From 91262a8be93701165b7838637346f45a269c6f97 Mon Sep 17 00:00:00 2001
From: zegan <zegan@microsoft.com>
Date: Thu, 23 Apr 2020 18:56:18 +0800
Subject: [PATCH 01/22] Add compile configuration to support wpa supplicant 2.9

Signed-off-by: zegan <zegan@microsoft.com>
---
 rules/wpasupplicant.dep          | 10 ++++++++++
 rules/wpasupplicant.mk           | 21 +++++++++++++++++++++
 slave.mk                         |  3 ++-
 sonic-slave-buster/Dockerfile.j2 | 16 +++++++++++++++-
 src/wpasupplicant/Makefile       | 29 +++++++++++++++++++++++++++++
 5 files changed, 77 insertions(+), 2 deletions(-)
 create mode 100644 rules/wpasupplicant.dep
 create mode 100644 rules/wpasupplicant.mk
 create mode 100644 src/wpasupplicant/Makefile

diff --git a/rules/wpasupplicant.dep b/rules/wpasupplicant.dep
new file mode 100644
index 000000000000..5d02a7847055
--- /dev/null
+++ b/rules/wpasupplicant.dep
@@ -0,0 +1,10 @@
+
+SPATH       := $($(WPASUPPLICANT)_SRC_PATH)
+DEP_FILES   := $(SONIC_COMMON_FILES_LIST) rules/wpa.mk rules/wpa.dep   
+DEP_FILES   += $(SONIC_COMMON_BASE_FILES_LIST)
+DEP_FILES   += $(shell git ls-files $(SPATH))
+
+$(WPASUPPLICANT)_CACHE_MODE  := GIT_CONTENT_SHA 
+$(WPASUPPLICANT)_DEP_FLAGS   := $(SONIC_COMMON_FLAGS_LIST)
+$(WPASUPPLICANT)_DEP_FILES   := $(DEP_FILES)
+
diff --git a/rules/wpasupplicant.mk b/rules/wpasupplicant.mk
new file mode 100644
index 000000000000..c39b1b0b94bd
--- /dev/null
+++ b/rules/wpasupplicant.mk
@@ -0,0 +1,21 @@
+# wpa package
+
+WPASUPPLICANT_VERSION = 2.9.0-12
+
+export WPASUPPLICANT_VERSION
+
+WPASUPPLICANT = wpasupplicant_$(WPASUPPLICANT_VERSION)_$(CONFIGURED_ARCH).deb
+$(WPASUPPLICANT)_SRC_PATH = $(SRC_PATH)/wpasupplicant
+SONIC_MAKE_DEBS += $(WPASUPPLICANT)
+
+WPASUPPLICANT_DBG = wpasupplicant_$(WPASUPPLICANT_VERSION)_$(CONFIGURED_ARCH).deb
+$(eval $(call add_derived_package,$(WPASUPPLICANT),$(WPASUPPLICANT_DBG)))
+
+WPASUPPLICANT_DBG = wpasupplicant-dbgsym_$(WPASUPPLICANT_VERSION)_$(CONFIGURED_ARCH).deb
+$(eval $(call add_derived_package,$(WPASUPPLICANT),$(WPASUPPLICANT_DBG)))
+
+
+# The .c, .cpp, .h & .hpp files under src/{$DBG_SRC_ARCHIVE list}
+# are archived into debug one image to facilitate debugging.
+#
+DBG_SRC_ARCHIVE += wpasupplicant
diff --git a/slave.mk b/slave.mk
index 098a5f12f064..c05e62783b48 100644
--- a/slave.mk
+++ b/slave.mk
@@ -777,7 +777,8 @@ $(addprefix $(TARGET_PATH)/, $(SONIC_INSTALLERS)) : $(TARGET_PATH)/% : \
                 $(KDUMP_TOOLS) \
                 $(LIBPAM_TACPLUS) \
                 $(LIBNSS_TACPLUS) \
-                $(MONIT)) \
+                $(MONIT) \
+                $(WPASUPPLICANT)) \
         $$(addprefix $(TARGET_PATH)/,$$($$*_DOCKERS)) \
         $$(addprefix $(FILES_PATH)/,$$($$*_FILES)) \
 	$(if $(findstring y,$(ENABLE_ZTP)),$(addprefix $(IMAGE_DISTRO_DEBS_PATH)/,$(SONIC_ZTP))) \
diff --git a/sonic-slave-buster/Dockerfile.j2 b/sonic-slave-buster/Dockerfile.j2
index 4cb0fe102aac..73354ab539bc 100644
--- a/sonic-slave-buster/Dockerfile.j2
+++ b/sonic-slave-buster/Dockerfile.j2
@@ -302,7 +302,21 @@ RUN apt-get update && apt-get install -y \
         libprotobuf-dev \
 # For DHCP Monitor tool
         libexplain-dev \
-        libevent-dev
+        libevent-dev \
+# For WPA supplication
+        libssl-dev \
+        dbus \
+        libdbus-1-dev \
+        libdbus-glib-1-2 \
+        libdbus-glib-1-dev \
+        libreadline-dev \
+        libncurses5-dev \
+        libnl-genl-3-dev \
+        libnl-3-dev \
+        libnl-route-3-dev \
+        libpcsclite-dev \
+        docbook-to-man \
+        docbook-utils
 
 ## Config dpkg
 ## install the configuration file if it’s currently missing
diff --git a/src/wpasupplicant/Makefile b/src/wpasupplicant/Makefile
new file mode 100644
index 000000000000..f690ae536b27
--- /dev/null
+++ b/src/wpasupplicant/Makefile
@@ -0,0 +1,29 @@
+.ONESHELL:
+SHELL = /bin/bash
+.SHELLFLAGS += -e
+
+MAIN_TARGET = wpasupplicant_$(WPASUPPLICANT_VERSION)_$(CONFIGURED_ARCH).deb
+DERIVED_TARGETS = wpasupplicant-dbgsym_$(WPASUPPLICANT_VERSION)_$(CONFIGURED_ARCH).deb
+
+$(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
+	# Remove any stale files
+	rm -rf ./wpa
+
+	# Clone wpa repo
+	git clone https://salsa.debian.org/debian/wpa.git
+	pushd ./wpa
+
+	# Reset HEAD to the commit of the proper tag
+	# NOTE: Using "git checkout <tag_name>" here detaches our HEAD,
+	# which stg doesn't like, so we use this method instead
+	# NOTE: For some reason, tags in the Debian monit repo are prefixed with "1%"
+	git reset --hard debian/2\%$(WPASUPPLICANT_VERSION)
+
+	# Build source and Debian packages
+	dpkg-buildpackage -rfakeroot -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS)
+	popd
+
+	# Move the newly-built .deb packages to the destination directory
+	mv $(DERIVED_TARGETS) $* $(DEST)/
+
+$(addprefix $(DEST)/, $(DERIVED_TARGETS)): $(DEST)/% : $(DEST)/$(MAIN_TARGET)

From e7e50138bb7494c2ba39d7480f7a2c9709e8dd89 Mon Sep 17 00:00:00 2001
From: zegan <zegan@microsoft.com>
Date: Thu, 23 Apr 2020 23:02:55 +0800
Subject: [PATCH 02/22] Fix : Duplicate build wpasupplicant

Signed-off-by: zegan <zegan@microsoft.com>
---
 rules/wpasupplicant.dep | 2 +-
 rules/wpasupplicant.mk  | 4 ----
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/rules/wpasupplicant.dep b/rules/wpasupplicant.dep
index 5d02a7847055..b909cd36a4a4 100644
--- a/rules/wpasupplicant.dep
+++ b/rules/wpasupplicant.dep
@@ -1,6 +1,6 @@
 
 SPATH       := $($(WPASUPPLICANT)_SRC_PATH)
-DEP_FILES   := $(SONIC_COMMON_FILES_LIST) rules/wpa.mk rules/wpa.dep   
+DEP_FILES   := $(SONIC_COMMON_FILES_LIST) rules/wpasupplicant.mk rules/wpasupplicant.dep   
 DEP_FILES   += $(SONIC_COMMON_BASE_FILES_LIST)
 DEP_FILES   += $(shell git ls-files $(SPATH))
 
diff --git a/rules/wpasupplicant.mk b/rules/wpasupplicant.mk
index c39b1b0b94bd..9011dcd88f84 100644
--- a/rules/wpasupplicant.mk
+++ b/rules/wpasupplicant.mk
@@ -8,13 +8,9 @@ WPASUPPLICANT = wpasupplicant_$(WPASUPPLICANT_VERSION)_$(CONFIGURED_ARCH).deb
 $(WPASUPPLICANT)_SRC_PATH = $(SRC_PATH)/wpasupplicant
 SONIC_MAKE_DEBS += $(WPASUPPLICANT)
 
-WPASUPPLICANT_DBG = wpasupplicant_$(WPASUPPLICANT_VERSION)_$(CONFIGURED_ARCH).deb
-$(eval $(call add_derived_package,$(WPASUPPLICANT),$(WPASUPPLICANT_DBG)))
-
 WPASUPPLICANT_DBG = wpasupplicant-dbgsym_$(WPASUPPLICANT_VERSION)_$(CONFIGURED_ARCH).deb
 $(eval $(call add_derived_package,$(WPASUPPLICANT),$(WPASUPPLICANT_DBG)))
 
-
 # The .c, .cpp, .h & .hpp files under src/{$DBG_SRC_ARCHIVE list}
 # are archived into debug one image to facilitate debugging.
 #

From 32a6a0e2048b1dd7746023b705effc17fe7aa22f Mon Sep 17 00:00:00 2001
From: zegan <zegan@microsoft.com>
Date: Sun, 26 Apr 2020 17:01:01 +0800
Subject: [PATCH 03/22] Add docker base buster

Signed-off-by: zegan <zegan@microsoft.com>
---
 dockers/docker-base-buster/Dockerfile.j2      | 98 +++++++++++++++++++
 dockers/docker-base-buster/LICENSE            | 13 +++
 dockers/docker-base-buster/dpkg_01_drop       | 30 ++++++
 dockers/docker-base-buster/etc/rsyslog.conf   | 76 ++++++++++++++
 .../etc/rsyslog.d/supervisor.conf             |  9 ++
 .../etc/supervisor/supervisord.conf           | 33 +++++++
 .../docker-base-buster/no-check-valid-until   |  4 +
 .../no_install_recommend_suggest              |  5 +
 dockers/docker-base-buster/root/.vimrc        |  2 +
 dockers/docker-base-buster/sources.list       |  8 ++
 dockers/docker-base-buster/sources.list.arm64 |  7 ++
 dockers/docker-base-buster/sources.list.armhf |  7 ++
 12 files changed, 292 insertions(+)
 create mode 100644 dockers/docker-base-buster/Dockerfile.j2
 create mode 100644 dockers/docker-base-buster/LICENSE
 create mode 100644 dockers/docker-base-buster/dpkg_01_drop
 create mode 100644 dockers/docker-base-buster/etc/rsyslog.conf
 create mode 100644 dockers/docker-base-buster/etc/rsyslog.d/supervisor.conf
 create mode 100644 dockers/docker-base-buster/etc/supervisor/supervisord.conf
 create mode 100644 dockers/docker-base-buster/no-check-valid-until
 create mode 100644 dockers/docker-base-buster/no_install_recommend_suggest
 create mode 100644 dockers/docker-base-buster/root/.vimrc
 create mode 100644 dockers/docker-base-buster/sources.list
 create mode 100644 dockers/docker-base-buster/sources.list.arm64
 create mode 100644 dockers/docker-base-buster/sources.list.armhf

diff --git a/dockers/docker-base-buster/Dockerfile.j2 b/dockers/docker-base-buster/Dockerfile.j2
new file mode 100644
index 000000000000..de78845c62b3
--- /dev/null
+++ b/dockers/docker-base-buster/Dockerfile.j2
@@ -0,0 +1,98 @@
+{% from "dockers/dockerfile-macros.j2" import install_debian_packages, install_python_wheels, copy_files %}
+{% if CONFIGURED_ARCH == "armhf" %}
+FROM multiarch/debian-debootstrap:armhf-buster
+{% elif CONFIGURED_ARCH == "arm64" %}
+FROM multiarch/debian-debootstrap:arm64-buster
+{% else %}
+FROM debian:buster
+{% endif %}
+
+# Clean documentation in FROM image
+RUN find /usr/share/doc -depth \( -type f -o -type l \) ! -name copyright | xargs rm || true
+
+# Clean doc directories that are empty or only contain empty directories
+RUN while [ -n "$(find /usr/share/doc -depth -type d -empty -print -exec rmdir {} +)" ]; do :; done && \
+    rm -rf               \
+    /usr/share/man/*     \
+    /usr/share/groff/*   \
+    /usr/share/info/*    \
+    /usr/share/lintian/* \
+    /usr/share/linda/*   \
+    /var/cache/man/*     \
+    /usr/share/locale/*
+
+# Make apt-get non-interactive
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Configure data sources for apt/dpkg
+COPY ["dpkg_01_drop", "/etc/dpkg/dpkg.cfg.d/01_drop"]
+{% if CONFIGURED_ARCH == "armhf" %}
+COPY ["sources.list.armhf", "/etc/apt/sources.list"]
+{% elif CONFIGURED_ARCH == "arm64" %}
+COPY ["sources.list.arm64", "/etc/apt/sources.list"]
+{% else %}
+COPY ["sources.list", "/etc/apt/sources.list"]
+{% endif %}
+COPY ["no_install_recommend_suggest", "/etc/apt/apt.conf.d"]
+COPY ["no-check-valid-until", "/etc/apt/apt.conf.d"]
+
+# Update apt cache and
+# pre-install fundamental packages
+RUN apt-get update &&        \
+    apt-get -y install       \
+        less                 \
+        perl                 \
+        procps               \
+        python               \
+        rsyslog              \
+        vim-tiny             \
+# Install dependencies of supervisor
+        python-pkg-resources \
+        python-meld3         \
+# dependencies of redis-tools
+        libatomic1           \
+        libjemalloc2         \
+        liblua5.1-0          \
+        lua-bitop            \
+        lua-cjson            \
+# common dependencies
+        libpython2.7         \
+        libdaemon0           \
+        libdbus-1-3          \
+        libjansson4
+
+# ip and ifconfig utility missing in docker for arm arch
+RUN apt-get -y install       \
+        iproute2             \
+        net-tools
+
+RUN mkdir -p /etc/supervisor /var/log/supervisor
+
+RUN apt-get -y purge   \
+    exim4              \
+    exim4-base         \
+    exim4-config       \
+    exim4-daemon-light
+
+{% if docker_base_buster_debs.strip() -%}
+# Copy locally-built Debian package dependencies
+{{ copy_files("debs/", docker_base_buster_debs.split(' '), "/debs/") }}
+
+# Install built Debian packages and implicitly install their dependencies
+{{ install_debian_packages(docker_base_buster_debs.split(' ')) }}
+{%- endif %}
+
+# Clean up apt
+# Remove /var/lib/apt/lists/*, could be obsoleted for derived images
+RUN apt-get clean -y                     && \
+    apt-get autoclean -y                 && \
+    apt-get autoremove -y                && \
+    rm -rf /var/lib/apt/lists/* /tmp/*
+
+COPY ["etc/rsyslog.conf", "/etc/rsyslog.conf"]
+COPY ["etc/rsyslog.d/*", "/etc/rsyslog.d/"]
+COPY ["root/.vimrc", "/root/.vimrc"]
+
+RUN ln /usr/bin/vim.tiny /usr/bin/vim
+
+COPY ["etc/supervisor/supervisord.conf", "/etc/supervisor/"]
diff --git a/dockers/docker-base-buster/LICENSE b/dockers/docker-base-buster/LICENSE
new file mode 100644
index 000000000000..03d8f31e513c
--- /dev/null
+++ b/dockers/docker-base-buster/LICENSE
@@ -0,0 +1,13 @@
+Copyright 2016 Microsoft, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/dockers/docker-base-buster/dpkg_01_drop b/dockers/docker-base-buster/dpkg_01_drop
new file mode 100644
index 000000000000..d749943797d9
--- /dev/null
+++ b/dockers/docker-base-buster/dpkg_01_drop
@@ -0,0 +1,30 @@
+## Drop unnecessary files
+## ref: https://wiki.ubuntu.com/ReducingDiskFootprint
+
+## Documentation
+path-exclude /usr/share/doc/*
+# we need to keep copyright files for legal reasons
+path-include /usr/share/doc/*/copyright
+path-exclude /usr/share/man/*
+path-exclude /usr/share/groff/*
+path-exclude /usr/share/info/*
+# lintian stuff is small, but really unnecessary
+path-exclude /usr/share/lintian/*
+path-exclude /usr/share/linda/*
+
+## Translations
+path-exclude /usr/share/locale/*
+
+## Landscape
+path-exclude /usr/share/pyshared/twisted/test*
+path-exclude /usr/lib/python*/dist-packages/twisted/test*
+path-exclude /usr/share/pyshared/twisted/*/test*
+path-exclude /usr/lib/python*/dist-packages/twisted/*/test*
+
+## install the configuration file if it’s currently missing
+force-confmiss
+## combined with confold: overwrite configuration files that you have not modified
+force-confdef
+## do not modify the current configuration file, the new version is installed with a .dpkg-dist suffix
+force-confold
+
diff --git a/dockers/docker-base-buster/etc/rsyslog.conf b/dockers/docker-base-buster/etc/rsyslog.conf
new file mode 100644
index 000000000000..ef249229ab1e
--- /dev/null
+++ b/dockers/docker-base-buster/etc/rsyslog.conf
@@ -0,0 +1,76 @@
+#
+#  /etc/rsyslog.conf    Configuration file for rsyslog.
+#
+#                       For more information see
+#                       /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
+
+
+#################
+#### MODULES ####
+#################
+
+$ModLoad imuxsock # provides support for local system logging
+
+#
+# Set a rate limit on messages from the container
+#
+$SystemLogRateLimitInterval 300
+$SystemLogRateLimitBurst 20000
+
+#$ModLoad imklog  # provides kernel logging support
+#$ModLoad immark  # provides --MARK-- message capability
+
+# provides UDP syslog reception
+#$ModLoad imudp
+#$UDPServerRun 514
+
+# provides TCP syslog reception
+#$ModLoad imtcp
+#$InputTCPServerRun 514
+
+
+###########################
+#### GLOBAL DIRECTIVES ####
+###########################
+
+# Set remote syslog server
+template (name="ForwardFormatInContainer" type="string" string="<%PRI%>%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg%")
+*.* action(type="omfwd" target="127.0.0.1" port="514" protocol="udp" Template="ForwardFormatInContainer")
+
+#
+# Use traditional timestamp format.
+# To enable high precision timestamps, comment out the following line.
+#
+#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+# Define a custom template
+$template SONiCFileFormat,"%TIMESTAMP%.%timestamp:::date-subseconds% %HOSTNAME% %syslogseverity-text:::uppercase% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"
+$ActionFileDefaultTemplate SONiCFileFormat
+
+#
+# Set the default permissions for all log files.
+#
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+#
+# Where to place spool and state files
+#
+$WorkDirectory /var/spool/rsyslog
+
+#
+# Include all config files in /etc/rsyslog.d/
+#
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+#
+# Suppress duplicate messages and report "message repeated n times"
+#
+$RepeatedMsgReduction on
+
+###############
+#### RULES ####
+###############
diff --git a/dockers/docker-base-buster/etc/rsyslog.d/supervisor.conf b/dockers/docker-base-buster/etc/rsyslog.d/supervisor.conf
new file mode 100644
index 000000000000..7c7a64d7afe0
--- /dev/null
+++ b/dockers/docker-base-buster/etc/rsyslog.d/supervisor.conf
@@ -0,0 +1,9 @@
+$ModLoad imfile
+
+$InputFileName /var/log/supervisor/supervisord.log
+$InputFileTag supervisord
+$InputFileStateFile state-supervisor
+$InputFileSeverity info
+$InputFileFacility local0
+$InputFilePersistStateInterval 1
+$InputRunFileMonitor
diff --git a/dockers/docker-base-buster/etc/supervisor/supervisord.conf b/dockers/docker-base-buster/etc/supervisor/supervisord.conf
new file mode 100644
index 000000000000..5d1010e8fa4e
--- /dev/null
+++ b/dockers/docker-base-buster/etc/supervisor/supervisord.conf
@@ -0,0 +1,33 @@
+; supervisor config file
+
+[unix_http_server]
+file=/var/run/supervisor.sock  ; (the path to the socket file)
+chmod=0700                     ; socket file mode (default 0700)
+username=dummy
+password=dummy
+
+[supervisord]
+logfile=/var/log/supervisor/supervisord.log  ; (main log file;default $CWD/supervisord.log)
+pidfile=/var/run/supervisord.pid             ; (supervisord pidfile;default supervisord.pid)
+childlogdir=/var/log/supervisor              ; ('AUTO' child log dir, default $TEMP)
+user=root
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///var/run/supervisor.sock  ; use a unix:// URL  for a unix socket
+username=dummy
+password=dummy
+
+; The [include] section can just contain the "files" setting.  This
+; setting can list multiple files (separated by whitespace or
+; newlines).  It can also contain wildcards.  The filenames are
+; interpreted as relative to this file.  Included files *cannot*
+; include files themselves.
+
+[include]
+files = /etc/supervisor/conf.d/*.conf
diff --git a/dockers/docker-base-buster/no-check-valid-until b/dockers/docker-base-buster/no-check-valid-until
new file mode 100644
index 000000000000..c7c25d017f7f
--- /dev/null
+++ b/dockers/docker-base-buster/no-check-valid-until
@@ -0,0 +1,4 @@
+# Instruct apt-get to NOT check the "Valid Until" date in Release files
+# Once the Debian team archives a repo, they stop updating this date
+
+Acquire::Check-Valid-Until "false";
diff --git a/dockers/docker-base-buster/no_install_recommend_suggest b/dockers/docker-base-buster/no_install_recommend_suggest
new file mode 100644
index 000000000000..b5bca577de1e
--- /dev/null
+++ b/dockers/docker-base-buster/no_install_recommend_suggest
@@ -0,0 +1,5 @@
+# Instruct apt-get to NOT install "recommended" or "suggested" packages by
+# default when installing a package.
+
+APT::Install-Recommends "false";
+APT::Install-Suggests "false";
diff --git a/dockers/docker-base-buster/root/.vimrc b/dockers/docker-base-buster/root/.vimrc
new file mode 100644
index 000000000000..5c1ba8a04f47
--- /dev/null
+++ b/dockers/docker-base-buster/root/.vimrc
@@ -0,0 +1,2 @@
+" enable vim features
+set nocompatible
diff --git a/dockers/docker-base-buster/sources.list b/dockers/docker-base-buster/sources.list
new file mode 100644
index 000000000000..4a94e3161ab1
--- /dev/null
+++ b/dockers/docker-base-buster/sources.list
@@ -0,0 +1,8 @@
+## Debian mirror on Microsoft Azure
+## Ref: http://debian-archive.trafficmanager.net/
+
+deb [arch=amd64] http://debian-archive.trafficmanager.net/debian/ buster main contrib non-free
+deb-src [arch=amd64] http://debian-archive.trafficmanager.net/debian/ buster main contrib non-free
+deb [arch=amd64] http://debian-archive.trafficmanager.net/debian-security/ buster/updates main contrib non-free
+deb-src [arch=amd64] http://debian-archive.trafficmanager.net/debian-security/ buster/updates main contrib non-free
+deb [arch=amd64] http://debian-archive.trafficmanager.net/debian/ buster-backports main contrib non-free
diff --git a/dockers/docker-base-buster/sources.list.arm64 b/dockers/docker-base-buster/sources.list.arm64
new file mode 100644
index 000000000000..b92971dccead
--- /dev/null
+++ b/dockers/docker-base-buster/sources.list.arm64
@@ -0,0 +1,7 @@
+## Debian mirror for ARM repo
+
+# ARM repo
+deb [arch=arm64] http://deb.debian.org/debian buster main contrib non-free
+deb-src [arch=arm64] http://deb.debian.org/debian buster main contrib non-free
+deb [arch=arm64] http://security.debian.org buster/updates main contrib non-free
+deb-src [arch=arm64] http://security.debian.org buster/updates main contrib non-free
diff --git a/dockers/docker-base-buster/sources.list.armhf b/dockers/docker-base-buster/sources.list.armhf
new file mode 100644
index 000000000000..e28fd605678f
--- /dev/null
+++ b/dockers/docker-base-buster/sources.list.armhf
@@ -0,0 +1,7 @@
+## Debian mirror for ARM repo
+
+# ARM repo
+deb [arch=armhf] http://deb.debian.org/debian buster main contrib non-free
+deb-src [arch=armhf] http://deb.debian.org/debian buster main contrib non-free
+deb [arch=armhf] http://security.debian.org buster/updates main contrib non-free
+deb-src [arch=armhf] http://security.debian.org buster/updates main contrib non-free

