Skip to content

[code sync] Merge code from sonic-net/sonic-buildimage:202205 to 202205 #105

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mssonicbld merged 5 commits into from
Sep 9, 2023
Merged

[code sync] Merge code from sonic-net/sonic-buildimage:202205 to 202205 #105

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
85f357e
[submodule] Update submodule sonic-swss to the latest HEAD automatica…
mssonicbld Sep 8, 2023
32f23dd
Update macsec CAK keys in profile for tests to change to type7 encode…
mssonicbld Sep 8, 2023
91382fe
[Nokia][sonic-platform] Update Nokia sonic-platform submodule (#16348…
mssonicbld Sep 9, 2023
2b302e8
chassis-packet: Update arp_update script for FAILED and STALE check (…
anamehra Sep 1, 2023
87d9be3
Merge branch '202205' of https://github.com/sonic-net/sonic-buildimag…
mssonicbld Sep 9, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion dockers/docker-macsec/cli-plugin-tests/config_db.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"MACSEC_PROFILE|macsec_profile": {
"cipher_suite": "GCM-AES-XPN-256",
"policy": "security",
"primary_cak": "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF",
"primary_cak": "5207554155500e5d5157786d6c2a3d2031425a5e577e7e727f6b6c03312432262706080a00005b554f4e007975707670725b0a54540c0252445e5d7a29252b046a",
"primary_ckn": "6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435",
"priority": "0",
"rekey_period": "900",
Expand Down
10 changes: 5 additions & 5 deletions dockers/docker-macsec/cli-plugin-tests/test_config_macsec.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@


profile_name = "test"
primary_cak = "01234567890123456789012345678912"
primary_cak = "2363647040534355560e000802065d574d400e000e030307075f0e5050000e5541"
primary_ckn = "01234567890123456789012345678912"


Expand Down Expand Up @@ -48,7 +48,7 @@ def test_macsec_valid_profile(self, mock_cfgdb):

profile_name = "test"
profile_map = {
"primary_cak": "0123456789012345678901234567891201234567890123456789012345678912",
"primary_cak": "3946080a0407070303530256560a04504650530352565e731f1a5c4f524f4b5a5e547b79777c6663754b5e465253050d0d0503565a48470b0b030604020c520a54",
"primary_ckn": "01234567890123456789012345678912",
"priority": 64,
"cipher_suite": "GCM-AES-XPN-256",
Expand Down Expand Up @@ -109,7 +109,7 @@ def test_macsec_port(self, mock_cfgdb):
runner = CliRunner()

result = runner.invoke(macsec.macsec, ["profile", "add", "test",
"--primary_cak=01234567890123456789012345678912","--primary_ckn=01234567890123456789012345678912"],
"--primary_cak=2363647040534355560e000802065d574d400e000e030307075f0e5050000e5541","--primary_ckn=01234567890123456789012345678912"],
obj=cfgdb)
assert result.exit_code == 0, "exit code: {}, Exception: {}, Traceback: {}".format(result.exit_code, result.exception, result.exc_info)
result = runner.invoke(macsec.macsec, ["port", "add", "Ethernet0", "test"], obj=cfgdb)
Expand Down Expand Up @@ -141,8 +141,8 @@ def test_macsec_invalid_operation(self, mock_cfgdb):
result = runner.invoke(macsec.macsec, ["profile", "del", "test"], obj=cfgdb)
assert result.exit_code != 0

