Add runtime update pn

Signed-off-by: Ze Gan <[email protected]>
sonic-net · Feb 21, 2022 · 38b16a3 · 38b16a3
1 parent 48fe704
commit 38b16a3
Show file tree

Hide file tree

Showing 5 changed files with 66 additions and 0 deletions.
diff --git a/vslib/MACsecManager.cpp b/vslib/MACsecManager.cpp
@@ -292,6 +292,33 @@ bool MACsecManager::enable_macsec_filter(
     return true;
 }
 
+bool MACsecManager::update_macsec_sa_pn(
+        _In_ const MACsecAttr &attr,
+        _In_ sai_uint64_t pn)
+{
+    SWSS_LOG_ENTER();
+
+    std::ostringstream ostream;
+    ostream
+        << "/sbin/ip macsec set "
+        << shellquote(attr.m_macsecName);
+
+    if (attr.m_direction == SAI_MACSEC_DIRECTION_EGRESS)
+    {
+        ostream << " tx";
+    }
+    else
+    {
+        ostream << " rx sci " << attr.m_sci;
+    }
+
+    ostream << " sa " << attr.m_an << " pn " << pn;
+
+    SWSS_LOG_NOTICE("%s", ostream.str().c_str());
+
+    return exec(ostream.str());
+}
+
 bool MACsecManager::get_macsec_sa_pn(
         _In_ const MACsecAttr &attr,
         _Out_ sai_uint64_t &pn) const

diff --git a/vslib/MACsecManager.h b/vslib/MACsecManager.h
@@ -36,6 +36,10 @@ namespace saivs
                     _In_ const std::string &macsecInterface,
                     _In_ bool enable);
 
+            bool update_macsec_sa_pn(
+                    _In_ const MACsecAttr &attr,
+                    _In_ sai_uint64_t pn);
+
             bool get_macsec_sa_pn(
                     _In_ const MACsecAttr &attr,
                     _Out_ sai_uint64_t &pn) const;

diff --git a/vslib/SwitchStateBase.cpp b/vslib/SwitchStateBase.cpp
@@ -518,6 +518,13 @@ sai_status_t SwitchStateBase::set(
         return setAclEntry(objectId, attr);
     }
 
+    if (objectType == SAI_OBJECT_TYPE_MACSEC_SA)
+    {
+        sai_object_id_t objectId;
+        sai_deserialize_object_id(serializedObjectId, objectId);
+        return setMACsecSA(objectId, attr);
+    }
+
     return set_internal(objectType, serializedObjectId, attr);
 }
 

diff --git a/vslib/SwitchStateBase.h b/vslib/SwitchStateBase.h
@@ -513,6 +513,10 @@ namespace saivs
                     _In_ sai_object_id_t entry_id,
                     _In_ const sai_attribute_t* attr);
 
+            sai_status_t setMACsecSA(
+                    _In_ sai_object_id_t macsec_sa_id,
+                    _In_ const sai_attribute_t* attr);
+
             sai_status_t createMACsecPort(
                     _In_ sai_object_id_t macsec_sa_id,
                     _In_ sai_object_id_t switch_id,

diff --git a/vslib/SwitchStateBaseMACsec.cpp b/vslib/SwitchStateBaseMACsec.cpp
@@ -137,6 +137,30 @@ sai_status_t SwitchStateBase::setAclEntryMACsecFlowActive(
     return SAI_STATUS_SUCCESS;
 }
 
+sai_status_t SwitchStateBase::setMACsecSA(
+        _In_ sai_object_id_t macsec_sa_id,
+        _In_ const sai_attribute_t* attr)
+{
+    SWSS_LOG_ENTER();
+
+    MACsecAttr macsecAttr;
+
+    CHECK_STATUS(loadMACsecAttr(SAI_OBJECT_TYPE_MACSEC_SA, macsec_sa_id, macsecAttr));
+
+    if (attr->id == SAI_MACSEC_SA_ATTR_MINIMUM_INGRESS_XPN || attr->id == SAI_MACSEC_SA_ATTR_CONFIGURED_EGRESS_XPN)
+    {
+        if (!m_macsecManager.update_macsec_sa_pn(macsecAttr, attr->value.u64))
+        {
+            SWSS_LOG_WARN("Fail to update PN (%" PRIu64 ") of MACsec SA %s", attr->value.u64, sai_serialize_object_id(macsec_sa_id).c_str());
+
+            return SAI_STATUS_FAILURE;
+        }
+    }
+
+    auto sid = sai_serialize_object_id(macsec_sa_id);
+    return set_internal(SAI_OBJECT_TYPE_ACL_ENTRY, sid, attr);
+}
+
 sai_status_t SwitchStateBase::createMACsecPort(
         _In_ sai_object_id_t macsecSaId,
         _In_ sai_object_id_t switchId,