From e6ccfd76fd21b5f75becc33a957d212bfc279100 Mon Sep 17 00:00:00 2001
From: zegan <zegan@microsoft.com>
Date: Tue, 2 Jun 2020 20:28:35 +0800
Subject: [PATCH 04/22] Reset useless file

Signed-off-by: zegan <zegan@microsoft.com>
---
 dockers/docker-base-buster/Dockerfile.j2         |  2 ++
 .../etc/supervisor/supervisord.conf              |  5 -----
 slave.mk                                         |  3 +--
 sonic-slave-buster/Dockerfile.j2                 | 16 +---------------
 4 files changed, 4 insertions(+), 22 deletions(-)

diff --git a/dockers/docker-base-buster/Dockerfile.j2 b/dockers/docker-base-buster/Dockerfile.j2
index a15b780ad667..fcf983229504 100644
--- a/dockers/docker-base-buster/Dockerfile.j2
+++ b/dockers/docker-base-buster/Dockerfile.j2
@@ -70,6 +70,8 @@ RUN apt-get update &&        \
         python-setuptools    \
         python-wheel
 
+# For templating
+RUN pip install j2cli
 
 RUN mkdir -p /etc/supervisor /var/log/supervisor
 
diff --git a/dockers/docker-base-buster/etc/supervisor/supervisord.conf b/dockers/docker-base-buster/etc/supervisor/supervisord.conf
index 0a7f47d908d6..6d7d7390e854 100644
--- a/dockers/docker-base-buster/etc/supervisor/supervisord.conf
+++ b/dockers/docker-base-buster/etc/supervisor/supervisord.conf
@@ -4,11 +4,6 @@
 file=/var/run/supervisor.sock  ; (the path to the socket file)
 chmod=0700                     ; socket file mode (default 0700)
 
-[supervisord]
-logfile=/var/log/supervisor/supervisord.log  ; (main log file;default $CWD/supervisord.log)
-pidfile=/var/run/supervisord.pid             ; (supervisord pidfile;default supervisord.pid)
-childlogdir=/var/log/supervisor              ; ('AUTO' child log dir, default $TEMP)
-
 [supervisord]
 logfile=/var/log/supervisor/supervisord.log  ; (main log file;default $CWD/supervisord.log)
 pidfile=/var/run/supervisord.pid             ; (supervisord pidfile;default supervisord.pid)
diff --git a/slave.mk b/slave.mk
index b119dac96e8f..06736eafe42e 100644
--- a/slave.mk
+++ b/slave.mk
@@ -776,8 +776,7 @@ $(addprefix $(TARGET_PATH)/, $(SONIC_INSTALLERS)) : $(TARGET_PATH)/% : \
                 $(KDUMP_TOOLS) \
                 $(LIBPAM_TACPLUS) \
                 $(LIBNSS_TACPLUS) \
-                $(MONIT) \
-                $(WPASUPPLICANT)) \
+                $(MONIT)) \
         $$(addprefix $(TARGET_PATH)/,$$($$*_DOCKERS)) \
         $$(addprefix $(FILES_PATH)/,$$($$*_FILES)) \
 	$(if $(findstring y,$(ENABLE_ZTP)),$(addprefix $(IMAGE_DISTRO_DEBS_PATH)/,$(SONIC_ZTP))) \
diff --git a/sonic-slave-buster/Dockerfile.j2 b/sonic-slave-buster/Dockerfile.j2
index b26009e5e00f..05dc07410ae2 100644
--- a/sonic-slave-buster/Dockerfile.j2
+++ b/sonic-slave-buster/Dockerfile.j2
@@ -304,21 +304,7 @@ RUN apt-get update && apt-get install -y \
         xxd \
 # For DHCP Monitor tool
         libexplain-dev \
-        libevent-dev \
-# For WPA supplication
-        libssl-dev \
-        dbus \
-        libdbus-1-dev \
-        libdbus-glib-1-2 \
-        libdbus-glib-1-dev \
-        libreadline-dev \
-        libncurses5-dev \
-        libnl-genl-3-dev \
-        libnl-3-dev \
-        libnl-route-3-dev \
-        libpcsclite-dev \
-        docbook-to-man \
-        docbook-utils
+        libevent-dev
 
 ## Config dpkg
 ## install the configuration file if it’s currently missing

From 982f0c5255a877cc09f8660186e783c011aa1cbf Mon Sep 17 00:00:00 2001
From: zegan <zegan@microsoft.com>
Date: Wed, 3 Jun 2020 11:38:06 +0800
Subject: [PATCH 05/22] add macsec Docker

Signed-off-by: zegan <zegan@microsoft.com>
---
 dockers/docker-macsec/Dockerfile.j2      | 30 ++++++++++++++++++++++
 dockers/docker-macsec/critical_processes |  0
 dockers/docker-macsec/start.sh           |  2 ++
 dockers/docker-macsec/supervisord.conf   |  0
 rules/docker-macsec.dep                  | 11 ++++++++
 rules/docker-macsec.mk                   | 32 ++++++++++++++++++++++++
 rules/wpasupplicant.mk                   |  0
 7 files changed, 75 insertions(+)
 create mode 100755 dockers/docker-macsec/Dockerfile.j2
 create mode 100644 dockers/docker-macsec/critical_processes
 create mode 100755 dockers/docker-macsec/start.sh
 create mode 100644 dockers/docker-macsec/supervisord.conf
 create mode 100755 rules/docker-macsec.dep
 create mode 100755 rules/docker-macsec.mk
 mode change 100644 => 100755 rules/wpasupplicant.mk

diff --git a/dockers/docker-macsec/Dockerfile.j2 b/dockers/docker-macsec/Dockerfile.j2
new file mode 100755
index 000000000000..bf8db48079e0
--- /dev/null
+++ b/dockers/docker-macsec/Dockerfile.j2
@@ -0,0 +1,30 @@
+{% from "dockers/dockerfile-macros.j2" import install_debian_packages, install_python_wheels, copy_files %}
+FROM docker-config-engine-buster
+
+ARG docker_container_name
+RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf
+
+## Make apt-get non-interactive
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update
+
+{% if docker_macsec_debs.strip() -%}
+# Copy locally-built Debian package dependencies
+{{ copy_files("debs/", docker_macsec_debs.split(' '), "/debs/") }}
+
+# Install locally-built Debian packages and implicitly install their dependencies
+{{ install_debian_packages(docker_macsec_debs.split(' ')) }}
+{%- endif %}
+
+RUN apt-get clean -y      && \
+    apt-get autoclean -y  && \
+    apt-get autoremove -y && \
+    rm -rf /debs
+
+COPY ["start.sh", "/usr/bin/"]
+COPY ["supervisord.conf", "/etc/supervisor/conf.d/"]
+COPY ["files/supervisor-proc-exit-listener", "/usr/bin"]
+COPY ["critical_processes", "/etc/supervisor"]
+
+# ENTRYPOINT ["/usr/bin/supervisord"]
diff --git a/dockers/docker-macsec/critical_processes b/dockers/docker-macsec/critical_processes
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/dockers/docker-macsec/start.sh b/dockers/docker-macsec/start.sh
new file mode 100755
index 000000000000..20d602bdd370
--- /dev/null
+++ b/dockers/docker-macsec/start.sh
@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+
diff --git a/dockers/docker-macsec/supervisord.conf b/dockers/docker-macsec/supervisord.conf
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/rules/docker-macsec.dep b/rules/docker-macsec.dep
new file mode 100755
index 000000000000..3ceab4fff36a
--- /dev/null
+++ b/rules/docker-macsec.dep
@@ -0,0 +1,11 @@
+
+DPATH       := $($(DOCKER_MACSEC)_PATH)
+DEP_FILES   := $(SONIC_COMMON_FILES_LIST) rules/docker-macsec.mk rules/docker-macsec.dep   
+DEP_FILES   += $(SONIC_COMMON_BASE_FILES_LIST)
+DEP_FILES   += $(shell git ls-files $(DPATH))
+
+$(DOCKER_MACSEC)_CACHE_MODE  := GIT_CONTENT_SHA 
+$(DOCKER_MACSEC)_DEP_FLAGS   := $(SONIC_COMMON_FLAGS_LIST)
+$(DOCKER_MACSEC)_DEP_FILES   := $(DEP_FILES)
+
+$(eval $(call add_dbg_docker,$(DOCKER_MACSEC),$(DOCKER_MACSEC_DBG)))
diff --git a/rules/docker-macsec.mk b/rules/docker-macsec.mk
new file mode 100755
index 000000000000..6e344563fc09
--- /dev/null
+++ b/rules/docker-macsec.mk
@@ -0,0 +1,32 @@
+# docker image for macsec agent
+
+DOCKER_MACSEC_STEM = docker-macsec
+DOCKER_MACSEC = $(DOCKER_MACSEC_STEM).gz
+DOCKER_MACSEC_DBG = $(DOCKER_MACSEC_STEM)-$(DBG_IMAGE_MARK).gz
+
+$(DOCKER_MACSEC)_PATH = $(DOCKERS_PATH)/$(DOCKER_MACSEC_STEM)
+
+$(DOCKER_MACSEC)_DEPENDS += $(SWSS) $(WPASUPPLICANT) $(REDIS_TOOLS)
+$(DOCKER_MACSEC)_DBG_DEPENDS = $($(DOCKER_CONFIG_ENGINE_BUSTER)_DBG_DEPENDS)
+$(DOCKER_MACSEC)_DBG_DEPENDS += $(SWSS_DBG) $(LIBSWSSCOMMON_DBG)
+$(DOCKER_MACSEC)_DBG_DEPENDS += $(WPASUPPLICANT_DBG)
+
+$(DOCKER_MACSEC)_DBG_IMAGE_PACKAGES = $($(DOCKER_CONFIG_ENGINE_BUSTER)_DBG_IMAGE_PACKAGES)
+
+$(DOCKER_MACSEC)_LOAD_DOCKERS += $(DOCKER_CONFIG_ENGINE_BUSTER)
+
+SONIC_DOCKER_IMAGES += $(DOCKER_MACSEC)
+SONIC_INSTALL_DOCKER_IMAGES += $(DOCKER_MACSEC)
+SONIC_BUSTER_DOCKERS += $(DOCKER_MACSEC)
+
+SONIC_DOCKER_DBG_IMAGES += $(DOCKER_MACSEC_DBG)
+SONIC_INSTALL_DOCKER_DBG_IMAGES += $(DOCKER_MACSEC_DBG)
+SONIC_BUSTER_DBG_DOCKERS += $(DOCKER_MACSEC_DBG)
+
+$(DOCKER_MACSEC)_CONTAINER_NAME = macsec
+$(DOCKER_MACSEC)_RUN_OPT += --privileged -t
+$(DOCKER_MACSEC)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro
+$(DOCKER_MACSEC)_RUN_OPT += -v /host/warmboot:/var/warmboot
+
+# $(DOCKER_MACSEC)_BASE_IMAGE_FILES += macsecctl:/usr/bin/macsecctl
+$(DOCKER_MACSEC)_FILES += $(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT)
diff --git a/rules/wpasupplicant.mk b/rules/wpasupplicant.mk
old mode 100644
new mode 100755

From 4e1196ba4eab1dbd8edd69ba5b0649b9b546d4a0 Mon Sep 17 00:00:00 2001
From: zegan <zegan@microsoft.com>
Date: Wed, 3 Jun 2020 11:38:51 +0800
Subject: [PATCH 06/22] change wpasupplicant file mode

Signed-off-by: zegan <zegan@microsoft.com>
---
 rules/wpasupplicant.mk | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 mode change 100755 => 100644 rules/wpasupplicant.mk

diff --git a/rules/wpasupplicant.mk b/rules/wpasupplicant.mk
old mode 100755
new mode 100644

From 82e88cead5612f16971b13c93b29f2a81d9ff1e1 Mon Sep 17 00:00:00 2001
From: zegan <zegan@microsoft.com>
Date: Wed, 3 Jun 2020 11:40:48 +0800
Subject: [PATCH 07/22] change file mode

Signed-off-by: zegan <zegan@microsoft.com>
---
 dockers/docker-macsec/Dockerfile.j2 | 0
 dockers/docker-macsec/start.sh      | 0
 rules/docker-macsec.dep             | 0
 rules/docker-macsec.mk              | 0
 4 files changed, 0 insertions(+), 0 deletions(-)
 mode change 100755 => 100644 dockers/docker-macsec/Dockerfile.j2
 mode change 100755 => 100644 dockers/docker-macsec/start.sh
 mode change 100755 => 100644 rules/docker-macsec.dep
 mode change 100755 => 100644 rules/docker-macsec.mk

diff --git a/dockers/docker-macsec/Dockerfile.j2 b/dockers/docker-macsec/Dockerfile.j2
old mode 100755
new mode 100644
diff --git a/dockers/docker-macsec/start.sh b/dockers/docker-macsec/start.sh
old mode 100755
new mode 100644
diff --git a/rules/docker-macsec.dep b/rules/docker-macsec.dep
old mode 100755
new mode 100644
diff --git a/rules/docker-macsec.mk b/rules/docker-macsec.mk
old mode 100755
new mode 100644

From ce25799b783aee09ecaa8848cf818e4200c878e8 Mon Sep 17 00:00:00 2001
From: zegan <zegan@microsoft.com>
Date: Wed, 3 Jun 2020 18:33:17 +0800
Subject: [PATCH 08/22] Add wpa dependencies in build environment

Signed-off-by: zegan <zegan@microsoft.com>
---
 dockers/docker-base-buster/Dockerfile.j2 | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/dockers/docker-base-buster/Dockerfile.j2 b/dockers/docker-base-buster/Dockerfile.j2
index fcf983229504..1c18fc82fb6c 100644
--- a/dockers/docker-base-buster/Dockerfile.j2
+++ b/dockers/docker-base-buster/Dockerfile.j2
@@ -68,7 +68,21 @@ RUN apt-get update &&        \
         net-tools            \
 # for arm arch: Installing j2cli dependency package MarkupSafe from source relies on weeksetuptools and wheel
         python-setuptools    \
-        python-wheel
+        python-wheel         \
+# For WPA supplication
+        libssl-dev           \
+        dbus                 \
+        libdbus-1-dev        \
+        libdbus-glib-1-2     \
+        libdbus-glib-1-dev   \
+        libreadline-dev      \
+        libncurses5-dev      \
+        libnl-genl-3-dev     \
+        libnl-3-dev          \
+        libnl-route-3-dev    \
+        libpcsclite-dev      \
+        docbook-to-man       \
+        docbook-utils
 
 # For templating
 RUN pip install j2cli

From 91607dce8e0ad8f3e27f8db4e40437755d83d82b Mon Sep 17 00:00:00 2001
From: zegan <zegan@microsoft.com>
Date: Wed, 3 Jun 2020 20:39:39 +0800
Subject: [PATCH 09/22] Add wpa dependencies in build environment

Signed-off-by: zegan <zegan@microsoft.com>
---
 dockers/docker-base-buster/Dockerfile.j2 | 14 --------------
 sonic-slave-buster/Dockerfile.j2         | 16 +++++++++++++++-
 2 files changed, 15 insertions(+), 15 deletions(-)
 mode change 100644 => 100755 dockers/docker-base-buster/Dockerfile.j2
 mode change 100644 => 100755 sonic-slave-buster/Dockerfile.j2

diff --git a/dockers/docker-base-buster/Dockerfile.j2 b/dockers/docker-base-buster/Dockerfile.j2
old mode 100644
new mode 100755
index 1c18fc82fb6c..460f85611f84
--- a/dockers/docker-base-buster/Dockerfile.j2
+++ b/dockers/docker-base-buster/Dockerfile.j2
@@ -69,20 +69,6 @@ RUN apt-get update &&        \
 # for arm arch: Installing j2cli dependency package MarkupSafe from source relies on weeksetuptools and wheel
         python-setuptools    \
         python-wheel         \
-# For WPA supplication
-        libssl-dev           \
-        dbus                 \
-        libdbus-1-dev        \
-        libdbus-glib-1-2     \
-        libdbus-glib-1-dev   \
-        libreadline-dev      \
-        libncurses5-dev      \
-        libnl-genl-3-dev     \
-        libnl-3-dev          \
-        libnl-route-3-dev    \
-        libpcsclite-dev      \
-        docbook-to-man       \
-        docbook-utils
 
 # For templating
 RUN pip install j2cli
diff --git a/sonic-slave-buster/Dockerfile.j2 b/sonic-slave-buster/Dockerfile.j2
old mode 100644
new mode 100755
index 05dc07410ae2..1a711cee37db
--- a/sonic-slave-buster/Dockerfile.j2
+++ b/sonic-slave-buster/Dockerfile.j2
@@ -304,7 +304,21 @@ RUN apt-get update && apt-get install -y \
         xxd \
 # For DHCP Monitor tool
         libexplain-dev \
-        libevent-dev
+        libevent-dev   \
+        # For WPA supplication
+        libssl-dev           \
+        dbus                 \
+        libdbus-1-dev        \
+        libdbus-glib-1-2     \
+        libdbus-glib-1-dev   \
+        libreadline-dev      \
+        libncurses5-dev      \
+        libnl-genl-3-dev     \
+        libnl-3-dev          \
+        libnl-route-3-dev    \
+        libpcsclite-dev      \
+        docbook-to-man       \
+        docbook-utils
 
 ## Config dpkg
 ## install the configuration file if it’s currently missing

From 749ab4d7a1ddcdf692a448a42c31e308da8d9e0f Mon Sep 17 00:00:00 2001
From: zegan <zegan@microsoft.com>
Date: Wed, 3 Jun 2020 21:53:10 +0800
Subject: [PATCH 10/22] Remove useless spaces

Signed-off-by: zegan <zegan@microsoft.com>
---
 dockers/docker-base-buster/Dockerfile.j2 | 2 +-
 sonic-slave-buster/Dockerfile.j2         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dockers/docker-base-buster/Dockerfile.j2 b/dockers/docker-base-buster/Dockerfile.j2
index 460f85611f84..fcf983229504 100755
--- a/dockers/docker-base-buster/Dockerfile.j2
+++ b/dockers/docker-base-buster/Dockerfile.j2
@@ -68,7 +68,7 @@ RUN apt-get update &&        \
         net-tools            \
 # for arm arch: Installing j2cli dependency package MarkupSafe from source relies on weeksetuptools and wheel
         python-setuptools    \
-        python-wheel         \
+        python-wheel
 
 # For templating
 RUN pip install j2cli
diff --git a/sonic-slave-buster/Dockerfile.j2 b/sonic-slave-buster/Dockerfile.j2
index 1a711cee37db..200e7435c4a0 100755
--- a/sonic-slave-buster/Dockerfile.j2
+++ b/sonic-slave-buster/Dockerfile.j2
@@ -305,7 +305,7 @@ RUN apt-get update && apt-get install -y \
 # For DHCP Monitor tool
         libexplain-dev \
         libevent-dev   \
-        # For WPA supplication
+# For WPA supplication
         libssl-dev           \
         dbus                 \
         libdbus-1-dev        \

From d68bd3254a66dc49fc57a48c6f7a1574df41882e Mon Sep 17 00:00:00 2001
From: Ze Gan <ganze718@gmail.com>
Date: Thu, 20 Aug 2020 23:24:12 +0800
Subject: [PATCH 11/22] Use SONiC libnl

Signed-off-by: Ze Gan <ganze718@gmail.com>
---
 rules/docker-macsec.mk           | 2 +-
 rules/wpasupplicant.mk           | 2 ++
 sonic-slave-buster/Dockerfile.j2 | 3 ---
 src/wpasupplicant/Makefile       | 6 ++++--
 4 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/rules/docker-macsec.mk b/rules/docker-macsec.mk
index 6e344563fc09..f9f8c9b41298 100644
--- a/rules/docker-macsec.mk
+++ b/rules/docker-macsec.mk
@@ -6,7 +6,7 @@ DOCKER_MACSEC_DBG = $(DOCKER_MACSEC_STEM)-$(DBG_IMAGE_MARK).gz
 
 $(DOCKER_MACSEC)_PATH = $(DOCKERS_PATH)/$(DOCKER_MACSEC_STEM)
 
-$(DOCKER_MACSEC)_DEPENDS += $(SWSS) $(WPASUPPLICANT) $(REDIS_TOOLS)
+$(DOCKER_MACSEC)_DEPENDS += $(SWSS) $(WPASUPPLICANT) $(REDIS_TOOLS) $(LIBNL3) $(LIBNL_GENL3) $(LIBNL_ROUTE3)
 $(DOCKER_MACSEC)_DBG_DEPENDS = $($(DOCKER_CONFIG_ENGINE_BUSTER)_DBG_DEPENDS)
 $(DOCKER_MACSEC)_DBG_DEPENDS += $(SWSS_DBG) $(LIBSWSSCOMMON_DBG)
 $(DOCKER_MACSEC)_DBG_DEPENDS += $(WPASUPPLICANT_DBG)
diff --git a/rules/wpasupplicant.mk b/rules/wpasupplicant.mk
index 9011dcd88f84..7045f5f010f1 100644
--- a/rules/wpasupplicant.mk
+++ b/rules/wpasupplicant.mk
@@ -6,6 +6,8 @@ export WPASUPPLICANT_VERSION
 
 WPASUPPLICANT = wpasupplicant_$(WPASUPPLICANT_VERSION)_$(CONFIGURED_ARCH).deb
 $(WPASUPPLICANT)_SRC_PATH = $(SRC_PATH)/wpasupplicant
+$(WPASUPPLICANT)_DEPENDS += $(LIBSWSSCOMMON_DEV) $(LIBNL3_DEV) $(LIBNL_GENL3_DEV) $(LIBNL_ROUTE3_DEV)
+$(WPASUPPLICANT)_RDEPENDS += $(LIBSWSSCOMMON) $(LIBNL3) $(LIBNL_GENL3) $(LIBNL_ROUTE3)
 SONIC_MAKE_DEBS += $(WPASUPPLICANT)
 
 WPASUPPLICANT_DBG = wpasupplicant-dbgsym_$(WPASUPPLICANT_VERSION)_$(CONFIGURED_ARCH).deb
diff --git a/sonic-slave-buster/Dockerfile.j2 b/sonic-slave-buster/Dockerfile.j2
index 91b1b7e8db71..1b0c91d603ff 100755
--- a/sonic-slave-buster/Dockerfile.j2
+++ b/sonic-slave-buster/Dockerfile.j2
@@ -319,9 +319,6 @@ RUN apt-get update && apt-get install -y \
         libdbus-glib-1-dev   \
         libreadline-dev      \
         libncurses5-dev      \
-        libnl-genl-3-dev     \
-        libnl-3-dev          \
-        libnl-route-3-dev    \
         libpcsclite-dev      \
         docbook-to-man       \
         docbook-utils
diff --git a/src/wpasupplicant/Makefile b/src/wpasupplicant/Makefile
index f690ae536b27..e0d6787ee046 100644
--- a/src/wpasupplicant/Makefile
+++ b/src/wpasupplicant/Makefile
@@ -10,14 +10,16 @@ $(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
 	rm -rf ./wpa
 
 	# Clone wpa repo
-	git clone https://salsa.debian.org/debian/wpa.git
+	# git clone https://salsa.debian.org/debian/wpa.git
+	git clone https://github.com/Pterosaur/wpa-debian.git
 	pushd ./wpa
 
 	# Reset HEAD to the commit of the proper tag
 	# NOTE: Using "git checkout <tag_name>" here detaches our HEAD,
 	# which stg doesn't like, so we use this method instead
 	# NOTE: For some reason, tags in the Debian monit repo are prefixed with "1%"
-	git reset --hard debian/2\%$(WPASUPPLICANT_VERSION)
+	# git reset --hard debian/2\%$(WPASUPPLICANT_VERSION)
+	git reset --hard dev/sonic_macsec
 
 	# Build source and Debian packages
 	dpkg-buildpackage -rfakeroot -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS)

From 7bc82304520000eb027c5c9398d564815b4a71f8 Mon Sep 17 00:00:00 2001
From: Ze Gan <ganze718@gmail.com>
Date: Fri, 21 Aug 2020 12:40:04 +0800
Subject: [PATCH 12/22] temp_fix: Checkout to SONiC Plugin branch

