diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-05-21 11:07:19 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-05-21 11:59:08 +0200 |
commit | 576951171b25bf3f5427c45e40bd540105f558b3 (patch) | |
tree | bcfc55eabae64910ae0d2fbc98095fb66688b527 /src/conf_mode | |
parent | 4a0c0b4e041d9f42d0b1fbfa3a259e76707338cb (diff) | |
download | vyos-1x-576951171b25bf3f5427c45e40bd540105f558b3.tar.gz vyos-1x-576951171b25bf3f5427c45e40bd540105f558b3.zip |
macsec: T2023: cipher suite is mandatory
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/interfaces-macsec.py | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/conf_mode/interfaces-macsec.py b/src/conf_mode/interfaces-macsec.py index 874fd6d62..867df3eb6 100755 --- a/src/conf_mode/interfaces-macsec.py +++ b/src/conf_mode/interfaces-macsec.py @@ -29,7 +29,7 @@ from vyos import ConfigError default_config_data = { 'address': [], 'address_remove': [], - 'cipher': 'gcm-aes-128', + 'cipher': '', 'deleted': False, 'description': '', 'disable': False, @@ -111,6 +111,10 @@ def verify(macsec): raise ConfigError(( f'Physical source interface must be set for MACsec "{macsec["intf"]}"')) + if not macsec['cipher']: + raise ConfigError(( + f'Cipher suite is mandatory for MACsec "{macsec["intf"]}"')) + if macsec['vrf']: if macsec['vrf'] not in interfaces(): raise ConfigError(f'VRF "{macsec["vrf"]}" does not exist') |