Skip to content

Commit

Permalink
[vslib]Add MACsec Manager (sonic-net#715)
Browse files Browse the repository at this point in the history
Signed-off-by: Ze Gan <[email protected]>
  • Loading branch information
Pterosaur authored Nov 20, 2020
1 parent 806d0e8 commit 7623114
Show file tree
Hide file tree
Showing 4 changed files with 1,111 additions and 0 deletions.
38 changes: 38 additions & 0 deletions vslib/inc/MACsecAttr.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
#pragma once

#include "HostInterfaceInfo.h"

#include <string>
#include <memory>

namespace saivs
{
using macsec_sci_t = std::string;
using macsec_an_t = std::uint16_t;
using macsec_pn_t = std::uint64_t;

struct MACsecAttr
{
// Explicitely declare constructor and destructor as non-inline functions
// to avoid 'call is unlikely and code size would grow [-Werror=inline]'
MACsecAttr();

~MACsecAttr();

std::string m_vethName;
std::string m_macsecName;
std::string m_authKey;
std::string m_sak;
std::string m_sci;

macsec_an_t m_an;
macsec_pn_t m_pn;

bool m_sendSci;
bool m_encryptionEnable;

sai_int32_t m_direction;

std::shared_ptr<HostInterfaceInfo> m_info;
};
}
146 changes: 146 additions & 0 deletions vslib/inc/MACsecManager.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,146 @@
#pragma once

#include "MACsecAttr.h"
#include "MACsecFilter.h"
#include "MACsecForwarder.h"

namespace saivs
{
class MACsecManager
{
public:
MACsecManager();

virtual ~MACsecManager();

bool create_macsec_port(
_In_ const MACsecAttr &attr);

bool create_macsec_sc(
_In_ const MACsecAttr &attr);

bool create_macsec_sa(
_In_ const MACsecAttr &attr);

bool delete_macsec_port(
_In_ const MACsecAttr &attr);

bool delete_macsec_sc(
_In_ const MACsecAttr &attr);

bool delete_macsec_sa(
_In_ const MACsecAttr &attr);

bool enable_macsec_filter(
_In_ const std::string &macsecInterface,
_In_ bool enable);

bool get_macsec_sa_pn(
_In_ const MACsecAttr &attr,
_Out_ sai_uint64_t &pn) const;

private:

bool create_macsec_egress_sc(
_In_ const MACsecAttr &attr);

bool create_macsec_ingress_sc(
_In_ const MACsecAttr &attr);

bool create_macsec_egress_sa(
_In_ const MACsecAttr &attr);

bool create_macsec_ingress_sa(
_In_ const MACsecAttr &attr);

bool delete_macsec_egress_sc(
_In_ const MACsecAttr &attr);

bool delete_macsec_ingress_sc(
_In_ const MACsecAttr &attr);

bool delete_macsec_egress_sa(
_In_ const MACsecAttr &attr);

bool delete_macsec_ingress_sa(
_In_ const MACsecAttr &attr);

bool add_macsec_filter(
_In_ const std::string &macsecInterface);

bool add_macsec_forwarder(
_In_ const std::string &macsecInterface);

bool delete_macsec_forwarder(
_In_ const std::string &macsecInterface);

bool add_macsec_manager(
_In_ const std::string &macsecInterface,
_In_ std::shared_ptr<HostInterfaceInfo> info);

bool delete_macsec_manager(
_In_ const std::string &macsecInterface);

bool get_macsec_device_info(
_In_ const std::string &macsecDevice,
_Out_ std::string &info) const;

bool is_macsec_device_existing(
_In_ const std::string &macsecDevice) const;

bool get_macsec_sc_info(
_In_ const std::string &macsecDevice,
_In_ sai_int32_t direction,
_In_ const std::string &sci,
_Out_ std::string &info) const;

bool is_macsec_sc_existing(
_In_ const std::string &macsecDevice,
_In_ sai_int32_t direction,
_In_ const std::string &sci) const;

bool get_macsec_sa_info(
_In_ const std::string &macsecDevice,
_In_ sai_int32_t direction,
_In_ const std::string &sci,
_In_ macsec_an_t an,
_Out_ std::string &info) const;

bool is_macsec_sa_existing(
_In_ const std::string &macsecDevice,
_In_ sai_int32_t direction,
_In_ const std::string &sci,
_In_ macsec_an_t an) const;

size_t get_macsec_sa_count(
_In_ const std::string &macsecDevice,
_In_ sai_int32_t direction,
_In_ const std::string &sci) const;

void cleanup_macsec_device() const;

std::string shellquote(
_In_ const std::string &str) const;

bool exec(
_In_ const std::string &command,
_Out_ std::string &output) const;

bool exec(
_In_ const std::string &command) const;

struct MACsecTrafficManager
{
MACsecTrafficManager() = default;

~MACsecTrafficManager() = default;

std::shared_ptr<HostInterfaceInfo> m_info;
std::shared_ptr<MACsecFilter> m_ingressFilter;
std::shared_ptr<MACsecFilter> m_egressFilter;
std::shared_ptr<MACsecForwarder> m_forwarder;
};

std::map<std::string, MACsecTrafficManager> m_macsecTrafficManagers;
};
}
19 changes: 19 additions & 0 deletions vslib/src/MACsecAttr.cpp
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
#include "MACsecAttr.h"

#include "swss/logger.h"

using namespace saivs;

MACsecAttr::MACsecAttr()
{
SWSS_LOG_ENTER();

// empty intentionally
}

MACsecAttr::~MACsecAttr()
{
SWSS_LOG_ENTER();

// empty intentionally
}
Loading

0 comments on commit 7623114

Please sign in to comment.