setting-ip6-config: add addr-gen-mode property

3 files changed, 117 insertions, 0 deletions

diff --git a/libnm-core/nm-setting-ip6-config.c b/libnm-core/nm-setting-ip6-config.c
index 9884b86c9c..104c922cea 100644
--- a/libnm-core/nm-setting-ip6-config.c
+++ b/libnm-core/nm-setting-ip6-config.c
@@ -26,6 +26,7 @@
 #include "nm-setting-ip6-config.h"
 #include "nm-setting-private.h"
 #include "nm-core-enum-types.h"
+#include "nm-macros-internal.h"
 
 /**
  * SECTION:nm-setting-ip6-config
@@ -57,12 +58,14 @@ NM_SETTING_REGISTER_TYPE (NM_TYPE_SETTING_IP6_CONFIG)
 
 typedef struct {
 	NMSettingIP6ConfigPrivacy ip6_privacy;
+	NMSettingIP6ConfigAddrGenMode addr_gen_mode;
 } NMSettingIP6ConfigPrivate;
 
 
 enum {
 	PROP_0,
 	PROP_IP6_PRIVACY,
+	PROP_ADDR_GEN_MODE,
 
 	LAST_PROP
 };
@@ -97,9 +100,30 @@ nm_setting_ip6_config_get_ip6_privacy (NMSettingIP6Config *setting)
 	return NM_SETTING_IP6_CONFIG_GET_PRIVATE (setting)->ip6_privacy;
 }
 
+/**
+ * nm_setting_ip6_config_get_addr_gen_mode:
+ * @setting: the #NMSettingIP6Config
+ *
+ * Returns the value contained in the #NMSettingIP6Config:addr-gen-mode
+ * property.
+ *
+ * Returns: IPv6 Address Generation Mode.
+ *
+ * Since: 1.2
+ **/
+NMSettingIP6ConfigAddrGenMode
+nm_setting_ip6_config_get_addr_gen_mode (NMSettingIP6Config *setting)
+{
+	g_return_val_if_fail (NM_IS_SETTING_IP6_CONFIG (setting),
+	                      NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE_EUI64);
+
+	return NM_SETTING_IP6_CONFIG_GET_PRIVATE (setting)->addr_gen_mode;
+}
+
 static gboolean
 verify (NMSetting *setting, NMConnection *connection, GError **error)
 {
+	NMSettingIP6ConfigPrivate *priv = NM_SETTING_IP6_CONFIG_GET_PRIVATE (setting);
 	NMSettingIPConfig *s_ip = NM_SETTING_IP_CONFIG (setting);
 	NMSettingVerifyResult ret;
 	const char *method;
@@ -166,6 +190,17 @@ verify (NMSetting *setting, NMConnection *connection, GError **error)
 		return FALSE;
 	}
 
+	if (!NM_IN_SET (priv->addr_gen_mode,
+	                NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE_EUI64,
+	                NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE_STABLE_PRIVACY)) {
+		g_set_error_literal (error,
+		                     NM_CONNECTION_ERROR,
+		                     NM_CONNECTION_ERROR_INVALID_PROPERTY,
+		                      _("property is invalid"));
+		g_prefix_error (error, "%s.%s: ", NM_SETTING_IP6_CONFIG_SETTING_NAME, NM_SETTING_IP_CONFIG_METHOD);
+		return FALSE;
+	}
+
 	return TRUE;
 }
 
@@ -330,6 +365,9 @@ set_property (GObject *object, guint prop_id,
 	case PROP_IP6_PRIVACY:
 		priv->ip6_privacy = g_value_get_enum (value);
 		break;
+	case PROP_ADDR_GEN_MODE:
+		priv->addr_gen_mode = g_value_get_int (value);
+		break;
 	default:
 		G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
 		break;
@@ -346,6 +384,9 @@ get_property (GObject *object, guint prop_id,
 	case PROP_IP6_PRIVACY:
 		g_value_set_enum (value, priv->ip6_privacy);
 		break;
+	case PROP_ADDR_GEN_MODE:
+		g_value_set_int (value, priv->addr_gen_mode);
+		break;
 	default:
 		G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
 		break;
@@ -511,6 +552,10 @@ nm_setting_ip6_config_class_init (NMSettingIP6ConfigClass *ip6_class)
 	 *
 	 * If also global configuration is unspecified or set to "-1", fallback to read
 	 * "/proc/sys/net/ipv6/conf/default/use_tempaddr".
+	 *
+	 * Note that this setting is distinct from the Stable Privacy addresses
+	 * that can be enabled with the "addr-gen-mode" property's "stable-privacy"
+	 * setting as another way of avoiding host tracking with IPv6 addresses.
 	 **/
 	/* ---ifcfg-rh---
 	 * property: ip6-privacy
@@ -531,6 +576,53 @@ nm_setting_ip6_config_class_init (NMSettingIP6ConfigClass *ip6_class)
 		                    G_PARAM_CONSTRUCT |
 		                    G_PARAM_STATIC_STRINGS));
 
