diff --git a/src/libnm-client-impl/libnm.ver b/src/libnm-client-impl/libnm.ver
index 73fdec5bad..0655d2dea4 100644
--- a/src/libnm-client-impl/libnm.ver
+++ b/src/libnm-client-impl/libnm.ver
@@ -1959,6 +1959,7 @@ global:
nm_setting_connection_get_autoconnect_ports;
nm_setting_connection_get_controller;
nm_setting_connection_get_port_type;
+ nm_setting_get_enum_property_type;
nm_setting_hsr_get_multicast_spec;
nm_setting_hsr_get_port1;
nm_setting_hsr_get_port2;
@@ -1966,11 +1967,12 @@ global:
nm_setting_hsr_get_type;
nm_setting_hsr_new;
nm_setting_ip_config_get_dhcp_dscp;
- nm_setting_get_enum_property_type;
- nm_setting_sriov_get_eswitch_mode;
- nm_sriov_eswitch_mode_get_type;
- nm_setting_sriov_get_eswitch_inline_mode;
- nm_sriov_eswitch_inline_mode_get_type;
+ nm_setting_macsec_get_offload;
+ nm_setting_macsec_offload_get_type;
nm_setting_sriov_get_eswitch_encap_mode;
+ nm_setting_sriov_get_eswitch_inline_mode;
+ nm_setting_sriov_get_eswitch_mode;
nm_sriov_eswitch_encap_mode_get_type;
+ nm_sriov_eswitch_inline_mode_get_type;
+ nm_sriov_eswitch_mode_get_type;
} libnm_1_44_0;
diff --git a/src/libnm-core-impl/gen-metadata-nm-settings-libnm-core.xml.in b/src/libnm-core-impl/gen-metadata-nm-settings-libnm-core.xml.in
index b2748beb1e..57337c6069 100644
--- a/src/libnm-core-impl/gen-metadata-nm-settings-libnm-core.xml.in
+++ b/src/libnm-core-impl/gen-metadata-nm-settings-libnm-core.xml.in
@@ -1876,6 +1876,10 @@
dbus-type="i"
gprop-type="gint"
/>
+
send_sci;
}
+/**
+ * nm_setting_macsec_get_offload:
+ * @setting: the #NMSettingMacsec
+ *
+ * Returns: the #NMSettingMacsec:offload property of the setting
+ *
+ * Since: 1.46
+ **/
+NMSettingMacsecOffload
+nm_setting_macsec_get_offload(NMSettingMacsec *setting)
+{
+ g_return_val_if_fail(NM_IS_SETTING_MACSEC(setting), NM_SETTING_MACSEC_OFFLOAD_DEFAULT);
+
+ return NM_SETTING_MACSEC_GET_PRIVATE(setting)->offload;
+}
+
static GPtrArray *
need_secrets(NMSetting *setting, gboolean check_rerequest)
{
@@ -597,6 +615,35 @@ nm_setting_macsec_class_init(NMSettingMacsecClass *klass)
NMSettingMacsecPrivate,
send_sci);
+ /**
+ * NMSettingMacsec:offload:
+ *
+ * Specifies the MACsec offload mode.
+ *
+ * %NM_SETTING_MACSEC_OFFLOAD_OFF disables MACsec offload.
+ *
+ * %NM_SETTING_MACSEC_OFFLOAD_PHY and %NM_SETTING_MACSEC_OFFLOAD_MAC request offload
+ * respectively to the PHY or to the MAC; if the selected mode is not available, the
+ * connection will fail.
+ *
+ * %NM_SETTING_MACSEC_OFFLOAD_DEFAULT uses the global default value specified in
+ * NetworkManager configuration; if no global default is defined, the built-in
+ * default is %NM_SETTING_MACSEC_OFFLOAD_OFF.
+ *
+ * Since: 1.46
+ **/
+ _nm_setting_property_define_direct_enum(properties_override,
+ obj_properties,
+ NM_SETTING_MACSEC_OFFLOAD,
+ PROP_OFFLOAD,
+ NM_TYPE_SETTING_MACSEC_OFFLOAD,
+ NM_SETTING_MACSEC_OFFLOAD_DEFAULT,
+ NM_SETTING_PARAM_INFERRABLE
+ | NM_SETTING_PARAM_FUZZY_IGNORE,
+ NULL,
+ NMSettingMacsecPrivate,
+ offload);
+
g_object_class_install_properties(object_class, _PROPERTY_ENUMS_LAST, obj_properties);
_nm_setting_class_commit(setting_class,
diff --git a/src/libnm-core-public/nm-setting-macsec.h b/src/libnm-core-public/nm-setting-macsec.h
index c2662b1f5e..27b7311e4f 100644
--- a/src/libnm-core-public/nm-setting-macsec.h
+++ b/src/libnm-core-public/nm-setting-macsec.h
@@ -35,6 +35,7 @@ G_BEGIN_DECLS
#define NM_SETTING_MACSEC_PORT "port"
#define NM_SETTING_MACSEC_VALIDATION "validation"
#define NM_SETTING_MACSEC_SEND_SCI "send-sci"
+#define NM_SETTING_MACSEC_OFFLOAD "offload"
typedef struct _NMSettingMacsecClass NMSettingMacsecClass;
@@ -77,6 +78,24 @@ typedef enum {
/* Deprecated. The CKN can be between 2 and 64 characters. */
#define NM_SETTING_MACSEC_MKA_CKN_LENGTH 64
+/**
+ * NMSettingMacsecOffload:
+ * @NM_SETTING_MACSEC_OFFLOAD_DEFAULT: use the global default; disable if not defined
+ * @NM_SETTING_MACSEC_OFFLOAD_OFF: disable offload
+ * @NM_SETTING_MACSEC_OFFLOAD_PHY: request offload to the PHY
+ * @NM_SETTING_MACSEC_OFFLOAD_MAC: request offload to the MAC
+ *
+ * These flags control the MACsec offload mode.
