Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DO NOT MERGE: CBMA code and test scripts #337

Closed
wants to merge 37 commits into from
Closed

DO NOT MERGE: CBMA code and test scripts #337

wants to merge 37 commits into from

Conversation

SelinaTII
Copy link
Collaborator

This is an initial PR for CBMA code and test scripts

  • CBMA for an inteface can be setup by calling the cbma() function in https://github.com/tiiuae/mesh_com/blob/cbma/modules/sc-mesh-secure-deployment/src/2_0/features/cbma/setup_cbma.py
  • The cbma() function calls setup_macsec() and setup_batman()
  • An example of setting up cbma for wlp1s0 and eth1 is given in the main function of setup_cbma.py (steps to generate test certificates are also mentioned there)
  • The code requires pyOpenSSL package (@dania-tii is integrating the build root package in tc_distro)
  • The code has been tested for wlp1s0 and eth1 interfaces on CSLs (will perform further tests with other radios on comms module 2.0 devices)
  • There are some improvements and bug fixes that will come up in later PRs

* CBMA files in 2_0/features/cbma/
* CBMA unit tests in 2_0/test_features/cbma/

Jira_Id : MSS20-173

Signed-off-by: Selina Shrestha <[email protected]>
Signed-off-by: Selina Shrestha <[email protected]>
Signed-off-by: Selina Shrestha <[email protected]>
* CBMA files in 2_0/features/cbma/
* CBMA unit tests in 2_0/test_features/cbma/

Jira_Id : MSS20-173

Signed-off-by: Selina Shrestha <[email protected]>
Signed-off-by: Selina Shrestha <[email protected]>
Signed-off-by: Selina Shrestha <[email protected]>
# Conflicts:
#	modules/sc-mesh-secure-deployment/src/2_0/features/cbma/multicast/multicast.py
…s can be specified as necessary

Signed-off-by: Selina Shrestha <[email protected]>
… in order to generate certificates for different interfaces.

Signed-off-by: Selina Shrestha <[email protected]>
* Sample code (main of setup_cbma.py) performs cbma for wlp1s0 and eth1
* In tools.utils, fixed mac_to_ipv6() and get_mac_from_ipv6()

Signed-off-by: Selina Shrestha <[email protected]>
… to clean up threads, macsec links, batman interfaces and bridges created from cbma

Signed-off-by: Selina Shrestha <[email protected]>
@TIISR
Copy link
Contributor

TIISR commented Nov 17, 2023

image

Context: Selina's code creates the lower/upper MACsec stacks (one interface per peer plus a bridge to aggregate them and give them as one to the batman-adv specified as parameter) visible in the diagram hereby attached.

The idea is for CommsController to call Selina's code with configurations provided by MDM or by the default principle of bat0 as white and all physical(ish) interfaces as black.

Allow the peer with higher mac address to initiate authentication as client in order to avoid simultaneous client-server, server-client connections between two peers.

Jira_Id : MSS20-205

Signed-off-by: Selina Shrestha <[email protected]>
@DamienDeMayaTII DamienDeMayaTII changed the title CBMA code and test scripts DO NOT MERGE: CBMA code and test scripts Dec 8, 2023
@pentestiing pentestiing marked this pull request as draft December 11, 2023 11:11
@pentestiing pentestiing closed this Jan 9, 2024
@pentestiing pentestiing deleted the cbma branch January 17, 2024 06:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants