diff --git a/Makefile.am b/Makefile.am
index 1631c3c957..4ebf7b0bd9 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -195,6 +195,8 @@ introspection_sources = \
introspection/org.freedesktop.NetworkManager.Device.Infiniband.h \
introspection/org.freedesktop.NetworkManager.Device.IPTunnel.c \
introspection/org.freedesktop.NetworkManager.Device.IPTunnel.h \
+ introspection/org.freedesktop.NetworkManager.Device.Macsec.c \
+ introspection/org.freedesktop.NetworkManager.Device.Macsec.h \
introspection/org.freedesktop.NetworkManager.Device.Macvlan.c \
introspection/org.freedesktop.NetworkManager.Device.Macvlan.h \
introspection/org.freedesktop.NetworkManager.Device.Modem.c \
@@ -262,6 +264,7 @@ DBUS_INTERFACE_DOCS = \
docs/api/dbus-org.freedesktop.NetworkManager.Device.Vxlan.xml \
docs/api/dbus-org.freedesktop.NetworkManager.Settings.Connection.xml \
docs/api/dbus-org.freedesktop.NetworkManager.Device.Bond.xml \
+ docs/api/dbus-org.freedesktop.NetworkManager.Device.Macsec.xml \
docs/api/dbus-org.freedesktop.NetworkManager.Device.Macvlan.xml \
docs/api/dbus-org.freedesktop.NetworkManager.PPP.xml \
docs/api/dbus-org.freedesktop.NetworkManager.Device.Vlan.xml \
@@ -313,6 +316,7 @@ dbusinterfaces_DATA = \
introspection/org.freedesktop.NetworkManager.Device.Generic.xml \
introspection/org.freedesktop.NetworkManager.Device.Infiniband.xml \
introspection/org.freedesktop.NetworkManager.Device.IPTunnel.xml \
+ introspection/org.freedesktop.NetworkManager.Device.Macsec.xml \
introspection/org.freedesktop.NetworkManager.Device.Macvlan.xml \
introspection/org.freedesktop.NetworkManager.Device.Modem.xml \
introspection/org.freedesktop.NetworkManager.Device.OlpcMesh.xml \
@@ -668,6 +672,7 @@ libnm_lib_h_pub_real = \
libnm/nm-device-generic.h \
libnm/nm-device-infiniband.h \
libnm/nm-device-ip-tunnel.h \
+ libnm/nm-device-macsec.h \
libnm/nm-device-macvlan.h \
libnm/nm-device-modem.h \
libnm/nm-device-olpc-mesh.h \
@@ -717,6 +722,7 @@ libnm_lib_c_real = \
libnm/nm-device-generic.c \
libnm/nm-device-infiniband.c \
libnm/nm-device-ip-tunnel.c \
+ libnm/nm-device-macsec.c \
libnm/nm-device-macvlan.c \
libnm/nm-device-modem.c \
libnm/nm-device-olpc-mesh.c \
@@ -1291,6 +1297,8 @@ src_libNetworkManager_la_SOURCES = \
src/devices/nm-device-infiniband.h \
src/devices/nm-device-ip-tunnel.c \
src/devices/nm-device-ip-tunnel.h \
+ src/devices/nm-device-macsec.c \
+ src/devices/nm-device-macsec.h \
src/devices/nm-device-macvlan.c \
src/devices/nm-device-macvlan.h \
src/devices/nm-device-tun.c \
diff --git a/docs/api/Makefile.am b/docs/api/Makefile.am
index 18cb167dc7..bb54fb35ea 100644
--- a/docs/api/Makefile.am
+++ b/docs/api/Makefile.am
@@ -55,6 +55,7 @@ content_files = \
dbus-org.freedesktop.NetworkManager.Settings.Connection.xml \
dbus-org.freedesktop.NetworkManager.Device.Bond.xml \
dbus-org.freedesktop.NetworkManager.Device.Macvlan.xml \
+ dbus-org.freedesktop.NetworkManager.Device.Macsec.xml \
dbus-org.freedesktop.NetworkManager.PPP.xml \
dbus-org.freedesktop.NetworkManager.Device.Vlan.xml \
dbus-org.freedesktop.NetworkManager.Device.Adsl.xml \
diff --git a/docs/api/network-manager-docs.xml b/docs/api/network-manager-docs.xml
index 51ac3d1483..45164ce068 100644
--- a/docs/api/network-manager-docs.xml
+++ b/docs/api/network-manager-docs.xml
@@ -82,6 +82,7 @@
+
diff --git a/introspection/org.freedesktop.NetworkManager.Device.Macsec.xml b/introspection/org.freedesktop.NetworkManager.Device.Macsec.xml
new file mode 100644
index 0000000000..e67f937cbb
--- /dev/null
+++ b/introspection/org.freedesktop.NetworkManager.Device.Macsec.xml
@@ -0,0 +1,113 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/libnm-core/nm-dbus-interface.h b/libnm-core/nm-dbus-interface.h
index 9ad3aad30d..d2d54f69c5 100644
--- a/libnm-core/nm-dbus-interface.h
+++ b/libnm-core/nm-dbus-interface.h
@@ -64,6 +64,7 @@
#define NM_DBUS_INTERFACE_DEVICE_GENERIC NM_DBUS_INTERFACE_DEVICE ".Generic"
#define NM_DBUS_INTERFACE_DEVICE_VETH NM_DBUS_INTERFACE_DEVICE ".Veth"
#define NM_DBUS_INTERFACE_DEVICE_TUN NM_DBUS_INTERFACE_DEVICE ".Tun"
+#define NM_DBUS_INTERFACE_DEVICE_MACSEC NM_DBUS_INTERFACE_DEVICE ".Macsec"
#define NM_DBUS_INTERFACE_DEVICE_MACVLAN NM_DBUS_INTERFACE_DEVICE ".Macvlan"
#define NM_DBUS_INTERFACE_DEVICE_VXLAN NM_DBUS_INTERFACE_DEVICE ".Vxlan"
#define NM_DBUS_INTERFACE_DEVICE_GRE NM_DBUS_INTERFACE_DEVICE ".Gre"
@@ -169,6 +170,7 @@ typedef enum {
* @NM_DEVICE_TYPE_MACVLAN: a MACVLAN interface
* @NM_DEVICE_TYPE_VXLAN: a VXLAN interface
* @NM_DEVICE_TYPE_VETH: a VETH interface
+ * @NM_DEVICE_TYPE_MACSEC: a MACsec interface
*
* #NMDeviceType values indicate the type of hardware represented by a
* device object.