result = runner.invoke(macsec.macsec, ["profile", "add", "test", "--primary_cak=01234567890123456789012345678912","--primary_ckn=01234567890123456789012345678912"], obj=cfgdb)
result = runner.invoke(macsec.macsec, ["profile", "add", "test", "--primary_cak=2363647040534355560e000802065d574d400e000e030307075f0e5050000e5541","--primary_ckn=01234567890123456789012345678912"], obj=cfgdb)
assert result.exit_code == 0, "exit code: {}, Exception: {}, Traceback: {}".format(result.exit_code, result.exception, result.exc_info)
# Repeat add profile
result = runner.invoke(macsec.macsec, ["profile", "add", "test", "--primary_cak=01234567890123456789012345678912","--primary_ckn=01234567890123456789012345678912"], obj=cfgdb)
result = runner.invoke(macsec.macsec, ["profile", "add", "test", "--primary_cak=2363647040534355560e000802065d574d400e000e030307075f0e5050000e5541","--primary_ckn=01234567890123456789012345678912"], obj=cfgdb)
assert result.exit_code != 0
8 changes: 4 additions & 4 deletions dockers/docker-macsec/cli/config/plugins/macsec.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -137,11 +137,11 @@ def add_profile(profile, priority, cipher_suite, primary_cak, primary_ckn, polic
profile_table["cipher_suite"] = cipher_suite

if "128" in cipher_suite:
if len(primary_cak) != 32:
ctx.fail("Expect the length of CAK is 32, but got {}".format(len(primary_cak)))
if len(primary_cak) != 66:
ctx.fail("Expect the length of CAK is 66, but got {}".format(len(primary_cak)))
elif "256" in cipher_suite:
if len(primary_cak) != 64:
ctx.fail("Expect the length of CAK is 64, but got {}".format(len(primary_cak)))
if len(primary_cak) != 130:
ctx.fail("Expect the length of CAK is 130, but got {}".format(len(primary_cak)))
if not is_hexstring(primary_cak):
ctx.fail("Expect the primary_cak is valid hex string")
if not is_hexstring(primary_ckn):
Expand Down
18 changes: 12 additions & 6 deletions files/scripts/arp_update
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,29 +25,35 @@ while /bin/true; do
for i in ${!STATIC_ROUTE_NEXTHOPS[@]}; do
nexthop="${STATIC_ROUTE_NEXTHOPS[i]}"
if [[ $nexthop == *"."* ]]; then
neigh_state=( $(ip -4 neigh show | grep -w $nexthop | tr -s ' ' | cut -d ' ' -f 3,4) )
neigh_state=$(ip -4 neigh show | grep -w $nexthop | tr -s ' ')
ping_prefix=ping
elif [[ $nexthop == *":"* ]] ; then
neigh_state=( $(ip -6 neigh show | grep -w $nexthop | tr -s ' ' | cut -d ' ' -f 3,4) )
neigh_state=$(ip -6 neigh show | grep -w $nexthop | tr -s ' ')
ping_prefix=ping6
fi
if [[ -z "${neigh_state}" ]] || [[ "${neigh_state[1]}" == "INCOMPLETE" ]] || [[ "${neigh_state[1]}" == "FAILED" ]]; then
# Check if there is an INCOMPLETE, FAILED, or STALE entry and try to resolve it again.
# STALE entries may be present if there is no traffic on a path. A far-end down event may not
# clear the STALE entry. Refresh the STALE entry to clear the table.
if [[ -z "${neigh_state}" ]] || [[ -n $(echo ${neigh_state} | grep 'INCOMPLETE\|FAILED\|STALE') ]]; then
interface="${STATIC_ROUTE_IFNAMES[i]}"
if [[ -z "$interface" ]]; then
# should never be here, handling just in case
logger "ERR: arp_update: missing interface entry for static route $nexthop"
interface=${neigh_state[0]}
continue
fi
intf_up=$(ip link show $interface | grep "state UP")
if [[ -n "$intf_up" ]]; then
pingcmd="timeout 0.2 $ping_prefix -I ${interface} -n -q -i 0 -c 1 -W 1 $nexthop >/dev/null"
eval $pingcmd
logger "arp_update: static route nexthop not resolved, pinging $nexthop on ${neigh_state[0]}"
# STALE entries may appear more often, not logging to prevent periodic syslogs
if [[ -z $(echo ${neigh_state} | grep 'STALE') ]]; then
logger "arp_update: static route nexthop not resolved ($neigh_state), pinging $nexthop on $interface"
fi
fi
fi
done

