mirror of
https://github.com/Telecominfraproject/ols-nos.git
synced 2025-11-01 10:38:02 +00:00
1c901b8f12cfa2c7f56fa0da62e93a7f7abc7e0c
8 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
judyjoseph
|
7d2e3cb011 |
Update macsec CAK keys in profile for tests to change to type7 encoded format (#16388)
* Change the CAK key length check in config plugin, macsec test profile changes * Fix the format in add_profile api The changes needed in various macsec unit tests and config plugin when we move to accept the type 7 encoded key format for macsec. This goes along with PR : sonic-net/sonic-swss#2892 raised earlier. |
||
|
Mai Bui
|
1477f779de |
modify commands using utilities_common.cli.run_command and advance sonic-utilities submodule on master (#15193)
Dependency: sonic-net/sonic-utilities#2718 Why I did it This PR sonic-net/sonic-utilities#2718 reduce shell=True usage in utilities_common.cli.run_command() function. Work item tracking Microsoft ADO (number only): 15022050 How I did it Replace strings commands using utilities_common.cli.run_command() function to list of strings due to circular dependency, advance sonic-utilities submodule 72ca4848 (HEAD -> master, upstream/master, upstream/HEAD) Add CLI configuration options for teamd retry count feature (sonic-net/sonic-utilities#2642) 359dfc0c [Clock] Implement clock CLI (sonic-net/sonic-utilities#2793) b316fc27 Add transceiver status CLI to show output from TRANSCEIVER_STATUS table (sonic-net/sonic-utilities#2772) dc59dbd2 Replace pickle by json (sonic-net/sonic-utilities#2849) a66f41c4 [show] replace shell=True, replace xml by lxml, replace exit by sys.exit (sonic-net/sonic-utilities#2666) 57500572 [utilities_common] replace shell=True (sonic-net/sonic-utilities#2718) 6e0ee3e7 [CRM][DASH] Extend CRM utility to support DASH resources. (sonic-net/sonic-utilities#2800) b2c29b0b [config] Generate sysinfo in single asic (sonic-net/sonic-utilities#2856) |
||
|
judyjoseph
|
6370257fa3 |
[macsec]: show macsec: add --profile option, include profile name in show command output (#13940)
This PR is to add the following Add a new options "--profile" to the show macsec command, to show all profiles in device Update the currentl show macsec command, to show profile in each interface o/p. This will tell which macsec profile the interface is attached to. |
||
|
Ze Gan
|
5efd6f9748 |
[macsec]: Add MACsec clear CLI support (#11731)
Why I did it
To support clear MACsec counters by sonic-clear macsec
How I did it
Add macsec sub-command in sonic-clear to cache the current macsec stats, and in the show macsec command to check the cache and return the diff with cache file.
How to verify it
admin@vlab-02:~$ show macsec Ethernet0
MACsec port(Ethernet0)
--------------------- -----------
cipher_suite GCM-AES-128
enable true
enable_encrypt true
enable_protect true
enable_replay_protect false
replay_window 0
send_sci true
--------------------- -----------
MACsec Egress SC (52540067daa70001)
----------- -
encoding_an 0
----------- -
MACsec Egress SA (0)
------------------------------------- --------------------------------
auth_key 9DDD4C69220A1FA9B6763F229B75CB6F
next_pn 1
sak BA86574D054FCF48B9CD7CF54F21304A
salt 000000000000000000000000
ssci 0
SAI_MACSEC_SA_ATTR_CURRENT_XPN 52
SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0
SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED 0
------------------------------------- --------------------------------
MACsec Ingress SC (525400d4fd3f0001)
MACsec Ingress SA (0)
--------------------------------------- --------------------------------
active true
auth_key 9DDD4C69220A1FA9B6763F229B75CB6F
lowest_acceptable_pn 1
sak BA86574D054FCF48B9CD7CF54F21304A
salt 000000000000000000000000
ssci 0
SAI_MACSEC_SA_ATTR_CURRENT_XPN 56
SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED 0
SAI_MACSEC_SA_STAT_IN_PKTS_INVALID 0
SAI_MACSEC_SA_STAT_IN_PKTS_LATE 0
SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA 0
SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID 0
SAI_MACSEC_SA_STAT_IN_PKTS_OK 0
SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED 0
SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA 0
SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0
--------------------------------------- --------------------------------
admin@vlab-02:~$ sonic-clear macsec
Clear MACsec counters
admin@vlab-02:~$ show macsec Ethernet0
MACsec port(Ethernet0)
--------------------- -----------
cipher_suite GCM-AES-128
enable true
enable_encrypt true
enable_protect true
enable_replay_protect false
replay_window 0
send_sci true
--------------------- -----------
MACsec Egress SC (52540067daa70001)
----------- -
encoding_an 0
----------- -
MACsec Egress SA (0)
------------------------------------- --------------------------------
auth_key 9DDD4C69220A1FA9B6763F229B75CB6F
next_pn 1
sak BA86574D054FCF48B9CD7CF54F21304A
salt 000000000000000000000000
ssci 0
SAI_MACSEC_SA_ATTR_CURRENT_XPN 52
SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0
SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED 0
------------------------------------- --------------------------------
MACsec Ingress SC (525400d4fd3f0001)
MACsec Ingress SA (0)
--------------------------------------- --------------------------------
active true
auth_key 9DDD4C69220A1FA9B6763F229B75CB6F
lowest_acceptable_pn 1
sak BA86574D054FCF48B9CD7CF54F21304A
salt 000000000000000000000000
ssci 0
SAI_MACSEC_SA_ATTR_CURRENT_XPN 0 <---this counters was cleared.
SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED 0
SAI_MACSEC_SA_STAT_IN_PKTS_INVALID 0
SAI_MACSEC_SA_STAT_IN_PKTS_LATE 0
SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA 0
SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID 0
SAI_MACSEC_SA_STAT_IN_PKTS_OK 0
SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED 0
SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA 0
SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0
--------------------------------------- --------------------------------
Signed-off-by: Ze Gan <ganze718@gmail.com>
Co-authored-by: Judy Joseph <jujoseph@microsoft.com>
|
||
|
Junhua Zhai
|
f01749de99 |
[macsec] cli multi-namespace support (#11285)
Enable multi-asic platform support for macsec cli |
||
|
Junhua Zhai
|
04ea32b0c2 |
[macsec] CLI Supports display of gearbox macsec counter (#11113)
Why I did it To support gearbox macsec counter display, following Azure/sonic-swss-common#622. How I did it Use swsscommon CounterTable API |
||
|
Ze Gan
|
0156c21eff |
[macsec-cli]: Fixing to config MACsec on the port will clear port attributes in config db (#10903)
Why I did it There is a bug that the Port attributes in CONFIG_DB will be cleared if using sudo config macsec port add Ethernet0 or sudo config macsec port del Ethernet0 How I did it To fetch the port attributes before set/remove MACsec field in port table. Signed-off-by: Ze Gan <ganze718@gmail.com> |
||
|
Ze Gan
|
910e1c6eb4 |
[docker-macsec]: MACsec CLI Plugin (#9390)
#### Why I did it
To provide MACsec config and show CLI for manipulating MACsec
#### How I did it
Add `config macsec` and `show macsec`.
#### How to verify it
This PR includes unittest for MACsec CLI, check Azp status.
- Add MACsec profile
```
admin@sonic:~$ sudo config macsec profile add --help
Usage: config macsec profile add [OPTIONS] <profile_name>
Add MACsec profile
Options:
--priority <priority> For Key server election. In 0-255 range with
0 being the highest priority. [default:
255]
--cipher_suite <cipher_suite> The cipher suite for MACsec. [default: GCM-
AES-128]
--primary_cak <primary_cak> Primary Connectivity Association Key.
[required]
--primary_ckn <primary_cak> Primary CAK Name. [required]
--policy <policy> MACsec policy. INTEGRITY_ONLY: All traffic,
except EAPOL, will be converted to MACsec
packets without encryption. SECURITY: All
traffic, except EAPOL, will be encrypted by
SecY. [default: security]
--enable_replay_protect / --disable_replay_protect
Whether enable replay protect. [default:
False]
--replay_window <enable_replay_protect>
Replay window size that is the number of
packets that could be out of order. This
field works only if ENABLE_REPLAY_PROTECT is
true. [default: 0]
--send_sci / --no_send_sci Send SCI in SecTAG field of MACsec header.
[default: True]
--rekey_period <rekey_period> The period of proactively refresh (Unit
second). [default: 0]
-?, -h, --help Show this message and exit.
```
- Delete MACsec profile
```
admin@sonic:~$ sudo config macsec profile del --help
Usage: config macsec profile del [OPTIONS] <profile_name>
Delete MACsec profile
Options:
-?, -h, --help Show this message and exit.
```
- Enable MACsec on the port
```
admin@sonic:~$ sudo config macsec port add --help
Usage: config macsec port add [OPTIONS] <port_name> <profile_name>
Add MACsec port
Options:
-?, -h, --help Show this message and exit.
```
- Disable MACsec on the port
```
admin@sonic:~$ sudo config macsec port del --help
Usage: config macsec port del [OPTIONS] <port_name>
Delete MACsec port
Options:
-?, -h, --help Show this message and exit.
