libnm,nmcli: add a new ipv6.clat property

src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c

@@ -3598,6 +3598,7 @@ do_write_construct(NMConnection                   *connection,
     } else
         route_ignore = FALSE;
 
+    /* Unsupported properties */
     if ((s_ip4 = nm_connection_get_setting_ip4_config(connection))) {
         if (nm_setting_ip_config_get_dhcp_dscp(s_ip4)) {
             set_error_unsupported(error,
@@ -3618,6 +3619,17 @@ do_write_construct(NMConnection                   *connection,
         }
     }
 
+    if ((s_ip6 = nm_connection_get_setting_ip6_config(connection))) {
+        if (nm_setting_ip6_config_get_clat(NM_SETTING_IP6_CONFIG(s_ip6))
+            != NM_SETTING_IP6_CONFIG_CLAT_DEFAULT) {
+            set_error_unsupported(error,
+                                  connection,
+                                  NM_SETTING_IP6_CONFIG_SETTING_NAME "." NM_SETTING_IP6_CONFIG_CLAT,
+                                  FALSE);
+            return FALSE;
+        }
+    }
+
     write_ip4_setting(connection,
                       ifcfg,
                       !route_ignore && route_path_is_svformat ? &route_content_svformat : NULL,

src/libnm-client-impl/libnm.ver

@@ -2093,3 +2093,9 @@ global:
 	nm_utils_copy_cert_as_user;
 	nm_vpn_plugin_info_supports_safe_private_file_access;
 } libnm_1_54_0;
+
+libnm_1_58_0 {
+global:
+	nm_setting_ip6_config_clat_get_type;
+	nm_setting_ip6_config_get_clat;
+} libnm_1_56_0;

src/libnm-core-impl/gen-metadata-nm-settings-libnm-core.xml.in

@@ -1819,6 +1819,10 @@
                   dbus-type="i"
                   gprop-type="NMTernary"
                   />
+        <property name="clat"
+                  dbus-type="i"
+                  gprop-type="gint"
+                  />
         <property name="dad-timeout"
                   dbus-type="i"
                   gprop-type="gint"

src/libnm-core-impl/nm-setting-ip6-config.c

@@ -47,7 +47,8 @@ NM_GOBJECT_PROPERTIES_DEFINE_BASE(PROP_IP6_PRIVACY,
                                   PROP_DHCP_DUID,
                                   PROP_RA_TIMEOUT,
                                   PROP_MTU,
-                                  PROP_DHCP_PD_HINT, );
+                                  PROP_DHCP_PD_HINT,
+                                  PROP_CLAT, );
 
 typedef struct {
     NMSettingIPConfigPrivate parent;
@@ -60,6 +61,7 @@ typedef struct {
     gint32  temp_preferred_lifetime;
     gint32  addr_gen_mode;
     gint32  ra_timeout;
+    gint32  clat;
     guint32 mtu;
 } NMSettingIP6ConfigPrivate;
 
@@ -252,6 +254,24 @@ nm_setting_ip6_config_get_mtu(NMSettingIP6Config *setting)
     return NM_SETTING_IP6_CONFIG_GET_PRIVATE(setting)->mtu;
 }
 
+/**
+ * nm_setting_ip6_config_get_clat:
+ * @setting: the #NMSettingIP6Config
+ *
+ * Returns the value in the #NMSettingIP6Config:clat property.
+ *
+ * Returns: the CLAT property value
+ *
+ * Since: 1.58
+ */
+NMSettingIp6ConfigClat
+nm_setting_ip6_config_get_clat(NMSettingIP6Config *setting)
+{
+    g_return_val_if_fail(NM_IS_SETTING_IP6_CONFIG(setting), NM_SETTING_IP6_CONFIG_CLAT_DEFAULT);
+
+    return NM_SETTING_IP6_CONFIG_GET_PRIVATE(setting)->clat;
+}
+
 static gboolean
 verify(NMSetting *setting, NMConnection *connection, GError **error)
 {
@@ -1339,6 +1359,37 @@ nm_setting_ip6_config_class_init(NMSettingIP6ConfigClass *klass)
                                                   _set_string_fcn_dhcp_pd_hint,
                                               .direct_string_allow_empty = TRUE);
 
