NMSettingMacsec

NMSettingMacsec — Describes connection properties for MACSEC interfaces

Properties

gboolean encrypt Read / Write
char * mka-cak Read / Write
NMSettingSecretFlags mka-cak-flags Read / Write
char * mka-ckn Read / Write
int mode Read / Write
char * parent Read / Write
int port Read / Write
gboolean send-sci Read / Write
int validation Read / Write

Object Hierarchy

    GEnum
    ├── NMSettingMacsecMode
    ╰── NMSettingMacsecValidation
    GObject
    ╰── NMSetting
        ╰── NMSettingMacsec

Description

The NMSettingMacsec object is a NMSetting subclass that describes properties necessary for connection to MACsec (IEEE 802.1AE) interfaces.

Functions

nm_setting_macsec_new ()

NMSetting *
nm_setting_macsec_new (void);

Creates a new NMSettingMacsec object with default values.

Returns

the new empty NMSettingMacsec object.

[transfer full]

Since: 1.6


nm_setting_macsec_get_parent ()

const char *
nm_setting_macsec_get_parent (NMSettingMacsec *setting);

Parameters

setting

the NMSettingMacsec

 

Returns

the “parent” property of the setting

Since: 1.6


nm_setting_macsec_get_mode ()

NMSettingMacsecMode
nm_setting_macsec_get_mode (NMSettingMacsec *setting);

Parameters

setting

the NMSettingMacsec

 

Returns

the “mode” property of the setting

Since: 1.6


nm_setting_macsec_get_encrypt ()

gboolean
nm_setting_macsec_get_encrypt (NMSettingMacsec *setting);

Parameters

setting

the NMSettingMacsec

 

Returns

the “encrypt” property of the setting

Since: 1.6


nm_setting_macsec_get_mka_cak ()

const char *
nm_setting_macsec_get_mka_cak (NMSettingMacsec *setting);

Parameters

setting

the NMSettingMacsec

 

Returns

the “mka-cak” property of the setting

Since: 1.6


nm_setting_macsec_get_mka_cak_flags ()

NMSettingSecretFlags
nm_setting_macsec_get_mka_cak_flags (NMSettingMacsec *setting);

Parameters

setting

the NMSettingMacsec

 

Returns

the NMSettingSecretFlags pertaining to the “mka-cak”

Since: 1.6


nm_setting_macsec_get_mka_ckn ()

const char *
nm_setting_macsec_get_mka_ckn (NMSettingMacsec *setting);

Parameters

setting

the NMSettingMacsec

 

Returns

the “mka-ckn” property of the setting

Since: 1.6


nm_setting_macsec_get_port ()

int
nm_setting_macsec_get_port (NMSettingMacsec *setting);

Parameters

setting

the NMSettingMacsec

 

Returns

the “port” property of the setting

Since: 1.6


nm_setting_macsec_get_validation ()

NMSettingMacsecValidation
nm_setting_macsec_get_validation (NMSettingMacsec *setting);

Parameters

setting

the NMSettingMacsec

 

Returns

the “validation” property of the setting

Since: 1.6


nm_setting_macsec_get_send_sci ()

gboolean
nm_setting_macsec_get_send_sci (NMSettingMacsec *setting);

Parameters

setting

the NMSettingMacsec

 

Returns

the “send-sci” property of the setting

Since: 1.12

Types and Values

NM_SETTING_MACSEC_SETTING_NAME

#define NM_SETTING_MACSEC_SETTING_NAME "macsec"

NM_SETTING_MACSEC_PARENT

#define NM_SETTING_MACSEC_PARENT        "parent"

NM_SETTING_MACSEC_MODE

#define NM_SETTING_MACSEC_MODE          "mode"

NM_SETTING_MACSEC_ENCRYPT

#define NM_SETTING_MACSEC_ENCRYPT       "encrypt"

NM_SETTING_MACSEC_MKA_CAK

#define NM_SETTING_MACSEC_MKA_CAK       "mka-cak"

NM_SETTING_MACSEC_MKA_CAK_FLAGS

#define NM_SETTING_MACSEC_MKA_CAK_FLAGS "mka-cak-flags"

