mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-07-08 19:55:47 +00:00
core,libnm: introduce NMDeviceMacsec
At the moment the device only exposes the current link status, but cannot create new links.
This commit is contained in:
parent
85103656e9
commit
67adbda83e
|
@ -195,6 +195,8 @@ introspection_sources = \
|
|||
introspection/org.freedesktop.NetworkManager.Device.Infiniband.h \
|
||||
introspection/org.freedesktop.NetworkManager.Device.IPTunnel.c \
|
||||
introspection/org.freedesktop.NetworkManager.Device.IPTunnel.h \
|
||||
introspection/org.freedesktop.NetworkManager.Device.Macsec.c \
|
||||
introspection/org.freedesktop.NetworkManager.Device.Macsec.h \
|
||||
introspection/org.freedesktop.NetworkManager.Device.Macvlan.c \
|
||||
introspection/org.freedesktop.NetworkManager.Device.Macvlan.h \
|
||||
introspection/org.freedesktop.NetworkManager.Device.Modem.c \
|
||||
|
@ -262,6 +264,7 @@ DBUS_INTERFACE_DOCS = \
|
|||
docs/api/dbus-org.freedesktop.NetworkManager.Device.Vxlan.xml \
|
||||
docs/api/dbus-org.freedesktop.NetworkManager.Settings.Connection.xml \
|
||||
docs/api/dbus-org.freedesktop.NetworkManager.Device.Bond.xml \
|
||||
docs/api/dbus-org.freedesktop.NetworkManager.Device.Macsec.xml \
|
||||
docs/api/dbus-org.freedesktop.NetworkManager.Device.Macvlan.xml \
|
||||
docs/api/dbus-org.freedesktop.NetworkManager.PPP.xml \
|
||||
docs/api/dbus-org.freedesktop.NetworkManager.Device.Vlan.xml \
|
||||
|
@ -313,6 +316,7 @@ dbusinterfaces_DATA = \
|
|||
introspection/org.freedesktop.NetworkManager.Device.Generic.xml \
|
||||
introspection/org.freedesktop.NetworkManager.Device.Infiniband.xml \
|
||||
introspection/org.freedesktop.NetworkManager.Device.IPTunnel.xml \
|
||||
introspection/org.freedesktop.NetworkManager.Device.Macsec.xml \
|
||||
introspection/org.freedesktop.NetworkManager.Device.Macvlan.xml \
|
||||
introspection/org.freedesktop.NetworkManager.Device.Modem.xml \
|
||||
introspection/org.freedesktop.NetworkManager.Device.OlpcMesh.xml \
|
||||
|
@ -668,6 +672,7 @@ libnm_lib_h_pub_real = \
|
|||
libnm/nm-device-generic.h \
|
||||
libnm/nm-device-infiniband.h \
|
||||
libnm/nm-device-ip-tunnel.h \
|
||||
libnm/nm-device-macsec.h \
|
||||
libnm/nm-device-macvlan.h \
|
||||
libnm/nm-device-modem.h \
|
||||
libnm/nm-device-olpc-mesh.h \
|
||||
|
@ -717,6 +722,7 @@ libnm_lib_c_real = \
|
|||
libnm/nm-device-generic.c \
|
||||
libnm/nm-device-infiniband.c \
|
||||
libnm/nm-device-ip-tunnel.c \
|
||||
libnm/nm-device-macsec.c \
|
||||
libnm/nm-device-macvlan.c \
|
||||
libnm/nm-device-modem.c \
|
||||
libnm/nm-device-olpc-mesh.c \
|
||||
|
@ -1291,6 +1297,8 @@ src_libNetworkManager_la_SOURCES = \
|
|||
src/devices/nm-device-infiniband.h \
|
||||
src/devices/nm-device-ip-tunnel.c \
|
||||
src/devices/nm-device-ip-tunnel.h \
|
||||
src/devices/nm-device-macsec.c \
|
||||
src/devices/nm-device-macsec.h \
|
||||
src/devices/nm-device-macvlan.c \
|
||||
src/devices/nm-device-macvlan.h \
|
||||
src/devices/nm-device-tun.c \
|
||||
|
|
|
@ -55,6 +55,7 @@ content_files = \
|
|||
dbus-org.freedesktop.NetworkManager.Settings.Connection.xml \
|
||||
dbus-org.freedesktop.NetworkManager.Device.Bond.xml \
|
||||
dbus-org.freedesktop.NetworkManager.Device.Macvlan.xml \
|
||||
dbus-org.freedesktop.NetworkManager.Device.Macsec.xml \
|
||||
dbus-org.freedesktop.NetworkManager.PPP.xml \
|
||||
dbus-org.freedesktop.NetworkManager.Device.Vlan.xml \
|
||||
dbus-org.freedesktop.NetworkManager.Device.Adsl.xml \
|
||||
|
|
|
@ -82,6 +82,7 @@
|
|||
<xi:include href="dbus-org.freedesktop.NetworkManager.Device.Generic.xml"/>
|
||||
<xi:include href="dbus-org.freedesktop.NetworkManager.Device.Infiniband.xml"/>
|
||||
<xi:include href="dbus-org.freedesktop.NetworkManager.Device.IPTunnel.xml"/>
|
||||
<xi:include href="dbus-org.freedesktop.NetworkManager.Device.Macsec.xml"/>
|
||||
<xi:include href="dbus-org.freedesktop.NetworkManager.Device.Macvlan.xml"/>
|
||||
<xi:include href="dbus-org.freedesktop.NetworkManager.Device.Modem.xml"/>
|
||||
<xi:include href="dbus-org.freedesktop.NetworkManager.Device.OlpcMesh.xml"/>
|
||||
|
|
113
introspection/org.freedesktop.NetworkManager.Device.Macsec.xml
Normal file
113
introspection/org.freedesktop.NetworkManager.Device.Macsec.xml
Normal file
|
@ -0,0 +1,113 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<node name="/">
|
||||
<interface name="org.freedesktop.NetworkManager.Device.Macsec">
|
||||
|
||||
<!--
|
||||
Parent:
|
||||
|
||||
The object path of the parent device.
|
||||
-->
|
||||
<property name="Parent" type="o" access="read"/>
|
||||
|
||||
<!--
|
||||
Sci:
|
||||
|
||||
The Secure Channel Identifier in use.
|
||||
-->
|
||||
<property name="Sci" type="t" access="read"/>
|
||||
|
||||
<!--
|
||||
IcvLength:
|
||||
|
||||
The length of ICV (Integrity Check Value).
|
||||
-->
|
||||
<property name="IcvLength" type="y" access="read"/>
|
||||
|
||||
<!--
|
||||
CipherSuite:
|
||||
|
||||
The set of cryptographic algorithms in use
|
||||
(e.g. 0x0080020001000001 for GCM-AES-128).
|
||||
-->
|
||||
<property name="CipherSuite" type="t" access="read"/>
|
||||
|
||||
<!--
|
||||
Window:
|
||||
|
||||
The size of the replay window.
|
||||
-->
|
||||
<property name="Window" type="u" access="read"/>
|
||||
|
||||
<!--
|
||||
EncodingSa:
|
||||
|
||||
The value of the Association Number (0..3) for the Security
|
||||
Association in use.
|
||||
-->
|
||||
<property name="EncodingSa" type="y" access="read"/>
|
||||
|
||||
<!--
|
||||
Validation:
|
||||
|
||||
The validation mode for incoming packets (strict, check,
|
||||
disabled).
|
||||
-->
|
||||
<property name="Validation" type="s" access="read"/>
|
||||
|
||||
<!--
|
||||
Encrypt:
|
||||
|
||||
Whether encryption of transmitted frames is enabled.
|
||||
-->
|
||||
<property name="Encrypt" type="b" access="read"/>
|
||||
|
||||
<!--
|
||||
Protect:
|
||||
|
||||
Whether protection of transmitted frames is enabled.
|
||||
-->
|
||||
<property name="Protect" type="b" access="read"/>
|
||||
|
||||
<!--
|
||||
IncludeSci:
|
||||
|
||||
Whether the SCI is always included in SecTAG for transmitted
|
||||
frames.
|
||||
|
||||
-->
|
||||
<property name="IncludeSci" type="b" access="read"/>
|
||||
|
||||
<!--
|
||||
Es:
|
||||
|
||||
Whether the ES (End station) bit is enabled in SecTAG for
|
||||
transmitted frames.
|
||||
-->
|
||||
<property name="Es" type="b" access="read"/>
|
||||
|
||||
<!--
|
||||
Scb:
|
||||
|
||||
Whether the SCB (Single Copy Broadcast) bit is enabled in
|
||||
SecTAG for transmitted frames.
