libnm,nmcli: add a new ipv4.clat property

src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c

@@ -3600,6 +3600,7 @@ do_write_construct(NMConnection                   *connection,
     } else
         route_ignore = FALSE;
 
+    /* Unsupported properties */
     if ((s_ip4 = nm_connection_get_setting_ip4_config(connection))) {
         if (nm_setting_ip_config_get_dhcp_dscp(s_ip4)) {
             set_error_unsupported(error,
@@ -3618,6 +3619,14 @@ do_write_construct(NMConnection                   *connection,
                                   FALSE);
             return FALSE;
         }
+        if (nm_setting_ip4_config_get_clat(NM_SETTING_IP4_CONFIG(s_ip4))
+            != NM_SETTING_IP4_CONFIG_CLAT_DEFAULT) {
+            set_error_unsupported(error,
+                                  connection,
+                                  NM_SETTING_IP4_CONFIG_SETTING_NAME "." NM_SETTING_IP4_CONFIG_CLAT,
+                                  FALSE);
+            return FALSE;
+        }
     }
 
     write_ip4_setting(connection,

src/libnm-client-impl/libnm.ver

@@ -2106,6 +2106,8 @@ global:
 
 libnm_1_58_0 {
 global:
+	nm_setting_ip4_config_clat_get_type;
+	nm_setting_ip4_config_get_clat;
 	nm_utils_wifi_6ghz_freqs;
 	nm_utils_wifi_freq_to_band;
 	nm_wifi_band_get_type;

src/libnm-core-impl/gen-metadata-nm-settings-libnm-core.xml.in

@@ -1652,6 +1652,10 @@
                   dbus-type="i"
                   gprop-type="NMTernary"
                   />
+        <property name="clat"
+                  dbus-type="i"
+                  gprop-type="gint"
+                  />
         <property name="dad-timeout"
                   dbus-type="i"
                   gprop-type="gint"

src/libnm-core-impl/nm-setting-ip4-config.c

@@ -40,7 +40,8 @@ NM_GOBJECT_PROPERTIES_DEFINE_BASE(PROP_DHCP_CLIENT_ID,
                                   PROP_DHCP_FQDN,
                                   PROP_DHCP_VENDOR_CLASS_IDENTIFIER,
                                   PROP_LINK_LOCAL,
-                                  PROP_DHCP_IPV6_ONLY_PREFERRED, );
+                                  PROP_DHCP_IPV6_ONLY_PREFERRED,
+                                  PROP_CLAT, );
 
 typedef struct {
     NMSettingIPConfigPrivate parent;
@@ -50,6 +51,7 @@ typedef struct {
     char  *dhcp_vendor_class_identifier;
     gint32 link_local;
     gint32 dhcp_ipv6_only_preferred;
+    gint32 clat;
 } NMSettingIP4ConfigPrivate;
 
 /**
@@ -168,6 +170,24 @@ nm_setting_ip4_config_get_dhcp_ipv6_only_preferred(NMSettingIP4Config *setting)
     return NM_SETTING_IP4_CONFIG_GET_PRIVATE(setting)->dhcp_ipv6_only_preferred;
 }
 
+/**
+ * nm_setting_ip4_config_get_clat:
+ * @setting: the #NMSettingIP4Config
+ *
+ * Returns the value in the #NMSettingIP4Config:clat property.
+ *
+ * Returns: the CLAT property value
+ *
+ * Since: 1.58
+ */
+NMSettingIp4ConfigClat
+nm_setting_ip4_config_get_clat(NMSettingIP4Config *setting)
+{
+    g_return_val_if_fail(NM_IS_SETTING_IP4_CONFIG(setting), NM_SETTING_IP4_CONFIG_CLAT_DEFAULT);
+
+    return NM_SETTING_IP4_CONFIG_GET_PRIVATE(setting)->clat;
+}
+
 static gboolean
 verify(NMSetting *setting, NMConnection *connection, GError **error)
 {
@@ -186,12 +206,15 @@ verify(NMSetting *setting, NMConnection *connection, GError **error)
 
