system/NetworkManager
system/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager synced 2024-09-06 17:14:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

mptcp: merge branch 'th/mptcp-flags-changes'

Browse source 
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1346

(cherry picked from commit 2f0539b0b7)
This commit is contained in:
Thomas Haller 2022-08-25 23:12:00 +02:00
parent 89367de3eb b1a402b1fc
commit db89d0a6fd
No known key found for this signature in database
GPG key ID: 29C2366E4DFC5728
11 changed files with 98 additions and 72 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
man/NetworkManager.conf.xml
View file

@ -868,7 +868,7 @@ ipv6.ip6-privacy=0
</varlistentry>
<varlistentry>
<term><varname>connection.mptcp-flags</varname></term>
<listitem><para>If unspecified, the fallback is either 0 (<literal>"disabled"</literal>) or 0x22 (<literal>"enabled-on-global-iface,subflow"</literal>), depending on <literal>/proc/sys/net/mptcp/enabled</literal>.</para></listitem>
<listitem><para>If unspecified, the fallback is 0x22 (<literal>"enabled,subflow"</literal>). Note that if sysctl <literal>/proc/sys/net/mptcp/enabled</literal> is disabled, NetworkManager will still not configure endpoints.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>connection.dns-over-tls</varname></term>

45
src/core/devices/nm-device.c
View file

@ -1410,8 +1410,6 @@ _prop_get_connection_mptcp_flags(NMDevice *self)
if (connection) {
mptcp_flags =
nm_setting_connection_get_mptcp_flags(nm_connection_get_setting_connection(connection));
if (mptcp_flags != NM_MPTCP_FLAGS_NONE)
mptcp_flags = nm_mptcp_flags_normalize(mptcp_flags);
}
if (mptcp_flags == NM_MPTCP_FLAGS_NONE) {
@ -1423,28 +1421,39 @@ _prop_get_connection_mptcp_flags(NMDevice *self)
0,
G_MAXINT64,
NM_MPTCP_FLAGS_NONE);
/* We filter out all invalid settings and accept it. Somewhat intentionally, we don't do a
* strict parsing of the value to support forward compatibility. */
if (v != NM_MPTCP_FLAGS_NONE)
mptcp_flags = nm_mptcp_flags_normalize(v);
if (v != NM_MPTCP_FLAGS_NONE) {
/* We silently ignore all invalid flags (and will normalize them away below). */
mptcp_flags = (NMMptcpFlags) v;
if (mptcp_flags == NM_MPTCP_FLAGS_NONE)
mptcp_flags = NM_MPTCP_FLAGS_ENABLED;
}
}
if (mptcp_flags == NM_MPTCP_FLAGS_NONE) {
gint32 v;
if (mptcp_flags == NM_MPTCP_FLAGS_NONE)
mptcp_flags = _NM_MPTCP_FLAGS_DEFAULT;
v = nm_platform_sysctl_get_int32(nm_device_get_platform(self),
NMP_SYSCTL_PATHID_ABSOLUTE("/proc/sys/net/mptcp/enabled"),
-1);
if (v > 0) {
/* if MPTCP is enabled via the sysctl, we use the default. */
mptcp_flags = _NM_MPTCP_FLAGS_DEFAULT;
mptcp_flags = nm_mptcp_flags_normalize(mptcp_flags);
if (!NM_FLAGS_HAS(mptcp_flags, NM_MPTCP_FLAGS_DISABLED)) {
if (!NM_FLAGS_HAS(mptcp_flags, NM_MPTCP_FLAGS_ALSO_WITHOUT_SYSCTL)) {
guint32 v;
/* If enabled, but without "also-without-sysctl", then MPTCP is still
* disabled, if the sysctl says so...
*
* We evaluate this here. The point is that the decision is then cached
* until deactivation/reapply. The user can toggle the sysctl any time,
* but we only pick it up at certain moments (now). */
v = nm_platform_sysctl_get_int32(
nm_device_get_platform(self),
NMP_SYSCTL_PATHID_ABSOLUTE("/proc/sys/net/mptcp/enabled"),
-1);
if (v <= 0)
mptcp_flags = NM_MPTCP_FLAGS_DISABLED;
} else
mptcp_flags = NM_MPTCP_FLAGS_DISABLED;
mptcp_flags = NM_FLAGS_UNSET(mptcp_flags, NM_MPTCP_FLAGS_ALSO_WITHOUT_SYSCTL);
}
nm_assert(mptcp_flags != NM_MPTCP_FLAGS_NONE
&& mptcp_flags == nm_mptcp_flags_normalize(mptcp_flags));
return mptcp_flags;
}

