show macsec: add --profile option, include profile name in show command output #13940

judyjoseph · 2023-02-22T22:52:18Z

Why I did it

This PR is to add the following

Add a new options "--profile" to the show macsec command, to show all profiles in device
Update the currentl show macsec command, to show profile in each interface o/p. This will tell which macsec profile the interface is attached to.

How I did it

update the show cli plugin in macsec docker

How to verify it

The following is the test o/p

admin@str2--lc1-2:~$ show macsec 
Last cached time was 2023-02-22 19:48:18.106529
MACsec port(Ethernet184)
---------------------  ---------------
cipher_suite           GCM-AES-XPN-256
enable                 true
enable_encrypt         true
enable_protect         true
enable_replay_protect  false
profile                macsec_profile
replay_window          0
send_sci               true
---------------------  ---------------
        MACsec Egress SC (a47b2ce5940f0001)
        -----------  -
        encoding_an  1
        -----------  -
                MACsec Egress SA (1)
                -------------------------------------  ----------------------------------------------------------------
                auth_key                               D9E31955071DF44227EB6B0F23037B0D
                next_pn                                1
                sak                                    01B9F39545F90AC1D167D1CE37D872E9849DD0A870CA0CD0B12111E41990A4AE
                salt                                   D83322A67A3A358FC1B90B0C
                ssci                                   2
                SAI_MACSEC_SA_ATTR_CURRENT_XPN         31
                SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED    1306697
                SAI_MACSEC_SA_STAT_OCTETS_PROTECTED    0
                SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED  30
                SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED  0
                -------------------------------------  ------------------------------------------------------------------------  ----------------------------------------------------------------
                auth_key  D9E31955071DF44227EB6B0F23037B0D
                next_pn   1
                sak       01B9F39545F90AC1D167D1CE37D872E9849DD0A870CA0CD0B12111E41990A4AE
                salt      D83322A67A3A358FC1B90B0C
                ssci      2
                --------  ----------------------------------------------------------------
        MACsec Ingress SC (ded295f92a090001)
                MACsec Ingress SA (1)
                ---------------------------------------  ----------------------------------------------------------------
                active                                   true
                auth_key                                 D9E31955071DF44227EB6B0F23037B0D
                lowest_acceptable_pn                     1
                sak                                      01B9F39545F90AC1D167D1CE37D872E9849DD0A870CA0CD0B12111E41990A4AE
                salt                                     D83322A67A3A358FC1B90B0C
                ssci                                     1
                SAI_MACSEC_SA_ATTR_CURRENT_XPN           9922
                SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED       0
                SAI_MACSEC_SA_STAT_IN_PKTS_INVALID       0
                SAI_MACSEC_SA_STAT_IN_PKTS_LATE          0
                SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA  0
                SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID     0
                SAI_MACSEC_SA_STAT_IN_PKTS_OK            30
                SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED     0
                SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA     0
                SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED      1289369
                SAI_MACSEC_SA_STAT_OCTETS_PROTECTED      0
                ---------------------------------------  ------------------------------------------------------------------------------------  ----------------------------------------------------------------
                active                true
                auth_key              D9E31955071DF44227EB6B0F23037B0D
                lowest_acceptable_pn  1
                sak                   01B9F39545F90AC1D167D1CE37D872E9849DD0A870CA0CD0B12111E41990A4AE
                salt                  D83322A67A3A358FC1B90B0C
                ssci                  1
                --------------------  ----------------------------------------------------------------
admin@str2--lc1-2:~$ show macsec Ethernet184
Last cached time was 2023-02-22 19:48:18.106529
MACsec port(Ethernet184)
---------------------  ---------------
cipher_suite           GCM-AES-XPN-256
enable                 true
enable_encrypt         true
enable_protect         true
enable_replay_protect  false
profile                macsec_profile
replay_window          0
send_sci               true
---------------------  ---------------
        MACsec Egress SC (a47b2ce5940f0001)
        -----------  -
        encoding_an  1
        -----------  -
                MACsec Egress SA (1)
