summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--interface-definitions/interfaces-macsec.xml.in45
-rwxr-xr-xsrc/conf_mode/interfaces-macsec.py15
2 files changed, 34 insertions, 26 deletions
diff --git a/interface-definitions/interfaces-macsec.xml.in b/interface-definitions/interfaces-macsec.xml.in
index f16760112..53a347f11 100644
--- a/interface-definitions/interfaces-macsec.xml.in
+++ b/interface-definitions/interfaces-macsec.xml.in
@@ -17,27 +17,34 @@
</properties>
<children>
#include <include/address-ipv4-ipv6.xml.i>
- <leafNode name="cipher">
+ <node name="security">
<properties>
- <help>Cipher suite used</help>
- <completionHelp>
- <list>gcm-aes-128</list>
- </completionHelp>
- <valueHelp>
- <format>gcm-aes-128</format>
- <description>Galois/Counter Mode of AES cipher with 128-bit key (default)</description>
- </valueHelp>
- <constraint>
- <regex>(gcm-aes-128)</regex>
- </constraint>
+ <help>Security/Encryption Settings</help>
</properties>
- </leafNode>
- <leafNode name="encrypt">
- <properties>
- <help>Enable optional MACsec encryption</help>
- <valueless/>
- </properties>
- </leafNode>
+ <children>
+ <leafNode name="cipher">
+ <properties>
+ <help>Cipher suite used</help>
+ <completionHelp>
+ <list>gcm-aes-128</list>
+ </completionHelp>
+ <valueHelp>
+ <format>gcm-aes-128</format>
+ <description>Galois/Counter Mode of AES cipher with 128-bit key (default)</description>
+ </valueHelp>
+ <constraint>
+ <regex>(gcm-aes-128)</regex>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="encrypt">
+ <properties>
+ <help>Enable optional MACsec encryption</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
#include <include/interface-description.xml.i>
#include <include/interface-disable.xml.i>
#include <include/interface-vrf.xml.i>
diff --git a/src/conf_mode/interfaces-macsec.py b/src/conf_mode/interfaces-macsec.py
index 867df3eb6..fefc50d99 100755
--- a/src/conf_mode/interfaces-macsec.py
+++ b/src/conf_mode/interfaces-macsec.py
@@ -20,9 +20,10 @@ from copy import deepcopy
from sys import exit
from netifaces import interfaces
-from vyos.ifconfig import MACsecIf
-from vyos.configdict import list_diff
from vyos.config import Config
+from vyos.configdict import list_diff
+from vyos.ifconfig import MACsecIf
+from vyos.template import render
from vyos.validate import is_member
from vyos import ConfigError
@@ -66,10 +67,6 @@ def get_config():
if conf.exists(['address']):
macsec['address'] = conf.return_values(['address'])
- # retrieve interface cipher
- if conf.exists(['cipher']):
- macsec['cipher'] = conf.return_value(['cipher'])
-
# retrieve interface description
if conf.exists(['description']):
macsec['description'] = conf.return_value(['description'])
@@ -78,8 +75,12 @@ def get_config():
if conf.exists(['disable']):
macsec['disable'] = True
+ # retrieve interface cipher
+ if conf.exists(['security', 'cipher']):
+ macsec['cipher'] = conf.return_value(['security', 'cipher'])
+
# Enable optional MACsec encryption
- if conf.exists(['encrypt']):
+ if conf.exists(['security', 'encrypt']):
macsec['encrypt'] = 'on'
# Physical interface