macsec: T2491: add replay window protection

author: Christian Poessinger <christian@poessinger.com> 2020-05-22 11:06:37 +0200
committer: Christian Poessinger <christian@poessinger.com> 2020-05-22 11:06:37 +0200
commit: 2005b6e98d66756eabd163d047e3ce4b365d4c30 (patch)
tree: 47000ac0508ace3975f7a1a98416334e167000a3 /src/conf_mode
parent: 63f9e4c0ab996b44ef88a9df20d552c5fd7f748c (diff)
download: vyos-1x-2005b6e98d66756eabd163d047e3ce4b365d4c30.tar.gz
vyos-1x-2005b6e98d66756eabd163d047e3ce4b365d4c30.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-macsec.py b/src/conf_mode/interfaces-macsec.py
index 690c9b745..7d6f238f3 100755
--- a/src/conf_mode/interfaces-macsec.py
+++ b/src/conf_mode/interfaces-macsec.py
@@ -39,6 +39,7 @@ default_config_data = {
     'security_mka_cak': '',
     'security_mka_ckn': '',
     'security_mka_priority': '255',
+    'security_replay_window': '',
     'intf': '',
     'source_interface': '',
     'is_bridge_member': False,
@@ -112,6 +113,11 @@ def get_config():
         macsec['security_mka_priority'] = conf.return_value(
             ['security', 'mka', 'priority'])
 
+    # IEEE 802.1X/MACsec replay protection
+    if conf.exists(['security', 'replay-window']):
+        macsec['security_replay_window'] = conf.return_value(
+            ['security', 'replay-window'])
+
     # Physical interface
     if conf.exists(['source-interface']):
         macsec['source_interface'] = conf.return_value(['source-interface'])
author	Christian Poessinger <christian@poessinger.com>	2020-05-22 11:06:37 +0200
committer	Christian Poessinger <christian@poessinger.com>	2020-05-22 11:06:37 +0200
commit	2005b6e98d66756eabd163d047e3ce4b365d4c30 (patch)
tree	47000ac0508ace3975f7a1a98416334e167000a3 /src/conf_mode
parent	63f9e4c0ab996b44ef88a9df20d552c5fd7f748c (diff)
download	vyos-1x-2005b6e98d66756eabd163d047e3ce4b365d4c30.tar.gz vyos-1x-2005b6e98d66756eabd163d047e3ce4b365d4c30.zip