                -------------------------------------  ----------------------------------------------------------------
                auth_key                               D9E31955071DF44227EB6B0F23037B0D
                next_pn                                1
                sak                                    01B9F39545F90AC1D167D1CE37D872E9849DD0A870CA0CD0B12111E41990A4AE
                salt                                   D83322A67A3A358FC1B90B0C
                ssci                                   2
                SAI_MACSEC_SA_ATTR_CURRENT_XPN         31
                SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED    1306697
                SAI_MACSEC_SA_STAT_OCTETS_PROTECTED    0
                SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED  30
                SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED  0
                -------------------------------------  ------------------------------------------------------------------------  ----------------------------------------------------------------
                auth_key  D9E31955071DF44227EB6B0F23037B0D
                next_pn   1
                sak       01B9F39545F90AC1D167D1CE37D872E9849DD0A870CA0CD0B12111E41990A4AE
                salt      D83322A67A3A358FC1B90B0C
                ssci      2
                --------  ----------------------------------------------------------------
        MACsec Ingress SC (ded295f92a090001)
                MACsec Ingress SA (1)
                ---------------------------------------  ----------------------------------------------------------------
                active                                   true
                auth_key                                 D9E31955071DF44227EB6B0F23037B0D
                lowest_acceptable_pn                     1
                sak                                      01B9F39545F90AC1D167D1CE37D872E9849DD0A870CA0CD0B12111E41990A4AE
                salt                                     D83322A67A3A358FC1B90B0C
                ssci                                     1
                SAI_MACSEC_SA_ATTR_CURRENT_XPN           9922
                SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED       0
                SAI_MACSEC_SA_STAT_IN_PKTS_INVALID       0
                SAI_MACSEC_SA_STAT_IN_PKTS_LATE          0
                SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA  0
                SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID     0
                SAI_MACSEC_SA_STAT_IN_PKTS_OK            30
                SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED     0
                SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA     0
                SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED      1289369
                SAI_MACSEC_SA_STAT_OCTETS_PROTECTED      0
                ---------------------------------------  ------------------------------------------------------------------------------------  ----------------------------------------------------------------
                active                true
                auth_key              D9E31955071DF44227EB6B0F23037B0D
                lowest_acceptable_pn  1
                sak                   01B9F39545F90AC1D167D1CE37D872E9849DD0A870CA0CD0B12111E41990A4AE
                salt                  D83322A67A3A358FC1B90B0C
                ssci                  1
                --------------------  ----------------------------------------------------------------
admin@str2--lc1-2:~$ show macsec --profile
Last cached time was 2023-02-22 19:48:18.104093
MACsec profile : macsec_profile
        ------------  ----------------------------------------------------------------
        cipher_suite  GCM-AES-XPN-256
        policy        security
        primary_ckn   6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435
        priority      0
        rekey_period  900
        send_sci      true
        ------------  ----------------------------------------------------------------
admin@str2--lc1-2:~$ show macsec --profile -n asic0
Last cached time was 2023-02-22 19:48:18.104093
MACsec profile : macsec_profile
        ------------  ----------------------------------------------------------------
        cipher_suite  GCM-AES-XPN-256
        policy        security
        primary_ckn   6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435
        priority      0
        rekey_period  900
        send_sci      true
        ------------  ----------------------------------------------------------------
admin@str2--lc1-2:~$ show macsec --profile -n asic1
Last cached time was 2023-02-22 19:48:18.106529
MACsec profile : macsec_profile
        ------------  ----------------------------------------------------------------
        cipher_suite  GCM-AES-XPN-256
        policy        security
        primary_ckn   6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435
        priority      0
        rekey_period  900
        send_sci      true
        ------------  ----------------------------------------------------------------
admin@str2--lc1-2:~$ show macsec --profile Ethernet184
Interface name is not valid with profile option
admin@str2--lc1-2:~$ show macsec Ethernet184 --profile
Interface name is not valid with profile option

