Matching SCI in ACL Using SAI_ACL_ENTRY_ATTR_FIELD_MACSEC_SCI Not Supported on Some Platforms

[smvmarvell]

Problem Statement:

The SAI_ACL_ENTRY_ATTR_FIELD_MACSEC_SCI attribute, which is used for matching the MACsec SCI in ACL, is not supported by all types of ASICs. Despite this, SONiC currently attempts to use this attribute even when the underlying ASIC or its driver does not support it, leading to failures in the vendor's SAI/SDK code. The SCI field in the packet can be validated by the security engine using the SAI_MACSEC_SC_ATTR_MACSEC_SCI attribute.

Proposed Solution:

Implement a capability check in SONiC to determine whether the SAI_ACL_TABLE_ATTR_FIELD_MACSEC_SCI attribute is supported by the ASIC. Based on this check, modify the MACsec orchestration logic to conditionally include or exclude this attribute in the list of attributes. This prevents errors in the vendor's SDK. Using this capability check, ensure that neither SAI_ACL_TABLE_ATTR_FIELD_MACSEC_SCI nor SAI_ACL_ENTRY_ATTR_FIELD_MACSEC_SCI is added to the attribute list during ACL creation when the underlying ASIC does not support them. This approach reduces failures due to unsupported attributes.