[vslib]: Add MACsec state to state base (sonic-net#722)

Signed-off-by: Ze Gan <ganze718@gmail.com>

Author: Pterosaur

vslib/inc/SwitchStateBase.h

@@ -7,6 +7,7 @@
 #include "SwitchConfig.h"
 #include "RealObjectIdManager.h"
 #include "EventPayloadNetLinkMsg.h"
+#include "MACsecManager.h"
 
 #include <set>
 #include <unordered_set>
@@ -137,6 +138,9 @@ namespace saivs
             virtual sai_status_t refresh_system_port_list(
                     _In_ const sai_attr_metadata_t *meta);
 
+            virtual sai_status_t refresh_macsec_sci_in_ingress_macsec_acl(
+                    _In_ sai_object_id_t object_id);
+
         public:
 
             virtual sai_status_t warm_boot_initialize_objects();
@@ -451,6 +455,96 @@ namespace saivs
                     _In_ const sai_object_id_t object_id,
                     _Out_ std::vector<sai_attribute_t> &attrs);
 
+        protected:
+
+            sai_status_t setAclEntry(
+                    _In_ sai_object_id_t entry_id,
+                    _In_ const sai_attribute_t* attr);
+
+            sai_status_t setAclEntryMACsecFlowActive(
+                    _In_ sai_object_id_t entry_id,
+                    _In_ const sai_attribute_t* attr);
+
+            sai_status_t createMACsecPort(
+                    _In_ sai_object_id_t macsec_sa_id,
+                    _In_ sai_object_id_t switch_id,
+                    _In_ uint32_t attr_count,
+                    _In_ const sai_attribute_t *attr_list);
+
+            sai_status_t createMACsecSA(
+                    _In_ sai_object_id_t macsec_sa_id,
+                    _In_ sai_object_id_t switch_id,
+                    _In_ uint32_t attr_count,
+                    _In_ const sai_attribute_t *attr_list);
+
+            sai_status_t createMACsecSC(
+                    _In_ sai_object_id_t macsec_sa_id,
+                    _In_ sai_object_id_t switch_id,
+                    _In_ uint32_t attr_count,
+                    _In_ const sai_attribute_t *attr_list);
+
+            sai_status_t removeMACsecPort(
+                    _In_ sai_object_id_t macsec_port_id);
+
+            sai_status_t removeMACsecSC(
+                    _In_ sai_object_id_t macsec_sc_id);
+
+            sai_status_t removeMACsecSA(
+                    _In_ sai_object_id_t macsec_sa_id);
+
+            sai_status_t getACLTable(
+                    _In_ sai_object_id_t entry_id,
+                    _Out_ sai_object_id_t &table_id);
+
+            sai_status_t findPortByMACsecFlow(
+                    _In_ sai_object_id_t macsec_flow_id,
+                    _Out_ sai_object_id_t &line_port_id);
+
+            std::shared_ptr<HostInterfaceInfo> findHostInterfaceInfoByPort(
+                    _In_ sai_object_id_t line_port_id);
+
+            sai_status_t loadMACsecAttrFromMACsecPort(
+                    _In_ sai_object_id_t object_id,
+                    _In_ uint32_t attr_count,
+                    _In_ const sai_attribute_t *attr_list,
+                    _Out_ MACsecAttr &macsec_attr);
+
+            sai_status_t loadMACsecAttrFromMACsecSC(
+                    _In_ sai_object_id_t object_id,
+                    _In_ uint32_t attr_count,
+                    _In_ const sai_attribute_t *attr_list,
+                    _Out_ MACsecAttr &macsec_attr);
+
+            sai_status_t loadMACsecAttrFromMACsecSA(
+                    _In_ sai_object_id_t object_id,
+                    _In_ uint32_t attr_count,
+                    _In_ const sai_attribute_t *attr_list,
+                    _Out_ MACsecAttr &macsec_attr);
+
+            sai_status_t loadMACsecAttr(
+                    _In_ sai_object_type_t object_type,
+                    _In_ sai_object_id_t object_id,
+                    _In_ uint32_t attr_count,
+                    _In_ const sai_attribute_t *attr_list,
+                    _Out_ MACsecAttr &macsec_attr);
+
+            sai_status_t loadMACsecAttr(
+                    _In_ sai_object_type_t object_type,
+                    _In_ sai_object_id_t object_id,
+                    _Out_ MACsecAttr &macsec_attr);
+
+            sai_status_t loadMACsecAttrsFromACLEntry(
+                    _In_ sai_object_id_t entry_id,
+                    _In_ const sai_attribute_t* entry_attr,
+                    _In_ sai_object_type_t object_type,
+                    _Out_ std::vector<MACsecAttr> &macsec_attrs);
+
+            sai_status_t getMACsecSAPacketNumber(
+                    _In_ sai_object_id_t macsec_sa_id,
+                    _Out_ sai_attribute_t &attr);
+
+            MACsecManager m_macsecManager;
+
         protected:
 
             constexpr static const int maxDebugCounters = 32;

vslib/src/MACsecManager.cpp

@@ -12,7 +12,7 @@
 
 using namespace saivs;
 