|
||||
-->
|
||||
<property name="Scb" type="b" access="read"/>
|
||||
|
||||
<!--
|
||||
ReplayProtect:
|
||||
|
||||
Whether replay protection is enabled.
|
||||
-->
|
||||
<property name="ReplayProtect" type="b" access="read"/>
|
||||
|
||||
<!--
|
||||
PropertiesChanged:
|
||||
@properties: A dictionary mapping property names to variant boxed values
|
||||
|
||||
DEPRECATED. Use the standard "PropertiesChanged" signal from "org.freedesktop.DBus.Properties" instead which exists since version NetworkManager 1.2.0.
|
||||
-->
|
||||
<signal name="PropertiesChanged">
|
||||
<arg name="properties" type="a{sv}"/>
|
||||
</signal>
|
||||
</interface>
|
||||
</node>
|
|
@ -64,6 +64,7 @@
|
|||
#define NM_DBUS_INTERFACE_DEVICE_GENERIC NM_DBUS_INTERFACE_DEVICE ".Generic"
|
||||
#define NM_DBUS_INTERFACE_DEVICE_VETH NM_DBUS_INTERFACE_DEVICE ".Veth"
|
||||
#define NM_DBUS_INTERFACE_DEVICE_TUN NM_DBUS_INTERFACE_DEVICE ".Tun"
|
||||
#define NM_DBUS_INTERFACE_DEVICE_MACSEC NM_DBUS_INTERFACE_DEVICE ".Macsec"
|
||||
#define NM_DBUS_INTERFACE_DEVICE_MACVLAN NM_DBUS_INTERFACE_DEVICE ".Macvlan"
|
||||
#define NM_DBUS_INTERFACE_DEVICE_VXLAN NM_DBUS_INTERFACE_DEVICE ".Vxlan"
|
||||
#define NM_DBUS_INTERFACE_DEVICE_GRE NM_DBUS_INTERFACE_DEVICE ".Gre"
|
||||
|
@ -169,6 +170,7 @@ typedef enum {
|
|||
* @NM_DEVICE_TYPE_MACVLAN: a MACVLAN interface
|
||||
* @NM_DEVICE_TYPE_VXLAN: a VXLAN interface
|
||||
* @NM_DEVICE_TYPE_VETH: a VETH interface
|
||||
* @NM_DEVICE_TYPE_MACSEC: a MACsec interface
|
||||
*
|
||||
* #NMDeviceType values indicate the type of hardware represented by a
|
||||
* device object.
|
||||
|
@ -195,6 +197,7 @@ typedef enum {
|
|||
NM_DEVICE_TYPE_MACVLAN = 18,
|
||||
NM_DEVICE_TYPE_VXLAN = 19,
|
||||
NM_DEVICE_TYPE_VETH = 20,
|
||||
NM_DEVICE_TYPE_MACSEC = 21,
|
||||
} NMDeviceType;
|
||||
|
||||
/**
|
||||
|
|
|
@ -1091,6 +1091,20 @@ global:
|
|||
nm_client_get_dns_mode;
|
||||
nm_client_get_dns_rc_manager;
|
||||
nm_connection_get_setting_proxy;
|
||||
nm_device_macsec_get_cipher_suite;
|
||||
nm_device_macsec_get_encoding_sa;
|
||||
nm_device_macsec_get_encrypt;
|
||||
nm_device_macsec_get_es;
|
||||
nm_device_macsec_get_hw_address;
|
||||
nm_device_macsec_get_icv_length;
|
||||
nm_device_macsec_get_include_sci;
|
||||
nm_device_macsec_get_protect;
|
||||
nm_device_macsec_get_replay_protect;
|
||||
nm_device_macsec_get_scb;
|
||||
nm_device_macsec_get_sci;
|
||||
nm_device_macsec_get_type;
|
||||
nm_device_macsec_get_validation;
|
||||
nm_device_macsec_get_window;
|
||||
nm_dns_entry_get_domains;
|
||||
nm_dns_entry_get_interface;
|
||||
nm_dns_entry_get_nameservers;
|
||||
|
|
|
@ -56,6 +56,7 @@
|
|||
#include "nm-device-generic.h"
|
||||
#include "nm-device-infiniband.h"
|
||||
#include "nm-device-ip-tunnel.h"
|
||||
#include "nm-device-macsec.h"
|
||||
#include "nm-device-macvlan.h"
|
||||
#include "nm-device-modem.h"
|
||||
#include "nm-device-olpc-mesh.h"
|
||||
|
@ -2061,6 +2062,8 @@ obj_nm_for_gdbus_object (GDBusObject *object, GDBusObjectManager *object_manager
|
|||
type = NM_TYPE_DEVICE_INFINIBAND;
|
||||
else if (strcmp (ifname, NM_DBUS_INTERFACE_DEVICE_IP_TUNNEL) == 0)
|
||||
type = NM_TYPE_DEVICE_IP_TUNNEL;
|
||||
else if (strcmp (ifname, NM_DBUS_INTERFACE_DEVICE_MACSEC) == 0)
|
||||
type = NM_TYPE_DEVICE_MACSEC;
|
||||
else if (strcmp (ifname, NM_DBUS_INTERFACE_DEVICE_MACVLAN) == 0)
|
||||
type = NM_TYPE_DEVICE_MACVLAN;
|
||||
else if (strcmp (ifname, NM_DBUS_INTERFACE_DEVICE_MODEM) == 0)
|
||||
|
|
639
libnm/nm-device-macsec.c
Normal file
639
libnm/nm-device-macsec.c
Normal file
|
@ -0,0 +1,639 @@
|
|||
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
|
||||
/*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 2 of the License, or (at your option) any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, write to the
|
||||
* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
* Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Copyright 2017 Red Hat, Inc.
|
||||
*/
|
||||
|
||||
#include "nm-default.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include "nm-device-macsec.h"
|
||||
#include "nm-device-private.h"
|
||||
#include "nm-object-private.h"
|
||||
#include "nm-utils.h"
|
||||
|
||||
G_DEFINE_TYPE (NMDeviceMacsec, nm_device_macsec, NM_TYPE_DEVICE)
|
||||
|
||||
#define NM_DEVICE_MACSEC_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), NM_TYPE_DEVICE_MACSEC, NMDeviceMacsecPrivate))
|
||||
|
||||
typedef struct {
|
||||
NMDevice *parent;
|
||||
char *hw_address;
|
||||
guint64 sci;
|
||||
guint64 cipher_suite;
|
||||
guint8 icv_length;
|
||||
guint32 window;
|
||||
guint8 encoding_sa;
|
||||
gboolean encrypt;
|
||||
gboolean protect;
|
||||
gboolean include_sci;
|
||||
gboolean es;
|
||||
gboolean scb;
|
||||
gboolean replay_protect;
|
||||
char *validation;
|
||||
} NMDeviceMacsecPrivate;
|
||||
|
||||
NM_GOBJECT_PROPERTIES_DEFINE_BASE (
|
||||
PROP_PARENT,
|
||||
PROP_HW_ADDRESS,
|
||||
PROP_SCI,
|
||||
PROP_CIPHER_SUITE,
|
||||
PROP_ICV_LENGTH,
|
||||
PROP_WINDOW,
|
||||
PROP_ENCODING_SA,
|
||||
PROP_ENCRYPT,
|
||||
PROP_PROTECT,
|
||||
PROP_INCLUDE_SCI,
|
||||
PROP_ES,
|
||||
PROP_SCB,
|
||||
PROP_REPLAY_PROTECT,
|
||||
PROP_VALIDATION,
|
||||
);
|
||||
|
||||
/**
|
||||
* nm_device_macsec_get_parent:
|
||||
* @device: a #NMDeviceMacsec
|
||||
*
|
||||
* Returns: (transfer none): the device's parent device
|
||||
*
|
||||
* Since: 1.6
|
||||
**/
|
||||
NMDevice *
|
||||
nm_device_macsec_get_parent (NMDeviceMacsec *device)
|
||||
{
|
||||
g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), NULL);
|
||||
|
||||
return NM_DEVICE_MACSEC_GET_PRIVATE (device)->parent;
|
||||
}
|
||||
|
||||
/**
|
||||
* nm_device_macsec_get_hw_address:
|
||||
* @device: a #NMDeviceMacsec
|
||||
*
|
||||
* Gets the hardware (MAC) address of the #NMDeviceMacsec
|
||||
*
|
||||
* Returns: the hardware address. This is the internal string used by the
|
||||
* device, and must not be modified.
