open-traffic-generator · sasubrata · Mar 2, 2025 · Mar 2, 2025 · Mar 3, 2025 · Mar 3, 2025
diff --git a/artifacts/openapi.html b/artifacts/openapi.html
diff --git a/artifacts/openapi.yaml b/artifacts/openapi.yaml
diff --git a/artifacts/otg.proto b/artifacts/otg.proto
diff --git a/device/macsec/dataplane/cryptoengine.yaml b/device/macsec/dataplane/cryptoengine.yaml
@@ -7,16 +7,21 @@ components:
       properties:
         choice:
           description: >-
-            Engine type based on encryption and/ or decryption capability. Supported types: encrypt_only - engine can only encrypt transmitted packets but it cannot decrypt packets upon arrival. As the packets cannot be decrypted on arrival, such packets cannot be delivered to the receiving device. Hence only stateless traffic can be sent.
+            Engine type based on encryption and/ or decryption capability. Supported types: 1) encrypt_only - engine can only encrypt transmitted packets but it cannot decrypt packets upon arrival. As the packets cannot be decrypted on arrival, such packets cannot be delivered to the receiving device. Hence only stateless traffic can be sent. 2) encrypt_decrypt - engine can both encrypt transmitted packets and decrypt packets on arrival. Such engine can have hardware acceleration for faster encryption/ decryption. As both encryption and decryption are possible, stateful (e.g. TCP) traffic can be sent/ received.
           type: string
           default: encrypt_only
           x-field-uid: 1
           x-enum:
             encrypt_only:
               x-field-uid: 1
+            encrypt_decrypt:
+              x-field-uid: 2
         encrypt_only:
           $ref: '#/components/schemas/SecureEntity.CryptoEngine.EncryptOnly'
           x-field-uid: 2
+        encrypt_decrypt:
+          $ref: '#/components/schemas/SecureEntity.CryptoEngine.EncryptDecrypt'
+          x-field-uid: 3
     SecureEntity.CryptoEngine.EncryptOnly:
       description: >-
         The container for encrypt only engine configuration.
@@ -30,6 +35,17 @@ components:
         traffic_options:
           $ref: '#/components/schemas/SecureEntity.CryptoEngine.EncryptOnly.TrafficOptions'
           x-field-uid: 2
+    SecureEntity.CryptoEngine.EncryptDecrypt:
+      description: >-
+        The container for encrypt and decrypt engine configuration.
+      type: object
+      properties:
+        tx_pn:
+          $ref: '#/components/schemas/SecureEntity.CryptoEngine.EncryptDecrypt.TxPn'
+          x-field-uid: 1
+        hardware_acceleration:
+          $ref: '#/components/schemas/SecureEntity.CryptoEngine.EncryptDecrypt.HardwareAcceleration'
+          x-field-uid: 2
     SecureEntity.CryptoEngine.EncryptOnly.TxSc:
       description: >-
         The container for Tx secure channel configuration.
@@ -82,7 +98,7 @@ components:
           minLength: 1
           maxLength: 16
           minimum: 1
-          default: "0x06"
+          default: "06"
           x-field-uid: 2
     SecureEntity.CryptoEngine.EncryptOnly.IncrementingPn:
       description: >-
@@ -114,7 +130,7 @@ components:
           minLength: 1
           maxLength: 16
           minimum: 1
-          default: "0x010000"
+          default: "01"
           x-field-uid: 3
     SecureEntity.CryptoEngine.EncryptOnly.TrafficOptions:
       description: >-
@@ -127,3 +143,42 @@ components:
           type: boolean
           default: true 
           x-field-uid: 1
+    SecureEntity.CryptoEngine.EncryptDecrypt.TxPn:
+      description: >-
+        Tx packet number(PN) configuration.
+      type: object
+      properties:
+        starting_pn:
+          description: >-
+            The starting packet number(PN).
+          type: integer
+          format: uint32
+          minimum: 1
+          default: 1
+          x-field-uid: 1
+        starting_xpn:
+          description: >-
+            The starting extended packet number(XPN).
+          type: string
+          format: hex
+          minLength: 1
+          maxLength: 16
+          minimum: 1
+          default: "01"
+          x-field-uid: 2
+    SecureEntity.CryptoEngine.EncryptDecrypt.HardwareAcceleration:
+      description: >-
+        Hardware acceleration configuration for offloading MACsec processing to hardware.
+      type: object
+      properties:
+        choice:
+          description: >-
+            Hardware acceleration types. Per port global parameters for chosen hardware acceleration mode applicable for all MACsec sessions from the test port are available at options.per_port_options.protocols.macsec.hardware_acceleration.
+          type: string
+          default: none
+          x-field-uid: 1
+          x-enum:
+            none:
+              x-field-uid: 1
+            inline_crypto:
+              x-field-uid: 2
diff --git a/device/macsec/dataplane/dataplane.yaml b/device/macsec/dataplane/dataplane.yaml
@@ -19,7 +19,7 @@ components:
         encapsulation:
           description: >-
             A container of encapsulation properties for a secure entity(SecY).
