.freedesktop.NetworkManager.Device.Infiniband.xml \
introspection/org.freedesktop.NetworkManager.Device.IPTunnel.xml \
introspection/org.freedesktop.NetworkManager.Device.Macsec.xml \
introspection/org.freedesktop.NetworkManager.Device.Macvlan.xml \
introspection/org.freedesktop.NetworkManager.Device.Modem.xml \
introspection/org.freedesktop.NetworkManager.Device.OlpcMesh.xml \
@ -668,6 +672,7 @@ libnm_lib_h_pub_real = \
libnm/nm-device-generic.h \
libnm/nm-device-infiniband.h \
libnm/nm-device-ip-tunnel.h \
libnm/nm-device-macsec.h \
libnm/nm-device-macvlan.h \
libnm/nm-device-modem.h \
libnm/nm-device-olpc-mesh.h \
@ -717,6 +722,7 @@ libnm_lib_c_real = \
libnm/nm-device-generic.c \
libnm/nm-device-infiniband.c \
libnm/nm-device-ip-tunnel.c \
libnm/nm-device-macsec.c \
libnm/nm-device-macvlan.c \
libnm/nm-device-modem.c \
libnm/nm-device-olpc-mesh.c \
@ -1291,6 +1297,8 @@ src_libNetworkManager_la_SOURCES = \
src/devices/nm-device-infiniband.h \
src/devices/nm-device-ip-tunnel.c \
src/devices/nm-device-ip-tunnel.h \
src/devices/nm-device-macsec.c \
src/devices/nm-device-macsec.h \
src/devices/nm-device-macvlan.c \
src/devices/nm-device-macvlan.h \
src/devices/nm-device-tun.c \

1
docs/api/Makefile.am
View File

@ -55,6 +55,7 @@ content_files = \
dbus-org.freedesktop.NetworkManager.Settings.Connection.xml \
dbus-org.freedesktop.NetworkManager.Device.Bond.xml \
dbus-org.freedesktop.NetworkManager.Device.Macvlan.xml \
dbus-org.freedesktop.NetworkManager.Device.Macsec.xml \
dbus-org.freedesktop.NetworkManager.PPP.xml \
dbus-org.freedesktop.NetworkManager.Device.Vlan.xml \
dbus-org.freedesktop.NetworkManager.Device.Adsl.xml \

1
docs/api/network-manager-docs.xml
View File

@ -82,6 +82,7 @@
<xi:include href="dbus-org.freedesktop.NetworkManager.Device.Generic.xml"/>
<xi:include href="dbus-org.freedesktop.NetworkManager.Device.Infiniband.xml"/>
<xi:include href="dbus-org.freedesktop.NetworkManager.Device.IPTunnel.xml"/>
<xi:include href="dbus-org.freedesktop.NetworkManager.Device.Macsec.xml"/>
<xi:include href="dbus-org.freedesktop.NetworkManager.Device.Macvlan.xml"/>
<xi:include href="dbus-org.freedesktop.NetworkManager.Device.Modem.xml"/>
<xi:include href="dbus-org.freedesktop.NetworkManager.Device.OlpcMesh.xml"/>

113
introspection/org.freedesktop.NetworkManager.Device.Macsec.xml Normal file
View File

@ -0,0 +1,113 @@
<?xml version="1.0" encoding="UTF-8"?>
<node name="/">
<interface name="org.freedesktop.NetworkManager.Device.Macsec">
<!--
Parent:
The object path of the parent device.
-->
<property name="Parent" type="o" access="read"/>
<!--
Sci:
The Secure Channel Identifier in use.
-->
<property name="Sci" type="t" access="read"/>
<!--
IcvLength:
The length of ICV (Integrity Check Value).
-->
<property name="IcvLength" type="y" access="read"/>
<!--
CipherSuite:
The set of cryptographic algorithms in use
(e.g. 0x0080020001000001 for GCM-AES-128).
-->
<property name="CipherSuite" type="t" access="read"/>
<!--
Window:
The size of the replay window.
-->
<property name="Window" type="u" access="read"/>
<!--
EncodingSa:
The value of the Association Number (0..3) for the Security
Association in use.
-->
<property name="EncodingSa" type="y" access="read"/>
<!--
Validation:
The validation mode for incoming packets (strict, check,
disabled).
-->
<property name="Validation" type="s" access="read"/>
<!--
Encrypt:
Whether encryption of transmitted frames is enabled.
-->
<property name="Encrypt" type="b" access="read"/>
<!--
Protect:
Whether protection of transmitted frames is enabled.
-->
<property name="Protect" type="b" access="read"/>
<!--
IncludeSci:
Whether the SCI is always included in SecTAG for transmitted
frames.
-->
<property name="IncludeSci" type="b" access="read"/>
<!--
Es:
Whether the ES (End station) bit is enabled in SecTAG for
transmitted frames.
-->
<property name="Es" type="b" access="read"/>
<!--
Scb:
Whether the SCB (Single Copy Broadcast) bit is enabled in
SecTAG for transmitted frames.
-->
<property name="Scb" type="b" access="read"/>
<!--
ReplayProtect:
Whether replay protection is enabled.
-->
<property name="ReplayProtect" type="b" access="read"/>
<!--
PropertiesChanged:
@properties: A dictionary mapping property names to variant boxed values
DEPRECATED. Use the standard "PropertiesChanged" signal from "org.freedesktop.DBus.Properties" instead which exists since version NetworkManager 1.2.0.
-->
<signal name="PropertiesChanged">
<arg name="properties" type="a{sv}"/>
</signal>
</interface>
</node>

