diff options
| author | Christian Poessinger <christian@poessinger.com> | 2020-05-21 12:48:09 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2020-05-21 12:48:15 +0200 |
| commit | 63a3110298e5f3f6d24d5ed57eff0a8abf27f6ac (patch) | |
| tree | aca9c86d462238dd532c597711fb53d1a353cdb8 | |
| parent | 5cde2142a25390ee8accfc392d835d2c145a7ecb (diff) | |
| download | vyos-1x-63a3110298e5f3f6d24d5ed57eff0a8abf27f6ac.tar.gz vyos-1x-63a3110298e5f3f6d24d5ed57eff0a8abf27f6ac.zip | |
macsec: T2023: cli: move "cipher" and "encryption" under new "secutiry" node
This is best suited as a key is required, too.
| -rw-r--r-- | interface-definitions/interfaces-macsec.xml.in | 45 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces-macsec.py | 15 |
2 files changed, 34 insertions, 26 deletions
diff --git a/interface-definitions/interfaces-macsec.xml.in b/interface-definitions/interfaces-macsec.xml.in index f16760112..53a347f11 100644 --- a/interface-definitions/interfaces-macsec.xml.in +++ b/interface-definitions/interfaces-macsec.xml.in @@ -17,27 +17,34 @@ </properties> <children> #include <include/address-ipv4-ipv6.xml.i> - <leafNode name="cipher"> + <node name="security"> <properties> - <help>Cipher suite used</help> - <completionHelp> - <list>gcm-aes-128</list> - </completionHelp> - <valueHelp> - <format>gcm-aes-128</format> - <description>Galois/Counter Mode of AES cipher with 128-bit key (default)</description> - </valueHelp> - <constraint> - <regex>(gcm-aes-128)</regex> - </constraint> + <help>Security/Encryption Settings</help> </properties> - </leafNode> - <leafNode name="encrypt"> - <properties> - <help>Enable optional MACsec encryption</help> - <valueless/> - </properties> - </leafNode> + <children> + <leafNode name="cipher"> + <properties> + <help>Cipher suite used</help> + <completionHelp> + <list>gcm-aes-128</list> + </completionHelp> + <valueHelp> + <format>gcm-aes-128</format> + <description>Galois/Counter Mode of AES cipher with 128-bit key (default)</description> + </valueHelp> + <constraint> + <regex>(gcm-aes-128)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="encrypt"> + <properties> + <help>Enable optional MACsec encryption</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> #include <include/interface-description.xml.i> #include <include/interface-disable.xml.i> #include <include/interface-vrf.xml.i> diff --git a/src/conf_mode/interfaces-macsec.py b/src/conf_mode/interfaces-macsec.py index 867df3eb6..fefc50d99 100755 --- a/src/conf_mode/interfaces-macsec.py +++ b/src/conf_mode/interfaces-macsec.py @@ -20,9 +20,10 @@ from copy import deepcopy from sys import exit from netifaces import interfaces -from vyos.ifconfig import MACsecIf -from vyos.configdict import list_diff from vyos.config import Config +from vyos.configdict import list_diff +from vyos.ifconfig import MACsecIf +from vyos.template import render from vyos.validate import is_member from vyos import ConfigError @@ -66,10 +67,6 @@ def get_config(): if conf.exists(['address']): macsec['address'] = conf.return_values(['address']) - # retrieve interface cipher - if conf.exists(['cipher']): - macsec['cipher'] = conf.return_value(['cipher']) - # retrieve interface description if conf.exists(['description']): macsec['description'] = conf.return_value(['description']) @@ -78,8 +75,12 @@ def get_config(): if conf.exists(['disable']): macsec['disable'] = True + # retrieve interface cipher + if conf.exists(['security', 'cipher']): + macsec['cipher'] = conf.return_value(['security', 'cipher']) + # Enable optional MACsec encryption - if conf.exists(['encrypt']): + if conf.exists(['security', 'encrypt']): macsec['encrypt'] = 'on' # Physical interface |