@@ -195,6 +197,7 @@ typedef enum {
NM_DEVICE_TYPE_MACVLAN = 18,
NM_DEVICE_TYPE_VXLAN = 19,
NM_DEVICE_TYPE_VETH = 20,
+ NM_DEVICE_TYPE_MACSEC = 21,
} NMDeviceType;
/**
diff --git a/libnm/libnm.ver b/libnm/libnm.ver
index cc39286564..1c58d6c14b 100644
--- a/libnm/libnm.ver
+++ b/libnm/libnm.ver
@@ -1091,6 +1091,20 @@ global:
nm_client_get_dns_mode;
nm_client_get_dns_rc_manager;
nm_connection_get_setting_proxy;
+ nm_device_macsec_get_cipher_suite;
+ nm_device_macsec_get_encoding_sa;
+ nm_device_macsec_get_encrypt;
+ nm_device_macsec_get_es;
+ nm_device_macsec_get_hw_address;
+ nm_device_macsec_get_icv_length;
+ nm_device_macsec_get_include_sci;
+ nm_device_macsec_get_protect;
+ nm_device_macsec_get_replay_protect;
+ nm_device_macsec_get_scb;
+ nm_device_macsec_get_sci;
+ nm_device_macsec_get_type;
+ nm_device_macsec_get_validation;
+ nm_device_macsec_get_window;
nm_dns_entry_get_domains;
nm_dns_entry_get_interface;
nm_dns_entry_get_nameservers;
diff --git a/libnm/nm-client.c b/libnm/nm-client.c
index 4b31236e39..63eaa84ce3 100644
--- a/libnm/nm-client.c
+++ b/libnm/nm-client.c
@@ -56,6 +56,7 @@
#include "nm-device-generic.h"
#include "nm-device-infiniband.h"
#include "nm-device-ip-tunnel.h"
+#include "nm-device-macsec.h"
#include "nm-device-macvlan.h"
#include "nm-device-modem.h"
#include "nm-device-olpc-mesh.h"
@@ -2061,6 +2062,8 @@ obj_nm_for_gdbus_object (GDBusObject *object, GDBusObjectManager *object_manager
type = NM_TYPE_DEVICE_INFINIBAND;
else if (strcmp (ifname, NM_DBUS_INTERFACE_DEVICE_IP_TUNNEL) == 0)
type = NM_TYPE_DEVICE_IP_TUNNEL;
+ else if (strcmp (ifname, NM_DBUS_INTERFACE_DEVICE_MACSEC) == 0)
+ type = NM_TYPE_DEVICE_MACSEC;
else if (strcmp (ifname, NM_DBUS_INTERFACE_DEVICE_MACVLAN) == 0)
type = NM_TYPE_DEVICE_MACVLAN;
else if (strcmp (ifname, NM_DBUS_INTERFACE_DEVICE_MODEM) == 0)
diff --git a/libnm/nm-device-macsec.c b/libnm/nm-device-macsec.c
new file mode 100644
index 0000000000..c4762041be
--- /dev/null
+++ b/libnm/nm-device-macsec.c
@@ -0,0 +1,639 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
+/*
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the
+ * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301 USA.
+ *
+ * Copyright 2017 Red Hat, Inc.
+ */
+
+#include "nm-default.h"
+
+#include
+
+#include "nm-device-macsec.h"
+#include "nm-device-private.h"
+#include "nm-object-private.h"
+#include "nm-utils.h"
+
+G_DEFINE_TYPE (NMDeviceMacsec, nm_device_macsec, NM_TYPE_DEVICE)
+
+#define NM_DEVICE_MACSEC_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), NM_TYPE_DEVICE_MACSEC, NMDeviceMacsecPrivate))
+
+typedef struct {
+ NMDevice *parent;
+ char *hw_address;
+ guint64 sci;
+ guint64 cipher_suite;
+ guint8 icv_length;
+ guint32 window;
+ guint8 encoding_sa;
+ gboolean encrypt;
+ gboolean protect;
+ gboolean include_sci;
+ gboolean es;
+ gboolean scb;
+ gboolean replay_protect;
+ char *validation;
+} NMDeviceMacsecPrivate;
+
+NM_GOBJECT_PROPERTIES_DEFINE_BASE (
+ PROP_PARENT,
+ PROP_HW_ADDRESS,
+ PROP_SCI,
+ PROP_CIPHER_SUITE,
+ PROP_ICV_LENGTH,
+ PROP_WINDOW,
+ PROP_ENCODING_SA,
+ PROP_ENCRYPT,
+ PROP_PROTECT,
+ PROP_INCLUDE_SCI,
+ PROP_ES,
+ PROP_SCB,
+ PROP_REPLAY_PROTECT,
+ PROP_VALIDATION,
+);
+
+/**
+ * nm_device_macsec_get_parent:
+ * @device: a #NMDeviceMacsec
+ *
+ * Returns: (transfer none): the device's parent device
+ *
+ * Since: 1.6
+ **/
+NMDevice *
+nm_device_macsec_get_parent (NMDeviceMacsec *device)
+{
+ g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), NULL);
+
+ return NM_DEVICE_MACSEC_GET_PRIVATE (device)->parent;
+}
+
+/**
+ * nm_device_macsec_get_hw_address:
+ * @device: a #NMDeviceMacsec
+ *
+ * Gets the hardware (MAC) address of the #NMDeviceMacsec
+ *
+ * Returns: the hardware address. This is the internal string used by the
+ * device, and must not be modified.
+ *
+ * Since: 1.6
+ **/
+const char *
+nm_device_macsec_get_hw_address (NMDeviceMacsec *device)
+{
+ g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), NULL);
+
+ return NM_DEVICE_MACSEC_GET_PRIVATE (device)->hw_address;
+}
+
+/**
+ * nm_device_macsec_get_sci:
+ * @device: a #NMDeviceMacsec
+ *
+ * Gets the Secure Channel Identifier in use
+ *
+ * Returns: the SCI
+ *
+ * Since: 1.6
+ **/
+guint64
+nm_device_macsec_get_sci (NMDeviceMacsec *device)
+{
+ g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), 0);
+
+ return NM_DEVICE_MACSEC_GET_PRIVATE (device)->sci;
+}
+
+/**
+ * nm_device_macsec_get_icv_length:
+ * @device: a #NMDeviceMacsec
+ *
+ * Gets the length of ICV (Integrity Check Value)
+ *
+ * Returns: the length of ICV
+ *
+ * Since: 1.6
+ **/
+guint8
+nm_device_macsec_get_icv_length (NMDeviceMacsec *device)
+{
+ g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), 0);
+
+ return NM_DEVICE_MACSEC_GET_PRIVATE (device)->icv_length;
+}
+
+/**
+ * nm_device_macsec_get_cipher_suite:
+ * @device: a #NMDeviceMacsec
+ *
+ * Gets the set of cryptographic algorithms in use
+ *
+ * Returns:
+ *
+ * Since: 1.6
+ **/
+guint64
+nm_device_macsec_get_cipher_suite (NMDeviceMacsec *device)
+{
+ g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), 0);
+
+ return NM_DEVICE_MACSEC_GET_PRIVATE (device)->cipher_suite;
+}
+
+/**
+ * nm_device_macsec_get_window:
+ * @device: a #NMDeviceMacsec
+ *
+ * Gets the size of the replay window
+ *
+ * Returns: size of the replay window
+ *
+ * Since: 1.6
+ **/
+guint
+nm_device_macsec_get_window (NMDeviceMacsec *device)
+{
+ g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), 0);
+
+ return NM_DEVICE_MACSEC_GET_PRIVATE (device)->window;
+}
+
+/**
+ * nm_device_macsec_get_encoding_sa:
+ * @device: a #NMDeviceMacsec
+ *
+ * Gets the value of the Association Number (0..3) for the Security
+ * Association in use.