Signed-off-by: Ze Gan <ganze718@gmail.com>
---
 src/wpasupplicant/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/wpasupplicant/Makefile b/src/wpasupplicant/Makefile
index e0d6787ee046..7d4ef6330e4c 100644
--- a/src/wpasupplicant/Makefile
+++ b/src/wpasupplicant/Makefile
@@ -11,7 +11,7 @@ $(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
 
 	# Clone wpa repo
 	# git clone https://salsa.debian.org/debian/wpa.git
-	git clone https://github.com/Pterosaur/wpa-debian.git
+	git clone https://github.com/Pterosaur/wpa-debian.git wpa
 	pushd ./wpa
 
 	# Reset HEAD to the commit of the proper tag
@@ -19,7 +19,7 @@ $(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
 	# which stg doesn't like, so we use this method instead
 	# NOTE: For some reason, tags in the Debian monit repo are prefixed with "1%"
 	# git reset --hard debian/2\%$(WPASUPPLICANT_VERSION)
-	git reset --hard dev/sonic_macsec
+	git checkout dev/sonic_macsec
 
 	# Build source and Debian packages
 	dpkg-buildpackage -rfakeroot -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS)

From e9e0b89b5b3563cbf426bd9b87fde7f44cb273bd Mon Sep 17 00:00:00 2001
From: Ze Gan <ganze718@gmail.com>
Date: Wed, 14 Oct 2020 16:15:27 +0800
Subject: [PATCH 13/22] change file mode

Signed-off-by: Ze Gan <ganze718@gmail.com>
---
 dockers/docker-base-buster/Dockerfile.j2 | 0
 sonic-slave-buster/Dockerfile.j2         | 0
 2 files changed, 0 insertions(+), 0 deletions(-)
 mode change 100755 => 100644 dockers/docker-base-buster/Dockerfile.j2
 mode change 100755 => 100644 sonic-slave-buster/Dockerfile.j2

diff --git a/dockers/docker-base-buster/Dockerfile.j2 b/dockers/docker-base-buster/Dockerfile.j2
old mode 100755
new mode 100644
diff --git a/sonic-slave-buster/Dockerfile.j2 b/sonic-slave-buster/Dockerfile.j2
old mode 100755
new mode 100644

From 8890750373782a42afdef525adb84f7d55a1d055 Mon Sep 17 00:00:00 2001
From: Ze Gan <ganze718@gmail.com>
Date: Thu, 22 Oct 2020 22:45:03 +0800
Subject: [PATCH 14/22] Add wpa_supplicant SONiC plugin patch

Signed-off-by: Ze Gan <ganze718@gmail.com>
---
 src/wpasupplicant/Makefile                    |    9 +-
 .../0001-sonic-wpa_supplicant-plugin.patch    | 1732 +++++++++++++++++
 src/wpasupplicant/patch/series                |    1 +
 3 files changed, 1738 insertions(+), 4 deletions(-)
 create mode 100644 src/wpasupplicant/patch/0001-sonic-wpa_supplicant-plugin.patch
 create mode 100644 src/wpasupplicant/patch/series

diff --git a/src/wpasupplicant/Makefile b/src/wpasupplicant/Makefile
index 7d4ef6330e4c..ef31b47b542d 100644
--- a/src/wpasupplicant/Makefile
+++ b/src/wpasupplicant/Makefile
@@ -10,16 +10,17 @@ $(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
 	rm -rf ./wpa
 
 	# Clone wpa repo
-	# git clone https://salsa.debian.org/debian/wpa.git
-	git clone https://github.com/Pterosaur/wpa-debian.git wpa
+	git clone https://salsa.debian.org/debian/wpa.git
 	pushd ./wpa
 
 	# Reset HEAD to the commit of the proper tag
 	# NOTE: Using "git checkout <tag_name>" here detaches our HEAD,
 	# which stg doesn't like, so we use this method instead
 	# NOTE: For some reason, tags in the Debian monit repo are prefixed with "1%"
-	# git reset --hard debian/2\%$(WPASUPPLICANT_VERSION)
-	git checkout dev/sonic_macsec
+	git reset --hard debian/2\%$(WPASUPPLICANT_VERSION)
+
+	stg init
+	stg import -s ../patch/series
 