```
Show MACsec
```
MACsec port(Ethernet0)
--------------------- -----------
cipher_suite GCM-AES-256
enable true
enable_encrypt true
enable_protect true
enable_replay_protect false
replay_window 0
send_sci true
--------------------- -----------
MACsec Egress SC (5254008f4f1c0001)
----------- -
encoding_an 2
----------- -
MACsec Egress SA (1)
------------------------------------- ----------------------------------------------------------------
auth_key 849B69D363E2B0AA154BEBBD7C1D9487
next_pn 1
sak AE8C9BB36EA44B60375E84BC8E778596289E79240FDFA6D7BA33D3518E705A5E
salt 000000000000000000000000
ssci 0
SAI_MACSEC_SA_ATTR_CURRENT_XPN 179
SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0
SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED 0
------------------------------------- ----------------------------------------------------------------
MACsec Egress SA (2)
------------------------------------- ----------------------------------------------------------------
auth_key 5A8B8912139551D3678B43DD0F10FFA5
next_pn 1
sak 7F2651140F12C434F782EF9AD7791EE2CFE2BF315A568A48785E35FC803C9DB6
salt 000000000000000000000000
ssci 0
SAI_MACSEC_SA_ATTR_CURRENT_XPN 87185
SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0
SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED 0
------------------------------------- ----------------------------------------------------------------
MACsec Ingress SC (525400edac5b0001)
MACsec Ingress SA (1)
--------------------------------------- ----------------------------------------------------------------
active true
auth_key 849B69D363E2B0AA154BEBBD7C1D9487
lowest_acceptable_pn 1
sak AE8C9BB36EA44B60375E84BC8E778596289E79240FDFA6D7BA33D3518E705A5E
salt 000000000000000000000000
ssci 0
SAI_MACSEC_SA_ATTR_CURRENT_XPN 103
SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED 0
SAI_MACSEC_SA_STAT_IN_PKTS_INVALID 0
SAI_MACSEC_SA_STAT_IN_PKTS_LATE 0
SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA 0
SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID 0
SAI_MACSEC_SA_STAT_IN_PKTS_OK 0
SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED 0
SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA 0
SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0
--------------------------------------- ----------------------------------------------------------------
MACsec Ingress SA (2)
--------------------------------------- ----------------------------------------------------------------
active true
auth_key 5A8B8912139551D3678B43DD0F10FFA5
lowest_acceptable_pn 1
sak 7F2651140F12C434F782EF9AD7791EE2CFE2BF315A568A48785E35FC803C9DB6
salt 000000000000000000000000
ssci 0
SAI_MACSEC_SA_ATTR_CURRENT_XPN 91824
SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED 0
SAI_MACSEC_SA_STAT_IN_PKTS_INVALID 0
SAI_MACSEC_SA_STAT_IN_PKTS_LATE 0
SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA 0
SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID 0
SAI_MACSEC_SA_STAT_IN_PKTS_OK 0
SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED 0
SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA 0
SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0
--------------------------------------- ----------------------------------------------------------------
MACsec port(Ethernet1)
--------------------- -----------
cipher_suite GCM-AES-256
enable true
enable_encrypt true
enable_protect true
enable_replay_protect false
replay_window 0
send_sci true
--------------------- -----------
MACsec Egress SC (5254008f4f1c0001)
----------- -
encoding_an 1
----------- -
MACsec Egress SA (1)
------------------------------------- ----------------------------------------------------------------
auth_key 35FC8F2C81BCA28A95845A4D2A1EE6EF
next_pn 1
sak 1EC8572B75A840BA6B3833DC550C620D2C65BBDDAD372D27A1DFEB0CD786671B
salt 000000000000000000000000
ssci 0
SAI_MACSEC_SA_ATTR_CURRENT_XPN 4809
SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0
SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED 0
------------------------------------- ----------------------------------------------------------------
MACsec Ingress SC (525400edac5b0001)
MACsec Ingress SA (1)
--------------------------------------- ----------------------------------------------------------------
active true
auth_key 35FC8F2C81BCA28A95845A4D2A1EE6EF
lowest_acceptable_pn 1
sak 1EC8572B75A840BA6B3833DC550C620D2C65BBDDAD372D27A1DFEB0CD786671B
salt 000000000000000000000000
ssci 0
SAI_MACSEC_SA_ATTR_CURRENT_XPN 5033
SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED 0
SAI_MACSEC_SA_STAT_IN_PKTS_INVALID 0
SAI_MACSEC_SA_STAT_IN_PKTS_LATE 0
SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA 0
SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID 0
SAI_MACSEC_SA_STAT_IN_PKTS_OK 0
SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED 0
SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA 0
SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0
--------------------------------------- ----------------------------------------------------------------
```
|