matthew/sonic-buildimage
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
master
sonic-buildimage/dockers/docker-macsec/cli-plugin-tests/appl_db.json
Ze Gan 910e1c6eb4
[docker-macsec]: MACsec CLI Plugin (#9390) 
#### Why I did it
To provide MACsec config and show CLI for manipulating MACsec

#### How I did it
Add `config macsec` and `show macsec`.

#### How to verify it

This PR includes unittest for MACsec CLI, check Azp status.
- Add MACsec profile
```
admin@sonic:~$ sudo config macsec profile add --help
Usage: config macsec profile add [OPTIONS] <profile_name>

  Add MACsec profile

Options:
  --priority <priority>           For Key server election. In 0-255 range with
                                  0 being the highest priority.  [default:
                                  255]
  --cipher_suite <cipher_suite>   The cipher suite for MACsec.  [default: GCM-
                                  AES-128]
  --primary_cak <primary_cak>     Primary Connectivity Association Key.
                                  [required]
  --primary_ckn <primary_cak>     Primary CAK Name.  [required]
  --policy <policy>               MACsec policy. INTEGRITY_ONLY: All traffic,
                                  except EAPOL, will be converted to MACsec
                                  packets without encryption.  SECURITY: All
                                  traffic, except EAPOL, will be encrypted by
                                  SecY.  [default: security]
  --enable_replay_protect / --disable_replay_protect
                                  Whether enable replay protect.  [default:
                                  False]
  --replay_window <enable_replay_protect>
                                  Replay window size that is the number of
                                  packets that could be out of order. This
                                  field works only if ENABLE_REPLAY_PROTECT is
                                  true.  [default: 0]
  --send_sci / --no_send_sci      Send SCI in SecTAG field of MACsec header.
                                  [default: True]
  --rekey_period <rekey_period>   The period of proactively refresh (Unit
                                  second).  [default: 0]
  -?, -h, --help                  Show this message and exit.
```
- Delete MACsec profile
```
admin@sonic:~$ sudo config macsec profile del --help
Usage: config macsec profile del [OPTIONS] <profile_name>

  Delete MACsec profile

Options:
  -?, -h, --help  Show this message and exit.
```
- Enable MACsec on the port
```
admin@sonic:~$ sudo config macsec port add --help
Usage: config macsec port add [OPTIONS] <port_name> <profile_name>

  Add MACsec port

Options:
  -?, -h, --help  Show this message and exit.
```
- Disable MACsec on the port
```
admin@sonic:~$ sudo config macsec port del --help
Usage: config macsec port del [OPTIONS] <port_name>

  Delete MACsec port

Options:
  -?, -h, --help  Show this message and exit.

```
Show MACsec
```
MACsec port(Ethernet0)
---------------------  -----------
cipher_suite           GCM-AES-256
enable                 true
enable_encrypt         true
enable_protect         true
enable_replay_protect  false
replay_window          0
send_sci               true
---------------------  -----------
	MACsec Egress SC (5254008f4f1c0001)
	-----------  -
	encoding_an  2
	-----------  -
		MACsec Egress SA (1)
		-------------------------------------  ----------------------------------------------------------------
		auth_key                               849B69D363E2B0AA154BEBBD7C1D9487
		next_pn                                1
		sak                                    AE8C9BB36EA44B60375E84BC8E778596289E79240FDFA6D7BA33D3518E705A5E
		salt                                   000000000000000000000000
		ssci                                   0
		SAI_MACSEC_SA_ATTR_CURRENT_XPN         179
		SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED    0
		SAI_MACSEC_SA_STAT_OCTETS_PROTECTED    0
		SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED  0
		SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED  0
		-------------------------------------  ----------------------------------------------------------------
		MACsec Egress SA (2)
		-------------------------------------  ----------------------------------------------------------------
		auth_key                               5A8B8912139551D3678B43DD0F10FFA5
		next_pn                                1
		sak                                    7F2651140F12C434F782EF9AD7791EE2CFE2BF315A568A48785E35FC803C9DB6
		salt                                   000000000000000000000000
		ssci                                   0
		SAI_MACSEC_SA_ATTR_CURRENT_XPN         87185
		SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED    0
		SAI_MACSEC_SA_STAT_OCTETS_PROTECTED    0
		SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED  0
		SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED  0
		-------------------------------------  ----------------------------------------------------------------
	MACsec Ingress SC (525400edac5b0001)
		MACsec Ingress SA (1)
		---------------------------------------  ----------------------------------------------------------------
		active                                   true
		auth_key                                 849B69D363E2B0AA154BEBBD7C1D9487
		lowest_acceptable_pn                     1
		sak                                      AE8C9BB36EA44B60375E84BC8E778596289E79240FDFA6D7BA33D3518E705A5E
		salt                                     000000000000000000000000
		ssci                                     0
		SAI_MACSEC_SA_ATTR_CURRENT_XPN           103
		SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED       0
		SAI_MACSEC_SA_STAT_IN_PKTS_INVALID       0
		SAI_MACSEC_SA_STAT_IN_PKTS_LATE          0
		SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA  0
		SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID     0
		SAI_MACSEC_SA_STAT_IN_PKTS_OK            0
		SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED     0
		SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA     0
		SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED      0
		SAI_MACSEC_SA_STAT_OCTETS_PROTECTED      0
		---------------------------------------  ----------------------------------------------------------------
		MACsec Ingress SA (2)
		---------------------------------------  ----------------------------------------------------------------
		active                                   true
		auth_key                                 5A8B8912139551D3678B43DD0F10FFA5
		lowest_acceptable_pn                     1
		sak                                      7F2651140F12C434F782EF9AD7791EE2CFE2BF315A568A48785E35FC803C9DB6
		salt                                     000000000000000000000000
		ssci                                     0
		SAI_MACSEC_SA_ATTR_CURRENT_XPN           91824
		SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED       0
		SAI_MACSEC_SA_STAT_IN_PKTS_INVALID       0
		SAI_MACSEC_SA_STAT_IN_PKTS_LATE          0
		SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA  0
		SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID     0
		SAI_MACSEC_SA_STAT_IN_PKTS_OK            0
		SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED     0
		SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA     0
		SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED      0
		SAI_MACSEC_SA_STAT_OCTETS_PROTECTED      0
		---------------------------------------  ----------------------------------------------------------------
MACsec port(Ethernet1)
---------------------  -----------
cipher_suite           GCM-AES-256
enable                 true
enable_encrypt         true
enable_protect         true
enable_replay_protect  false
replay_window          0
send_sci               true
---------------------  -----------
	MACsec Egress SC (5254008f4f1c0001)
	-----------  -
	encoding_an  1
	-----------  -
		MACsec Egress SA (1)