3
libnm-core/nm-dbus-interface.h
View File

@ -64,6 +64,7 @@
#define NM_DBUS_INTERFACE_DEVICE_GENERIC NM_DBUS_INTERFACE_DEVICE ".Generic"
#define NM_DBUS_INTERFACE_DEVICE_VETH NM_DBUS_INTERFACE_DEVICE ".Veth"
#define NM_DBUS_INTERFACE_DEVICE_TUN NM_DBUS_INTERFACE_DEVICE ".Tun"
#define NM_DBUS_INTERFACE_DEVICE_MACSEC NM_DBUS_INTERFACE_DEVICE ".Macsec"
#define NM_DBUS_INTERFACE_DEVICE_MACVLAN NM_DBUS_INTERFACE_DEVICE ".Macvlan"
#define NM_DBUS_INTERFACE_DEVICE_VXLAN NM_DBUS_INTERFACE_DEVICE ".Vxlan"
#define NM_DBUS_INTERFACE_DEVICE_GRE NM_DBUS_INTERFACE_DEVICE ".Gre"
@ -169,6 +170,7 @@ typedef enum {
* @NM_DEVICE_TYPE_MACVLAN: a MACVLAN interface
* @NM_DEVICE_TYPE_VXLAN: a VXLAN interface
* @NM_DEVICE_TYPE_VETH: a VETH interface
* @NM_DEVICE_TYPE_MACSEC: a MACsec interface
*
* #NMDeviceType values indicate the type of hardware represented by a
* device object.
@ -195,6 +197,7 @@ typedef enum {
NM_DEVICE_TYPE_MACVLAN = 18,
NM_DEVICE_TYPE_VXLAN = 19,
NM_DEVICE_TYPE_VETH = 20,
NM_DEVICE_TYPE_MACSEC = 21,
} NMDeviceType;
/**

14
libnm/libnm.ver
View File

@ -1091,6 +1091,20 @@ global:
nm_client_get_dns_mode;
nm_client_get_dns_rc_manager;
nm_connection_get_setting_proxy;
nm_device_macsec_get_cipher_suite;
nm_device_macsec_get_encoding_sa;
nm_device_macsec_get_encrypt;
nm_device_macsec_get_es;
nm_device_macsec_get_hw_address;
nm_device_macsec_get_icv_length;
nm_device_macsec_get_include_sci;
nm_device_macsec_get_protect;
nm_device_macsec_get_replay_protect;
nm_device_macsec_get_scb;
nm_device_macsec_get_sci;
nm_device_macsec_get_type;
nm_device_macsec_get_validation;
nm_device_macsec_get_window;
nm_dns_entry_get_domains;
nm_dns_entry_get_interface;
nm_dns_entry_get_nameservers;

3
libnm/nm-client.c
View File

@ -56,6 +56,7 @@
#include "nm-device-generic.h"
#include "nm-device-infiniband.h"
#include "nm-device-ip-tunnel.h"
#include "nm-device-macsec.h"
#include "nm-device-macvlan.h"
#include "nm-device-modem.h"
#include "nm-device-olpc-mesh.h"
@ -2061,6 +2062,8 @@ obj_nm_for_gdbus_object (GDBusObject *object, GDBusObjectManager *object_manager
type = NM_TYPE_DEVICE_INFINIBAND;
else if (strcmp (ifname, NM_DBUS_INTERFACE_DEVICE_IP_TUNNEL) == 0)
type = NM_TYPE_DEVICE_IP_TUNNEL;
else if (strcmp (ifname, NM_DBUS_INTERFACE_DEVICE_MACSEC) == 0)
type = NM_TYPE_DEVICE_MACSEC;
else if (strcmp (ifname, NM_DBUS_INTERFACE_DEVICE_MACVLAN) == 0)
type = NM_TYPE_DEVICE_MACVLAN;
else if (strcmp (ifname, NM_DBUS_INTERFACE_DEVICE_MODEM) == 0)