|
||||
*
|
||||
* Since: 1.6
|
||||
**/
|
||||
const char *
|
||||
nm_device_macsec_get_hw_address (NMDeviceMacsec *device)
|
||||
{
|
||||
g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), NULL);
|
||||
|
||||
return NM_DEVICE_MACSEC_GET_PRIVATE (device)->hw_address;
|
||||
}
|
||||
|
||||
/**
|
||||
* nm_device_macsec_get_sci:
|
||||
* @device: a #NMDeviceMacsec
|
||||
*
|
||||
* Gets the Secure Channel Identifier in use
|
||||
*
|
||||
* Returns: the SCI
|
||||
*
|
||||
* Since: 1.6
|
||||
**/
|
||||
guint64
|
||||
nm_device_macsec_get_sci (NMDeviceMacsec *device)
|
||||
{
|
||||
g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), 0);
|
||||
|
||||
return NM_DEVICE_MACSEC_GET_PRIVATE (device)->sci;
|
||||
}
|
||||
|
||||
/**
|
||||
* nm_device_macsec_get_icv_length:
|
||||
* @device: a #NMDeviceMacsec
|
||||
*
|
||||
* Gets the length of ICV (Integrity Check Value)
|
||||
*
|
||||
* Returns: the length of ICV
|
||||
*
|
||||
* Since: 1.6
|
||||
**/
|
||||
guint8
|
||||
nm_device_macsec_get_icv_length (NMDeviceMacsec *device)
|
||||
{
|
||||
g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), 0);
|
||||
|
||||
return NM_DEVICE_MACSEC_GET_PRIVATE (device)->icv_length;
|
||||
}
|
||||
|
||||
/**
|
||||
* nm_device_macsec_get_cipher_suite:
|
||||
* @device: a #NMDeviceMacsec
|
||||
*
|
||||
* Gets the set of cryptographic algorithms in use
|
||||
*
|
||||
* Returns:
|
||||
*
|
||||
* Since: 1.6
|
||||
**/
|
||||
guint64
|
||||
nm_device_macsec_get_cipher_suite (NMDeviceMacsec *device)
|
||||
{
|
||||
g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), 0);
|
||||
|
||||
return NM_DEVICE_MACSEC_GET_PRIVATE (device)->cipher_suite;
|
||||
}
|
||||
|
||||
/**
|
||||
* nm_device_macsec_get_window:
|
||||
* @device: a #NMDeviceMacsec
|
||||
*
|
||||
* Gets the size of the replay window
|
||||
*
|
||||
* Returns: size of the replay window
|
||||
*
|
||||
* Since: 1.6
|
||||
**/
|
||||
guint
|
||||
nm_device_macsec_get_window (NMDeviceMacsec *device)
|
||||
{
|
||||
g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), 0);
|
||||
|
||||
return NM_DEVICE_MACSEC_GET_PRIVATE (device)->window;
|
||||
}
|
||||
|
||||
/**
|
||||
* nm_device_macsec_get_encoding_sa:
|
||||
* @device: a #NMDeviceMacsec
|
||||
*
|
||||
* Gets the value of the Association Number (0..3) for the Security
|
||||
* Association in use.
|
||||
*
|
||||
* Returns: the current Security Association
|
||||
*
|
||||
* Since: 1.6
|
||||
**/
|
||||
guint8
|
||||
nm_device_macsec_get_encoding_sa (NMDeviceMacsec *device)
|
||||
{
|
||||
g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), 0);
|
||||
|
||||
return NM_DEVICE_MACSEC_GET_PRIVATE (device)->encoding_sa;
|
||||
}
|
||||
|
||||
/**
|
||||
* nm_device_macsec_get_validation:
|
||||
* @device: a #NMDeviceMacsec
|
||||
*
|
||||
* Gets the validation mode for incoming packets (strict, check,
|
||||
* disabled)
|
||||
*
|
||||
* Returns: the validation mode
|
||||
*
|
||||
* Since: 1.6
|
||||
**/
|
||||
const char *
|
||||
nm_device_macsec_get_validation (NMDeviceMacsec *device)
|
||||
{
|
||||
g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), NULL);
|
||||
|
||||
return NM_DEVICE_MACSEC_GET_PRIVATE (device)->validation;
|
||||
}
|
||||
|
||||
/**
|
||||
* nm_device_macsec_get_encrypt:
|
||||
* @device: a #NMDeviceMacsec
|
||||
*
|
||||
* Gets whether encryption of transmitted frames is enabled
|
||||
*
|
||||
* Returns: whether encryption is enabled
|
||||
*
|
||||
* Since: 1.6
|
||||
**/
|
||||
gboolean
|
||||
nm_device_macsec_get_encrypt (NMDeviceMacsec *device)
|
||||
{
|
||||
g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), FALSE);
|
||||
|
||||
return NM_DEVICE_MACSEC_GET_PRIVATE (device)->encrypt;
|
||||
}
|
||||
|
||||
/**
|
||||
* nm_device_macsec_get_protect:
|
||||
* @device: a #NMDeviceMacsec
|
||||
*
|
||||
* Gets whether protection of transmitted frames is enabled
|
||||
*
|
||||
* Returns: whether protection is enabled
|
||||
*
|
||||
* Since: 1.6
|
||||
**/
|
||||
gboolean
|
||||
nm_device_macsec_get_protect (NMDeviceMacsec *device)
|
||||
{
|
||||
g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), FALSE);
|
||||
|
||||
return NM_DEVICE_MACSEC_GET_PRIVATE (device)->protect;
|
||||
}
|
||||
|
||||
/**
|
||||
* nm_device_macsec_get_include_sci:
|
||||
* @device: a #NMDeviceMacsec
|
||||
*
|
||||
* Gets whether the SCI is always included in SecTAG for transmitted
|
||||
* frames
|
||||
*
|
||||
* Returns: whether the SCI is always included
|
||||
*
|
||||
* Since: 1.6
|
||||
**/
|
||||
gboolean
|
||||
nm_device_macsec_get_include_sci (NMDeviceMacsec *device)
|
||||
{
|
||||
g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), FALSE);
|
||||
|
||||
return NM_DEVICE_MACSEC_GET_PRIVATE (device)->include_sci;
|
||||
}
|
||||
|
||||
/**
|
||||
* nm_device_macsec_get_es:
|
||||
* @device: a #NMDeviceMacsec
|
||||
*
|
||||
* Gets whether the ES (End station) bit is enabled in SecTAG for
|
||||
* transmitted frames
|
||||
*
|
||||
* Returns: whether the ES (End station) bit is enabled
|
||||
*
|
||||
* Since: 1.6
|
||||
**/
|
||||
gboolean
|
||||
nm_device_macsec_get_es (NMDeviceMacsec *device)
|
||||
{
|
||||
g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), FALSE);
|
||||
|
||||
return NM_DEVICE_MACSEC_GET_PRIVATE (device)->es;
|
||||
}
|
||||
|
||||
/**
|
||||
* nm_device_macsec_get_scb:
|
||||
* @device: a #NMDeviceMacsec
|
||||
*
|
||||
* Gets whether the SCB (Single Copy Broadcast) bit is enabled in
|
||||
* SecTAG for transmitted frames
|
||||
*
|
||||
* Returns: whether the SCB (Single Copy Broadcast) bit is enabled
|
||||
*
|
||||
* Since: 1.6
|
||||
**/
|
||||
gboolean
|
||||
nm_device_macsec_get_scb (NMDeviceMacsec *device)
|
||||
{
|
||||
g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), FALSE);
|
||||
|
||||
return NM_DEVICE_MACSEC_GET_PRIVATE (device)->scb;
|
||||
}
|
||||
|
||||
/**
|
||||
* nm_device_macsec_get_replay_protect:
|
||||
* @device: a #NMDeviceMacsec
|
||||
*
|
||||
* Gets whether replay protection is enabled
|
||||
*
|
||||
* Returns: whether replay protection is enabled
|
||||
*
|
||||
* Since: 1.6
|
