Skip to content

Commit

Permalink
Support for MACsec statistics
Browse files Browse the repository at this point in the history
  • Loading branch information
qbdwlr committed Aug 12, 2021
1 parent d8ca31c commit 7a14f71
Show file tree
Hide file tree
Showing 4 changed files with 127 additions and 12 deletions.
2 changes: 2 additions & 0 deletions orchagent/flex_counter/flex_counter_manager.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,8 @@ const unordered_map<CounterType, string> FlexCounterManager::counter_id_field_lo
{ CounterType::PORT, PORT_COUNTER_ID_LIST },
{ CounterType::QUEUE, QUEUE_COUNTER_ID_LIST },
{ CounterType::MACSEC_SA_ATTR, MACSEC_SA_ATTR_ID_LIST },
{ CounterType::MACSEC_SA, MACSEC_SA_COUNTER_ID_LIST },
{ CounterType::MACSEC_FLOW, MACSEC_FLOW_COUNTER_ID_LIST },
};

FlexCounterManager::FlexCounterManager(
Expand Down
2 changes: 2 additions & 0 deletions orchagent/flex_counter/flex_counter_manager.h
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@ enum class CounterType
PORT_DEBUG,
SWITCH_DEBUG,
MACSEC_SA_ATTR,
MACSEC_SA,
MACSEC_FLOW,
};

// FlexCounterManager allows users to manage a group of flex counters.
Expand Down
126 changes: 116 additions & 10 deletions orchagent/macsecorch.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,9 @@
#define AVAILABLE_ACL_PRIORITIES_LIMITATION (32)
#define EAPOL_ETHER_TYPE (0x888e)
#define MACSEC_STAT_FLEX_COUNTER_POLLING_INTERVAL_MS (1000)
#define COUNTERS_MACSEC_ATTR_GROUP "COUNTERS_MACSEC_ATTR"
#define COUNTERS_MACSEC_SA_ATTR_GROUP "COUNTERS_MACSEC_SA_ATTR"
#define COUNTERS_MACSEC_SA_GROUP "COUNTERS_MACSEC_SA"
#define COUNTERS_MACSEC_FLOW_GROUP "COUNTERS_MACSEC_FLOW"

