diff --git a/orchagent/flex_counter/flex_counter_manager.cpp b/orchagent/flex_counter/flex_counter_manager.cpp index c924b269e85..64165e5c729 100644 --- a/orchagent/flex_counter/flex_counter_manager.cpp +++ b/orchagent/flex_counter/flex_counter_manager.cpp @@ -39,6 +39,8 @@ const unordered_map FlexCounterManager::counter_id_field_lo { CounterType::PORT, PORT_COUNTER_ID_LIST }, { CounterType::QUEUE, QUEUE_COUNTER_ID_LIST }, { CounterType::MACSEC_SA_ATTR, MACSEC_SA_ATTR_ID_LIST }, + { CounterType::MACSEC_SA, MACSEC_SA_COUNTER_ID_LIST }, + { CounterType::MACSEC_FLOW, MACSEC_FLOW_COUNTER_ID_LIST }, { CounterType::TUNNEL, TUNNEL_COUNTER_ID_LIST }, }; diff --git a/orchagent/flex_counter/flex_counter_manager.h b/orchagent/flex_counter/flex_counter_manager.h index 2d531d50844..6a0f5708720 100644 --- a/orchagent/flex_counter/flex_counter_manager.h +++ b/orchagent/flex_counter/flex_counter_manager.h @@ -26,6 +26,8 @@ enum class CounterType PORT_DEBUG, SWITCH_DEBUG, MACSEC_SA_ATTR, + MACSEC_SA, + MACSEC_FLOW, TUNNEL, }; diff --git a/orchagent/macsecorch.cpp b/orchagent/macsecorch.cpp index f3c085047cd..7acb57dfe88 100644 --- a/orchagent/macsecorch.cpp +++ b/orchagent/macsecorch.cpp @@ -19,7 +19,9 @@ #define AVAILABLE_ACL_PRIORITIES_LIMITATION (32) #define EAPOL_ETHER_TYPE (0x888e) #define MACSEC_STAT_FLEX_COUNTER_POLLING_INTERVAL_MS (1000) -#define COUNTERS_MACSEC_ATTR_GROUP "COUNTERS_MACSEC_ATTR" +#define COUNTERS_MACSEC_SA_ATTR_GROUP "COUNTERS_MACSEC_SA_ATTR" +#define COUNTERS_MACSEC_SA_GROUP "COUNTERS_MACSEC_SA" +#define COUNTERS_MACSEC_FLOW_GROUP "COUNTERS_MACSEC_FLOW" extern sai_object_id_t gSwitchId; extern sai_macsec_api_t *sai_macsec_api; @@ -35,6 +37,62 @@ static const std::vector macsec_sa_attrs = { "SAI_MACSEC_SA_ATTR_CURRENT_XPN", }; +static const std::vector macsec_sa_ingress_stats = + { + "SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED", + "SAI_MACSEC_SA_STAT_OCTETS_PROTECTED", + "SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED", + "SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED", + "SAI_MACSEC_SA_STAT_IN_PKTS_LATE", + "SAI_MACSEC_SA_STAT_IN_PKTS_INVALID", + "SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID", + "SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA", + "SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA", + "SAI_MACSEC_SA_STAT_IN_PKTS_OK", +}; +static const std::vector macsec_sa_egress_stats = + { + "SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED", + "SAI_MACSEC_SA_STAT_OCTETS_PROTECTED", + "SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED", + "SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED", +}; +static const std::vector macsec_flow_ingress_stats = + { + "SAI_MACSEC_FLOW_STAT_OTHER_ERR", + "SAI_MACSEC_FLOW_STAT_OCTETS_UNCONTROLLED", + "SAI_MACSEC_FLOW_STAT_OCTETS_CONTROLLED", + "SAI_MACSEC_FLOW_STAT_UCAST_PKTS_UNCONTROLLED", + "SAI_MACSEC_FLOW_STAT_UCAST_PKTS_CONTROLLED", + "SAI_MACSEC_FLOW_STAT_MULTICAST_PKTS_UNCONTROLLED", + "SAI_MACSEC_FLOW_STAT_MULTICAST_PKTS_CONTROLLED", + "SAI_MACSEC_FLOW_STAT_BROADCAST_PKTS_UNCONTROLLED", + "SAI_MACSEC_FLOW_STAT_BROADCAST_PKTS_CONTROLLED", + "SAI_MACSEC_FLOW_STAT_CONTROL_PKTS", + "SAI_MACSEC_FLOW_STAT_PKTS_UNTAGGED", + "SAI_MACSEC_FLOW_STAT_IN_TAGGED_CONTROL_PKTS", + "SAI_MACSEC_FLOW_STAT_IN_PKTS_NO_TAG", + "SAI_MACSEC_FLOW_STAT_IN_PKTS_BAD_TAG", + "SAI_MACSEC_FLOW_STAT_IN_PKTS_NO_SCI", + "SAI_MACSEC_FLOW_STAT_IN_PKTS_UNKNOWN_SCI", + "SAI_MACSEC_FLOW_STAT_IN_PKTS_OVERRUN", +}; +static const std::vector macsec_flow_egress_stats = + { + "SAI_MACSEC_FLOW_STAT_OTHER_ERR", + "SAI_MACSEC_FLOW_STAT_OCTETS_UNCONTROLLED", + "SAI_MACSEC_FLOW_STAT_OCTETS_CONTROLLED", + "SAI_MACSEC_FLOW_STAT_OUT_OCTETS_COMMON", + "SAI_MACSEC_FLOW_STAT_UCAST_PKTS_UNCONTROLLED", + "SAI_MACSEC_FLOW_STAT_UCAST_PKTS_CONTROLLED", + "SAI_MACSEC_FLOW_STAT_MULTICAST_PKTS_UNCONTROLLED", + "SAI_MACSEC_FLOW_STAT_MULTICAST_PKTS_CONTROLLED", + "SAI_MACSEC_FLOW_STAT_BROADCAST_PKTS_UNCONTROLLED", + "SAI_MACSEC_FLOW_STAT_BROADCAST_PKTS_CONTROLLED", + "SAI_MACSEC_FLOW_STAT_CONTROL_PKTS", + "SAI_MACSEC_FLOW_STAT_PKTS_UNTAGGED", + "SAI_MACSEC_FLOW_STAT_OUT_PKTS_TOO_LONG", +}; template static bool extract_variables(const std::string &input, char delimiter, T &output, Args &... args) @@ -479,8 +537,16 @@ MACsecOrch::MACsecOrch( m_state_macsec_ingress_sa(state_db, STATE_MACSEC_INGRESS_SA_TABLE_NAME), m_counter_db("COUNTERS_DB", 0), m_macsec_counters_map(&m_counter_db, COUNTERS_MACSEC_NAME_MAP), - m_macsec_flex_counter_manager( - COUNTERS_MACSEC_ATTR_GROUP, + m_macsec_sa_attr_manager( + COUNTERS_MACSEC_SA_ATTR_GROUP, + StatsMode::READ, + MACSEC_STAT_FLEX_COUNTER_POLLING_INTERVAL_MS, true), + m_macsec_sa_stat_manager( + COUNTERS_MACSEC_SA_GROUP, + StatsMode::READ, + MACSEC_STAT_FLEX_COUNTER_POLLING_INTERVAL_MS, true), + m_macsec_flow_stat_manager( + COUNTERS_MACSEC_FLOW_GROUP, StatsMode::READ, MACSEC_STAT_FLEX_COUNTER_POLLING_INTERVAL_MS, true) { @@ -1139,7 +1205,7 @@ bool MACsecOrch::updateMACsecPort(MACsecPort &macsec_port, const TaskArgs &port_ } else { - SWSS_LOG_WARN("Unknow Cipher Suite %s", cipher_suite.c_str()); + SWSS_LOG_WARN("Unknown Cipher Suite %s", cipher_suite.c_str()); return false; } } @@ -1798,11 +1864,11 @@ task_process_status MACsecOrch::createMACsecSA( fvVector.emplace_back("state", "ok"); if (direction == SAI_MACSEC_DIRECTION_EGRESS) { - m_state_macsec_egress_sa.set(swss::join('|', port_name, sci, an), fvVector); + installCounter(CounterType::MACSEC_SA, port_sci_an, sc->m_sa_ids[an], macsec_ m_state_macsec_egress_sa.set(swss::join('|', port_name, sci, an), fvVector); } else { - m_state_macsec_ingress_sa.set(swss::join('|', port_name, sci, an), fvVector); + installCounter(CounterType::MACSEC_SA, port_sci_an, sc->m_sa_ids[an], macsec_ m_state_macsec_ingress_sa.set(swss::join('|', port_name, sci, an), fvVector); } SWSS_LOG_NOTICE("MACsec