639
libnm/nm-device-macsec.c Normal file
View File

@ -0,0 +1,639 @@
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
/*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the
* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301 USA.
*
* Copyright 2017 Red Hat, Inc.
*/
#include "nm-default.h"
#include <string.h>
#include "nm-device-macsec.h"
#include "nm-device-private.h"
#include "nm-object-private.h"
#include "nm-utils.h"
G_DEFINE_TYPE (NMDeviceMacsec, nm_device_macsec, NM_TYPE_DEVICE)
#define NM_DEVICE_MACSEC_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), NM_TYPE_DEVICE_MACSEC, NMDeviceMacsecPrivate))
typedef struct {
NMDevice *parent;
char *hw_address;
guint64 sci;
guint64 cipher_suite;
guint8 icv_length;
guint32 window;
guint8 encoding_sa;
gboolean encrypt;
gboolean protect;
gboolean include_sci;
gboolean es;
gboolean scb;
gboolean replay_protect;
char *validation;
} NMDeviceMacsecPrivate;
NM_GOBJECT_PROPERTIES_DEFINE_BASE (
PROP_PARENT,
PROP_HW_ADDRESS,
PROP_SCI,
PROP_CIPHER_SUITE,
PROP_ICV_LENGTH,
PROP_WINDOW,
PROP_ENCODING_SA,
PROP_ENCRYPT,
PROP_PROTECT,
PROP_INCLUDE_SCI,
PROP_ES,
PROP_SCB,
PROP_REPLAY_PROTECT,
PROP_VALIDATION,
);
/**
* nm_device_macsec_get_parent:
* @device: a #NMDeviceMacsec
*
* Returns: (transfer none): the device's parent device
*
* Since: 1.6
**/
NMDevice *
nm_device_macsec_get_parent (NMDeviceMacsec *device)
{
g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), NULL);
return NM_DEVICE_MACSEC_GET_PRIVATE (device)->parent;
}
/**
* nm_device_macsec_get_hw_address:
* @device: a #NMDeviceMacsec
*
* Gets the hardware (MAC) address of the #NMDeviceMacsec
*
* Returns: the hardware address. This is the internal string used by the
* device, and must not be modified.
*
* Since: 1.6
**/
const char *
nm_device_macsec_get_hw_address (NMDeviceMacsec *device)
{
g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), NULL);
return NM_DEVICE_MACSEC_GET_PRIVATE (device)->hw_address;
}
/**
* nm_device_macsec_get_sci:
* @device: a #NMDeviceMacsec
*
* Gets the Secure Channel Identifier in use
*
* Returns: the SCI
*
* Since: 1.6
**/
guint64
nm_device_macsec_get_sci (NMDeviceMacsec *device)
{
g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), 0);
return NM_DEVICE_MACSEC_GET_PRIVATE (device)->sci;
}
/**
* nm_device_macsec_get_icv_length:
* @device: a #NMDeviceMacsec
*
* Gets the length of ICV (Integrity Check Value)
*
* Returns: the length of ICV
*
* Since: 1.6
**/
guint8
nm_device_macsec_get_icv_length (NMDeviceMacsec *device)
{
g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), 0);
return NM_DEVICE_MACSEC_GET_PRIVATE (device)->icv_length;
}
/**
* nm_device_macsec_get_cipher_suite:
* @device: a #NMDeviceMacsec
*
* Gets the set of cryptographic algorithms in use
*
* Returns:
*
* Since: 1.6
**/
guint64
nm_device_macsec_get_cipher_suite (NMDeviceMacsec *device)
{
g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), 0);
return NM_DEVICE_MACSEC_GET_PRIVATE (device)->cipher_suite;
}
/**
* nm_device_macsec_get_window:
* @device: a #NMDeviceMacsec
*
* Gets the size of the replay window
*
* Returns: size of the replay window
*
* Since: 1.6
**/
guint
nm_device_macsec_get_window (NMDeviceMacsec *device)
{
g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), 0);
return NM_DEVICE_MACSEC_GET_PRIVATE (device)->window;
}
/**
* nm_device_macsec_get_encoding_sa:
* @device: a #NMDeviceMacsec
*
* Gets the value of the Association Number (0..3) for the Security
* Association in use.
*
* Returns: the current Security Association
*
* Since: 1.6
**/
guint8
nm_device_macsec_get_encoding_sa (NMDeviceMacsec *device)
{
g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), 0);
return NM_DEVICE_MACSEC_GET_PRIVATE (device)->encoding_sa;
}
/**
* nm_device_macsec_get_validation:
* @device: a #NMDeviceMacsec
*
* Gets the validation mode for incoming packets (strict, check,
* disabled)
*
* Returns: the validation mode
*
* Since: 1.6
**/
const char *
nm_device_macsec_get_validation (NMDeviceMacsec *device)
{
g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), NULL);
return NM_DEVICE_MACSEC_GET_PRIVATE (device)->validation;
}
/**
* nm_device_macsec_get_encrypt:
* @device: a #NMDeviceMacsec
*
* Gets whether encryption of transmitted frames is enabled
*
* Returns: whether encryption is enabled
*
* Since: 1.6
**/
gboolean
nm_device_macsec_get_encrypt (NMDeviceMacsec *device)
{
g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), FALSE);
return NM_DEVICE_MACSEC_GET_PRIVATE (device)->encrypt;
}
/**
* nm_device_macsec_get_protect:
* @device: a #NMDeviceMacsec
*
* Gets whether protection of transmitted frames is enabled
*
* Returns: whether protection is enabled
*
* Since: 1.6
**/
gboolean
nm_device_macsec_get_protect (NMDeviceMacsec *device)
{
g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), FALSE);
return NM_DEVICE_MACSEC_GET_PRIVATE (device)->protect;
}
/**
* nm_device_macsec_get_include_sci:
* @device: a #NMDeviceMacsec
*
* Gets whether the SCI is always included in SecTAG for transmitted
* frames
*
* Returns: whether the SCI is always included
*
* Since: 1.6
**/
gboolean
nm_device_macsec_get_include_sci (NMDeviceMacsec *device)
{
g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), FALSE);
return NM_DEVICE_MACSEC_GET_PRIVATE (device)->include_sci;
}
/**
* nm_device_macsec_get_es:
* @device: a #NMDeviceMacsec
*
* Gets whether the ES (End station) bit is enabled in SecTAG for
* transmitted frames
*
* Returns: whether the ES (End station) bit is enabled
*
* Since: 1.6
**/
gboolean
nm_device_macsec_get_es (NMDeviceMacsec *device)
{
g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), FALSE);
return NM_DEVICE_MACSEC_GET_PRIVATE (device)->es;
}
/**
* nm_device_macsec_get_scb:
* @device: a #NMDeviceMacsec
*
* Gets whether the SCB (Single Copy Broadcast) bit is enabled in
* SecTAG for transmitted frames
*
* Returns: whether the SCB (Single Copy Broadcast) bit is enabled
*
* Since: 1.6
**/
gboolean
nm_device_macsec_get_scb (NMDeviceMacsec *device)
{
g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), FALSE);
return NM_DEVICE_MACSEC_GET_PRIVATE (device)->scb;
}
/**
* nm_device_macsec_get_replay_protect:
* @device: a #NMDeviceMacsec
*
* Gets whether replay protection is enabled
*
* Returns: whether replay protection is enabled
*
* Since: 1.6
**/
gboolean
nm_device_macsec_get_replay_protect (NMDeviceMacsec *device)
{
g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), FALSE);
return NM_DEVICE_MACSEC_GET_PRIVATE (device)->replay_protect;
}
static const char *
get_hw_address (NMDevice *device)
{
return nm_device_macsec_get_hw_address (NM_DEVICE_MACSEC (device));
}
/***********************************************************/
static void
nm_device_macsec_init (NMDeviceMacsec *device)
{
}
static void
init_dbus (NMObject *object)
{
NMDeviceMacsecPrivate *priv = NM_DEVICE_MACSEC_GET_PRIVATE (object);