     if (!strcmp(method, NM_SETTING_IP4_CONFIG_METHOD_MANUAL)) {
         if (nm_setting_ip_config_get_num_addresses(s_ip) == 0
-            && nm_setting_ip_config_get_num_routes(s_ip) == 0) {
-            g_set_error(error,
-                        NM_CONNECTION_ERROR,
-                        NM_CONNECTION_ERROR_MISSING_PROPERTY,
-                        _("method '%s' requires at least an address or a route"),
-                        method);
+            && nm_setting_ip_config_get_num_routes(s_ip) == 0
+            && nm_setting_ip4_config_get_clat(NM_SETTING_IP4_CONFIG(s_ip))
+                   != NM_SETTING_IP4_CONFIG_CLAT_FORCE) {
+            g_set_error(
+                error,
+                NM_CONNECTION_ERROR,
+                NM_CONNECTION_ERROR_MISSING_PROPERTY,
+                _("method '%s' requires at least an address, a route, or CLAT set to 'force'"),
+                method);
             g_prefix_error(error,
                            "%s.%s: ",
                            NM_SETTING_IP4_CONFIG_SETTING_NAME,
@@ -1382,6 +1405,39 @@ nm_setting_ip4_config_class_init(NMSettingIP4ConfigClass *klass)
                                             NMSettingIP4ConfigPrivate,
                                             dhcp_ipv6_only_preferred);
 
+    /**
+     * NMSettingIP4Config:clat
+     *
+     * Controls the CLAT (Customer-side translator) functionality. CLAT is used to implement the
+     * client part of 464XLAT (RFC 6877), an architecture that provides IPv4 connectivity to hosts
+     * on IPv6-only networks.
+     *
+     * When CLAT is enabled, NetworkManager discovers the NAT64 prefix from IPv6 Router Advertisements;
+     * if a NAT64 prefix is announced, NetworkManager installs a BPF program to perform the stateless
+     * translation of packets between IPv4 and IPv6.
+     *
+     * Setting %NM_SETTING_IP4_CONFIG_CLAT_NO completely disables CLAT. %NM_SETTING_IP4_CONFIG_CLAT_AUTO
+     * enables CLAT only when the IPv4 method is 'auto' and the device doesn't have a native IPv4 gateway.
+     * %NM_SETTING_IP4_CONFIG_CLAT_FORCE enables CLAT even if the IPv4 method is not 'auto' and even if
+     * the device has a native IPv4 gateway.
+     *
+     * When set to %NM_SETTING_IP4_CONFIG_CLAT_DEFAULT, the actual value is looked up in the global
+     * configuration; if not specified it defaults to %NM_SETTING_IP4_CONFIG_CLAT_NO. In the future the
+     * default fall back value will change to %NM_SETTING_IP4_CONFIG_CLAT_AUTO.
+     *
+     * Since: 1.58
+     */
+    _nm_setting_property_define_direct_enum(properties_override,
+                                            obj_properties,
+                                            NM_SETTING_IP4_CONFIG_CLAT,
+                                            PROP_CLAT,
+                                            NM_TYPE_SETTING_IP4_CONFIG_CLAT,
+                                            NM_SETTING_IP4_CONFIG_CLAT_DEFAULT,
+                                            NM_SETTING_PARAM_NONE,
+                                            NULL,
+                                            NMSettingIP4ConfigPrivate,
+                                            clat);
+
     g_object_class_install_properties(object_class, _PROPERTY_ENUMS_LAST, obj_properties);
 
