summaryrefslogtreecommitdiff
path: root/interface-definitions/interfaces-macsec.xml.in
AgeCommit message (Collapse)Author
2023-02-17macsec: T5008: Changed length of CKN to (2..64 hex-digits)aapostoliuk
Based on wpa_supplicant documentation. mka_ckn (CKN = CAK Name) takes a 1..32-bytes (8..256 bit) hex-string (2..64 hex-digits) Changed allowable length of CKN from strong 64 hex-digits to the range (2..64 hex-digits)
2023-01-07xml: T1579: merge generic-description.xml.i and interface/description.xml.iChristian Poessinger
No need to have two distinct include blocks as one superseeds the other. Also this makes the entire behavior of "description" CLI node simpler.
2022-11-11policy: T2199: T4605: Migrate policy route interface to `policy route|route6 ↵sarthurdev
<name> interface <ifname>` * Include refactor to policy route to allow for deletion of mangle table instead of complex cleanup * T4605: Rename mangle table to vyos_mangle
2022-09-13firewall: T2199: Refactor firewall + zone-policy, move interfaces under ↵sarthurdev
firewall node * Refactor firewall and zone-policy rule creation and cleanup * Migrate interface firewall values to `firewall interfaces <name> <direction> name/ipv6-name <name>` * Remove `firewall-interface.py` conf script
2022-07-18macsec: T4537: allow 32-byte keys for gcm-aes-256Christian Poessinger
2022-04-29xml: T4047: use full string match in the regex validatorChristian Poessinger
2022-04-07qos: T4284: rename "traffic-policy" node to "qos policy"Christian Poessinger
"set traffic-policy" now becomes "set qos policy" "set interface ethernet eth0 traffic-policy" now bvecomes "set qos interface eth0"
2022-04-07qos: T4284: support mirror and redirect on all interface typesChristian Poessinger
2022-03-21qos: T4284: initial XML interface definitions for rewriteChristian Poessinger
2022-02-24scripts: T4269: node.def generator should automatically add default valuesChristian Poessinger
Since introducing the XML <defaultValue> node it was common, but redundant, practice to also add a help string indicating which value would be used as default if the node is unset. This makes no sense b/c it's duplicated code/value/characters and prone to error. The node.def scripts should be extended to automatically render the appropriate default value into the CLI help string. For e.g. SSH the current PoC renders: $ cat templates-cfg/service/ssh/port/node.def multi: type: txt help: Port for SSH service (default: 22) val_help: u32:1-65535; Numeric IP port ... Not all subsystems are already migrated to get_config_dict() and make use of the defaults() call - those subsystems need to be migrated, first before the new default is added to the CLI help.
2022-02-20macsec: T4261: add dhcp client supportChristian Poessinger
2021-12-06policy: T2199: Migrate policy route to XML/Pythonsarthurdev
2021-12-06firewall: T2199: Migrate firewall to XML/Pythonsarthurdev
2021-08-29xml: add missing "u32:" value declarator on integer rangesChristian Poessinger
2021-08-20xml: remove superfluous "interface" prefix from interface includesChristian Poessinger
2021-03-14xml: T1579: re-arrange xml interface include building blocksChristian Poessinger
As the amount of include files now has reached a certain amount, it is getting more and more crowsded, thuse introducing "per topic" subdirectories on the filesystem to keep a clean structure makes sense.
2021-02-28macsec: T3368: add support for gcm-aes-256 cipherChristian Poessinger
2021-01-21xml: T3239: override default mtu values and remove workaroundsJohn Estabrook
2020-11-07macsec: T2653: include common "ip" and "ipv6" interface optionsChristian Poessinger
2020-10-28mtu: T2630: add support for ethernet MTU up to 16000 bytesChristian Poessinger
There is a Myricom 10G card with 16k MTU available.
2020-09-26macsec: T2023: shift priority to run on vxlan/geneve source-interfaceChristian Poessinger
2020-09-20macsec: T2023: add missing mtu CLI optionChristian Poessinger
Base MTU for MACsec is 1468 bytes (encryption headers), but we leave room for 802.1ad and 802.1q VLAN tags, thus the limit is lowered to 1460 bytes to not make the user juggle with the MTU bytes if he enables VLAN support later on, which is yet to come.
2020-06-27ifconfig: T2653: move macsec interface to get_config_dict()Christian Poessinger
2020-05-22macsec: T2491: add replay window protectionChristian Poessinger
2020-05-21macsec: T2023: add valueHelp for MKA keysChristian Poessinger
2020-05-21macsec: T2023: support MACsec Key Agreement protocol actor priorityChristian Poessinger
2020-05-21macsec: T2023: rename "security key" node to "security mka"Christian Poessinger
MACsec always talks about MKA (MACsec Key Agreement protocol) thus the node should reflect that.
2020-05-21macsec: T2023: use wpa_supplicant for key managementChristian Poessinger
2020-05-21macsec: T2023: cli: move "cipher" and "encryption" under new "secutiry" nodeChristian Poessinger
This is best suited as a key is required, too.
2020-05-21macsec: T2023: remove gcm-aes-256 cipher typeChristian Poessinger
Cipher type gcm-aes-256 is supported by Linux 4.19 but it is not available in iproute2 4.19. We could backport it of course but the plan is to Upgrade to a more recent 5.x series kernel anyway once all out-of-tree module issues are resolved, mainly Intel QAT. gcm-aes-256 support was added to iproute2 package with commit b16f5253233 ("Add support for configuring MACsec gcm-aes-256 cipher type.") which made it into the 5.2 release of iproute2.
2020-05-21macsec: T2023: add optional encryption commandChristian Poessinger
By default MACsec only authenticates traffic but has support for optional encryption. Encryption can now be enabled using: set interfaces macsec <interface> encrypt
2020-05-21macsec: T2023: add initial XML and Python interfacesChristian Poessinger