system/NetworkManager
system/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager synced 2024-07-22 02:35:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

libnm,nmcli: add macsec.offload property

Browse source 
Introduce a new property to control the MACsec offload mode.

(cherry picked from commit aa418275cf)
This commit is contained in:
Beniamino Galvani 2024-02-08 16:57:00 +01:00 committed by Íñigo Huguet
parent 6601e6bf48
commit 9a9267ad4e
7 changed files with 88 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
src/libnm-client-impl/libnm.ver
View file

@ -1959,6 +1959,7 @@ global:
nm_setting_connection_get_autoconnect_ports;
nm_setting_connection_get_controller;
nm_setting_connection_get_port_type;
nm_setting_get_enum_property_type;
nm_setting_hsr_get_multicast_spec;
nm_setting_hsr_get_port1;
nm_setting_hsr_get_port2;
@ -1966,11 +1967,12 @@ global:
nm_setting_hsr_get_type;
nm_setting_hsr_new;
nm_setting_ip_config_get_dhcp_dscp;
nm_setting_get_enum_property_type;
nm_setting_sriov_get_eswitch_mode;
nm_sriov_eswitch_mode_get_type;
nm_setting_sriov_get_eswitch_inline_mode;
nm_sriov_eswitch_inline_mode_get_type;
nm_setting_macsec_get_offload;
nm_setting_macsec_offload_get_type;
nm_setting_sriov_get_eswitch_encap_mode;
nm_setting_sriov_get_eswitch_inline_mode;
nm_setting_sriov_get_eswitch_mode;
nm_sriov_eswitch_encap_mode_get_type;
nm_sriov_eswitch_inline_mode_get_type;
nm_sriov_eswitch_mode_get_type;
} libnm_1_44_0;

4
src/libnm-core-impl/gen-metadata-nm-settings-libnm-core.xml.in
View file

@ -1876,6 +1876,10 @@
dbus-type="i"
gprop-type="gint"
/>
<property name="offload"
dbus-type="i"
gprop-type="gint"
/>
<property name="parent"
dbus-type="s"
gprop-type="gchararray"

49
src/libnm-core-impl/nm-setting-macsec.c
View file

@ -35,7 +35,8 @@ NM_GOBJECT_PROPERTIES_DEFINE_BASE(PROP_PARENT,
PROP_MKA_CKN,
PROP_PORT,
PROP_VALIDATION,
PROP_SEND_SCI, );
PROP_SEND_SCI,
PROP_OFFLOAD, );
typedef struct {
char *parent;
@ -47,6 +48,7 @@ typedef struct {
gint32 port;
bool encrypt;
bool send_sci;
gint32 offload;
} NMSettingMacsecPrivate;
/**
@ -212,6 +214,22 @@ nm_setting_macsec_get_send_sci(NMSettingMacsec *setting)
return NM_SETTING_MACSEC_GET_PRIVATE(setting)->send_sci;
}
/**
* nm_setting_macsec_get_offload:
* @setting: the #NMSettingMacsec
*
* Returns: the #NMSettingMacsec:offload property of the setting
*
* Since: 1.46
**/
NMSettingMacsecOffload
nm_setting_macsec_get_offload(NMSettingMacsec *setting)
{
g_return_val_if_fail(NM_IS_SETTING_MACSEC(setting), NM_SETTING_MACSEC_OFFLOAD_DEFAULT);
return NM_SETTING_MACSEC_GET_PRIVATE(setting)->offload;
}
static GPtrArray *
need_secrets(NMSetting *setting, gboolean check_rerequest)
{
@ -597,6 +615,35 @@ nm_setting_macsec_class_init(NMSettingMacsecClass *klass)
NMSettingMacsecPrivate,
send_sci);
/**
* NMSettingMacsec:offload:
*
* Specifies the MACsec offload mode.
*
* %NM_SETTING_MACSEC_OFFLOAD_OFF disables MACsec offload.
*
* %NM_SETTING_MACSEC_OFFLOAD_PHY and %NM_SETTING_MACSEC_OFFLOAD_MAC request offload
* respectively to the PHY or to the MAC; if the selected mode is not available, the
* connection will fail.
*
* %NM_SETTING_MACSEC_OFFLOAD_DEFAULT uses the global default value specified in
* NetworkManager configuration; if no global default is defined, the built-in
* default is %NM_SETTING_MACSEC_OFFLOAD_OFF.
*
* Since: 1.46
**/
_nm_setting_property_define_direct_enum(properties_override,
obj_properties,
NM_SETTING_MACSEC_OFFLOAD,
PROP_OFFLOAD,
NM_TYPE_SETTING_MACSEC_OFFLOAD,
NM_SETTING_MACSEC_OFFLOAD_DEFAULT,
NM_SETTING_PARAM_INFERRABLE
| NM_SETTING_PARAM_FUZZY_IGNORE,
NULL,
NMSettingMacsecPrivate,
offload);
g_object_class_install_properties(object_class, _PROPERTY_ENUMS_LAST, obj_properties);
_nm_setting_class_commit(setting_class,