SA %s is created.", port_sci_an.c_str()); @@ -1836,7 +1902,8 @@ task_process_status MACsecOrch::deleteMACsecSA( auto result = task_success; - uninstallCounter(port_sci_an, ctx.get_macsec_sc()->m_sa_ids[an]); + uninstallCounter(CounterType::MACSEC_SA_ATTR, port_sci_an, ctx.get_macsec_sc()->m_sa_ids[an]); + uninstallCounter(CounterType::MACSEC_SA, port_sci_an, ctx.get_macsec_sc()->m_sa_ids[an]); if (!deleteMACsecSA(ctx.get_macsec_sc()->m_sa_ids[an])) { SWSS_LOG_WARN("Cannot delete the MACsec SA %s.", port_sci_an.c_str()); @@ -1977,12 +2044,51 @@ void MACsecOrch::installCounter( { counter_stats.emplace(stat); } - m_macsec_flex_counter_manager.setCounterIdList(obj_id, counter_type, counter_stats); + switch(counter_type) + { + case CounterType::MACSEC_SA_ATTR: + m_macsec_sa_attr_manager.setCounterIdList(obj_id, counter_type, counter_stats); + break; + + case CounterType::MACSEC_SA: + m_macsec_sa_stat_manager.setCounterIdList(obj_id, counter_type, counter_stats); + break; + + case CounterType::MACSEC_FLOW: + m_macsec_flow_stat_manager.setCounterIdList(obj_id, counter_type, counter_stats); + break; + + default: + SWSS_LOG_ERROR("Failed to install unknown counter type %u.\n", + static_cast(counter_type)); + break; + } } -void MACsecOrch::uninstallCounter(const std::string &obj_name, sai_object_id_t obj_id) +void MACsecOrch::uninstallCounter( + CounterType counter_type, + const std::string &obj_name, + sai_object_id_t obj_id) { - m_macsec_flex_counter_manager.clearCounterIdList(obj_id); + switch(counter_type) + { + case CounterType::MACSEC_SA_ATTR: + m_macsec_sa_attr_manager.clearCounterIdList(obj_id); + break; + + case CounterType::MACSEC_SA: + m_macsec_sa_stat_manager.clearCounterIdList(obj_id); + break; + + case CounterType::MACSEC_FLOW: + m_macsec_flow_stat_manager.clearCounterIdList(obj_id); + break; + + default: + SWSS_LOG_ERROR("Failed to uninstall unknown counter type %u.\n", + static_cast(counter_type)); + break; + } m_counter_db.hdel(COUNTERS_MACSEC_NAME_MAP, obj_name); } diff --git a/orchagent/macsecorch.h b/orchagent/macsecorch.h index 20c3f82c242..0823b64e46e 100644 --- a/orchagent/macsecorch.h +++ b/orchagent/macsecorch.h @@ -63,7 +63,9 @@ class MACsecOrch : public Orch DBConnector m_counter_db; Table m_macsec_counters_map; - FlexCounterManager m_macsec_flex_counter_manager; + FlexCounterManager m_macsec_sa_attr_manager; + FlexCounterManager m_macsec_sa_stat_manager; + FlexCounterManager m_macsec_flow_stat_manager; struct MACsecACLTable { @@ -200,7 +202,10 @@ class MACsecOrch : public Orch const std::string &obj_name, sai_object_id_t obj_id, const std::vector &stats); - void uninstallCounter(const std::string &obj_name, sai_object_id_t obj_id); + void uninstallCounter( + CounterType counter_type, + const std::string &obj_name, + sai_object_id_t obj_id); /* MACsec ACL */ bool initMACsecACLTable(