sonic-swss
sonic-swss copied to clipboard
sonic-net
Capability query for MACSEC ACL attribute
What I did -Modified the MACsec orchestration logic to conditionally include or exclude the ability to match the SCI in ACL configurations based on the ASIC's capabilities. -Implemented a capability check in SONiC to determine whether the SAI_ACL_TABLE_ATTR_FIELD_MACSEC_SCI attribute is supported by the ASIC, thus ensuring that neither SAI_ACL_TABLE_ATTR_FIELD_MACSEC_SCI nor SAI_ACL_ENTRY_ATTR_FIELD_MACSEC_SCI is used when unsupported.
Why I did it
- The current implementation attempts to use the
SAI_ACL_ENTRY_ATTR_FIELD_MACSEC_SCIattribute even when it's not supported by the underlying ASIC or driver, causing failures in the vendor's SAI/SDK code. - The capability check prevents these errors, ensuring compatibility with different hardware.
How I verified it
- Compiled the code successfully without errors.
- Conducted manual tests on Marvell platforms without support for the
SAI_ACL_TABLE_ATTR_FIELD_MACSEC_SCIattribute to validate the conditional logic.
Details if related Fixes the issue raised in https://github.com/sonic-net/sonic-swss/issues/3134
The committers listed above are authorized under a signed CLA.
- :white_check_mark: login: smvmarvell (427913c655a8569015c272a5fde1b0d01634f420)
![linux-foundation-easycla[bot] avatar](https://avatars.githubusercontent.com/in/17893?v=4 "Published by a pub.dev verified publisher"){kind=small}
This change is already merged as part of https://github.com/sonic-net/sonic-swss/pull/3385.
@prsunny , Could you please close this PR , this change is merged as part of https://github.com/sonic-net/sonic-swss/pull/3385.