		-------------------------------------  ----------------------------------------------------------------
		auth_key                               35FC8F2C81BCA28A95845A4D2A1EE6EF
		next_pn                                1
		sak                                    1EC8572B75A840BA6B3833DC550C620D2C65BBDDAD372D27A1DFEB0CD786671B
		salt                                   000000000000000000000000
		ssci                                   0
		SAI_MACSEC_SA_ATTR_CURRENT_XPN         4809
		SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED    0
		SAI_MACSEC_SA_STAT_OCTETS_PROTECTED    0
		SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED  0
		SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED  0
		-------------------------------------  ----------------------------------------------------------------
	MACsec Ingress SC (525400edac5b0001)
		MACsec Ingress SA (1)
		---------------------------------------  ----------------------------------------------------------------
		active                                   true
		auth_key                                 35FC8F2C81BCA28A95845A4D2A1EE6EF
		lowest_acceptable_pn                     1
		sak                                      1EC8572B75A840BA6B3833DC550C620D2C65BBDDAD372D27A1DFEB0CD786671B
		salt                                     000000000000000000000000
		ssci                                     0
		SAI_MACSEC_SA_ATTR_CURRENT_XPN           5033
		SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED       0
		SAI_MACSEC_SA_STAT_IN_PKTS_INVALID       0
		SAI_MACSEC_SA_STAT_IN_PKTS_LATE          0
		SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA  0
		SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID     0
		SAI_MACSEC_SA_STAT_IN_PKTS_OK            0
		SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED     0
		SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA     0
		SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED      0
		SAI_MACSEC_SA_STAT_OCTETS_PROTECTED      0
		---------------------------------------  ----------------------------------------------------------------
```
2022-05-19 21:59:37 +08:00

248 lines
6.7 KiB
JSON
Raw Permalink Blame History

{
"MACSEC_EGRESS_SA_TABLE:Ethernet1:5254008f4f1c0001:1": {
"type": "hash",
"value": {
"sak": "1EC8572B75A840BA6B3833DC550C620D2C65BBDDAD372D27A1DFEB0CD786671B",
"auth_key": "35FC8F2C81BCA28A95845A4D2A1EE6EF",
"next_pn": "1",
"ssci": "0",
"salt": "000000000000000000000000"
},
"ttl": -0.001,
"expireat": 1651807960.2301455
},
"MACSEC_PORT_TABLE:Ethernet5": {
"type": "hash",
"value": {
"enable": "true",
"cipher_suite": "GCM-AES-256",
"send_sci": "true",
"enable_protect": "true",
"enable_encrypt": "true",
"enable_replay_protect": "false",
"replay_window": "0"
},
"ttl": -0.001,
"expireat": 1651807960.2302043
},
"MACSEC_EGRESS_SC_TABLE:Ethernet1:5254008f4f1c0001": {
"type": "hash",
"value": {
"encoding_an": "1"
},
"ttl": -0.001,
"expireat": 1651807960.2302194
},
"MACSEC_INGRESS_SA_TABLE:Ethernet1:525400edac5b0001:1": {
"type": "hash",
"value": {
"active": "true",
"sak": "1EC8572B75A840BA6B3833DC550C620D2C65BBDDAD372D27A1DFEB0CD786671B",
"auth_key": "35FC8F2C81BCA28A95845A4D2A1EE6EF",
"lowest_acceptable_pn": "1",
"ssci": "0",
"salt": "000000000000000000000000"
},
"ttl": -0.001,
"expireat": 1651807960.2302353
},
"MACSEC_INGRESS_SC_TABLE:Ethernet1:525400edac5b0001": {
"type": "hash",
"value": {
"Null": "Null"
},
"ttl": -0.001,
"expireat": 1651807960.2302475
},
"MACSEC_INGRESS_SC_TABLE:Ethernet0:525400edac5b0001": {
"type": "hash",
"value": {
"Null": "Null"
},
"ttl": -0.001,
"expireat": 1651807960.230258
},
"MACSEC_EGRESS_SA_TABLE:Ethernet5:5254008f4f1c0001:2": {
"type": "hash",
"value": {
"sak": "3BEBB5BB2539D7231EB95F312B843966180B6C941750B9F1A08AF71BA4508599",
"auth_key": "7C59E0CD393A3BA36B8DDC4C663A11FC",
"next_pn": "1",
"ssci": "0",
"salt": "000000000000000000000000"
},
"ttl": -0.001,
"expireat": 1651807960.2302718
},
"MACSEC_INGRESS_SA_TABLE:Ethernet0:525400edac5b0001:2": {
"type": "hash",