+    /**
+     * NMSettingIP6Config:clat
+     *
+     * Controls the CLAT (Customer-side translator) functionality. CLAT is used to implement the
+     * client part of 464XLAT (RFC 6877), an architecture that provides IPv4 connectivity to hosts
+     * on IPv6-only networks.
+     *
+     * Setting %NM_SETTING_IP6_CONFIG_CLAT_YES or %NM_SETTING_IP6_CONFIG_CLAT_NO respectively enables
+     * or disables CLAT. When enabled, NetworkManager discovers the NAT64 prefix via Router
+     * Advertisement; if the prefix is found, it installs a BPF program to perform the stateless
+     * translation of packets betweeen IPv4 and IPv6. %NM_SETTING_IP6_CONFIG_CLAT_AUTO enables CLAT
+     * only when the connection profile has the IPv4 method set to "auto" and the device doesn't have
+     * a native IPv4 gateway.
+     *
+     * When set to %NM_SETTING_IP6_CONFIG_CLAT_DEFAULT, the actual value is looked up in the global
+     * configuration; if not specified it defaults to %NM_SETTING_IP6_CONFIG_CLAT_NO. In the future
+     * the fallback value may change to %NM_SETTING_IP6_CONFIG_CLAT_AUTO.
+     *
+     * Since: 1.56
+     */
+    _nm_setting_property_define_direct_enum(properties_override,
+                                            obj_properties,
+                                            NM_SETTING_IP6_CONFIG_CLAT,
+                                            PROP_CLAT,
+                                            NM_TYPE_SETTING_IP6_CONFIG_CLAT,
+                                            NM_SETTING_IP6_CONFIG_CLAT_DEFAULT,
+                                            NM_SETTING_PARAM_NONE,
+                                            NULL,
+                                            NMSettingIP6ConfigPrivate,
+                                            clat);
+
     /* IP6-specific property overrides */
 
     /* ---dbus---

src/libnm-core-public/nm-setting-ip6-config.h

@@ -46,6 +46,8 @@ G_BEGIN_DECLS
 
 #define NM_SETTING_IP6_CONFIG_DHCP_PD_HINT "dhcp-pd-hint"
 
+#define NM_SETTING_IP6_CONFIG_CLAT "clat"
+
 /**
  * NM_SETTING_IP6_CONFIG_METHOD_IGNORE:
  *
@@ -153,6 +155,28 @@ typedef enum {
     NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE_DEFAULT          = 3,
 } NMSettingIP6ConfigAddrGenMode;
 
+/**
+ * NMSettingIp6ConfigClat:
+ * @NM_SETTING_IP6_CONFIG_CLAT_DEFAULT: use the global default value
+ * @NM_SETTING_IP6_CONFIG_CLAT_NO: disable CLAT
+ * @NM_SETTING_IP6_CONFIG_CLAT_YES: enable CLAT
+ * @NM_SETTING_IP6_CONFIG_CLAT_AUTO: enable CLAT only when the device doesn't
+ *  have a native IPv4 gateway configured.
+ *
+ * #NMSettingIP6ConfigClat values specify if CLAT (Customer-side translator)
+ * is enabled or not. CLAT is used to implement the client part of 464XLAT
+ * (RFC 6877), an architecture that provides IPv4 connectivity to hosts on
+ * IPv6-only networks.
+ *
+ * Since: 1.58
+ */
+typedef enum {
+    NM_SETTING_IP6_CONFIG_CLAT_DEFAULT = -1,
+    NM_SETTING_IP6_CONFIG_CLAT_NO      = 0,
+    NM_SETTING_IP6_CONFIG_CLAT_YES     = 1,
+    NM_SETTING_IP6_CONFIG_CLAT_AUTO    = 2,
+} NMSettingIp6ConfigClat;
+
 typedef struct _NMSettingIP6ConfigClass NMSettingIP6ConfigClass;
 
 GType nm_setting_ip6_config_get_type(void);
@@ -176,6 +200,8 @@ NM_AVAILABLE_IN_1_40
 guint32 nm_setting_ip6_config_get_mtu(NMSettingIP6Config *setting);
 NM_AVAILABLE_IN_1_44
 const char *nm_setting_ip6_config_get_dhcp_pd_hint(NMSettingIP6Config *setting);
+NM_AVAILABLE_IN_1_58
+NMSettingIp6ConfigClat nm_setting_ip6_config_get_clat(NMSettingIP6Config *setting);
 