8
src/core/nm-l3cfg.c
View file

@ -4307,13 +4307,13 @@ _l3_commit_mptcp_af(NML3Cfg *self,
if (mptcp_flags == NM_MPTCP_FLAGS_NONE || NM_FLAGS_HAS(mptcp_flags, NM_MPTCP_FLAGS_DISABLED))
mptcp_flags = NM_MPTCP_FLAGS_DISABLED;
else if (NM_FLAGS_HAS(mptcp_flags, NM_MPTCP_FLAGS_ENABLED_ON_GLOBAL_IFACE)) {
/* Whether MPTCP is enabled/disabled, depends on whether we have a unicast default
* route (in the main routing table). */
else if (!NM_FLAGS_HAS(mptcp_flags, NM_MPTCP_FLAGS_ALSO_WITHOUT_DEFAULT_ROUTE)) {
/* Whether MPTCP is enabled/disabled (per address family), depends on whether we have a unicast
* default route (in the main routing table). */
if (self->priv.p->combined_l3cd_commited
&& nm_l3_config_data_get_best_default_route(self->priv.p->combined_l3cd_commited,
addr_family))
mptcp_flags = NM_FLAGS_UNSET(mptcp_flags, NM_MPTCP_FLAGS_ENABLED_ON_GLOBAL_IFACE)
mptcp_flags = NM_FLAGS_UNSET(mptcp_flags, NM_MPTCP_FLAGS_ALSO_WITHOUT_DEFAULT_ROUTE)
| NM_MPTCP_FLAGS_ENABLED;
else
mptcp_flags = NM_MPTCP_FLAGS_DISABLED;

10
src/libnm-core-aux-intern/nm-libnm-core-utils.c
View file

@ -512,14 +512,8 @@ nm_mptcp_flags_normalize(NMMptcpFlags flags)
/* Clear all unknown flags. */
flags &= _NM_MPTCP_FLAGS_ALL;
/* We must either set "enabled-on-global-iface" or "enabled". The
* former takes precedence, if they are both set.
*
* If neither is set, we default to "enabled". */
if (NM_FLAGS_HAS(flags, NM_MPTCP_FLAGS_ENABLED_ON_GLOBAL_IFACE))
flags = NM_FLAGS_UNSET(flags, NM_MPTCP_FLAGS_ENABLED);
else
flags = NM_FLAGS_SET(flags, NM_MPTCP_FLAGS_ENABLED);
/* Not disabled means enabled. */
flags |= NM_MPTCP_FLAGS_ENABLED;
if (NM_FLAGS_ALL(flags, NM_MPTCP_FLAGS_SIGNAL | NM_MPTCP_FLAGS_FULLMESH))
flags = NM_FLAGS_UNSET(flags, NM_MPTCP_FLAGS_FULLMESH);

12
src/libnm-core-aux-intern/nm-libnm-core-utils.h
View file

@ -269,13 +269,13 @@ gpointer _nm_connection_new_setting(NMConnection *connection, GType gtype);
/*****************************************************************************/
#define _NM_MPTCP_FLAGS_ALL \
((NMMptcpFlags) (NM_MPTCP_FLAGS_DISABLED | NM_MPTCP_FLAGS_ENABLED_ON_GLOBAL_IFACE \
| NM_MPTCP_FLAGS_ENABLED | NM_MPTCP_FLAGS_SIGNAL | NM_MPTCP_FLAGS_SUBFLOW \
| NM_MPTCP_FLAGS_BACKUP | NM_MPTCP_FLAGS_FULLMESH))
#define _NM_MPTCP_FLAGS_ALL \
((NMMptcpFlags) (NM_MPTCP_FLAGS_DISABLED | NM_MPTCP_FLAGS_ENABLED \
| NM_MPTCP_FLAGS_ALSO_WITHOUT_SYSCTL \
| NM_MPTCP_FLAGS_ALSO_WITHOUT_DEFAULT_ROUTE | NM_MPTCP_FLAGS_SIGNAL \
| NM_MPTCP_FLAGS_SUBFLOW | NM_MPTCP_FLAGS_BACKUP | NM_MPTCP_FLAGS_FULLMESH))
#define _NM_MPTCP_FLAGS_DEFAULT \
((NMMptcpFlags) (NM_MPTCP_FLAGS_ENABLED_ON_GLOBAL_IFACE | NM_MPTCP_FLAGS_SUBFLOW))
#define _NM_MPTCP_FLAGS_DEFAULT ((NMMptcpFlags) (NM_MPTCP_FLAGS_ENABLED | NM_MPTCP_FLAGS_SUBFLOW))
NMMptcpFlags nm_mptcp_flags_normalize(NMMptcpFlags flags);