const NMPropertiesInfo property_info[] = {
{ NM_DEVICE_MACSEC_PARENT, &priv->parent, NULL, NM_TYPE_DEVICE },
{ NM_DEVICE_MACSEC_HW_ADDRESS, &priv->hw_address },
{ NM_DEVICE_MACSEC_SCI, &priv->sci },
{ NM_DEVICE_MACSEC_CIPHER_SUITE, &priv->cipher_suite },
{ NM_DEVICE_MACSEC_ICV_LENGTH, &priv->icv_length },
{ NM_DEVICE_MACSEC_WINDOW, &priv->window },
{ NM_DEVICE_MACSEC_ENCODING_SA, &priv->encoding_sa },
{ NM_DEVICE_MACSEC_ENCRYPT, &priv->encrypt },
{ NM_DEVICE_MACSEC_PROTECT, &priv->protect },
{ NM_DEVICE_MACSEC_INCLUDE_SCI, &priv->include_sci },
{ NM_DEVICE_MACSEC_ES, &priv->es },
{ NM_DEVICE_MACSEC_SCB, &priv->scb },
{ NM_DEVICE_MACSEC_REPLAY_PROTECT, &priv->replay_protect },
{ NM_DEVICE_MACSEC_VALIDATION, &priv->validation },
{ NULL },
};
NM_OBJECT_CLASS (nm_device_macsec_parent_class)->init_dbus (object);
_nm_object_register_properties (object,
NM_DBUS_INTERFACE_DEVICE_MACSEC,
property_info);
}
static void
finalize (GObject *object)
{
NMDeviceMacsecPrivate *priv = NM_DEVICE_MACSEC_GET_PRIVATE (object);
g_free (priv->validation);
g_free (priv->hw_address);
g_clear_object (&priv->parent);
G_OBJECT_CLASS (nm_device_macsec_parent_class)->finalize (object);
}
static void
get_property (GObject *object,
guint prop_id,
GValue *value,
GParamSpec *pspec)
{
NMDeviceMacsec *device = NM_DEVICE_MACSEC (object);
switch (prop_id) {
case PROP_PARENT:
g_value_set_object (value, nm_device_macsec_get_parent (device));
break;
case PROP_HW_ADDRESS:
g_value_set_string (value, nm_device_macsec_get_hw_address (device));
break;
case PROP_SCI:
g_value_set_uint64 (value, nm_device_macsec_get_sci (device));
break;
case PROP_ICV_LENGTH:
g_value_set_uchar (value, nm_device_macsec_get_icv_length (device));
break;
case PROP_CIPHER_SUITE:
g_value_set_uint64 (value, nm_device_macsec_get_cipher_suite (device));
break;
case PROP_WINDOW:
g_value_set_uint (value, nm_device_macsec_get_window (device));
break;
case PROP_ENCODING_SA:
g_value_set_uchar (value, nm_device_macsec_get_encoding_sa (device));
break;
case PROP_VALIDATION:
g_value_set_string (value, nm_device_macsec_get_validation (device));
break;
case PROP_ENCRYPT:
g_value_set_boolean (value, nm_device_macsec_get_encrypt (device));
break;
case PROP_PROTECT:
g_value_set_boolean (value, nm_device_macsec_get_protect (device));
break;
case PROP_INCLUDE_SCI:
g_value_set_boolean (value, nm_device_macsec_get_include_sci (device));
break;
case PROP_ES:
g_value_set_boolean (value, nm_device_macsec_get_es (device));
break;
case PROP_SCB:
g_value_set_boolean (value, nm_device_macsec_get_scb (device));
break;
case PROP_REPLAY_PROTECT:
g_value_set_boolean (value, nm_device_macsec_get_replay_protect (device));
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
}
}
static void
nm_device_macsec_class_init (NMDeviceMacsecClass *macsec_class)
{
GObjectClass *object_class = G_OBJECT_CLASS (macsec_class);
NMObjectClass *nm_object_class = NM_OBJECT_CLASS (macsec_class);
NMDeviceClass *device_class = NM_DEVICE_CLASS (macsec_class);
g_type_class_add_private (macsec_class, sizeof (NMDeviceMacsecPrivate));
object_class->finalize = finalize;
object_class->get_property = get_property;
nm_object_class->init_dbus = init_dbus;
device_class->get_hw_address = get_hw_address;
/**
* NMDeviceMacsec:parent:
*
* The devices's parent device.
*
* Since: 1.6
**/
obj_properties[PROP_PARENT] =
g_param_spec_object (NM_DEVICE_MACSEC_PARENT, "", "",
NM_TYPE_DEVICE,
G_PARAM_READABLE |
G_PARAM_STATIC_STRINGS);
/**
* NMDeviceMacsec:hw-address:
*
* The hardware (MAC) address of the device.
*
* Since: 1.6
**/
obj_properties[PROP_HW_ADDRESS] =
g_param_spec_string (NM_DEVICE_MACSEC_HW_ADDRESS, "", "",
NULL,
G_PARAM_READABLE |
G_PARAM_STATIC_STRINGS);
/**
* NMDeviceMacsec:sci:
*
* The Secure Channel Identifier in use.
*
* Since: 1.6
**/
obj_properties[PROP_SCI] =
g_param_spec_uint64 (NM_DEVICE_MACSEC_SCI, "", "",
0, G_MAXUINT64, 0,
G_PARAM_READABLE |
G_PARAM_STATIC_STRINGS);
/**
* NMDeviceMacsec:icv-length:
*
* The length of ICV (Integrity Check Value).
*
* Since: 1.6
**/
obj_properties[PROP_ICV_LENGTH] =
g_param_spec_uchar (NM_DEVICE_MACSEC_ICV_LENGTH, "", "",
0, G_MAXUINT8, 0,
G_PARAM_READABLE |
G_PARAM_STATIC_STRINGS);
/**
* NMDeviceMacsec:cipher-suite:
*
* The set of cryptographic algorithms in use.
*
* Since: 1.6
**/
obj_properties[PROP_CIPHER_SUITE] =
g_param_spec_uint64 (NM_DEVICE_MACSEC_CIPHER_SUITE, "", "",
0, G_MAXUINT64, 0,
G_PARAM_READABLE |
G_PARAM_STATIC_STRINGS);
/**
* NMDeviceMacsec:window:
*
* The size of the replay window.
*
* Since: 1.6
**/
obj_properties[PROP_WINDOW] =
g_param_spec_uint (NM_DEVICE_MACSEC_WINDOW, "", "",
0, G_MAXUINT32, 0,
G_PARAM_READABLE |
G_PARAM_STATIC_STRINGS);
/**
* NMDeviceMacsec:encoding-sa:
*
* The value of the Association Number (0..3) for the Security
* Association in use.
*
* Since: 1.6
**/
obj_properties[PROP_ENCODING_SA] =
g_param_spec_uchar (NM_DEVICE_MACSEC_ENCODING_SA, "", "",
0, G_MAXUINT8, 0,
G_PARAM_READABLE |
G_PARAM_STATIC_STRINGS);
/**
* NMDeviceMacsec:validation:
*
* The validation mode for incoming packets (strict, check,
* disabled).
*
* Since: 1.6
**/
obj_properties[PROP_VALIDATION] =
g_param_spec_string (NM_DEVICE_MACSEC_VALIDATION, "", "",
NULL,
G_PARAM_READABLE |
G_PARAM_STATIC_STRINGS);
/**
* NMDeviceMacsec:encrypt:
*
* Whether encryption of transmitted frames is enabled.
*
* Since: 1.6
**/
obj_properties[PROP_ENCRYPT] =
g_param_spec_boolean (NM_DEVICE_MACSEC_ENCRYPT, "", "",
FALSE,
G_PARAM_READABLE |
G_PARAM_STATIC_STRINGS);
/**
* NMDeviceMacsec:protect:
*
* Whether protection of transmitted frames is enabled.
*
* Since: 1.6
**/
obj_properties[PROP_PROTECT] =
g_param_spec_boolean (NM_DEVICE_MACSEC_PROTECT, "", "",
FALSE,
G_PARAM_READABLE |
G_PARAM_STATIC_STRINGS);
/**
* NMDeviceMacsec:include-sci:
*
* Whether the SCI is always included in SecTAG for transmitted
* frames.
*
* Since: 1.6
**/
obj_properties[PROP_INCLUDE_SCI] =
g_param_spec_boolean (NM_DEVICE_MACSEC_INCLUDE_SCI, "", "",
FALSE,
G_PARAM_READABLE |
G_PARAM_STATIC_STRINGS);
/**
* NMDeviceMacsec:es:
*
* Whether the ES (End station) bit is enabled in SecTAG for
* transmitted frames.
*
* Since: 1.6
**/
obj_properties[PROP_ES] =
g_param_spec_boolean (NM_DEVICE_MACSEC_ES, "", "",
FALSE,
G_PARAM_READABLE |
G_PARAM_STATIC_STRINGS);
/**
* NMDeviceMacsec:scb:
*
* Whether the SCB (Single Copy Broadcast) bit is enabled in
* SecTAG for transmitted frames.
*
* Since: 1.6
**/
obj_properties[PROP_SCB] =
g_param_spec_boolean (NM_DEVICE_MACSEC_SCB, "", "",
FALSE,
G_PARAM_READABLE |
G_PARAM_STATIC_STRINGS);
/**
* NMDeviceMacsec:replay-protect:
*
* Whether replay protection is enabled.
*
* Since: 1.6
**/
obj_properties[PROP_REPLAY_PROTECT] =
g_param_spec_boolean (NM_DEVICE_MACSEC_REPLAY_PROTECT, "", "",
FALSE,
G_PARAM_READABLE |
G_PARAM_STATIC_STRINGS);
g_object_class_install_properties (object_class, _PROPERTY_ENUMS_LAST, obj_properties);
}