"value": {
"active": "true",
"sak": "7F2651140F12C434F782EF9AD7791EE2CFE2BF315A568A48785E35FC803C9DB6",
"auth_key": "5A8B8912139551D3678B43DD0F10FFA5",
"lowest_acceptable_pn": "1",
"ssci": "0",
"salt": "000000000000000000000000"
},
"ttl": -0.001,
"expireat": 1651807960.230298
},
"MACSEC_EGRESS_SC_TABLE:Ethernet5:5254008f4f1c0001": {
"type": "hash",
"value": {
"encoding_an": "2"
},
"ttl": -0.001,
"expireat": 1651807960.2303102
},
"MACSEC_PORT_TABLE:Ethernet0": {
"type": "hash",
"value": {
"enable": "true",
"cipher_suite": "GCM-AES-256",
"send_sci": "true",
"enable_protect": "true",
"enable_encrypt": "true",
"enable_replay_protect": "false",
"replay_window": "0"
},
"ttl": -0.001,
"expireat": 1651807960.23036
},
"MACSEC_INGRESS_SA_TABLE:Ethernet5:5254002003660001:2": {
"type": "hash",
"value": {
"active": "true",
"sak": "3BEBB5BB2539D7231EB95F312B843966180B6C941750B9F1A08AF71BA4508599",
"auth_key": "7C59E0CD393A3BA36B8DDC4C663A11FC",
"lowest_acceptable_pn": "1",
"ssci": "0",
"salt": "000000000000000000000000"
},
"ttl": -0.001,
"expireat": 1651807960.2304032
},
"MACSEC_PORT_TABLE:Ethernet4": {
"type": "hash",
"value": {
"enable": "true",
"cipher_suite": "GCM-AES-256",
"send_sci": "true",
"enable_protect": "true",
"enable_encrypt": "true",
"enable_replay_protect": "false",
"replay_window": "0"
},
"ttl": -0.001,
"expireat": 1651807960.2304454
},
"MACSEC_EGRESS_SA_TABLE:Ethernet4:5254008f4f1c0001:1": {
"type": "hash",
"value": {
"sak": "234128B1F6A679E02759D521C1FF448D5CE47B2E691852281EE8E34690B348DD",
"auth_key": "575FC253C395DFC3E1EE42C3DB665913",
"next_pn": "1",
"ssci": "0",
"salt": "000000000000000000000000"
},
"ttl": -0.001,
"expireat": 1651807960.2304764
},
"MACSEC_INGRESS_SA_TABLE:Ethernet0:525400edac5b0001:1": {
"type": "hash",
"value": {
"active": "true",
"sak": "AE8C9BB36EA44B60375E84BC8E778596289E79240FDFA6D7BA33D3518E705A5E",
"auth_key": "849B69D363E2B0AA154BEBBD7C1D9487",
"lowest_acceptable_pn": "1",
"ssci": "0",
"salt": "000000000000000000000000"
},
"ttl": -0.001,
"expireat": 1651807960.230506
},
"MACSEC_EGRESS_SC_TABLE:Ethernet0:5254008f4f1c0001": {
"type": "hash",
"value": {
"encoding_an": "2"
},
"ttl": -0.001,
"expireat": 1651807960.2305164
},
"MACSEC_INGRESS_SA_TABLE:Ethernet4:5254002003660001:1": {
"type": "hash",
"value": {
"active": "true",
"sak": "234128B1F6A679E02759D521C1FF448D5CE47B2E691852281EE8E34690B348DD",
"auth_key": "575FC253C395DFC3E1EE42C3DB665913",
"lowest_acceptable_pn": "1",
"ssci": "0",
"salt": "000000000000000000000000"
},
"ttl": -0.001,
"expireat": 1651807960.2305293
},
"MACSEC_EGRESS_SA_TABLE:Ethernet0:5254008f4f1c0001:2": {
"type": "hash",
"value": {
"sak": "7F2651140F12C434F782EF9AD7791EE2CFE2BF315A568A48785E35FC803C9DB6",
"auth_key": "5A8B8912139551D3678B43DD0F10FFA5",
"next_pn": "1",
"ssci": "0",
"salt": "000000000000000000000000"
},
"ttl": -0.001,
"expireat": 1651807960.2305422
},
"MACSEC_INGRESS_SC_TABLE:Ethernet5:5254002003660001": {
"type": "hash",
"value": {
"Null": "Null"
},
"ttl": -0.001,
"expireat": 1651807960.2305527
},
"MACSEC_INGRESS_SC_TABLE:Ethernet4:5254002003660001": {
"type": "hash",
"value": {
"Null": "Null"
},
"ttl": -0.001,
"expireat": 1651807960.2305627
},
"MACSEC_PORT_TABLE:Ethernet1": {
"type": "hash",
"value": {
"enable": "true",
"cipher_suite": "GCM-AES-256",
"send_sci": "true",
"enable_protect": "true",
"enable_encrypt": "true",
"enable_replay_protect": "false",
"replay_window": "0"
},
"ttl": -0.001,
"expireat": 1651807960.2305753
},
"MACSEC_EGRESS_SA_TABLE:Ethernet0:5254008f4f1c0001:1": {
"type": "hash",
"value": {
"sak": "AE8C9BB36EA44B60375E84BC8E778596289E79240FDFA6D7BA33D3518E705A5E",
"auth_key": "849B69D363E2B0AA154BEBBD7C1D9487",
"next_pn": "1",
"ssci": "0",
"salt": "000000000000000000000000"
},
"ttl": -0.001,
"expireat": 1651807960.2305882
},
"MACSEC_EGRESS_SC_TABLE:Ethernet4:5254008f4f1c0001": {
"type": "hash",
"value": {
"encoding_an": "1"
},
"ttl": -0.001,
"expireat": 1651807960.2305987
}
}
Reference in New Issue View Git Blame Copy Permalink