47
src/libnm-core-impl/nm-setting-connection.c
View file

@ -1402,19 +1402,6 @@ after_interface_name:
} else {
guint32 f;
if (NM_FLAGS_ALL(priv->mptcp_flags,
NM_MPTCP_FLAGS_ENABLED_ON_GLOBAL_IFACE | NM_MPTCP_FLAGS_ENABLED)) {
g_set_error_literal(
error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("\"enabled\" and \"enabled-on-global-iface\" flag cannot be set together"));
g_prefix_error(error,
"%s.%s: ",
NM_SETTING_CONNECTION_SETTING_NAME,
NM_SETTING_CONNECTION_MPTCP_FLAGS);
return FALSE;
}
if (NM_FLAGS_ALL(priv->mptcp_flags, NM_MPTCP_FLAGS_SIGNAL | NM_MPTCP_FLAGS_FULLMESH)) {
g_set_error_literal(error,
NM_CONNECTION_ERROR,
@ -1426,8 +1413,7 @@ after_interface_name:
NM_SETTING_CONNECTION_MPTCP_FLAGS);
return FALSE;
}
f = NM_FLAGS_UNSET(priv->mptcp_flags, NM_MPTCP_FLAGS_ENABLED_ON_GLOBAL_IFACE)
| ((guint32) NM_MPTCP_FLAGS_ENABLED);
f = priv->mptcp_flags | ((guint32) NM_MPTCP_FLAGS_ENABLED);
if (f != nm_mptcp_flags_normalize(f)) {
g_set_error(error,
NM_CONNECTION_ERROR,
@ -2608,21 +2594,30 @@ nm_setting_connection_class_init(NMSettingConnectionClass *klass)
* If "disabled" (0x1), MPTCP handling for the interface is disabled and
* no endpoints are registered.
*
* The flag "enabled-on-global-iface" (0x2) means that MPTCP handling is enabled
* if the interface configures a default route in the main routing table.
* This choice is per-address family, for example if there is an IPv4 default route
* 0.0.0.0/0, IPv4 endpoints are configured.
*
* The "enabled" (0x4) flag means that MPTCP handling is explicitly enabled.
* The "enabled" (0x2) flag means that MPTCP handling is enabled.
* This flag can also be implied from the presence of other flags.
*
* If MPTCP handling is enabled, then endpoints will be configured
* with the specified address flags "signal" (0x10), "subflow" (0x20), "backup" (0x40),
* Even when enabled, MPTCP handling will by default still be disabled
* unless "/proc/sys/net/mptcp/enabled" sysctl is on. NetworkManager
* does not change the sysctl and this is up to the administrator
* or distribution. To configure endpoints even if the sysctl is
* disabled, "also-without-sysctl" (0x4) flag can be used. In that case,
* NetworkManager doesn't look at the sysctl and configures endpoints
* regardless.
*
* Even when enabled, NetworkManager will only configure MPTCP endpoints
* for a certain address family, if there is a unicast default route (0.0.0.0/0
* or ::/0) in the main routing table. The flag "also-without-default-route"
* (0x8) can override that.
*
* When MPTCP handling is enabled then endpoints are configured with
* the specified address flags "signal" (0x10), "subflow" (0x20), "backup" (0x40),
* "fullmesh" (0x80). See ip-mptcp(8) manual for additional information about the flags.
*
* If the flags are zero, the global connection default from NetworkManager.conf is
* honored. If still unspecified, the fallback is either "disabled" or
* "enabled-on-global-iface,subflow" depending on "/proc/sys/net/mptcp/enabled".
* If the flags are zero (0x0), the global connection default from NetworkManager.conf is
* honored. If still unspecified, the fallback is "enabled,subflow".
* Note that this means that MPTCP is by default done depending on the
* "/proc/sys/net/mptcp/enabled" sysctl.
*
* NetworkManager does not change the MPTCP limits nor enable MPTCP via
* "/proc/sys/net/mptcp/enabled". That is a host configuration which the

