Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[macsecmgr]: Add rekey period in macsec mgr #1958

Merged
merged 2 commits into from
Oct 26, 2021
Merged

[macsecmgr]: Add rekey period in macsec mgr #1958

merged 2 commits into from
Oct 26, 2021

Conversation

Pterosaur
Copy link
Contributor

@Pterosaur Pterosaur commented Oct 13, 2021
edited
Loading

Signed-off-by: Ze Gan [email protected]

What I did
Expose mka rekey option to config db

Why I did it
This feature is needed

How I verified it
Run

redis-cli -n 4 hmset "MACSEC_PROFILE|test_profile" "priority" "64" "cipher_suite" "GCM-AES-128" "primary_cak" "0123456789ABCDEF0123456789ABCDEF" "primary_ckn" "6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435" "fallback_cak" "" "fallback_ckn" "" "policy" "security" "enable_replay_protect" "0" "replay_window" "0" "send_sci" "1" "rekey_period" "10"

redis-cli -n 4 hmset "PORT|Ethernet0" "macsec" "test_profile"

The SAK should be proactively refresh about 10 seconds

Details if related

@Pterosaur Pterosaur closed this Oct 13, 2021
@Pterosaur Pterosaur reopened this Oct 18, 2021
@Pterosaur Pterosaur marked this pull request as ready for review October 18, 2021 14:45
@Pterosaur Pterosaur requested a review from prsunny as a code owner October 18, 2021 14:45
shyam77git
shyam77git reviewed Oct 19, 2021
View reviewed changes
cfgmgr/macsecmgr.cpp
"macsec_rekey_period",
profile.rekey_period);
}

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this change sufficient for platform to take this change, modify 'rekey_period" to a desired value, do config reload and validate this rekey feature?
Rest all code (workflow) related to rekey in sonic (MACSecmgrd, wpa_supplicant etc.) already committed?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, please also update the wpa_supplicant. I have a PR: sonic-net/sonic-buildimage#8998 to update the wpa_supplicant submodule in sonic-buildimage

@Pterosaur
Copy link
Contributor Author

/azp run

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@Pterosaur Pterosaur requested a review from lguohan October 26, 2021 05:50
@Pterosaur Pterosaur merged commit 7444e96 into sonic-net:master Oct 26, 2021
EdenGri pushed a commit to EdenGri/sonic-swss that referenced this pull request Feb 28, 2022
@qiluo-msft
[doc] Refine doc on show loopback/mgmt ports (sonic-net#1958)
54cc370 
Add explicit sections for showing management/loopback interfaces
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shyam77git shyam77git shyam77git left review comments

@lguohan lguohan lguohan approved these changes

@prsunny prsunny Awaiting requested review from prsunny prsunny is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Pterosaur @lguohan @shyam77git