mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git
synced 2025-12-20 03:30:09 +01:00
cli: add support for connection.dnssec
This commit is contained in:
Robin Ebert
parent
1dcd63ab5d
commit
46306c1be0
5 changed files with 691 additions and 542 deletions
|
|
@ -5845,6 +5845,9 @@ static const NMMetaPropertyInfo *const property_infos_CONNECTION[] = {
|
|||
),
|
||||
),
|
||||
),
|
||||
PROPERTY_INFO_WITH_DESC (NM_SETTING_CONNECTION_DNSSEC,
|
||||
.property_type = &_pt_gobject_enum,
|
||||
),
|
||||
PROPERTY_INFO_WITH_DESC (NM_SETTING_CONNECTION_MPTCP_FLAGS,
|
||||
.property_type = &_pt_gobject_enum,
|
||||
.property_typ_data = DEFINE_PROPERTY_TYP_DATA (
|
||||
|
|
|
|||
|
|
@ -733,6 +733,10 @@
|
|||
nmcli-description="Whether DNSOverTls (dns-over-tls) is enabled for the connection. DNSOverTls is a technology which uses TLS to encrypt dns traffic. The permitted values are: "yes" (2) use DNSOverTls and disabled fallback, "opportunistic" (1) use DNSOverTls but allow fallback to unencrypted resolution, "no" (0) don't ever use DNSOverTls. If unspecified "default" depends on the plugin used. Systemd-resolved uses global setting. This feature requires a plugin which supports DNSOverTls. Otherwise, the setting has no effect. One such plugin is dns-systemd-resolved."
|
||||
format="choice (NMSettingConnectionDnsOverTls)"
|
||||
values="default (-1), no (0), opportunistic (1), yes (2)" />
|
||||
<property name="dnssec"
|
||||
nmcli-description="Whether DNSSEC (dnssec) is enabled for the connection. The permitted values are: "yes" (2) use DNSSEC and disable fallback, "allow-downgrade" (1) use DNSSEC but allow fallback if the server does not support it, "no" (0) don't ever use DNSSEC. The effect of "default" (-1) depends on the dns plugin used. Systemd-resolved uses its global setting in this case. This feature requires a plugin which supports DNSSEC. Otherwise, the setting has no effect. One such plugin is systemd-resolved."
|
||||
format="choice (NMSettingConnectionDnssec)"
|
||||
values="default (-1), no (0), allow-downgrade (1), yes (2)" />
|
||||
<property name="mptcp-flags"
|
||||
nmcli-description="Whether to configure MPTCP endpoints and the address flags. If MPTCP is enabled in NetworkManager, it will configure the addresses of the interface as MPTCP endpoints. Note that IPv4 loopback addresses (127.0.0.0/8), IPv4 link local addresses (169.254.0.0/16), the IPv6 loopback address (::1), IPv6 link local addresses (fe80::/10), IPv6 unique local addresses (ULA, fc00::/7) and IPv6 privacy extension addresses (rfc3041, ipv6.ip6-privacy) will be excluded from being configured as endpoints. If "disabled" (0x1), MPTCP handling for the interface is disabled and no endpoints are registered. The "enabled" (0x2) flag means that MPTCP handling is enabled. This flag can also be implied from the presence of other flags. Even when enabled, MPTCP handling will by default still be disabled unless "/proc/sys/net/mptcp/enabled" sysctl is on. NetworkManager does not change the sysctl and this is up to the administrator or distribution. To configure endpoints even if the sysctl is disabled, "also-without-sysctl" (0x4) flag can be used. In that case, NetworkManager doesn't look at the sysctl and configures endpoints regardless. Even when enabled, NetworkManager will only configure MPTCP endpoints for a certain address family, if there is a unicast default route (0.0.0.0/0 or ::/0) in the main routing table. The flag "also-without-default-route" (0x8) can override that. When MPTCP handling is enabled then endpoints are configured with the specified address flags "signal" (0x10), "subflow" (0x20), "backup" (0x40), "fullmesh" (0x80). See ip-mptcp(8) manual for additional information about the flags. If the flags are zero (0x0), the global connection default from NetworkManager.conf is honored. If still unspecified, the fallback is "enabled,subflow". Note that this means that MPTCP is by default done depending on the "/proc/sys/net/mptcp/enabled" sysctl. NetworkManager does not change the MPTCP limits nor enable MPTCP via "/proc/sys/net/mptcp/enabled". That is a host configuration which the admin can change via sysctl and ip-mptcp. Strict reverse path filtering (rp_filter) breaks many MPTCP use cases, so when MPTCP handling for IPv4 addresses on the interface is enabled, NetworkManager would loosen the strict reverse path filtering (1) to the loose setting (2)."
|
||||
format="flags (NMMptcpFlags)"
|
||||
|
|
|
|||
|
|
@ -506,12 +506,12 @@ NAME UUID TYPE DEVICE
|
|||
con-1 5fcfd6d7-1e63-3332-8826-a7eda103792d ethernet --
|
||||
|
||||
<<<
|
||||
size: 1704
|
||||
size: 1757
|
||||
location: src/tests/client/test-client.py:test_002()/23
|
||||
cmd: $NMCLI c s con-1
|
||||
lang: C
|
||||
returncode: 0
|
||||
stdout: 1576 bytes
|
||||
stdout: 1629 bytes
|
||||
>>>
|
||||
connection.id: con-1
|
||||
connection.uuid: 5fcfd6d7-1e63-3332-8826-a7eda103792d
|
||||
|
|
@ -543,17 +543,18 @@ connection.lldp: default
|
|||
connection.mdns: -1 (default)
|
||||
connection.llmnr: -1 (default)
|
||||
connection.dns-over-tls: -1 (default)
|
||||
connection.dnssec: -1 (default)
|
||||
connection.mptcp-flags: 0x0 (default)
|
||||
connection.wait-device-timeout: -1
|
||||
connection.wait-activation-delay: -1
|
||||
|
||||
<<<
|
||||
size: 1715
|
||||
size: 1768
|
||||
location: src/tests/client/test-client.py:test_002()/24
|
||||
cmd: $NMCLI c s con-1
|
||||
lang: pl_PL.UTF-8
|
||||
returncode: 0
|
||||
stdout: 1577 bytes
|
||||
stdout: 1630 bytes
|
||||
>>>
|
||||
connection.id: con-1
|
||||
connection.uuid: 5fcfd6d7-1e63-3332-8826-a7eda103792d
|
||||
|
|
@ -585,6 +586,7 @@ connection.lldp: default
|
|||
connection.mdns: -1 (default)
|
||||
connection.llmnr: -1 (default)
|
||||
connection.dns-over-tls: -1 (default)
|
||||
connection.dnssec: -1 (default)
|
||||
connection.mptcp-flags: 0x0 (default)
|
||||
connection.wait-device-timeout: -1
|
||||
connection.wait-activation-delay: -1
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
Loading…
Add table
Reference in a new issue