9
src/libnm-core-impl/tests/test-general.c
View file

@ -9123,6 +9123,10 @@ test_nm_utils_enum(void)
.nick = "nick-5",
.value = 5,
},
{
.nick = "nick-0",
.value = 0,
},
{
.nick = "nick-red",
.value = NM_TEST_GENERAL_COLOR_FLAGS_RED,
@ -9170,6 +9174,11 @@ test_nm_utils_enum(void)
"nick-5, green",
color_value_infos);
_test_nm_utils_enum_to_str_do_full(color_flags,
0,
"nick-0",
color_value_infos);
_test_nm_utils_enum_from_str_do(bool_enum, "", FALSE, 0, NULL);
_test_nm_utils_enum_from_str_do(bool_enum, " ", FALSE, 0, NULL);
_test_nm_utils_enum_from_str_do(bool_enum, "invalid", FALSE, 0, "invalid");

27
src/libnm-core-public/nm-dbus-interface.h
View file

@ -1319,12 +1319,25 @@ typedef enum /*< flags >*/ {
* NMMptcpFlags:
* @NM_MPTCP_FLAGS_NONE: The default, meaning that no MPTCP flags are set.
* @NM_MPTCP_FLAGS_DISABLED: don't configure MPTCP endpoints on the device.
* @NM_MPTCP_FLAGS_ENABLED_ON_GLOBAL_IFACE: MPTCP handling is enabled
* or disabled depending on whether a /0 default route (either IPv4 or IPv6) is
* configured in the main routing table.
* @NM_MPTCP_FLAGS_ENABLED: MPTCP is enabled and endpoints will be configured.
* This flag is implied if any of the other flags indicate that
* MPTCP is enabled and therefore in most cases unnecessary.
* Note that if "/proc/sys/net/mptcp/enabled" sysctl is disabled, MPTCP
* handling is disabled despite this flag. This can be overruled with the
* "also-without-sysctl" flag.
* Note that by default interfaces that don't have a default route are
* excluded from having MPTCP endpoints configured. This can be overruled
* with the "also-without-default-route" and this affects endpoints
* per address family.
* @NM_MPTCP_FLAGS_ALSO_WITHOUT_SYSCTL: even if MPTCP handling is enabled
* via the "enabled" flag, it is ignored unless "/proc/sys/net/mptcp/enabled"
* is on. With this flag, MPTCP endpoints will be configured regardless
* of the sysctl setting.
* @NM_MPTCP_FLAGS_ALSO_WITHOUT_DEFAULT_ROUTE: even if MPTCP handling is enabled
* via the "enabled" flag, it is ignored per-address family unless NetworkManager
* configures a default route. With this flag, NetworkManager will also configure
* MPTCP endpoints if there is no default route. This takes effect per-address
* family.
* @NM_MPTCP_FLAGS_SIGNAL: Flag for the MPTCP endpoint. The endpoint will be
* announced/signaled to each peer via an MPTCP ADD_ADDR sub-option.
* @NM_MPTCP_FLAGS_SUBFLOW: Flag for the MPTCP endpoint. If additional subflow creation
@ -1350,9 +1363,11 @@ typedef enum /*< flags >*/ {
typedef enum /*< flags >*/ {
NM_MPTCP_FLAGS_NONE = 0,
NM_MPTCP_FLAGS_DISABLED = 0x1,
NM_MPTCP_FLAGS_ENABLED_ON_GLOBAL_IFACE = 0x2,
NM_MPTCP_FLAGS_ENABLED = 0x4,
NM_MPTCP_FLAGS_DISABLED = 0x1,
NM_MPTCP_FLAGS_ENABLED = 0x2,
NM_MPTCP_FLAGS_ALSO_WITHOUT_SYSCTL = 0x4,
NM_MPTCP_FLAGS_ALSO_WITHOUT_DEFAULT_ROUTE = 0x8,
NM_MPTCP_FLAGS_SIGNAL = 0x10,
NM_MPTCP_FLAGS_SUBFLOW = 0x20,