sleep 300
sleep 150
continue
fi
# find L3 interfaces which are UP, send ipv6 multicast pings
Expand Down
2 changes: 1 addition & 1 deletion platform/broadcom/sonic-platform-modules-nokia
Open in desktop
Submodule sonic-platform-modules-nokia updated 1 files
+1 −0 chassis/sonic_platform/sfp.py
8 changes: 4 additions & 4 deletions src/sonic-config-engine/tests/macsec_profile.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,18 +2,18 @@
"MACSEC_PROFILE":{
"macsec-profile": {
"cipher_suite": "GCM-AES-XPN-256",
"primary_cak": "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF",
"primary_cak": "5207554155500e5d5157786d6c2a3d2031425a5e577e7e727f6b6c03312432262706080a00005b554f4e007975707670725b0a54540c0252445e5d7a29252b046a",
"primary_ckn": "6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435",
"fallback_cak": "0000000000000000000000000000000000000000000000000000000000000000",
"fallback_cak": "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"fallback_ckn": "1111111111111111111111111111111111111111111111111111111111111111",
"priority": "0",
"rekey_period": "60"
},
"macsec-profile2": {
"cipher_suite": "GCM-AES-XPN-256",
"primary_cak": "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF",
"primary_cak": "5207554155500e5d5157786d6c2a3d2031425a5e577e7e727f6b6c03312432262706080a00005b554f4e007975707670725b0a54540c0252445e5d7a29252b046a",
"primary_ckn": "6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435",
"fallback_cak": "0000000000000000000000000000000000000000000000000000000000000000",
"fallback_cak": "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"fallback_ckn": "1111111111111111111111111111111111111111111111111111111111111111",
"priority": "0",
"rekey_period": "60"
Expand Down
2 changes: 1 addition & 1 deletion src/sonic-swss
Open in desktop
Submodule sonic-swss updated 1 files
+69 −1 cfgmgr/macsecmgr.cpp
4 changes: 2 additions & 2 deletions src/sonic-yang-models/tests/files/sample_config_db.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1943,9 +1943,9 @@
"test": {
"priority": "64",
"cipher_suite": "GCM-AES-128",
"primary_cak": "0123456789ABCDEF0123456789ABCDEF",
"primary_cak": "1159485744465e5a537272050a1011073557475152020c0e040c57223a357d7d71",
"primary_ckn": "6162636465666768696A6B6C6D6E6F70",
"fallback_cak": "00000000000000000000000000000000",
"fallback_cak": "000000000000000000000000000000000000000000000000000000000000000000",
"fallback_ckn": "11111111111111111111111111111111",
"policy": "security",
"enable_replay_protect": "true",
Expand Down
22 changes: 11 additions & 11 deletions src/sonic-yang-models/tests/yang_model_tests/tests_config/macsec.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,9 @@
"name": "test32",
"priority": 64,
"cipher_suite": "GCM-AES-128",
"primary_cak": "0123456789ABCDEF0123456789ABCDEF",
"primary_cak": "1159485744465e5a537272050a1011073557475152020c0e040c57223a357d7d71",
"primary_ckn": "6162636465666768696A6B6C6D6E6F70",
"fallback_cak": "00000000000000000000000000000000",
"fallback_cak": "000000000000000000000000000000000000000000000000000000000000000000",
"fallback_ckn": "11111111111111111111111111111111",
"policy": "security",
"enable_replay_protect": "true",
Expand All @@ -21,9 +21,9 @@
"name": "test64",