101
libnm/nm-device-macsec.h Normal file
View File

@ -0,0 +1,101 @@
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
/*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the
* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301 USA.
*
* Copyright 2017 Red Hat, Inc.
*/
#ifndef __NM_DEVICE_MACSEC_H__
#define __NM_DEVICE_MACSEC_H__
#if !defined (__NETWORKMANAGER_H_INSIDE__) && !defined(NETWORKMANAGER_COMPILATION)
#error "Only <NetworkManager.h> can be included directly."
#endif
#include <nm-device.h>
G_BEGIN_DECLS
#define NM_TYPE_DEVICE_MACSEC (nm_device_macsec_get_type ())
#define NM_DEVICE_MACSEC(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_DEVICE_MACSEC, NMDeviceMacsec))
#define NM_DEVICE_MACSEC_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NM_TYPE_DEVICE_MACSEC, NMDeviceMacsecClass))
#define NM_IS_DEVICE_MACSEC(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NM_TYPE_DEVICE_MACSEC))
#define NM_IS_DEVICE_MACSEC_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NM_TYPE_DEVICE_MACSEC))
#define NM_DEVICE_MACSEC_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NM_TYPE_DEVICE_MACSEC, NMDeviceMacsecClass))
#define NM_DEVICE_MACSEC_PARENT "parent"
#define NM_DEVICE_MACSEC_HW_ADDRESS "hw-address"
#define NM_DEVICE_MACSEC_SCI "sci"
#define NM_DEVICE_MACSEC_ICV_LENGTH "icv-length"
#define NM_DEVICE_MACSEC_CIPHER_SUITE "cipher-suite"
#define NM_DEVICE_MACSEC_WINDOW "window"
#define NM_DEVICE_MACSEC_ENCODING_SA "encoding-sa"
#define NM_DEVICE_MACSEC_VALIDATION "validation"
#define NM_DEVICE_MACSEC_ENCRYPT "encrypt"
#define NM_DEVICE_MACSEC_PROTECT "protect"
#define NM_DEVICE_MACSEC_INCLUDE_SCI "include-sci"
#define NM_DEVICE_MACSEC_ES "es"
#define NM_DEVICE_MACSEC_SCB "scb"
#define NM_DEVICE_MACSEC_REPLAY_PROTECT "replay-protect"
/**
* NMDeviceMacsec:
*/
struct _NMDeviceMacsec {
NMDevice parent;
};
typedef struct {
NMDeviceClass parent;
/*< private >*/
gpointer padding[4];
} NMDeviceMacsecClass;
NM_AVAILABLE_IN_1_6
GType nm_device_macsec_get_type (void);
NM_AVAILABLE_IN_1_6
NMDevice * nm_device_macsec_get_parent (NMDeviceMacsec *device);
NM_AVAILABLE_IN_1_6
const char * nm_device_macsec_get_hw_address (NMDeviceMacsec *device);
NM_AVAILABLE_IN_1_6
guint64 nm_device_macsec_get_sci (NMDeviceMacsec *device);
NM_AVAILABLE_IN_1_6
guint8 nm_device_macsec_get_icv_length (NMDeviceMacsec *device);
NM_AVAILABLE_IN_1_6
guint64 nm_device_macsec_get_cipher_suite (NMDeviceMacsec *device);
NM_AVAILABLE_IN_1_6
guint nm_device_macsec_get_window (NMDeviceMacsec *device);
NM_AVAILABLE_IN_1_6
guint8 nm_device_macsec_get_encoding_sa (NMDeviceMacsec *device);
NM_AVAILABLE_IN_1_6
const char * nm_device_macsec_get_validation (NMDeviceMacsec *device);
NM_AVAILABLE_IN_1_6
gboolean nm_device_macsec_get_encrypt (NMDeviceMacsec *device);
NM_AVAILABLE_IN_1_6
gboolean nm_device_macsec_get_protect (NMDeviceMacsec *device);
NM_AVAILABLE_IN_1_6
gboolean nm_device_macsec_get_include_sci (NMDeviceMacsec *device);
NM_AVAILABLE_IN_1_6
gboolean nm_device_macsec_get_es (NMDeviceMacsec *device);
NM_AVAILABLE_IN_1_6
gboolean nm_device_macsec_get_scb (NMDeviceMacsec *device);
NM_AVAILABLE_IN_1_6
gboolean nm_device_macsec_get_replay_protect (NMDeviceMacsec *device);
G_END_DECLS
#endif /* __NM_DEVICE_MACSEC_H__ */

