libnm: support VTI properties in the ip-tunnel setting

Add the fwmark property and allow setting input and output key for VTI
tunnels.

7 files changed, 72 insertions, 2 deletions

diff --git a/src/libnm-client-impl/libnm.ver b/src/libnm-client-impl/libnm.ver
index 8c9a4ef158..2271386860 100644
--- a/src/libnm-client-impl/libnm.ver
+++ b/src/libnm-client-impl/libnm.ver
@@ -1896,6 +1896,7 @@ global:
 	nm_range_unref;
 	nm_setting_ip_config_get_dhcp_iaid;
 	nm_setting_ip_config_get_dhcp_iaid;
+	nm_setting_ip_tunnel_get_fwmark;
 	nm_setting_loopback_get_mtu;
 	nm_setting_loopback_get_type;
 	nm_setting_loopback_new;
diff --git a/src/libnm-core-impl/gen-metadata-nm-settings-libnm-core.xml.in b/src/libnm-core-impl/gen-metadata-nm-settings-libnm-core.xml.in
index 6e4347b915..c0868afb22 100644
--- a/src/libnm-core-impl/gen-metadata-nm-settings-libnm-core.xml.in
+++ b/src/libnm-core-impl/gen-metadata-nm-settings-libnm-core.xml.in
@@ -1422,6 +1422,10 @@
                   dbus-type="u"
                   gprop-type="guint"
                   />
+        <property name="fwmark"
+                  dbus-type="u"
+                  gprop-type="guint"
+                  />
         <property name="input-key"
                   dbus-type="s"
                   gprop-type="gchararray"
diff --git a/src/libnm-core-impl/nm-setting-ip-tunnel.c b/src/libnm-core-impl/nm-setting-ip-tunnel.c
index da464c1ae1..7fb8b01739 100644
--- a/src/libnm-core-impl/nm-setting-ip-tunnel.c
+++ b/src/libnm-core-impl/nm-setting-ip-tunnel.c
@@ -28,6 +28,7 @@ NM_GOBJECT_PROPERTIES_DEFINE_BASE(PROP_PARENT,
                                   PROP_OUTPUT_KEY,
                                   PROP_ENCAPSULATION_LIMIT,
                                   PROP_FLOW_LABEL,
+                                  PROP_FWMARK,
                                   PROP_MTU,
                                   PROP_FLAGS, );
 
@@ -41,6 +42,7 @@ typedef struct {
     guint32 tos;
     guint32 encapsulation_limit;
     guint32 flow_label;
+    guint32 fwmark;
     guint32 mode;
     guint32 mtu;
     guint32 flags;
@@ -269,6 +271,24 @@ nm_setting_ip_tunnel_get_flow_label(NMSettingIPTunnel *setting)
 }
 
 /**
+ * nm_setting_ip_tunnel_get_fwmark:
+ * @setting: the #NMSettingIPTunnel
+ *
+ * Returns the #NMSettingIPTunnel:fwmark property of the setting.
+ *
+ * Returns: the fwmark value
+ *
+ * Since: 1.42
+ **/
+guint32
+nm_setting_ip_tunnel_get_fwmark(NMSettingIPTunnel *setting)
+{
+    g_return_val_if_fail(NM_IS_SETTING_IP_TUNNEL(setting), 0);
+
+    return NM_SETTING_IP_TUNNEL_GET_PRIVATE(setting)->fwmark;
+}
+
+/**
  * nm_setting_ip_tunnel_get_mtu:
  * @setting: the #NMSettingIPTunnel
  *
@@ -411,11 +431,13 @@ verify(NMSetting *setting, NMConnection *connection, GError **error)
                        NM_IP_TUNNEL_MODE_GRE,
                        NM_IP_TUNNEL_MODE_GRETAP,
                        NM_IP_TUNNEL_MODE_IP6GRE,
-                       NM_IP_TUNNEL_MODE_IP6GRETAP)) {
+                       NM_IP_TUNNEL_MODE_IP6GRETAP,
+                       NM_IP_TUNNEL_MODE_VTI,
+                       NM_IP_TUNNEL_MODE_VTI6)) {
             g_set_error_literal(error,
                                 NM_CONNECTION_ERROR,
                                 NM_CONNECTION_ERROR_INVALID_PROPERTY,
-                                _("tunnel keys can only be specified for GRE tunnels"));
+                                _("tunnel keys can only be specified for GRE and VTI tunnels"));
             return FALSE;
         }
     }
@@ -484,6 +506,18 @@ verify(NMSetting *setting, NMConnection *connection, GError **error)
         return FALSE;
     }
 
