Skip to content

Commit 1ed0b4b

Browse files
authored
[macsec] Refactor the logic of macsec name map (#2348)
* Add/remove macsec name map w/o gearbox correctly * Add macsec counter unit test
1 parent f88f992 commit 1ed0b4b

File tree

2 files changed

+55
-15
lines changed

2 files changed

+55
-15
lines changed

orchagent/macsecorch.cpp

Lines changed: 2 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -2340,10 +2340,6 @@ void MACsecOrch::installCounter(
23402340
sai_object_id_t obj_id,
23412341
const std::vector<std::string> &stats)
23422342
{
2343-
FieldValueTuple tuple(obj_name, sai_serialize_object_id(obj_id));
2344-
vector<FieldValueTuple> fields;
2345-
fields.push_back(tuple);
2346-
23472343
std::unordered_set<std::string> counter_stats;
23482344
for (const auto &stat : stats)
23492345
{
@@ -2353,12 +2349,11 @@ void MACsecOrch::installCounter(
23532349
{
23542350
case CounterType::MACSEC_SA_ATTR:
23552351
MACsecSaAttrStatManager(ctx).setCounterIdList(obj_id, counter_type, counter_stats);
2356-
MACsecCountersMap(ctx).set("", fields);
23572352
break;
23582353

23592354
case CounterType::MACSEC_SA:
23602355
MACsecSaStatManager(ctx).setCounterIdList(obj_id, counter_type, counter_stats);
2361-
MACsecCountersMap(ctx).set("", fields);
2356+
MACsecCountersMap(ctx).hset("", obj_name, sai_serialize_object_id(obj_id));
23622357
break;
23632358

23642359
case CounterType::MACSEC_FLOW:
@@ -2383,19 +2378,11 @@ void MACsecOrch::uninstallCounter(
23832378
{
23842379
case CounterType::MACSEC_SA_ATTR:
23852380
MACsecSaAttrStatManager(ctx).clearCounterIdList(obj_id);
2386-
m_counter_db.hdel(COUNTERS_MACSEC_NAME_MAP, obj_name);
23872381
break;
23882382

23892383
case CounterType::MACSEC_SA:
23902384
MACsecSaStatManager(ctx).clearCounterIdList(obj_id);
2391-
if (direction == SAI_MACSEC_DIRECTION_EGRESS)
2392-
{
2393-
m_counter_db.hdel(COUNTERS_MACSEC_SA_TX_NAME_MAP, obj_name);
2394-
}
2395-
else
2396-
{
2397-
m_counter_db.hdel(COUNTERS_MACSEC_SA_RX_NAME_MAP, obj_name);
2398-
}
2385+
MACsecCountersMap(ctx).hdel("", obj_name);
23992386
break;
24002387

24012388
case CounterType::MACSEC_FLOW:

tests/test_macsec.py

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,11 @@
11
from swsscommon import swsscommon
2+
from swsscommon.swsscommon import CounterTable, MacsecCounter
23
import conftest
34

45
import functools
56
import typing
67
import re
8+
import time
79

810

911
def to_string(value):
@@ -389,6 +391,21 @@ def get_macsec_sa(
389391
print(info.group(0))
390392
return info.group(0)
391393

394+
@macsec_sa()
395+
def get_macsec_xpn_counter(
396+
self,
397+
sai: str) -> int:
398+
counter_table = CounterTable(self.dvs.get_counters_db().db_connection)
399+
for i in range(3):
400+
r, value = counter_table.hget(
401+
MacsecCounter(),
402+
sai,
403+
"SAI_MACSEC_SA_ATTR_CURRENT_XPN")
404+
if r: return int(value)
405+
time.sleep(1) # wait a moment for polling counter
406+
407+
return None
408+
392409

393410
class TestMACsec(object):
394411
def init_macsec(
@@ -658,6 +675,18 @@ def test_macsec_term_orch(self, dvs: conftest.DockerVirtualSwitch, testlog):
658675
peer_mac_address,
659676
macsec_port_identifier,
660677
0))
678+
assert(
679+
inspector.get_macsec_xpn_counter(
680+
port_name,
681+
local_mac_address,
682+
macsec_port_identifier,
683+
0) == packet_number)
684+
assert(
685+
inspector.get_macsec_xpn_counter(
686+
port_name,
687+
peer_mac_address,
688+
macsec_port_identifier,
689+
0) == packet_number)
661690
self.rekey_macsec(
662691
wpa,
663692
port_name,
@@ -683,6 +712,18 @@ def test_macsec_term_orch(self, dvs: conftest.DockerVirtualSwitch, testlog):
683712
peer_mac_address,
684713
macsec_port_identifier,
685714
1))
715+
assert(
716+
inspector.get_macsec_xpn_counter(
717+
port_name,
718+
local_mac_address,
719+
macsec_port_identifier,
720+
1) == packet_number)
721+
assert(
722+
inspector.get_macsec_xpn_counter(
723+
port_name,
724+
peer_mac_address,
725+
macsec_port_identifier,
726+
1) == packet_number)
686727
assert(
687728
not inspector.get_macsec_sa(
688729
macsec_port,
@@ -695,6 +736,18 @@ def test_macsec_term_orch(self, dvs: conftest.DockerVirtualSwitch, testlog):
695736
peer_mac_address,
696737
macsec_port_identifier,
697738
0))
739+
assert(
740+
not inspector.get_macsec_xpn_counter(
741+
port_name,
742+
local_mac_address,
743+
macsec_port_identifier,
744+
0) == packet_number)
745+
assert(
746+
not inspector.get_macsec_xpn_counter(
747+
port_name,
748+
peer_mac_address,
749+
macsec_port_identifier,
750+
0) == packet_number)
698751
# Exit MACsec port
699752
self.deinit_macsec(
700753
wpa,

0 commit comments

Comments
 (0)