 	# Build source and Debian packages
 	dpkg-buildpackage -rfakeroot -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS)
diff --git a/src/wpasupplicant/patch/0001-sonic-wpa_supplicant-plugin.patch b/src/wpasupplicant/patch/0001-sonic-wpa_supplicant-plugin.patch
new file mode 100644
index 000000000000..7630ae42e6c0
--- /dev/null
+++ b/src/wpasupplicant/patch/0001-sonic-wpa_supplicant-plugin.patch
@@ -0,0 +1,1732 @@
+diff --git a/debian/config/wpasupplicant/linux b/debian/config/wpasupplicant/linux
+index 8be0243..05b0315 100644
+--- a/debian/config/wpasupplicant/linux
++++ b/debian/config/wpasupplicant/linux
+@@ -79,6 +79,9 @@ CONFIG_DRIVER_WIRED=y
+ # Driver interface for Linux MACsec drivers
+ CONFIG_DRIVER_MACSEC_LINUX=y
+ 
++# Driver interface for SONiC MACsec drivers
++CONFIG_DRIVER_MACSEC_SONIC=y
++
+ # Driver interface for the Broadcom RoboSwitch family
+ #CONFIG_DRIVER_ROBOSWITCH=y
+ 
+diff --git a/src/drivers/driver.h b/src/drivers/driver.h
+index 2a8459a..1ba5ab8 100644
+--- a/src/drivers/driver.h
++++ b/src/drivers/driver.h
+@@ -5763,6 +5763,10 @@ extern const struct wpa_driver_ops wpa_driver_macsec_qca_ops;
+ /* driver_macsec_linux.c */
+ extern const struct wpa_driver_ops wpa_driver_macsec_linux_ops;
+ #endif /* CONFIG_DRIVER_MACSEC_LINUX */
++#ifdef CONFIG_DRIVER_MACSEC_SONIC
++/* driver_macsec_sonic.c */
++extern const struct wpa_driver_ops wpa_driver_macsec_sonic_ops;
++#endif /* CONFIG_DRIVER_MACSEC_SONIC */
+ #ifdef CONFIG_DRIVER_ROBOSWITCH
+ /* driver_roboswitch.c */
+ extern const struct wpa_driver_ops wpa_driver_roboswitch_ops;
+diff --git a/src/drivers/driver_macsec_sonic.c b/src/drivers/driver_macsec_sonic.c
+new file mode 100644
+index 0000000..e3426c6
+--- /dev/null
++++ b/src/drivers/driver_macsec_sonic.c
+@@ -0,0 +1,1000 @@
++/*
++ * Driver interaction with Linux MACsec kernel module
++ * Copyright (c) 2016, Sabrina Dubroca <sd@queasysnail.net> and Red Hat, Inc.
++ * Copyright (c) 2019, The Linux Foundation
++ *
++ * This software may be distributed under the terms of the BSD license.
++ * See README for more details.
++ */
++
++#include "includes.h"
++
++#include <inttypes.h>
++#include <stdarg.h>
++
++#include <openssl/aes.h>
++
++#include "utils/common.h"
++#include "driver.h"
++#include "driver_wired_common.h"
++#include "sonic_operators.h"
++
++#define DRV_PREFIX "macsec_sonic"
++
++#define LOG_FORMAT(FORMAT, ...) \
++    DRV_PREFIX"(%s) : %s "FORMAT"\n",drv->ifname,__PRETTY_FUNCTION__,__VA_ARGS__
++
++#define STD_PRINT_LOG(FORMAT, ...) \
++    printf(LOG_FORMAT(FORMAT,__VA_ARGS__))
++
++#define WPA_PRINT_LOG(FORMAT, ...) \
++    wpa_printf(MSG_DEBUG, LOG_FORMAT(FORMAT, __VA_ARGS__))
++
++#define PRINT_LOG(FORMAT, ...) \
++    STD_PRINT_LOG(FORMAT, __VA_ARGS__); \
++    WPA_PRINT_LOG(FORMAT, __VA_ARGS__);
++
++#define ENTER_LOG \
++    PRINT_LOG("%s", "")
++
++#define PAIR_EMPTY NULL,0
++#define PAIR_ARRAY(pairs) pairs,(sizeof(pairs)/sizeof(*pairs))
++
++#define DEFAULT_KEY_SEPARATOR  ":"
++#define APP_DB_SEPARATOR       DEFAULT_KEY_SEPARATOR
++#define STATE_DB_SEPARATOR     "|"
++
++static char * create_buffer(const char * fmt, ...)
++{
++    va_list args;
++    va_start(args, fmt);
++    unsigned int length = vsnprintf(NULL, 0, fmt, args) + 1;
++    va_end(args);
++    if (length < 1)
++    {
++        return NULL;
++    }
++    char * buffer = (char *)malloc(length);
++    if (buffer == NULL)
++    {
++        return NULL;
++    }
++    va_start(args, fmt);
++    vsnprintf(buffer, length, fmt, args);
++    va_end(args);
++    return buffer;
++}
++
++#define CREATE_SC_KEY(IFNAME, SC, SEPARATOR)    \
++    create_buffer(                              \
++        "%s"                                    \
++        SEPARATOR "%llu",                       \
++        IFNAME,                                 \
++        mka_sci_u64(&SC->sci))
++
++#define CREATE_SA_KEY(IFNAME, SA, SEPARATOR)    \
++    create_buffer(                              \
++        "%s"                                    \
++        SEPARATOR "%llu"                        \
++        SEPARATOR "%u",                         \
++        IFNAME,                                 \
++        mka_sci_u64(&SA->sc->sci),              \
++        (unsigned int)(SA->an))
++
++static char * create_binary_hex(const void * binary, unsigned long long length)
++{
++    if (binary == NULL || length == 0)
++    {
++        return NULL;
++    }
++    char * buffer = (char *)malloc(2 * length + 1);
++    if (buffer == NULL)
++    {
++        return NULL;
++    }
++    const unsigned char * input = (const unsigned char *)binary;
++    for (unsigned long long i = 0; i < length; i++)
++    {
++        snprintf(&buffer[i * 2], 3, "%02X", input[i]);
++    }
++    return buffer;
++}
++
++static char *create_auth_key(const unsigned char *key, unsigned long long key_length)
++{
++    unsigned char buffer[16] = {0};
++    AES_KEY aes;
++    if (AES_set_encrypt_key(key, key_length * 8, &aes) < 0)
++    {
++        return NULL;
++    }
++    AES_ecb_encrypt(buffer, buffer, &aes, AES_ENCRYPT);
++    char *auth_key = create_binary_hex(buffer, sizeof(buffer));
++    return auth_key;
++}
++
++struct macsec_sonic_data
++{
++    struct driver_wired_common_data common;
++
++    const char * ifname;
++    sonic_db_handle sonic_mamager;
++};
++
++static void *macsec_sonic_wpa_init(void *ctx, const char *ifname)
++{
++    struct macsec_sonic_data *drv;
++
++    drv = os_zalloc(sizeof(*drv));
++    if (!drv)
++        return NULL;
++
++    if (driver_wired_init_common(&drv->common, ifname, ctx) < 0)
++    {
++        os_free(drv);
++        return NULL;
++    }
++
++    drv->ifname = ifname;
++    drv->sonic_mamager = sonic_db_get_manager();
++
++    ENTER_LOG;
++    return drv;
++}
++
++static void macsec_sonic_wpa_deinit(void *priv)
++{
++    struct macsec_sonic_data *drv = priv;
++
++    ENTER_LOG;
++
++    driver_wired_deinit_common(&drv->common);
++    os_free(drv);
++}
++
++static int macsec_sonic_macsec_init(void *priv, struct macsec_init_params *params)
++{
++    struct macsec_sonic_data *drv = priv;
++    ENTER_LOG;
++
++    const struct sonic_db_name_value_pair pairs[] = 
++    {
++        {"enable", "false"},
++        {"cipher_suite" , "GCM-AES-128"}, // Default cipher suite
++    };
++    int ret = sonic_db_set(
++        drv->sonic_mamager,
++        APPL_DB,
++        APP_MACSEC_PORT_TABLE_NAME,
++        drv->ifname,
++        PAIR_ARRAY(pairs));
++    if (ret == SONIC_DB_SUCCESS)
++    {
++        const struct sonic_db_name_value_pair pairs[] = 
++        {
++            {"state", "ok"}
++        };
++        ret = sonic_db_wait(
++            drv->sonic_mamager,
++            STATE_DB,
++            STATE_MACSEC_PORT_TABLE_NAME,
++            SET_COMMAND,
++            drv->ifname,
++            PAIR_ARRAY(pairs));
++    }
++    return ret;
++}
++
++static int macsec_sonic_macsec_deinit(void *priv)
++{
++    struct macsec_sonic_data *drv = priv;
++    ENTER_LOG;
++
++    int ret = sonic_db_del(
++        drv->sonic_mamager,
++        APPL_DB,
++        APP_MACSEC_PORT_TABLE_NAME,
++        drv->ifname);
++    if (ret == SONIC_DB_SUCCESS)
++    {
++        ret = sonic_db_wait(
++            drv->sonic_mamager,
++            STATE_DB,
++            STATE_MACSEC_PORT_TABLE_NAME,
++            DEL_COMMAND,
++            drv->ifname,
++            PAIR_EMPTY);
++    }
++    return ret;
++}
++
++static int macsec_sonic_get_capability(void *priv, enum macsec_cap *cap)
++{
++    struct macsec_sonic_data *drv = priv;
++
++    ENTER_LOG;
++
++    *cap = MACSEC_CAP_INTEG_AND_CONF;
++
++    return 0;
++}
++
++/**
++ * macsec_sonic_enable_protect_frames - Set protect frames status
++ * @priv: Private driver interface data
++ * @enabled: TRUE = protect frames enabled
++ *           FALSE = protect frames disabled
++ * Returns: 0 on success, -1 on failure (or if not supported)
++ */
++static int macsec_sonic_enable_protect_frames(void *priv, Boolean enabled)
++{
++    struct macsec_sonic_data *drv = priv;
++    PRINT_LOG("%s", enabled ? "TRUE" : "FALSE");
++
++    const struct sonic_db_name_value_pair pairs[] = 
++    {
++        {"enable_protect", enabled ? "true" : "false"}
++    };
++    return sonic_db_set(
++        drv->sonic_mamager,
++        APPL_DB,
++        APP_MACSEC_PORT_TABLE_NAME,
++        drv->ifname,
++        PAIR_ARRAY(pairs));
++}
++
++/**
++ * macsec_sonic_enable_encrypt - Set protect frames status
++ * @priv: Private driver interface data
++ * @enabled: TRUE = protect frames enabled
++ *           FALSE = protect frames disabled
++ * Returns: 0 on success, -1 on failure (or if not supported)
++ */
++static int macsec_sonic_enable_encrypt(void *priv, Boolean enabled)
++{
++    struct macsec_sonic_data *drv = priv;
++    PRINT_LOG("%s", enabled ? "TRUE" : "FALSE");
++
++    const struct sonic_db_name_value_pair pairs[] = 
++    {
++        {"enable_encrypt", enabled ? "true" : "false"}
++    };
++    return sonic_db_set(
++        drv->sonic_mamager,
++        APPL_DB,
++        APP_MACSEC_PORT_TABLE_NAME,
++        drv->ifname,
++        PAIR_ARRAY(pairs));
++}
++
++/**
++ * macsec_sonic_set_replay_protect - Set replay protect status and window size
++ * @priv: Private driver interface data
++ * @enabled: TRUE = replay protect enabled
++ *           FALSE = replay protect disabled
++ * @window: replay window size, valid only when replay protect enabled
++ * Returns: 0 on success, -1 on failure (or if not supported)
++ */
++static int macsec_sonic_set_replay_protect(void *priv, Boolean enabled,
++                                           u32 window)
++{
++    struct macsec_sonic_data *drv = priv;
++    PRINT_LOG("%s %u", enabled ? "TRUE" : "FALSE", window);
++
++    char * buffer = create_buffer("%u", window);
++    const struct sonic_db_name_value_pair pairs[] = 
++    {
++        {"enable_replay_protect", enabled ? "true" : "false"},
++        {"replay_window", buffer}
++    };
++    int ret = sonic_db_set(
++        drv->sonic_mamager,
++        APPL_DB,
++        APP_MACSEC_PORT_TABLE_NAME,
++        drv->ifname,
++        PAIR_ARRAY(pairs));
++    free(buffer);
++
++    return ret;
++}
++
++/**
++ * macsec_sonic_set_current_cipher_suite - Set current cipher suite
++ * @priv: Private driver interface data
++ * @cs: EUI64 identifier
++ * Returns: 0 on success, -1 on failure (or if not supported)
++ */
++static int macsec_sonic_set_current_cipher_suite(void *priv, u64 cs)
++{
++    struct macsec_sonic_data *drv = priv;
++
++    const char * cipher_suite = NULL;
++    if (cs == CS_ID_GCM_AES_128)
++    {
++        cipher_suite = "GCM-AES-128";
++    }
++    else if (cs == CS_ID_GCM_AES_256)
++    {
++        cipher_suite = "GCM-AES-256";
++    }
++    else
++    {
++        return SONIC_DB_FAIL;
++    }
++    PRINT_LOG("%s(%016" PRIx64 ")", cipher_suite, cs);
++
++    const struct sonic_db_name_value_pair pairs[] = 
++    {
++        {"cipher_suite", cipher_suite},
++    };
++    return sonic_db_set(
++        drv->sonic_mamager,
++        APPL_DB,
++        APP_MACSEC_PORT_TABLE_NAME,
++        drv->ifname,
++        PAIR_ARRAY(pairs));
++}
++
++/**
++ * macsec_sonic_enable_controlled_port - Set controlled port status
++ * @priv: Private driver interface data
++ * @enabled: TRUE = controlled port enabled
++ *           FALSE = controlled port disabled
++ * Returns: 0 on success, -1 on failure (or if not supported)
++ */
++static int macsec_sonic_enable_controlled_port(void *priv, Boolean enabled)
++{
++    struct macsec_sonic_data *drv = priv;
++    PRINT_LOG("%s", enabled ? "TRUE" : "FALSE");
++
++    const struct sonic_db_name_value_pair pairs[] = 
++    {
++        {"enable", enabled ? "true" : "false"}
++    };
++    return sonic_db_set(
++        drv->sonic_mamager,
++        APPL_DB,
++        APP_MACSEC_PORT_TABLE_NAME,
++        drv->ifname,
++        PAIR_ARRAY(pairs));
++}
++
++/**
++ * macsec_sonic_get_receive_lowest_pn - Get receive lowest PN
++ * @priv: Private driver interface data
++ * @sa: secure association
++ * Returns: 0 on success, -1 on failure (or if not supported)
++ */
++static int macsec_sonic_get_receive_lowest_pn(void *priv, struct receive_sa *sa)
++{
++    struct macsec_sonic_data *drv = priv;
++
++    char * key = CREATE_SA_KEY(drv->ifname, sa, APP_DB_SEPARATOR);
++    unsigned long long pn = 1;
++    int ret = sonic_db_get_counter(
++        drv->sonic_mamager,
++        COUNTERS_TABLE,
++        key,
++        "SAI_MACSEC_SA_ATTR_MINIMUM_XPN",
++        &pn);
++    PRINT_LOG("SA %s PN %llu", key, pn);
++    if (ret == SONIC_DB_SUCCESS)
++    {
++        sa->next_pn = pn;
++    }
++    free(key);
++    return ret;
++}
++
++/**
++ * macsec_sonic_set_receive_lowest_pn - Set receive lowest PN
++ * @priv: Private driver interface data
++ * @sa: secure association
++ * Returns: 0 on success, -1 on failure (or if not supported)
++ */
++static int macsec_sonic_set_receive_lowest_pn(void *priv, struct receive_sa *sa)
++{
++    struct macsec_sonic_data *drv = priv;
++
++    char * key = CREATE_SA_KEY(drv->ifname, sa, APP_DB_SEPARATOR);
++    PRINT_LOG("%s - %u", key, sa->next_pn);
++    char * buffer = create_buffer("%u", sa->next_pn);
++    const struct sonic_db_name_value_pair pairs[] = 
++    {
++        {"lowest_acceptable_pn", buffer}
++    };
++    int ret = sonic_db_set(
++        drv->sonic_mamager,
++        APPL_DB,
++        APP_MACSEC_INGRESS_SA_TABLE_NAME,
++        key,
++        PAIR_ARRAY(pairs));
++    free(buffer);
++    free(key);
++
++    return ret;
++}
++
++/**
++ * macsec_sonic_get_transmit_next_pn - Get transmit next PN
++ * @priv: Private driver interface data
++ * @sa: secure association
++ * Returns: 0 on success, -1 on failure (or if not supported)
++ */
++static int macsec_sonic_get_transmit_next_pn(void *priv, struct transmit_sa *sa)
++{
++    struct macsec_sonic_data *drv = priv;
++
++    char * key = CREATE_SA_KEY(drv->ifname, sa, APP_DB_SEPARATOR);
++    unsigned long long pn = 1;
++    int ret = sonic_db_get_counter(
++        drv->sonic_mamager,
++        COUNTERS_TABLE,
++        key,
++        "SAI_MACSEC_SA_ATTR_XPN",
++        &pn);
++    PRINT_LOG("SA %s PN %llu", key, pn);
++    if (ret == SONIC_DB_SUCCESS)
++    {
++        sa->next_pn = pn;
++    }
++    free(key);
++
++    return ret;
++}
++
++/**
++ * macsec_sonic_set_transmit_next_pn - Set transmit next pn
++ * @priv: Private driver interface data
++ * @sa: secure association
++ * Returns: 0 on success, -1 on failure (or if not supported)
++ */
++static int macsec_sonic_set_transmit_next_pn(void *priv, struct transmit_sa *sa)
++{
++    struct macsec_sonic_data *drv = priv;
++
++    char * key = CREATE_SA_KEY(drv->ifname, sa, APP_DB_SEPARATOR);
++    PRINT_LOG("%s - %u", key, sa->next_pn);
++    char * buffer = create_buffer("%u", sa->next_pn);
++    const struct sonic_db_name_value_pair pairs[] = 
++    {
++        {"init_pn", buffer}
++    };
++    int ret = sonic_db_set(
++        drv->sonic_mamager,
++        APPL_DB,
++        APP_MACSEC_EGRESS_SA_TABLE_NAME,
++        key,
++        PAIR_ARRAY(pairs));
++    free(buffer);
++    free(key);
++
++    return ret;
++}
++
++#define SCISTR MACSTR "::%hx"
++#define SCI2STR(addr, port) MAC2STR(addr), htons(port)
++
++/**
++ * macsec_sonic_create_receive_sc - Create secure channel for receiving
++ * @priv: Private driver interface data
++ * @sc: secure channel
++ * @sci_addr: secure channel identifier - address
++ * @sci_port: secure channel identifier - port
++ * @conf_offset: confidentiality offset (0, 30, or 50)
++ * @validation: frame validation policy (0 = Disabled, 1 = Checked,
++ *	2 = Strict)
++ * Returns: 0 on success, -1 on failure (or if not supported)
++ */
++static int macsec_sonic_create_receive_sc(void *priv, struct receive_sc *sc,
++                                          unsigned int conf_offset,
++                                          int validation)
++{
++    struct macsec_sonic_data *drv = priv;
++
++    char * key = CREATE_SC_KEY(drv->ifname, sc, APP_DB_SEPARATOR);
++    PRINT_LOG("%s (conf_offset=%u validation=%d)",
++        key,
++        conf_offset,
++        validation);
++    const struct sonic_db_name_value_pair pairs[] = 
++    {
++        {"ssci", ""},
++    };
++    // TODO 
++    // Validation
++    // OFFSET
++    int ret = sonic_db_set(
++        drv->sonic_mamager,
++        APPL_DB,
++        APP_MACSEC_INGRESS_SC_TABLE_NAME,
++        key,
++        PAIR_ARRAY(pairs));
++    free(key);
++    if (ret == SONIC_DB_SUCCESS)
++    {
++        const struct sonic_db_name_value_pair pairs[] = 
++        {
++            {"state", "ok"}
++        };
++        char * key = CREATE_SC_KEY(drv->ifname, sc, STATE_DB_SEPARATOR);
++        ret = sonic_db_wait(
++            drv->sonic_mamager,
++            STATE_DB,
++            STATE_MACSEC_INGRESS_SC_TABLE_NAME,
++            SET_COMMAND,
++            key,
++            PAIR_ARRAY(pairs));
++        free(key);
++    }
++
++    return ret;
++}
++
++/**
++ * macsec_sonic_delete_receive_sc - Delete secure connection for receiving
++ * @priv: private driver interface data from init()
++ * @sc: secure channel
++ * Returns: 0 on success, -1 on failure
++ */
++static int macsec_sonic_delete_receive_sc(void *priv, struct receive_sc *sc)
++{
++    struct macsec_sonic_data *drv = priv;
++
++    char * key = CREATE_SC_KEY(drv->ifname, sc, APP_DB_SEPARATOR);
++    PRINT_LOG("%s", key);
++    int ret = sonic_db_del(
++        drv->sonic_mamager,
++        APPL_DB,
++        APP_MACSEC_INGRESS_SC_TABLE_NAME,
++        key);
++    free(key);
++    if (ret == SONIC_DB_SUCCESS)
++    {
++        char * key = CREATE_SC_KEY(drv->ifname, sc, STATE_DB_SEPARATOR);
++        ret = sonic_db_wait(
++            drv->sonic_mamager,
++            STATE_DB,
++            STATE_MACSEC_INGRESS_SC_TABLE_NAME,
++            DEL_COMMAND,
++            key,
++            PAIR_EMPTY);
++        free(key);
++    }
++
++    return ret;
++}
++
++/**
++ * macsec_sonic_create_receive_sa - Create secure association for receive
++ * @priv: private driver interface data from init()
++ * @sa: secure association
++ * Returns: 0 on success, -1 on failure
++ */
++static int macsec_sonic_create_receive_sa(void *priv, struct receive_sa *sa)
++{
++    struct macsec_sonic_data *drv = priv;
++
++    char * key = CREATE_SA_KEY(drv->ifname, sa, APP_DB_SEPARATOR);
++    char * sak_id = create_binary_hex(&sa->pkey->key_identifier, sizeof(sa->pkey->key_identifier));
++    char * sak = create_binary_hex(sa->pkey->key, sa->pkey->key_len);
++    char * pn = create_buffer("%u", sa->next_pn);
++    char * auth_key = create_auth_key(sa->pkey->key, sa->pkey->key_len);
++    PRINT_LOG("%s (enable_receive=%d next_pn=%u) %s %s",
++        key,
++        sa->enable_receive,
++        sa->next_pn,
++        sak_id,
++        sak);
++
++    // TODO
++    // SALT
++    const struct sonic_db_name_value_pair pairs[] = 
++    {
++        {"active", "false"},
++        {"sak", sak},
++        {"auth_key", auth_key},
++        {"lowest_acceptable_pn", pn},
++        {"salt", ""}
++    };
++    int ret = sonic_db_set(
++        drv->sonic_mamager,
++        APPL_DB,
++        APP_MACSEC_INGRESS_SA_TABLE_NAME,
++        key,
++        PAIR_ARRAY(pairs));
++    free(key);
++    free(sak_id);
++    free(sak);
++    free(pn);
++    free(auth_key);
++    return ret;
++}
++
++/**
++ * macsec_sonic_delete_receive_sa - Delete secure association for receive
++ * @priv: private driver interface data from init()
++ * @sa: secure association
++ * Returns: 0 on success, -1 on failure
++ */
++static int macsec_sonic_delete_receive_sa(void *priv, struct receive_sa *sa)
++{
++    struct macsec_sonic_data *drv = priv;
++
++    char * key = CREATE_SA_KEY(drv->ifname, sa, APP_DB_SEPARATOR);
++    PRINT_LOG("%s", key);
++    int ret = sonic_db_del(
++        drv->sonic_mamager,
++        APPL_DB,
++        APP_MACSEC_INGRESS_SA_TABLE_NAME,
++        key);
++    free(key);
++    if (ret == SONIC_DB_SUCCESS)
++    {
++        char * key = CREATE_SA_KEY(drv->ifname, sa, STATE_DB_SEPARATOR);
++        ret = sonic_db_wait(
++            drv->sonic_mamager,
++            STATE_DB,
++            STATE_MACSEC_INGRESS_SA_TABLE_NAME,
++            DEL_COMMAND,
++            key,
++            PAIR_EMPTY);
++        free(key);
++    }
++
++    return ret;
++}
++
++/**
++ * macsec_sonic_enable_receive_sa - Enable the SA for receive
++ * @priv: private driver interface data from init()
++ * @sa: secure association
++ * Returns: 0 on success, -1 on failure
++ */
++static int macsec_sonic_enable_receive_sa(void *priv, struct receive_sa *sa)
++{
++    struct macsec_sonic_data *drv = priv;
++
++    char * key = CREATE_SA_KEY(drv->ifname, sa, APP_DB_SEPARATOR);
++    PRINT_LOG("%s", key);
++    const struct sonic_db_name_value_pair pairs[] = 
++    {
++        {"active", "true"},
++    };
++    int ret = sonic_db_set(
++        drv->sonic_mamager,
++        APPL_DB,
++        APP_MACSEC_INGRESS_SA_TABLE_NAME,
++        key,
++        PAIR_ARRAY(pairs));
++    free(key);
++    if (ret == SONIC_DB_SUCCESS)
++    {
++        const struct sonic_db_name_value_pair pairs[] = 
++        {
++            {"state", "ok"},
++        };
++        char * key = CREATE_SA_KEY(drv->ifname, sa, STATE_DB_SEPARATOR);
++        ret = sonic_db_wait(
++            drv->sonic_mamager,
++            STATE_DB,
++            STATE_MACSEC_INGRESS_SA_TABLE_NAME,
++            SET_COMMAND,
++            key,
++            PAIR_ARRAY(pairs));
++        free(key);
++    }
++
++    return ret;
++}
++
++/**
++ * macsec_sonic_disable_receive_sa - Disable SA for receive
++ * @priv: private driver interface data from init()
++ * @sa: secure association
++ * Returns: 0 on success, -1 on failure
++ */
++static int macsec_sonic_disable_receive_sa(void *priv, struct receive_sa *sa)
++{
++    struct macsec_sonic_data *drv = priv;
++
++    char * key = CREATE_SA_KEY(drv->ifname, sa, APP_DB_SEPARATOR);
++    PRINT_LOG("%s", key);
++    const struct sonic_db_name_value_pair pairs[] = 
++    {
++        {"active", "false"},
++    };
++    int ret = sonic_db_set(
++        drv->sonic_mamager,
++        APPL_DB,
++        APP_MACSEC_INGRESS_SA_TABLE_NAME,
++        key,
++        PAIR_ARRAY(pairs));
++    free(key);
++
++    return ret;
++}
++
++/**
++ * macsec_sonic_create_transmit_sc - Create secure connection for transmit
++ * @priv: private driver interface data from init()
++ * @sc: secure channel
++ * @conf_offset: confidentiality offset
++ * Returns: 0 on success, -1 on failure
++ */
++static int macsec_sonic_create_transmit_sc(
++    void *priv, struct transmit_sc *sc,
++    unsigned int conf_offset)
++{
++    struct macsec_sonic_data *drv = priv;
++
++    char * key = CREATE_SC_KEY(drv->ifname, sc, APP_DB_SEPARATOR);
++    PRINT_LOG("%s (conf_offset=%u)",
++        key,
++        conf_offset);
++    // TODO 
++    // Validation
++    const struct sonic_db_name_value_pair pairs[] = 
++    {
++        {"ssci", ""},
++        {"encoding_an", "0"},
++    };
++    int ret = sonic_db_set(
++        drv->sonic_mamager,
++        APPL_DB,
++        APP_MACSEC_EGRESS_SC_TABLE_NAME,
++        key,
++        PAIR_ARRAY(pairs));
++    free(key);
++    if (ret == SONIC_DB_SUCCESS)
++    {
++        const struct sonic_db_name_value_pair pairs[] = 
++        {
++            {"state", "ok"},
++        };
++        char * key = CREATE_SC_KEY(drv->ifname, sc, STATE_DB_SEPARATOR);
++        ret = sonic_db_wait(
++            drv->sonic_mamager,
++            STATE_DB,
++            STATE_MACSEC_EGRESS_SC_TABLE_NAME,
++            SET_COMMAND,
++            key,
++            PAIR_ARRAY(pairs));
++        free(key);
++    }
++
++    return ret;
++}
++
++/**
++ * macsec_sonic_delete_transmit_sc - Delete secure connection for transmit
++ * @priv: private driver interface data from init()
++ * @sc: secure channel
++ * Returns: 0 on success, -1 on failure
++ */
++static int macsec_sonic_delete_transmit_sc(void *priv, struct transmit_sc *sc)
++{
++
++    struct macsec_sonic_data *drv = priv;
++
++    char * key = CREATE_SC_KEY(drv->ifname, sc, APP_DB_SEPARATOR);
++    PRINT_LOG("%s", key);
++    int ret = sonic_db_del(
++        drv->sonic_mamager,
++        APPL_DB,
++        APP_MACSEC_EGRESS_SC_TABLE_NAME,
++        key);
++    free(key);
++    if (ret == SONIC_DB_SUCCESS)
++    {
++        char * key = CREATE_SC_KEY(drv->ifname, sc, STATE_DB_SEPARATOR);
++        ret = sonic_db_wait(
++            drv->sonic_mamager,
++            STATE_DB,
++            STATE_MACSEC_EGRESS_SC_TABLE_NAME,
++            DEL_COMMAND,
++            key,
++            PAIR_EMPTY);
++        free(key);
++    }
++
++    return ret;
++}
++
++/**
++ * macsec_sonic_create_transmit_sa - Create secure association for transmit
++ * @priv: private driver interface data from init()
++ * @sa: secure association
++ * Returns: 0 on success, -1 on failure
++ */
++static int macsec_sonic_create_transmit_sa(void *priv, struct transmit_sa *sa)
++{
++    struct macsec_sonic_data *drv = priv;
++
++    char * key = CREATE_SA_KEY(drv->ifname, sa, APP_DB_SEPARATOR);
++    char * sak_id = create_binary_hex(&sa->pkey->key_identifier, sizeof(sa->pkey->key_identifier));
++    char * sak = create_binary_hex(sa->pkey->key, sa->pkey->key_len);
++    char * pn = create_buffer("%u", sa->next_pn);
++    char * auth_key = create_auth_key(sa->pkey->key, sa->pkey->key_len);
++    PRINT_LOG("%s (enable_receive=%d next_pn=%u) %s %s",
++        key,
++        sa->enable_transmit,
++        sa->next_pn,
++        sak_id,
++        sak);
++
++    // TODO
++    // SALT
++    const struct sonic_db_name_value_pair pairs[] = 
++    {
++        {"sak", sak},
++        {"auth_key", auth_key},
++        {"init_pn", pn},
++        {"salt", ""}
++    };
++    int ret = sonic_db_set(
++        drv->sonic_mamager,
++        APPL_DB,
++        APP_MACSEC_EGRESS_SA_TABLE_NAME,
++        key,
++        PAIR_ARRAY(pairs));
++    free(key);
++    free(sak_id);
++    free(sak);
++    free(pn);
++    free(auth_key);
++
++    return ret;
++}
++
++/**
++ * macsec_sonic_delete_transmit_sa - Delete secure association for transmit
++ * @priv: private driver interface data from init()
++ * @sa: secure association
++ * Returns: 0 on success, -1 on failure
++ */
++static int macsec_sonic_delete_transmit_sa(void *priv, struct transmit_sa *sa)
++{
++    struct macsec_sonic_data *drv = priv;
++
++    char * key = CREATE_SA_KEY(drv->ifname, sa, APP_DB_SEPARATOR);
++    PRINT_LOG("%s", key);
++    int ret = sonic_db_del(
++        drv->sonic_mamager,
++        APPL_DB,
++        APP_MACSEC_EGRESS_SA_TABLE_NAME,
++        key);
++    free(key);
++    if (ret == SONIC_DB_SUCCESS)
++    {
++        char * key = CREATE_SA_KEY(drv->ifname, sa, STATE_DB_SEPARATOR);
++        ret = sonic_db_wait(
++            drv->sonic_mamager,
++            STATE_DB,
++            STATE_MACSEC_EGRESS_SA_TABLE_NAME,
++            DEL_COMMAND,
++            key,
++            PAIR_EMPTY);
++        free(key);
++    }
++
++    return ret;
++}
++
++/**
++ * macsec_sonic_enable_transmit_sa - Enable SA for transmit
++ * @priv: private driver interface data from init()
++ * @sa: secure association
++ * Returns: 0 on success, -1 on failure
++ */
++static int macsec_sonic_enable_transmit_sa(void *priv, struct transmit_sa *sa)
++{
++    struct macsec_sonic_data *drv = priv;
++
++    char * key = CREATE_SC_KEY(drv->ifname, sa->sc, APP_DB_SEPARATOR);
++    PRINT_LOG("%s", key);
++    char * encoding_an = create_buffer("%u", sa->an);
++    const struct sonic_db_name_value_pair pairs[] = 
++    {
++        {"encoding_an", encoding_an},
++    };
++    int ret = sonic_db_set(
++        drv->sonic_mamager,
++        APPL_DB,
++        APP_MACSEC_EGRESS_SC_TABLE_NAME,
++        key,
++        PAIR_ARRAY(pairs));
++    free(key);
++    if (ret == SONIC_DB_SUCCESS)
++    {
++        const struct sonic_db_name_value_pair pairs[] = 
++        {
++            {"state", "ok"},
++        };
++        char * key = CREATE_SA_KEY(drv->ifname, sa, STATE_DB_SEPARATOR);
++        ret = sonic_db_wait(
++            drv->sonic_mamager,
++            STATE_DB,
++            STATE_MACSEC_EGRESS_SA_TABLE_NAME,
++            SET_COMMAND,
++            key,
++            PAIR_ARRAY(pairs));
++        free(key);
++    }
++    free(encoding_an);
++
++    return ret;
++}
++
++/**
++ * macsec_sonic_disable_transmit_sa - Disable SA for transmit
++ * @priv: private driver interface data from init()
++ * @sa: secure association
++ * Returns: 0 on success, -1 on failure
++ */
++static int macsec_sonic_disable_transmit_sa(void *priv, struct transmit_sa *sa)
++{
++    struct macsec_sonic_data *drv = priv;
++
++    char * key = CREATE_SA_KEY(drv->ifname, sa, APP_DB_SEPARATOR);
++    PRINT_LOG("%s", key);
++    free(key);
++
++    return SONIC_DB_SUCCESS;
++}
++
++static int macsec_sonic_status(void *priv, char *buf, size_t buflen)
++{
++    struct macsec_sonic_data *drv = priv;
++    int res;
++    char *pos, *end;
++
++    pos = buf;
++    end = buf + buflen;
++
++    res = os_snprintf(pos, end - pos,
++                      "ifname=%s\n",
++                      drv->ifname);
++    if (os_snprintf_error(end - pos, res))
++        return pos - buf;
++    pos += res;
++
++    return pos - buf;
++}
++
++const struct wpa_driver_ops wpa_driver_macsec_sonic_ops = {
++    .name = "macsec_sonic",
++    .desc = "MACsec Ethernet driver for SONiC",
++    .get_ssid = driver_wired_get_ssid,
++    .get_bssid = driver_wired_get_bssid,
++    .get_capa = driver_wired_get_capa,
++    .init = macsec_sonic_wpa_init,
++    .deinit = macsec_sonic_wpa_deinit,
++
++    .macsec_init = macsec_sonic_macsec_init,
++    .macsec_deinit = macsec_sonic_macsec_deinit,
++    .macsec_get_capability = macsec_sonic_get_capability,
++    .enable_protect_frames = macsec_sonic_enable_protect_frames,
++    .enable_encrypt = macsec_sonic_enable_encrypt,
++    .set_replay_protect = macsec_sonic_set_replay_protect,
++    .set_current_cipher_suite = macsec_sonic_set_current_cipher_suite,
++    .enable_controlled_port = macsec_sonic_enable_controlled_port,
++    .get_receive_lowest_pn = macsec_sonic_get_receive_lowest_pn,
++    .set_receive_lowest_pn = macsec_sonic_set_receive_lowest_pn,
++    .get_transmit_next_pn = macsec_sonic_get_transmit_next_pn,
++    .set_transmit_next_pn = macsec_sonic_set_transmit_next_pn,
++    .create_receive_sc = macsec_sonic_create_receive_sc,
++    .delete_receive_sc = macsec_sonic_delete_receive_sc,
++    .create_receive_sa = macsec_sonic_create_receive_sa,
++    .delete_receive_sa = macsec_sonic_delete_receive_sa,
++    .enable_receive_sa = macsec_sonic_enable_receive_sa,
++    .disable_receive_sa = macsec_sonic_disable_receive_sa,
++    .create_transmit_sc = macsec_sonic_create_transmit_sc,
++    .delete_transmit_sc = macsec_sonic_delete_transmit_sc,
++    .create_transmit_sa = macsec_sonic_create_transmit_sa,
++    .delete_transmit_sa = macsec_sonic_delete_transmit_sa,
++    .enable_transmit_sa = macsec_sonic_enable_transmit_sa,
++    .disable_transmit_sa = macsec_sonic_disable_transmit_sa,
++
++    .status = macsec_sonic_status,
++};
+diff --git a/src/drivers/drivers.c b/src/drivers/drivers.c
+index e95df6d..1eb5c68 100644
+--- a/src/drivers/drivers.c
++++ b/src/drivers/drivers.c
+@@ -34,6 +34,9 @@ const struct wpa_driver_ops *const wpa_drivers[] =
+ #ifdef CONFIG_DRIVER_WIRED
+ 	&wpa_driver_wired_ops,
+ #endif /* CONFIG_DRIVER_WIRED */
++#ifdef CONFIG_DRIVER_MACSEC_SONIC
++	&wpa_driver_macsec_sonic_ops,
++#endif /* CONFIG_DRIVER_MACSEC_SONIC */
+ #ifdef CONFIG_DRIVER_MACSEC_LINUX
+ 	&wpa_driver_macsec_linux_ops,
+ #endif /* CONFIG_DRIVER_MACSEC_LINUX */
+diff --git a/src/drivers/drivers.mak b/src/drivers/drivers.mak
+index 442c59c..cd2ee96 100644
+--- a/src/drivers/drivers.mak
++++ b/src/drivers/drivers.mak
+@@ -18,6 +18,16 @@ DRV_OBJS += ../src/drivers/driver_wired.o
+ NEED_DRV_WIRED_COMMON=1
+ endif
+ 
++ifdef CONFIG_DRIVER_MACSEC_SONIC
++DRV_CFLAGS += -DCONFIG_DRIVER_MACSEC_SONIC
++DRV_OBJS += ../src/drivers/driver_macsec_sonic.o
++DRV_OBJS += ../src/drivers/sonic_operators.o
++DRV_LIBS += -lswsscommon -lstdc++
++NEED_DRV_WIRED_COMMON=1
++NEED_LIBNL=y
++CONFIG_LIBNL3_ROUTE=y
++endif
++
+ ifdef CONFIG_DRIVER_MACSEC_LINUX
+ DRV_CFLAGS += -DCONFIG_DRIVER_MACSEC_LINUX
+ DRV_OBJS += ../src/drivers/driver_macsec_linux.o
+diff --git a/src/drivers/drivers.mk b/src/drivers/drivers.mk
+index 599a0b5..b09a6a2 100644
+--- a/src/drivers/drivers.mk
++++ b/src/drivers/drivers.mk
+@@ -18,6 +18,16 @@ DRV_OBJS += src/drivers/driver_wired.c
+ NEED_DRV_WIRED_COMMON=1
+ endif
+ 
++ifdef CONFIG_DRIVER_MACSEC_SONIC
++DRV_CFLAGS += -DCONFIG_DRIVER_MACSEC_SONIC
++DRV_OBJS += src/drivers/driver_macsec_sonic.c
++DRV_OBJS += src/drivers/sonic_operators.cpp
++DRV_LIBS += -lswsscommon -lstdc++
++NEED_DRV_WIRED_COMMON=1
++CONFIG_LIBNL3_ROUTE=y
++NEED_LIBNL=y
++endif
++
+ ifdef CONFIG_DRIVER_MACSEC_LINUX
+ DRV_CFLAGS += -DCONFIG_DRIVER_MACSEC_LINUX
+ DRV_OBJS += src/drivers/driver_macsec_linux.c
+diff --git a/src/drivers/sonic_operators.cpp b/src/drivers/sonic_operators.cpp
+new file mode 100644
+index 0000000..69e9c91
+--- /dev/null
++++ b/src/drivers/sonic_operators.cpp
+@@ -0,0 +1,507 @@
++#include "sonic_operators.h"
++
++#include <swss/schema.h>
++#include <swss/table.h>
++#include <swss/producerstatetable.h>
++#include <swss/dbconnector.h>
++#include <swss/select.h>
++#include <swss/subscriberstatetable.h>
++
++#include <vector>
++#include <map>
++#include <algorithm>
++#include <iterator>
++#include <deque>
++#include <memory>
++#include <iostream>
++#include <sstream>
++#include <thread>
++#include <chrono>
++
++// select() function timeout retry time, in millisecond
++constexpr int SELECT_TIMEOUT = 2000;
++
++// Retry times to counter db
++constexpr unsigned int RETRY_TIMES = 20;
++
++// Retry interval to counter db, in millisecond
++constexpr unsigned int RETRY_INTERVAL = 100;
++
++class select_guard
++{
++private:
++    swss::Selectable * m_selectable;
++    swss::Select * m_selector;
++public:
++    select_guard(swss::Selectable * selectable, swss::Select * selector) :
++        m_selectable(selectable),
++        m_selector(selector)
++    {
++        if (m_selector != nullptr && m_selectable != nullptr)
++        {
++            m_selector->addSelectable(m_selectable);
++        }
++    }
++
++    ~select_guard()
++    {
++        if (m_selector != nullptr && m_selectable != nullptr)
++        {
++            m_selector->removeSelectable(m_selectable);
++        }
++    }
++};
++
++class sonic_db_manager{
++private:
++    swss::DBConnector m_app_db;
++    swss::DBConnector m_state_db;
++    swss::DBConnector m_counters_db;
++
++    std::map<std::string, swss::Table> m_tables_in_counter_db;
++    std::map<std::string, swss::ProducerStateTable> m_producer_state_tables_in_app_db;
++    std::map<std::string, swss::SubscriberStateTable> m_subscriber_state_tables_in_state_db;
++    std::map<std::string, swss::Table> m_tables_in_state_db;
++
++    swss::Select m_selector;
++
++    template<typename TableMap>
++    auto & get_table(TableMap & tables, swss::DBConnector & db, const std::string & table_name)
++    {
++        return tables.emplace(
++                std::piecewise_construct,
++                std::forward_as_tuple(table_name),
++                std::forward_as_tuple(&db, table_name)).first->second;
++    }
++
++    std::string get_counter_id(const std::string & obj_key)
++    {
++        std::vector<swss::FieldValueTuple> temp;
++        auto & map_table = get_table(m_tables_in_counter_db, m_counters_db, COUNTERS_MACSEC_NAME_MAP);
++        if (!map_table.get("", temp))
++        {
++            return "";
++        }
++        auto id = std::find_if(
++            temp.begin(),
++            temp.end(),
++            [&](const swss::FieldValueTuple & fvt){
++                return fvField(fvt) == obj_key;
++            });
++        if (id == temp.end())
++        {
++            return "";
++        }
++        return id->second;
++    }
++
++    bool meet_expectation(
++        const std::string & op,
++        const sonic_db_name_value_pair * pairs,
++        unsigned int pair_count,
++        const swss::KeyOpFieldsValuesTuple & entry) const
++    {
++        if (op.empty() || op != kfvOp(entry))
++        {
++            return false;
++        }
++        if (pairs == nullptr || pair_count == 0)
++        {
++            if (op == DEL_COMMAND)
++            {
++                return true;
++            }
++            else
++            {
++                return !kfvFieldsValues(entry).empty();
++            }
++            
++        }
++        auto values = kfvFieldsValues(entry);
++        for (unsigned int i = 0; i < pair_count; i++)
++        {
++            if (pairs[i].name == nullptr)
++            {
++                continue;
++            }
++            auto value = std::find_if(
++                values.begin(),
++                values.end(),
++                [&](const swss::FieldValueTuple & fvt)
++                {
++                    return pairs[i].name == fvField(fvt);
++                });
++            if (
++                (value == values.end())
++                || (
++                    (pairs[i].value != nullptr)
++                    && (value->second != pairs[i].value)
++                    )
++                )
++            {
++                return false;
++            }
++        }
++        return true;
++    }
++
++public:
++    sonic_db_manager():
++        m_app_db("APPL_DB", 0),
++        m_state_db("STATE_DB", 0),
++        m_counters_db("COUNTERS_DB", 0)
++        {
++        }
++
++    int set(
++        int db_id,
++        const std::string & table_name,
++        const std::string & key,
++        const struct sonic_db_name_value_pair * pairs,
++        unsigned int pair_count)
++    {
++        if (db_id == APPL_DB)
++        {
++            auto & table = get_table(m_producer_state_tables_in_app_db, m_app_db, table_name);
++            std::vector<swss::FieldValueTuple> values;
++            if (pairs)
++            {
++                std::transform(
++                    pairs,
++                    pairs + pair_count,
++                    std::back_inserter(values),
++                    [](const sonic_db_name_value_pair & pair)
++                    {
++                        return std::make_pair(pair.name, pair.value ? pair.value : "");
++                    });
++            }
++            table.set(key, values);
++            return SONIC_DB_SUCCESS;
++        }
++        else
++        {
++            return SONIC_DB_FAIL;
++        }
++    }
++
++    int get(
++        int db_id,
++        const std::string & table_name,
++        const std::string & key,
++        std::vector<swss::FieldValueTuple> & pairs)
++    {
++        pairs.clear();
++        if (db_id == STATE_DB)
++        {
++            auto & table = get_table(m_tables_in_state_db, m_state_db, table_name);
++            if(!table.get(key, pairs))
++            {
++                return SONIC_DB_FAIL;
++            }
++            return SONIC_DB_SUCCESS;
++        }
++        else
++        {
++            return SONIC_DB_FAIL;
++        }
++    }
++
++    int get(
++        int db_id,
++        const std::string & table_name,
++        const std::string & key,
++        struct sonic_db_name_value_pairs * pairs)
++    {
++        std::vector<swss::FieldValueTuple> result;
++        if (get(db_id, table_name, key, result) != SONIC_DB_SUCCESS)
++        {
++            return SONIC_DB_FAIL;
++        }
++        // Copy the query result to the output
++        pairs->pairs = 
++            reinterpret_cast<struct sonic_db_name_value_pair *>(
++                realloc(pairs->pairs, sizeof(sonic_db_name_value_pair) * result.size())
++            );
++        if (pairs->pairs == nullptr)
++        {
++            return SONIC_DB_FAIL;
++        }
++        for (size_t i = 0; i < result.size(); i++)
++        {
++            char * name = reinterpret_cast<char *>(malloc(result[i].first.length() + 1));
++            memcpy(name, result[i].first.data(), result[i].first.length() + 1);
++            pairs->pairs[pairs->pair_count].name = name;
++            char * value = reinterpret_cast<char *>(malloc(result[i].second.length() + 1));
++            memcpy(value, result[i].first.data(), result[i].second.length() + 1);
++            pairs->pairs[pairs->pair_count].value = value;
++        }
++        return SONIC_DB_SUCCESS;
++    }
++
++    int del(
++        int db_id,
++        const std::string & table_name,
++        const std::string & key)
++    {
++        if (db_id == APPL_DB)
++        {
++            auto & table = get_table(m_producer_state_tables_in_app_db, m_app_db, table_name);
++            table.del(key);
++            return SONIC_DB_SUCCESS;
++        }
++        else
++        {
++            return SONIC_DB_FAIL;
++        }
++    }
++
++    int wait(
++    int db_id,
++    const std::string & table_name,
++    const std::string & op,
++    const std::string & key,
++    const struct sonic_db_name_value_pair * pairs,
++    unsigned int pair_count)
++    {
++        // Subscribe the target table
++        swss::ConsumerTableBase * consumer = nullptr;
++        std::unique_ptr<select_guard> guarder;
++        if (db_id == STATE_DB)
++        {
++            consumer = &get_table(m_subscriber_state_tables_in_state_db, m_state_db, table_name);
++            guarder.reset(new select_guard(consumer, &m_selector));
++        }
++        else
++        {
++            return SONIC_DB_FAIL;
++        }
++        if (consumer == nullptr)
++        {
++            return SONIC_DB_FAIL;
++        }
++
++        // Proactively query the target table to avoid that 
++        // the target table was updated before the subscription
++        // which causes that the update cannot be fetched
++        swss::KeyOpFieldsValuesTuple result;
++        get(db_id, table_name, key, kfvFieldsValues(result));
++        kfvOp(result) = kfvFieldsValues(result).empty() ? DEL_COMMAND : SET_COMMAND;
++        if (meet_expectation(op, pairs, pair_count, result))
++        {
++            return SONIC_DB_SUCCESS;
++        }
++
++        // Fetch the update
++        int ret = 0;
++        while(true)
++        {
++            swss::Selectable *sel = nullptr;
++            ret = m_selector.select(&sel, SELECT_TIMEOUT);
++            if (ret == swss::Select::ERROR)
++            {
++                return SONIC_DB_FAIL;
++            }
++            if (ret == swss::Select::TIMEOUT)
++            {
++                return SONIC_DB_FAIL;
++            }
++            std::deque<swss::KeyOpFieldsValuesTuple> entries;
++            consumer->pops(entries);
++            for (auto & entry : entries)
++            {
++                if (meet_expectation(op, pairs, pair_count, entry))
++                {
++                    return SONIC_DB_SUCCESS;
++                }
++            }
++        };
++        return SONIC_DB_SUCCESS;
++    }
++
++    int get_counter(
++        const std::string & table_name,
++        const std::string & key,
++        const std::string & field,
++        unsigned long long * counter)
++    {
++        std::vector<swss::FieldValueTuple> result;
++        const std::string id = get_counter_id(key);
++        if (id.empty())
++        {
++            return SONIC_DB_FAIL;
++        }
++        // Find counter from counter db
++        auto & counter_table = get_table(m_tables_in_counter_db, m_counters_db, table_name);
++        auto retry_time = RETRY_TIMES;
++        while (retry_time -- > 0)
++        {
++            if (!counter_table.get(id, result))
++            {
++                std::this_thread::sleep_for(std::chrono::milliseconds(RETRY_INTERVAL));
++                continue;
++            }
++            auto value = std::find_if(
++                result.begin(),
++                result.end(),
++                [&](const swss::FieldValueTuple & fvt)
++                {
++                    return field == fvField(fvt);
++                });
++            if (value == result.end())
++            {
++                std::this_thread::sleep_for(std::chrono::milliseconds(RETRY_INTERVAL));
++                continue;
++            }
++            std::stringstream(fvValue(*value)) >> *counter;
++            return SONIC_DB_SUCCESS;
++        }
++        return SONIC_DB_FAIL;
++    }
++
++    int del_counter(
++        const std::string & table_name,
++        const std::string & key)
++    {
++        const std::string id = get_counter_id(key);
++        if (id.empty())
++        {
++            return SONIC_DB_FAIL;
++        }
++        if (m_tables_in_counter_db.erase(id) == 0)
++        {
++            return SONIC_DB_FAIL;
++        }
++        return SONIC_DB_SUCCESS;
++    }
++};
++
++sonic_db_handle sonic_db_get_manager()
++{
++    thread_local sonic_db_manager manager;
++    return &manager;
++}
++
++int sonic_db_set(
++    sonic_db_handle sonic_manager,
++    int db_id,
++    const char * table_name,
++    const char * key,
++    const struct sonic_db_name_value_pair * pairs,
++    unsigned int pair_count)
++{
++    sonic_db_manager * manager = reinterpret_cast<sonic_db_manager *>(sonic_manager);
++    if (manager == nullptr)
++    {
++        return SONIC_DB_FAIL;
++    }
++    return manager->set(db_id, table_name, key, pairs, pair_count);
++}
++
++int sonic_db_get(
++    sonic_db_handle sonic_manager,
++    int db_id,
++    const char * table_name,
++    const char * key,
++    struct sonic_db_name_value_pairs * pairs)
++{
++    sonic_db_manager * manager = reinterpret_cast<sonic_db_manager *>(sonic_manager);
++    if (manager == nullptr)
++    {
++        return SONIC_DB_FAIL;
++    }
++    return manager->get(db_id, table_name, key, pairs);
++}
++
++int sonic_db_del(
++    sonic_db_handle sonic_manager,
++    int db_id,
++    const char * table_name,
++    const char * key)
++{
++    sonic_db_manager * manager = reinterpret_cast<sonic_db_manager *>(sonic_manager);
++    if (manager == nullptr)
++    {
++        return SONIC_DB_FAIL;
++    }
++    return manager->del(db_id, table_name, key);
++}
++
++int sonic_db_wait(
++    sonic_db_handle sonic_manager,
++    int db_id,
++    const char * table,
++    const char * op,
++    const char * key,
++    const struct sonic_db_name_value_pair * pairs,
++    unsigned int pair_count)
++{
++    sonic_db_manager * manager = reinterpret_cast<sonic_db_manager *>(sonic_manager);
++    if (manager == nullptr)
++    {
++        return SONIC_DB_FAIL;
++    }
++    return manager->wait(db_id, table, op, key, pairs, pair_count);
++}
++
++int sonic_db_get_counter(
++    sonic_db_handle sonic_manager,
++    const char * table_name,
++    const char * key,
++    const char * field,
++    unsigned long long * counter)
++{
++    sonic_db_manager * manager = reinterpret_cast<sonic_db_manager *>(sonic_manager);
++    if (manager == nullptr)
++    {
++        return SONIC_DB_FAIL;
++    }
++    return manager->get_counter(table_name, key, field, counter);
++}
++
++int sonic_db_del_counter(
++    sonic_db_handle sonic_manager,
++    const char * table_name,
++    const char * key)
++{
++    sonic_db_manager * manager = reinterpret_cast<sonic_db_manager *>(sonic_manager);
++    if (manager == nullptr)
++    {
++        return SONIC_DB_FAIL;
++    }
++    return manager->del_counter(table_name, key);
++}
++
++
++struct sonic_db_name_value_pairs * sonic_db_malloc_name_value_pairs()
++{
++    struct sonic_db_name_value_pairs * pairs = reinterpret_cast<struct sonic_db_name_value_pairs *>(
++        malloc(sizeof(struct sonic_db_name_value_pairs))
++    );
++    if (pairs == nullptr)
++    {
++        return nullptr;
++    }
++    pairs->pair_count = 0;
++    pairs->pairs = UNSET_POINTER;
++    return reinterpret_cast<struct sonic_db_name_value_pairs *>(pairs);
++}
++
++void sonic_db_free_name_value_pairs(struct sonic_db_name_value_pairs * pairs)
++{
++    if (pairs == nullptr)
++    {
++        return;
++    }
++    for (unsigned int i = 0; i < pairs->pair_count; i++)
++    {
++        if (pairs->pairs[i].name != UNSET_POINTER)
++        {
++            free((char *)pairs->pairs[i].name);
++        }
++        if (pairs->pairs[i].value != UNSET_POINTER)
++        {
++            free((char *)pairs->pairs[i].value);
++        }
++    }
++    free(pairs);
++}
+diff --git a/src/drivers/sonic_operators.h b/src/drivers/sonic_operators.h
+new file mode 100644
+index 0000000..a3be24d
+--- /dev/null
++++ b/src/drivers/sonic_operators.h
+@@ -0,0 +1,108 @@
++/*
++ * wpa_supplicant - 
++ * Copyright (c) 
++ *
++ * This software may be distributed under the terms of the BSD license.
++ * See README for more details.
++ */
++
++#ifndef SONIC_OPERATORS_H
++#define SONIC_OPERATORS_H
++
++// The following definitions should be moved to schema.h
++
++#define APP_MACSEC_PORT_TABLE_NAME          "MACSEC_PORT_TABLE"
++#define APP_MACSEC_EGRESS_SC_TABLE_NAME     "MACSEC_EGRESS_SC_TABLE"
++#define APP_MACSEC_INGRESS_SC_TABLE_NAME    "MACSEC_INGRESS_SC_TABLE"
++#define APP_MACSEC_EGRESS_SA_TABLE_NAME     "MACSEC_EGRESS_SA_TABLE"
++#define APP_MACSEC_INGRESS_SA_TABLE_NAME    "MACSEC_INGRESS_SA_TABLE"
++
++#define STATE_MACSEC_PORT_TABLE_NAME        "MACSEC_PORT_TABLE"
++#define STATE_MACSEC_INGRESS_SC_TABLE_NAME  "MACSEC_INGRESS_SC_TABLE"
++#define STATE_MACSEC_INGRESS_SA_TABLE_NAME  "MACSEC_INGRESS_SA_TABLE"
++#define STATE_MACSEC_EGRESS_SC_TABLE_NAME   "MACSEC_EGRESS_SC_TABLE"
++#define STATE_MACSEC_EGRESS_SA_TABLE_NAME   "MACSEC_EGRESS_SA_TABLE"
++
++#define COUNTERS_MACSEC_NAME_MAP            "COUNTERS_MACSEC_NAME_MAP"
++
++// End define
++
++#include <swss/schema.h>
++
++#define SONIC_DB_SUCCESS (0)
++#define SONIC_DB_FAIL    (-1)
++#define UNSET_POINTER    (NULL)
++
++struct sonic_db_name_value_pair
++{
++    const char * name;
++    const char * value;
++};
++
++struct sonic_db_name_value_pairs
++{
++    unsigned int pair_count;
++    struct sonic_db_name_value_pair * pairs;
++};
++
++typedef void * sonic_db_handle;
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++sonic_db_handle sonic_db_get_manager();
++
++
++
++int sonic_db_set(
++    sonic_db_handle sonic_manager,
++    int db_id,
++    const char * table_name,
++    const char * key,
++    const struct sonic_db_name_value_pair * pairs,
++    unsigned int pair_count);
++
++int sonic_db_get(
++    sonic_db_handle sonic_manager,
++    int db_id,
++    const char * table_name,
++    const char * key,
++    struct sonic_db_name_value_pairs * pairs);
++
++int sonic_db_del(
++    sonic_db_handle sonic_manager,
++    int db_id,
++    const char * table_name,
++    const char * key);
++
++int sonic_db_wait(
++    sonic_db_handle sonic_manager,
++    int db_id,
++    const char * table,
++    const char * op,
++    const char * key,
++    const struct sonic_db_name_value_pair * pairs,
++    unsigned int pair_count);
++
++int sonic_db_get_counter(
++    sonic_db_handle sonic_manager,
++    const char * table_name,
++    const char * key,
++    const char * field,
++    unsigned long long * counter);
++
++int sonic_db_del_counter(
++    sonic_db_handle sonic_manager,
++    const char * table_name,
++    const char * key);
++
++struct sonic_db_name_value_pairs * sonic_db_malloc_name_value_pairs();
++
++void sonic_db_free_name_value_pairs(struct sonic_db_name_value_pairs * pairs);
++
++#ifdef __cplusplus
++};
++#endif
++
++#endif
+diff --git a/wpa_supplicant/defconfig b/wpa_supplicant/defconfig
+index cdfb197..160a701 100644
+--- a/wpa_supplicant/defconfig
++++ b/wpa_supplicant/defconfig
+@@ -79,6 +79,9 @@ CONFIG_DRIVER_WIRED=y
+ # Driver interface for Linux MACsec drivers
+ #CONFIG_DRIVER_MACSEC_LINUX=y
+ 
++# Driver interface for SONiC MACsec drivers
++#CONFIG_DRIVER_MACSEC_SONIC=y
++
+ # Driver interface for the Broadcom RoboSwitch family
+ #CONFIG_DRIVER_ROBOSWITCH=y
+ 
diff --git a/src/wpasupplicant/patch/series b/src/wpasupplicant/patch/series
new file mode 100644
index 000000000000..b54fc37a768d
--- /dev/null
+++ b/src/wpasupplicant/patch/series
@@ -0,0 +1 @@
+0001-sonic-wpa_supplicant-plugin.patch