6
src/libnm-glib-aux/nm-enum-utils.c
View file

@ -136,7 +136,8 @@ _nm_utils_enum_to_str_full(GType type,
else
return g_strdup(enum_value->value_nick);
} else if (G_IS_FLAGS_CLASS(klass)) {
unsigned uvalue = (unsigned) value;
unsigned uvalue = (unsigned) value;
gboolean uvalue_was_zero = (uvalue == 0);
GFlagsValue *flags_value;
NMStrBuf strbuf;
@ -147,6 +148,9 @@ _nm_utils_enum_to_str_full(GType type,
for (; value_infos && value_infos->nick; value_infos++) {
nm_assert(_enum_is_valid_flags_nick(value_infos->nick));
if (value_infos->value == 0 && !uvalue_was_zero)
continue;
if (uvalue == 0) {
if (value_infos->value != 0)
continue;

2
src/libnmc-setting/settings-docs.h.in
View file

@ -14,7 +14,7 @@
#define DESCRIBE_DOC_NM_SETTING_CONNECTION_MASTER N_("Interface name of the master device or UUID of the master connection.")
#define DESCRIBE_DOC_NM_SETTING_CONNECTION_MDNS N_("Whether mDNS is enabled for the connection. The permitted values are: \"yes\" (2) register hostname and resolving for the connection, \"no\" (0) disable mDNS for the interface, \"resolve\" (1) do not register hostname but allow resolving of mDNS host names and \"default\" (-1) to allow lookup of a global default in NetworkManager.conf. If unspecified, \"default\" ultimately depends on the DNS plugin (which for systemd-resolved currently means \"no\"). This feature requires a plugin which supports mDNS. Otherwise, the setting has no effect. One such plugin is dns-systemd-resolved.")
#define DESCRIBE_DOC_NM_SETTING_CONNECTION_METERED N_("Whether the connection is metered. When updating this property on a currently activated connection, the change takes effect immediately.")
#define DESCRIBE_DOC_NM_SETTING_CONNECTION_MPTCP_FLAGS N_("Whether to configure MPTCP endpoints and the address flags. If MPTCP is enabled in NetworkManager, it will configure the addresses of the interface as MPTCP endpoints. Note that IPv4 loopback addresses (127.0.0.0/8), IPv4 link local addresses (169.254.0.0/16), the IPv6 loopback address (::1), IPv6 link local addresses (fe80::/10), IPv6 unique local addresses (ULA, fc00::/7) and IPv6 privacy extension addresses (rfc3041, ipv6.ip6-privacy) will be excluded from being configured as endpoints. If \"disabled\" (0x1), MPTCP handling for the interface is disabled and no endpoints are registered. The flag \"enabled-on-global-iface\" (0x2) means that MPTCP handling is enabled if the interface configures a default route in the main routing table. This choice is per-address family, for example if there is an IPv4 default route 0.0.0.0/0, IPv4 endpoints are configured. The \"enabled\" (0x4) flag means that MPTCP handling is explicitly enabled. This flag can also be implied from the presence of other flags. If MPTCP handling is enabled, then endpoints will be configured with the specified address flags \"signal\" (0x10), \"subflow\" (0x20), \"backup\" (0x40), \"fullmesh\" (0x80). See ip-mptcp(8) manual for additional information about the flags. If the flags are zero, the global connection default from NetworkManager.conf is honored. If still unspecified, the fallback is either \"disabled\" or \"enabled-on-global-iface,subflow\" depending on \"/proc/sys/net/mptcp/enabled\". NetworkManager does not change the MPTCP limits nor enable MPTCP via \"/proc/sys/net/mptcp/enabled\". That is a host configuration which the admin can change via sysctl and ip-mptcp. Strict reverse path filtering (rp_filter) breaks many MPTCP use cases, so when MPTCP handling for IPv4 addresses on the interface is enabled, NetworkManager would loosen the strict reverse path filtering (1) to the loose setting (2).")
