Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[action] [PR:13940] show macsec: add --profile option, include profile name in show command output #15127

Merged
merged 1 commit into from
May 18, 2023
Merged

[action] [PR:13940] show macsec: add --profile option, include profile name in show command output #15127

merged 1 commit into from
May 18, 2023

Conversation

mssonicbld
Copy link
Collaborator

Why I did it

This PR is to add the following

  1. Add a new options "--profile" to the show macsec command, to show all profiles in device
  2. Update the currentl show macsec command, to show profile in each interface o/p. This will tell which macsec profile the interface is attached to.

How I did it

update the show cli plugin in macsec docker

How to verify it

The following is the test o/p

admin@str2--lc1-2:~$ show macsec 
Last cached time was 2023-02-22 19:48:18.106529
MACsec port(Ethernet184)
--------------------- ---------------
cipher_suite GCM-AES-XPN-256
enable true
enable_encrypt true
enable_protect true
enable_replay_protect false
profile macsec_profile
replay_window 0
send_sci true
--------------------- ---------------
 MACsec Egress SC (a47b2ce5940f0001)
 ----------- -
 encoding_an 1
 ----------- -
 MACsec Egress SA (1)
 ------------------------------------- ----------------------------------------------------------------
 auth_key D9E31955071DF44227EB6B0F23037B0D
 next_pn 1
 sak 01B9F39545F90AC1D167D1CE37D872E9849DD0A870CA0CD0B12111E41990A4AE
 salt D83322A67A3A358FC1B90B0C
 ssci 2
 SAI_MACSEC_SA_ATTR_CURRENT_XPN 31
 SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 1306697
 SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0
 SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED 30
 SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED 0
 ------------------------------------- ------------------------------------------------------------------------ ----------------------------------------------------------------
 auth_key D9E31955071DF44227EB6B0F23037B0D
 next_pn 1
 sak 01B9F39545F90AC1D167D1CE37D872E9849DD0A870CA0CD0B12111E41990A4AE
 salt D83322A67A3A358FC1B90B0C
 ssci 2
 -------- ----------------------------------------------------------------
 MACsec Ingress SC (ded295f92a090001)
 MACsec Ingress SA (1)
 --------------------------------------- ----------------------------------------------------------------
 active true
 auth_key D9E31955071DF44227EB6B0F23037B0D
 lowest_acceptable_pn 1
 sak 01B9F39545F90AC1D167D1CE37D872E9849DD0A870CA0CD0B12111E41990A4AE
 salt D83322A67A3A358FC1B90B0C
 ssci 1
 SAI_MACSEC_SA_ATTR_CURRENT_XPN 9922
 SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED 0
 SAI_MACSEC_SA_STAT_IN_PKTS_INVALID 0
 SAI_MACSEC_SA_STAT_IN_PKTS_LATE 0
 SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA 0
 SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID 0
 SAI_MACSEC_SA_STAT_IN_PKTS_OK 30
 SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED 0
 SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA 0
 SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 1289369
 SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0
 --------------------------------------- ------------------------------------------------------------------------------------ ----------------------------------------------------------------
 active true
 auth_key D9E31955071DF44227EB6B0F23037B0D
 lowest_acceptable_pn 1
 sak 01B9F39545F90AC1D167D1CE37D872E9849DD0A870CA0CD0B12111E41990A4AE
 salt D83322A67A3A358FC1B90B0C
 ssci 1
 -------------------- ----------------------------------------------------------------
admin@str2--lc1-2:~$ show macsec Ethernet184
Last cached time was 2023-02-22 19:48:18.106529
MACsec port(Ethernet184)
--------------------- ---------------
cipher_suite GCM-AES-XPN-256
enable true
enable_encrypt true
enable_protect true
enable_replay_protect false
profile macsec_profile
replay_window 0
send_sci true
--------------------- ---------------
 MACsec Egress SC (a47b2ce5940f0001)
 ----------- -
 encoding_an 1
 ----------- -
 MACsec Egress SA (1)
 ------------------------------------- ----------------------------------------------------------------
 auth_key D9E31955071DF44227EB6B0F23037B0D
 next_pn 1
 sak 01B9F39545F90AC1D167D1CE37D872E9849DD0A870CA0CD0B12111E41990A4AE
 salt D83322A67A3A358FC1B90B0C
 ssci 2
 SAI_MACSEC_SA_ATTR_CURRENT_XPN 31
 SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 1306697
 SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0
 SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED 30
 SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED 0
 ------------------------------------- ------------------------------------------------------------------------ ----------------------------------------------------------------
 auth_key D9E31955071DF44227EB6B0F23037B0D
 next_pn 1
 sak 01B9F39545F90AC1D167D1CE37D872E9849DD0A870CA0CD0B12111E41990A4AE
 salt D83322A67A3A358FC1B90B0C
 ssci 2
 -------- ----------------------------------------------------------------
 MACsec Ingress SC (ded295f92a090001)
 MACsec Ingress SA (1)
 --------------------------------------- ----------------------------------------------------------------
 active true
 auth_key D9E31955071DF44227EB6B0F23037B0D
 lowest_acceptable_pn 1
 sak 01B9F39545F90AC1D167D1CE37D872E9849DD0A870CA0CD0B12111E41990A4AE
 salt D83322A67A3A358FC1B90B0C
 ssci 1
 SAI_MACSEC_SA_ATTR_CURRENT_XPN 9922
 SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED 0
 SAI_MACSEC_SA_STAT_IN_PKTS_INVALID 0
 SAI_MACSEC_SA_STAT_IN_PKTS_LATE 0
 SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA 0
 SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID 0
 SAI_MACSEC_SA_STAT_IN_PKTS_OK 30
 SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED 0
 SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA 0
 SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 1289369
 SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0
 --------------------------------------- ------------------------------------------------------------------------------------ ----------------------------------------------------------------
 active true
 auth_key D9E31955071DF44227EB6B0F23037B0D
 lowest_acceptable_pn 1
 sak 01B9F39545F90AC1D167D1CE37D872E9849DD0A870CA0CD0B12111E41990A4AE
 salt D83322A67A3A358FC1B90B0C
 ssci 1
 -------------------- ----------------------------------------------------------------
admin@str2--lc1-2:~$ show macsec --profile
Last cached time was 2023-02-22 19:48:18.104093
MACsec profile : macsec_profile
 ------------ ----------------------------------------------------------------
 cipher_suite GCM-AES-XPN-256
 policy security
 primary_ckn 6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435
 priority 0
 rekey_period 900
 send_sci true
 ------------ ----------------------------------------------------------------
admin@str2--lc1-2:~$ show macsec --profile -n asic0
Last cached time was 2023-02-22 19:48:18.104093
MACsec profile : macsec_profile
 ------------ ----------------------------------------------------------------
 cipher_suite GCM-AES-XPN-256
 policy security
 primary_ckn 6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435
 priority 0
 rekey_period 900
 send_sci true
 ------------ ----------------------------------------------------------------
admin@str2--lc1-2:~$ show macsec --profile -n asic1
Last cached time was 2023-02-22 19:48:18.106529
MACsec profile : macsec_profile
 ------------ ----------------------------------------------------------------
 cipher_suite GCM-AES-XPN-256
 policy security
 primary_ckn 6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435
 priority 0
 rekey_period 900
 send_sci true
 ------------ ----------------------------------------------------------------
admin@str2--lc1-2:~$ show macsec --profile Ethernet184
Interface name is not valid with profile option
admin@str2--lc1-2:~$ show macsec Ethernet184 --profile
Interface name is not valid with profile option