3
libnm/nm-device.c
View File

@ -267,6 +267,7 @@ coerce_type (NMDeviceType type)
case NM_DEVICE_TYPE_BRIDGE:
case NM_DEVICE_TYPE_VLAN:
case NM_DEVICE_TYPE_ADSL:
case NM_DEVICE_TYPE_MACSEC:
case NM_DEVICE_TYPE_MACVLAN:
case NM_DEVICE_TYPE_VXLAN:
case NM_DEVICE_TYPE_IP_TUNNEL:
@ -1691,6 +1692,8 @@ get_type_name (NMDevice *device)
return _("Tun");
case NM_DEVICE_TYPE_VETH:
return _("Veth");
case NM_DEVICE_TYPE_MACSEC:
return _("MACsec");
case NM_DEVICE_TYPE_GENERIC:
case NM_DEVICE_TYPE_UNUSED1:
case NM_DEVICE_TYPE_UNUSED2:

1
libnm/nm-types.h
View File

@ -38,6 +38,7 @@ typedef struct _NMDeviceEthernet NMDeviceEthernet;
typedef struct _NMDeviceGeneric NMDeviceGeneric;
typedef struct _NMDeviceInfiniband NMDeviceInfiniband;
typedef struct _NMDeviceIPTunnel NMDeviceIPTunnel;
typedef struct _NMDeviceMacsec NMDeviceMacsec;
typedef struct _NMDeviceMacvlan NMDeviceMacvlan;
typedef struct _NMDeviceModem NMDeviceModem;
typedef struct _NMDeviceOlpcMesh NMDeviceOlpcMesh;

1
src/devices/nm-device-factory.c
View File

@ -405,6 +405,7 @@ nm_device_factory_manager_load_factories (NMDeviceFactoryManagerFactoryFunc call
_ADD_INTERNAL (nm_ethernet_device_factory_get_type);
_ADD_INTERNAL (nm_infiniband_device_factory_get_type);
_ADD_INTERNAL (nm_ip_tunnel_device_factory_get_type);
_ADD_INTERNAL (nm_macsec_device_factory_get_type);
_ADD_INTERNAL (nm_macvlan_device_factory_get_type);
_ADD_INTERNAL (nm_tun_device_factory_get_type);
_ADD_INTERNAL (nm_veth_device_factory_get_type);

