Skip to content

[action] [PR:3385] Capability query for MACSEC ACL attribute#3511

Merged
mssonicbld merged 1 commit intosonic-net:202411from
mssonicbld:cherry/202411/3385
Feb 11, 2025
Merged

[action] [PR:3385] Capability query for MACSEC ACL attribute#3511
mssonicbld merged 1 commit intosonic-net:202411from
mssonicbld:cherry/202411/3385

Conversation

@mssonicbld
Copy link
Collaborator

@mssonicbld mssonicbld commented Feb 11, 2025

What I did
-Modified the MACsec orchestration logic to conditionally include or exclude the ability to match the SCI in ACL configurations based on the ASIC's capabilities.
-Implemented a capability check in SONiC to determine whether the SAI_ACL_TABLE_ATTR_FIELD_MACSEC_SCI attribute is supported by the ASIC, thus ensuring that neither SAI_ACL_TABLE_ATTR_FIELD_MACSEC_SCI nor SAI_ACL_ENTRY_ATTR_FIELD_MACSEC_SCI is used when unsupported.

Why I did it

The current implementation attempts to use the SAI_ACL_ENTRY_ATTR_FIELD_MACSEC_SCI attribute even when it's not supported by the underlying ASIC or driver, causing failures in the vendor's SAI/SDK code.
The capability check prevents these errors, ensuring compatibility with different hardware.

How I verified it

Compiled the code successfully without errors.
Conducted manual tests on Marvell platforms without support for the SAI_ACL_TABLE_ATTR_FIELD_MACSEC_SCI attribute to validate the conditional logic.
Details if related
Fixes the issue raised in #3134

@mssonicbld
Capability query for MACSEC ACL attribute
1df6f30 
What I did
-Modified the MACsec orchestration logic to conditionally include or exclude the ability to match the SCI in ACL configurations based on the ASIC's capabilities.
-Implemented a capability check in SONiC to determine whether the SAI_ACL_TABLE_ATTR_FIELD_MACSEC_SCI attribute is supported by the ASIC, thus ensuring that neither SAI_ACL_TABLE_ATTR_FIELD_MACSEC_SCI nor SAI_ACL_ENTRY_ATTR_FIELD_MACSEC_SCI is used when unsupported.

Why I did it

The current implementation attempts to use the SAI_ACL_ENTRY_ATTR_FIELD_MACSEC_SCI attribute even when it's not supported by the underlying ASIC or driver, causing failures in the vendor's SAI/SDK code.
The capability check prevents these errors, ensuring compatibility with different hardware.

How I verified it

Compiled the code successfully without errors.
Conducted manual tests on Marvell platforms without support for the SAI_ACL_TABLE_ATTR_FIELD_MACSEC_SCI attribute to validate the conditional logic.
Details if related
Fixes the issue raised in sonic-net#3134
@mssonicbld
Copy link
Collaborator Author

mssonicbld commented Feb 11, 2025

/azp run

@mssonicbld
Copy link
Collaborator Author

mssonicbld commented Feb 11, 2025

Original PR: #3385

@mssonicbld mssonicbld mentioned this pull request Feb 11, 2025
Merged
@azure-pipelines
Copy link

azure-pipelines bot commented Feb 11, 2025

Azure Pipelines successfully started running 1 pipeline(s).