NM_SETTING_MACSEC_MKA_CKN

#define NM_SETTING_MACSEC_MKA_CKN       "mka-ckn"

NM_SETTING_MACSEC_PORT

#define NM_SETTING_MACSEC_PORT          "port"

NM_SETTING_MACSEC_VALIDATION

#define NM_SETTING_MACSEC_VALIDATION    "validation"

NM_SETTING_MACSEC_SEND_SCI

#define NM_SETTING_MACSEC_SEND_SCI      "send-sci"

NMSettingMacsec

typedef struct _NMSettingMacsec NMSettingMacsec;

MACSec Settings


enum NMSettingMacsecMode

NMSettingMacsecMode controls how the CAK (Connectivity Association Key) used in MKA (MACsec Key Agreement) is obtained.

Members

NM_SETTING_MACSEC_MODE_PSK

The CAK is pre-shared

 

NM_SETTING_MACSEC_MODE_EAP

The CAK is the result of participation in EAP

 

Since: 1.6


enum NMSettingMacsecValidation

NMSettingMacsecValidation specifies a validation mode for incoming frames.

Members

NM_SETTING_MACSEC_VALIDATION_DISABLE

All incoming frames are accepted if possible

 

NM_SETTING_MACSEC_VALIDATION_CHECK

Non protected, invalid, or impossible to verify frames are accepted and counted as "invalid"

 

NM_SETTING_MACSEC_VALIDATION_STRICT

Non protected, invalid, or impossible to verify frames are dropped

 

Since: 1.6


NM_SETTING_MACSEC_MKA_CAK_LENGTH

#define NM_SETTING_MACSEC_MKA_CAK_LENGTH 32

NM_SETTING_MACSEC_MKA_CKN_LENGTH

#define NM_SETTING_MACSEC_MKA_CKN_LENGTH 64

Property Details

The “encrypt” property

  “encrypt”                  gboolean

Whether the transmitted traffic must be encrypted.

Owner: NMSettingMacsec

Flags: Read / Write

Default value: TRUE

Since: 1.6


The “mka-cak” property

  “mka-cak”                  char *

The pre-shared CAK (Connectivity Association Key) for MACsec Key Agreement.

Owner: NMSettingMacsec

Flags: Read / Write

Default value: NULL

Since: 1.6


The “mka-cak-flags” property

  “mka-cak-flags”            NMSettingSecretFlags

Flags indicating how to handle the “mka-cak” property.

Owner: NMSettingMacsec

Flags: Read / Write

Since: 1.6


The “mka-ckn” property

  “mka-ckn”                  char *

The pre-shared CKN (Connectivity-association Key Name) for MACsec Key Agreement.

Owner: NMSettingMacsec

Flags: Read / Write

Default value: NULL

Since: 1.6


The “mode” property

  “mode”                     int

Specifies how the CAK (Connectivity Association Key) for MKA (MACsec Key Agreement) is obtained.

Owner: NMSettingMacsec

Flags: Read / Write

Default value: 0

Since: 1.6


The “parent” property

  “parent”                   char *

If given, specifies the parent interface name or parent connection UUID from which this MACSEC interface should be created. If this property is not specified, the connection must contain an NMSettingWired setting with a “mac-address” property.

Owner: NMSettingMacsec

Flags: Read / Write

Default value: NULL

Since: 1.6


The “port” property

  “port”                     int

The port component of the SCI (Secure Channel Identifier), between 1 and 65534.

Owner: NMSettingMacsec

Flags: Read / Write

Allowed values: [1,65534]

Default value: 1

Since: 1.6


The “send-sci” property

  “send-sci”                 gboolean

Specifies whether the SCI (Secure Channel Identifier) is included in every packet.

Owner: NMSettingMacsec

Flags: Read / Write

Default value: TRUE

Since: 1.12


The “validation” property

  “validation”               int

Specifies the validation mode for incoming frames.

Owner: NMSettingMacsec

Flags: Read / Write

Default value: 2

Since: 1.6