From 7d69ee158f96362446f1c68a2fcf18e418b8d266 Mon Sep 17 00:00:00 2001
From: Ze Gan <ganze718@gmail.com>
Date: Tue, 3 Nov 2020 23:04:08 +0800
Subject: [PATCH 15/22] Change debian wpa_supplicant to sonic_hostap

Signed-off-by: Ze Gan <ganze718@gmail.com>
---
 rules/wpasupplicant.mk                        |    2 +-
 src/wpasupplicant/Makefile                    |   13 +-
 .../0001-sonic-wpa_supplicant-plugin.patch    | 1732 -----------------
 src/wpasupplicant/patch/series                |    1 -
 4 files changed, 7 insertions(+), 1741 deletions(-)
 delete mode 100644 src/wpasupplicant/patch/0001-sonic-wpa_supplicant-plugin.patch
 delete mode 100644 src/wpasupplicant/patch/series

diff --git a/rules/wpasupplicant.mk b/rules/wpasupplicant.mk
index 7045f5f010f1..ff5e077e90d8 100644
--- a/rules/wpasupplicant.mk
+++ b/rules/wpasupplicant.mk
@@ -1,6 +1,6 @@
 # wpa package
 
-WPASUPPLICANT_VERSION = 2.9.0-12
+WPASUPPLICANT_VERSION = hostap_2_9
 
 export WPASUPPLICANT_VERSION
 
diff --git a/src/wpasupplicant/Makefile b/src/wpasupplicant/Makefile
index ef31b47b542d..00f27f8d44e4 100644
--- a/src/wpasupplicant/Makefile
+++ b/src/wpasupplicant/Makefile
@@ -10,20 +10,19 @@ $(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
 	rm -rf ./wpa
 
 	# Clone wpa repo
-	git clone https://salsa.debian.org/debian/wpa.git
-	pushd ./wpa
+	git clone https://github.com/Azure/sonic-wpa-supplicant.git
+	pushd ./sonic-wpa-supplicant
 
 	# Reset HEAD to the commit of the proper tag
 	# NOTE: Using "git checkout <tag_name>" here detaches our HEAD,
 	# which stg doesn't like, so we use this method instead
 	# NOTE: For some reason, tags in the Debian monit repo are prefixed with "1%"
-	git reset --hard debian/2\%$(WPASUPPLICANT_VERSION)
-
-	stg init
-	stg import -s ../patch/series
+	git checkout wpa/$(WPASUPPLICANT_VERSION)
 
 	# Build source and Debian packages
-	dpkg-buildpackage -rfakeroot -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS)
+	cp wpa_supplicant/defconfig wpa_supplicant/.config
+	make -j$(SONIC_CONFIG_MAKE_JOBS)
+
 	popd
 