-#define MAX_MACSEC_SA_NUMBER 3
+static constexpr macsec_an_t MAX_MACSEC_SA_NUMBER = 3;
 
 MACsecManager::MACsecManager()
 {
@@ -818,7 +818,7 @@ size_t MACsecManager::get_macsec_sa_count(
 
     size_t sa_count = 0;
 
-    for (macsec_an_t an = 0; an <= MAX_MACSEC_SA_NUMBER; an++)
+    for (macsec_an_t an = 0; an <= MAX_MACSEC_SA_NUMBER; an++) // lgtm [cpp/constant-comparison]
     {
         if (is_macsec_sa_existing(macsecDevice, direction, sci, an))
         {

vslib/src/Makefile.am

@@ -59,7 +59,10 @@ libSaiVS_a_SOURCES = \
 					  MACsecIngressFilter.cpp \
 					  TrafficForwarder.cpp \
 					  MACsecForwarder.cpp \
-					  TrafficFilterPipes.cpp
+					  TrafficFilterPipes.cpp \
+					  SwitchStateBaseMACsec.cpp \
+					  MACsecAttr.cpp \
+					  MACsecManager.cpp
 
 libsaivs_la_SOURCES = \
 					  sai_vs_fdb.cpp \

vslib/src/SwitchStateBase.cpp

@@ -154,6 +154,20 @@ sai_status_t SwitchStateBase::create(
         return createHostif(object_id, switch_id, attr_count, attr_list);
     }
 
+    if (object_type == SAI_OBJECT_TYPE_MACSEC_SC)
+    {
+        sai_object_id_t object_id;
+        sai_deserialize_object_id(serializedObjectId, object_id);
+        return createMACsecSC(object_id, switch_id, attr_count, attr_list);
+    }
+
+    if (object_type == SAI_OBJECT_TYPE_MACSEC_SA)
+    {
+        sai_object_id_t object_id;
+        sai_deserialize_object_id(serializedObjectId, object_id);
+        return createMACsecSA(object_id, switch_id, attr_count, attr_list);
+    }
+
     return create_internal(object_type, serializedObjectId, switch_id, attr_count, attr_list);
 }
 
@@ -348,6 +362,25 @@ sai_status_t SwitchStateBase::remove(
         return removeHostif(objectId);
     }
 
+    if (object_type == SAI_OBJECT_TYPE_MACSEC_PORT)
+    {
+        sai_object_id_t objectId;
+        sai_deserialize_object_id(serializedObjectId, objectId);
+        return removeMACsecPort(objectId);
+    }
+    else if (object_type == SAI_OBJECT_TYPE_MACSEC_SC)
+    {
+        sai_object_id_t objectId;
+        sai_deserialize_object_id(serializedObjectId, objectId);
+        return removeMACsecSC(objectId);
+    }
+    else if (object_type == SAI_OBJECT_TYPE_MACSEC_SA)
+    {
+        sai_object_id_t objectId;
+        sai_deserialize_object_id(serializedObjectId, objectId);
+        return removeMACsecSA(objectId);
+    }
+
     return remove_internal(object_type, serializedObjectId);
 }
 
@@ -433,6 +466,22 @@ sai_status_t SwitchStateBase::setPort(
     return set_internal(SAI_OBJECT_TYPE_PORT, sid, attr);
 }
 
+sai_status_t SwitchStateBase::setAclEntry(
+        _In_ sai_object_id_t entry_id,
+        _In_ const sai_attribute_t* attr)
+{
+    SWSS_LOG_ENTER();
+
+    if (attr && attr->id == SAI_ACL_ENTRY_ATTR_ACTION_MACSEC_FLOW)
+    {
+        return setAclEntryMACsecFlowActive(entry_id, attr);
+    }
+
+    auto sid = sai_serialize_object_id(entry_id);
+
+    return set_internal(SAI_OBJECT_TYPE_ACL_ENTRY, sid, attr);
+}
+
 sai_status_t SwitchStateBase::set(
         _In_ sai_object_type_t objectType,
         _In_ const std::string &serializedObjectId,
@@ -447,6 +496,13 @@ sai_status_t SwitchStateBase::set(
         return setPort(objectId, attr);
     }
 
+    if (objectType == SAI_OBJECT_TYPE_ACL_ENTRY)
+    {
+        sai_object_id_t objectId;
+        sai_deserialize_object_id(serializedObjectId, objectId);
+        return setAclEntry(objectId, attr);
+    }
+
     return set_internal(objectType, serializedObjectId, attr);
 }
 