-          $ref: './tx.yaml#/components/schemas/SecureEntity.DataPlane.Encapsulation'
+          $ref: '#/components/schemas/SecureEntity.DataPlane.Encapsulation'
           x-field-uid: 2
 
     SecureEntity.DataPlane.Encapsulation:
@@ -38,8 +38,13 @@ components:
             Rx properties of SecY.
           $ref: './rx.yaml#/components/schemas/SecureEntity.DataPlane.Rx'
           x-field-uid: 2
+        vlan_options:
+          description: >-
+            VLAN options of SecY.
+          $ref: './vlanoptions.yaml#/components/schemas/SecureEntity.VlanOptions'
+          x-field-uid: 3
         crypto_engine:
           description: >-
             Crypto engine properties of SecY.
           $ref: './cryptoengine.yaml#/components/schemas/SecureEntity.CryptoEngine'
-          x-field-uid: 3
+          x-field-uid: 4
diff --git a/device/macsec/dataplane/vlanoptions.yaml b/device/macsec/dataplane/vlanoptions.yaml
@@ -0,0 +1,13 @@
+components:
+  schemas:
+    SecureEntity.VlanOptions:
+      description: >-
+        A container for VLAN options of SecY.
+      type: object
+      properties:
+        encrypt_interface_vlans:
+          description: >-
+            Send interface VLANS as encrypted or not. If it is false, VLANs go in cleartext. If hardware_accelerated.inline_crypto mode is chosen, option related to offset must be changed from default 12 (to 16 for example for single cleartext VLAN) at appropriate place to handle cleartext VLAN in receive direction.
+          type: boolean
+          default: true
+          x-field-uid: 1
diff --git a/device/macsec/mka/basic.yaml b/device/macsec/mka/basic.yaml
@@ -149,15 +149,13 @@ components:
       properties:
         choice:
           description: |-
-              Key source. Choose one from PSK or MSK.
+              Key source. Current choice is PSK only.
           type: string
           default: psk
           x-field-uid: 1
           x-enum:
             psk:
               x-field-uid: 1
-            msk:
-              x-field-uid: 2
         psks:
           description: |-
             PSK chain.

diff --git a/lag/lag.yaml b/lag/lag.yaml
@@ -53,6 +53,9 @@ components:
         ethernet:
           $ref: '../device/ethernet.yaml#/components/schemas/Device.EthernetBase'
           x-field-uid: 3
+        macsec:
+          $ref: './macsec/macsec.yaml#/components/schemas/Lag.Port.Macsec'
+          x-field-uid: 4
     Lag.Protocol:
       type: object
       properties:

diff --git a/lag/macsec/dataplane/cryptoengine.yaml b/lag/macsec/dataplane/cryptoengine.yaml
@@ -0,0 +1,81 @@
+components:
+  schemas:
+    Lag.Port.Macsec.SecureEntity.CryptoEngine:
+      description: >-
+        A container of crypto engine properties of a SecY.
+      type: object
+      properties:
+        encrypt_decrypt:
+          $ref: '#/components/schemas/Lag.Port.Macsec.SecureEntity.CryptoEngine.EncryptDecrypt'
+          x-field-uid: 1
+    Lag.Port.Macsec.SecureEntity.CryptoEngine.EncryptDecrypt:
+      description: >-
+        The container for configuration of crypto engine of encrypt and decrypt type. Such engine can both encrypt transmitted packets and decrypt packets on arrival. It can have hardware acceleration for faster encryption/ decryption. As both encryption and decryption are possible, stateful (e.g. TCP) traffic can be sent/ received.
+      type: object
+      properties:
+        tx_pn:
+          $ref: '#/components/schemas/Lag.Port.Macsec.SecureEntity.CryptoEngine.EncryptDecrypt.TxPn'
+          x-field-uid: 1
+        hardware_acceleration:
+          $ref: '#/components/schemas/Lag.Port.Macsec.SecureEntity.CryptoEngine.EncryptDecrypt.HardwareAcceleration'
+          x-field-uid: 2
+    Lag.Port.Macsec.SecureEntity.CryptoEngine.EncryptDecrypt.TxPn:
+      description: >-
+        Tx packet number(PN) configuration.
+      type: object
+      properties:
+        starting_pn:
+          description: >-
+            The starting packet number(PN).
+          type: integer
+          format: uint32
+          minimum: 1
+          default: 1
+          x-field-uid: 1
+        starting_xpn:
+          description: >-
+            The starting extended packet number(XPN).
+          type: string
+          format: hex
+          minLength: 1
+          maxLength: 16
+          minimum: 1
+          default: "01"
+          x-field-uid: 2
+    Lag.Port.Macsec.SecureEntity.CryptoEngine.EncryptDecrypt.HardwareAcceleration:
+      description: >-
+        Hardware acceleration configuration for offloading MACsec processing to hardware.
+      type: object
+      properties:
+        choice:
+          description: >-
+            Hardware acceleration types.