+    if (priv->fwmark && !NM_IN_SET(priv->mode, NM_IP_TUNNEL_MODE_VTI, NM_IP_TUNNEL_MODE_VTI6)) {
+        g_set_error_literal(error,
+                            NM_CONNECTION_ERROR,
+                            NM_CONNECTION_ERROR_INVALID_PROPERTY,
+                            _("can be set only on VTI tunnels"));
+        g_prefix_error(error,
+                       "%s.%s: ",
+                       NM_SETTING_IP_TUNNEL_SETTING_NAME,
+                       NM_SETTING_IP_TUNNEL_FWMARK);
+        return FALSE;
+    }
+
     if (nm_connection_get_setting_wired(connection) && !_nm_ip_tunnel_mode_is_layer2(priv->mode)) {
         g_set_error(error,
                     NM_CONNECTION_ERROR,
@@ -728,6 +762,25 @@ nm_setting_ip_tunnel_class_init(NMSettingIPTunnelClass *klass)
                                               flow_label);
 
     /**
+     * NMSettingIPTunnel:fwmark:
+     *
+     * The fwmark value to assign to tunnel packets. This property can be set
+     * to a non zero value only on VTI and VTI6 tunnels.
+     *
+     * Since: 1.42
+     **/
+    _nm_setting_property_define_direct_uint32(properties_override,
+                                              obj_properties,
+                                              NM_SETTING_IP_TUNNEL_FWMARK,
+                                              PROP_FWMARK,
+                                              0,
+                                              G_MAXUINT32,
+                                              0,
+                                              NM_SETTING_PARAM_INFERRABLE,
+                                              NMSettingIPTunnelPrivate,
+                                              fwmark);
+
+    /**
      * NMSettingIPTunnel:mtu:
      *
      * If non-zero, only transmit packets of the specified size or smaller,
diff --git a/src/libnm-core-public/nm-setting-ip-tunnel.h b/src/libnm-core-public/nm-setting-ip-tunnel.h
index 7aa48281b3..bcb3eab6e2 100644
--- a/src/libnm-core-public/nm-setting-ip-tunnel.h
+++ b/src/libnm-core-public/nm-setting-ip-tunnel.h
@@ -38,6 +38,7 @@ G_BEGIN_DECLS
 #define NM_SETTING_IP_TUNNEL_OUTPUT_KEY          "output-key"
 #define NM_SETTING_IP_TUNNEL_ENCAPSULATION_LIMIT "encapsulation-limit"
 #define NM_SETTING_IP_TUNNEL_FLOW_LABEL          "flow-label"
+#define NM_SETTING_IP_TUNNEL_FWMARK              "fwmark"
 #define NM_SETTING_IP_TUNNEL_MTU                 "mtu"
 #define NM_SETTING_IP_TUNNEL_FLAGS               "flags"
 