+	/**
+	 * NMSettingIP6Config:addr-gen-mode:
+	 *
+	 * Configure method for creating the address for use with RFC4862 IPv6
+	 * Stateless Address Autoconfiguration. The permitted values are: "eui64",
+	 * "stable-privacy" or unset.
+	 *
+	 * If the property is set to "eui64", the addresses will be generated
+	 * using the interface tokens derived from  hardware address. This makes
+	 * the host part of the address to stay constant, making it possible
+	 * to track host's presence when it changes networks. The address changes
+	 * when the interface hardware is replaced.
+	 *
+	 * The value of "stable-privacy" enables use of cryptographically
+	 * secure hash of a secret host-specific key along with the connection
+	 * identification and the network address as specified by RFC7217.
+	 * This makes it impossible to use the address track host's presence,
+	 * and makes the address stable when the network interface hardware is
+	 * replaced.
+	 *
+	 * Leaving this unset causes a default that could be subject to change
+	 * in future versions to be used.
+	 *
+	 * Note that this setting is distinct from the Privacy Extensions as
+	 * configured by "ip6-privacy" property and it does not affect the
+	 * temporary addresses configured with this option.
+	 *
+	 * Since: 1.2
+	 **/
+	/* ---ifcfg-rh---
+	 * property: addr-gen-mode
+	 * variable: IPV6_ADDR_GEN_MODE
+	 * values: IPV6_ADDR_GEN_MODE: eui64, stable-privacy
+	 * default: eui64
+	 * description: Configure IPv6 Stable Privacy addressing for SLAAC (RFC7217).
+	 * example: IPV6_ADDR_GEN_MODE=stable-privacy
+	 * ---end---
+	 */
+	g_object_class_install_property
+		(object_class, PROP_ADDR_GEN_MODE,
+		 g_param_spec_int (NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE, "", "",
+		                   G_MININT, G_MAXINT,
+		                   NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE_EUI64,
+		                   G_PARAM_READWRITE |
+		                   G_PARAM_CONSTRUCT |
+		                   G_PARAM_STATIC_STRINGS));
+
 	/* IP6-specific property overrides */
 
 	/* ---dbus---
diff --git a/libnm-core/nm-setting-ip6-config.h b/libnm-core/nm-setting-ip6-config.h
index b791e937b4..fc7dc86c74 100644
--- a/libnm-core/nm-setting-ip6-config.h
+++ b/libnm-core/nm-setting-ip6-config.h
@@ -41,6 +41,8 @@ G_BEGIN_DECLS
 
 #define NM_SETTING_IP6_CONFIG_IP6_PRIVACY "ip6-privacy"
 
+#define NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE "addr-gen-mode"
+
 /**
  * NM_SETTING_IP6_CONFIG_METHOD_IGNORE:
  *
@@ -114,6 +116,25 @@ typedef enum {
 	NM_SETTING_IP6_CONFIG_PRIVACY_PREFER_TEMP_ADDR = 2
 } NMSettingIP6ConfigPrivacy;
 
+/**
+ * NMSettingIP6ConfigAddrGenMode:
+ * @NM_SETTING_IP6_CONFIG_PRIVACY_EUI64: The Interface Identifier is derived
+ * from the interface hardware address.
+ * @NM_SETTING_IP6_CONFIG_PRIVACY_STABLE_PRIVACY: The Interface Identifier
+ * is created by using a cryptographically secure hash of a secret host-specific
+ * key along with the connection identification and the network address as
+ * specified by RFC7217.
+ *
+ * #NMSettingIP6ConfigAddrGenMode controls how the the Interface Identifier for
+ * RFC4862 Stateless Address Autoconfiguration is created.
+ *
+ * Since: 1.2
+ */
+typedef enum {
+	NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE_EUI64 = 0,
+	NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE_STABLE_PRIVACY = 1,
+} NMSettingIP6ConfigAddrGenMode;
+
 struct _NMSettingIP6Config {
 	NMSettingIPConfig parent;
 };
@@ -130,6 +151,8 @@ GType nm_setting_ip6_config_get_type (void);
 NMSetting *nm_setting_ip6_config_new (void);
 
 NMSettingIP6ConfigPrivacy nm_setting_ip6_config_get_ip6_privacy (NMSettingIP6Config *setting);
+NM_AVAILABLE_IN_1_2
+NMSettingIP6ConfigAddrGenMode nm_setting_ip6_config_get_addr_gen_mode (NMSettingIP6Config *setting);
 
 G_END_DECLS
 
diff --git a/libnm/libnm.ver b/libnm/libnm.ver
index 71ae69f3aa..c99fc81917 100644
--- a/libnm/libnm.ver
+++ b/libnm/libnm.ver
@@ -882,6 +882,8 @@ global:
 	nm_setting_connection_get_metered;
 	nm_setting_connection_lldp_get_type;
 	nm_setting_ip4_config_get_dhcp_timeout;
+	nm_setting_ip6_config_addr_gen_mode_get_type;
+	nm_setting_ip6_config_get_addr_gen_mode;
 	nm_setting_ip_config_add_dns_option;
 	nm_setting_ip_config_clear_dns_options;
 	nm_setting_ip_config_get_dns_option;