+ *
+ * Returns: the current Security Association
+ *
+ * Since: 1.6
+ **/
+guint8
+nm_device_macsec_get_encoding_sa (NMDeviceMacsec *device)
+{
+ g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), 0);
+
+ return NM_DEVICE_MACSEC_GET_PRIVATE (device)->encoding_sa;
+}
+
+/**
+ * nm_device_macsec_get_validation:
+ * @device: a #NMDeviceMacsec
+ *
+ * Gets the validation mode for incoming packets (strict, check,
+ * disabled)
+ *
+ * Returns: the validation mode
+ *
+ * Since: 1.6
+ **/
+const char *
+nm_device_macsec_get_validation (NMDeviceMacsec *device)
+{
+ g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), NULL);
+
+ return NM_DEVICE_MACSEC_GET_PRIVATE (device)->validation;
+}
+
+/**
+ * nm_device_macsec_get_encrypt:
+ * @device: a #NMDeviceMacsec
+ *
+ * Gets whether encryption of transmitted frames is enabled
+ *
+ * Returns: whether encryption is enabled
+ *
+ * Since: 1.6
+ **/
+gboolean
+nm_device_macsec_get_encrypt (NMDeviceMacsec *device)
+{
+ g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), FALSE);
+
+ return NM_DEVICE_MACSEC_GET_PRIVATE (device)->encrypt;
+}
+
+/**
+ * nm_device_macsec_get_protect:
+ * @device: a #NMDeviceMacsec
+ *
+ * Gets whether protection of transmitted frames is enabled
+ *
+ * Returns: whether protection is enabled
+ *
+ * Since: 1.6
+ **/
+gboolean
+nm_device_macsec_get_protect (NMDeviceMacsec *device)
+{
+ g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), FALSE);
+
+ return NM_DEVICE_MACSEC_GET_PRIVATE (device)->protect;
+}
+
+/**
+ * nm_device_macsec_get_include_sci:
+ * @device: a #NMDeviceMacsec
+ *
+ * Gets whether the SCI is always included in SecTAG for transmitted
+ * frames
+ *
+ * Returns: whether the SCI is always included
+ *
+ * Since: 1.6
+ **/
+gboolean
+nm_device_macsec_get_include_sci (NMDeviceMacsec *device)
+{
+ g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), FALSE);
+
+ return NM_DEVICE_MACSEC_GET_PRIVATE (device)->include_sci;
+}
+
+/**
+ * nm_device_macsec_get_es:
+ * @device: a #NMDeviceMacsec
+ *
+ * Gets whether the ES (End station) bit is enabled in SecTAG for
+ * transmitted frames
+ *
+ * Returns: whether the ES (End station) bit is enabled
+ *
+ * Since: 1.6
+ **/
+gboolean
+nm_device_macsec_get_es (NMDeviceMacsec *device)
+{
+ g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), FALSE);
+
+ return NM_DEVICE_MACSEC_GET_PRIVATE (device)->es;
+}
+
+/**
+ * nm_device_macsec_get_scb:
+ * @device: a #NMDeviceMacsec
+ *
+ * Gets whether the SCB (Single Copy Broadcast) bit is enabled in
+ * SecTAG for transmitted frames
+ *
+ * Returns: whether the SCB (Single Copy Broadcast) bit is enabled
+ *
+ * Since: 1.6
+ **/
+gboolean
+nm_device_macsec_get_scb (NMDeviceMacsec *device)
+{
+ g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), FALSE);
+
+ return NM_DEVICE_MACSEC_GET_PRIVATE (device)->scb;
+}
+
+/**
+ * nm_device_macsec_get_replay_protect:
+ * @device: a #NMDeviceMacsec
+ *
+ * Gets whether replay protection is enabled
+ *
+ * Returns: whether replay protection is enabled
+ *
+ * Since: 1.6
+ **/
+gboolean
+nm_device_macsec_get_replay_protect (NMDeviceMacsec *device)
+{
+ g_return_val_if_fail (NM_IS_DEVICE_MACSEC (device), FALSE);
+
+ return NM_DEVICE_MACSEC_GET_PRIVATE (device)->replay_protect;
+}
+
+static const char *
+get_hw_address (NMDevice *device)
+{
+ return nm_device_macsec_get_hw_address (NM_DEVICE_MACSEC (device));
+}
+
+/***********************************************************/
+
+static void
+nm_device_macsec_init (NMDeviceMacsec *device)
+{
+}
+
+static void
+init_dbus (NMObject *object)
+{
+ NMDeviceMacsecPrivate *priv = NM_DEVICE_MACSEC_GET_PRIVATE (object);
+ const NMPropertiesInfo property_info[] = {
+ { NM_DEVICE_MACSEC_PARENT, &priv->parent, NULL, NM_TYPE_DEVICE },
+ { NM_DEVICE_MACSEC_HW_ADDRESS, &priv->hw_address },
+ { NM_DEVICE_MACSEC_SCI, &priv->sci },
+ { NM_DEVICE_MACSEC_CIPHER_SUITE, &priv->cipher_suite },
+ { NM_DEVICE_MACSEC_ICV_LENGTH, &priv->icv_length },
+ { NM_DEVICE_MACSEC_WINDOW, &priv->window },
+ { NM_DEVICE_MACSEC_ENCODING_SA, &priv->encoding_sa },
+ { NM_DEVICE_MACSEC_ENCRYPT, &priv->encrypt },
+ { NM_DEVICE_MACSEC_PROTECT, &priv->protect },
+ { NM_DEVICE_MACSEC_INCLUDE_SCI, &priv->include_sci },
+ { NM_DEVICE_MACSEC_ES, &priv->es },
+ { NM_DEVICE_MACSEC_SCB, &priv->scb },
+ { NM_DEVICE_MACSEC_REPLAY_PROTECT, &priv->replay_protect },
+ { NM_DEVICE_MACSEC_VALIDATION, &priv->validation },
+ { NULL },
+ };
+
+ NM_OBJECT_CLASS (nm_device_macsec_parent_class)->init_dbus (object);
+
+ _nm_object_register_properties (object,
+ NM_DBUS_INTERFACE_DEVICE_MACSEC,
+ property_info);
+}
+
+static void
+finalize (GObject *object)
+{
+ NMDeviceMacsecPrivate *priv = NM_DEVICE_MACSEC_GET_PRIVATE (object);
+
+ g_free (priv->validation);
+ g_free (priv->hw_address);
+ g_clear_object (&priv->parent);
+