#define DESCRIBE_DOC_NM_SETTING_CONNECTION_MPTCP_FLAGS N_("Whether to configure MPTCP endpoints and the address flags. If MPTCP is enabled in NetworkManager, it will configure the addresses of the interface as MPTCP endpoints. Note that IPv4 loopback addresses (127.0.0.0/8), IPv4 link local addresses (169.254.0.0/16), the IPv6 loopback address (::1), IPv6 link local addresses (fe80::/10), IPv6 unique local addresses (ULA, fc00::/7) and IPv6 privacy extension addresses (rfc3041, ipv6.ip6-privacy) will be excluded from being configured as endpoints. If \"disabled\" (0x1), MPTCP handling for the interface is disabled and no endpoints are registered. The \"enabled\" (0x2) flag means that MPTCP handling is enabled. This flag can also be implied from the presence of other flags. Even when enabled, MPTCP handling will by default still be disabled unless \"/proc/sys/net/mptcp/enabled\" sysctl is on. NetworkManager does not change the sysctl and this is up to the administrator or distribution. To configure endpoints even if the sysctl is disabled, \"also-without-sysctl\" (0x4) flag can be used. In that case, NetworkManager doesn't look at the sysctl and configures endpoints regardless. Even when enabled, NetworkManager will only configure MPTCP endpoints for a certain address family, if there is a unicast default route (0.0.0.0/0 or ::/0) in the main routing table. The flag \"also-without-default-route\" (0x8) can override that. When MPTCP handling is enabled then endpoints are configured with the specified address flags \"signal\" (0x10), \"subflow\" (0x20), \"backup\" (0x40), \"fullmesh\" (0x80). See ip-mptcp(8) manual for additional information about the flags. If the flags are zero (0x0), the global connection default from NetworkManager.conf is honored. If still unspecified, the fallback is \"enabled,subflow\". Note that this means that MPTCP is by default done depending on the \"/proc/sys/net/mptcp/enabled\" sysctl. NetworkManager does not change the MPTCP limits nor enable MPTCP via \"/proc/sys/net/mptcp/enabled\". That is a host configuration which the admin can change via sysctl and ip-mptcp. Strict reverse path filtering (rp_filter) breaks many MPTCP use cases, so when MPTCP handling for IPv4 addresses on the interface is enabled, NetworkManager would loosen the strict reverse path filtering (1) to the loose setting (2).")
#define DESCRIBE_DOC_NM_SETTING_CONNECTION_MUD_URL N_("If configured, set to a Manufacturer Usage Description (MUD) URL that points to manufacturer-recommended network policies for IoT devices. It is transmitted as a DHCPv4 or DHCPv6 option. The value must be a valid URL starting with \"https://\". The special value \"none\" is allowed to indicate that no MUD URL is used. If the per-profile value is unspecified (the default), a global connection default gets consulted. If still unspecified, the ultimate default is \"none\".")
#define DESCRIBE_DOC_NM_SETTING_CONNECTION_MULTI_CONNECT N_("Specifies whether the profile can be active multiple times at a particular moment. The value is of type NMConnectionMultiConnect.")
#define DESCRIBE_DOC_NM_SETTING_CONNECTION_PERMISSIONS N_("An array of strings defining what access a given user has to this connection. If this is NULL or empty, all users are allowed to access this connection; otherwise users are allowed if and only if they are in this list. When this is not empty, the connection can be active only when one of the specified users is logged into an active session. Each entry is of the form \"[type]:[id]:[reserved]\"; for example, \"user:dcbw:blah\". At this time only the \"user\" [type] is allowed. Any other values are ignored and reserved for future use. [id] is the username that this permission refers to, which may not contain the \":\" character. Any [reserved] information present must be ignored and is reserved for future use. All of [type], [id], and [reserved] must be valid UTF-8.")