||||
**/
|
||||
gboolean
|
||||
nm_device_macsec_get_replay_protect (NMDeviceMacsec *device)
|
||||
{
|
||||
g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), FALSE);
|
||||
|
||||
return NM_DEVICE_MACSEC_GET_PRIVATE (device)->replay_protect;
|
||||
}
|
||||
|
||||
static const char *
|
||||
get_hw_address (NMDevice *device)
|
||||
{
|
||||
return nm_device_macsec_get_hw_address (NM_DEVICE_MACSEC (device));
|
||||
}
|
||||
|
||||
/***********************************************************/
|
||||
|
||||
static void
|
||||
nm_device_macsec_init (NMDeviceMacsec *device)
|
||||
{
|
||||
}
|
||||
|
||||
static void
|
||||
init_dbus (NMObject *object)
|
||||
{
|
||||
NMDeviceMacsecPrivate *priv = NM_DEVICE_MACSEC_GET_PRIVATE (object);
|
||||
const NMPropertiesInfo property_info[] = {
|
||||
{ NM_DEVICE_MACSEC_PARENT, &priv->parent, NULL, NM_TYPE_DEVICE },
|
||||
{ NM_DEVICE_MACSEC_HW_ADDRESS, &priv->hw_address },
|
||||
{ NM_DEVICE_MACSEC_SCI, &priv->sci },
|
||||
{ NM_DEVICE_MACSEC_CIPHER_SUITE, &priv->cipher_suite },
|
||||
{ NM_DEVICE_MACSEC_ICV_LENGTH, &priv->icv_length },
|
||||
{ NM_DEVICE_MACSEC_WINDOW, &priv->window },
|
||||
{ NM_DEVICE_MACSEC_ENCODING_SA, &priv->encoding_sa },
|
||||
{ NM_DEVICE_MACSEC_ENCRYPT, &priv->encrypt },
|
||||
{ NM_DEVICE_MACSEC_PROTECT, &priv->protect },
|
||||
{ NM_DEVICE_MACSEC_INCLUDE_SCI, &priv->include_sci },
|
||||
{ NM_DEVICE_MACSEC_ES, &priv->es },
|
||||
{ NM_DEVICE_MACSEC_SCB, &priv->scb },
|
||||
{ NM_DEVICE_MACSEC_REPLAY_PROTECT, &priv->replay_protect },
|
||||
{ NM_DEVICE_MACSEC_VALIDATION, &priv->validation },
|
||||
{ NULL },
|
||||
};
|
||||
|
||||
NM_OBJECT_CLASS (nm_device_macsec_parent_class)->init_dbus (object);
|
||||
|
||||
_nm_object_register_properties (object,
|
||||
NM_DBUS_INTERFACE_DEVICE_MACSEC,
|
||||
property_info);
|
||||
}
|
||||
|
||||
static void
|
||||
finalize (GObject *object)
|
||||
{
|
||||
NMDeviceMacsecPrivate *priv = NM_DEVICE_MACSEC_GET_PRIVATE (object);
|
||||
|
||||
g_free (priv->validation);
|
||||
g_free (priv->hw_address);
|
||||
g_clear_object (&priv->parent);
|
||||
|
||||
G_OBJECT_CLASS (nm_device_macsec_parent_class)->finalize (object);
|
||||
}
|
||||
|
||||
static void
|
||||
get_property (GObject *object,
|
||||
guint prop_id,
|
||||
GValue *value,
|
||||
GParamSpec *pspec)
|
||||
{
|
||||
NMDeviceMacsec *device = NM_DEVICE_MACSEC (object);
|
||||
|
||||
switch (prop_id) {
|
||||
case PROP_PARENT:
|
||||
g_value_set_object (value, nm_device_macsec_get_parent (device));
|
||||
break;
|
||||
case PROP_HW_ADDRESS:
|
||||
g_value_set_string (value, nm_device_macsec_get_hw_address (device));
|
||||
break;
|
||||
case PROP_SCI:
|
||||
g_value_set_uint64 (value, nm_device_macsec_get_sci (device));
|
||||
break;
|
||||
case PROP_ICV_LENGTH:
|
||||
g_value_set_uchar (value, nm_device_macsec_get_icv_length (device));
|
||||
break;
|
||||
case PROP_CIPHER_SUITE:
|
||||
g_value_set_uint64 (value, nm_device_macsec_get_cipher_suite (device));
|
||||
break;
|
||||
case PROP_WINDOW:
|
||||
g_value_set_uint (value, nm_device_macsec_get_window (device));
|
||||
break;
|
||||
case PROP_ENCODING_SA:
|
||||
g_value_set_uchar (value, nm_device_macsec_get_encoding_sa (device));
|
||||
break;
|
||||
case PROP_VALIDATION:
|
||||
g_value_set_string (value, nm_device_macsec_get_validation (device));
|
||||
break;
|
||||
case PROP_ENCRYPT:
|
||||
g_value_set_boolean (value, nm_device_macsec_get_encrypt (device));
|
||||
break;
|
||||
case PROP_PROTECT:
|
||||
g_value_set_boolean (value, nm_device_macsec_get_protect (device));
|
||||
break;
|
||||
case PROP_INCLUDE_SCI:
|
||||
g_value_set_boolean (value, nm_device_macsec_get_include_sci (device));
|
||||
break;
|
||||
case PROP_ES:
|
||||
g_value_set_boolean (value, nm_device_macsec_get_es (device));
|
||||
break;
|
||||
case PROP_SCB:
|
||||
g_value_set_boolean (value, nm_device_macsec_get_scb (device));
|
||||
break;
|
||||
case PROP_REPLAY_PROTECT:
|
||||
g_value_set_boolean (value, nm_device_macsec_get_replay_protect (device));
|
||||
break;
|
||||
default:
|
||||
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
nm_device_macsec_class_init (NMDeviceMacsecClass *macsec_class)
|
||||
{
|
||||
GObjectClass *object_class = G_OBJECT_CLASS (macsec_class);
|
||||
NMObjectClass *nm_object_class = NM_OBJECT_CLASS (macsec_class);
|
||||
NMDeviceClass *device_class = NM_DEVICE_CLASS (macsec_class);
|
||||
|
||||
g_type_class_add_private (macsec_class, sizeof (NMDeviceMacsecPrivate));
|
||||
|
||||
object_class->finalize = finalize;
|
||||
object_class->get_property = get_property;
|
||||
|
||||
nm_object_class->init_dbus = init_dbus;
|
||||
|
||||
device_class->get_hw_address = get_hw_address;
|
||||
|
||||
/**
|
||||
* NMDeviceMacsec:parent:
|
||||
*
|
||||
* The devices's parent device.
|
||||
*
|
||||
* Since: 1.6
|
||||
**/
|
||||
obj_properties[PROP_PARENT] =
|
||||
g_param_spec_object (NM_DEVICE_MACSEC_PARENT, "", "",
|
||||
NM_TYPE_DEVICE,
|
||||
G_PARAM_READABLE |
|
||||
G_PARAM_STATIC_STRINGS);
|
||||
|
||||
/**
|
||||
* NMDeviceMacsec:hw-address:
|
||||
*
|
||||
* The hardware (MAC) address of the device.
|
||||
*
|
||||
* Since: 1.6
|
||||
**/
|
||||
obj_properties[PROP_HW_ADDRESS] =
|
||||
g_param_spec_string (NM_DEVICE_MACSEC_HW_ADDRESS, "", "",
|
||||
NULL,
|
||||
G_PARAM_READABLE |
|
||||
G_PARAM_STATIC_STRINGS);
|
||||
|
||||
/**
|
||||
* NMDeviceMacsec:sci:
|
||||
*
|
||||
* The Secure Channel Identifier in use.
|
||||
*
|
||||
* Since: 1.6
|
||||
**/
|
||||
obj_properties[PROP_SCI] =
|
||||
g_param_spec_uint64 (NM_DEVICE_MACSEC_SCI, "", "",
|
||||
0, G_MAXUINT64, 0,
|
||||
G_PARAM_READABLE |
|
||||
G_PARAM_STATIC_STRINGS);
|
||||
|
||||
/**
|
||||
* NMDeviceMacsec:icv-length:
|
||||
*
|
||||
* The length of ICV (Integrity Check Value).
|
||||
*
|
||||
* Since: 1.6
|
||||
**/
|
||||
obj_properties[PROP_ICV_LENGTH] =
|
||||
g_param_spec_uchar (NM_DEVICE_MACSEC_ICV_LENGTH, "", "",
|
||||
0, G_MAXUINT8, 0,
|
||||
G_PARAM_READABLE |
|
||||
G_PARAM_STATIC_STRINGS);
|
||||
|
||||
/**
|
||||
* NMDeviceMacsec:cipher-suite:
|
||||
*
|
||||
* The set of cryptographic algorithms in use.