+ G_OBJECT_CLASS (nm_device_macsec_parent_class)->finalize (object);
+}
+
+static void
+get_property (GObject *object,
+ guint prop_id,
+ GValue *value,
+ GParamSpec *pspec)
+{
+ NMDeviceMacsec *device = NM_DEVICE_MACSEC (object);
+
+ switch (prop_id) {
+ case PROP_PARENT:
+ g_value_set_object (value, nm_device_macsec_get_parent (device));
+ break;
+ case PROP_HW_ADDRESS:
+ g_value_set_string (value, nm_device_macsec_get_hw_address (device));
+ break;
+ case PROP_SCI:
+ g_value_set_uint64 (value, nm_device_macsec_get_sci (device));
+ break;
+ case PROP_ICV_LENGTH:
+ g_value_set_uchar (value, nm_device_macsec_get_icv_length (device));
+ break;
+ case PROP_CIPHER_SUITE:
+ g_value_set_uint64 (value, nm_device_macsec_get_cipher_suite (device));
+ break;
+ case PROP_WINDOW:
+ g_value_set_uint (value, nm_device_macsec_get_window (device));
+ break;
+ case PROP_ENCODING_SA:
+ g_value_set_uchar (value, nm_device_macsec_get_encoding_sa (device));
+ break;
+ case PROP_VALIDATION:
+ g_value_set_string (value, nm_device_macsec_get_validation (device));
+ break;
+ case PROP_ENCRYPT:
+ g_value_set_boolean (value, nm_device_macsec_get_encrypt (device));
+ break;
+ case PROP_PROTECT:
+ g_value_set_boolean (value, nm_device_macsec_get_protect (device));
+ break;
+ case PROP_INCLUDE_SCI:
+ g_value_set_boolean (value, nm_device_macsec_get_include_sci (device));
+ break;
+ case PROP_ES:
+ g_value_set_boolean (value, nm_device_macsec_get_es (device));
+ break;
+ case PROP_SCB:
+ g_value_set_boolean (value, nm_device_macsec_get_scb (device));
+ break;
+ case PROP_REPLAY_PROTECT:
+ g_value_set_boolean (value, nm_device_macsec_get_replay_protect (device));
+ break;
+ default:
+ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+ break;
+ }
+}
+
+static void
+nm_device_macsec_class_init (NMDeviceMacsecClass *macsec_class)
+{
+ GObjectClass *object_class = G_OBJECT_CLASS (macsec_class);
+ NMObjectClass *nm_object_class = NM_OBJECT_CLASS (macsec_class);
+ NMDeviceClass *device_class = NM_DEVICE_CLASS (macsec_class);
+
+ g_type_class_add_private (macsec_class, sizeof (NMDeviceMacsecPrivate));
+
+ object_class->finalize = finalize;
+ object_class->get_property = get_property;
+
+ nm_object_class->init_dbus = init_dbus;
+
+ device_class->get_hw_address = get_hw_address;
+
+ /**
+ * NMDeviceMacsec:parent:
+ *
+ * The devices's parent device.
+ *
+ * Since: 1.6
+ **/
+ obj_properties[PROP_PARENT] =
+ g_param_spec_object (NM_DEVICE_MACSEC_PARENT, "", "",
+ NM_TYPE_DEVICE,
+ G_PARAM_READABLE |
+ G_PARAM_STATIC_STRINGS);
+
+ /**
+ * NMDeviceMacsec:hw-address:
+ *
+ * The hardware (MAC) address of the device.
+ *
+ * Since: 1.6
+ **/
+ obj_properties[PROP_HW_ADDRESS] =
+ g_param_spec_string (NM_DEVICE_MACSEC_HW_ADDRESS, "", "",
+ NULL,
+ G_PARAM_READABLE |
+ G_PARAM_STATIC_STRINGS);
+
+ /**
+ * NMDeviceMacsec:sci:
+ *
+ * The Secure Channel Identifier in use.
+ *
+ * Since: 1.6
+ **/
+ obj_properties[PROP_SCI] =
+ g_param_spec_uint64 (NM_DEVICE_MACSEC_SCI, "", "",
+ 0, G_MAXUINT64, 0,
+ G_PARAM_READABLE |
+ G_PARAM_STATIC_STRINGS);
+
+ /**
+ * NMDeviceMacsec:icv-length:
+ *
+ * The length of ICV (Integrity Check Value).
+ *
+ * Since: 1.6
+ **/
+ obj_properties[PROP_ICV_LENGTH] =
+ g_param_spec_uchar (NM_DEVICE_MACSEC_ICV_LENGTH, "", "",
+ 0, G_MAXUINT8, 0,
+ G_PARAM_READABLE |
+ G_PARAM_STATIC_STRINGS);
+
+ /**
+ * NMDeviceMacsec:cipher-suite:
+ *
+ * The set of cryptographic algorithms in use.
+ *
+ * Since: 1.6
+ **/
+ obj_properties[PROP_CIPHER_SUITE] =
+ g_param_spec_uint64 (NM_DEVICE_MACSEC_CIPHER_SUITE, "", "",
+ 0, G_MAXUINT64, 0,
+ G_PARAM_READABLE |
+ G_PARAM_STATIC_STRINGS);
+
+ /**
+ * NMDeviceMacsec:window:
+ *
+ * The size of the replay window.
+ *
+ * Since: 1.6
+ **/
+ obj_properties[PROP_WINDOW] =
+ g_param_spec_uint (NM_DEVICE_MACSEC_WINDOW, "", "",
+ 0, G_MAXUINT32, 0,
+ G_PARAM_READABLE |
+ G_PARAM_STATIC_STRINGS);
+
+ /**
+ * NMDeviceMacsec:encoding-sa:
+ *
+ * The value of the Association Number (0..3) for the Security
+ * Association in use.
+ *
+ * Since: 1.6
+ **/
+ obj_properties[PROP_ENCODING_SA] =
+ g_param_spec_uchar (NM_DEVICE_MACSEC_ENCODING_SA, "", "",
+ 0, G_MAXUINT8, 0,
+ G_PARAM_READABLE |
+ G_PARAM_STATIC_STRINGS);
+
+ /**
+ * NMDeviceMacsec:validation:
+ *
+ * The validation mode for incoming packets (strict, check,
+ * disabled).
+ *
+ * Since: 1.6
+ **/
+ obj_properties[PROP_VALIDATION] =
+ g_param_spec_string (NM_DEVICE_MACSEC_VALIDATION, "", "",
+ NULL,
+ G_PARAM_READABLE |
+ G_PARAM_STATIC_STRINGS);
+
+ /**
+ * NMDeviceMacsec:encrypt:
+ *
+ * Whether encryption of transmitted frames is enabled.
+ *
+ * Since: 1.6
+ **/
+ obj_properties[PROP_ENCRYPT] =
+ g_param_spec_boolean (NM_DEVICE_MACSEC_ENCRYPT, "", "",
+ FALSE,
+ G_PARAM_READABLE |
+ G_PARAM_STATIC_STRINGS);
+
+ /**
+ * NMDeviceMacsec:protect:
+ *
+ * Whether protection of transmitted frames is enabled.