+          type: string
+          default: none
+          x-field-uid: 1
+          x-enum:
+            none:
+              x-field-uid: 1
+            inline_crypto:
+              x-field-uid: 2
+        inline_crypto:
+          $ref: '#/components/schemas/Lag.Port.Macsec.HardwareAcceleration.InlineCrypto'
+          x-field-uid: 2
+    Lag.Port.Macsec.HardwareAcceleration.InlineCrypto:
+      description: >-
+        Inline cryto engine configuration. Encryption/ decryption are offloaded to hardware. Also dynamic fields e.g. packet number(PN) and integrity check value(ICV) are updated in MACsec header on transmit.
+      type: object
+      properties:
+        rx_sc_identifying_field:
+          description: >-
+            The field based on which secure channel(SC) will be identified by the receiving port. Supported fields are:- - 1) source MAC - identify SC based on source MAC field. 2) SCI system ID - identify SC based on SCI system ID field. 3) SCI port ID - identify based on SCI port ID field.
+          type: string
+          default: source_mac
+          x-field-uid: 1
+          x-enum:
+            source_mac:
+              x-field-uid: 1
+            sci_sytem_id:
+              x-field-uid: 2
+            sci_port_id:
+              x-field-uid: 3
diff --git a/lag/macsec/dataplane/dataplane.yaml b/lag/macsec/dataplane/dataplane.yaml
@@ -0,0 +1,45 @@
+components:
+  schemas:
+    Lag.Port.Macsec.SecureEntity.DataPlane:
+      description: >-
+        A container of data plane properties.
+      type: object
+      properties:
+        choice:
+          description: >-
+            Choose "encapsulation" so that data packets are sent with MACsec encapsulation. Choose "no_encapsulation" so that data packets are sent without MACsec encapsulation.
+          type: string
+          default: encapsulation
+          x-field-uid: 1
+          x-enum:
+            encapsulation:
+              x-field-uid: 1
+            no_encapsulation:
+              x-field-uid: 2
+        encapsulation:
+          description: >-
+            A container of encapsulation properties for a secure entity(SecY).
+          $ref: '#/components/schemas/Lag.Port.Macsec.SecureEntity.DataPlane.Encapsulation'
+          x-field-uid: 2
+
+    Lag.Port.Macsec.SecureEntity.DataPlane.Encapsulation:
+      description: >-
+        A container of encapsulation properties for a secure entity(SecY).
+      type: object
+      required: [crypto_engine]
+      properties:
+        tx:
+          description: >-
+            Tx properties of SecY.
+          $ref: './tx.yaml#/components/schemas/Lag.Port.Macsec.SecureEntity.DataPlane.Tx'
+          x-field-uid: 1
+        rx:
+          description: >-
+            Rx properties of SecY.
+          $ref: './rx.yaml#/components/schemas/Lag.Port.Macsec.SecureEntity.DataPlane.Rx'
+          x-field-uid: 2
+        crypto_engine:
+          description: >-
+            Crypto engine properties of SecY.
+          $ref: './cryptoengine.yaml#/components/schemas/Lag.Port.Macsec.SecureEntity.CryptoEngine'
+          x-field-uid: 3
diff --git a/lag/macsec/dataplane/rx.yaml b/lag/macsec/dataplane/rx.yaml
@@ -0,0 +1,40 @@
+components:
+  schemas:
+    Lag.Port.Macsec.SecureEntity.DataPlane.Rx:
+      description: >-
+        A container for Rx settings of SecY.
+      type: object
+      properties:
+        replay_protection:
+          description: |-
+            Enable replay protection on not. 
+          type: boolean
+          default: false
+          x-field-uid: 1
+        replay_window:
+          description: |-
+            Replay window size. 
+          type: integer
+          format: uint32
+          minimum: 1
+          default: 1
+          x-field-uid: 2
+        validate_frames:
+          $ref: '#/components/schemas/Lag.Port.Macsec.SecureEntity.DataPlane.Rx.ValidateFrames'
+          x-field-uid: 3
+    Lag.Port.Macsec.SecureEntity.DataPlane.Rx.ValidateFrames:
+      description: >-
+        Controls validation of received frames.
+      type: object
+      properties:
+        choice:
+          description: >-
+            Controls validation of received frames. check - enable validation, do not discard invalid frames and increment in_pkts_invalid stats. strict - enable validation and discard invalid frames and increment in_pkts_not_valid stats.
+          type: string
+          default: check
+          x-field-uid: 1
+          x-enum:
+            check:
+              x-field-uid: 1
+            strict:
+              x-field-uid: 2
diff --git a/lag/macsec/dataplane/tx.yaml b/lag/macsec/dataplane/tx.yaml
@@ -0,0 +1,19 @@
+components:
+  schemas:
+    Lag.Port.Macsec.SecureEntity.DataPlane.Tx:
+      description: >-
+        A container of Tx properties of SecY.
+      type: object
+      properties:
+        end_station:
+          description: |-
+            End station on not.
+          type: boolean
+          default: false
+          x-field-uid: 1
+        include_sci:
+          description: |-
+            Include SCI on not.
+          type: boolean
+          default: false
+          x-field-uid: 2