@@ -98,6 +99,8 @@ NM_AVAILABLE_IN_1_42
 guint nm_setting_ip_tunnel_get_encapsulation_limit(NMSettingIPTunnel *setting);
 NM_AVAILABLE_IN_1_42
 guint nm_setting_ip_tunnel_get_flow_label(NMSettingIPTunnel *setting);
+NM_AVAILABLE_IN_1_42
+guint32 nm_setting_ip_tunnel_get_fwmark(NMSettingIPTunnel *setting);
 NM_AVAILABLE_IN_1_2
 guint nm_setting_ip_tunnel_get_mtu(NMSettingIPTunnel *setting);
 NM_AVAILABLE_IN_1_12
diff --git a/src/libnmc-setting/nm-meta-setting-desc.c b/src/libnmc-setting/nm-meta-setting-desc.c
index d5a92d9821..7173ea85d1 100644
--- a/src/libnmc-setting/nm-meta-setting-desc.c
+++ b/src/libnmc-setting/nm-meta-setting-desc.c
@@ -6592,6 +6592,12 @@ static const NMMetaPropertyInfo *const property_infos_IP_TUNNEL[] = {
     PROPERTY_INFO_WITH_DESC (NM_SETTING_IP_TUNNEL_FLOW_LABEL,
         .property_type =                &_pt_gobject_int,
     ),
+    PROPERTY_INFO_WITH_DESC (NM_SETTING_IP_TUNNEL_FWMARK,
+        .property_type =                &_pt_gobject_int,
+        .property_typ_data = DEFINE_PROPERTY_TYP_DATA_SUBTYPE (gobject_int,
+            .base =                     16,
+        ),
+    ),
     PROPERTY_INFO_WITH_DESC (NM_SETTING_IP_TUNNEL_MTU,
         .property_type =                &_pt_gobject_mtu,
     ),
diff --git a/src/libnmc-setting/settings-docs.h.in b/src/libnmc-setting/settings-docs.h.in
index 6905a1793d..bfc5793680 100644
--- a/src/libnmc-setting/settings-docs.h.in
+++ b/src/libnmc-setting/settings-docs.h.in
@@ -215,6 +215,7 @@
 #define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_ENCAPSULATION_LIMIT N_("How many additional levels of encapsulation are permitted to be prepended to packets. This property applies only to IPv6 tunnels.")
 #define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_FLAGS N_("Tunnel flags. Currently, the following values are supported: NM_IP_TUNNEL_FLAG_IP6_IGN_ENCAP_LIMIT (0x1), NM_IP_TUNNEL_FLAG_IP6_USE_ORIG_TCLASS (0x2), NM_IP_TUNNEL_FLAG_IP6_USE_ORIG_FLOWLABEL (0x4), NM_IP_TUNNEL_FLAG_IP6_MIP6_DEV (0x8), NM_IP_TUNNEL_FLAG_IP6_RCV_DSCP_COPY (0x10), NM_IP_TUNNEL_FLAG_IP6_USE_ORIG_FWMARK (0x20). They are valid only for IPv6 tunnels.")
 #define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_FLOW_LABEL N_("The flow label to assign to tunnel packets. This property applies only to IPv6 tunnels.")
+#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_FWMARK N_("The fwmark value to assign to tunnel packets. This property can be set to a non zero value only on VTI and VTI6 tunnels.")
 #define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_INPUT_KEY N_("The key used for tunnel input packets; the property is valid only for certain tunnel modes (GRE, IP6GRE). If empty, no key is used.")
 #define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_LOCAL N_("The local endpoint of the tunnel; the value can be empty, otherwise it must contain an IPv4 or IPv6 address.")
 #define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_MODE N_("The tunneling mode, for example NM_IP_TUNNEL_MODE_IPIP (1) or NM_IP_TUNNEL_MODE_GRE (2).")
diff --git a/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in b/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
index 8b1ee61ebf..edbd6ed6c3 100644
--- a/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
+++ b/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
@@ -643,6 +643,8 @@
                   description="How many additional levels of encapsulation are permitted to be prepended to packets. This property applies only to IPv6 tunnels." />
         <property name="flow-label"
                   description="The flow label to assign to tunnel packets. This property applies only to IPv6 tunnels." />
+        <property name="fwmark"
+                  description="The fwmark value to assign to tunnel packets. This property can be set to a non zero value only on VTI and VTI6 tunnels." />
         <property name="mtu"
                   description="If non-zero, only transmit packets of the specified size or smaller, breaking larger packets up into multiple fragments." />
         <property name="flags"