Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

T5770 Enable MACsec encryption stanza #2518

Merged
merged 1 commit into from
Nov 21, 2023
Merged

T5770 Enable MACsec encryption stanza #2518

merged 1 commit into from
Nov 21, 2023

Conversation

giga1699
Copy link
Contributor

Change Summary

Enables encryption mode when using MACsec

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes)
  • Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
  • Other (please describe):

Related Task(s)

Related PR(s)

Component(s) name

MACSEC

Proposed changes

Enable encryption when creating MACsec interface using "ip link" command

How to test

Smoketest result

Checklist:

  • I have read the CONTRIBUTING document
  • I have linked this PR to one or more Phabricator Task(s)
  • I have run the components SMOKETESTS if applicable
  • My commit headlines contain a valid Task id
  • My change requires a change to the documentation
  • I have updated the documentation accordingly

@vyosbot vyosbot requested review from a team, dmbaturin, sarthurdev, zdc, jestabro, sever-sever and c-po and removed request for a team November 21, 2023 19:01
dmbaturin
dmbaturin approved these changes Nov 21, 2023
View reviewed changes
Copy link
Member

@dmbaturin dmbaturin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's odd that we did have a node in the CLI definition but not this...

@giga1699
Copy link
Contributor Author

I did check to make sure I didn't accidentally delete some config from my previous PR. I swear I remember it encrypting in 1.4 when I was testing the previous change. Not sure how it ended up not setting that value now.

@c-po
Copy link
Member

c-po commented Nov 21, 2023

Extended the commit and added the appropriate smoketests

vyos@vyos:~$ /usr/libexec/vyos/tests/smoke/cli/test_interfaces_macsec.py
test_add_multiple_ip_addresses (__main__.MACsecInterfaceTest.test_add_multiple_ip_addresses) ... ok
test_add_single_ip_address (__main__.MACsecInterfaceTest.test_add_single_ip_address) ... ok
test_dhcp_client_options (__main__.MACsecInterfaceTest.test_dhcp_client_options) ... ok
test_dhcp_disable_interface (__main__.MACsecInterfaceTest.test_dhcp_disable_interface) ... ok
test_dhcp_vrf (__main__.MACsecInterfaceTest.test_dhcp_vrf) ... ok
test_dhcpv6_client_options (__main__.MACsecInterfaceTest.test_dhcpv6_client_options) ... ok
test_dhcpv6_vrf (__main__.MACsecInterfaceTest.test_dhcpv6_vrf) ... ok
test_dhcpv6pd_auto_sla_id (__main__.MACsecInterfaceTest.test_dhcpv6pd_auto_sla_id) ... ok
test_dhcpv6pd_manual_sla_id (__main__.MACsecInterfaceTest.test_dhcpv6pd_manual_sla_id) ... ok
test_interface_description (__main__.MACsecInterfaceTest.test_interface_description) ... ok
test_interface_disable (__main__.MACsecInterfaceTest.test_interface_disable) ... ok
test_interface_ip_options (__main__.MACsecInterfaceTest.test_interface_ip_options) ... ok
test_interface_ipv6_options (__main__.MACsecInterfaceTest.test_interface_ipv6_options) ... ok
test_interface_mtu (__main__.MACsecInterfaceTest.test_interface_mtu) ... ok
test_ipv6_link_local_address (__main__.MACsecInterfaceTest.test_ipv6_link_local_address) ... ok
test_macsec_encryption (__main__.MACsecInterfaceTest.test_macsec_encryption) ... ok
test_macsec_gcm_aes_128 (__main__.MACsecInterfaceTest.test_macsec_gcm_aes_128) ... ok
test_macsec_gcm_aes_256 (__main__.MACsecInterfaceTest.test_macsec_gcm_aes_256) ... ok
test_macsec_source_interface (__main__.MACsecInterfaceTest.test_macsec_source_interface) ... ok
test_macsec_static_keys (__main__.MACsecInterfaceTest.test_macsec_static_keys) ... ok
test_mtu_1200_no_ipv6_interface (__main__.MACsecInterfaceTest.test_mtu_1200_no_ipv6_interface) ... ok
test_span_mirror (__main__.MACsecInterfaceTest.test_span_mirror) ... skipped 'not supported'
test_vif_8021q_interfaces (__main__.MACsecInterfaceTest.test_vif_8021q_interfaces) ... skipped 'not supported'
test_vif_8021q_lower_up_down (__main__.MACsecInterfaceTest.test_vif_8021q_lower_up_down) ... skipped 'not supported'
test_vif_8021q_mtu_limits (__main__.MACsecInterfaceTest.test_vif_8021q_mtu_limits) ... skipped 'not supported'
test_vif_8021q_qos_change (__main__.MACsecInterfaceTest.test_vif_8021q_qos_change) ... skipped 'not supported'
test_vif_s_8021ad_vlan_interfaces (__main__.MACsecInterfaceTest.test_vif_s_8021ad_vlan_interfaces) ... skipped 'not supported'
test_vif_s_protocol_change (__main__.MACsecInterfaceTest.test_vif_s_protocol_change) ... skipped 'not supported'

----------------------------------------------------------------------
Ran 28 tests in 125.372s

OK (skipped=7)

@c-po c-po merged commit d3c7d97 into vyos:current Nov 21, 2023
4 of 5 checks passed
@c-po
Copy link
Member

c-po commented Nov 21, 2023

@Mergifyio backport sagitta

@mergify Mergify
Copy link
Contributor

mergify bot commented Nov 21, 2023
edited
Loading

backport sagitta

✅ Backports have been created

@mergify mergify bot mentioned this pull request Nov 21, 2023
Merged
dmbaturin added a commit that referenced this pull request Nov 22, 2023
@dmbaturin
Merge pull request #2520 from vyos/mergify/bp/sagitta/pr-2518
93ded25 
T5770 Enable MACsec encryption stanza (backport #2518)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@c-po c-po c-po approved these changes

@dmbaturin dmbaturin dmbaturin approved these changes

@sarthurdev sarthurdev Awaiting requested review from sarthurdev sarthurdev was automatically assigned from vyos/reviewers

@zdc zdc Awaiting requested review from zdc zdc was automatically assigned from vyos/reviewers

@jestabro jestabro Awaiting requested review from jestabro jestabro was automatically assigned from vyos/reviewers

@sever-sever sever-sever Awaiting requested review from sever-sever sever-sever was automatically assigned from vyos/reviewers

Assignees

@giga1699 giga1699

Labels
current
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@giga1699 @c-po @dmbaturin