Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[macsecorch]: Support for non-default sa per sc #2250

Merged
merged 1 commit into from
May 18, 2022
Merged

[macsecorch]: Support for non-default sa per sc #2250

merged 1 commit into from
May 18, 2022

Conversation

arista-nwolfe
Copy link
Contributor

What I did
Taught MacsecOrch to use the SAI_MACSEC_ATTR_MAX_SECURE_ASSOCIATIONS_PER_SC attribute added in
opencomputeproject/SAI#1420

Why I did it
To support SAI_MACSEC_ATTR_MAX_SECURE_ASSOCIATIONS_PER_SC in MacsecOrch.

How I verified it
The changes have no impact until SAI_MACSEC_ATTR_MAX_SECURE_ASSOCIATIONS_PER_SC is supported by the platform.

Details
Cache the the result of SAI_MACSEC_ATTR_MAX_SECURE_ASSOCIATIONS_PER_SC in MACsecObject.m_max_sa_per_sc.
Set STATE_DB MACSEC_PORT_TABLE's max_sa_per_sc to the value cached in MACsecObject.m_max_sa_per_sc in createMACsecPort.

@arista-nwolfe arista-nwolfe requested a review from Pterosaur as a code owner May 2, 2022 22:59
@ghost
Copy link

ghost commented May 2, 2022
edited by ghost
Loading

CLA assistant check
All CLA requirements met.

Pterosaur
Pterosaur previously approved these changes May 3, 2022
View reviewed changes
@arista-nwolfe arista-nwolfe mentioned this pull request May 3, 2022
Merged
@arlakshm
Copy link
Contributor

arlakshm commented May 3, 2022

/Azp Azure.sonic-swss

@azure-pipelines
Copy link

Command 'Azure.sonic-swss' is not supported by Azure Pipelines.

Supported commands
  • help:
    • Get descriptions, examples and documentation about supported commands
    • Example: help "command_name"
  • list:
    • List all pipelines for this repository using a comment.
    • Example: "list"
  • run:
    • Run all pipelines or specific pipelines for this repository using a comment. Use this command by itself to trigger all related pipelines, or specify specific pipelines to run.
    • Example: "run" or "run pipeline_name, pipeline_name, pipeline_name"
  • where:
    • Report back the Azure DevOps orgs that are related to this repository and org
    • Example: "where"

See additional documentation.

@arlakshm
Copy link
Contributor

arlakshm commented May 3, 2022

/Azp run Azure.sonic-swss

@arlakshm
Copy link
Contributor

arlakshm commented May 3, 2022

/Azp rAzure.sonic-swss

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@azure-pipelines
Copy link

Command 'rAzure.sonic-swss' is not supported by Azure Pipelines.

Supported commands
  • help:
    • Get descriptions, examples and documentation about supported commands
    • Example: help "command_name"
  • list:
    • List all pipelines for this repository using a comment.
    • Example: "list"
  • run:
    • Run all pipelines or specific pipelines for this repository using a comment. Use this command by itself to trigger all related pipelines, or specify specific pipelines to run.
    • Example: "run" or "run pipeline_name, pipeline_name, pipeline_name"
  • where:
    • Report back the Azure DevOps orgs that are related to this repository and org
    • Example: "where"

See additional documentation.

@arlakshm
Copy link
Contributor

arlakshm commented May 3, 2022

/Azp run Azure.sonic-swss

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@judyjoseph
Copy link
Contributor

/azp run

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

judyjoseph
judyjoseph previously approved these changes May 5, 2022
View reviewed changes
Pterosaur pushed a commit to sonic-net/sonic-wpa-supplicant that referenced this pull request May 6, 2022
@arista-nwolfe
[Rekey] Support for configurable max SAs per Secure Channel (#47)
fc9dce8 
Adding code to query MACSEC_PORT_TABLE max_sa_per_sc in STATE_DB.
In PR sonic-net/sonic-swss#2250 MacsecOrch will publish the max_sa_per_sc in STATE_DB.
If we don't find the max_sa_per_sc we will default to 4 for max sa per sc.

Max sa per sc is used to determine which AN values can be used during rekey.
If a non-default max sa per sc is specified we will use the max value for rekey server priority.

Infra fix in sonic_operators.cpp.
-get function was extracting value incorrectly.
-pair_count wasn't getting incremented per pair.

Signed-off-by: Nathan Wolfe nwolfe@arista.com
@judyjoseph
Copy link
Contributor

/azp run

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@judyjoseph
Copy link
Contributor

/azp run

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@Pterosaur
Copy link
Contributor

Please try to rebase it to the latest master branch for fixing the vstest fail.

@arista-nwolfe
[macsecorch]: Support for non-default sa per sc
950508b 
Querying max_sa_per_sc from SAI and storing in STATE_DB. If the
SAI_MACSEC_ATTR_MAX_SECURE_ASSOCIATION_PER_SC is not supported
we will use the default of 4.

Signed-off-by: Nathan Wolfe <nwolfe@arista.com>
@arista-nwolfe arista-nwolfe dismissed stale reviews from judyjoseph and Pterosaur via 950508b May 17, 2022 21:00
@arista-nwolfe arista-nwolfe force-pushed the master-max-sa-per-sc branch from 8e667ea to 950508b Compare May 17, 2022 21:00
@Pterosaur Pterosaur merged commit d16f8f1 into sonic-net:master May 18, 2022
@dprital dprital mentioned this pull request May 25, 2022
Merged
6 tasks
preetham-singh pushed a commit to preetham-singh/sonic-swss that referenced this pull request Aug 6, 2022
@arista-nwolfe @preetham-singh
[macsecorch]: Support for non-default sa per sc (sonic-net#2250)
325574f 
What I did
Taught MacsecOrch to use the SAI_MACSEC_ATTR_MAX_SECURE_ASSOCIATIONS_PER_SC attribute added in
opencomputeproject/SAI#1420

Why I did it
To support SAI_MACSEC_ATTR_MAX_SECURE_ASSOCIATIONS_PER_SC in MacsecOrch.

How I verified it
The changes have no impact until SAI_MACSEC_ATTR_MAX_SECURE_ASSOCIATIONS_PER_SC is supported by the platform.

Details
Cache the the result of SAI_MACSEC_ATTR_MAX_SECURE_ASSOCIATIONS_PER_SC in MACsecObject.m_max_sa_per_sc.
Set STATE_DB MACSEC_PORT_TABLE's max_sa_per_sc to the value cached in MACsecObject.m_max_sa_per_sc in createMACsecPort.

Signed-off-by: Nathan Wolfe <nwolfe@arista.com>
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@Pterosaur Pterosaur Pterosaur approved these changes

@judyjoseph judyjoseph judyjoseph left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@arista-nwolfe @arlakshm @judyjoseph @Pterosaur