extern sai_object_id_t gSwitchId;
extern sai_macsec_api_t *sai_macsec_api;
Expand All @@ -35,6 +37,62 @@ static const std::vector<std::string> macsec_sa_attrs =
{
"SAI_MACSEC_SA_ATTR_CURRENT_XPN",
};
static const std::vector<std::string> macsec_sa_ingress_stats =
{
"SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED",
"SAI_MACSEC_SA_STAT_OCTETS_PROTECTED",
"SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED",
"SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED",
"SAI_MACSEC_SA_STAT_IN_PKTS_LATE",
"SAI_MACSEC_SA_STAT_IN_PKTS_INVALID",
"SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID",
"SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA",
"SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA",
"SAI_MACSEC_SA_STAT_IN_PKTS_OK",
};
static const std::vector<std::string> macsec_sa_egress_stats =
{
"SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED",
"SAI_MACSEC_SA_STAT_OCTETS_PROTECTED",
"SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED",
"SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED",
};
static const std::vector<std::string> macsec_flow_ingress_stats =
{
"SAI_MACSEC_FLOW_STAT_OTHER_ERR",
"SAI_MACSEC_FLOW_STAT_OCTETS_UNCONTROLLED",
"SAI_MACSEC_FLOW_STAT_OCTETS_CONTROLLED",
"SAI_MACSEC_FLOW_STAT_UCAST_PKTS_UNCONTROLLED",
"SAI_MACSEC_FLOW_STAT_UCAST_PKTS_CONTROLLED",
"SAI_MACSEC_FLOW_STAT_MULTICAST_PKTS_UNCONTROLLED",
"SAI_MACSEC_FLOW_STAT_MULTICAST_PKTS_CONTROLLED",
"SAI_MACSEC_FLOW_STAT_BROADCAST_PKTS_UNCONTROLLED",
"SAI_MACSEC_FLOW_STAT_BROADCAST_PKTS_CONTROLLED",
"SAI_MACSEC_FLOW_STAT_CONTROL_PKTS",
"SAI_MACSEC_FLOW_STAT_PKTS_UNTAGGED",
"SAI_MACSEC_FLOW_STAT_IN_TAGGED_CONTROL_PKTS",
"SAI_MACSEC_FLOW_STAT_IN_PKTS_NO_TAG",
"SAI_MACSEC_FLOW_STAT_IN_PKTS_BAD_TAG",
"SAI_MACSEC_FLOW_STAT_IN_PKTS_NO_SCI",
"SAI_MACSEC_FLOW_STAT_IN_PKTS_UNKNOWN_SCI",
"SAI_MACSEC_FLOW_STAT_IN_PKTS_OVERRUN",
};
static const std::vector<std::string> macsec_flow_egress_stats =
{
"SAI_MACSEC_FLOW_STAT_OTHER_ERR",
"SAI_MACSEC_FLOW_STAT_OCTETS_UNCONTROLLED",
"SAI_MACSEC_FLOW_STAT_OCTETS_CONTROLLED",
"SAI_MACSEC_FLOW_STAT_OUT_OCTETS_COMMON",
"SAI_MACSEC_FLOW_STAT_UCAST_PKTS_UNCONTROLLED",
"SAI_MACSEC_FLOW_STAT_UCAST_PKTS_CONTROLLED",
"SAI_MACSEC_FLOW_STAT_MULTICAST_PKTS_UNCONTROLLED",
"SAI_MACSEC_FLOW_STAT_MULTICAST_PKTS_CONTROLLED",
"SAI_MACSEC_FLOW_STAT_BROADCAST_PKTS_UNCONTROLLED",
"SAI_MACSEC_FLOW_STAT_BROADCAST_PKTS_CONTROLLED",
"SAI_MACSEC_FLOW_STAT_CONTROL_PKTS",
"SAI_MACSEC_FLOW_STAT_PKTS_UNTAGGED",
"SAI_MACSEC_FLOW_STAT_OUT_PKTS_TOO_LONG",
};

template <typename T, typename... Args>
static bool extract_variables(const std::string &input, char delimiter, T &output, Args &... args)
Expand Down Expand Up @@ -457,8 +515,16 @@ MACsecOrch::MACsecOrch(
m_state_macsec_ingress_sa(state_db, STATE_MACSEC_INGRESS_SA_TABLE_NAME),
m_counter_db("COUNTERS_DB", 0),
m_macsec_counters_map(&m_counter_db, COUNTERS_MACSEC_NAME_MAP),
m_macsec_flex_counter_manager(
COUNTERS_MACSEC_ATTR_GROUP,
m_macsec_sa_attr_manager(
COUNTERS_MACSEC_SA_ATTR_GROUP,
StatsMode::READ,
MACSEC_STAT_FLEX_COUNTER_POLLING_INTERVAL_MS, true),
m_macsec_sa_stat_manager(
COUNTERS_MACSEC_SA_GROUP,
StatsMode::READ,
MACSEC_STAT_FLEX_COUNTER_POLLING_INTERVAL_MS, true),
m_macsec_flow_stat_manager(
COUNTERS_MACSEC_FLOW_GROUP,
StatsMode::READ,
MACSEC_STAT_FLEX_COUNTER_POLLING_INTERVAL_MS, true)
{
Expand Down Expand Up @@ -1095,7 +1161,7 @@ bool MACsecOrch::updateMACsecPort(MACsecPort &macsec_port, const TaskArgs &port_
}
else
{
SWSS_LOG_WARN("Unknow Cipher Suite %s", cipher_suite.c_str());
SWSS_LOG_WARN("Unknown Cipher Suite %s", cipher_suite.c_str());
return false;
}
}
Expand Down Expand Up @@ -1743,11 +1809,11 @@ task_process_status MACsecOrch::createMACsecSA(
fvVector.emplace_back("state", "ok");
if (direction == SAI_MACSEC_DIRECTION_EGRESS)
{
m_state_macsec_egress_sa.set(swss::join('|', port_name, sci, an), fvVector);
installCounter(CounterType::MACSEC_SA, port_sci_an, sc->m_sa_ids[an], macsec_ m_state_macsec_egress_sa.set(swss::join('|', port_name, sci, an), fvVector);
}
else
{
m_state_macsec_ingress_sa.set(swss::join('|', port_name, sci, an), fvVector);
installCounter(CounterType::MACSEC_SA, port_sci_an, sc->m_sa_ids[an], macsec_ m_state_macsec_ingress_sa.set(swss::join('|', port_name, sci, an), fvVector);
}