+ *
+ * Since: 1.6
+ **/
+ obj_properties[PROP_PROTECT] =
+ g_param_spec_boolean (NM_DEVICE_MACSEC_PROTECT, "", "",
+ FALSE,
+ G_PARAM_READABLE |
+ G_PARAM_STATIC_STRINGS);
+
+ /**
+ * NMDeviceMacsec:include-sci:
+ *
+ * Whether the SCI is always included in SecTAG for transmitted
+ * frames.
+ *
+ * Since: 1.6
+ **/
+ obj_properties[PROP_INCLUDE_SCI] =
+ g_param_spec_boolean (NM_DEVICE_MACSEC_INCLUDE_SCI, "", "",
+ FALSE,
+ G_PARAM_READABLE |
+ G_PARAM_STATIC_STRINGS);
+
+ /**
+ * NMDeviceMacsec:es:
+ *
+ * Whether the ES (End station) bit is enabled in SecTAG for
+ * transmitted frames.
+ *
+ * Since: 1.6
+ **/
+ obj_properties[PROP_ES] =
+ g_param_spec_boolean (NM_DEVICE_MACSEC_ES, "", "",
+ FALSE,
+ G_PARAM_READABLE |
+ G_PARAM_STATIC_STRINGS);
+
+ /**
+ * NMDeviceMacsec:scb:
+ *
+ * Whether the SCB (Single Copy Broadcast) bit is enabled in
+ * SecTAG for transmitted frames.
+ *
+ * Since: 1.6
+ **/
+ obj_properties[PROP_SCB] =
+ g_param_spec_boolean (NM_DEVICE_MACSEC_SCB, "", "",
+ FALSE,
+ G_PARAM_READABLE |
+ G_PARAM_STATIC_STRINGS);
+
+ /**
+ * NMDeviceMacsec:replay-protect:
+ *
+ * Whether replay protection is enabled.
+ *
+ * Since: 1.6
+ **/
+ obj_properties[PROP_REPLAY_PROTECT] =
+ g_param_spec_boolean (NM_DEVICE_MACSEC_REPLAY_PROTECT, "", "",
+ FALSE,
+ G_PARAM_READABLE |
+ G_PARAM_STATIC_STRINGS);
+
+ g_object_class_install_properties (object_class, _PROPERTY_ENUMS_LAST, obj_properties);
+}
diff --git a/libnm/nm-device-macsec.h b/libnm/nm-device-macsec.h
new file mode 100644
index 0000000000..d6d7c0ef79
--- /dev/null
+++ b/libnm/nm-device-macsec.h
@@ -0,0 +1,101 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
+/*
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the
+ * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301 USA.
+ *
+ * Copyright 2017 Red Hat, Inc.
+ */
+
+#ifndef __NM_DEVICE_MACSEC_H__
+#define __NM_DEVICE_MACSEC_H__
+
+#if !defined (__NETWORKMANAGER_H_INSIDE__) && !defined(NETWORKMANAGER_COMPILATION)
+#error "Only can be included directly."
+#endif
+
+#include
+
+G_BEGIN_DECLS
+
+#define NM_TYPE_DEVICE_MACSEC (nm_device_macsec_get_type ())
+#define NM_DEVICE_MACSEC(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_DEVICE_MACSEC, NMDeviceMacsec))
+#define NM_DEVICE_MACSEC_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NM_TYPE_DEVICE_MACSEC, NMDeviceMacsecClass))
+#define NM_IS_DEVICE_MACSEC(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NM_TYPE_DEVICE_MACSEC))
+#define NM_IS_DEVICE_MACSEC_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NM_TYPE_DEVICE_MACSEC))
+#define NM_DEVICE_MACSEC_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NM_TYPE_DEVICE_MACSEC, NMDeviceMacsecClass))
+
+#define NM_DEVICE_MACSEC_PARENT "parent"
+#define NM_DEVICE_MACSEC_HW_ADDRESS "hw-address"
+#define NM_DEVICE_MACSEC_SCI "sci"
+#define NM_DEVICE_MACSEC_ICV_LENGTH "icv-length"
+#define NM_DEVICE_MACSEC_CIPHER_SUITE "cipher-suite"
+#define NM_DEVICE_MACSEC_WINDOW "window"
+#define NM_DEVICE_MACSEC_ENCODING_SA "encoding-sa"
+#define NM_DEVICE_MACSEC_VALIDATION "validation"
+#define NM_DEVICE_MACSEC_ENCRYPT "encrypt"
+#define NM_DEVICE_MACSEC_PROTECT "protect"
+#define NM_DEVICE_MACSEC_INCLUDE_SCI "include-sci"
+#define NM_DEVICE_MACSEC_ES "es"
+#define NM_DEVICE_MACSEC_SCB "scb"
+#define NM_DEVICE_MACSEC_REPLAY_PROTECT "replay-protect"
+
+/**
+ * NMDeviceMacsec:
+ */
+struct _NMDeviceMacsec {
+ NMDevice parent;
+};
+
+typedef struct {
+ NMDeviceClass parent;
+
+ /*< private >*/
+ gpointer padding[4];
+} NMDeviceMacsecClass;
+
+NM_AVAILABLE_IN_1_6
+GType nm_device_macsec_get_type (void);
+
+NM_AVAILABLE_IN_1_6
+NMDevice * nm_device_macsec_get_parent (NMDeviceMacsec *device);
+NM_AVAILABLE_IN_1_6
+const char * nm_device_macsec_get_hw_address (NMDeviceMacsec *device);
+NM_AVAILABLE_IN_1_6
+guint64 nm_device_macsec_get_sci (NMDeviceMacsec *device);
+NM_AVAILABLE_IN_1_6
+guint8 nm_device_macsec_get_icv_length (NMDeviceMacsec *device);
+NM_AVAILABLE_IN_1_6
+guint64 nm_device_macsec_get_cipher_suite (NMDeviceMacsec *device);
+NM_AVAILABLE_IN_1_6
+guint nm_device_macsec_get_window (NMDeviceMacsec *device);
+NM_AVAILABLE_IN_1_6
+guint8 nm_device_macsec_get_encoding_sa (NMDeviceMacsec *device);
+NM_AVAILABLE_IN_1_6
+const char * nm_device_macsec_get_validation (NMDeviceMacsec *device);
+NM_AVAILABLE_IN_1_6
+gboolean nm_device_macsec_get_encrypt (NMDeviceMacsec *device);
+NM_AVAILABLE_IN_1_6
+gboolean nm_device_macsec_get_protect (NMDeviceMacsec *device);
+NM_AVAILABLE_IN_1_6
+gboolean nm_device_macsec_get_include_sci (NMDeviceMacsec *device);
+NM_AVAILABLE_IN_1_6
+gboolean nm_device_macsec_get_es (NMDeviceMacsec *device);
+NM_AVAILABLE_IN_1_6
+gboolean nm_device_macsec_get_scb (NMDeviceMacsec *device);
+NM_AVAILABLE_IN_1_6
+gboolean nm_device_macsec_get_replay_protect (NMDeviceMacsec *device);
+G_END_DECLS
+
+#endif /* __NM_DEVICE_MACSEC_H__ */
diff --git a/libnm/nm-device.c b/libnm/nm-device.c
index 5c5988862c..02b5cad550 100644
--- a/libnm/nm-device.c
+++ b/libnm/nm-device.c