|
||||
*
|
||||
* Since: 1.6
|
||||
**/
|
||||
obj_properties[PROP_CIPHER_SUITE] =
|
||||
g_param_spec_uint64 (NM_DEVICE_MACSEC_CIPHER_SUITE, "", "",
|
||||
0, G_MAXUINT64, 0,
|
||||
G_PARAM_READABLE |
|
||||
G_PARAM_STATIC_STRINGS);
|
||||
|
||||
/**
|
||||
* NMDeviceMacsec:window:
|
||||
*
|
||||
* The size of the replay window.
|
||||
*
|
||||
* Since: 1.6
|
||||
**/
|
||||
obj_properties[PROP_WINDOW] =
|
||||
g_param_spec_uint (NM_DEVICE_MACSEC_WINDOW, "", "",
|
||||
0, G_MAXUINT32, 0,
|
||||
G_PARAM_READABLE |
|
||||
G_PARAM_STATIC_STRINGS);
|
||||
|
||||
/**
|
||||
* NMDeviceMacsec:encoding-sa:
|
||||
*
|
||||
* The value of the Association Number (0..3) for the Security
|
||||
* Association in use.
|
||||
*
|
||||
* Since: 1.6
|
||||
**/
|
||||
obj_properties[PROP_ENCODING_SA] =
|
||||
g_param_spec_uchar (NM_DEVICE_MACSEC_ENCODING_SA, "", "",
|
||||
0, G_MAXUINT8, 0,
|
||||
G_PARAM_READABLE |
|
||||
G_PARAM_STATIC_STRINGS);
|
||||
|
||||
/**
|
||||
* NMDeviceMacsec:validation:
|
||||
*
|
||||
* The validation mode for incoming packets (strict, check,
|
||||
* disabled).
|
||||
*
|
||||
* Since: 1.6
|
||||
**/
|
||||
obj_properties[PROP_VALIDATION] =
|
||||
g_param_spec_string (NM_DEVICE_MACSEC_VALIDATION, "", "",
|
||||
NULL,
|
||||
G_PARAM_READABLE |
|
||||
G_PARAM_STATIC_STRINGS);
|
||||
|
||||
/**
|
||||
* NMDeviceMacsec:encrypt:
|
||||
*
|
||||
* Whether encryption of transmitted frames is enabled.
|
||||
*
|
||||
* Since: 1.6
|
||||
**/
|
||||
obj_properties[PROP_ENCRYPT] =
|
||||
g_param_spec_boolean (NM_DEVICE_MACSEC_ENCRYPT, "", "",
|
||||
FALSE,
|
||||
G_PARAM_READABLE |
|
||||
G_PARAM_STATIC_STRINGS);
|
||||
|
||||
/**
|
||||
* NMDeviceMacsec:protect:
|
||||
*
|
||||
* Whether protection of transmitted frames is enabled.
|
||||
*
|
||||
* Since: 1.6
|
||||
**/
|
||||
obj_properties[PROP_PROTECT] =
|
||||
g_param_spec_boolean (NM_DEVICE_MACSEC_PROTECT, "", "",
|
||||
FALSE,
|
||||
G_PARAM_READABLE |
|
||||
G_PARAM_STATIC_STRINGS);
|
||||
|
||||
/**
|
||||
* NMDeviceMacsec:include-sci:
|
||||
*
|
||||
* Whether the SCI is always included in SecTAG for transmitted
|
||||
* frames.
|
||||
*
|
||||
* Since: 1.6
|
||||
**/
|
||||
obj_properties[PROP_INCLUDE_SCI] =
|
||||
g_param_spec_boolean (NM_DEVICE_MACSEC_INCLUDE_SCI, "", "",
|
||||
FALSE,
|
||||
G_PARAM_READABLE |
|
||||
G_PARAM_STATIC_STRINGS);
|
||||
|
||||
/**
|
||||
* NMDeviceMacsec:es:
|
||||
*
|
||||
* Whether the ES (End station) bit is enabled in SecTAG for
|
||||
* transmitted frames.
|
||||
*
|
||||
* Since: 1.6
|
||||
**/
|
||||
obj_properties[PROP_ES] =
|
||||
g_param_spec_boolean (NM_DEVICE_MACSEC_ES, "", "",
|
||||
FALSE,
|
||||
G_PARAM_READABLE |
|
||||
G_PARAM_STATIC_STRINGS);
|
||||
|
||||
/**
|
||||
* NMDeviceMacsec:scb:
|
||||
*
|
||||
* Whether the SCB (Single Copy Broadcast) bit is enabled in
|
||||
* SecTAG for transmitted frames.
|
||||
*
|
||||
* Since: 1.6
|
||||
**/
|
||||
obj_properties[PROP_SCB] =
|
||||
g_param_spec_boolean (NM_DEVICE_MACSEC_SCB, "", "",
|
||||
FALSE,
|
||||
G_PARAM_READABLE |
|
||||
G_PARAM_STATIC_STRINGS);
|
||||
|
||||
/**
|
||||
* NMDeviceMacsec:replay-protect:
|
||||
*
|
||||
* Whether replay protection is enabled.
|
||||
*
|
||||
* Since: 1.6
|
||||
**/
|
||||
obj_properties[PROP_REPLAY_PROTECT] =
|
||||
g_param_spec_boolean (NM_DEVICE_MACSEC_REPLAY_PROTECT, "", "",
|
||||
FALSE,
|
||||
G_PARAM_READABLE |
|
||||
G_PARAM_STATIC_STRINGS);
|
||||
|
||||
g_object_class_install_properties (object_class, _PROPERTY_ENUMS_LAST, obj_properties);
|
||||
}
|
101
libnm/nm-device-macsec.h
Normal file
101
libnm/nm-device-macsec.h
Normal file
|
@ -0,0 +1,101 @@
|
|||
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
|
||||
/*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 2 of the License, or (at your option) any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, write to the
|
||||
* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
* Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Copyright 2017 Red Hat, Inc.
|
||||
*/
|
||||
|
||||
#ifndef __NM_DEVICE_MACSEC_H__
|
||||
#define __NM_DEVICE_MACSEC_H__
|
||||
|
||||
#if !defined (__NETWORKMANAGER_H_INSIDE__) && !defined(NETWORKMANAGER_COMPILATION)
|
||||
#error "Only <NetworkManager.h> can be included directly."