     _nm_setting_class_commit(setting_class,

src/libnm-core-impl/tests/test-general.c

@@ -4094,6 +4094,7 @@ test_connection_diff_a_only(void)
              {NM_SETTING_IP_CONFIG_DHCP_REJECT_SERVERS, NM_SETTING_DIFF_RESULT_IN_A},
              {NM_SETTING_IP4_CONFIG_LINK_LOCAL, NM_SETTING_DIFF_RESULT_IN_A},
              {NM_SETTING_IP4_CONFIG_DHCP_IPV6_ONLY_PREFERRED, NM_SETTING_DIFF_RESULT_IN_A},
+             {NM_SETTING_IP4_CONFIG_CLAT, NM_SETTING_DIFF_RESULT_IN_A},
              {NM_SETTING_IP_CONFIG_AUTO_ROUTE_EXT_GW, NM_SETTING_DIFF_RESULT_IN_A},
              {NM_SETTING_IP_CONFIG_REPLACE_LOCAL_RULE, NM_SETTING_DIFF_RESULT_IN_A},
              {NM_SETTING_IP_CONFIG_DHCP_SEND_RELEASE, NM_SETTING_DIFF_RESULT_IN_A},

src/libnm-core-public/nm-setting-ip4-config.h

@@ -34,6 +34,7 @@ G_BEGIN_DECLS
 #define NM_SETTING_IP4_CONFIG_DHCP_VENDOR_CLASS_IDENTIFIER "dhcp-vendor-class-identifier"
 #define NM_SETTING_IP4_CONFIG_DHCP_IPV6_ONLY_PREFERRED     "dhcp-ipv6-only-preferred"
 #define NM_SETTING_IP4_CONFIG_LINK_LOCAL                   "link-local"
+#define NM_SETTING_IP4_CONFIG_CLAT                         "clat"
 
 /**
  * NM_SETTING_IP4_CONFIG_METHOD_AUTO:
@@ -121,6 +122,29 @@ typedef enum {
     NM_SETTING_IP4_DHCP_IPV6_ONLY_PREFERRED_YES     = 1,
 } NMSettingIP4DhcpIpv6OnlyPreferred;
 
+/**
+ * NMSettingIp4ConfigClat:
+ * @NM_SETTING_IP4_CONFIG_CLAT_DEFAULT: use the global default value
+ * @NM_SETTING_IP4_CONFIG_CLAT_NO: disable CLAT
+ * @NM_SETTING_IP4_CONFIG_CLAT_AUTO: enable CLAT only when the IPv4 method
+ *   is 'auto' and the device doesn't have a native IPv4 gateway.
+ * @NM_SETTING_IP4_CONFIG_CLAT_FORCE: enable CLAT even with IPv4 methods
+ *   other than 'auto' and even if the device has a native IPv4 gateway.
+ *
+ * #NMSettingIP4ConfigClat values specify if CLAT (Customer-side translator)
+ * is enabled or not. CLAT is used to implement the client part of 464XLAT
+ * (RFC 6877), an architecture that provides IPv4 connectivity to hosts on
+ * IPv6-only networks.
+ *
+ * Since: 1.58
+ */
+typedef enum {
+    NM_SETTING_IP4_CONFIG_CLAT_DEFAULT = -1,
+    NM_SETTING_IP4_CONFIG_CLAT_NO      = 0,
+    NM_SETTING_IP4_CONFIG_CLAT_AUTO    = 1,
+    NM_SETTING_IP4_CONFIG_CLAT_FORCE   = 2,
+} NMSettingIp4ConfigClat;
+
 typedef struct _NMSettingIP4ConfigClass NMSettingIP4ConfigClass;
 
 GType nm_setting_ip4_config_get_type(void);
@@ -141,6 +165,9 @@ NM_AVAILABLE_IN_1_52
 NMSettingIP4DhcpIpv6OnlyPreferred
 nm_setting_ip4_config_get_dhcp_ipv6_only_preferred(NMSettingIP4Config *setting);
 
+NM_AVAILABLE_IN_1_58
+NMSettingIp4ConfigClat nm_setting_ip4_config_get_clat(NMSettingIP4Config *setting);
+
 G_END_DECLS
 