 G_END_DECLS
 

src/libnmc-setting/nm-meta-setting-desc.c

@@ -6913,6 +6913,9 @@ static const NMMetaPropertyInfo *const property_infos_IP6_CONFIG[] = {
     PROPERTY_INFO (NM_SETTING_IP6_CONFIG_DHCP_PD_HINT, DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_PD_HINT,
         .property_type =                &_pt_gobject_string,
     ),
+    PROPERTY_INFO (NM_SETTING_IP6_CONFIG_CLAT, DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_CLAT,
+        .property_type =                &_pt_gobject_enum,
+    ),
     PROPERTY_INFO (NM_SETTING_IP6_CONFIG_DHCP_DUID, DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_DUID,
         .property_type =                &_pt_gobject_string,
     ),

src/libnmc-setting/settings-docs.h.in

@@ -224,6 +224,7 @@
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE N_("Configure method for creating the IPv6 interface identifier of addresses with RFC4862 IPv6 Stateless Address Autoconfiguration and Link Local addresses. The permitted values are: \"eui64\" (0), \"stable-privacy\" (1), \"default\" (3) or \"default-or-eui64\" (2). If the property is set to \"eui64\", the addresses will be generated using the interface token derived from hardware address. This makes the host part of the address to stay constant, making it possible to track the host's presence when it changes networks. The address changes when the interface hardware is replaced. If a duplicate address is detected, there is also no fallback to generate another address. When configured, the \"ipv6.token\" is used instead of the MAC address to generate addresses for stateless autoconfiguration. If the property is set to \"stable-privacy\", the interface identifier is generated as specified by RFC7217. This works by hashing a host specific key (see NetworkManager(8) manual), the interface name, the connection's \"connection.stable-id\" property and the address prefix.  This improves privacy by making it harder to use the address to track the host's presence and the address is stable when the network interface hardware is replaced. The special values \"default\" and \"default-or-eui64\" will fallback to the global connection default as documented in the NetworkManager.conf(5) manual. If the global default is not specified, the fallback value is \"stable-privacy\" or \"eui64\", respectively. If not specified, when creating a new profile the default is \"default\". Note that this setting is distinct from the Privacy Extensions as configured by \"ip6-privacy\" property and it does not affect the temporary addresses configured with this option.")
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ADDRESSES N_("A list of IPv6 addresses and their prefix length. Multiple addresses can be separated by comma. For example \"2001:db8:85a3::8a2e:370:7334/64, 2001:db8:85a3::5/64\". The addresses are listed in decreasing priority, meaning the first address will be the primary address. This can make a difference with IPv6 source address selection (RFC 6724, section 5).")
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_AUTO_ROUTE_EXT_GW N_("VPN connections will default to add the route automatically unless this setting is set to FALSE. For other connection types, adding such an automatic route is currently not supported and setting this to TRUE has no effect.")
+#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_CLAT N_("Controls the CLAT (Customer-side translator) functionality. CLAT is used to implement the client part of 464XLAT (RFC 6877), an architecture that provides IPv4 connectivity to hosts on IPv6-only networks. Setting \"yes\" (1) or \"no\" (0) respectively enables or disables CLAT. When enabled, NetworkManager discovers the NAT64 prefix via Router Advertisement; if the prefix is found, it installs a BPF program to perform the stateless translation of packets betweeen IPv4 and IPv6. \"auto\" (2) enables CLAT only when the connection profile has the IPv4 method set to \"auto\" and the device doesn't have a native IPv4 gateway. When set to \"default\" (-1), the actual value is looked up in the global configuration; if not specified it defaults to \"no\" (0). In the future the fallback value may change to \"auto\" (2).")
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DAD_TIMEOUT N_("Maximum timeout in milliseconds used to check for the presence of duplicate IP addresses on the network.  If an address conflict is detected, the activation will fail. The property is currently implemented only for IPv4. A zero value means that no duplicate address detection is performed, -1 means the default value (either the value configured globally in NetworkManger.conf or 200ms).  A value greater than zero is a timeout in milliseconds.  Note that the time intervals are subject to randomization as per RFC 5227 and so the actual duration can be between half and the full time specified in this property.")
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_DSCP N_("Specifies the value for the DSCP field (traffic class) of the IP header. When empty, the global default value is used; if no global default is specified, it is assumed to be \"CS0\". Allowed values are: \"CS0\", \"CS4\" and \"CS6\". The property is currently valid only for IPv4, and it is supported only by the \"internal\" DHCP plugin.")
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_DUID N_("A string containing the DHCPv6 Unique Identifier (DUID) used by the dhcp client to identify itself to DHCPv6 servers (RFC 3315). The DUID is carried in the Client Identifier option. If the property is a hex string ('aa:bb:cc') it is interpreted as a binary DUID and filled as an opaque value in the Client Identifier option. The special value \"lease\" will retrieve the DUID previously used from the lease file belonging to the connection. If no DUID is found and \"dhclient\" is the configured dhcp client, the DUID is searched in the system-wide dhclient lease file. If still no DUID is found, or another dhcp client is used, a global and permanent DUID-UUID (RFC 6355) will be generated based on the machine-id. The special values \"llt\" and \"ll\" will generate a DUID of type LLT or LL (see RFC 3315) based on the current MAC address of the device. In order to try providing a stable DUID-LLT, the time field will contain a constant timestamp that is used globally (for all profiles) and persisted to disk. The special values \"stable-llt\", \"stable-ll\" and \"stable-uuid\" will generate a DUID of the corresponding type, derived from the connection's stable-id and a per-host unique key. You may want to include the \"${DEVICE}\" or \"${MAC}\" specifier in the stable-id, in case this profile gets activated on multiple devices. So, the link-layer address of \"stable-ll\" and \"stable-llt\" will be a generated address derived from the stable id. The DUID-LLT time value in the \"stable-llt\" option will be picked among a static timespan of three years (the upper bound of the interval is the same constant timestamp used in \"llt\"). When the property is unset, the global value provided for \"ipv6.dhcp-duid\" is used. If no global value is provided, the default \"lease\" value is assumed.")

