| Age | Commit message (Collapse) | Author |
|---|
|
Since introducing the XML <defaultValue> node it was common, but redundant,
practice to also add a help string indicating which value would be used as
default if the node is unset.
This makes no sense b/c it's duplicated code/value/characters and prone to
error. The node.def scripts should be extended to automatically render the
appropriate default value into the CLI help string.
For e.g. SSH the current PoC renders:
$ cat templates-cfg/service/ssh/port/node.def
multi:
type: txt
help: Port for SSH service (default: 22)
val_help: u32:1-65535; Numeric IP port
...
Not all subsystems are already migrated to get_config_dict() and make use of
the defaults() call - those subsystems need to be migrated, first before the new
default is added to the CLI help.
(cherry picked from commit a68c9238111c6caee78bb28f8054b8f0cfa0e374)
|
|
Based on wpa_supplicant documentation.
mka_ckn (CKN = CAK Name) takes a 1..32-bytes (8..256 bit)
hex-string (2..64 hex-digits)
Changed allowable length of CKN from strong 64 hex-digits
to the range (2..64 hex-digits)
|
|
(cherry picked from commit 393355f7feaa921eba46b83d4f15ad4a5c37adab)
|
|
(cherry picked from commit 529af7898d062b42ac33e15bfdc62c14184e098f)
|
|
(cherry picked from commit 794f193d11c8c1b5fed78f4e40280480446ab593)
|
|
(cherry picked from commit 0a8a0188033d6b27c521f082fdddae9873dd5d3d)
|
|
As the amount of include files now has reached a certain amount, it is getting
more and more crowsded, thuse introducing "per topic" subdirectories on the
filesystem to keep a clean structure makes sense.
|
|
(cherry picked from commit 5bcc549edeaeaa767d77a68b33751e834d467c34)
|
|
(cherry picked from commit ea4c72ed0dbcee3f7e8f9693c5310190833651d8)
|
|
|
|
There is a Myricom 10G card with 16k MTU available.
|
|
|
|
Base MTU for MACsec is 1468 bytes (encryption headers), but we leave room for
802.1ad and 802.1q VLAN tags, thus the limit is lowered to 1460 bytes to not
make the user juggle with the MTU bytes if he enables VLAN support later on,
which is yet to come.
|
|
|
|
|
|
|
|
|
|
MACsec always talks about MKA (MACsec Key Agreement protocol) thus the node
should reflect that.
|
|
|
|
This is best suited as a key is required, too.
|
|
Cipher type gcm-aes-256 is supported by Linux 4.19 but it is not available in
iproute2 4.19. We could backport it of course but the plan is to Upgrade to a
more recent 5.x series kernel anyway once all out-of-tree module issues are
resolved, mainly Intel QAT.
gcm-aes-256 support was added to iproute2 package with commit b16f5253233 ("Add
support for configuring MACsec gcm-aes-256 cipher type.") which made it into
the 5.2 release of iproute2.
|
|
By default MACsec only authenticates traffic but has support for optional
encryption. Encryption can now be enabled using:
set interfaces macsec <interface> encrypt
|
|
|