 #endif /* __NM_SETTING_IP4_CONFIG_H__ */

src/libnmc-setting/nm-meta-setting-desc.c

@@ -6601,6 +6601,9 @@ static const NMMetaPropertyInfo *const property_infos_IP4_CONFIG[] = {
     PROPERTY_INFO_WITH_DESC (NM_SETTING_IP4_CONFIG_DHCP_IPV6_ONLY_PREFERRED,
         .property_type =                &_pt_gobject_enum,
     ),
+    PROPERTY_INFO (NM_SETTING_IP4_CONFIG_CLAT, DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_CLAT,
+        .property_type =                &_pt_gobject_enum,
+    ),
     PROPERTY_INFO_WITH_DESC (NM_SETTING_IP4_CONFIG_LINK_LOCAL,
         .property_type =                &_pt_gobject_enum,
         .property_typ_data = DEFINE_PROPERTY_TYP_DATA (

src/libnmc-setting/settings-docs.h.in

@@ -186,6 +186,7 @@
 #define DESCRIBE_DOC_NM_SETTING_INFINIBAND_TRANSPORT_MODE N_("The IP-over-InfiniBand transport mode. Either \"datagram\" or \"connected\".")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ADDRESSES N_("A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example \"192.168.1.5/24, 10.1.0.5/24\". The addresses are listed in decreasing priority, meaning the first address will be the primary address.")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_AUTO_ROUTE_EXT_GW N_("VPN connections will default to add the route automatically unless this setting is set to FALSE. For other connection types, adding such an automatic route is currently not supported and setting this to TRUE has no effect.")
+#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_CLAT N_("Controls the CLAT (Customer-side translator) functionality. CLAT is used to implement the client part of 464XLAT (RFC 6877), an architecture that provides IPv4 connectivity to hosts on IPv6-only networks. When CLAT is enabled, NetworkManager discovers the NAT64 prefix from IPv6 Router Advertisements; if a NAT64 prefix is announced, NetworkManager installs a BPF program to perform the stateless translation of packets between IPv4 and IPv6. Setting \"no\" (0) completely disables CLAT. \"auto\" (1) enables CLAT only when the IPv4 method is 'auto' and the device doesn't have a native IPv4 gateway. \"force\" (2) enables CLAT even if the IPv4 method is not 'auto' and even if the device has a native IPv4 gateway. When set to \"default\" (-1), the actual value is looked up in the global configuration; if not specified it defaults to \"no\" (0). In the future the default fall back value will change to \"auto\" (1).")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DAD_TIMEOUT N_("Maximum timeout in milliseconds used to check for the presence of duplicate IP addresses on the network.  If an address conflict is detected, the activation will fail. The property is currently implemented only for IPv4. A zero value means that no duplicate address detection is performed, -1 means the default value (either the value configured globally in NetworkManger.conf or 200ms).  A value greater than zero is a timeout in milliseconds.  Note that the time intervals are subject to randomization as per RFC 5227 and so the actual duration can be between half and the full time specified in this property.")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_CLIENT_ID N_("A string sent to the DHCP server to identify the local machine which the DHCP server may use to customize the DHCP lease and options. When the property is a hex string ('aa:bb:cc') it is interpreted as a binary client ID, in which case the first byte is assumed to be the 'type' field as per RFC 2132 section 9.14 and the remaining bytes may be an hardware address (e.g. '01:xx:xx:xx:xx:xx:xx' where 1 is the Ethernet ARP type and the rest is a MAC address). If the property is not a hex string it is considered as a non-hardware-address client ID and the 'type' field is set to 0. The special values \"mac\" and \"perm-mac\" are supported, which use the current or permanent MAC address of the device to generate a client identifier with type ethernet (01). Currently, these options only work for ethernet type of links. The special value \"ipv6-duid\" uses the DUID from \"ipv6.dhcp-duid\" property as an RFC4361-compliant client identifier. As IAID it uses \"ipv4.dhcp-iaid\" and falls back to \"ipv6.dhcp-iaid\" if unset. The special value \"duid\" generates a RFC4361-compliant client identifier based on \"ipv4.dhcp-iaid\" and uses a DUID generated by hashing /etc/machine-id. The special value \"stable\" is supported to generate a type 0 client identifier based on the stable-id (see connection.stable-id) and a per-host key. If you set the stable-id, you may want to include the \"${DEVICE}\" or \"${MAC}\" specifier to get a per-device key. The special value \"none\" prevents any client identifier from being sent. Note that this is normally not recommended. If unset, a globally configured default from NetworkManager.conf is used. If still unset, the default depends on the DHCP plugin. The internal dhcp client will default to \"mac\" and the dhclient plugin will try to use one from its config file if present, or won't sent any client-id otherwise.")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_DSCP N_("Specifies the value for the DSCP field (traffic class) of the IP header. When empty, the global default value is used; if no global default is specified, it is assumed to be \"CS0\". Allowed values are: \"CS0\", \"CS4\" and \"CS6\". The property is currently valid only for IPv4, and it is supported only by the \"internal\" DHCP plugin.")

src/nmcli/gen-metadata-nm-settings-nmcli.xml.in

@@ -1455,6 +1455,10 @@
                   nmcli-description="Controls the "IPv6-Only Preferred" DHCPv4 option (RFC 8925). When set to "yes" (1), the host adds the option to the parameter request list; if the DHCP server sends the option back, the host stops the DHCP client for the time interval specified in the option. Enable this feature if the host supports an IPv6-only mode, i.e. either all applications are IPv6-only capable or there is a form of 464XLAT deployed. When set to "default" (-1), the actual value is looked up in the global configuration; if not specified, it defaults to "no" (0). If the connection has IPv6 method set to "disabled", this property does not have effect and the "IPv6-Only Preferred" option is always disabled."
                   format="choice (NMSettingIP4DhcpIpv6OnlyPreferred)"
                   values="default (-1), no (0), yes (1)" />
+        <property name="clat"
+                  nmcli-description="Controls the CLAT (Customer-side translator) functionality. CLAT is used to implement the client part of 464XLAT (RFC 6877), an architecture that provides IPv4 connectivity to hosts on IPv6-only networks. When CLAT is enabled, NetworkManager discovers the NAT64 prefix from IPv6 Router Advertisements; if a NAT64 prefix is announced, NetworkManager installs a BPF program to perform the stateless translation of packets between IPv4 and IPv6. Setting &quot;no&quot; (0) completely disables CLAT. &quot;auto&quot; (1) enables CLAT only when the IPv4 method is &apos;auto&apos; and the device doesn&apos;t have a native IPv4 gateway. &quot;force&quot; (2) enables CLAT even if the IPv4 method is not &apos;auto&apos; and even if the device has a native IPv4 gateway. When set to &quot;default&quot; (-1), the actual value is looked up in the global configuration; if not specified it defaults to &quot;no&quot; (0). In the future the default fall back value will change to &quot;auto&quot; (1)."
+                  format="choice (NMSettingIp4ConfigClat)"
+                  values="default (-1), no (0), auto (1), force (2)" />
         <property name="link-local"
                   nmcli-description="Enable and disable the IPv4 link-local configuration independently of the ipv4.method configuration. This allows a link-local address (169.254.x.y/16) to be obtained in addition to other addresses, such as those manually configured or obtained from a DHCP server. When set to &quot;auto&quot;, the value is dependent on &quot;ipv4.method&quot;. When set to &quot;default&quot;, it honors the global connection default, before falling back to &quot;auto&quot;. Note that if &quot;ipv4.method&quot; is &quot;disabled&quot;, then link local addressing is always disabled too. The default is &quot;default&quot;. Since 1.52, when set to &quot;fallback&quot;, a link-local address is obtained if no other IPv4 address is set."
                   format="choice (NMSettingIP4LinkLocal)"