 	# Move the newly-built .deb packages to the destination directory
diff --git a/src/wpasupplicant/patch/0001-sonic-wpa_supplicant-plugin.patch b/src/wpasupplicant/patch/0001-sonic-wpa_supplicant-plugin.patch
deleted file mode 100644
index 7630ae42e6c0..000000000000
--- a/src/wpasupplicant/patch/0001-sonic-wpa_supplicant-plugin.patch
+++ /dev/null
@@ -1,1732 +0,0 @@
-diff --git a/debian/config/wpasupplicant/linux b/debian/config/wpasupplicant/linux
-index 8be0243..05b0315 100644
---- a/debian/config/wpasupplicant/linux
-+++ b/debian/config/wpasupplicant/linux
-@@ -79,6 +79,9 @@ CONFIG_DRIVER_WIRED=y
- # Driver interface for Linux MACsec drivers
- CONFIG_DRIVER_MACSEC_LINUX=y
- 
-+# Driver interface for SONiC MACsec drivers
-+CONFIG_DRIVER_MACSEC_SONIC=y
-+
- # Driver interface for the Broadcom RoboSwitch family
- #CONFIG_DRIVER_ROBOSWITCH=y
- 
-diff --git a/src/drivers/driver.h b/src/drivers/driver.h
-index 2a8459a..1ba5ab8 100644
---- a/src/drivers/driver.h
-+++ b/src/drivers/driver.h
-@@ -5763,6 +5763,10 @@ extern const struct wpa_driver_ops wpa_driver_macsec_qca_ops;
- /* driver_macsec_linux.c */
- extern const struct wpa_driver_ops wpa_driver_macsec_linux_ops;
- #endif /* CONFIG_DRIVER_MACSEC_LINUX */
-+#ifdef CONFIG_DRIVER_MACSEC_SONIC
-+/* driver_macsec_sonic.c */
-+extern const struct wpa_driver_ops wpa_driver_macsec_sonic_ops;
-+#endif /* CONFIG_DRIVER_MACSEC_SONIC */
- #ifdef CONFIG_DRIVER_ROBOSWITCH
- /* driver_roboswitch.c */
- extern const struct wpa_driver_ops wpa_driver_roboswitch_ops;
-diff --git a/src/drivers/driver_macsec_sonic.c b/src/drivers/driver_macsec_sonic.c
-new file mode 100644
-index 0000000..e3426c6
---- /dev/null
-+++ b/src/drivers/driver_macsec_sonic.c
-@@ -0,0 +1,1000 @@
-+/*
-+ * Driver interaction with Linux MACsec kernel module
-+ * Copyright (c) 2016, Sabrina Dubroca <sd@queasysnail.net> and Red Hat, Inc.
-+ * Copyright (c) 2019, The Linux Foundation
-+ *
-+ * This software may be distributed under the terms of the BSD license.
-+ * See README for more details.
-+ */
-+
-+#include "includes.h"
-+
-+#include <inttypes.h>
-+#include <stdarg.h>
-+
-+#include <openssl/aes.h>
-+
-+#include "utils/common.h"
-+#include "driver.h"
-+#include "driver_wired_common.h"
-+#include "sonic_operators.h"
-+
-+#define DRV_PREFIX "macsec_sonic"
-+
-+#define LOG_FORMAT(FORMAT, ...) \
-+    DRV_PREFIX"(%s) : %s "FORMAT"\n",drv->ifname,__PRETTY_FUNCTION__,__VA_ARGS__
-+
-+#define STD_PRINT_LOG(FORMAT, ...) \
-+    printf(LOG_FORMAT(FORMAT,__VA_ARGS__))
-+
-+#define WPA_PRINT_LOG(FORMAT, ...) \
-+    wpa_printf(MSG_DEBUG, LOG_FORMAT(FORMAT, __VA_ARGS__))
-+
-+#define PRINT_LOG(FORMAT, ...) \
-+    STD_PRINT_LOG(FORMAT, __VA_ARGS__); \
-+    WPA_PRINT_LOG(FORMAT, __VA_ARGS__);
-+
-+#define ENTER_LOG \
-+    PRINT_LOG("%s", "")
-+
-+#define PAIR_EMPTY NULL,0
-+#define PAIR_ARRAY(pairs) pairs,(sizeof(pairs)/sizeof(*pairs))
-+
-+#define DEFAULT_KEY_SEPARATOR  ":"
-+#define APP_DB_SEPARATOR       DEFAULT_KEY_SEPARATOR
-+#define STATE_DB_SEPARATOR     "|"
-+
-+static char * create_buffer(const char * fmt, ...)
-+{
-+    va_list args;
-+    va_start(args, fmt);
-+    unsigned int length = vsnprintf(NULL, 0, fmt, args) + 1;
-+    va_end(args);
-+    if (length < 1)
-+    {
-+        return NULL;
-+    }
-+    char * buffer = (char *)malloc(length);
-+    if (buffer == NULL)
-+    {
-+        return NULL;
-+    }
-+    va_start(args, fmt);
-+    vsnprintf(buffer, length, fmt, args);
-+    va_end(args);
-+    return buffer;
-+}
-+
-+#define CREATE_SC_KEY(IFNAME, SC, SEPARATOR)    \
-+    create_buffer(                              \
-+        "%s"                                    \
-+        SEPARATOR "%llu",                       \
-+        IFNAME,                                 \
-+        mka_sci_u64(&SC->sci))
-+
-+#define CREATE_SA_KEY(IFNAME, SA, SEPARATOR)    \
-+    create_buffer(                              \
-+        "%s"                                    \
-+        SEPARATOR "%llu"                        \
-+        SEPARATOR "%u",                         \
-+        IFNAME,                                 \
-+        mka_sci_u64(&SA->sc->sci),              \
-+        (unsigned int)(SA->an))
-+
-+static char * create_binary_hex(const void * binary, unsigned long long length)
-+{
-+    if (binary == NULL || length == 0)
-+    {
-+        return NULL;
-+    }
-+    char * buffer = (char *)malloc(2 * length + 1);
-+    if (buffer == NULL)
-+    {
-+        return NULL;
-+    }
-+    const unsigned char * input = (const unsigned char *)binary;
-+    for (unsigned long long i = 0; i < length; i++)
-+    {
-+        snprintf(&buffer[i * 2], 3, "%02X", input[i]);
-+    }
-+    return buffer;
-+}
-+
-+static char *create_auth_key(const unsigned char *key, unsigned long long key_length)
-+{
-+    unsigned char buffer[16] = {0};
-+    AES_KEY aes;
-+    if (AES_set_encrypt_key(key, key_length * 8, &aes) < 0)
-+    {
-+        return NULL;
-+    }
-+    AES_ecb_encrypt(buffer, buffer, &aes, AES_ENCRYPT);
-+    char *auth_key = create_binary_hex(buffer, sizeof(buffer));
-+    return auth_key;
-+}
-+
-+struct macsec_sonic_data
-+{
-+    struct driver_wired_common_data common;
-+
-+    const char * ifname;
-+    sonic_db_handle sonic_mamager;
-+};
-+
-+static void *macsec_sonic_wpa_init(void *ctx, const char *ifname)
-+{
-+    struct macsec_sonic_data *drv;
-+
-+    drv = os_zalloc(sizeof(*drv));
-+    if (!drv)
-+        return NULL;
-+
-+    if (driver_wired_init_common(&drv->common, ifname, ctx) < 0)
-+    {
-+        os_free(drv);
-+        return NULL;
-+    }
-+
-+    drv->ifname = ifname;
-+    drv->sonic_mamager = sonic_db_get_manager();
-+
-+    ENTER_LOG;
-+    return drv;
-+}
-+
-+static void macsec_sonic_wpa_deinit(void *priv)
-+{
-+    struct macsec_sonic_data *drv = priv;
-+
-+    ENTER_LOG;
-+
-+    driver_wired_deinit_common(&drv->common);
-+    os_free(drv);
-+}
-+
-+static int macsec_sonic_macsec_init(void *priv, struct macsec_init_params *params)
-+{
-+    struct macsec_sonic_data *drv = priv;
-+    ENTER_LOG;
-+
-+    const struct sonic_db_name_value_pair pairs[] = 
-+    {
-+        {"enable", "false"},
-+        {"cipher_suite" , "GCM-AES-128"}, // Default cipher suite
-+    };
-+    int ret = sonic_db_set(
-+        drv->sonic_mamager,
-+        APPL_DB,
-+        APP_MACSEC_PORT_TABLE_NAME,
-+        drv->ifname,
-+        PAIR_ARRAY(pairs));
-+    if (ret == SONIC_DB_SUCCESS)
-+    {
-+        const struct sonic_db_name_value_pair pairs[] = 
-+        {
-+            {"state", "ok"}
-+        };
-+        ret = sonic_db_wait(
-+            drv->sonic_mamager,
-+            STATE_DB,
-+            STATE_MACSEC_PORT_TABLE_NAME,
-+            SET_COMMAND,
-+            drv->ifname,
-+            PAIR_ARRAY(pairs));
-+    }
-+    return ret;
-+}
-+
-+static int macsec_sonic_macsec_deinit(void *priv)
-+{
-+    struct macsec_sonic_data *drv = priv;
-+    ENTER_LOG;
-+
-+    int ret = sonic_db_del(
-+        drv->sonic_mamager,
-+        APPL_DB,
-+        APP_MACSEC_PORT_TABLE_NAME,
-+        drv->ifname);
-+    if (ret == SONIC_DB_SUCCESS)
-+    {
-+        ret = sonic_db_wait(
-+            drv->sonic_mamager,
-+            STATE_DB,
-+            STATE_MACSEC_PORT_TABLE_NAME,
-+            DEL_COMMAND,
-+            drv->ifname,
-+            PAIR_EMPTY);
-+    }
-+    return ret;
-+}
-+
-+static int macsec_sonic_get_capability(void *priv, enum macsec_cap *cap)
-+{
-+    struct macsec_sonic_data *drv = priv;
-+
-+    ENTER_LOG;
-+
-+    *cap = MACSEC_CAP_INTEG_AND_CONF;
-+
-+    return 0;
-+}
-+
-+/**
-+ * macsec_sonic_enable_protect_frames - Set protect frames status
-+ * @priv: Private driver interface data
-+ * @enabled: TRUE = protect frames enabled
-+ *           FALSE = protect frames disabled
-+ * Returns: 0 on success, -1 on failure (or if not supported)
-+ */
-+static int macsec_sonic_enable_protect_frames(void *priv, Boolean enabled)
-+{
-+    struct macsec_sonic_data *drv = priv;
-+    PRINT_LOG("%s", enabled ? "TRUE" : "FALSE");
-+
-+    const struct sonic_db_name_value_pair pairs[] = 
-+    {
-+        {"enable_protect", enabled ? "true" : "false"}
-+    };
-+    return sonic_db_set(
-+        drv->sonic_mamager,
-+        APPL_DB,
-+        APP_MACSEC_PORT_TABLE_NAME,
-+        drv->ifname,
-+        PAIR_ARRAY(pairs));
-+}
-+
-+/**
-+ * macsec_sonic_enable_encrypt - Set protect frames status
-+ * @priv: Private driver interface data
-+ * @enabled: TRUE = protect frames enabled
-+ *           FALSE = protect frames disabled
-+ * Returns: 0 on success, -1 on failure (or if not supported)
-+ */
-+static int macsec_sonic_enable_encrypt(void *priv, Boolean enabled)
-+{
-+    struct macsec_sonic_data *drv = priv;
-+    PRINT_LOG("%s", enabled ? "TRUE" : "FALSE");
-+
-+    const struct sonic_db_name_value_pair pairs[] = 
-+    {
-+        {"enable_encrypt", enabled ? "true" : "false"}
-+    };
-+    return sonic_db_set(
-+        drv->sonic_mamager,
-+        APPL_DB,
-+        APP_MACSEC_PORT_TABLE_NAME,
-+        drv->ifname,
-+        PAIR_ARRAY(pairs));
-+}
-+
-+/**
-+ * macsec_sonic_set_replay_protect - Set replay protect status and window size
-+ * @priv: Private driver interface data
-+ * @enabled: TRUE = replay protect enabled
-+ *           FALSE = replay protect disabled
-+ * @window: replay window size, valid only when replay protect enabled
-+ * Returns: 0 on success, -1 on failure (or if not supported)
-+ */
-+static int macsec_sonic_set_replay_protect(void *priv, Boolean enabled,
-+                                           u32 window)
-+{
-+    struct macsec_sonic_data *drv = priv;
-+    PRINT_LOG("%s %u", enabled ? "TRUE" : "FALSE", window);
-+
-+    char * buffer = create_buffer("%u", window);
-+    const struct sonic_db_name_value_pair pairs[] = 
-+    {
-+        {"enable_replay_protect", enabled ? "true" : "false"},
-+        {"replay_window", buffer}
-+    };
-+    int ret = sonic_db_set(
-+        drv->sonic_mamager,
-+        APPL_DB,
-+        APP_MACSEC_PORT_TABLE_NAME,
-+        drv->ifname,
-+        PAIR_ARRAY(pairs));
-+    free(buffer);
-+
-+    return ret;
-+}
-+
-+/**
-+ * macsec_sonic_set_current_cipher_suite - Set current cipher suite
-+ * @priv: Private driver interface data
-+ * @cs: EUI64 identifier
-+ * Returns: 0 on success, -1 on failure (or if not supported)
-+ */
-+static int macsec_sonic_set_current_cipher_suite(void *priv, u64 cs)
-+{
-+    struct macsec_sonic_data *drv = priv;
-+
-+    const char * cipher_suite = NULL;
-+    if (cs == CS_ID_GCM_AES_128)
-+    {
-+        cipher_suite = "GCM-AES-128";
-+    }
-+    else if (cs == CS_ID_GCM_AES_256)
-+    {
-+        cipher_suite = "GCM-AES-256";
-+    }
-+    else
-+    {
-+        return SONIC_DB_FAIL;
-+    }
-+    PRINT_LOG("%s(%016" PRIx64 ")", cipher_suite, cs);
-+
-+    const struct sonic_db_name_value_pair pairs[] = 
-+    {
-+        {"cipher_suite", cipher_suite},
-+    };
-+    return sonic_db_set(
-+        drv->sonic_mamager,
-+        APPL_DB,
-+        APP_MACSEC_PORT_TABLE_NAME,
-+        drv->ifname,
-+        PAIR_ARRAY(pairs));
-+}
-+
-+/**
-+ * macsec_sonic_enable_controlled_port - Set controlled port status
-+ * @priv: Private driver interface data
-+ * @enabled: TRUE = controlled port enabled
-+ *           FALSE = controlled port disabled
-+ * Returns: 0 on success, -1 on failure (or if not supported)
-+ */
-+static int macsec_sonic_enable_controlled_port(void *priv, Boolean enabled)
-+{
-+    struct macsec_sonic_data *drv = priv;
-+    PRINT_LOG("%s", enabled ? "TRUE" : "FALSE");
-+
-+    const struct sonic_db_name_value_pair pairs[] = 
-+    {
-+        {"enable", enabled ? "true" : "false"}
-+    };
-+    return sonic_db_set(
-+        drv->sonic_mamager,
-+        APPL_DB,
-+        APP_MACSEC_PORT_TABLE_NAME,
-+        drv->ifname,
-+        PAIR_ARRAY(pairs));
-+}
-+
-+/**
-+ * macsec_sonic_get_receive_lowest_pn - Get receive lowest PN
-+ * @priv: Private driver interface data
-+ * @sa: secure association
-+ * Returns: 0 on success, -1 on failure (or if not supported)
-+ */
-+static int macsec_sonic_get_receive_lowest_pn(void *priv, struct receive_sa *sa)
-+{
-+    struct macsec_sonic_data *drv = priv;
-+
-+    char * key = CREATE_SA_KEY(drv->ifname, sa, APP_DB_SEPARATOR);
-+    unsigned long long pn = 1;
-+    int ret = sonic_db_get_counter(
-+        drv->sonic_mamager,
-+        COUNTERS_TABLE,
-+        key,
-+        "SAI_MACSEC_SA_ATTR_MINIMUM_XPN",
-+        &pn);
-+    PRINT_LOG("SA %s PN %llu", key, pn);
-+    if (ret == SONIC_DB_SUCCESS)
-+    {
-+        sa->next_pn = pn;
-+    }
-+    free(key);
-+    return ret;
-+}
-+
-+/**
-+ * macsec_sonic_set_receive_lowest_pn - Set receive lowest PN
-+ * @priv: Private driver interface data
-+ * @sa: secure association
-+ * Returns: 0 on success, -1 on failure (or if not supported)
-+ */
-+static int macsec_sonic_set_receive_lowest_pn(void *priv, struct receive_sa *sa)
-+{
-+    struct macsec_sonic_data *drv = priv;
-+
-+    char * key = CREATE_SA_KEY(drv->ifname, sa, APP_DB_SEPARATOR);
-+    PRINT_LOG("%s - %u", key, sa->next_pn);
-+    char * buffer = create_buffer("%u", sa->next_pn);
-+    const struct sonic_db_name_value_pair pairs[] = 
-+    {
-+        {"lowest_acceptable_pn", buffer}
-+    };
-+    int ret = sonic_db_set(
-+        drv->sonic_mamager,
-+        APPL_DB,
-+        APP_MACSEC_INGRESS_SA_TABLE_NAME,
-+        key,
-+        PAIR_ARRAY(pairs));
-+    free(buffer);
-+    free(key);
-+
-+    return ret;
-+}
-+
-+/**
-+ * macsec_sonic_get_transmit_next_pn - Get transmit next PN
-+ * @priv: Private driver interface data
-+ * @sa: secure association
-+ * Returns: 0 on success, -1 on failure (or if not supported)
-+ */
-+static int macsec_sonic_get_transmit_next_pn(void *priv, struct transmit_sa *sa)
-+{
-+    struct macsec_sonic_data *drv = priv;
-+
-+    char * key = CREATE_SA_KEY(drv->ifname, sa, APP_DB_SEPARATOR);
-+    unsigned long long pn = 1;
-+    int ret = sonic_db_get_counter(
-+        drv->sonic_mamager,
-+        COUNTERS_TABLE,
-+        key,
-+        "SAI_MACSEC_SA_ATTR_XPN",
-+        &pn);
-+    PRINT_LOG("SA %s PN %llu", key, pn);
-+    if (ret == SONIC_DB_SUCCESS)
-+    {
-+        sa->next_pn = pn;
-+    }
-+    free(key);
-+
-+    return ret;
-+}
-+
-+/**
-+ * macsec_sonic_set_transmit_next_pn - Set transmit next pn
-+ * @priv: Private driver interface data
-+ * @sa: secure association
-+ * Returns: 0 on success, -1 on failure (or if not supported)
-+ */
-+static int macsec_sonic_set_transmit_next_pn(void *priv, struct transmit_sa *sa)
-+{
-+    struct macsec_sonic_data *drv = priv;
-+
-+    char * key = CREATE_SA_KEY(drv->ifname, sa, APP_DB_SEPARATOR);
-+    PRINT_LOG("%s - %u", key, sa->next_pn);
-+    char * buffer = create_buffer("%u", sa->next_pn);
-+    const struct sonic_db_name_value_pair pairs[] = 
-+    {
-+        {"init_pn", buffer}
-+    };
-+    int ret = sonic_db_set(
-+        drv->sonic_mamager,
-+        APPL_DB,
-+        APP_MACSEC_EGRESS_SA_TABLE_NAME,
-+        key,
-+        PAIR_ARRAY(pairs));
-+    free(buffer);
-+    free(key);
-+
-+    return ret;
-+}
-+
-+#define SCISTR MACSTR "::%hx"
-+#define SCI2STR(addr, port) MAC2STR(addr), htons(port)
-+
-+/**
-+ * macsec_sonic_create_receive_sc - Create secure channel for receiving
-+ * @priv: Private driver interface data
-+ * @sc: secure channel
-+ * @sci_addr: secure channel identifier - address
-+ * @sci_port: secure channel identifier - port
-+ * @conf_offset: confidentiality offset (0, 30, or 50)
-+ * @validation: frame validation policy (0 = Disabled, 1 = Checked,
-+ *	2 = Strict)
-+ * Returns: 0 on success, -1 on failure (or if not supported)
-+ */
-+static int macsec_sonic_create_receive_sc(void *priv, struct receive_sc *sc,
-+                                          unsigned int conf_offset,
-+                                          int validation)
-+{
-+    struct macsec_sonic_data *drv = priv;
-+
-+    char * key = CREATE_SC_KEY(drv->ifname, sc, APP_DB_SEPARATOR);
-+    PRINT_LOG("%s (conf_offset=%u validation=%d)",
-+        key,
-+        conf_offset,
-+        validation);
-+    const struct sonic_db_name_value_pair pairs[] = 
-+    {
-+        {"ssci", ""},
-+    };
-+    // TODO 
-+    // Validation
-+    // OFFSET
-+    int ret = sonic_db_set(
-+        drv->sonic_mamager,
-+        APPL_DB,
-+        APP_MACSEC_INGRESS_SC_TABLE_NAME,
-+        key,
-+        PAIR_ARRAY(pairs));
-+    free(key);
-+    if (ret == SONIC_DB_SUCCESS)
-+    {
-+        const struct sonic_db_name_value_pair pairs[] = 
-+        {
-+            {"state", "ok"}
-+        };
-+        char * key = CREATE_SC_KEY(drv->ifname, sc, STATE_DB_SEPARATOR);
-+        ret = sonic_db_wait(
-+            drv->sonic_mamager,
-+            STATE_DB,
-+            STATE_MACSEC_INGRESS_SC_TABLE_NAME,
-+            SET_COMMAND,
-+            key,
-+            PAIR_ARRAY(pairs));
-+        free(key);
-+    }
-+
-+    return ret;
-+}
-+
-+/**
-+ * macsec_sonic_delete_receive_sc - Delete secure connection for receiving
-+ * @priv: private driver interface data from init()
-+ * @sc: secure channel
-+ * Returns: 0 on success, -1 on failure
-+ */
-+static int macsec_sonic_delete_receive_sc(void *priv, struct receive_sc *sc)
-+{
-+    struct macsec_sonic_data *drv = priv;
-+
-+    char * key = CREATE_SC_KEY(drv->ifname, sc, APP_DB_SEPARATOR);
-+    PRINT_LOG("%s", key);
-+    int ret = sonic_db_del(
-+        drv->sonic_mamager,
-+        APPL_DB,
-+        APP_MACSEC_INGRESS_SC_TABLE_NAME,
-+        key);
-+    free(key);
-+    if (ret == SONIC_DB_SUCCESS)
-+    {
-+        char * key = CREATE_SC_KEY(drv->ifname, sc, STATE_DB_SEPARATOR);
-+        ret = sonic_db_wait(
-+            drv->sonic_mamager,
-+            STATE_DB,
-+            STATE_MACSEC_INGRESS_SC_TABLE_NAME,
-+            DEL_COMMAND,
-+            key,
-+            PAIR_EMPTY);
-+        free(key);
-+    }
-+
-+    return ret;
-+}
-+
-+/**
-+ * macsec_sonic_create_receive_sa - Create secure association for receive
-+ * @priv: private driver interface data from init()
-+ * @sa: secure association
-+ * Returns: 0 on success, -1 on failure
-+ */
-+static int macsec_sonic_create_receive_sa(void *priv, struct receive_sa *sa)
-+{
-+    struct macsec_sonic_data *drv = priv;
-+
-+    char * key = CREATE_SA_KEY(drv->ifname, sa, APP_DB_SEPARATOR);
-+    char * sak_id = create_binary_hex(&sa->pkey->key_identifier, sizeof(sa->pkey->key_identifier));
-+    char * sak = create_binary_hex(sa->pkey->key, sa->pkey->key_len);
-+    char * pn = create_buffer("%u", sa->next_pn);
-+    char * auth_key = create_auth_key(sa->pkey->key, sa->pkey->key_len);
-+    PRINT_LOG("%s (enable_receive=%d next_pn=%u) %s %s",
-+        key,
-+        sa->enable_receive,
-+        sa->next_pn,
-+        sak_id,
-+        sak);
-+
-+    // TODO
-+    // SALT
-+    const struct sonic_db_name_value_pair pairs[] = 
-+    {
-+        {"active", "false"},
-+        {"sak", sak},
-+        {"auth_key", auth_key},
-+        {"lowest_acceptable_pn", pn},
-+        {"salt", ""}
-+    };
-+    int ret = sonic_db_set(
-+        drv->sonic_mamager,
-+        APPL_DB,
-+        APP_MACSEC_INGRESS_SA_TABLE_NAME,
-+        key,
-+        PAIR_ARRAY(pairs));
-+    free(key);
-+    free(sak_id);
-+    free(sak);
-+    free(pn);
-+    free(auth_key);
-+    return ret;
-+}
-+
-+/**
-+ * macsec_sonic_delete_receive_sa - Delete secure association for receive
-+ * @priv: private driver interface data from init()
-+ * @sa: secure association
-+ * Returns: 0 on success, -1 on failure
-+ */
-+static int macsec_sonic_delete_receive_sa(void *priv, struct receive_sa *sa)
-+{
-+    struct macsec_sonic_data *drv = priv;
-+
-+    char * key = CREATE_SA_KEY(drv->ifname, sa, APP_DB_SEPARATOR);
-+    PRINT_LOG("%s", key);
-+    int ret = sonic_db_del(
-+        drv->sonic_mamager,
-+        APPL_DB,
-+        APP_MACSEC_INGRESS_SA_TABLE_NAME,
-+        key);
-+    free(key);
-+    if (ret == SONIC_DB_SUCCESS)
-+    {
-+        char * key = CREATE_SA_KEY(drv->ifname, sa, STATE_DB_SEPARATOR);
-+        ret = sonic_db_wait(
-+            drv->sonic_mamager,
-+            STATE_DB,
-+            STATE_MACSEC_INGRESS_SA_TABLE_NAME,
-+            DEL_COMMAND,
-+            key,
-+            PAIR_EMPTY);
-+        free(key);
-+    }
-+
-+    return ret;
-+}
-+
-+/**
-+ * macsec_sonic_enable_receive_sa - Enable the SA for receive
-+ * @priv: private driver interface data from init()
-+ * @sa: secure association
-+ * Returns: 0 on success, -1 on failure
-+ */
-+static int macsec_sonic_enable_receive_sa(void *priv, struct receive_sa *sa)
-+{
-+    struct macsec_sonic_data *drv = priv;
-+
-+    char * key = CREATE_SA_KEY(drv->ifname, sa, APP_DB_SEPARATOR);
-+    PRINT_LOG("%s", key);
-+    const struct sonic_db_name_value_pair pairs[] = 
-+    {
-+        {"active", "true"},
-+    };
-+    int ret = sonic_db_set(
-+        drv->sonic_mamager,
-+        APPL_DB,
-+        APP_MACSEC_INGRESS_SA_TABLE_NAME,
-+        key,
-+        PAIR_ARRAY(pairs));
-+    free(key);
-+    if (ret == SONIC_DB_SUCCESS)
-+    {
-+        const struct sonic_db_name_value_pair pairs[] = 
-+        {
-+            {"state", "ok"},
-+        };
-+        char * key = CREATE_SA_KEY(drv->ifname, sa, STATE_DB_SEPARATOR);
-+        ret = sonic_db_wait(
-+            drv->sonic_mamager,
-+            STATE_DB,
-+            STATE_MACSEC_INGRESS_SA_TABLE_NAME,
-+            SET_COMMAND,
-+            key,
-+            PAIR_ARRAY(pairs));
-+        free(key);
-+    }
-+
-+    return ret;
-+}
-+
-+/**
-+ * macsec_sonic_disable_receive_sa - Disable SA for receive
-+ * @priv: private driver interface data from init()
-+ * @sa: secure association
-+ * Returns: 0 on success, -1 on failure
-+ */
-+static int macsec_sonic_disable_receive_sa(void *priv, struct receive_sa *sa)
-+{
-+    struct macsec_sonic_data *drv = priv;
-+
-+    char * key = CREATE_SA_KEY(drv->ifname, sa, APP_DB_SEPARATOR);
-+    PRINT_LOG("%s", key);
-+    const struct sonic_db_name_value_pair pairs[] = 
-+    {
-+        {"active", "false"},
-+    };
-+    int ret = sonic_db_set(
-+        drv->sonic_mamager,
-+        APPL_DB,
-+        APP_MACSEC_INGRESS_SA_TABLE_NAME,
-+        key,
-+        PAIR_ARRAY(pairs));
-+    free(key);
-+
-+    return ret;
-+}
-+
-+/**
-+ * macsec_sonic_create_transmit_sc - Create secure connection for transmit
-+ * @priv: private driver interface data from init()
-+ * @sc: secure channel
-+ * @conf_offset: confidentiality offset
-+ * Returns: 0 on success, -1 on failure
-+ */
-+static int macsec_sonic_create_transmit_sc(
-+    void *priv, struct transmit_sc *sc,
-+    unsigned int conf_offset)
-+{
-+    struct macsec_sonic_data *drv = priv;
-+
-+    char * key = CREATE_SC_KEY(drv->ifname, sc, APP_DB_SEPARATOR);
-+    PRINT_LOG("%s (conf_offset=%u)",
-+        key,
-+        conf_offset);
-+    // TODO 
-+    // Validation
-+    const struct sonic_db_name_value_pair pairs[] = 
-+    {
-+        {"ssci", ""},
-+        {"encoding_an", "0"},
-+    };
-+    int ret = sonic_db_set(
-+        drv->sonic_mamager,
-+        APPL_DB,
-+        APP_MACSEC_EGRESS_SC_TABLE_NAME,
-+        key,
-+        PAIR_ARRAY(pairs));
-+    free(key);
-+    if (ret == SONIC_DB_SUCCESS)
-+    {
-+        const struct sonic_db_name_value_pair pairs[] = 
-+        {
-+            {"state", "ok"},
-+        };
-+        char * key = CREATE_SC_KEY(drv->ifname, sc, STATE_DB_SEPARATOR);
-+        ret = sonic_db_wait(
-+            drv->sonic_mamager,
-+            STATE_DB,
-+            STATE_MACSEC_EGRESS_SC_TABLE_NAME,
-+            SET_COMMAND,
-+            key,
-+            PAIR_ARRAY(pairs));
-+        free(key);
-+    }
-+
-+    return ret;
-+}
-+
-+/**
-+ * macsec_sonic_delete_transmit_sc - Delete secure connection for transmit
-+ * @priv: private driver interface data from init()
-+ * @sc: secure channel
-+ * Returns: 0 on success, -1 on failure
-+ */
-+static int macsec_sonic_delete_transmit_sc(void *priv, struct transmit_sc *sc)
-+{
-+
-+    struct macsec_sonic_data *drv = priv;
-+
-+    char * key = CREATE_SC_KEY(drv->ifname, sc, APP_DB_SEPARATOR);
-+    PRINT_LOG("%s", key);
-+    int ret = sonic_db_del(
-+        drv->sonic_mamager,
-+        APPL_DB,
-+        APP_MACSEC_EGRESS_SC_TABLE_NAME,
-+        key);
-+    free(key);
-+    if (ret == SONIC_DB_SUCCESS)
-+    {
-+        char * key = CREATE_SC_KEY(drv->ifname, sc, STATE_DB_SEPARATOR);
-+        ret = sonic_db_wait(
-+            drv->sonic_mamager,
-+            STATE_DB,
-+            STATE_MACSEC_EGRESS_SC_TABLE_NAME,
-+            DEL_COMMAND,
-+            key,
-+            PAIR_EMPTY);
-+        free(key);
-+    }
-+
-+    return ret;
-+}
-+
-+/**
-+ * macsec_sonic_create_transmit_sa - Create secure association for transmit
-+ * @priv: private driver interface data from init()
-+ * @sa: secure association
-+ * Returns: 0 on success, -1 on failure
-+ */
-+static int macsec_sonic_create_transmit_sa(void *priv, struct transmit_sa *sa)
-+{
-+    struct macsec_sonic_data *drv = priv;
-+
-+    char * key = CREATE_SA_KEY(drv->ifname, sa, APP_DB_SEPARATOR);
-+    char * sak_id = create_binary_hex(&sa->pkey->key_identifier, sizeof(sa->pkey->key_identifier));
-+    char * sak = create_binary_hex(sa->pkey->key, sa->pkey->key_len);
-+    char * pn = create_buffer("%u", sa->next_pn);
-+    char * auth_key = create_auth_key(sa->pkey->key, sa->pkey->key_len);
-+    PRINT_LOG("%s (enable_receive=%d next_pn=%u) %s %s",
-+        key,
-+        sa->enable_transmit,
-+        sa->next_pn,
-+        sak_id,
-+        sak);
-+
-+    // TODO
-+    // SALT
-+    const struct sonic_db_name_value_pair pairs[] = 
-+    {
-+        {"sak", sak},
-+        {"auth_key", auth_key},
-+        {"init_pn", pn},
-+        {"salt", ""}
-+    };
-+    int ret = sonic_db_set(
-+        drv->sonic_mamager,
-+        APPL_DB,
-+        APP_MACSEC_EGRESS_SA_TABLE_NAME,
-+        key,
-+        PAIR_ARRAY(pairs));
-+    free(key);
-+    free(sak_id);
-+    free(sak);
-+    free(pn);
-+    free(auth_key);
-+
-+    return ret;
-+}
-+
-+/**
-+ * macsec_sonic_delete_transmit_sa - Delete secure association for transmit
