From 1a22c6cadc12ba932c8b0f0bca0d4bfd525ceda0 Mon Sep 17 00:00:00 2001 From: byu343 Date: Sat, 24 Apr 2021 12:51:55 -0700 Subject: [PATCH] [MACsec]: Set macsec to bypass by default (#1719) In adapting to the MACsec driver for Arista 7280Cr3, we found it is necessary to set SAI_MACSEC_ATTR_PHYSICAL_BYPASS_ENABLE to True, to successfully change the MACsec status from enable to disable (expecting that the traffic can pass through without encryption thereafter). The reason behind is that the default value of the attribute is False, if it is False, the driver understands it as the user is not allowing to bypass MACsec, yielding the result of disabling MACsec not as expected. --- orchagent/macsecorch.cpp | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/orchagent/macsecorch.cpp b/orchagent/macsecorch.cpp index 8d349759890..a03a6807cd3 100644 --- a/orchagent/macsecorch.cpp +++ b/orchagent/macsecorch.cpp @@ -789,6 +789,11 @@ bool MACsecOrch::initMACsecObject(sai_object_id_t switch_id) attr.id = SAI_MACSEC_ATTR_DIRECTION; attr.value.s32 = SAI_MACSEC_DIRECTION_EGRESS; attrs.push_back(attr); + + attr.id = SAI_MACSEC_ATTR_PHYSICAL_BYPASS_ENABLE; + attr.value.booldata = true; + attrs.push_back(attr); + sai_status_t status = sai_macsec_api->create_macsec( &macsec_obj.first->second.m_egress_id, switch_id, @@ -809,6 +814,11 @@ bool MACsecOrch::initMACsecObject(sai_object_id_t switch_id) attr.id = SAI_MACSEC_ATTR_DIRECTION; attr.value.s32 = SAI_MACSEC_DIRECTION_INGRESS; attrs.push_back(attr); + + attr.id = SAI_MACSEC_ATTR_PHYSICAL_BYPASS_ENABLE; + attr.value.booldata = true; + attrs.push_back(attr); + status = sai_macsec_api->create_macsec( &macsec_obj.first->second.m_ingress_id, switch_id,