365
src/devices/nm-device-macsec.c Normal file
View File

@ -0,0 +1,365 @@
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
/* NetworkManager -- Network link manager
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Copyright 2017 Red Hat, Inc.
*/
#include "nm-default.h"
#include "nm-device-macsec.h"
#include "nm-device-private.h"
#include "platform/nm-platform.h"
#include "nm-device-factory.h"
#include "nm-manager.h"
#include "nm-core-internal.h"
#include "introspection/org.freedesktop.NetworkManager.Device.Macsec.h"
#include "nm-device-logging.h"
_LOG_DECLARE_SELF(NMDeviceMacsec);
/*****************************************************************************/
NM_GOBJECT_PROPERTIES_DEFINE (NMDeviceMacsec,
PROP_SCI,
PROP_CIPHER_SUITE,
PROP_ICV_LENGTH,
PROP_WINDOW,
PROP_ENCODING_SA,
PROP_ENCRYPT,
PROP_PROTECT,
PROP_INCLUDE_SCI,
PROP_ES,
PROP_SCB,
PROP_REPLAY_PROTECT,
PROP_VALIDATION,
);
typedef struct {
NMPlatformLnkMacsec props;
gulong parent_state_id;
} NMDeviceMacsecPrivate;
struct _NMDeviceMacsec {
NMDevice parent;
NMDeviceMacsecPrivate _priv;
};
struct _NMDeviceMacsecClass {
NMDeviceClass parent;
};
G_DEFINE_TYPE (NMDeviceMacsec, nm_device_macsec, NM_TYPE_DEVICE)
#define NM_DEVICE_MACSEC_GET_PRIVATE(self) _NM_GET_PRIVATE (self, NMDeviceMacsec, NM_IS_DEVICE_MACSEC)
/******************************************************************/
NM_UTILS_LOOKUP_STR_DEFINE_STATIC (validation_mode_to_string, guint8,
NM_UTILS_LOOKUP_DEFAULT_WARN ("<unknown>"),
NM_UTILS_LOOKUP_STR_ITEM (0, "disable"),
NM_UTILS_LOOKUP_STR_ITEM (1, "check"),
NM_UTILS_LOOKUP_STR_ITEM (2, "strict"),
);
static void
parent_state_changed (NMDevice *parent,
NMDeviceState new_state,
NMDeviceState old_state,
NMDeviceStateReason reason,
gpointer user_data)
{
NMDeviceMacsec *self = NM_DEVICE_MACSEC (user_data);
/* We'll react to our own carrier state notifications. Ignore the parent's. */
if (reason == NM_DEVICE_STATE_REASON_CARRIER)
return;
nm_device_set_unmanaged_by_flags (NM_DEVICE (self), NM_UNMANAGED_PARENT, !nm_device_get_managed (parent, FALSE), reason);
}
static void
parent_changed_notify (NMDevice *device,
int old_ifindex,
NMDevice *old_parent,
int new_ifindex,
NMDevice *new_parent)
{
NMDeviceMacsec *self = NM_DEVICE_MACSEC (device);
NMDeviceMacsecPrivate *priv = NM_DEVICE_MACSEC_GET_PRIVATE (self);
NM_DEVICE_CLASS (nm_device_macsec_parent_class)->parent_changed_notify (device,
old_ifindex,
old_parent,
new_ifindex,
new_parent);
/* note that @self doesn't have to clear @parent_state_id on dispose,
* because NMDevice's dispose() will unset the parent, which in turn calls
* parent_changed_notify(). */
nm_clear_g_signal_handler (old_parent, &priv->parent_state_id);
if (new_parent) {
priv->parent_state_id = g_signal_connect (new_parent,
NM_DEVICE_STATE_CHANGED,
G_CALLBACK (parent_state_changed),
device);
/* Set parent-dependent unmanaged flag */
nm_device_set_unmanaged_by_flags (device,
NM_UNMANAGED_PARENT,
!nm_device_get_managed (new_parent, FALSE),
NM_DEVICE_STATE_REASON_PARENT_MANAGED_CHANGED);
}
/* Recheck availability now that the parent has changed */
if (new_ifindex > 0) {
nm_device_queue_recheck_available (device,
NM_DEVICE_STATE_REASON_PARENT_CHANGED,
NM_DEVICE_STATE_REASON_PARENT_CHANGED);
}
}
static void
update_properties (NMDevice *device)
{
NMDeviceMacsec *self;
NMDeviceMacsecPrivate *priv;
const NMPlatformLink *plink = NULL;
const NMPlatformLnkMacsec *props = NULL;
int ifindex;
g_return_if_fail (NM_IS_DEVICE_MACSEC (device));
self = NM_DEVICE_MACSEC (device);
priv = NM_DEVICE_MACSEC_GET_PRIVATE (self);
ifindex = nm_device_get_ifindex (device);
g_return_if_fail (ifindex > 0);
props = nm_platform_link_get_lnk_macsec (NM_PLATFORM_GET, ifindex, &plink);
if (!props) {
_LOGW (LOGD_PLATFORM, "could not get macsec properties");
return;
}
g_object_freeze_notify ((GObject *) device);
if (priv->props.parent_ifindex != props->parent_ifindex)
nm_device_parent_set_ifindex (device, props->parent_ifindex);
#define CHECK_PROPERTY_CHANGED(field, prop) \
if (props->field != priv->props.field) \
_notify (self, prop)
CHECK_PROPERTY_CHANGED (sci, PROP_SCI);
CHECK_PROPERTY_CHANGED (cipher_suite, PROP_CIPHER_SUITE);
CHECK_PROPERTY_CHANGED (window, PROP_WINDOW);
CHECK_PROPERTY_CHANGED (icv_length, PROP_ICV_LENGTH);
CHECK_PROPERTY_CHANGED (encoding_sa, PROP_ENCODING_SA);
CHECK_PROPERTY_CHANGED (validation, PROP_VALIDATION);
CHECK_PROPERTY_CHANGED (encrypt, PROP_ENCRYPT);
CHECK_PROPERTY_CHANGED (protect, PROP_PROTECT);
CHECK_PROPERTY_CHANGED (include_sci, PROP_INCLUDE_SCI);
CHECK_PROPERTY_CHANGED (es, PROP_ES);
CHECK_PROPERTY_CHANGED (scb, PROP_SCB);
CHECK_PROPERTY_CHANGED (replay_protect, PROP_REPLAY_PROTECT);
priv->props = *props;
g_object_thaw_notify ((GObject *) device);
}
/******************************************************************/
static NMDeviceCapabilities
get_generic_capabilities (NMDevice *dev)
{
/* We assume MACsec interfaces always support carrier detect */
return NM_DEVICE_CAP_CARRIER_DETECT | NM_DEVICE_CAP_IS_SOFTWARE;
}
/******************************************************************/
static gboolean
is_available (NMDevice *device, NMDeviceCheckDevAvailableFlags flags)
{
if (!nm_device_parent_get_device (device))
return FALSE;
return NM_DEVICE_CLASS (nm_device_macsec_parent_class)->is_available (device, flags);
}
static void
link_changed (NMDevice *device,
const NMPlatformLink *pllink)
{
NM_DEVICE_CLASS (nm_device_macsec_parent_class)->link_changed (device, pllink);
update_properties (device);
}
/******************************************************************/
static void
get_property (GObject *object, guint prop_id,
GValue *value, GParamSpec *pspec)
{
NMDeviceMacsec *self = NM_DEVICE_MACSEC (object);
NMDeviceMacsecPrivate *priv = NM_DEVICE_MACSEC_GET_PRIVATE (self);
switch (prop_id) {
case PROP_SCI:
g_value_set_uint64 (value, priv->props.sci);
break;
case PROP_CIPHER_SUITE:
g_value_set_uint64 (value, priv->props.cipher_suite);
break;
case PROP_ICV_LENGTH:
g_value_set_uchar (value, priv->props.icv_length);
break;
case PROP_WINDOW:
g_value_set_uint (value, priv->props.window);
break;
case PROP_ENCODING_SA:
g_value_set_uchar (value, priv->props.encoding_sa);
break;
case PROP_ENCRYPT:
g_value_set_boolean (value, priv->props.encrypt);
break;
case PROP_PROTECT:
g_value_set_boolean (value, priv->props.protect);
break;
case PROP_INCLUDE_SCI:
g_value_set_boolean (value, priv->props.include_sci);
break;
case PROP_ES:
g_value_set_boolean (value, priv->props.es);
break;
case PROP_SCB:
g_value_set_boolean (value, priv->props.scb);
break;
case PROP_REPLAY_PROTECT:
g_value_set_boolean (value, priv->props.replay_protect);
break;
case PROP_VALIDATION:
g_value_set_string (value,
validation_mode_to_string (priv->props.validation));
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
}
}
static void
nm_device_macsec_init (NMDeviceMacsec * self)
{
}
static void
nm_device_macsec_class_init (NMDeviceMacsecClass *klass)
{
GObjectClass *object_class = G_OBJECT_CLASS (klass);
NMDeviceClass *parent_class = NM_DEVICE_CLASS (klass);
NM_DEVICE_CLASS_DECLARE_TYPES (klass, NULL, NM_LINK_TYPE_MACSEC)
object_class->get_property = get_property;
parent_class->get_generic_capabilities = get_generic_capabilities;
parent_class->is_available = is_available;
parent_class->link_changed = link_changed;
parent_class->parent_changed_notify = parent_changed_notify;
obj_properties[PROP_SCI] =
g_param_spec_uint64 (NM_DEVICE_MACSEC_SCI, "", "",
0, G_MAXUINT64, 0,
G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
obj_properties[PROP_CIPHER_SUITE] =
g_param_spec_uint64 (NM_DEVICE_MACSEC_CIPHER_SUITE, "", "",
0, G_MAXUINT64, 0,
G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
obj_properties[PROP_ICV_LENGTH] =
g_param_spec_uchar (NM_DEVICE_MACSEC_ICV_LENGTH, "", "",
0, G_MAXUINT8, 0,
G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
obj_properties[PROP_WINDOW] =
g_param_spec_uint (NM_DEVICE_MACSEC_WINDOW, "", "",
0, G_MAXUINT32, 0,
G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
obj_properties[PROP_ENCODING_SA] =
g_param_spec_uchar (NM_DEVICE_MACSEC_ENCODING_SA, "", "",
0, 3, 0,
G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
obj_properties[PROP_VALIDATION] =
g_param_spec_string (NM_DEVICE_MACSEC_VALIDATION, "", "",
NULL,
G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
obj_properties[PROP_ENCRYPT] =
g_param_spec_boolean (NM_DEVICE_MACSEC_ENCRYPT, "", "",
FALSE,
G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
obj_properties[PROP_PROTECT] =
g_param_spec_boolean (NM_DEVICE_MACSEC_PROTECT, "", "",
FALSE,
G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
obj_properties[PROP_INCLUDE_SCI] =
g_param_spec_boolean (NM_DEVICE_MACSEC_INCLUDE_SCI, "", "",
FALSE,
G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
obj_properties[PROP_ES] =
g_param_spec_boolean (NM_DEVICE_MACSEC_ES, "", "",
FALSE,
G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
obj_properties[PROP_SCB] =
g_param_spec_boolean (NM_DEVICE_MACSEC_SCB, "", "",
FALSE,
G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
obj_properties[PROP_REPLAY_PROTECT] =
g_param_spec_boolean (NM_DEVICE_MACSEC_REPLAY_PROTECT, "", "",
FALSE,
G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
g_object_class_install_properties (object_class, _PROPERTY_ENUMS_LAST, obj_properties);
nm_exported_object_class_add_interface (NM_EXPORTED_OBJECT_CLASS (klass),
NMDBUS_TYPE_DEVICE_MACSEC_SKELETON,
NULL);
}
/*************************************************************/
#define NM_TYPE_MACSEC_DEVICE_FACTORY (nm_macsec_device_factory_get_type ())
#define NM_MACSEC_DEVICE_FACTORY(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_MACSEC_DEVICE_FACTORY, NMMacsecDeviceFactory))
static NMDevice *
create_device (NMDeviceFactory *factory,
const char *iface,
const NMPlatformLink *plink,
NMConnection *connection,
gboolean *out_ignore)
{
return (NMDevice *) g_object_new (NM_TYPE_DEVICE_MACSEC,
NM_DEVICE_IFACE, iface,
NM_DEVICE_TYPE_DESC, "Macsec",
NM_DEVICE_DEVICE_TYPE, NM_DEVICE_TYPE_MACSEC,
NM_DEVICE_LINK_TYPE, NM_LINK_TYPE_MACSEC,
NULL);
}
NM_DEVICE_FACTORY_DEFINE_INTERNAL (MACSEC, Macsec, macsec,
NM_DEVICE_FACTORY_DECLARE_LINK_TYPES (NM_LINK_TYPE_MACSEC),
factory_class->create_device = create_device;
)

