diff options
-rw-r--r-- | interface-definitions/interfaces-macsec.xml.in | 45 | ||||
-rwxr-xr-x | src/conf_mode/interfaces-macsec.py | 15 |
2 files changed, 34 insertions, 26 deletions
diff --git a/interface-definitions/interfaces-macsec.xml.in b/interface-definitions/interfaces-macsec.xml.in index f16760112..53a347f11 100644 --- a/interface-definitions/interfaces-macsec.xml.in +++ b/interface-definitions/interfaces-macsec.xml.in @@ -17,27 +17,34 @@ </properties> <children> #include <include/address-ipv4-ipv6.xml.i> - <leafNode name="cipher"> + <node name="security"> <properties> - <help>Cipher suite used</help> - <completionHelp> - <list>gcm-aes-128</list> - </completionHelp> - <valueHelp> - <format>gcm-aes-128</format> - <description>Galois/Counter Mode of AES cipher with 128-bit key (default)</description> - </valueHelp> - <constraint> - <regex>(gcm-aes-128)</regex> - </constraint> + <help>Security/Encryption Settings</help> </properties> - </leafNode> - <leafNode name="encrypt"> - <properties> - <help>Enable optional MACsec encryption</help> - <valueless/> - </properties> - </leafNode> + <children> + <leafNode name="cipher"> + <properties> + <help>Cipher suite used</help> + <completionHelp> + <list>gcm-aes-128</list> + </completionHelp> + <valueHelp> + <format>gcm-aes-128</format> + <description>Galois/Counter Mode of AES cipher with 128-bit key (default)</description> + </valueHelp> + <constraint> + <regex>(gcm-aes-128)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="encrypt"> + <properties> + <help>Enable optional MACsec encryption</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> #include <include/interface-description.xml.i> #include <include/interface-disable.xml.i> #include <include/interface-vrf.xml.i> diff --git a/src/conf_mode/interfaces-macsec.py b/src/conf_mode/interfaces-macsec.py index 867df3eb6..fefc50d99 100755 --- a/src/conf_mode/interfaces-macsec.py +++ b/src/conf_mode/interfaces-macsec.py @@ -20,9 +20,10 @@ from copy import deepcopy from sys import exit from netifaces import interfaces -from vyos.ifconfig import MACsecIf -from vyos.configdict import list_diff from vyos.config import Config +from vyos.configdict import list_diff +from vyos.ifconfig import MACsecIf +from vyos.template import render from vyos.validate import is_member from vyos import ConfigError @@ -66,10 +67,6 @@ def get_config(): if conf.exists(['address']): macsec['address'] = conf.return_values(['address']) - # retrieve interface cipher - if conf.exists(['cipher']): - macsec['cipher'] = conf.return_value(['cipher']) - # retrieve interface description if conf.exists(['description']): macsec['description'] = conf.return_value(['description']) @@ -78,8 +75,12 @@ def get_config(): if conf.exists(['disable']): macsec['disable'] = True + # retrieve interface cipher + if conf.exists(['security', 'cipher']): + macsec['cipher'] = conf.return_value(['security', 'cipher']) + # Enable optional MACsec encryption - if conf.exists(['encrypt']): + if conf.exists(['security', 'encrypt']): macsec['encrypt'] = 'on' # Physical interface |