@mssonicbld mssonicbld merged commit 5031aad into sonic-net:202411 Feb 11, 2025
5 of 8 checks passed
dgsudharsan pushed a commit that referenced this pull request Feb 25, 2025
@mssonicbld
[code sync] Merge code from sonic-net/sonic-swss:202411 to 202412 (#30)
79e8532 
```<br>* c93c0eec - (HEAD -> 202412) Merge branch '202411' of https://github.com/sonic-net/sonic-swss into 202412 (2025-02-12) [Sonic Automation]
* 5031aad - (origin/202411) Capability query for MACSEC ACL attribute (#3511) (2025-02-12) [mssonicbld]
* 4b357e5 - Fix VRF update handling for loopback interfaces in IntfsOrch (#3512) (2025-02-12) [mssonicbld]
* fe98176 - Add a delay between killing teamd processes (#3510) (2025-02-11) [mssonicbld]
* e967711 - Remove RIF from m_rifsToAdd before deleting it (#3499) (2025-02-07) [mssonicbld]
* 337c9a1 - Optimize counter polling interval by making it more accurate (#3500) (2025-02-07) [mssonicbld]<br>```
dgsudharsan pushed a commit that referenced this pull request Feb 25, 2025
@mssonicbld
[code sync] Merge code from sonic-net/sonic-swss:202411 to 202412 (#31)
533d28e 
```<br>* 7532d469 - (HEAD -> 202412) Merge branch '202411' of https://github.com/sonic-net/sonic-swss into 202412 (2025-02-13) [Sonic Automation]
* 5031aad - (origin/202411) Capability query for MACSEC ACL attribute (#3511) (2025-02-12) [mssonicbld]
* 4b357e5 - Fix VRF update handling for loopback interfaces in IntfsOrch (#3512) (2025-02-12) [mssonicbld]
* fe98176 - Add a delay between killing teamd processes (#3510) (2025-02-11) [mssonicbld]
* e967711 - Remove RIF from m_rifsToAdd before deleting it (#3499) (2025-02-07) [mssonicbld]
* 337c9a1 - Optimize counter polling interval by making it more accurate (#3500) (2025-02-07) [mssonicbld]<br>```
dgsudharsan pushed a commit that referenced this pull request Feb 25, 2025
@mssonicbld
[code sync] Merge code from sonic-net/sonic-swss:202411 to 202412 (#32)
e04b6ce 
```<br>* 44417f65 - (HEAD -> 202412) Merge branch '202411' of https://github.com/sonic-net/sonic-swss into 202412 (2025-02-14) [Sonic Automation]
* 5031aad - (origin/202411) Capability query for MACSEC ACL attribute (#3511) (2025-02-12) [mssonicbld]
* 4b357e5 - Fix VRF update handling for loopback interfaces in IntfsOrch (#3512) (2025-02-12) [mssonicbld]
* fe98176 - Add a delay between killing teamd processes (#3510) (2025-02-11) [mssonicbld]
* e967711 - Remove RIF from m_rifsToAdd before deleting it (#3499) (2025-02-07) [mssonicbld]
* 337c9a1 - Optimize counter polling interval by making it more accurate (#3500) (2025-02-07) [mssonicbld]<br>```
dgsudharsan pushed a commit that referenced this pull request Feb 25, 2025
@mssonicbld
[code sync] Merge code from sonic-net/sonic-swss:202411 to 202412 (#33)
5b64a55 
```<br>* aaf061fc - (HEAD -> 202412) Merge branch '202411' of https://github.com/sonic-net/sonic-swss into 202412 (2025-02-15) [Sonic Automation]
* 5031aad - (origin/202411) Capability query for MACSEC ACL attribute (#3511) (2025-02-12) [mssonicbld]
* 4b357e5 - Fix VRF update handling for loopback interfaces in IntfsOrch (#3512) (2025-02-12) [mssonicbld]
* fe98176 - Add a delay between killing teamd processes (#3510) (2025-02-11) [mssonicbld]
* e967711 - Remove RIF from m_rifsToAdd before deleting it (#3499) (2025-02-07) [mssonicbld]
* 337c9a1 - Optimize counter polling interval by making it more accurate (#3500) (2025-02-07) [mssonicbld]<br>```
dgsudharsan pushed a commit that referenced this pull request Feb 25, 2025
@mssonicbld
[code sync] Merge code from sonic-net/sonic-swss:202411 to 202412 (#34)
6e83557 
```<br>* c97d84dd - (HEAD -> 202412) Merge branch '202411' of https://github.com/sonic-net/sonic-swss into 202412 (2025-02-16) [Sonic Automation]
* 5031aad - (origin/202411) Capability query for MACSEC ACL attribute (#3511) (2025-02-12) [mssonicbld]
* 4b357e5 - Fix VRF update handling for loopback interfaces in IntfsOrch (#3512) (2025-02-12) [mssonicbld]
* fe98176 - Add a delay between killing teamd processes (#3510) (2025-02-11) [mssonicbld]
* e967711 - Remove RIF from m_rifsToAdd before deleting it (#3499) (2025-02-07) [mssonicbld]
* 337c9a1 - Optimize counter polling interval by making it more accurate (#3500) (2025-02-07) [mssonicbld]<br>```
dgsudharsan pushed a commit that referenced this pull request Feb 25, 2025
@mssonicbld
[code sync] Merge code from sonic-net/sonic-swss:202411 to 202412 (#35)
84485cd 
```<br>* f69aaaf1 - (HEAD -> 202412) Merge branch '202411' of https://github.com/sonic-net/sonic-swss into 202412 (2025-02-17) [Sonic Automation]
* 5031aad - (origin/202411) Capability query for MACSEC ACL attribute (#3511) (2025-02-12) [mssonicbld]
* 4b357e5 - Fix VRF update handling for loopback interfaces in IntfsOrch (#3512) (2025-02-12) [mssonicbld]
* fe98176 - Add a delay between killing teamd processes (#3510) (2025-02-11) [mssonicbld]
* e967711 - Remove RIF from m_rifsToAdd before deleting it (#3499) (2025-02-07) [mssonicbld]
* 337c9a1 - Optimize counter polling interval by making it more accurate (#3500) (2025-02-07) [mssonicbld]<br>```
dgsudharsan pushed a commit that referenced this pull request Feb 25, 2025
@mssonicbld
[code sync] Merge code from sonic-net/sonic-swss:202411 to 202412 (#36)
b2a7b03 
```<br>* 22d8d147 - (HEAD -> 202412) Merge branch '202411' of https://github.com/sonic-net/sonic-swss into 202412 (2025-02-18) [Sonic Automation]
* 5031aad - (origin/202411) Capability query for MACSEC ACL attribute (#3511) (2025-02-12) [mssonicbld]
* 4b357e5 - Fix VRF update handling for loopback interfaces in IntfsOrch (#3512) (2025-02-12) [mssonicbld]
* fe98176 - Add a delay between killing teamd processes (#3510) (2025-02-11) [mssonicbld]
* e967711 - Remove RIF from m_rifsToAdd before deleting it (#3499) (2025-02-07) [mssonicbld]
* 337c9a1 - Optimize counter polling interval by making it more accurate (#3500) (2025-02-07) [mssonicbld]<br>```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

automerge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mssonicbld