54
src/devices/nm-device-macsec.h Normal file
View File

@ -0,0 +1,54 @@
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
/* NetworkManager -- Network link manager
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Copyright 2017 Red Hat, Inc.
*/
#ifndef __NM_DEVICE_MACSEC_H__
#define __NM_DEVICE_MACSEC_H__
#include "nm-device.h"
#define NM_TYPE_DEVICE_MACSEC (nm_device_macsec_get_type ())
#define NM_DEVICE_MACSEC(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_DEVICE_MACSEC, NMDeviceMacsec))
#define NM_DEVICE_MACSEC_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NM_TYPE_DEVICE_MACSEC, NMDeviceMacsecClass))
#define NM_IS_DEVICE_MACSEC(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NM_TYPE_DEVICE_MACSEC))
#define NM_IS_DEVICE_MACSEC_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NM_TYPE_DEVICE_MACSEC))
#define NM_DEVICE_MACSEC_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NM_TYPE_DEVICE_MACSEC, NMDeviceMacsecClass))
#define NM_DEVICE_MACSEC_SCI "sci"
#define NM_DEVICE_MACSEC_CIPHER_SUITE "cipher-suite"
#define NM_DEVICE_MACSEC_ICV_LENGTH "icv-length"
#define NM_DEVICE_MACSEC_WINDOW "window"
#define NM_DEVICE_MACSEC_ENCODING_SA "encoding-sa"
#define NM_DEVICE_MACSEC_VALIDATION "validation"
#define NM_DEVICE_MACSEC_ENCRYPT "encrypt"
#define NM_DEVICE_MACSEC_PROTECT "protect"
#define NM_DEVICE_MACSEC_INCLUDE_SCI "include-sci"
#define NM_DEVICE_MACSEC_ES "es"
#define NM_DEVICE_MACSEC_SCB "scb"
#define NM_DEVICE_MACSEC_REPLAY_PROTECT "replay-protect"
/* defined in the parent class, but exposed on D-Bus by the subclass. */
#define NM_DEVICE_MACSEC_PARENT NM_DEVICE_PARENT
typedef struct _NMDeviceMacsec NMDeviceMacsec;
typedef struct _NMDeviceMacsecClass NMDeviceMacsecClass;
GType nm_device_macsec_get_type (void);
#endif /* __NM_DEVICE_MACSEC_H__ */

2
src/devices/nm-device.c
View File

@ -1330,6 +1330,8 @@ nm_device_get_priority (NMDevice *self)
case NM_DEVICE_TYPE_ETHERNET:
case NM_DEVICE_TYPE_VETH:
return 100;
case NM_DEVICE_TYPE_MACSEC:
return 125;
case NM_DEVICE_TYPE_INFINIBAND:
return 150;
case NM_DEVICE_TYPE_ADSL: