summaryrefslogtreecommitdiff
path: root/python/vyos
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-05-21 10:43:44 +0200
committerChristian Poessinger <christian@poessinger.com>2020-05-21 11:59:08 +0200
commit04d03f5bdd262bbf95f09e6ba3f211ab1d459573 (patch)
tree72ab35b2d9aa5df32711a99948df0937a13ad66f /python/vyos
parent5038eb5856b809f339e14dd932dd64fb1204eefc (diff)
downloadvyos-1x-04d03f5bdd262bbf95f09e6ba3f211ab1d459573.tar.gz
vyos-1x-04d03f5bdd262bbf95f09e6ba3f211ab1d459573.zip
macsec: T2023: add optional encryption command
By default MACsec only authenticates traffic but has support for optional encryption. Encryption can now be enabled using: set interfaces macsec <interface> encrypt
Diffstat (limited to 'python/vyos')
-rw-r--r--python/vyos/ifconfig/macsec.py7
1 files changed, 6 insertions, 1 deletions
diff --git a/python/vyos/ifconfig/macsec.py b/python/vyos/ifconfig/macsec.py
index cea3f8d13..1829df4ab 100644
--- a/python/vyos/ifconfig/macsec.py
+++ b/python/vyos/ifconfig/macsec.py
@@ -50,12 +50,17 @@ class MACsecIf(Interface):
"""
# create tunnel interface
cmd = 'ip link add link {source_interface} {ifname} type {type}'
- cmd += ' cipher {cipher} encrypt on'
+ cmd += ' cipher {cipher}'
self._cmd(cmd.format(**self.config))
# interface is always A/D down. It needs to be enabled explicitly
self.set_admin_state('down')
+ def set_encryption(self, on_off):
+ ifname = self.config['ifname']
+ cmd = f'ip link set {ifname} type macsec encrypt {on_off}'
+ return self._cmd(cmd)
+
@staticmethod
def get_config():
"""