Skip to content

Commit

Permalink
[macsecorch]: Support for non-default sa per sc (sonic-net#2250)
Browse files Browse the repository at this point in the history
What I did
Taught MacsecOrch to use the SAI_MACSEC_ATTR_MAX_SECURE_ASSOCIATIONS_PER_SC attribute added in
opencomputeproject/SAI#1420

Why I did it
To support SAI_MACSEC_ATTR_MAX_SECURE_ASSOCIATIONS_PER_SC in MacsecOrch.

How I verified it
The changes have no impact until SAI_MACSEC_ATTR_MAX_SECURE_ASSOCIATIONS_PER_SC is supported by the platform.

Details
Cache the the result of SAI_MACSEC_ATTR_MAX_SECURE_ASSOCIATIONS_PER_SC in MACsecObject.m_max_sa_per_sc.
Set STATE_DB MACSEC_PORT_TABLE's max_sa_per_sc to the value cached in MACsecObject.m_max_sa_per_sc in createMACsecPort.

Signed-off-by: Nathan Wolfe <nwolfe@arista.com>
  • Loading branch information
arista-nwolfe authored May 18, 2022
1 parent 341a654 commit d16f8f1
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 0 deletions.
27 changes: 27 additions & 0 deletions orchagent/macsecorch.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1082,6 +1082,32 @@ bool MACsecOrch::initMACsecObject(sai_object_id_t switch_id)
}
macsec_obj.first->second.m_sci_in_ingress_macsec_acl = attrs.front().value.booldata;

attrs.clear();
attr.id = SAI_MACSEC_ATTR_MAX_SECURE_ASSOCIATIONS_PER_SC;
attrs.push_back(attr);
status = sai_macsec_api->get_macsec_attribute(
macsec_obj.first->second.m_ingress_id,
static_cast<uint32_t>(attrs.size()),
attrs.data());
if (status != SAI_STATUS_SUCCESS)
{
// Default to 4 if SAI_MACSEC_ATTR_MAX_SECURE_ASSOCIATION_PER_SC isn't supported
macsec_obj.first->second.m_max_sa_per_sc = 4;
} else {
switch (attrs.front().value.s32)
{
case SAI_MACSEC_MAX_SECURE_ASSOCIATIONS_PER_SC_TWO:
macsec_obj.first->second.m_max_sa_per_sc = 2;
break;
case SAI_MACSEC_MAX_SECURE_ASSOCIATIONS_PER_SC_FOUR:
macsec_obj.first->second.m_max_sa_per_sc = 4;
break;
default:
SWSS_LOG_WARN( "Unsupported value returned from SAI_MACSEC_ATTR_MAX_SECURE_ASSOCIATION_PER_SC" );
return false;
}
}

recover.clear();
return true;
}
Expand Down Expand Up @@ -1266,6 +1292,7 @@ bool MACsecOrch::createMACsecPort(
SWSS_LOG_NOTICE("MACsec port %s is created.", port_name.c_str());

std::vector<FieldValueTuple> fvVector;
fvVector.emplace_back("max_sa_per_sc", std::to_string(macsec_obj.m_max_sa_per_sc));
fvVector.emplace_back("state", "ok");
m_state_macsec_port.set(port_name, fvVector);

Expand Down
1 change: 1 addition & 0 deletions orchagent/macsecorch.h
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,7 @@ class MACsecOrch : public Orch
sai_object_id_t m_ingress_id;
map<std::string, std::shared_ptr<MACsecPort> > m_macsec_ports;
bool m_sci_in_ingress_macsec_acl;
sai_uint8_t m_max_sa_per_sc;
};
map<sai_object_id_t, MACsecObject> m_macsec_objs;
map<std::string, std::shared_ptr<MACsecPort> > m_macsec_ports;
Expand Down

0 comments on commit d16f8f1

Please sign in to comment.