macsec: T2023: support MACsec Key Agreement protocol actor priority

author: Christian Poessinger <christian@poessinger.com> 2020-05-21 15:06:16 +0200
committer: Christian Poessinger <christian@poessinger.com> 2020-05-21 15:10:04 +0200
commit: 2417c2feedd62a59f0caa0c7a405c60e1f3be0e8 (patch)
tree: 65dd4a9340dc965b7312f1edc4afdceed6d28e12
parent: 68d54d8d79f257497c884b392a7e316e9a8e7d21 (diff)
download: vyos-1x-2417c2feedd62a59f0caa0c7a405c60e1f3be0e8.tar.gz
vyos-1x-2417c2feedd62a59f0caa0c7a405c60e1f3be0e8.zip
3 files changed, 20 insertions, 0 deletions
diff --git a/data/templates/macsec/wpa_supplicant.conf.tmpl b/data/templates/macsec/wpa_supplicant.conf.tmpl
index df7b6f153..eee215418 100644
--- a/data/templates/macsec/wpa_supplicant.conf.tmpl
+++ b/data/templates/macsec/wpa_supplicant.conf.tmpl
@@ -57,5 +57,9 @@ network={
     # (2..64 hex-digits)
     mka_cak={{ security_mka_cak }}
     mka_ckn={{ security_mka_ckn }}
+
+    # mka_priority (Priority of MKA Actor) is in 0..255 range with 255 being
+    # default priority
+    mka_priority={{ security_mka_priority }}
 }
 
diff --git a/interface-definitions/interfaces-macsec.xml.in b/interface-definitions/interfaces-macsec.xml.in
index 02e6e7b3f..af3971595 100644
--- a/interface-definitions/interfaces-macsec.xml.in
+++ b/interface-definitions/interfaces-macsec.xml.in
@@ -64,6 +64,18 @@
                       </constraint>
                     </properties>
                   </leafNode>
+                  <leafNode name="priority">
+                    <properties>
+                      <help>Priority of MACsec Key Agreement protocol (MKA) actor (default: 255)</help>
+                      <valueHelp>
+                        <format>0-255</format>
+                        <description>MACsec Key Agreement protocol (MKA) priority</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 0-255" />
+                      </constraint>
+                    </properties>
+                  </leafNode>
                 </children>
               </node>
             </children>
diff --git a/src/conf_mode/interfaces-macsec.py b/src/conf_mode/interfaces-macsec.py
index 79c57d978..780ef9b5f 100755
--- a/src/conf_mode/interfaces-macsec.py
+++ b/src/conf_mode/interfaces-macsec.py
@@ -95,6 +95,10 @@ def get_config():
     if conf.exists(['security', 'mka', 'ckn']):
         macsec['security_mka_ckn'] = conf.return_value(['security', 'mka', 'ckn'])
 
+    # MACsec Key Agreement protocol (MKA) actor priority
+    if conf.exists(['security', 'mka', 'priority']):
+        macsec['security_mka_priority'] = conf.return_value(['security', 'mka', 'priority'])
+
     # Physical interface
     if conf.exists(['source-interface']):
         macsec['source_interface'] = conf.return_value(['source-interface'])
author	Christian Poessinger <christian@poessinger.com>	2020-05-21 15:06:16 +0200
committer	Christian Poessinger <christian@poessinger.com>	2020-05-21 15:10:04 +0200
commit	2417c2feedd62a59f0caa0c7a405c60e1f3be0e8 (patch)
tree	65dd4a9340dc965b7312f1edc4afdceed6d28e12
parent	68d54d8d79f257497c884b392a7e316e9a8e7d21 (diff)
download	vyos-1x-2417c2feedd62a59f0caa0c7a405c60e1f3be0e8.tar.gz vyos-1x-2417c2feedd62a59f0caa0c7a405c60e1f3be0e8.zip