@@ -267,6 +267,7 @@ coerce_type (NMDeviceType type)
case NM_DEVICE_TYPE_BRIDGE:
case NM_DEVICE_TYPE_VLAN:
case NM_DEVICE_TYPE_ADSL:
+ case NM_DEVICE_TYPE_MACSEC:
case NM_DEVICE_TYPE_MACVLAN:
case NM_DEVICE_TYPE_VXLAN:
case NM_DEVICE_TYPE_IP_TUNNEL:
@@ -1691,6 +1692,8 @@ get_type_name (NMDevice *device)
return _("Tun");
case NM_DEVICE_TYPE_VETH:
return _("Veth");
+ case NM_DEVICE_TYPE_MACSEC:
+ return _("MACsec");
case NM_DEVICE_TYPE_GENERIC:
case NM_DEVICE_TYPE_UNUSED1:
case NM_DEVICE_TYPE_UNUSED2:
diff --git a/libnm/nm-types.h b/libnm/nm-types.h
index be09daaf89..7d224c86fe 100644
--- a/libnm/nm-types.h
+++ b/libnm/nm-types.h
@@ -38,6 +38,7 @@ typedef struct _NMDeviceEthernet NMDeviceEthernet;
typedef struct _NMDeviceGeneric NMDeviceGeneric;
typedef struct _NMDeviceInfiniband NMDeviceInfiniband;
typedef struct _NMDeviceIPTunnel NMDeviceIPTunnel;
+typedef struct _NMDeviceMacsec NMDeviceMacsec;
typedef struct _NMDeviceMacvlan NMDeviceMacvlan;
typedef struct _NMDeviceModem NMDeviceModem;
typedef struct _NMDeviceOlpcMesh NMDeviceOlpcMesh;
diff --git a/src/devices/nm-device-factory.c b/src/devices/nm-device-factory.c
index dc8e26605b..0ce2cb48c5 100644
--- a/src/devices/nm-device-factory.c
+++ b/src/devices/nm-device-factory.c
@@ -405,6 +405,7 @@ nm_device_factory_manager_load_factories (NMDeviceFactoryManagerFactoryFunc call
_ADD_INTERNAL (nm_ethernet_device_factory_get_type);
_ADD_INTERNAL (nm_infiniband_device_factory_get_type);
_ADD_INTERNAL (nm_ip_tunnel_device_factory_get_type);
+ _ADD_INTERNAL (nm_macsec_device_factory_get_type);
_ADD_INTERNAL (nm_macvlan_device_factory_get_type);
_ADD_INTERNAL (nm_tun_device_factory_get_type);
_ADD_INTERNAL (nm_veth_device_factory_get_type);
diff --git a/src/devices/nm-device-macsec.c b/src/devices/nm-device-macsec.c
new file mode 100644
index 0000000000..8558ba120c
--- /dev/null
+++ b/src/devices/nm-device-macsec.c
@@ -0,0 +1,365 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
+/* NetworkManager -- Network link manager
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright 2017 Red Hat, Inc.
+ */
+
+#include "nm-default.h"
+
+#include "nm-device-macsec.h"
+
+#include "nm-device-private.h"
+#include "platform/nm-platform.h"
+#include "nm-device-factory.h"
+#include "nm-manager.h"
+#include "nm-core-internal.h"
+
+#include "introspection/org.freedesktop.NetworkManager.Device.Macsec.h"
+
+#include "nm-device-logging.h"
+_LOG_DECLARE_SELF(NMDeviceMacsec);
+
+/*****************************************************************************/
+
+NM_GOBJECT_PROPERTIES_DEFINE (NMDeviceMacsec,
+ PROP_SCI,
+ PROP_CIPHER_SUITE,
+ PROP_ICV_LENGTH,
+ PROP_WINDOW,
+ PROP_ENCODING_SA,
+ PROP_ENCRYPT,
+ PROP_PROTECT,
+ PROP_INCLUDE_SCI,
+ PROP_ES,
+ PROP_SCB,
+ PROP_REPLAY_PROTECT,
+ PROP_VALIDATION,
+);
+
+typedef struct {
+ NMPlatformLnkMacsec props;
+ gulong parent_state_id;
+} NMDeviceMacsecPrivate;
+
+struct _NMDeviceMacsec {
+ NMDevice parent;
+ NMDeviceMacsecPrivate _priv;
+};
+
+struct _NMDeviceMacsecClass {
+ NMDeviceClass parent;
+};
+
+G_DEFINE_TYPE (NMDeviceMacsec, nm_device_macsec, NM_TYPE_DEVICE)
+
+#define NM_DEVICE_MACSEC_GET_PRIVATE(self) _NM_GET_PRIVATE (self, NMDeviceMacsec, NM_IS_DEVICE_MACSEC)
+
+/******************************************************************/
+
+NM_UTILS_LOOKUP_STR_DEFINE_STATIC (validation_mode_to_string, guint8,
+ NM_UTILS_LOOKUP_DEFAULT_WARN (""),
+ NM_UTILS_LOOKUP_STR_ITEM (0, "disable"),
+ NM_UTILS_LOOKUP_STR_ITEM (1, "check"),
+ NM_UTILS_LOOKUP_STR_ITEM (2, "strict"),
+);
+
+static void
+parent_state_changed (NMDevice *parent,
+ NMDeviceState new_state,
+ NMDeviceState old_state,
+ NMDeviceStateReason reason,
+ gpointer user_data)
+{
+ NMDeviceMacsec *self = NM_DEVICE_MACSEC (user_data);
+
+ /* We'll react to our own carrier state notifications. Ignore the parent's. */
+ if (reason == NM_DEVICE_STATE_REASON_CARRIER)
+ return;
+
+ nm_device_set_unmanaged_by_flags (NM_DEVICE (self), NM_UNMANAGED_PARENT, !nm_device_get_managed (parent, FALSE), reason);
+}
+
+static void
+parent_changed_notify (NMDevice *device,
+ int old_ifindex,
+ NMDevice *old_parent,
+ int new_ifindex,
+ NMDevice *new_parent)
+{
+ NMDeviceMacsec *self = NM_DEVICE_MACSEC (device);
+ NMDeviceMacsecPrivate *priv = NM_DEVICE_MACSEC_GET_PRIVATE (self);
+
+ NM_DEVICE_CLASS (nm_device_macsec_parent_class)->parent_changed_notify (device,
+ old_ifindex,
+ old_parent,
+ new_ifindex,
+ new_parent);
+
+ /* note that @self doesn't have to clear @parent_state_id on dispose,
+ * because NMDevice's dispose() will unset the parent, which in turn calls
+ * parent_changed_notify(). */
+ nm_clear_g_signal_handler (old_parent, &priv->parent_state_id);
+
+ if (new_parent) {
+ priv->parent_state_id = g_signal_connect (new_parent,
+ NM_DEVICE_STATE_CHANGED,
+ G_CALLBACK (parent_state_changed),
+ device);
+
+ /* Set parent-dependent unmanaged flag */
+ nm_device_set_unmanaged_by_flags (device,
+ NM_UNMANAGED_PARENT,
+ !nm_device_get_managed (new_parent, FALSE),
+ NM_DEVICE_STATE_REASON_PARENT_MANAGED_CHANGED);