"priority": 64,
"cipher_suite": "GCM-AES-XPN-256",
"primary_cak": "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF",
"primary_cak": "5207554155500e5d5157786d6c2a3d2031425a5e577e7e727f6b6c03312432262706080a00005b554f4e007975707670725b0a54540c0252445e5d7a29252b046a",
"primary_ckn": "6162636465666768696A6B6C6D6E6F706162636465666768696A6B6C6D6E6F70",
"fallback_cak": "0000000000000000000000000000000000000000000000000000000000000000",
"fallback_cak": "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"fallback_ckn": "1111111111111111111111111111111111111111111111111111111111111111",
"policy": "security",
"enable_replay_protect": "true",
Expand Down Expand Up @@ -61,7 +61,7 @@
{
"name": "test",
"cipher_suite": "gcm-aes-128",
"primary_cak": "0123456789ABCDEF0123456789ABCDEF",
"primary_cak": "1159485744465e5a537272050a1011073557475152020c0e040c57223a357d7d71",
"primary_ckn": "6162636465666768696A6B6C6D6E6F70"
}
]
Expand All @@ -74,9 +74,9 @@
"MACSEC_PROFILE_LIST": [
{
"name": "test",
"primary_cak": "0123456789ABCDEF0123456789ABCDEF",
"primary_cak": "1159485744465e5a537272050a1011073557475152020c0e040c57223a357d7d71",
"primary_ckn": "6162636465666768696A6B6C6D6E6F70",
"fallback_cak": "0123456789ABCDEF0123456789ABCDEF",
"fallback_cak": "1159485744465e5a537272050a1011073557475152020c0e040c57223a357d7d71",
"fallback_ckn": "6162636465666768696A6B6C6D6E6F70"
}
]
Expand All @@ -89,7 +89,7 @@
"MACSEC_PROFILE_LIST": [
{
"name": "test",
"primary_cak": "0123456789ABCDEF0123456789ABCDEFA",
"primary_cak": "1159485744465e5a537272050a1011073557475152020c0e040c57223a357d7d7",
"primary_ckn": "6162636465666768696A6B6C6D6E6F70A"
}
]
Expand All @@ -115,9 +115,9 @@
"MACSEC_PROFILE_LIST": [
{
"name": "test",
"primary_cak": "0123456789ABCDEF0123456789ABCDEF",
"primary_cak": "1159485744465e5a537272050a1011073557475152020c0e040c57223a357d7d71",
"primary_ckn": "6162636465666768696A6B6C6D6E6F70",
"fallback_cak": "0000000000000000000000000000000000000000000000000000000000000000",
"fallback_cak": "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"fallback_ckn": "1111111111111111111111111111111111111111111111111111111111111111"
}
]
Expand All @@ -130,7 +130,7 @@
"MACSEC_PROFILE_LIST": [
{
"name": "test",
"primary_cak": "0123456789ABCDEF0123456789ABCDEF",
"primary_cak": "1159485744465e5a537272050a1011073557475152020c0e040c57223a357d7d71",
"primary_ckn": "6162636465666768696A6B6C6D6E6F70",
"replay_window": 64
}
Expand Down
8 changes: 2 additions & 6 deletions src/sonic-yang-models/yang-models/sonic-macsec.yang
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ module sonic-macsec {

leaf primary_cak {
type string {
pattern "[0-9a-fA-F]{32}|[0-9a-fA-F]{64}";
pattern "[0-9a-fA-F]{66}|[0-9a-fA-F]{130}";
}
mandatory true;
}
Expand All @@ -60,7 +60,7 @@ module sonic-macsec {

leaf fallback_cak {
type string {
pattern "[0-9a-fA-F]{32}|[0-9a-fA-F]{64}";
pattern "[0-9a-fA-F]{66}|[0-9a-fA-F]{130}";
}
}

Expand All @@ -70,10 +70,6 @@ module sonic-macsec {
}
}

must "string-length(primary_cak) = string-length(primary_ckn)";

must "string-length(fallback_cak) = string-length(fallback_ckn)";

must "string-length(fallback_cak) = string-length(primary_cak)";

must "primary_ckn != fallback_ckn";
Expand Down