src/nmcli/gen-metadata-nm-settings-nmcli.xml.in

@@ -1578,6 +1578,10 @@
         <property name="dhcp-pd-hint"
                   nmcli-description="A IPv6 address followed by a slash and a prefix length. If set, the value is sent to the DHCPv6 server as hint indicating the prefix delegation (IA_PD) we want to receive. To only hint a prefix length without prefix, set the address part to the zero address (for example &quot;::/60&quot;)."
                   format="string" />
+        <property name="clat"
+                  nmcli-description="Controls the CLAT (Customer-side translator) functionality. CLAT is used to implement the client part of 464XLAT (RFC 6877), an architecture that provides IPv4 connectivity to hosts on IPv6-only networks. Setting &quot;yes&quot; (1) or &quot;no&quot; (0) respectively enables or disables CLAT. When enabled, NetworkManager discovers the NAT64 prefix via Router Advertisement; if the prefix is found, it installs a BPF program to perform the stateless translation of packets betweeen IPv4 and IPv6. &quot;auto&quot; (2) enables CLAT only when the connection profile has the IPv4 method set to &quot;auto&quot; and the device doesn&apos;t have a native IPv4 gateway. When set to &quot;default&quot; (-1), the actual value is looked up in the global configuration; if not specified it defaults to &quot;no&quot; (0). In the future the fallback value may change to &quot;auto&quot; (2)."
+                  format="choice (NMSettingIp6ConfigClat)"
+                  values="default (-1), no (0), yes (1), auto (2)" />
         <property name="dhcp-duid"
                   nmcli-description="A string containing the DHCPv6 Unique Identifier (DUID) used by the dhcp client to identify itself to DHCPv6 servers (RFC 3315). The DUID is carried in the Client Identifier option. If the property is a hex string (&apos;aa:bb:cc&apos;) it is interpreted as a binary DUID and filled as an opaque value in the Client Identifier option. The special value &quot;lease&quot; will retrieve the DUID previously used from the lease file belonging to the connection. If no DUID is found and &quot;dhclient&quot; is the configured dhcp client, the DUID is searched in the system-wide dhclient lease file. If still no DUID is found, or another dhcp client is used, a global and permanent DUID-UUID (RFC 6355) will be generated based on the machine-id. The special values &quot;llt&quot; and &quot;ll&quot; will generate a DUID of type LLT or LL (see RFC 3315) based on the current MAC address of the device. In order to try providing a stable DUID-LLT, the time field will contain a constant timestamp that is used globally (for all profiles) and persisted to disk. The special values &quot;stable-llt&quot;, &quot;stable-ll&quot; and &quot;stable-uuid&quot; will generate a DUID of the corresponding type, derived from the connection&apos;s stable-id and a per-host unique key. You may want to include the &quot;${DEVICE}&quot; or &quot;${MAC}&quot; specifier in the stable-id, in case this profile gets activated on multiple devices. So, the link-layer address of &quot;stable-ll&quot; and &quot;stable-llt&quot; will be a generated address derived from the stable id. The DUID-LLT time value in the &quot;stable-llt&quot; option will be picked among a static timespan of three years (the upper bound of the interval is the same constant timestamp used in &quot;llt&quot;). When the property is unset, the global value provided for &quot;ipv6.dhcp-duid&quot; is used. If no global value is provided, the default &quot;lease&quot; value is assumed."
                   format="string" />