21
src/libnm-core-public/nm-setting-macsec.h
View file

@ -35,6 +35,7 @@ G_BEGIN_DECLS
#define NM_SETTING_MACSEC_PORT "port"
#define NM_SETTING_MACSEC_VALIDATION "validation"
#define NM_SETTING_MACSEC_SEND_SCI "send-sci"
#define NM_SETTING_MACSEC_OFFLOAD "offload"
typedef struct _NMSettingMacsecClass NMSettingMacsecClass;
@ -77,6 +78,24 @@ typedef enum {
/* Deprecated. The CKN can be between 2 and 64 characters. */
#define NM_SETTING_MACSEC_MKA_CKN_LENGTH 64
/**
* NMSettingMacsecOffload:
* @NM_SETTING_MACSEC_OFFLOAD_DEFAULT: use the global default; disable if not defined
* @NM_SETTING_MACSEC_OFFLOAD_OFF: disable offload
* @NM_SETTING_MACSEC_OFFLOAD_PHY: request offload to the PHY
* @NM_SETTING_MACSEC_OFFLOAD_MAC: request offload to the MAC
*
* These flags control the MACsec offload mode.
*
* Since: 1.46
**/
typedef enum {
NM_SETTING_MACSEC_OFFLOAD_DEFAULT = -1,
NM_SETTING_MACSEC_OFFLOAD_OFF = 0,
NM_SETTING_MACSEC_OFFLOAD_PHY = 1,
NM_SETTING_MACSEC_OFFLOAD_MAC = 2,
} NMSettingMacsecOffload;
NM_AVAILABLE_IN_1_6
GType nm_setting_macsec_get_type(void);
NM_AVAILABLE_IN_1_6
@ -100,6 +119,8 @@ NM_AVAILABLE_IN_1_6
NMSettingMacsecValidation nm_setting_macsec_get_validation(NMSettingMacsec *setting);
NM_AVAILABLE_IN_1_12
gboolean nm_setting_macsec_get_send_sci(NMSettingMacsec *setting);
NM_AVAILABLE_IN_1_46
NMSettingMacsecOffload nm_setting_macsec_get_offload(NMSettingMacsec *setting);
G_END_DECLS

3
src/libnmc-setting/nm-meta-setting-desc.c
View file

@ -6909,6 +6909,9 @@ static const NMMetaPropertyInfo *const property_infos_MACSEC[] = {
PROPERTY_INFO_WITH_DESC (NM_SETTING_MACSEC_SEND_SCI,
.property_type = &_pt_gobject_bool,
),
PROPERTY_INFO_WITH_DESC (NM_SETTING_MACSEC_OFFLOAD,
.property_type = &_pt_gobject_enum,
),
NULL
};

1
src/libnmc-setting/settings-docs.h.in
View file

@ -243,6 +243,7 @@
#define DESCRIBE_DOC_NM_SETTING_MACSEC_MKA_CAK_FLAGS N_("Flags indicating how to handle the \"mka-cak\" property.")
#define DESCRIBE_DOC_NM_SETTING_MACSEC_MKA_CKN N_("The pre-shared CKN (Connectivity-association Key Name) for MACsec Key Agreement. Must be a string of hexadecimal characters with a even length between 2 and 64.")
#define DESCRIBE_DOC_NM_SETTING_MACSEC_MODE N_("Specifies how the CAK (Connectivity Association Key) for MKA (MACsec Key Agreement) is obtained.")
#define DESCRIBE_DOC_NM_SETTING_MACSEC_OFFLOAD N_("Specifies the MACsec offload mode. \"off\" (0) disables MACsec offload. \"phy\" (1) and \"mac\" (2) request offload respectively to the PHY or to the MAC; if the selected mode is not available, the connection will fail. \"default\" (-1) uses the global default value specified in NetworkManager configuration; if no global default is defined, the built-in default is \"off\" (0).")
#define DESCRIBE_DOC_NM_SETTING_MACSEC_PARENT N_("If given, specifies the parent interface name or parent connection UUID from which this MACSEC interface should be created. If this property is not specified, the connection must contain an \"802-3-ethernet\" setting with a \"mac-address\" property.")
#define DESCRIBE_DOC_NM_SETTING_MACSEC_PORT N_("The port component of the SCI (Secure Channel Identifier), between 1 and 65534.")
#define DESCRIBE_DOC_NM_SETTING_MACSEC_SEND_SCI N_("Specifies whether the SCI (Secure Channel Identifier) is included in every packet.")

4
src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
View file

@ -1548,6 +1548,10 @@
nmcli-description="Specifies whether the SCI (Secure Channel Identifier) is included in every packet."
format="boolean"
values="true/yes/on, false/no/off" />
<property name="offload"
nmcli-description="Specifies the MACsec offload mode. &quot;off&quot; (0) disables MACsec offload. &quot;phy&quot; (1) and &quot;mac&quot; (2) request offload respectively to the PHY or to the MAC; if the selected mode is not available, the connection will fail. &quot;default&quot; (-1) uses the global default value specified in NetworkManager configuration; if no global default is defined, the built-in default is &quot;off&quot; (0)."
format="choice (NMSettingMacsecOffload)"
values="default (-1), off (0), phy (1), mac (2)" />
</setting>
<setting name="macvlan" >
<property name="parent"