From 576951171b25bf3f5427c45e40bd540105f558b3 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 21 May 2020 11:07:19 +0200 Subject: macsec: T2023: cipher suite is mandatory --- src/conf_mode/interfaces-macsec.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/conf_mode/interfaces-macsec.py b/src/conf_mode/interfaces-macsec.py index 874fd6d62..867df3eb6 100755 --- a/src/conf_mode/interfaces-macsec.py +++ b/src/conf_mode/interfaces-macsec.py @@ -29,7 +29,7 @@ from vyos import ConfigError default_config_data = { 'address': [], 'address_remove': [], - 'cipher': 'gcm-aes-128', + 'cipher': '', 'deleted': False, 'description': '', 'disable': False, @@ -111,6 +111,10 @@ def verify(macsec): raise ConfigError(( f'Physical source interface must be set for MACsec "{macsec["intf"]}"')) + if not macsec['cipher']: + raise ConfigError(( + f'Cipher suite is mandatory for MACsec "{macsec["intf"]}"')) + if macsec['vrf']: if macsec['vrf'] not in interfaces(): raise ConfigError(f'VRF "{macsec["vrf"]}" does not exist') -- cgit v1.2.3