SWSS_LOG_NOTICE("MACsec SA %s is created.", port_sci_an.c_str());
Expand Down Expand Up @@ -1781,7 +1847,8 @@ task_process_status MACsecOrch::deleteMACsecSA(

auto result = task_success;

uninstallCounter(port_sci_an, ctx.get_macsec_sc()->m_sa_ids[an]);
uninstallCounter(CounterType::MACSEC_SA_ATTR, port_sci_an, ctx.get_macsec_sc()->m_sa_ids[an]);
uninstallCounter(CounterType::MACSEC_SA, port_sci_an, ctx.get_macsec_sc()->m_sa_ids[an]);
if (!deleteMACsecSA(ctx.get_macsec_sc()->m_sa_ids[an]))
{
SWSS_LOG_WARN("Cannot delete the MACsec SA %s.", port_sci_an.c_str());
Expand Down Expand Up @@ -1922,12 +1989,51 @@ void MACsecOrch::installCounter(
{
counter_stats.emplace(stat);
}
m_macsec_flex_counter_manager.setCounterIdList(obj_id, counter_type, counter_stats);
switch(counter_type)
{
case CounterType::MACSEC_SA_ATTR:
m_macsec_sa_attr_manager.setCounterIdList(obj_id, counter_type, counter_stats);
break;

case CounterType::MACSEC_SA:
m_macsec_sa_stat_manager.setCounterIdList(obj_id, counter_type, counter_stats);
break;

case CounterType::MACSEC_FLOW:
m_macsec_flow_stat_manager.setCounterIdList(obj_id, counter_type, counter_stats);
break;

default:
SWSS_LOG_ERROR("Failed to install unknown counter type %u.\n",
static_cast<uint32_t>(counter_type));
break;
}
}

void MACsecOrch::uninstallCounter(const std::string &obj_name, sai_object_id_t obj_id)
void MACsecOrch::uninstallCounter(
CounterType counter_type,
const std::string &obj_name,
sai_object_id_t obj_id)
{
m_macsec_flex_counter_manager.clearCounterIdList(obj_id);
switch(counter_type)
{
case CounterType::MACSEC_SA_ATTR:
m_macsec_sa_attr_manager.clearCounterIdList(obj_id);
break;

case CounterType::MACSEC_SA:
m_macsec_sa_stat_manager.clearCounterIdList(obj_id);
break;

case CounterType::MACSEC_FLOW:
m_macsec_flow_stat_manager.clearCounterIdList(obj_id);
break;

default:
SWSS_LOG_ERROR("Failed to uninstall unknown counter type %u.\n",
static_cast<uint32_t>(counter_type));
break;
}

m_counter_db.hdel(COUNTERS_MACSEC_NAME_MAP, obj_name);
}
Expand Down
9 changes: 7 additions & 2 deletions orchagent/macsecorch.h
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,9 @@ class MACsecOrch : public Orch

DBConnector m_counter_db;
Table m_macsec_counters_map;
FlexCounterManager m_macsec_flex_counter_manager;
FlexCounterManager m_macsec_sa_attr_manager;
FlexCounterManager m_macsec_sa_stat_manager;
FlexCounterManager m_macsec_flow_stat_manager;

struct MACsecACLTable
{
Expand Down Expand Up @@ -195,7 +197,10 @@ class MACsecOrch : public Orch
const std::string &obj_name,
sai_object_id_t obj_id,
const std::vector<std::string> &stats);
void uninstallCounter(const std::string &obj_name, sai_object_id_t obj_id);
void uninstallCounter(
CounterType counter_type,
const std::string &obj_name,
sai_object_id_t obj_id);

/* MACsec ACL */
bool initMACsecACLTable(
Expand Down

0 comments on commit 7a14f71

Please sign in to comment.