4068944202
1. Add supervisord as the entrypoint of docker-macsec
2. Add wpa_supplicant conf into docker-macsec
3. Set the macsecmgrd as the critical_process
4. Configure supervisor to monitor macsecmgrd
5. Set macsec in the features list
6. Add config variable `INCLUDE_MACSEC`
7. Add macsec.service
**- How to verify it**
Change the `/etc/sonic/config_db.json` as follow
```
{
"PORT": {
"Ethernet0": {
...
"macsec": "test"
}
}
...
"MACSEC_PROFILE": {
"test": {
"priority": 64,
"cipher_suite": "GCM-AES-128",
"primary_cak": "0123456789ABCDEF0123456789ABCDEF",
"primary_ckn": "6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435",
"policy": "security"
}
}
}
```
To execute `sudo config reload -y`, We should find the following new items were inserted in app_db of redis
```
127.0.0.1:6379> keys *MAC*
1) "MACSEC_EGRESS_SC_TABLE:Ethernet0:72152375678227538"
2) "MACSEC_PORT_TABLE:Ethernet0"
127.0.0.1:6379> hgetall "MACSEC_EGRESS_SC_TABLE:Ethernet0:72152375678227538"
1) "ssci"
2) ""
3) "encoding_an"
4) "0"
127.0.0.1:6379> hgetall "MACSEC_PORT_TABLE:Ethernet0"
1) "enable"
2) "false"
3) "cipher_suite"
4) "GCM-AES-128"
5) "enable_protect"
6) "true"
7) "enable_encrypt"
8) "true"
9) "enable_replay_protect"
10) "false"
11) "replay_window"
12) "0"
```
Signed-off-by: Ze Gan <ganze718@gmail.com>
|
||
|---|---|---|
| .. | ||
| Aboot | ||
| apt | ||
| build_scripts | ||
| build_templates | ||
| dhcp | ||
| docker | ||
| image_config | ||
| initramfs-tools | ||
| scripts | ||
| sshd | ||