|
||||
#endif
|
||||
|
||||
#include <nm-device.h>
|
||||
|
||||
G_BEGIN_DECLS
|
||||
|
||||
#define NM_TYPE_DEVICE_MACSEC (nm_device_macsec_get_type ())
|
||||
#define NM_DEVICE_MACSEC(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_DEVICE_MACSEC, NMDeviceMacsec))
|
||||
#define NM_DEVICE_MACSEC_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NM_TYPE_DEVICE_MACSEC, NMDeviceMacsecClass))
|
||||
#define NM_IS_DEVICE_MACSEC(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NM_TYPE_DEVICE_MACSEC))
|
||||
#define NM_IS_DEVICE_MACSEC_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NM_TYPE_DEVICE_MACSEC))
|
||||
#define NM_DEVICE_MACSEC_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NM_TYPE_DEVICE_MACSEC, NMDeviceMacsecClass))
|
||||
|
||||
#define NM_DEVICE_MACSEC_PARENT "parent"
|
||||
#define NM_DEVICE_MACSEC_HW_ADDRESS "hw-address"
|
||||
#define NM_DEVICE_MACSEC_SCI "sci"
|
||||
#define NM_DEVICE_MACSEC_ICV_LENGTH "icv-length"
|
||||
#define NM_DEVICE_MACSEC_CIPHER_SUITE "cipher-suite"
|
||||
#define NM_DEVICE_MACSEC_WINDOW "window"
|
||||
#define NM_DEVICE_MACSEC_ENCODING_SA "encoding-sa"
|
||||
#define NM_DEVICE_MACSEC_VALIDATION "validation"
|
||||
#define NM_DEVICE_MACSEC_ENCRYPT "encrypt"
|
||||
#define NM_DEVICE_MACSEC_PROTECT "protect"
|
||||
#define NM_DEVICE_MACSEC_INCLUDE_SCI "include-sci"
|
||||
#define NM_DEVICE_MACSEC_ES "es"
|
||||
#define NM_DEVICE_MACSEC_SCB "scb"
|
||||
#define NM_DEVICE_MACSEC_REPLAY_PROTECT "replay-protect"
|
||||
|
||||
/**
|
||||
* NMDeviceMacsec:
|
||||
*/
|
||||
struct _NMDeviceMacsec {
|
||||
NMDevice parent;
|
||||
};
|
||||
|
||||
typedef struct {
|
||||
NMDeviceClass parent;
|
||||
|
||||
/*< private >*/
|
||||
gpointer padding[4];
|
||||
} NMDeviceMacsecClass;
|
||||
|
||||
NM_AVAILABLE_IN_1_6
|
||||
GType nm_device_macsec_get_type (void);
|
||||
|
||||
NM_AVAILABLE_IN_1_6
|
||||
NMDevice * nm_device_macsec_get_parent (NMDeviceMacsec *device);
|
||||
NM_AVAILABLE_IN_1_6
|
||||
const char * nm_device_macsec_get_hw_address (NMDeviceMacsec *device);
|
||||
NM_AVAILABLE_IN_1_6
|
||||
guint64 nm_device_macsec_get_sci (NMDeviceMacsec *device);
|
||||
NM_AVAILABLE_IN_1_6
|
||||
guint8 nm_device_macsec_get_icv_length (NMDeviceMacsec *device);
|
||||
NM_AVAILABLE_IN_1_6
|
||||
guint64 nm_device_macsec_get_cipher_suite (NMDeviceMacsec *device);
|
||||
NM_AVAILABLE_IN_1_6
|
||||
guint nm_device_macsec_get_window (NMDeviceMacsec *device);
|
||||
NM_AVAILABLE_IN_1_6
|
||||
guint8 nm_device_macsec_get_encoding_sa (NMDeviceMacsec *device);
|
||||
NM_AVAILABLE_IN_1_6
|
||||
const char * nm_device_macsec_get_validation (NMDeviceMacsec *device);
|
||||
NM_AVAILABLE_IN_1_6
|
||||
gboolean nm_device_macsec_get_encrypt (NMDeviceMacsec *device);
|
||||
NM_AVAILABLE_IN_1_6
|
||||
gboolean nm_device_macsec_get_protect (NMDeviceMacsec *device);
|
||||
NM_AVAILABLE_IN_1_6
|
||||
gboolean nm_device_macsec_get_include_sci (NMDeviceMacsec *device);
|
||||
NM_AVAILABLE_IN_1_6
|
||||
gboolean nm_device_macsec_get_es (NMDeviceMacsec *device);
|
||||
NM_AVAILABLE_IN_1_6
|
||||
gboolean nm_device_macsec_get_scb (NMDeviceMacsec *device);
|
||||
NM_AVAILABLE_IN_1_6
|
||||
gboolean nm_device_macsec_get_replay_protect (NMDeviceMacsec *device);
|
||||
G_END_DECLS
|
||||
|
||||
#endif /* __NM_DEVICE_MACSEC_H__ */
|
|
@ -267,6 +267,7 @@ coerce_type (NMDeviceType type)
|
|||
case NM_DEVICE_TYPE_BRIDGE:
|
||||
case NM_DEVICE_TYPE_VLAN:
|
||||
case NM_DEVICE_TYPE_ADSL:
|
||||
case NM_DEVICE_TYPE_MACSEC:
|
||||
case NM_DEVICE_TYPE_MACVLAN:
|
||||
case NM_DEVICE_TYPE_VXLAN:
|
||||
case NM_DEVICE_TYPE_IP_TUNNEL:
|
||||
|
@ -1691,6 +1692,8 @@ get_type_name (NMDevice *device)
|
|||
return _("Tun");
|
||||
case NM_DEVICE_TYPE_VETH:
|
||||
return _("Veth");
|
||||
case NM_DEVICE_TYPE_MACSEC:
|
||||
return _("MACsec");
|
||||
case NM_DEVICE_TYPE_GENERIC:
|
||||
case NM_DEVICE_TYPE_UNUSED1:
|
||||
case NM_DEVICE_TYPE_UNUSED2:
|
||||
|
|
|
@ -38,6 +38,7 @@ typedef struct _NMDeviceEthernet NMDeviceEthernet;
|
|||
typedef struct _NMDeviceGeneric NMDeviceGeneric;
|
||||
typedef struct _NMDeviceInfiniband NMDeviceInfiniband;
|
||||
typedef struct _NMDeviceIPTunnel NMDeviceIPTunnel;
|
||||
typedef struct _NMDeviceMacsec NMDeviceMacsec;
|
||||
typedef struct _NMDeviceMacvlan NMDeviceMacvlan;
|
||||
typedef struct _NMDeviceModem NMDeviceModem;
|
||||
typedef struct _NMDeviceOlpcMesh NMDeviceOlpcMesh;
|
||||
|
|
|
@ -405,6 +405,7 @@ nm_device_factory_manager_load_factories (NMDeviceFactoryManagerFactoryFunc call
|
|||
_ADD_INTERNAL (nm_ethernet_device_factory_get_type);
|
||||
_ADD_INTERNAL (nm_infiniband_device_factory_get_type);
|
||||
_ADD_INTERNAL (nm_ip_tunnel_device_factory_get_type);
|
||||
_ADD_INTERNAL (nm_macsec_device_factory_get_type);
|
||||
_ADD_INTERNAL (nm_macvlan_device_factory_get_type);
|
||||
_ADD_INTERNAL (nm_tun_device_factory_get_type);
|
||||
_ADD_INTERNAL (nm_veth_device_factory_get_type);
|
||||
|
|
365
src/devices/nm-device-macsec.c
Normal file
365
src/devices/nm-device-macsec.c
Normal file
|
@ -0,0 +1,365 @@
|
|||
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
|
||||
/* NetworkManager -- Network link manager
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Copyright 2017 Red Hat, Inc.
|
||||
*/
|
||||
|
||||
#include "nm-default.h"
|
||||
|
||||
#include "nm-device-macsec.h"
|
||||
|
||||
#include "nm-device-private.h"
|
||||
#include "platform/nm-platform.h"
|
||||
#include "nm-device-factory.h"
|
||||
#include "nm-manager.h"
|
||||
#include "nm-core-internal.h"
|
||||
|
||||
#include "introspection/org.freedesktop.NetworkManager.Device.Macsec.h"
|
||||
|
||||
#include "nm-device-logging.h"
|
||||
_LOG_DECLARE_SELF(NMDeviceMacsec);
|
||||
|
||||
/*****************************************************************************/
|
||||
|
||||
NM_GOBJECT_PROPERTIES_DEFINE (NMDeviceMacsec,
|
||||
PROP_SCI,
|
||||
PROP_CIPHER_SUITE,
|
||||
PROP_ICV_LENGTH,
|
||||
PROP_WINDOW,
|
||||
PROP_ENCODING_SA,
|
||||
PROP_ENCRYPT,
|
||||
PROP_PROTECT,
|
||||
PROP_INCLUDE_SCI,
|
||||
PROP_ES,
|
||||
PROP_SCB,
|
||||
PROP_REPLAY_PROTECT,
|
||||
PROP_VALIDATION,
|
||||
);
|
||||
|
||||
typedef struct {
|
||||
NMPlatformLnkMacsec props;
|
||||
gulong parent_state_id;
|
||||
} NMDeviceMacsecPrivate;
|
||||
|
||||
struct _NMDeviceMacsec {
|
||||
NMDevice parent;
|
||||
NMDeviceMacsecPrivate _priv;
|
||||
};
|
||||
|
||||
struct _NMDeviceMacsecClass {
|
||||
NMDeviceClass parent;
|
||||
};
|
||||
|
||||
G_DEFINE_TYPE (NMDeviceMacsec, nm_device_macsec, NM_TYPE_DEVICE)
|
||||
|
||||
#define NM_DEVICE_MACSEC_GET_PRIVATE(self) _NM_GET_PRIVATE (self, NMDeviceMacsec, NM_IS_DEVICE_MACSEC)
|
||||
|
||||
/******************************************************************/
|
||||
|
||||
NM_UTILS_LOOKUP_STR_DEFINE_STATIC (validation_mode_to_string, guint8,
|
||||
NM_UTILS_LOOKUP_DEFAULT_WARN ("<unknown>"),
|
||||
NM_UTILS_LOOKUP_STR_ITEM (0, "disable"),
|
||||
NM_UTILS_LOOKUP_STR_ITEM (1, "check"),
|
||||
NM_UTILS_LOOKUP_STR_ITEM (2, "strict"),
|
||||
);
|
||||
|
||||
static void
|
||||
parent_state_changed (NMDevice *parent,
|
||||
NMDeviceState new_state,
|
||||
NMDeviceState old_state,
|
||||
NMDeviceStateReason reason,
|
||||
gpointer user_data)
|
||||
{
|
||||
NMDeviceMacsec *self = NM_DEVICE_MACSEC (user_data);
|
||||
|
||||
/* We'll react to our own carrier state notifications. Ignore the parent's. */
|
||||
if (reason == NM_DEVICE_STATE_REASON_CARRIER)
|
||||
return;
|
||||
|
||||
nm_device_set_unmanaged_by_flags (NM_DEVICE (self), NM_UNMANAGED_PARENT, !nm_device_get_managed (parent, FALSE), reason);
|
||||
}
|
||||
|
||||
static void
|
||||
parent_changed_notify (NMDevice *device,
|
||||
int old_ifindex,
|
||||
NMDevice *old_parent,
|
||||
int new_ifindex,
|
||||
NMDevice *new_parent)
|
||||
{
|
||||
NMDeviceMacsec *self = NM_DEVICE_MACSEC (device);
|
||||
NMDeviceMacsecPrivate *priv = NM_DEVICE_MACSEC_GET_PRIVATE (self);
|
||||
|
||||
NM_DEVICE_CLASS (nm_device_macsec_parent_class)->parent_changed_notify (device,
|
||||
old_ifindex,
|
||||
old_parent,
|
||||
new_ifindex,
|
||||
new_parent);
|
||||
|
||||
/* note that @self doesn't have to clear @parent_state_id on dispose,
|
||||
* because NMDevice's dispose() will unset the parent, which in turn calls
|
||||
* parent_changed_notify(). */
|
||||
nm_clear_g_signal_handler (old_parent, &priv->parent_state_id);
|
||||
|
||||
if (new_parent) {
|
||||
priv->parent_state_id = g_signal_connect (new_parent,
|
||||
NM_DEVICE_STATE_CHANGED,
|
||||
G_CALLBACK (parent_state_changed),
|
||||
device);
|
||||
|
||||
/* Set parent-dependent unmanaged flag */
|
||||
nm_device_set_unmanaged_by_flags (device,
|
||||
NM_UNMANAGED_PARENT,
|
||||
!nm_device_get_managed (new_parent, FALSE),
|
||||
NM_DEVICE_STATE_REASON_PARENT_MANAGED_CHANGED);
|
||||
}
|
||||
|
||||
/* Recheck availability now that the parent has changed */
|
||||
if (new_ifindex > 0) {
|
||||
nm_device_queue_recheck_available (device,
|
||||
NM_DEVICE_STATE_REASON_PARENT_CHANGED,
|
||||
NM_DEVICE_STATE_REASON_PARENT_CHANGED);
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
update_properties (NMDevice *device)
|
||||
{
|
||||
NMDeviceMacsec *self;
|
||||
NMDeviceMacsecPrivate *priv;
|
||||
const NMPlatformLink *plink = NULL;
|
||||
const NMPlatformLnkMacsec *props = NULL;
|
||||
int ifindex;
|
||||
|
||||
g_return_if_fail (NM_IS_DEVICE_MACSEC (device));
|
||||
self = NM_DEVICE_MACSEC (device);
|
||||
priv = NM_DEVICE_MACSEC_GET_PRIVATE (self);
|
||||
|
||||
ifindex = nm_device_get_ifindex (device);
|
||||
g_return_if_fail (ifindex > 0);
|
||||
props = nm_platform_link_get_lnk_macsec (NM_PLATFORM_GET, ifindex, &plink);
|
||||
|
||||
if (!props) {
|
||||
_LOGW (LOGD_PLATFORM, "could not get macsec properties");
|
||||
return;
|
||||
}
|
||||
|
||||
g_object_freeze_notify ((GObject *) device);
|
||||
|
||||
if (priv->props.parent_ifindex != props->parent_ifindex)
|
||||
nm_device_parent_set_ifindex (device, props->parent_ifindex);
|
||||
|
||||
#define CHECK_PROPERTY_CHANGED(field, prop) \
|
||||
if (props->field != priv->props.field) \
|
||||
_notify (self, prop)
|
||||
|
||||
CHECK_PROPERTY_CHANGED (sci, PROP_SCI);
|
||||
CHECK_PROPERTY_CHANGED (cipher_suite, PROP_CIPHER_SUITE);
|
||||
CHECK_PROPERTY_CHANGED (window, PROP_WINDOW);
|
||||
CHECK_PROPERTY_CHANGED (icv_length, PROP_ICV_LENGTH);
|
||||
CHECK_PROPERTY_CHANGED (encoding_sa, PROP_ENCODING_SA);
|
||||
CHECK_PROPERTY_CHANGED (validation, PROP_VALIDATION);
|
||||
CHECK_PROPERTY_CHANGED (encrypt, PROP_ENCRYPT);
|
||||
CHECK_PROPERTY_CHANGED (protect, PROP_PROTECT);
|
||||
CHECK_PROPERTY_CHANGED (include_sci, PROP_INCLUDE_SCI);
|
||||
CHECK_PROPERTY_CHANGED (es, PROP_ES);
|
||||
CHECK_PROPERTY_CHANGED (scb, PROP_SCB);
|
||||
CHECK_PROPERTY_CHANGED (replay_protect, PROP_REPLAY_PROTECT);
|
||||
|
||||
priv->props = *props;
|
||||
g_object_thaw_notify ((GObject *) device);
|
||||
}
|
||||
|
||||
/******************************************************************/
|
||||
|
||||
static NMDeviceCapabilities
|
||||
get_generic_capabilities (NMDevice *dev)
|
||||
{
|
||||
/* We assume MACsec interfaces always support carrier detect */
|
||||
return NM_DEVICE_CAP_CARRIER_DETECT | NM_DEVICE_CAP_IS_SOFTWARE;
|
||||
}
|
||||
|
||||
/******************************************************************/
|
||||
|
||||
static gboolean
|
||||
is_available (NMDevice *device, NMDeviceCheckDevAvailableFlags flags)
|
||||
{
|
||||
if (!nm_device_parent_get_device (device))
|
||||
return FALSE;
|
||||
return NM_DEVICE_CLASS (nm_device_macsec_parent_class)->is_available (device, flags);
|
||||
}
|
||||
|
||||
static void
|
||||
link_changed (NMDevice *device,
|
||||
const NMPlatformLink *pllink)
|
||||
{
|
||||
NM_DEVICE_CLASS (nm_device_macsec_parent_class)->link_changed (device, pllink);
|
||||
update_properties (device);
|
||||
}
|
||||
|
||||
/******************************************************************/
|
||||
|
||||
static void
|
||||
get_property (GObject *object, guint prop_id,
|
||||
GValue *value, GParamSpec *pspec)
|
||||
{
|
||||
NMDeviceMacsec *self = NM_DEVICE_MACSEC (object);
|
||||
NMDeviceMacsecPrivate *priv = NM_DEVICE_MACSEC_GET_PRIVATE (self);
|
||||
|
||||
switch (prop_id) {
|
||||
case PROP_SCI:
|
||||
g_value_set_uint64 (value, priv->props.sci);
|
||||
break;
|
||||
case PROP_CIPHER_SUITE:
|
||||
g_value_set_uint64 (value, priv->props.cipher_suite);
|
||||
break;
|
||||
case PROP_ICV_LENGTH:
|
||||
g_value_set_uchar (value, priv->props.icv_length);
|
||||
break;
|
||||
case PROP_WINDOW:
|
||||
g_value_set_uint (value, priv->props.window);
|
||||
break;
|
||||
case PROP_ENCODING_SA:
|
||||
g_value_set_uchar (value, priv->props.encoding_sa);
|
||||
break;
|
||||
case PROP_ENCRYPT:
|
||||
g_value_set_boolean (value, priv->props.encrypt);
|
||||
break;
|
||||
case PROP_PROTECT:
|
||||
g_value_set_boolean (value, priv->props.protect);
|
||||
break;
|
||||
case PROP_INCLUDE_SCI:
|
||||
g_value_set_boolean (value, priv->props.include_sci);
|
||||
break;
|
||||
case PROP_ES:
|
||||
g_value_set_boolean (value, priv->props.es);
|
||||
break;
|
||||
case PROP_SCB:
|
||||
g_value_set_boolean (value, priv->props.scb);
|
||||
break;
|
||||
case PROP_REPLAY_PROTECT:
|
||||
g_value_set_boolean (value, priv->props.replay_protect);
|
||||
break;
|
||||
case PROP_VALIDATION:
|
||||
g_value_set_string (value,
|
||||
validation_mode_to_string (priv->props.validation));
