From 60811b4809e8cddd4ff3808d7d0c803c11801113 Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Tue, 8 Sep 2015 20:22:17 +0200 Subject: setting-ip6-config: add addr-gen-mode property --- libnm-core/nm-setting-ip6-config.c | 92 ++++++++++++++++++++++++++++++++++++++ libnm-core/nm-setting-ip6-config.h | 23 ++++++++++ libnm/libnm.ver | 2 + 3 files changed, 117 insertions(+) diff --git a/libnm-core/nm-setting-ip6-config.c b/libnm-core/nm-setting-ip6-config.c index 9884b86c9c..104c922cea 100644 --- a/libnm-core/nm-setting-ip6-config.c +++ b/libnm-core/nm-setting-ip6-config.c @@ -26,6 +26,7 @@ #include "nm-setting-ip6-config.h" #include "nm-setting-private.h" #include "nm-core-enum-types.h" +#include "nm-macros-internal.h" /** * SECTION:nm-setting-ip6-config @@ -57,12 +58,14 @@ NM_SETTING_REGISTER_TYPE (NM_TYPE_SETTING_IP6_CONFIG) typedef struct { NMSettingIP6ConfigPrivacy ip6_privacy; + NMSettingIP6ConfigAddrGenMode addr_gen_mode; } NMSettingIP6ConfigPrivate; enum { PROP_0, PROP_IP6_PRIVACY, + PROP_ADDR_GEN_MODE, LAST_PROP }; @@ -97,9 +100,30 @@ nm_setting_ip6_config_get_ip6_privacy (NMSettingIP6Config *setting) return NM_SETTING_IP6_CONFIG_GET_PRIVATE (setting)->ip6_privacy; } +/** + * nm_setting_ip6_config_get_addr_gen_mode: + * @setting: the #NMSettingIP6Config + * + * Returns the value contained in the #NMSettingIP6Config:addr-gen-mode + * property. + * + * Returns: IPv6 Address Generation Mode. + * + * Since: 1.2 + **/ +NMSettingIP6ConfigAddrGenMode +nm_setting_ip6_config_get_addr_gen_mode (NMSettingIP6Config *setting) +{ + g_return_val_if_fail (NM_IS_SETTING_IP6_CONFIG (setting), + NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE_EUI64); + + return NM_SETTING_IP6_CONFIG_GET_PRIVATE (setting)->addr_gen_mode; +} + static gboolean verify (NMSetting *setting, NMConnection *connection, GError **error) { + NMSettingIP6ConfigPrivate *priv = NM_SETTING_IP6_CONFIG_GET_PRIVATE (setting); NMSettingIPConfig *s_ip = NM_SETTING_IP_CONFIG (setting); NMSettingVerifyResult ret; const char *method; @@ -166,6 +190,17 @@ verify (NMSetting *setting, NMConnection *connection, GError **error) return FALSE; } + if (!NM_IN_SET (priv->addr_gen_mode, + NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE_EUI64, + NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE_STABLE_PRIVACY)) { + g_set_error_literal (error, + NM_CONNECTION_ERROR, + NM_CONNECTION_ERROR_INVALID_PROPERTY, + _("property is invalid")); + g_prefix_error (error, "%s.%s: ", NM_SETTING_IP6_CONFIG_SETTING_NAME, NM_SETTING_IP_CONFIG_METHOD); + return FALSE; + } + return TRUE; } @@ -330,6 +365,9 @@ set_property (GObject *object, guint prop_id, case PROP_IP6_PRIVACY: priv->ip6_privacy = g_value_get_enum (value); break; + case PROP_ADDR_GEN_MODE: + priv->addr_gen_mode = g_value_get_int (value); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -346,6 +384,9 @@ get_property (GObject *object, guint prop_id, case PROP_IP6_PRIVACY: g_value_set_enum (value, priv->ip6_privacy); break; + case PROP_ADDR_GEN_MODE: + g_value_set_int (value, priv->addr_gen_mode); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -511,6 +552,10 @@ nm_setting_ip6_config_class_init (NMSettingIP6ConfigClass *ip6_class) * * If also global configuration is unspecified or set to "-1", fallback to read * "/proc/sys/net/ipv6/conf/default/use_tempaddr". + * + * Note that this setting is distinct from the Stable Privacy addresses + * that can be enabled with the "addr-gen-mode" property's "stable-privacy" + * setting as another way of avoiding host tracking with IPv6 addresses. **/ /* ---ifcfg-rh--- * property: ip6-privacy @@ -531,6 +576,53 @@ nm_setting_ip6_config_class_init (NMSettingIP6ConfigClass *ip6_class) G_PARAM_CONSTRUCT | G_PARAM_STATIC_STRINGS)); + /** + * NMSettingIP6Config:addr-gen-mode: + * + * Configure method for creating the address for use with RFC4862 IPv6 + * Stateless Address Autoconfiguration. The permitted values are: "eui64", + * "stable-privacy" or unset. + * + * If the property is set to "eui64", the addresses will be generated + * using the interface tokens derived from hardware address. This makes + * the host part of the address to stay constant, making it possible + * to track host's presence when it changes networks. The address changes + * when the interface hardware is replaced. + * + * The value of "stable-privacy" enables use of cryptographically + * secure hash of a secret host-specific key along with the connection + * identification and the network address as specified by RFC7217. + * This makes it impossible to use the address track host's presence, + * and makes the address stable when the network interface hardware is + * replaced. + * + * Leaving this unset causes a default that could be subject to change + * in future versions to be used. + * + * Note that this setting is distinct from the Privacy Extensions as + * configured by "ip6-privacy" property and it does not affect the + * temporary addresses configured with this option. + * + * Since: 1.2 + **/ + /* ---ifcfg-rh--- + * property: addr-gen-mode + * variable: IPV6_ADDR_GEN_MODE + * values: IPV6_ADDR_GEN_MODE: eui64, stable-privacy + * default: eui64 + * description: Configure IPv6 Stable Privacy addressing for SLAAC (RFC7217). + * example: IPV6_ADDR_GEN_MODE=stable-privacy + * ---end--- + */ + g_object_class_install_property + (object_class, PROP_ADDR_GEN_MODE, + g_param_spec_int (NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE, "", "", + G_MININT, G_MAXINT, + NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE_EUI64, + G_PARAM_READWRITE | + G_PARAM_CONSTRUCT | + G_PARAM_STATIC_STRINGS)); + /* IP6-specific property overrides */ /* ---dbus--- diff --git a/libnm-core/nm-setting-ip6-config.h b/libnm-core/nm-setting-ip6-config.h index b791e937b4..fc7dc86c74 100644 --- a/libnm-core/nm-setting-ip6-config.h +++ b/libnm-core/nm-setting-ip6-config.h @@ -41,6 +41,8 @@ G_BEGIN_DECLS #define NM_SETTING_IP6_CONFIG_IP6_PRIVACY "ip6-privacy" +#define NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE "addr-gen-mode" + /** * NM_SETTING_IP6_CONFIG_METHOD_IGNORE: * @@ -114,6 +116,25 @@ typedef enum { NM_SETTING_IP6_CONFIG_PRIVACY_PREFER_TEMP_ADDR = 2 } NMSettingIP6ConfigPrivacy; +/** + * NMSettingIP6ConfigAddrGenMode: + * @NM_SETTING_IP6_CONFIG_PRIVACY_EUI64: The Interface Identifier is derived + * from the interface hardware address. + * @NM_SETTING_IP6_CONFIG_PRIVACY_STABLE_PRIVACY: The Interface Identifier + * is created by using a cryptographically secure hash of a secret host-specific + * key along with the connection identification and the network address as + * specified by RFC7217. + * + * #NMSettingIP6ConfigAddrGenMode controls how the the Interface Identifier for + * RFC4862 Stateless Address Autoconfiguration is created. + * + * Since: 1.2 + */ +typedef enum { + NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE_EUI64 = 0, + NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE_STABLE_PRIVACY = 1, +} NMSettingIP6ConfigAddrGenMode; + struct _NMSettingIP6Config { NMSettingIPConfig parent; }; @@ -130,6 +151,8 @@ GType nm_setting_ip6_config_get_type (void); NMSetting *nm_setting_ip6_config_new (void); NMSettingIP6ConfigPrivacy nm_setting_ip6_config_get_ip6_privacy (NMSettingIP6Config *setting); +NM_AVAILABLE_IN_1_2 +NMSettingIP6ConfigAddrGenMode nm_setting_ip6_config_get_addr_gen_mode (NMSettingIP6Config *setting); G_END_DECLS diff --git a/libnm/libnm.ver b/libnm/libnm.ver index 71ae69f3aa..c99fc81917 100644 --- a/libnm/libnm.ver +++ b/libnm/libnm.ver @@ -882,6 +882,8 @@ global: nm_setting_connection_get_metered; nm_setting_connection_lldp_get_type; nm_setting_ip4_config_get_dhcp_timeout; + nm_setting_ip6_config_addr_gen_mode_get_type; + nm_setting_ip6_config_get_addr_gen_mode; nm_setting_ip_config_add_dns_option; nm_setting_ip_config_clear_dns_options; nm_setting_ip_config_get_dns_option; -- cgit v1.2.1