@@ -1741,6 +1797,26 @@ sai_status_t SwitchStateBase::refresh_port_list(
     return SAI_STATUS_SUCCESS;
 }
 
+sai_status_t SwitchStateBase::refresh_macsec_sci_in_ingress_macsec_acl(
+        _In_ sai_object_id_t object_id)
+{
+    SWSS_LOG_ENTER();
+
+    /*
+     * SAI_MACSEC_ATTR_SCI_IN_INGRESS_MACSEC_ACL indicates the MACsec ASIC capability 
+     * of whether SCI can only be used as ACL field.
+     * To set SAI_MACSEC_ATTR_SCI_IN_INGRESS_MACSEC_ACL is always true,
+     * which indicates that here is emulating a kind of MACsec ASIC that use SCI as ACL field.
+     */
+    sai_attribute_t attr;
+    attr.id = SAI_MACSEC_ATTR_SCI_IN_INGRESS_MACSEC_ACL;
+    attr.value.booldata = true;
+
+    CHECK_STATUS(set(SAI_OBJECT_TYPE_MACSEC, object_id, &attr));
+
+    return SAI_STATUS_SUCCESS;
+}
+
 // XXX extra work may be needed on GET api if N on list will be > then actual
 
 /*
@@ -1877,6 +1953,11 @@ sai_status_t SwitchStateBase::refresh_read_only(
         return SAI_STATUS_SUCCESS;
     }
 
+    if (meta->objecttype == SAI_OBJECT_TYPE_MACSEC && meta->attrid == SAI_MACSEC_ATTR_SCI_IN_INGRESS_MACSEC_ACL)
+    {
+        return refresh_macsec_sci_in_ingress_macsec_acl(object_id);
+    }
+
     auto mmeta = m_meta.lock();
 
     if (mmeta)

vslib/src/SwitchStateBaseMACsec.cpp

@@ -601,7 +601,7 @@ sai_status_t SwitchStateBase::loadMACsecAttr(
         return loadMACsecAttrFromMACsecSA(objectId, attrCount, attrList, macsecAttr);
 
     default:
-        SWSS_LOG_ERROR("Wrong type %s", sai_serialize_object_type(objectType));
+        SWSS_LOG_ERROR("Wrong type %s", sai_serialize_object_type(objectType).c_str());
 
         break;
     }
@@ -748,66 +748,6 @@ sai_status_t SwitchStateBase::loadMACsecAttrsFromACLEntry(
     return SAI_STATUS_NOT_IMPLEMENTED;
 }
 
-sai_status_t SwitchStateBase::getMACsecAttr(
-        _In_ const std::string &serializedObjectId,
-        _In_ uint32_t attrCount,
-        _Out_ sai_attribute_t *attrList)
-{
-    SWSS_LOG_ENTER();
-
-    for (uint32_t i = 0; i < attrCount; i++)
-    {
-        if (attrList[i].id == SAI_MACSEC_ATTR_SCI_IN_INGRESS_MACSEC_ACL)
-        {
-            attrList[i].value.booldata = true;
-        }
-        else
-        {
-            auto meta = sai_metadata_get_attr_metadata(SAI_OBJECT_TYPE_MACSEC, attrList[i].id);
-
-            SWSS_LOG_WARN("Cannot get attribute %s", meta->attridname);
-
-            return SAI_STATUS_NOT_IMPLEMENTED;
-        }
-    }
-
-    return SAI_STATUS_SUCCESS;
-}
-
-sai_status_t SwitchStateBase::getMACsecSAAttr(
-        _In_ const std::string &serializedObjectId,
-        _In_ uint32_t attrCount,
-        _Out_ sai_attribute_t *attrList)
-{
-    SWSS_LOG_ENTER();
-
-    CHECK_STATUS(get_internal(SAI_OBJECT_TYPE_MACSEC_SA, serializedObjectId, attrCount, attrList));
-
-    sai_status_t ret = SAI_STATUS_SUCCESS;
-    sai_object_id_t macsec_id = SAI_NULL_OBJECT_ID;
-
-    sai_deserialize_object_id(serializedObjectId, macsec_id);
-
-    for (uint32_t i = 0; i < attrCount; i++)
-    {
-        if (attrList[i].id == SAI_MACSEC_SA_ATTR_XPN)
-        {
-            ret = getMACsecSAPacketNumber(macsec_id, attrList[i]);
-        }
-        else if (attrList[i].id == SAI_MACSEC_SA_ATTR_MINIMUM_XPN)
-        {
-            ret = getMACsecSAPacketNumber(macsec_id, attrList[i]);
-        }
-
-        if (ret != SAI_STATUS_SUCCESS)
-        {
-            return ret;
-        }
-    }
-
-    return SAI_STATUS_SUCCESS;
-}
-
 sai_status_t SwitchStateBase::getMACsecSAPacketNumber(
         _In_ sai_object_id_t macsecSaId,
         _Out_ sai_attribute_t &attr)