2
src/nmcli/generate-docs-nm-settings-nmcli.xml.in
View file

@ -420,7 +420,7 @@
<property name="dns-over-tls"
description="Whether DNSOverTls (dns-over-tls) is enabled for the connection. DNSOverTls is a technology which uses TLS to encrypt dns traffic. The permitted values are: &quot;yes&quot; (2) use DNSOverTls and disabled fallback, &quot;opportunistic&quot; (1) use DNSOverTls but allow fallback to unencrypted resolution, &quot;no&quot; (0) don&apos;t ever use DNSOverTls. If unspecified &quot;default&quot; depends on the plugin used. Systemd-resolved uses global setting. This feature requires a plugin which supports DNSOverTls. Otherwise, the setting has no effect. One such plugin is dns-systemd-resolved." />
<property name="mptcp-flags"
description="Whether to configure MPTCP endpoints and the address flags. If MPTCP is enabled in NetworkManager, it will configure the addresses of the interface as MPTCP endpoints. Note that IPv4 loopback addresses (127.0.0.0/8), IPv4 link local addresses (169.254.0.0/16), the IPv6 loopback address (::1), IPv6 link local addresses (fe80::/10), IPv6 unique local addresses (ULA, fc00::/7) and IPv6 privacy extension addresses (rfc3041, ipv6.ip6-privacy) will be excluded from being configured as endpoints. If &quot;disabled&quot; (0x1), MPTCP handling for the interface is disabled and no endpoints are registered. The flag &quot;enabled-on-global-iface&quot; (0x2) means that MPTCP handling is enabled if the interface configures a default route in the main routing table. This choice is per-address family, for example if there is an IPv4 default route 0.0.0.0/0, IPv4 endpoints are configured. The &quot;enabled&quot; (0x4) flag means that MPTCP handling is explicitly enabled. This flag can also be implied from the presence of other flags. If MPTCP handling is enabled, then endpoints will be configured with the specified address flags &quot;signal&quot; (0x10), &quot;subflow&quot; (0x20), &quot;backup&quot; (0x40), &quot;fullmesh&quot; (0x80). See ip-mptcp(8) manual for additional information about the flags. If the flags are zero, the global connection default from NetworkManager.conf is honored. If still unspecified, the fallback is either &quot;disabled&quot; or &quot;enabled-on-global-iface,subflow&quot; depending on &quot;/proc/sys/net/mptcp/enabled&quot;. NetworkManager does not change the MPTCP limits nor enable MPTCP via &quot;/proc/sys/net/mptcp/enabled&quot;. That is a host configuration which the admin can change via sysctl and ip-mptcp. Strict reverse path filtering (rp_filter) breaks many MPTCP use cases, so when MPTCP handling for IPv4 addresses on the interface is enabled, NetworkManager would loosen the strict reverse path filtering (1) to the loose setting (2)." />
description="Whether to configure MPTCP endpoints and the address flags. If MPTCP is enabled in NetworkManager, it will configure the addresses of the interface as MPTCP endpoints. Note that IPv4 loopback addresses (127.0.0.0/8), IPv4 link local addresses (169.254.0.0/16), the IPv6 loopback address (::1), IPv6 link local addresses (fe80::/10), IPv6 unique local addresses (ULA, fc00::/7) and IPv6 privacy extension addresses (rfc3041, ipv6.ip6-privacy) will be excluded from being configured as endpoints. If &quot;disabled&quot; (0x1), MPTCP handling for the interface is disabled and no endpoints are registered. The &quot;enabled&quot; (0x2) flag means that MPTCP handling is enabled. This flag can also be implied from the presence of other flags. Even when enabled, MPTCP handling will by default still be disabled unless &quot;/proc/sys/net/mptcp/enabled&quot; sysctl is on. NetworkManager does not change the sysctl and this is up to the administrator or distribution. To configure endpoints even if the sysctl is disabled, &quot;also-without-sysctl&quot; (0x4) flag can be used. In that case, NetworkManager doesn&apos;t look at the sysctl and configures endpoints regardless. Even when enabled, NetworkManager will only configure MPTCP endpoints for a certain address family, if there is a unicast default route (0.0.0.0/0 or ::/0) in the main routing table. The flag &quot;also-without-default-route&quot; (0x8) can override that. When MPTCP handling is enabled then endpoints are configured with the specified address flags &quot;signal&quot; (0x10), &quot;subflow&quot; (0x20), &quot;backup&quot; (0x40), &quot;fullmesh&quot; (0x80). See ip-mptcp(8) manual for additional information about the flags. If the flags are zero (0x0), the global connection default from NetworkManager.conf is honored. If still unspecified, the fallback is &quot;enabled,subflow&quot;. Note that this means that MPTCP is by default done depending on the &quot;/proc/sys/net/mptcp/enabled&quot; sysctl. NetworkManager does not change the MPTCP limits nor enable MPTCP via &quot;/proc/sys/net/mptcp/enabled&quot;. That is a host configuration which the admin can change via sysctl and ip-mptcp. Strict reverse path filtering (rp_filter) breaks many MPTCP use cases, so when MPTCP handling for IPv4 addresses on the interface is enabled, NetworkManager would loosen the strict reverse path filtering (1) to the loose setting (2)." />
<property name="mud-url"
description="If configured, set to a Manufacturer Usage Description (MUD) URL that points to manufacturer-recommended network policies for IoT devices. It is transmitted as a DHCPv4 or DHCPv6 option. The value must be a valid URL starting with &quot;https://&quot;. The special value &quot;none&quot; is allowed to indicate that no MUD URL is used. If the per-profile value is unspecified (the default), a global connection default gets consulted. If still unspecified, the ultimate default is &quot;none&quot;." />
<property name="wait-device-timeout"