-+ * @priv: private driver interface data from init()
-+ * @sa: secure association
-+ * Returns: 0 on success, -1 on failure
-+ */
-+static int macsec_sonic_delete_transmit_sa(void *priv, struct transmit_sa *sa)
-+{
-+    struct macsec_sonic_data *drv = priv;
-+
-+    char * key = CREATE_SA_KEY(drv->ifname, sa, APP_DB_SEPARATOR);
-+    PRINT_LOG("%s", key);
-+    int ret = sonic_db_del(
-+        drv->sonic_mamager,
-+        APPL_DB,
-+        APP_MACSEC_EGRESS_SA_TABLE_NAME,
-+        key);
-+    free(key);
-+    if (ret == SONIC_DB_SUCCESS)
-+    {
-+        char * key = CREATE_SA_KEY(drv->ifname, sa, STATE_DB_SEPARATOR);
-+        ret = sonic_db_wait(
-+            drv->sonic_mamager,
-+            STATE_DB,
-+            STATE_MACSEC_EGRESS_SA_TABLE_NAME,
-+            DEL_COMMAND,
-+            key,
-+            PAIR_EMPTY);
-+        free(key);
-+    }
-+
-+    return ret;
-+}
-+
-+/**
-+ * macsec_sonic_enable_transmit_sa - Enable SA for transmit
-+ * @priv: private driver interface data from init()
-+ * @sa: secure association
-+ * Returns: 0 on success, -1 on failure
-+ */
-+static int macsec_sonic_enable_transmit_sa(void *priv, struct transmit_sa *sa)
-+{
-+    struct macsec_sonic_data *drv = priv;
-+
-+    char * key = CREATE_SC_KEY(drv->ifname, sa->sc, APP_DB_SEPARATOR);
-+    PRINT_LOG("%s", key);
-+    char * encoding_an = create_buffer("%u", sa->an);
-+    const struct sonic_db_name_value_pair pairs[] = 
-+    {
-+        {"encoding_an", encoding_an},
-+    };
-+    int ret = sonic_db_set(
-+        drv->sonic_mamager,
-+        APPL_DB,
-+        APP_MACSEC_EGRESS_SC_TABLE_NAME,
-+        key,
-+        PAIR_ARRAY(pairs));
-+    free(key);
-+    if (ret == SONIC_DB_SUCCESS)
-+    {
-+        const struct sonic_db_name_value_pair pairs[] = 
-+        {
-+            {"state", "ok"},
-+        };
-+        char * key = CREATE_SA_KEY(drv->ifname, sa, STATE_DB_SEPARATOR);
-+        ret = sonic_db_wait(
-+            drv->sonic_mamager,
-+            STATE_DB,
-+            STATE_MACSEC_EGRESS_SA_TABLE_NAME,
-+            SET_COMMAND,
-+            key,
-+            PAIR_ARRAY(pairs));
-+        free(key);
-+    }
-+    free(encoding_an);
-+
-+    return ret;
-+}
-+
-+/**
-+ * macsec_sonic_disable_transmit_sa - Disable SA for transmit
-+ * @priv: private driver interface data from init()
-+ * @sa: secure association
-+ * Returns: 0 on success, -1 on failure
-+ */
-+static int macsec_sonic_disable_transmit_sa(void *priv, struct transmit_sa *sa)
-+{
-+    struct macsec_sonic_data *drv = priv;
-+
-+    char * key = CREATE_SA_KEY(drv->ifname, sa, APP_DB_SEPARATOR);
-+    PRINT_LOG("%s", key);
-+    free(key);
-+
-+    return SONIC_DB_SUCCESS;
-+}
-+
-+static int macsec_sonic_status(void *priv, char *buf, size_t buflen)
-+{
-+    struct macsec_sonic_data *drv = priv;
-+    int res;
-+    char *pos, *end;
-+
-+    pos = buf;
-+    end = buf + buflen;
-+
-+    res = os_snprintf(pos, end - pos,
-+                      "ifname=%s\n",
-+                      drv->ifname);
-+    if (os_snprintf_error(end - pos, res))
-+        return pos - buf;
-+    pos += res;
-+
-+    return pos - buf;
-+}
-+
-+const struct wpa_driver_ops wpa_driver_macsec_sonic_ops = {
-+    .name = "macsec_sonic",
-+    .desc = "MACsec Ethernet driver for SONiC",
-+    .get_ssid = driver_wired_get_ssid,
-+    .get_bssid = driver_wired_get_bssid,
-+    .get_capa = driver_wired_get_capa,
-+    .init = macsec_sonic_wpa_init,
-+    .deinit = macsec_sonic_wpa_deinit,
-+
-+    .macsec_init = macsec_sonic_macsec_init,
-+    .macsec_deinit = macsec_sonic_macsec_deinit,
-+    .macsec_get_capability = macsec_sonic_get_capability,
-+    .enable_protect_frames = macsec_sonic_enable_protect_frames,
-+    .enable_encrypt = macsec_sonic_enable_encrypt,
-+    .set_replay_protect = macsec_sonic_set_replay_protect,
-+    .set_current_cipher_suite = macsec_sonic_set_current_cipher_suite,
-+    .enable_controlled_port = macsec_sonic_enable_controlled_port,
-+    .get_receive_lowest_pn = macsec_sonic_get_receive_lowest_pn,
-+    .set_receive_lowest_pn = macsec_sonic_set_receive_lowest_pn,
-+    .get_transmit_next_pn = macsec_sonic_get_transmit_next_pn,
-+    .set_transmit_next_pn = macsec_sonic_set_transmit_next_pn,
-+    .create_receive_sc = macsec_sonic_create_receive_sc,
-+    .delete_receive_sc = macsec_sonic_delete_receive_sc,
-+    .create_receive_sa = macsec_sonic_create_receive_sa,
-+    .delete_receive_sa = macsec_sonic_delete_receive_sa,
-+    .enable_receive_sa = macsec_sonic_enable_receive_sa,
-+    .disable_receive_sa = macsec_sonic_disable_receive_sa,
-+    .create_transmit_sc = macsec_sonic_create_transmit_sc,
-+    .delete_transmit_sc = macsec_sonic_delete_transmit_sc,
-+    .create_transmit_sa = macsec_sonic_create_transmit_sa,
-+    .delete_transmit_sa = macsec_sonic_delete_transmit_sa,
-+    .enable_transmit_sa = macsec_sonic_enable_transmit_sa,
-+    .disable_transmit_sa = macsec_sonic_disable_transmit_sa,
-+
-+    .status = macsec_sonic_status,
-+};
-diff --git a/src/drivers/drivers.c b/src/drivers/drivers.c
-index e95df6d..1eb5c68 100644
---- a/src/drivers/drivers.c
-+++ b/src/drivers/drivers.c
-@@ -34,6 +34,9 @@ const struct wpa_driver_ops *const wpa_drivers[] =
- #ifdef CONFIG_DRIVER_WIRED
- 	&wpa_driver_wired_ops,
- #endif /* CONFIG_DRIVER_WIRED */
-+#ifdef CONFIG_DRIVER_MACSEC_SONIC
-+	&wpa_driver_macsec_sonic_ops,
-+#endif /* CONFIG_DRIVER_MACSEC_SONIC */
- #ifdef CONFIG_DRIVER_MACSEC_LINUX
- 	&wpa_driver_macsec_linux_ops,
- #endif /* CONFIG_DRIVER_MACSEC_LINUX */
-diff --git a/src/drivers/drivers.mak b/src/drivers/drivers.mak
-index 442c59c..cd2ee96 100644
---- a/src/drivers/drivers.mak
-+++ b/src/drivers/drivers.mak
-@@ -18,6 +18,16 @@ DRV_OBJS += ../src/drivers/driver_wired.o
- NEED_DRV_WIRED_COMMON=1
- endif
- 
-+ifdef CONFIG_DRIVER_MACSEC_SONIC
-+DRV_CFLAGS += -DCONFIG_DRIVER_MACSEC_SONIC
-+DRV_OBJS += ../src/drivers/driver_macsec_sonic.o
-+DRV_OBJS += ../src/drivers/sonic_operators.o
-+DRV_LIBS += -lswsscommon -lstdc++
-+NEED_DRV_WIRED_COMMON=1
-+NEED_LIBNL=y
-+CONFIG_LIBNL3_ROUTE=y
-+endif
-+
- ifdef CONFIG_DRIVER_MACSEC_LINUX
- DRV_CFLAGS += -DCONFIG_DRIVER_MACSEC_LINUX
- DRV_OBJS += ../src/drivers/driver_macsec_linux.o
-diff --git a/src/drivers/drivers.mk b/src/drivers/drivers.mk
-index 599a0b5..b09a6a2 100644
---- a/src/drivers/drivers.mk
-+++ b/src/drivers/drivers.mk
-@@ -18,6 +18,16 @@ DRV_OBJS += src/drivers/driver_wired.c
- NEED_DRV_WIRED_COMMON=1
- endif
- 
-+ifdef CONFIG_DRIVER_MACSEC_SONIC
-+DRV_CFLAGS += -DCONFIG_DRIVER_MACSEC_SONIC
-+DRV_OBJS += src/drivers/driver_macsec_sonic.c
-+DRV_OBJS += src/drivers/sonic_operators.cpp
-+DRV_LIBS += -lswsscommon -lstdc++
-+NEED_DRV_WIRED_COMMON=1
-+CONFIG_LIBNL3_ROUTE=y
-+NEED_LIBNL=y
-+endif
-+
- ifdef CONFIG_DRIVER_MACSEC_LINUX
- DRV_CFLAGS += -DCONFIG_DRIVER_MACSEC_LINUX
- DRV_OBJS += src/drivers/driver_macsec_linux.c
-diff --git a/src/drivers/sonic_operators.cpp b/src/drivers/sonic_operators.cpp
-new file mode 100644
-index 0000000..69e9c91
---- /dev/null
-+++ b/src/drivers/sonic_operators.cpp
-@@ -0,0 +1,507 @@
-+#include "sonic_operators.h"
-+
-+#include <swss/schema.h>
-+#include <swss/table.h>
-+#include <swss/producerstatetable.h>
-+#include <swss/dbconnector.h>
-+#include <swss/select.h>
-+#include <swss/subscriberstatetable.h>
-+
-+#include <vector>
-+#include <map>
-+#include <algorithm>
-+#include <iterator>
-+#include <deque>
-+#include <memory>
-+#include <iostream>
-+#include <sstream>
-+#include <thread>
-+#include <chrono>
-+
-+// select() function timeout retry time, in millisecond
-+constexpr int SELECT_TIMEOUT = 2000;
-+
-+// Retry times to counter db
-+constexpr unsigned int RETRY_TIMES = 20;
-+
-+// Retry interval to counter db, in millisecond
-+constexpr unsigned int RETRY_INTERVAL = 100;
-+
-+class select_guard
-+{
-+private:
-+    swss::Selectable * m_selectable;
-+    swss::Select * m_selector;
-+public:
-+    select_guard(swss::Selectable * selectable, swss::Select * selector) :
-+        m_selectable(selectable),
-+        m_selector(selector)
-+    {
-+        if (m_selector != nullptr && m_selectable != nullptr)
-+        {
-+            m_selector->addSelectable(m_selectable);
-+        }
-+    }
-+
-+    ~select_guard()
-+    {
-+        if (m_selector != nullptr && m_selectable != nullptr)
-+        {
-+            m_selector->removeSelectable(m_selectable);
-+        }
-+    }
-+};
-+
-+class sonic_db_manager{
-+private:
-+    swss::DBConnector m_app_db;
-+    swss::DBConnector m_state_db;
-+    swss::DBConnector m_counters_db;
-+
-+    std::map<std::string, swss::Table> m_tables_in_counter_db;
-+    std::map<std::string, swss::ProducerStateTable> m_producer_state_tables_in_app_db;
-+    std::map<std::string, swss::SubscriberStateTable> m_subscriber_state_tables_in_state_db;
-+    std::map<std::string, swss::Table> m_tables_in_state_db;
-+
-+    swss::Select m_selector;
-+
-+    template<typename TableMap>
-+    auto & get_table(TableMap & tables, swss::DBConnector & db, const std::string & table_name)
-+    {
-+        return tables.emplace(
-+                std::piecewise_construct,
-+                std::forward_as_tuple(table_name),
-+                std::forward_as_tuple(&db, table_name)).first->second;
-+    }
-+
-+    std::string get_counter_id(const std::string & obj_key)
-+    {
-+        std::vector<swss::FieldValueTuple> temp;
-+        auto & map_table = get_table(m_tables_in_counter_db, m_counters_db, COUNTERS_MACSEC_NAME_MAP);
-+        if (!map_table.get("", temp))
-+        {
-+            return "";
-+        }
-+        auto id = std::find_if(
-+            temp.begin(),
-+            temp.end(),
-+            [&](const swss::FieldValueTuple & fvt){
-+                return fvField(fvt) == obj_key;
-+            });
-+        if (id == temp.end())
-+        {
-+            return "";
-+        }
-+        return id->second;
-+    }
-+
-+    bool meet_expectation(
-+        const std::string & op,
-+        const sonic_db_name_value_pair * pairs,
-+        unsigned int pair_count,
-+        const swss::KeyOpFieldsValuesTuple & entry) const
-+    {
-+        if (op.empty() || op != kfvOp(entry))
-+        {
-+            return false;
-+        }
-+        if (pairs == nullptr || pair_count == 0)
-+        {
-+            if (op == DEL_COMMAND)
-+            {
-+                return true;
-+            }
-+            else
-+            {
-+                return !kfvFieldsValues(entry).empty();
-+            }
-+            
-+        }
-+        auto values = kfvFieldsValues(entry);
-+        for (unsigned int i = 0; i < pair_count; i++)
-+        {
-+            if (pairs[i].name == nullptr)
-+            {
-+                continue;
-+            }
-+            auto value = std::find_if(
-+                values.begin(),
-+                values.end(),
-+                [&](const swss::FieldValueTuple & fvt)
-+                {
-+                    return pairs[i].name == fvField(fvt);
-+                });
-+            if (
-+                (value == values.end())
-+                || (
-+                    (pairs[i].value != nullptr)
-+                    && (value->second != pairs[i].value)
-+                    )
-+                )
-+            {
-+                return false;
-+            }
-+        }
-+        return true;
-+    }
-+
-+public:
-+    sonic_db_manager():
-+        m_app_db("APPL_DB", 0),
-+        m_state_db("STATE_DB", 0),
-+        m_counters_db("COUNTERS_DB", 0)
-+        {
-+        }
-+
-+    int set(
-+        int db_id,
-+        const std::string & table_name,
-+        const std::string & key,
-+        const struct sonic_db_name_value_pair * pairs,
-+        unsigned int pair_count)
-+    {
-+        if (db_id == APPL_DB)
-+        {
-+            auto & table = get_table(m_producer_state_tables_in_app_db, m_app_db, table_name);
-+            std::vector<swss::FieldValueTuple> values;
-+            if (pairs)
-+            {
-+                std::transform(
-+                    pairs,
-+                    pairs + pair_count,
-+                    std::back_inserter(values),
-+                    [](const sonic_db_name_value_pair & pair)
-+                    {
-+                        return std::make_pair(pair.name, pair.value ? pair.value : "");
-+                    });
-+            }
-+            table.set(key, values);
-+            return SONIC_DB_SUCCESS;
-+        }
-+        else
-+        {
-+            return SONIC_DB_FAIL;
-+        }
-+    }
-+
-+    int get(
-+        int db_id,
-+        const std::string & table_name,
-+        const std::string & key,
-+        std::vector<swss::FieldValueTuple> & pairs)
-+    {
-+        pairs.clear();
-+        if (db_id == STATE_DB)
-+        {
-+            auto & table = get_table(m_tables_in_state_db, m_state_db, table_name);
-+            if(!table.get(key, pairs))
-+            {
-+                return SONIC_DB_FAIL;
-+            }
-+            return SONIC_DB_SUCCESS;
-+        }
-+        else
-+        {
-+            return SONIC_DB_FAIL;
-+        }
-+    }
-+
-+    int get(
-+        int db_id,
-+        const std::string & table_name,
-+        const std::string & key,
-+        struct sonic_db_name_value_pairs * pairs)
-+    {
-+        std::vector<swss::FieldValueTuple> result;
-+        if (get(db_id, table_name, key, result) != SONIC_DB_SUCCESS)
-+        {
-+            return SONIC_DB_FAIL;
-+        }
-+        // Copy the query result to the output
-+        pairs->pairs = 
-+            reinterpret_cast<struct sonic_db_name_value_pair *>(
-+                realloc(pairs->pairs, sizeof(sonic_db_name_value_pair) * result.size())
-+            );
-+        if (pairs->pairs == nullptr)
-+        {
-+            return SONIC_DB_FAIL;
-+        }
-+        for (size_t i = 0; i < result.size(); i++)
-+        {
-+            char * name = reinterpret_cast<char *>(malloc(result[i].first.length() + 1));
-+            memcpy(name, result[i].first.data(), result[i].first.length() + 1);
-+            pairs->pairs[pairs->pair_count].name = name;
-+            char * value = reinterpret_cast<char *>(malloc(result[i].second.length() + 1));
-+            memcpy(value, result[i].first.data(), result[i].second.length() + 1);
-+            pairs->pairs[pairs->pair_count].value = value;
-+        }
-+        return SONIC_DB_SUCCESS;
-+    }
-+
-+    int del(
-+        int db_id,
-+        const std::string & table_name,
-+        const std::string & key)
-+    {
-+        if (db_id == APPL_DB)
-+        {
-+            auto & table = get_table(m_producer_state_tables_in_app_db, m_app_db, table_name);
-+            table.del(key);
-+            return SONIC_DB_SUCCESS;
-+        }
-+        else
-+        {
-+            return SONIC_DB_FAIL;
-+        }
-+    }
-+
-+    int wait(
-+    int db_id,
-+    const std::string & table_name,
-+    const std::string & op,
-+    const std::string & key,
-+    const struct sonic_db_name_value_pair * pairs,
-+    unsigned int pair_count)
-+    {
-+        // Subscribe the target table
-+        swss::ConsumerTableBase * consumer = nullptr;
-+        std::unique_ptr<select_guard> guarder;
-+        if (db_id == STATE_DB)
-+        {
-+            consumer = &get_table(m_subscriber_state_tables_in_state_db, m_state_db, table_name);
-+            guarder.reset(new select_guard(consumer, &m_selector));
-+        }
-+        else
-+        {
-+            return SONIC_DB_FAIL;
-+        }
-+        if (consumer == nullptr)
-+        {
-+            return SONIC_DB_FAIL;
-+        }
-+
-+        // Proactively query the target table to avoid that 
-+        // the target table was updated before the subscription
-+        // which causes that the update cannot be fetched
-+        swss::KeyOpFieldsValuesTuple result;
-+        get(db_id, table_name, key, kfvFieldsValues(result));
-+        kfvOp(result) = kfvFieldsValues(result).empty() ? DEL_COMMAND : SET_COMMAND;
-+        if (meet_expectation(op, pairs, pair_count, result))
-+        {
-+            return SONIC_DB_SUCCESS;
-+        }
-+
-+        // Fetch the update
-+        int ret = 0;
-+        while(true)
-+        {
-+            swss::Selectable *sel = nullptr;
-+            ret = m_selector.select(&sel, SELECT_TIMEOUT);
-+            if (ret == swss::Select::ERROR)
-+            {
-+                return SONIC_DB_FAIL;
-+            }
-+            if (ret == swss::Select::TIMEOUT)
-+            {
-+                return SONIC_DB_FAIL;
-+            }
-+            std::deque<swss::KeyOpFieldsValuesTuple> entries;
-+            consumer->pops(entries);
-+            for (auto & entry : entries)
-+            {
-+                if (meet_expectation(op, pairs, pair_count, entry))
-+                {
-+                    return SONIC_DB_SUCCESS;
-+                }
-+            }
-+        };
-+        return SONIC_DB_SUCCESS;
-+    }
-+
-+    int get_counter(
-+        const std::string & table_name,
-+        const std::string & key,
-+        const std::string & field,
-+        unsigned long long * counter)
-+    {
-+        std::vector<swss::FieldValueTuple> result;
-+        const std::string id = get_counter_id(key);
-+        if (id.empty())
-+        {
-+            return SONIC_DB_FAIL;
-+        }
-+        // Find counter from counter db
-+        auto & counter_table = get_table(m_tables_in_counter_db, m_counters_db, table_name);
-+        auto retry_time = RETRY_TIMES;
-+        while (retry_time -- > 0)
-+        {
-+            if (!counter_table.get(id, result))
-+            {
-+                std::this_thread::sleep_for(std::chrono::milliseconds(RETRY_INTERVAL));
-+                continue;
-+            }
-+            auto value = std::find_if(
-+                result.begin(),
-+                result.end(),
-+                [&](const swss::FieldValueTuple & fvt)
-+                {
-+                    return field == fvField(fvt);
-+                });
-+            if (value == result.end())
-+            {
-+                std::this_thread::sleep_for(std::chrono::milliseconds(RETRY_INTERVAL));
-+                continue;
-+            }
-+            std::stringstream(fvValue(*value)) >> *counter;
-+            return SONIC_DB_SUCCESS;
-+        }
-+        return SONIC_DB_FAIL;
-+    }
-+
-+    int del_counter(
-+        const std::string & table_name,
-+        const std::string & key)
-+    {
-+        const std::string id = get_counter_id(key);
-+        if (id.empty())
-+        {
-+            return SONIC_DB_FAIL;
-+        }
-+        if (m_tables_in_counter_db.erase(id) == 0)
-+        {
-+            return SONIC_DB_FAIL;
-+        }
-+        return SONIC_DB_SUCCESS;
-+    }
-+};
-+
-+sonic_db_handle sonic_db_get_manager()
-+{
-+    thread_local sonic_db_manager manager;
-+    return &manager;
-+}
-+
-+int sonic_db_set(
-+    sonic_db_handle sonic_manager,
-+    int db_id,
-+    const char * table_name,
-+    const char * key,
-+    const struct sonic_db_name_value_pair * pairs,
-+    unsigned int pair_count)
-+{
-+    sonic_db_manager * manager = reinterpret_cast<sonic_db_manager *>(sonic_manager);
-+    if (manager == nullptr)
-+    {
-+        return SONIC_DB_FAIL;
-+    }
-+    return manager->set(db_id, table_name, key, pairs, pair_count);
-+}
-+
-+int sonic_db_get(
-+    sonic_db_handle sonic_manager,
-+    int db_id,
-+    const char * table_name,
-+    const char * key,
-+    struct sonic_db_name_value_pairs * pairs)
-+{
-+    sonic_db_manager * manager = reinterpret_cast<sonic_db_manager *>(sonic_manager);
-+    if (manager == nullptr)
-+    {
-+        return SONIC_DB_FAIL;
-+    }
-+    return manager->get(db_id, table_name, key, pairs);
-+}
-+
-+int sonic_db_del(
-+    sonic_db_handle sonic_manager,
-+    int db_id,
-+    const char * table_name,
-+    const char * key)
-+{
-+    sonic_db_manager * manager = reinterpret_cast<sonic_db_manager *>(sonic_manager);
-+    if (manager == nullptr)
-+    {
-+        return SONIC_DB_FAIL;
-+    }
-+    return manager->del(db_id, table_name, key);
-+}
-+
-+int sonic_db_wait(
-+    sonic_db_handle sonic_manager,
-+    int db_id,
-+    const char * table,
-+    const char * op,
-+    const char * key,
-+    const struct sonic_db_name_value_pair * pairs,
-+    unsigned int pair_count)
-+{
-+    sonic_db_manager * manager = reinterpret_cast<sonic_db_manager *>(sonic_manager);
-+    if (manager == nullptr)
-+    {
-+        return SONIC_DB_FAIL;
-+    }
-+    return manager->wait(db_id, table, op, key, pairs, pair_count);
-+}
-+
-+int sonic_db_get_counter(
-+    sonic_db_handle sonic_manager,
-+    const char * table_name,
-+    const char * key,
-+    const char * field,
-+    unsigned long long * counter)
-+{
-+    sonic_db_manager * manager = reinterpret_cast<sonic_db_manager *>(sonic_manager);
-+    if (manager == nullptr)
-+    {
-+        return SONIC_DB_FAIL;
-+    }
-+    return manager->get_counter(table_name, key, field, counter);
-+}
-+
-+int sonic_db_del_counter(
-+    sonic_db_handle sonic_manager,
-+    const char * table_name,
-+    const char * key)
-+{
-+    sonic_db_manager * manager = reinterpret_cast<sonic_db_manager *>(sonic_manager);
-+    if (manager == nullptr)
-+    {
-+        return SONIC_DB_FAIL;
-+    }
-+    return manager->del_counter(table_name, key);
-+}
-+
-+
-+struct sonic_db_name_value_pairs * sonic_db_malloc_name_value_pairs()
-+{
-+    struct sonic_db_name_value_pairs * pairs = reinterpret_cast<struct sonic_db_name_value_pairs *>(
-+        malloc(sizeof(struct sonic_db_name_value_pairs))
-+    );
-+    if (pairs == nullptr)
-+    {
-+        return nullptr;
-+    }
-+    pairs->pair_count = 0;
-+    pairs->pairs = UNSET_POINTER;
-+    return reinterpret_cast<struct sonic_db_name_value_pairs *>(pairs);
-+}
-+
-+void sonic_db_free_name_value_pairs(struct sonic_db_name_value_pairs * pairs)
-+{
-+    if (pairs == nullptr)
-+    {
-+        return;
-+    }
-+    for (unsigned int i = 0; i < pairs->pair_count; i++)
-+    {
-+        if (pairs->pairs[i].name != UNSET_POINTER)
-+        {
-+            free((char *)pairs->pairs[i].name);
-+        }
-+        if (pairs->pairs[i].value != UNSET_POINTER)
-+        {
-+            free((char *)pairs->pairs[i].value);
-+        }
-+    }
-+    free(pairs);
-+}
-diff --git a/src/drivers/sonic_operators.h b/src/drivers/sonic_operators.h
-new file mode 100644
-index 0000000..a3be24d
---- /dev/null
-+++ b/src/drivers/sonic_operators.h
-@@ -0,0 +1,108 @@
-+/*
-+ * wpa_supplicant - 
-+ * Copyright (c) 
-+ *
-+ * This software may be distributed under the terms of the BSD license.
-+ * See README for more details.
-+ */
-+
-+#ifndef SONIC_OPERATORS_H
-+#define SONIC_OPERATORS_H
-+
-+// The following definitions should be moved to schema.h
-+
-+#define APP_MACSEC_PORT_TABLE_NAME          "MACSEC_PORT_TABLE"
-+#define APP_MACSEC_EGRESS_SC_TABLE_NAME     "MACSEC_EGRESS_SC_TABLE"
-+#define APP_MACSEC_INGRESS_SC_TABLE_NAME    "MACSEC_INGRESS_SC_TABLE"
-+#define APP_MACSEC_EGRESS_SA_TABLE_NAME     "MACSEC_EGRESS_SA_TABLE"
-+#define APP_MACSEC_INGRESS_SA_TABLE_NAME    "MACSEC_INGRESS_SA_TABLE"
-+
-+#define STATE_MACSEC_PORT_TABLE_NAME        "MACSEC_PORT_TABLE"
-+#define STATE_MACSEC_INGRESS_SC_TABLE_NAME  "MACSEC_INGRESS_SC_TABLE"
-+#define STATE_MACSEC_INGRESS_SA_TABLE_NAME  "MACSEC_INGRESS_SA_TABLE"
-+#define STATE_MACSEC_EGRESS_SC_TABLE_NAME   "MACSEC_EGRESS_SC_TABLE"
-+#define STATE_MACSEC_EGRESS_SA_TABLE_NAME   "MACSEC_EGRESS_SA_TABLE"
-+
-+#define COUNTERS_MACSEC_NAME_MAP            "COUNTERS_MACSEC_NAME_MAP"
-+
-+// End define
-+
-+#include <swss/schema.h>
-+
-+#define SONIC_DB_SUCCESS (0)
-+#define SONIC_DB_FAIL    (-1)
-+#define UNSET_POINTER    (NULL)
-+
-+struct sonic_db_name_value_pair
-+{
-+    const char * name;
-+    const char * value;
-+};
-+
-+struct sonic_db_name_value_pairs
-+{
-+    unsigned int pair_count;
-+    struct sonic_db_name_value_pair * pairs;
-+};
-+
-+typedef void * sonic_db_handle;
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+sonic_db_handle sonic_db_get_manager();
-+
-+
-+
-+int sonic_db_set(
-+    sonic_db_handle sonic_manager,
-+    int db_id,
-+    const char * table_name,
-+    const char * key,
-+    const struct sonic_db_name_value_pair * pairs,
-+    unsigned int pair_count);
-+
-+int sonic_db_get(
-+    sonic_db_handle sonic_manager,
-+    int db_id,
-+    const char * table_name,
-+    const char * key,
-+    struct sonic_db_name_value_pairs * pairs);
-+
-+int sonic_db_del(
-+    sonic_db_handle sonic_manager,
-+    int db_id,
-+    const char * table_name,
-+    const char * key);
-+
-+int sonic_db_wait(
-+    sonic_db_handle sonic_manager,
-+    int db_id,
-+    const char * table,
-+    const char * op,
-+    const char * key,
-+    const struct sonic_db_name_value_pair * pairs,
-+    unsigned int pair_count);
-+
-+int sonic_db_get_counter(
-+    sonic_db_handle sonic_manager,
-+    const char * table_name,
-+    const char * key,
-+    const char * field,
-+    unsigned long long * counter);
-+
-+int sonic_db_del_counter(
-+    sonic_db_handle sonic_manager,
-+    const char * table_name,
-+    const char * key);
-+
-+struct sonic_db_name_value_pairs * sonic_db_malloc_name_value_pairs();
-+
-+void sonic_db_free_name_value_pairs(struct sonic_db_name_value_pairs * pairs);
-+
-+#ifdef __cplusplus
-+};
-+#endif
-+
-+#endif
-diff --git a/wpa_supplicant/defconfig b/wpa_supplicant/defconfig
-index cdfb197..160a701 100644
---- a/wpa_supplicant/defconfig
-+++ b/wpa_supplicant/defconfig
-@@ -79,6 +79,9 @@ CONFIG_DRIVER_WIRED=y
- # Driver interface for Linux MACsec drivers
- #CONFIG_DRIVER_MACSEC_LINUX=y
- 
-+# Driver interface for SONiC MACsec drivers
-+#CONFIG_DRIVER_MACSEC_SONIC=y
-+
- # Driver interface for the Broadcom RoboSwitch family
- #CONFIG_DRIVER_ROBOSWITCH=y
- 
diff --git a/src/wpasupplicant/patch/series b/src/wpasupplicant/patch/series
deleted file mode 100644
index b54fc37a768d..000000000000
--- a/src/wpasupplicant/patch/series
+++ /dev/null
@@ -1 +0,0 @@
-0001-sonic-wpa_supplicant-plugin.patch