+ }
+
+ /* Recheck availability now that the parent has changed */
+ if (new_ifindex > 0) {
+ nm_device_queue_recheck_available (device,
+ NM_DEVICE_STATE_REASON_PARENT_CHANGED,
+ NM_DEVICE_STATE_REASON_PARENT_CHANGED);
+ }
+}
+
+static void
+update_properties (NMDevice *device)
+{
+ NMDeviceMacsec *self;
+ NMDeviceMacsecPrivate *priv;
+ const NMPlatformLink *plink = NULL;
+ const NMPlatformLnkMacsec *props = NULL;
+ int ifindex;
+
+ g_return_if_fail (NM_IS_DEVICE_MACSEC (device));
+ self = NM_DEVICE_MACSEC (device);
+ priv = NM_DEVICE_MACSEC_GET_PRIVATE (self);
+
+ ifindex = nm_device_get_ifindex (device);
+ g_return_if_fail (ifindex > 0);
+ props = nm_platform_link_get_lnk_macsec (NM_PLATFORM_GET, ifindex, &plink);
+
+ if (!props) {
+ _LOGW (LOGD_PLATFORM, "could not get macsec properties");
+ return;
+ }
+
+ g_object_freeze_notify ((GObject *) device);
+
+ if (priv->props.parent_ifindex != props->parent_ifindex)
+ nm_device_parent_set_ifindex (device, props->parent_ifindex);
+
+#define CHECK_PROPERTY_CHANGED(field, prop) \
+ if (props->field != priv->props.field) \
+ _notify (self, prop)
+
+ CHECK_PROPERTY_CHANGED (sci, PROP_SCI);
+ CHECK_PROPERTY_CHANGED (cipher_suite, PROP_CIPHER_SUITE);
+ CHECK_PROPERTY_CHANGED (window, PROP_WINDOW);
+ CHECK_PROPERTY_CHANGED (icv_length, PROP_ICV_LENGTH);
+ CHECK_PROPERTY_CHANGED (encoding_sa, PROP_ENCODING_SA);
+ CHECK_PROPERTY_CHANGED (validation, PROP_VALIDATION);
+ CHECK_PROPERTY_CHANGED (encrypt, PROP_ENCRYPT);
+ CHECK_PROPERTY_CHANGED (protect, PROP_PROTECT);
+ CHECK_PROPERTY_CHANGED (include_sci, PROP_INCLUDE_SCI);
+ CHECK_PROPERTY_CHANGED (es, PROP_ES);
+ CHECK_PROPERTY_CHANGED (scb, PROP_SCB);
+ CHECK_PROPERTY_CHANGED (replay_protect, PROP_REPLAY_PROTECT);
+
+ priv->props = *props;
+ g_object_thaw_notify ((GObject *) device);
+}
+
+/******************************************************************/
+
+static NMDeviceCapabilities
+get_generic_capabilities (NMDevice *dev)
+{
+ /* We assume MACsec interfaces always support carrier detect */
+ return NM_DEVICE_CAP_CARRIER_DETECT | NM_DEVICE_CAP_IS_SOFTWARE;
+}
+
+/******************************************************************/
+
+static gboolean
+is_available (NMDevice *device, NMDeviceCheckDevAvailableFlags flags)
+{
+ if (!nm_device_parent_get_device (device))
+ return FALSE;
+ return NM_DEVICE_CLASS (nm_device_macsec_parent_class)->is_available (device, flags);
+}
+
+static void
+link_changed (NMDevice *device,
+ const NMPlatformLink *pllink)
+{
+ NM_DEVICE_CLASS (nm_device_macsec_parent_class)->link_changed (device, pllink);
+ update_properties (device);
+}
+
+/******************************************************************/
+
+static void
+get_property (GObject *object, guint prop_id,
+ GValue *value, GParamSpec *pspec)
+{
+ NMDeviceMacsec *self = NM_DEVICE_MACSEC (object);
+ NMDeviceMacsecPrivate *priv = NM_DEVICE_MACSEC_GET_PRIVATE (self);
+
+ switch (prop_id) {
+ case PROP_SCI:
+ g_value_set_uint64 (value, priv->props.sci);
+ break;
+ case PROP_CIPHER_SUITE:
+ g_value_set_uint64 (value, priv->props.cipher_suite);
+ break;
+ case PROP_ICV_LENGTH:
+ g_value_set_uchar (value, priv->props.icv_length);
+ break;
+ case PROP_WINDOW:
+ g_value_set_uint (value, priv->props.window);
+ break;
+ case PROP_ENCODING_SA:
+ g_value_set_uchar (value, priv->props.encoding_sa);
+ break;
+ case PROP_ENCRYPT:
+ g_value_set_boolean (value, priv->props.encrypt);
+ break;
+ case PROP_PROTECT:
+ g_value_set_boolean (value, priv->props.protect);
+ break;
+ case PROP_INCLUDE_SCI:
+ g_value_set_boolean (value, priv->props.include_sci);
+ break;
+ case PROP_ES:
+ g_value_set_boolean (value, priv->props.es);
+ break;
+ case PROP_SCB:
+ g_value_set_boolean (value, priv->props.scb);
+ break;
+ case PROP_REPLAY_PROTECT:
+ g_value_set_boolean (value, priv->props.replay_protect);
+ break;
+ case PROP_VALIDATION:
+ g_value_set_string (value,
+ validation_mode_to_string (priv->props.validation));
+ break;
+ default:
+ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+ break;
+ }
+}
+
+static void
+nm_device_macsec_init (NMDeviceMacsec * self)
+{
+}
+
+static void
+nm_device_macsec_class_init (NMDeviceMacsecClass *klass)
+{
+ GObjectClass *object_class = G_OBJECT_CLASS (klass);
+ NMDeviceClass *parent_class = NM_DEVICE_CLASS (klass);
+
+ NM_DEVICE_CLASS_DECLARE_TYPES (klass, NULL, NM_LINK_TYPE_MACSEC)
+
+ object_class->get_property = get_property;
+
+ parent_class->get_generic_capabilities = get_generic_capabilities;
+ parent_class->is_available = is_available;
+ parent_class->link_changed = link_changed;
+ parent_class->parent_changed_notify = parent_changed_notify;
+
+ obj_properties[PROP_SCI] =
+ g_param_spec_uint64 (NM_DEVICE_MACSEC_SCI, "", "",
+ 0, G_MAXUINT64, 0,
+ G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
+ obj_properties[PROP_CIPHER_SUITE] =
+ g_param_spec_uint64 (NM_DEVICE_MACSEC_CIPHER_SUITE, "", "",
+ 0, G_MAXUINT64, 0,
+ G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
+ obj_properties[PROP_ICV_LENGTH] =