Which release branch to backport (provide reason below if selected)

  • 201811
  • 201911
  • 202006
  • 202012
  • 202106
  • 202111
  • 202205
  • 202211

Description for the changelog

Ensure to add label/tag for the feature raised. example - PR#2174 under sonic-utilities repo. where, Generic Config and Update feature has been labelled as GCU.

Link to config_db schema for YANG module changes

A picture of a cute animal (not mandatory but encouraged)

@judyjoseph @mssonicbld
[macsec]: show macsec: add --profile option, include profile name in …
1b20bc9 
…show command output (sonic-net#13940)

This PR is to add the following

Add a new options "--profile" to the show macsec command, to show all profiles in device
Update the currentl show macsec command, to show profile in each interface o/p. This will tell which macsec profile the interface is attached to.
@mssonicbld mssonicbld requested a review from lguohan as a code owner May 17, 2023 21:01
@mssonicbld mssonicbld mentioned this pull request May 17, 2023
Merged
8 tasks
@mssonicbld
Copy link
Collaborator Author

Original PR: #13940

@mssonicbld mssonicbld merged commit 3869fbf into sonic-net:202211 May 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lguohan lguohan Awaiting requested review from lguohan lguohan is a code owner

Assignees
No one assigned
Labels
automerge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mssonicbld @judyjoseph