colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

macsec: support the offload property

Browse Source
This commit is contained in:
Beniamino Galvani
2024-02-08 16:57:28 +01:00
parent aa418275cf
commit 010c54dce9
5 changed files with 51 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
man/NetworkManager.conf.xml
View File

@@ -1032,6 +1032,9 @@ ipv6.ip6-privacy=0
<term><varname>loopback.mtu</varname></term>
<listitem><para>If configured explicitly to 0, the MTU is not reconfigured during device activation unless it is required due to IPv6 constraints. If left unspecified, a DHCP/IPv6 SLAAC provided value is used or the MTU is left unspecified on activation.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>macsec.offload</varname></term>
</varlistentry>
<varlistentry>
<term><varname>sriov.autoprobe-drivers</varname></term>
<listitem><para>If left unspecified, drivers are autoprobed when the SR-IOV VF gets created.</para></listitem>

17
src/core/devices/nm-device-macsec.c
View File

@@ -10,6 +10,7 @@
#include <linux/if_ether.h>
#include "nm-act-request.h"
#include "nm-config.h"
#include "nm-device-private.h"
#include "libnm-platform/nm-platform.h"
#include "nm-device-factory.h"
@@ -190,6 +191,7 @@ build_supplicant_config(NMDeviceMacsec *self, GError **error)
NMConnection *connection;
const char *con_uuid;
guint32 mtu;
int offload;
connection = nm_device_get_applied_connection(NM_DEVICE(self));
@@ -205,7 +207,20 @@ build_supplicant_config(NMDeviceMacsec *self, GError **error)
g_return_val_if_fail(s_macsec, NULL);
if (!nm_supplicant_config_add_setting_macsec(config, s_macsec, error)) {
offload = nm_setting_macsec_get_offload(s_macsec);
if (offload == NM_SETTING_MACSEC_OFFLOAD_DEFAULT) {
offload = nm_config_data_get_connection_default_int64(NM_CONFIG_GET_DATA,
NM_CON_DEFAULT("macsec.offload"),
NM_DEVICE(self),
NM_SETTING_MACSEC_OFFLOAD_OFF,
NM_SETTING_MACSEC_OFFLOAD_MAC,
NM_SETTING_MACSEC_OFFLOAD_OFF);
}
if (!nm_supplicant_config_add_setting_macsec(config,
s_macsec,
(NMSettingMacsecOffload) offload,
error)) {
g_prefix_error(error, "macsec-setting: ");
return NULL;
}

24
src/core/supplicant/nm-supplicant-config.c
View File

@@ -398,12 +398,14 @@ again:
gboolean
nm_supplicant_config_add_setting_macsec(NMSupplicantConfig *self,
NMSettingMacsec *setting,
NMSettingMacsecOffload offload,
GError **error)
{
const char *value;
char buf[32];
int port;
gsize key_len;
const char *offload_str = NULL;
g_return_val_if_fail(NM_IS_SUPPLICANT_CONFIG(self), FALSE);
g_return_val_if_fail(setting != NULL, FALSE);
@@ -472,6 +474,28 @@ nm_supplicant_config_add_setting_macsec(NMSupplicantConfig *self,
return FALSE;
}
switch (offload) {
case NM_SETTING_MACSEC_OFFLOAD_OFF:
/* This is the default in wpa_supplicant. Don't set the option,
* so that if user doesn't enable offload, the connection still
* works with previous versions of the supplicant.
*/
break;
case NM_SETTING_MACSEC_OFFLOAD_PHY:
offload_str = "1";
break;
case NM_SETTING_MACSEC_OFFLOAD_MAC:
offload_str = "2";
break;
case NM_SETTING_MACSEC_OFFLOAD_DEFAULT:
nm_assert_not_reached();
break;
}
if (offload_str
&& !nm_supplicant_config_add_option(self, "macsec_offload", offload_str, -1, NULL, error)) {
return FALSE;
}
return TRUE;
}

1
src/core/supplicant/nm-supplicant-config.h
View File

@@ -70,6 +70,7 @@ gboolean nm_supplicant_config_add_setting_8021x(NMSupplicantConfig *self,
gboolean nm_supplicant_config_add_setting_macsec(NMSupplicantConfig *self,
NMSettingMacsec *setting,
NMSettingMacsecOffload offload,
GError **error);
gboolean nm_supplicant_config_enable_pmf_akm(NMSupplicantConfig *self, GError **error);

1
src/core/supplicant/nm-supplicant-settings-verify.c
View File

@@ -87,6 +87,7 @@ static const struct Opt opt_table[] = {
"OWE",
"NONE", )),
OPT_INT("macsec_integ_only", 0, 1),
OPT_INT("macsec_offload", 0, 2),
OPT_INT("macsec_policy", 0, 1),
OPT_INT("macsec_port", 1, 65534),
OPT_BYTES("mka_cak", 65536),