+ g_param_spec_uchar (NM_DEVICE_MACSEC_ICV_LENGTH, "", "",
+ 0, G_MAXUINT8, 0,
+ G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
+ obj_properties[PROP_WINDOW] =
+ g_param_spec_uint (NM_DEVICE_MACSEC_WINDOW, "", "",
+ 0, G_MAXUINT32, 0,
+ G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
+ obj_properties[PROP_ENCODING_SA] =
+ g_param_spec_uchar (NM_DEVICE_MACSEC_ENCODING_SA, "", "",
+ 0, 3, 0,
+ G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
+ obj_properties[PROP_VALIDATION] =
+ g_param_spec_string (NM_DEVICE_MACSEC_VALIDATION, "", "",
+ NULL,
+ G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
+ obj_properties[PROP_ENCRYPT] =
+ g_param_spec_boolean (NM_DEVICE_MACSEC_ENCRYPT, "", "",
+ FALSE,
+ G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
+ obj_properties[PROP_PROTECT] =
+ g_param_spec_boolean (NM_DEVICE_MACSEC_PROTECT, "", "",
+ FALSE,
+ G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
+ obj_properties[PROP_INCLUDE_SCI] =
+ g_param_spec_boolean (NM_DEVICE_MACSEC_INCLUDE_SCI, "", "",
+ FALSE,
+ G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
+ obj_properties[PROP_ES] =
+ g_param_spec_boolean (NM_DEVICE_MACSEC_ES, "", "",
+ FALSE,
+ G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
+ obj_properties[PROP_SCB] =
+ g_param_spec_boolean (NM_DEVICE_MACSEC_SCB, "", "",
+ FALSE,
+ G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
+ obj_properties[PROP_REPLAY_PROTECT] =
+ g_param_spec_boolean (NM_DEVICE_MACSEC_REPLAY_PROTECT, "", "",
+ FALSE,
+ G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
+
+ g_object_class_install_properties (object_class, _PROPERTY_ENUMS_LAST, obj_properties);
+
+ nm_exported_object_class_add_interface (NM_EXPORTED_OBJECT_CLASS (klass),
+ NMDBUS_TYPE_DEVICE_MACSEC_SKELETON,
+ NULL);
+}
+
+/*************************************************************/
+
+#define NM_TYPE_MACSEC_DEVICE_FACTORY (nm_macsec_device_factory_get_type ())
+#define NM_MACSEC_DEVICE_FACTORY(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_MACSEC_DEVICE_FACTORY, NMMacsecDeviceFactory))
+
+static NMDevice *
+create_device (NMDeviceFactory *factory,
+ const char *iface,
+ const NMPlatformLink *plink,
+ NMConnection *connection,
+ gboolean *out_ignore)
+{
+ return (NMDevice *) g_object_new (NM_TYPE_DEVICE_MACSEC,
+ NM_DEVICE_IFACE, iface,
+ NM_DEVICE_TYPE_DESC, "Macsec",
+ NM_DEVICE_DEVICE_TYPE, NM_DEVICE_TYPE_MACSEC,
+ NM_DEVICE_LINK_TYPE, NM_LINK_TYPE_MACSEC,
+ NULL);
+}
+
+NM_DEVICE_FACTORY_DEFINE_INTERNAL (MACSEC, Macsec, macsec,
+ NM_DEVICE_FACTORY_DECLARE_LINK_TYPES (NM_LINK_TYPE_MACSEC),
+ factory_class->create_device = create_device;
+)
diff --git a/src/devices/nm-device-macsec.h b/src/devices/nm-device-macsec.h
new file mode 100644
index 0000000000..17b33bf593
--- /dev/null
+++ b/src/devices/nm-device-macsec.h
@@ -0,0 +1,54 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
+/* NetworkManager -- Network link manager
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright 2017 Red Hat, Inc.
+ */
+
+#ifndef __NM_DEVICE_MACSEC_H__
+#define __NM_DEVICE_MACSEC_H__
+
+#include "nm-device.h"
+
+#define NM_TYPE_DEVICE_MACSEC (nm_device_macsec_get_type ())
+#define NM_DEVICE_MACSEC(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_DEVICE_MACSEC, NMDeviceMacsec))
+#define NM_DEVICE_MACSEC_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NM_TYPE_DEVICE_MACSEC, NMDeviceMacsecClass))
+#define NM_IS_DEVICE_MACSEC(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NM_TYPE_DEVICE_MACSEC))
+#define NM_IS_DEVICE_MACSEC_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NM_TYPE_DEVICE_MACSEC))
+#define NM_DEVICE_MACSEC_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NM_TYPE_DEVICE_MACSEC, NMDeviceMacsecClass))
+
+#define NM_DEVICE_MACSEC_SCI "sci"
+#define NM_DEVICE_MACSEC_CIPHER_SUITE "cipher-suite"
+#define NM_DEVICE_MACSEC_ICV_LENGTH "icv-length"
+#define NM_DEVICE_MACSEC_WINDOW "window"
+#define NM_DEVICE_MACSEC_ENCODING_SA "encoding-sa"
+#define NM_DEVICE_MACSEC_VALIDATION "validation"
+#define NM_DEVICE_MACSEC_ENCRYPT "encrypt"
+#define NM_DEVICE_MACSEC_PROTECT "protect"
+#define NM_DEVICE_MACSEC_INCLUDE_SCI "include-sci"
+#define NM_DEVICE_MACSEC_ES "es"
+#define NM_DEVICE_MACSEC_SCB "scb"
+#define NM_DEVICE_MACSEC_REPLAY_PROTECT "replay-protect"
+
+/* defined in the parent class, but exposed on D-Bus by the subclass. */
+#define NM_DEVICE_MACSEC_PARENT NM_DEVICE_PARENT
+
+typedef struct _NMDeviceMacsec NMDeviceMacsec;
+typedef struct _NMDeviceMacsecClass NMDeviceMacsecClass;
+
+GType nm_device_macsec_get_type (void);
+
+#endif /* __NM_DEVICE_MACSEC_H__ */
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c
index c236a85803..f0a218ee18 100644
--- a/src/devices/nm-device.c
+++ b/src/devices/nm-device.c
@@ -1330,6 +1330,8 @@ nm_device_get_priority (NMDevice *self)
case NM_DEVICE_TYPE_ETHERNET:
case NM_DEVICE_TYPE_VETH:
return 100;
+ case NM_DEVICE_TYPE_MACSEC:
+ return 125;
case NM_DEVICE_TYPE_INFINIBAND:
return 150;
case NM_DEVICE_TYPE_ADSL: