Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[cfgmgr]: Integrate MACsecMGR with sonic-buildimage #1627

Merged
merged 3 commits into from
Feb 4, 2021
Merged

[cfgmgr]: Integrate MACsecMGR with sonic-buildimage #1627

merged 3 commits into from
Feb 4, 2021

Conversation

Pterosaur
Copy link
Contributor

@Pterosaur Pterosaur commented Feb 4, 2021
edited
Loading

What I did

  1. Fix bug about the return value of get_value, it should return true if it's OK
  2. Fix bug about the type of MACsecProfile::priority, the original uint8_t will cause a lexical_convert failure when the priority is a integer.
  3. Polish log in get_value.
  4. Change the predefined paths for sonic-buildimage integration

Why I did it
I want that the MACsecMgrd can automatically start, so these configuration should be changed to adapt the configuration in sonic-buildimage

How I verified it
Change the /etc/sonic/config_db.json as follow

{
    "PORT": {
        "Ethernet0": {
            ...
            "macsec": "test"
         }
    }
    ...
    "MACSEC_PROFILE": {
        "test": {
            "priority": 64,
            "cipher_suite": "GCM-AES-128",
            "primary_cak": "0123456789ABCDEF0123456789ABCDEF",
            "primary_ckn": "6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435",
            "policy": "security"
        }
    }
}

To execute sudo config reload -y, We should find the following new items were inserted in app_db of redis

127.0.0.1:6379> keys *MAC*
1) "MACSEC_EGRESS_SC_TABLE:Ethernet0:72152375678227538"
2) "MACSEC_PORT_TABLE:Ethernet0"
127.0.0.1:6379> hgetall "MACSEC_EGRESS_SC_TABLE:Ethernet0:72152375678227538"
1) "ssci"
2) ""
3) "encoding_an"
4) "0"
127.0.0.1:6379> hgetall "MACSEC_PORT_TABLE:Ethernet0"
 1) "enable"
 2) "false"
 3) "cipher_suite"
 4) "GCM-AES-128"
 5) "enable_protect"
 6) "true"
 7) "enable_encrypt"
 8) "true"
 9) "enable_replay_protect"
10) "false"
11) "replay_window"
12) "0"

Details if related

@Pterosaur
Enable log name
752b2fd 
Signed-off-by: Ze Gan <ganze718@gmail.com>
@Pterosaur
Fix bug and change path for integration
831785c 
Signed-off-by: Ze Gan <ganze718@gmail.com>
@Pterosaur
Polish the log level
72e56bd 
Signed-off-by: Ze Gan <ganze718@gmail.com>
@Pterosaur Pterosaur mentioned this pull request Feb 4, 2021
Merged
@Pterosaur Pterosaur marked this pull request as ready for review February 4, 2021 05:58
@lguohan lguohan merged commit c7f27c8 into sonic-net:master Feb 4, 2021
vmittal-msft pushed a commit to vmittal-msft/sonic-swss that referenced this pull request Feb 6, 2021
@Pterosaur @vmittal-msft
[cfgmgr]: Integrate MACsecMGR with sonic-buildimage (sonic-net#1627)
0bc8bf6 
1. Fix bug about the return value of `get_value`, it should return `true` if it's OK
2. Fix bug about the type of `MACsecProfile::priority`, the original `uint8_t` will cause a `lexical_convert` failure when the priority is a integer.
3. Polish log in `get_value`.
4. Change the predefined paths for sonic-buildimage integration

Signed-off-by: Ze Gan <ganze718@gmail.com>
DavidZagury pushed a commit to DavidZagury/sonic-swss that referenced this pull request Mar 4, 2021
@Pterosaur @DavidZagury
[cfgmgr]: Integrate MACsecMGR with sonic-buildimage (sonic-net#1627)
3561d79 
1. Fix bug about the return value of `get_value`, it should return `true` if it's OK
2. Fix bug about the type of `MACsecProfile::priority`, the original `uint8_t` will cause a `lexical_convert` failure when the priority is a integer.
3. Polish log in `get_value`.
4. Change the predefined paths for sonic-buildimage integration

Signed-off-by: Ze Gan <ganze718@gmail.com>
raphaelt-nvidia pushed a commit to raphaelt-nvidia/sonic-swss that referenced this pull request Oct 5, 2021
@Pterosaur @raphaelt-nvidia
[cfgmgr]: Integrate MACsecMGR with sonic-buildimage (sonic-net#1627)
1785a7d 
1. Fix bug about the return value of `get_value`, it should return `true` if it's OK
2. Fix bug about the type of `MACsecProfile::priority`, the original `uint8_t` will cause a `lexical_convert` failure when the priority is a integer.
3. Polish log in `get_value`.
4. Change the predefined paths for sonic-buildimage integration

Signed-off-by: Ze Gan <ganze718@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lguohan lguohan lguohan approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Pterosaur @lguohan