|
||||
break;
|
||||
default:
|
||||
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
nm_device_macsec_init (NMDeviceMacsec * self)
|
||||
{
|
||||
}
|
||||
|
||||
static void
|
||||
nm_device_macsec_class_init (NMDeviceMacsecClass *klass)
|
||||
{
|
||||
GObjectClass *object_class = G_OBJECT_CLASS (klass);
|
||||
NMDeviceClass *parent_class = NM_DEVICE_CLASS (klass);
|
||||
|
||||
NM_DEVICE_CLASS_DECLARE_TYPES (klass, NULL, NM_LINK_TYPE_MACSEC)
|
||||
|
||||
object_class->get_property = get_property;
|
||||
|
||||
parent_class->get_generic_capabilities = get_generic_capabilities;
|
||||
parent_class->is_available = is_available;
|
||||
parent_class->link_changed = link_changed;
|
||||
parent_class->parent_changed_notify = parent_changed_notify;
|
||||
|
||||
obj_properties[PROP_SCI] =
|
||||
g_param_spec_uint64 (NM_DEVICE_MACSEC_SCI, "", "",
|
||||
0, G_MAXUINT64, 0,
|
||||
G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
|
||||
obj_properties[PROP_CIPHER_SUITE] =
|
||||
g_param_spec_uint64 (NM_DEVICE_MACSEC_CIPHER_SUITE, "", "",
|
||||
0, G_MAXUINT64, 0,
|
||||
G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
|
||||
obj_properties[PROP_ICV_LENGTH] =
|
||||
g_param_spec_uchar (NM_DEVICE_MACSEC_ICV_LENGTH, "", "",
|
||||
0, G_MAXUINT8, 0,
|
||||
G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
|
||||
obj_properties[PROP_WINDOW] =
|
||||
g_param_spec_uint (NM_DEVICE_MACSEC_WINDOW, "", "",
|
||||
0, G_MAXUINT32, 0,
|
||||
G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
|
||||
obj_properties[PROP_ENCODING_SA] =
|
||||
g_param_spec_uchar (NM_DEVICE_MACSEC_ENCODING_SA, "", "",
|
||||
0, 3, 0,
|
||||
G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
|
||||
obj_properties[PROP_VALIDATION] =
|
||||
g_param_spec_string (NM_DEVICE_MACSEC_VALIDATION, "", "",
|
||||
NULL,
|
||||
G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
|
||||
obj_properties[PROP_ENCRYPT] =
|
||||
g_param_spec_boolean (NM_DEVICE_MACSEC_ENCRYPT, "", "",
|
||||
FALSE,
|
||||
G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
|
||||
obj_properties[PROP_PROTECT] =
|
||||
g_param_spec_boolean (NM_DEVICE_MACSEC_PROTECT, "", "",
|
||||
FALSE,
|
||||
G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
|
||||
obj_properties[PROP_INCLUDE_SCI] =
|
||||
g_param_spec_boolean (NM_DEVICE_MACSEC_INCLUDE_SCI, "", "",
|
||||
FALSE,
|
||||
G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
|
||||
obj_properties[PROP_ES] =
|
||||
g_param_spec_boolean (NM_DEVICE_MACSEC_ES, "", "",
|
||||
FALSE,
|
||||
G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
|
||||
obj_properties[PROP_SCB] =
|
||||
g_param_spec_boolean (NM_DEVICE_MACSEC_SCB, "", "",
|
||||
FALSE,
|
||||
G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
|
||||
obj_properties[PROP_REPLAY_PROTECT] =
|
||||
g_param_spec_boolean (NM_DEVICE_MACSEC_REPLAY_PROTECT, "", "",
|
||||
FALSE,
|
||||
G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
|
||||
|
||||
g_object_class_install_properties (object_class, _PROPERTY_ENUMS_LAST, obj_properties);
|
||||
|
||||
nm_exported_object_class_add_interface (NM_EXPORTED_OBJECT_CLASS (klass),
|
||||
NMDBUS_TYPE_DEVICE_MACSEC_SKELETON,
|
||||
NULL);
|
||||
}
|
||||
|
||||
/*************************************************************/
|
||||
|
||||
#define NM_TYPE_MACSEC_DEVICE_FACTORY (nm_macsec_device_factory_get_type ())
|
||||
#define NM_MACSEC_DEVICE_FACTORY(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_MACSEC_DEVICE_FACTORY, NMMacsecDeviceFactory))
|
||||
|
||||
static NMDevice *
|
||||
create_device (NMDeviceFactory *factory,
|
||||
const char *iface,
|
||||
const NMPlatformLink *plink,
|
||||
NMConnection *connection,
|
||||
gboolean *out_ignore)
|
||||
{
|
||||
return (NMDevice *) g_object_new (NM_TYPE_DEVICE_MACSEC,
|
||||
NM_DEVICE_IFACE, iface,
|
||||
NM_DEVICE_TYPE_DESC, "Macsec",
|
||||
NM_DEVICE_DEVICE_TYPE, NM_DEVICE_TYPE_MACSEC,
|
||||
NM_DEVICE_LINK_TYPE, NM_LINK_TYPE_MACSEC,
|
||||
NULL);
|
||||
}
|
||||
|
||||
NM_DEVICE_FACTORY_DEFINE_INTERNAL (MACSEC, Macsec, macsec,
|
||||
NM_DEVICE_FACTORY_DECLARE_LINK_TYPES (NM_LINK_TYPE_MACSEC),
|
||||
factory_class->create_device = create_device;
|
||||
)
|
54
src/devices/nm-device-macsec.h
Normal file
54
src/devices/nm-device-macsec.h
Normal file
|
@ -0,0 +1,54 @@
|
|||
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
|
||||
/* NetworkManager -- Network link manager
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Copyright 2017 Red Hat, Inc.
|
||||
*/
|
||||
|
||||
#ifndef __NM_DEVICE_MACSEC_H__
|
||||
#define __NM_DEVICE_MACSEC_H__
|
||||
|
||||
#include "nm-device.h"
|
||||
|
||||
#define NM_TYPE_DEVICE_MACSEC (nm_device_macsec_get_type ())
|
||||
#define NM_DEVICE_MACSEC(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_DEVICE_MACSEC, NMDeviceMacsec))
|
||||
#define NM_DEVICE_MACSEC_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NM_TYPE_DEVICE_MACSEC, NMDeviceMacsecClass))
|
||||
#define NM_IS_DEVICE_MACSEC(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NM_TYPE_DEVICE_MACSEC))
|
||||
#define NM_IS_DEVICE_MACSEC_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NM_TYPE_DEVICE_MACSEC))
|
||||
#define NM_DEVICE_MACSEC_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NM_TYPE_DEVICE_MACSEC, NMDeviceMacsecClass))
|
||||
|
||||
#define NM_DEVICE_MACSEC_SCI "sci"
|
||||
#define NM_DEVICE_MACSEC_CIPHER_SUITE "cipher-suite"
|
||||
#define NM_DEVICE_MACSEC_ICV_LENGTH "icv-length"
|
||||
#define NM_DEVICE_MACSEC_WINDOW "window"
|
||||
#define NM_DEVICE_MACSEC_ENCODING_SA "encoding-sa"
|
||||
#define NM_DEVICE_MACSEC_VALIDATION "validation"
|
||||
#define NM_DEVICE_MACSEC_ENCRYPT "encrypt"
|
||||
#define NM_DEVICE_MACSEC_PROTECT "protect"
|
||||
#define NM_DEVICE_MACSEC_INCLUDE_SCI "include-sci"
|
||||
#define NM_DEVICE_MACSEC_ES "es"
|
||||
#define NM_DEVICE_MACSEC_SCB "scb"
|
||||
#define NM_DEVICE_MACSEC_REPLAY_PROTECT "replay-protect"
|
||||
|
||||
/* defined in the parent class, but exposed on D-Bus by the subclass. */
|
||||
#define NM_DEVICE_MACSEC_PARENT NM_DEVICE_PARENT
|
||||
|
||||
typedef struct _NMDeviceMacsec NMDeviceMacsec;
|
||||
typedef struct _NMDeviceMacsecClass NMDeviceMacsecClass;
|
||||
|
||||
GType nm_device_macsec_get_type (void);
|
||||
|
||||
#endif /* __NM_DEVICE_MACSEC_H__ */
|
|
@ -1330,6 +1330,8 @@ nm_device_get_priority (NMDevice *self)
|
|||
case NM_DEVICE_TYPE_ETHERNET:
|
||||
case NM_DEVICE_TYPE_VETH:
|
||||
return 100;
|
||||
case NM_DEVICE_TYPE_MACSEC:
|
||||
return 125;
|
||||
case NM_DEVICE_TYPE_INFINIBAND:
|
||||
return 150;
|
||||
case NM_DEVICE_TYPE_ADSL:
|
||||
|
|
Loading…
Reference in New Issue
Block a user