Skip to content

Commit

Permalink
[vslib]: Update packet number of MACsec SA at runtime (sonic-net#1007)
Browse files Browse the repository at this point in the history
  • Loading branch information
Pterosaur authored Apr 29, 2022
1 parent f67bcdd commit 42af975
Show file tree
Hide file tree
Showing 7 changed files with 103 additions and 0 deletions.
21 changes: 21 additions & 0 deletions unittest/vslib/TestMACsecManager.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -27,3 +27,24 @@ TEST(MACsecManager, create_macsec_ingress_sa)
attr.m_sak = "";
manager.create_macsec_ingress_sa(attr);
}

TEST(MACsecManager, update_macsec_sa_pn)
{
// This is a system call that may not be valid in the test environment,
// So, this case is just for the testing coverage checking.

MACsecManager manager;

MACsecAttr attr;
attr.m_vethName = "eth0";
attr.m_macsecName = "macsec_eth0";
attr.m_sci = "02:42:ac:11:00:03";
attr.m_an = 0;
attr.m_pn = 1;
attr.m_cipher = MACsecAttr::CIPHER_NAME_GCM_AES_XPN_128;
attr.m_ssci = 0x1;
attr.m_salt = "";
attr.m_authKey = "";
attr.m_sak = "";
manager.update_macsec_sa_pn(attr, 2);
}
16 changes: 16 additions & 0 deletions unittest/vslib/TestSwitchStateBaseMACsec.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -110,3 +110,19 @@ TEST(SwitchStateBase, removeMACsecPort)
EXPECT_EQ(1, ss.m_macsecFlowPortMap.size());
EXPECT_EQ(1, ss.m_uncreatedIngressMACsecSAs.size());
}

TEST(SwitchStateBase, setMACsecSA)
{
// Due to this function highly depends on system environment which cannot be tested directly,
// Just create this Test block for passing coverage
auto sc = std::make_shared<SwitchConfig>(0, "");
auto scc = std::make_shared<SwitchConfigContainer>();

SwitchStateBase ss(
0x2100000000,
std::make_shared<RealObjectIdManager>(0, scc),
sc);

ss.setMACsecSA(0, nullptr);
}

27 changes: 27 additions & 0 deletions vslib/MACsecManager.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -292,6 +292,33 @@ bool MACsecManager::enable_macsec_filter(
return true;
}

bool MACsecManager::update_macsec_sa_pn(
_In_ const MACsecAttr &attr,
_In_ sai_uint64_t pn)
{
SWSS_LOG_ENTER();

std::ostringstream ostream;
ostream
<< "/sbin/ip macsec set "
<< shellquote(attr.m_macsecName);

if (attr.m_direction == SAI_MACSEC_DIRECTION_EGRESS)
{
ostream << " tx";
}
else
{
ostream << " rx sci " << attr.m_sci;
}

ostream << " sa " << attr.m_an << " pn " << pn;

SWSS_LOG_NOTICE("%s", ostream.str().c_str());

return exec(ostream.str());
}

bool MACsecManager::get_macsec_sa_pn(
_In_ const MACsecAttr &attr,
_Out_ sai_uint64_t &pn) const
Expand Down
4 changes: 4 additions & 0 deletions vslib/MACsecManager.h
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,10 @@ namespace saivs
_In_ const std::string &macsecInterface,
_In_ bool enable);

bool update_macsec_sa_pn(
_In_ const MACsecAttr &attr,
_In_ sai_uint64_t pn);

bool get_macsec_sa_pn(
_In_ const MACsecAttr &attr,
_Out_ sai_uint64_t &pn) const;
Expand Down
7 changes: 7 additions & 0 deletions vslib/SwitchStateBase.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -520,6 +520,13 @@ sai_status_t SwitchStateBase::set(
return setAclEntry(objectId, attr);
}

if (objectType == SAI_OBJECT_TYPE_MACSEC_SA)
{
sai_object_id_t objectId;
sai_deserialize_object_id(serializedObjectId, objectId);
return setMACsecSA(objectId, attr);
}

return set_internal(objectType, serializedObjectId, attr);
}

Expand Down
4 changes: 4 additions & 0 deletions vslib/SwitchStateBase.h
Original file line number Diff line number Diff line change
Expand Up @@ -521,6 +521,10 @@ namespace saivs
_In_ sai_object_id_t entry_id,
_In_ const sai_attribute_t* attr);

sai_status_t setMACsecSA(
_In_ sai_object_id_t macsec_sa_id,
_In_ const sai_attribute_t* attr);

sai_status_t createMACsecPort(
_In_ sai_object_id_t macsec_sa_id,
_In_ sai_object_id_t switch_id,
Expand Down
24 changes: 24 additions & 0 deletions vslib/SwitchStateBaseMACsec.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,30 @@ sai_status_t SwitchStateBase::setAclEntryMACsecFlowActive(
return SAI_STATUS_SUCCESS;
}

sai_status_t SwitchStateBase::setMACsecSA(
_In_ sai_object_id_t macsec_sa_id,
_In_ const sai_attribute_t* attr)
{
SWSS_LOG_ENTER();

MACsecAttr macsecAttr;

CHECK_STATUS(loadMACsecAttr(SAI_OBJECT_TYPE_MACSEC_SA, macsec_sa_id, macsecAttr));

if (attr->id == SAI_MACSEC_SA_ATTR_MINIMUM_INGRESS_XPN || attr->id == SAI_MACSEC_SA_ATTR_CONFIGURED_EGRESS_XPN)
{
if (!m_macsecManager.update_macsec_sa_pn(macsecAttr, attr->value.u64))
{
SWSS_LOG_WARN("Fail to update PN (%" PRIu64 ") of MACsec SA %s", attr->value.u64, sai_serialize_object_id(macsec_sa_id).c_str());

return SAI_STATUS_FAILURE;
}
}

auto sid = sai_serialize_object_id(macsec_sa_id);
return set_internal(SAI_OBJECT_TYPE_MACSEC_SA, sid, attr);
}

sai_status_t SwitchStateBase::createMACsecPort(
_In_ sai_object_id_t macsecSaId,
_In_ sai_object_id_t switchId,
Expand Down

0 comments on commit 42af975

Please sign in to comment.