+ *
+ * Since: 1.46
+ **/
+typedef enum {
+ NM_SETTING_MACSEC_OFFLOAD_DEFAULT = -1,
+ NM_SETTING_MACSEC_OFFLOAD_OFF = 0,
+ NM_SETTING_MACSEC_OFFLOAD_PHY = 1,
+ NM_SETTING_MACSEC_OFFLOAD_MAC = 2,
+} NMSettingMacsecOffload;
+
NM_AVAILABLE_IN_1_6
GType nm_setting_macsec_get_type(void);
NM_AVAILABLE_IN_1_6
@@ -100,6 +119,8 @@ NM_AVAILABLE_IN_1_6
NMSettingMacsecValidation nm_setting_macsec_get_validation(NMSettingMacsec *setting);
NM_AVAILABLE_IN_1_12
gboolean nm_setting_macsec_get_send_sci(NMSettingMacsec *setting);
+NM_AVAILABLE_IN_1_46
+NMSettingMacsecOffload nm_setting_macsec_get_offload(NMSettingMacsec *setting);
G_END_DECLS
diff --git a/src/libnmc-setting/nm-meta-setting-desc.c b/src/libnmc-setting/nm-meta-setting-desc.c
index 4876acc2e9..16cc003a93 100644
--- a/src/libnmc-setting/nm-meta-setting-desc.c
+++ b/src/libnmc-setting/nm-meta-setting-desc.c
@@ -6909,6 +6909,9 @@ static const NMMetaPropertyInfo *const property_infos_MACSEC[] = {
PROPERTY_INFO_WITH_DESC (NM_SETTING_MACSEC_SEND_SCI,
.property_type = &_pt_gobject_bool,
),
+ PROPERTY_INFO_WITH_DESC (NM_SETTING_MACSEC_OFFLOAD,
+ .property_type = &_pt_gobject_enum,
+ ),
NULL
};
diff --git a/src/libnmc-setting/settings-docs.h.in b/src/libnmc-setting/settings-docs.h.in
index 0ca03e5230..985e604819 100644
--- a/src/libnmc-setting/settings-docs.h.in
+++ b/src/libnmc-setting/settings-docs.h.in
@@ -243,6 +243,7 @@
#define DESCRIBE_DOC_NM_SETTING_MACSEC_MKA_CAK_FLAGS N_("Flags indicating how to handle the \"mka-cak\" property.")
#define DESCRIBE_DOC_NM_SETTING_MACSEC_MKA_CKN N_("The pre-shared CKN (Connectivity-association Key Name) for MACsec Key Agreement. Must be a string of hexadecimal characters with a even length between 2 and 64.")
#define DESCRIBE_DOC_NM_SETTING_MACSEC_MODE N_("Specifies how the CAK (Connectivity Association Key) for MKA (MACsec Key Agreement) is obtained.")
+#define DESCRIBE_DOC_NM_SETTING_MACSEC_OFFLOAD N_("Specifies the MACsec offload mode. \"off\" (0) disables MACsec offload. \"phy\" (1) and \"mac\" (2) request offload respectively to the PHY or to the MAC; if the selected mode is not available, the connection will fail. \"default\" (-1) uses the global default value specified in NetworkManager configuration; if no global default is defined, the built-in default is \"off\" (0).")
#define DESCRIBE_DOC_NM_SETTING_MACSEC_PARENT N_("If given, specifies the parent interface name or parent connection UUID from which this MACSEC interface should be created. If this property is not specified, the connection must contain an \"802-3-ethernet\" setting with a \"mac-address\" property.")
#define DESCRIBE_DOC_NM_SETTING_MACSEC_PORT N_("The port component of the SCI (Secure Channel Identifier), between 1 and 65534.")
#define DESCRIBE_DOC_NM_SETTING_MACSEC_SEND_SCI N_("Specifies whether the SCI (Secure Channel Identifier) is included in every packet.")
diff --git a/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in b/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
index fa43bdcf70..8792f74309 100644
--- a/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
+++ b/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
@@ -1548,6 +1548,10 @@
nmcli-description="Specifies whether the SCI (Secure Channel Identifier) is included in every packet."
format="boolean"
values="true/yes/on, false/no/off" />
+