From 5dccaf201d449c508294b6203649385b6dcbf962 Mon Sep 17 00:00:00 2001
From: Ze Gan <ganze718@gmail.com>
Date: Tue, 3 Nov 2020 23:17:56 +0800
Subject: [PATCH 16/22] formmat indent

Signed-off-by: Ze Gan <ganze718@gmail.com>
---
 sonic-slave-buster/Dockerfile.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sonic-slave-buster/Dockerfile.j2 b/sonic-slave-buster/Dockerfile.j2
index da6e636897a8..c8385249556a 100644
--- a/sonic-slave-buster/Dockerfile.j2
+++ b/sonic-slave-buster/Dockerfile.j2
@@ -298,7 +298,7 @@ RUN apt-get update && apt-get install -y \
 # For SWI Tools
         python-m2crypto \
 # For build dtb
-	device-tree-compiler \
+        device-tree-compiler \
 # For sonic-mgmt-framework
         autoconf \
         m4 \

From d801a51428b2864c41b0834413b778679f94f002 Mon Sep 17 00:00:00 2001
From: Ze Gan <ganze718@gmail.com>
Date: Wed, 4 Nov 2020 09:18:17 +0800
Subject: [PATCH 17/22] Fix compile error

Signed-off-by: Ze Gan <ganze718@gmail.com>
---
 src/wpasupplicant/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/wpasupplicant/Makefile b/src/wpasupplicant/Makefile
index 00f27f8d44e4..b77411612030 100644
--- a/src/wpasupplicant/Makefile
+++ b/src/wpasupplicant/Makefile
@@ -11,7 +11,7 @@ $(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
 
 	# Clone wpa repo
 	git clone https://github.com/Azure/sonic-wpa-supplicant.git
-	pushd ./sonic-wpa-supplicant
+	pushd ./sonic-wpa-supplicant/wpa_supplicant
 
 	# Reset HEAD to the commit of the proper tag
 	# NOTE: Using "git checkout <tag_name>" here detaches our HEAD,
@@ -20,7 +20,7 @@ $(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
 	git checkout wpa/$(WPASUPPLICANT_VERSION)
 
 	# Build source and Debian packages
-	cp wpa_supplicant/defconfig wpa_supplicant/.config
+	cp defconfig .config
 	make -j$(SONIC_CONFIG_MAKE_JOBS)
 
 	popd

From 9d82e316bbc94785d2a6cd8ca890658ea7f24eba Mon Sep 17 00:00:00 2001
From: Ze Gan <ganze718@gmail.com>
Date: Mon, 9 Nov 2020 13:32:41 +0800
Subject: [PATCH 18/22] temp fix wpa supplicant compile bug

Signed-off-by: Ze Gan <ganze718@gmail.com>
---
 rules/wpasupplicant.mk     |  3 ++-
 src/wpasupplicant/Makefile | 29 +++++++++++++++++------------
 2 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/rules/wpasupplicant.mk b/rules/wpasupplicant.mk
index ff5e077e90d8..165dd9478944 100644
--- a/rules/wpasupplicant.mk
+++ b/rules/wpasupplicant.mk
@@ -1,6 +1,7 @@
 # wpa package
 
-WPASUPPLICANT_VERSION = hostap_2_9
+# WPASUPPLICANT_VERSION = hostap_2_9
+WPASUPPLICANT_VERSION = 2.9.0-12
 
 export WPASUPPLICANT_VERSION
 
diff --git a/src/wpasupplicant/Makefile b/src/wpasupplicant/Makefile
index b77411612030..6e2129d3429f 100644
--- a/src/wpasupplicant/Makefile
+++ b/src/wpasupplicant/Makefile
@@ -10,18 +10,23 @@ $(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
 	rm -rf ./wpa
 
 	# Clone wpa repo
-	git clone https://github.com/Azure/sonic-wpa-supplicant.git
-	pushd ./sonic-wpa-supplicant/wpa_supplicant
-
-	# Reset HEAD to the commit of the proper tag
-	# NOTE: Using "git checkout <tag_name>" here detaches our HEAD,
-	# which stg doesn't like, so we use this method instead
-	# NOTE: For some reason, tags in the Debian monit repo are prefixed with "1%"
-	git checkout wpa/$(WPASUPPLICANT_VERSION)
-
-	# Build source and Debian packages
-	cp defconfig .config
-	make -j$(SONIC_CONFIG_MAKE_JOBS)
+#	git clone https://github.com/Azure/sonic-wpa-supplicant.git
+#	pushd ./sonic-wpa-supplicant/wpa_supplicant
+#
+#	# Reset HEAD to the commit of the proper tag
+#	# NOTE: Using "git checkout <tag_name>" here detaches our HEAD,
+#	# which stg doesn't like, so we use this method instead
+#	# NOTE: For some reason, tags in the Debian monit repo are prefixed with "1%"
+#	git checkout wpa/$(WPASUPPLICANT_VERSION)
+#
+#	# Build source and Debian packages
+#	cp defconfig .config
+#	make -j$(SONIC_CONFIG_MAKE_JOBS)
+	
+	git clone https://salsa.debian.org/debian/wpa.git
+	pushd ./wpa
+	git reset --hard debian/2\%$(WPASUPPLICANT_VERSION)
+	dpkg-buildpackage -rfakeroot -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS)
 
 	popd
 

From 7b969de09d42601ffec685dc6227d5bc34faa64a Mon Sep 17 00:00:00 2001
From: Ze Gan <ganze718@gmail.com>
Date: Tue, 8 Dec 2020 00:41:43 +0800
Subject: [PATCH 19/22] Change wpa repo source from debian to
 Azure/sonic-wpa-supplicant

Signed-off-by: Ze Gan <ganze718@gmail.com>
---
 sonic-slave-buster/Dockerfile.j2 |  6 ++++++
 src/wpasupplicant/Makefile       | 26 +++++++++-----------------
 2 files changed, 15 insertions(+), 17 deletions(-)

diff --git a/sonic-slave-buster/Dockerfile.j2 b/sonic-slave-buster/Dockerfile.j2
index 1e1b3b7a5bd9..8a427fc73321 100644
--- a/sonic-slave-buster/Dockerfile.j2
+++ b/sonic-slave-buster/Dockerfile.j2
@@ -307,6 +307,12 @@ RUN apt-get update && apt-get install -y \
         python-lxml \
         libexpat1-dev \
 # For WPA supplication
+        qtbase5-dev          \
+        aspell-en            \
+        libhiredis-dev       \
+        libnl-3-dev          \
+        swig3.0              \
+        libpython2.7-dev     \
         libssl-dev           \
         dbus                 \
         libdbus-1-dev        \
diff --git a/src/wpasupplicant/Makefile b/src/wpasupplicant/Makefile
index 6e2129d3429f..ba72c266bfa7 100644
--- a/src/wpasupplicant/Makefile
+++ b/src/wpasupplicant/Makefile
@@ -10,24 +10,16 @@ $(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
 	rm -rf ./wpa
 
 	# Clone wpa repo
-#	git clone https://github.com/Azure/sonic-wpa-supplicant.git
-#	pushd ./sonic-wpa-supplicant/wpa_supplicant
-#
-#	# Reset HEAD to the commit of the proper tag
-#	# NOTE: Using "git checkout <tag_name>" here detaches our HEAD,
-#	# which stg doesn't like, so we use this method instead
-#	# NOTE: For some reason, tags in the Debian monit repo are prefixed with "1%"
-#	git checkout wpa/$(WPASUPPLICANT_VERSION)
-#
-#	# Build source and Debian packages
-#	cp defconfig .config
-#	make -j$(SONIC_CONFIG_MAKE_JOBS)
-	
-	git clone https://salsa.debian.org/debian/wpa.git
-	pushd ./wpa
-	git reset --hard debian/2\%$(WPASUPPLICANT_VERSION)
+	git clone https://github.com/Azure/sonic-wpa-supplicant.git
+	pushd ./sonic-wpa-supplicant/wpa_supplicant
+	# Reset HEAD to the commit of the proper tag
+	# NOTE: Using "git checkout <tag_name>" here detaches our HEAD,
+	# which stg doesn't like, so we use this method instead
+	# NOTE: For some reason, tags in the Debian monit repo are prefixed with "1%"
+	pushd ./sonic-wpa-supplicant
+	# git checkout wpa/$(WPASUPPLICANT_VERSION)
+	# Build source and Debian packages
 	dpkg-buildpackage -rfakeroot -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS)
-
 	popd
 
 	# Move the newly-built .deb packages to the destination directory

From 7169af21b039260b4919677374f22368e6e6caf6 Mon Sep 17 00:00:00 2001
From: Ze Gan <ganze718@gmail.com>
Date: Wed, 23 Dec 2020 23:19:29 +0800
Subject: [PATCH 20/22] Add sonic_wpa_supplicant as submodule

Signed-off-by: Ze Gan <ganze718@gmail.com>
---
 .gitmodules                            |  3 +++
 rules/wpasupplicant.mk                 |  3 +--
 src/wpasupplicant/Makefile             | 11 -----------
 src/wpasupplicant/sonic-wpa-supplicant |  1 +
 4 files changed, 5 insertions(+), 13 deletions(-)
 create mode 160000 src/wpasupplicant/sonic-wpa-supplicant

diff --git a/.gitmodules b/.gitmodules
index 96bb4ed2cda1..2cb5aed594ad 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -85,3 +85,6 @@
 [submodule "src/sonic-mgmt-common"]
 	path = src/sonic-mgmt-common
 	url = https://github.com/Azure/sonic-mgmt-common.git
+[submodule "src/wpasupplicant/sonic-wpa-supplicant"]
+	path = src/wpasupplicant/sonic-wpa-supplicant
+	url = https://github.com/Azure/sonic-wpa-supplicant
diff --git a/rules/wpasupplicant.mk b/rules/wpasupplicant.mk
index 165dd9478944..2e6d2ea6b2f1 100644
--- a/rules/wpasupplicant.mk
+++ b/rules/wpasupplicant.mk
@@ -1,7 +1,6 @@
 # wpa package
 
-# WPASUPPLICANT_VERSION = hostap_2_9
-WPASUPPLICANT_VERSION = 2.9.0-12
+WPASUPPLICANT_VERSION = 2.9.0-14
 
 export WPASUPPLICANT_VERSION
 
diff --git a/src/wpasupplicant/Makefile b/src/wpasupplicant/Makefile
index ba72c266bfa7..13dbc58fbe50 100644
--- a/src/wpasupplicant/Makefile
+++ b/src/wpasupplicant/Makefile
@@ -6,19 +6,8 @@ MAIN_TARGET = wpasupplicant_$(WPASUPPLICANT_VERSION)_$(CONFIGURED_ARCH).deb
 DERIVED_TARGETS = wpasupplicant-dbgsym_$(WPASUPPLICANT_VERSION)_$(CONFIGURED_ARCH).deb
 
 $(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
-	# Remove any stale files
-	rm -rf ./wpa
-
 	# Clone wpa repo
-	git clone https://github.com/Azure/sonic-wpa-supplicant.git
-	pushd ./sonic-wpa-supplicant/wpa_supplicant
-	# Reset HEAD to the commit of the proper tag
-	# NOTE: Using "git checkout <tag_name>" here detaches our HEAD,
-	# which stg doesn't like, so we use this method instead
-	# NOTE: For some reason, tags in the Debian monit repo are prefixed with "1%"
 	pushd ./sonic-wpa-supplicant
-	# git checkout wpa/$(WPASUPPLICANT_VERSION)
-	# Build source and Debian packages
 	dpkg-buildpackage -rfakeroot -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS)
 	popd
 
diff --git a/src/wpasupplicant/sonic-wpa-supplicant b/src/wpasupplicant/sonic-wpa-supplicant
new file mode 160000
index 000000000000..288cca1bf026
--- /dev/null
+++ b/src/wpasupplicant/sonic-wpa-supplicant
@@ -0,0 +1 @@
+Subproject commit 288cca1bf02679313aec1bc7ba168ced9026a003

From 1a0595bacd462228b711d494ab175dbf0b96664a Mon Sep 17 00:00:00 2001
From: Ze Gan <ganze718@gmail.com>
Date: Fri, 1 Jan 2021 10:14:10 +0800
Subject: [PATCH 21/22] [testonly]: Set shell as verbose mode

Signed-off-by: Ze Gan <ganze718@gmail.com>
---
 .gitmodules | 2 +-
 slave.mk    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.gitmodules b/.gitmodules
index 2cb5aed594ad..33859756e2ed 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -87,4 +87,4 @@
 	url = https://github.com/Azure/sonic-mgmt-common.git
 [submodule "src/wpasupplicant/sonic-wpa-supplicant"]
 	path = src/wpasupplicant/sonic-wpa-supplicant
-	url = https://github.com/Azure/sonic-wpa-supplicant
+	url = https://github.com/Azure/sonic-wpa-supplicant.git
diff --git a/slave.mk b/slave.mk
index f7b3636d1abc..475187481113 100644
--- a/slave.mk
+++ b/slave.mk
@@ -5,7 +5,7 @@
 # Select bash for commands
 .ONESHELL:
 SHELL = /bin/bash
-.SHELLFLAGS += -e
+.SHELLFLAGS += -ex
 USER = $(shell id -un)
 UID = $(shell id -u)
 GUID = $(shell id -g)

From 992ae50f2b9adb1139335d2e9baaa1d126181efd Mon Sep 17 00:00:00 2001
From: Ze Gan <ganze718@gmail.com>
Date: Thu, 7 Jan 2021 21:43:34 +0800
Subject: [PATCH 22/22] Fix dep files

Signed-off-by: Ze Gan <ganze718@gmail.com>
---
 rules/wpasupplicant.dep | 10 ++++++++--
 slave.mk                |  2 +-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/rules/wpasupplicant.dep b/rules/wpasupplicant.dep
index b909cd36a4a4..cdab026f0c65 100644
--- a/rules/wpasupplicant.dep
+++ b/rules/wpasupplicant.dep
@@ -2,9 +2,15 @@
 SPATH       := $($(WPASUPPLICANT)_SRC_PATH)
 DEP_FILES   := $(SONIC_COMMON_FILES_LIST) rules/wpasupplicant.mk rules/wpasupplicant.dep   
 DEP_FILES   += $(SONIC_COMMON_BASE_FILES_LIST)
-DEP_FILES   += $(shell git ls-files $(SPATH))
+# Account files under the src/wpasupplicant/ except submodule directory.
+DEP_FILES   += $(shell git ls-files $(SPATH) | grep -Ev 'sonic-wpa-supplicant')
+
+# Account for source files under the sonic-wpa-supplicant submodule directory as well.
+WPASUPPLICANT_SPATH := $(SPATH)/sonic-wpa-supplicant
+SMDEP_FILES         := $(addprefix $(WPASUPPLICANT_SPATH)/,$(shell cd $(WPASUPPLICANT_SPATH) && git ls-files))
 
 $(WPASUPPLICANT)_CACHE_MODE  := GIT_CONTENT_SHA 
 $(WPASUPPLICANT)_DEP_FLAGS   := $(SONIC_COMMON_FLAGS_LIST)
 $(WPASUPPLICANT)_DEP_FILES   := $(DEP_FILES)
-
+$(WPASUPPLICANT)_SMDEP_FILES := $(SMDEP_FILES)
+$(WPASUPPLICANT)_SMDEP_PATHS := $(WPASUPPLICANT_SPATH)
diff --git a/slave.mk b/slave.mk
index 475187481113..f7b3636d1abc 100644
--- a/slave.mk
+++ b/slave.mk
@@ -5,7 +5,7 @@
 # Select bash for commands
 .ONESHELL:
 SHELL = /bin/bash
-.SHELLFLAGS += -ex
+.SHELLFLAGS += -e
 USER = $(shell id -un)
 UID = $(shell id -u)
 GUID = $(shell id -g)