summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-08-23 07:35:28 +0200
committerGitHub <noreply@github.com>2023-08-23 07:35:28 +0200
commit8c7fbec24f8bfe064d8ad804951f5ae59b54748f (patch)
tree6bbf7902d77f0761fe95719f2492efad3a486ede /interface-definitions
parenta090dd71231167cda95baaf7284e031230b5ee7a (diff)
parent007942130b3e9b86391fd08c3e372002afc6025e (diff)
downloadvyos-1x-8c7fbec24f8bfe064d8ad804951f5ae59b54748f.tar.gz
vyos-1x-8c7fbec24f8bfe064d8ad804951f5ae59b54748f.zip
Merge pull request #2156 from giga1699/T5447
T5447: Initial support for MACsec static keys
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/include/interface/macsec-key.xml.i15
-rw-r--r--interface-definitions/interfaces-macsec.xml.in22
2 files changed, 37 insertions, 0 deletions
diff --git a/interface-definitions/include/interface/macsec-key.xml.i b/interface-definitions/include/interface/macsec-key.xml.i
new file mode 100644
index 000000000..5a857a612
--- /dev/null
+++ b/interface-definitions/include/interface/macsec-key.xml.i
@@ -0,0 +1,15 @@
+<!-- include start from interface/macsec-key.xml.i -->
+<leafNode name="key">
+ <properties>
+ <help>MACsec static key</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>16-byte (128-bit) hex-string (32 hex-digits) for gcm-aes-128 or 32-byte (256-bit) hex-string (64 hex-digits) for gcm-aes-256</description>
+ </valueHelp>
+ <constraint>
+ <regex>[A-Fa-f0-9]{32}</regex>
+ <regex>[A-Fa-f0-9]{64}</regex>
+ </constraint>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/interfaces-macsec.xml.in b/interface-definitions/interfaces-macsec.xml.in
index 6bc28e44b..766b0bede 100644
--- a/interface-definitions/interfaces-macsec.xml.in
+++ b/interface-definitions/interfaces-macsec.xml.in
@@ -52,6 +52,28 @@
<valueless/>
</properties>
</leafNode>
+ <node name="static">
+ <properties>
+ <help>Use static keys for MACsec [static Secure Authentication Key (SAK) mode]</help>
+ </properties>
+ <children>
+ #include <include/interface/macsec-key.xml.i>
+ <tagNode name="peer">
+ <properties>
+ <help>MACsec peer name</help>
+ <constraint>
+ <regex>[^ ]{1,100}</regex>
+ </constraint>
+ <constraintErrorMessage>MACsec peer name exceeds limit of 100 characters</constraintErrorMessage>
+ </properties>
+ <children>
+ #include <include/generic-disable-node.xml.i>
+ #include <include/interface/mac.xml.i>
+ #include <include/interface/macsec-key.xml.i>
+ </children>
+ </tagNode>
+ </children>
+ </node>
<node name="mka">
<properties>
<help>MACsec Key Agreement protocol (MKA)</help>