Which release branch to backport (provide reason below if selected)

Description for the changelog

Ensure to add label/tag for the feature raised. example - PR#2174 under sonic-utilities repo. where, Generic Config and Update feature has been labelled as GCU.

Link to config_db schema for YANG module changes

A picture of a cute animal (not mandatory but encouraged)

… profiles

dockers/docker-macsec/cli/show/plugins/show_macsec.py

judyjoseph · 2023-04-21T15:52:46Z

@lguohan, could you please review the PR? Please merge if looks good. thanks

yxieca · 2023-05-11T22:43:05Z

@judyjoseph is this change in 202211 already? Why only request for 202205 branch?

judyjoseph · 2023-05-11T22:59:37Z

@judyjoseph is this change in 202211 already? Why only request for 202205 branch?

added Ying, it is ok to add to 202211 as well.

…show command output (sonic-net#13940) This PR is to add the following Add a new options "--profile" to the show macsec command, to show all profiles in device Update the currentl show macsec command, to show profile in each interface o/p. This will tell which macsec profile the interface is attached to.

mssonicbld · 2023-05-17T21:01:13Z

Cherry-pick PR to 202211: #15127

mssonicbld · 2023-05-17T21:01:15Z

Cherry-pick PR to 202205: #15128

…show command output (#13940) (#15127)

…show command output (#13940) This PR is to add the following Add a new options "--profile" to the show macsec command, to show all profiles in device Update the currentl show macsec command, to show profile in each interface o/p. This will tell which macsec profile the interface is attached to.

judyjoseph requested a review from Pterosaur February 22, 2023 22:52

judyjoseph added 4 commits March 6, 2023 22:43

Add profile in show macsec o/p, also add --profile option to show all…

2ad3e0b

… profiles

Fix for interface name given along with -profile option

ad5582d

Don't display primary and fallback CAK

b491b96

Add unit tests

661f4dd

judyjoseph force-pushed the macsec_show branch from fc2b53e to 661f4dd Compare March 7, 2023 07:18

judyjoseph marked this pull request as ready for review March 7, 2023 07:19

judyjoseph requested a review from lguohan as a code owner March 7, 2023 07:19

Update config DB json

e1d72a5

judyjoseph force-pushed the macsec_show branch from 995d7b7 to e1d72a5 Compare March 21, 2023 06:59

Pass the --profile arg correctly in test

e3c3d8a

judyjoseph added Chassis 🤖 Modular chassis support Request for 202205 Branch labels Mar 27, 2023

Pterosaur reviewed Mar 27, 2023

View reviewed changes

dockers/docker-macsec/cli/show/plugins/show_macsec.py Outdated Show resolved Hide resolved

Pterosaur previously approved these changes Mar 28, 2023

View reviewed changes

Make macsec_profiles local variable instead of global

adf7806

judyjoseph dismissed Pterosaur’s stale review via adf7806 April 20, 2023 02:24

judyjoseph requested a review from Pterosaur April 20, 2023 02:25

Pterosaur approved these changes Apr 21, 2023

View reviewed changes

lguohan merged commit 6370257 into sonic-net:master Apr 27, 2023

judyjoseph added the Request for 202211 Branch label May 11, 2023

yxieca added Approved for 202205 Branch Approved for 202211 Branch labels May 17, 2023

mssonicbld added the Created PR to 202211 Branch label May 17, 2023

mssonicbld added the Created PR to 202205 Branch label May 17, 2023

This was referenced May 17, 2023

[action] [PR:13940] show macsec: add --profile option, include profile name in show command output #15127

Merged

[action] [PR:13940] show macsec: add --profile option, include profile name in show command output #15128

Merged

mssonicbld added a commit that referenced this pull request May 18, 2023

[macsec]: show macsec: add --profile option, include profile name in …

3869fbf

…show command output (#13940) (#15127)

mssonicbld added Included in 202211 Branch and removed Approved for 202211 Branch Created PR to 202211 Branch labels May 18, 2023

mssonicbld added Included in 202205 Branch and removed Approved for 202205 Branch Created PR to 202205 Branch labels May 18, 2023

judyjoseph deleted the macsec_show branch May 30, 2023 19:06

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

show macsec: add --profile option, include profile name in show command output #13940

show macsec: add --profile option, include profile name in show command output #13940

judyjoseph commented Feb 22, 2023 •

edited

Loading

judyjoseph commented Apr 21, 2023

yxieca commented May 11, 2023

judyjoseph commented May 11, 2023

mssonicbld commented May 17, 2023

mssonicbld commented May 17, 2023

show macsec: add --profile option, include profile name in show command output #13940

show macsec: add --profile option, include profile name in show command output #13940

Conversation

judyjoseph commented Feb 22, 2023 • edited Loading

Why I did it

How I did it

How to verify it

Which release branch to backport (provide reason below if selected)

Description for the changelog

Ensure to add label/tag for the feature raised. example - PR#2174 under sonic-utilities repo. where, Generic Config and Update feature has been labelled as GCU.

Link to config_db schema for YANG module changes

A picture of a cute animal (not mandatory but encouraged)

judyjoseph commented Apr 21, 2023

yxieca commented May 11, 2023

judyjoseph commented May 11, 2023

mssonicbld commented May 17, 2023

mssonicbld commented May 17, 2023

judyjoseph commented Feb 22, 2023 •

edited

Loading