[MACsecMgr]: Add MACsec Manager #1475
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Ze Gan <[email protected]>
Signed-off-by: Ze Gan <[email protected]>
Signed-off-by: Ze Gan <[email protected]>
Signed-off-by: Ze Gan <[email protected]>
Signed-off-by: Ze Gan <[email protected]>
Signed-off-by: Ze Gan <[email protected]>
Signed-off-by: Ze Gan <[email protected]>
Signed-off-by: Ze Gan <[email protected]>
Pterosaur
force-pushed
the
macsecmgr
branch
2 times, most recently
from
420b0ea
to
943bf8c
Compare
samitabh
reviewed
Nov 26, 2020
samitabh
reviewed
Nov 26, 2020
|
Question: How is the Config Db being updated ? |
Right now, we have two method to update the config DB.
In the future, we would like to provide some CLI tool to update the MACsec state. |
lguohan
previously approved these changes
Dec 4, 2020
Signed-off-by: Ze Gan <[email protected]>
|
retest vs please |
lguohan
previously approved these changes
Dec 4, 2020
cfgmgr/macsecmgr.cpp
Outdated
| return istream; | ||
| } | ||
|
|
||
| static std::istringstream &operator>>( |
There was a problem hiding this comment.
can this be in swss-common?
|
In the code, is there process to check all the instances alive and restart it when it's dead/killed? |
Signed-off-by: Ze Gan <[email protected]>
Signed-off-by: Ze Gan <[email protected]>
|
retest vs please |
2 similar comments
|
retest vs please |
|
retest vs please |
lguohan
approved these changes
Jan 22, 2021
|
retest vs please |
DavidZagury
pushed a commit
to DavidZagury/sonic-swss
that referenced
this pull request
Mar 4, 2021
Add MACsec Manager for MACsec feature.
MACsecMgr is a daemon in MACsec container, that receives the message from CONFIG DB and uses wpa_cli instructions to manage the functionality of MACsec in the specified port. The below figure is the flow chart of MACsecMgr which shows the MACsec profile management according to MACsec Profile Table and the functionality of MACsec in the specified port according to PortTable.
The main functions are defined in class MACsecMgr as follow
```
task_process_status removeProfile(const std::string & profile_name, const TaskArgs & profile_attr);
task_process_status loadProfile(const std::string & profile_name, const TaskArgs & profile_attr);
task_process_status enableMACsec(const std::string & port_name, const TaskArgs & port_attr);
task_process_status disableMACsec(const std::string & port_name, const TaskArgs & port_attr);
```
The HLD of MACsec Manager is at [MACsec HLD](https://github.com/Azure/SONiC/blob/master/doc/macsec/MACsec_hld.md#341-macsec-mgr)
Signed-off-by: Ze Gan <[email protected]>
raphaelt-nvidia
pushed a commit
to raphaelt-nvidia/sonic-swss
that referenced
this pull request
Oct 5, 2021
Add MACsec Manager for MACsec feature.
MACsecMgr is a daemon in MACsec container, that receives the message from CONFIG DB and uses wpa_cli instructions to manage the functionality of MACsec in the specified port. The below figure is the flow chart of MACsecMgr which shows the MACsec profile management according to MACsec Profile Table and the functionality of MACsec in the specified port according to PortTable.
The main functions are defined in class MACsecMgr as follow
```
task_process_status removeProfile(const std::string & profile_name, const TaskArgs & profile_attr);
task_process_status loadProfile(const std::string & profile_name, const TaskArgs & profile_attr);
task_process_status enableMACsec(const std::string & port_name, const TaskArgs & port_attr);
task_process_status disableMACsec(const std::string & port_name, const TaskArgs & port_attr);
```
The HLD of MACsec Manager is at [MACsec HLD](https://github.com/Azure/SONiC/blob/master/doc/macsec/MACsec_hld.md#341-macsec-mgr)
Signed-off-by: Ze Gan <[email protected]>
EdenGri
pushed a commit
to EdenGri/sonic-swss
that referenced
this pull request
Feb 28, 2022
…-net#1475) Signed-off-by: Danny Allen <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What I did
Add MACsec Manager for MACsec feature.
MACsecMgr is a daemon in MACsec container, that receives the message from CONFIG DB and uses wpa_cli instructions to manage the functionality of MACsec in the specified port. The below figure is the flow chart of MACsecMgr which shows the MACsec profile management according to MACsec Profile Table and the functionality of MACsec in the specified port according to PortTable.
The main functions are defined in class MACsecMgr as follow
The HLD of MACsec Manager is at MACsec HLD
Why I did it
The MACsec Manager will be used to manage wpa_supplicant processes according to config db.
How I verified it
The wpa_supplicant process should be started.
Details if related
This PR depends on : sonic-net/sonic-wpa-supplicant#16 and sonic-net/sonic-buildimage#5700 and sonic-net/sonic-swss-common#434