-
Notifications
You must be signed in to change notification settings - Fork 539
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[MACsecMgr]: Add MACsec Manager #1475
Conversation
Signed-off-by: Ze Gan <[email protected]>
Signed-off-by: Ze Gan <[email protected]>
Signed-off-by: Ze Gan <[email protected]>
Signed-off-by: Ze Gan <[email protected]>
Signed-off-by: Ze Gan <[email protected]>
Signed-off-by: Ze Gan <[email protected]>
Signed-off-by: Ze Gan <[email protected]>
Signed-off-by: Ze Gan <[email protected]>
420b0ea
to
943bf8c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Few comments in macsecmgr.cpp.
Question: How is the Config Db being updated ? |
Right now, we have two method to update the config DB.
In the future, we would like to provide some CLI tool to update the MACsec state. |
Signed-off-by: Ze Gan <[email protected]>
retest vs please |
cfgmgr/macsecmgr.cpp
Outdated
return istream; | ||
} | ||
|
||
static std::istringstream &operator>>( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can this be in swss-common?
In the code, is there process to check all the instances alive and restart it when it's dead/killed? |
Signed-off-by: Ze Gan <[email protected]>
Signed-off-by: Ze Gan <[email protected]>
retest vs please |
2 similar comments
retest vs please |
retest vs please |
retest vs please |
Add MACsec Manager for MACsec feature. MACsecMgr is a daemon in MACsec container, that receives the message from CONFIG DB and uses wpa_cli instructions to manage the functionality of MACsec in the specified port. The below figure is the flow chart of MACsecMgr which shows the MACsec profile management according to MACsec Profile Table and the functionality of MACsec in the specified port according to PortTable. The main functions are defined in class MACsecMgr as follow ``` task_process_status removeProfile(const std::string & profile_name, const TaskArgs & profile_attr); task_process_status loadProfile(const std::string & profile_name, const TaskArgs & profile_attr); task_process_status enableMACsec(const std::string & port_name, const TaskArgs & port_attr); task_process_status disableMACsec(const std::string & port_name, const TaskArgs & port_attr); ``` The HLD of MACsec Manager is at [MACsec HLD](https://github.com/Azure/SONiC/blob/master/doc/macsec/MACsec_hld.md#341-macsec-mgr) Signed-off-by: Ze Gan <[email protected]>
Add MACsec Manager for MACsec feature. MACsecMgr is a daemon in MACsec container, that receives the message from CONFIG DB and uses wpa_cli instructions to manage the functionality of MACsec in the specified port. The below figure is the flow chart of MACsecMgr which shows the MACsec profile management according to MACsec Profile Table and the functionality of MACsec in the specified port according to PortTable. The main functions are defined in class MACsecMgr as follow ``` task_process_status removeProfile(const std::string & profile_name, const TaskArgs & profile_attr); task_process_status loadProfile(const std::string & profile_name, const TaskArgs & profile_attr); task_process_status enableMACsec(const std::string & port_name, const TaskArgs & port_attr); task_process_status disableMACsec(const std::string & port_name, const TaskArgs & port_attr); ``` The HLD of MACsec Manager is at [MACsec HLD](https://github.com/Azure/SONiC/blob/master/doc/macsec/MACsec_hld.md#341-macsec-mgr) Signed-off-by: Ze Gan <[email protected]>
…-net#1475) Signed-off-by: Danny Allen <[email protected]>
What I did
Add MACsec Manager for MACsec feature.
MACsecMgr is a daemon in MACsec container, that receives the message from CONFIG DB and uses wpa_cli instructions to manage the functionality of MACsec in the specified port. The below figure is the flow chart of MACsecMgr which shows the MACsec profile management according to MACsec Profile Table and the functionality of MACsec in the specified port according to PortTable.
The main functions are defined in class MACsecMgr as follow
The HLD of MACsec Manager is at MACsec HLD
Why I did it
The MACsec Manager will be used to manage wpa_supplicant processes according to config db.
How I verified it
The wpa_supplicant process should be started.
Details if related
This PR depends on : sonic-net/sonic-wpa-supplicant#16 and sonic-net/sonic-buildimage#5700 and sonic-net/sonic-swss-common#434