[macsec]: Set MTU for MACsec

orchagent/macsecorch.cpp

@@ -1275,6 +1275,18 @@ bool MACsecOrch::createMACsecPort(
             phy);
     });
 
+    if (!m_port_orch->getPortMtu(port.m_port_id, macsec_port.m_original_mtu))
+    {
+        SWSS_LOG_WARN("Cannot get Port MTU at the port %s", port_name.c_str());
+        return false;
+    }
+    m_port_orch->setMACsecEnabledState(port.m_port_id, true);
+    if (!m_port_orch->setPortMtu(port.m_port_id, macsec_port.m_original_mtu))
+    {
+        SWSS_LOG_WARN("Cannot set MTU to %u at the MACsec enabled port %s", macsec_port.m_original_mtu, port_name.c_str());
+        return false;
+    }
+
     if (phy)
     {
         if (!setPFCForward(port_id, true))
@@ -1542,6 +1554,13 @@ bool MACsecOrch::deleteMACsecPort(
         result &= false;
     }
 
+    m_port_orch->setMACsecEnabledState(port.m_port_id, false);
+    if (!m_port_orch->setPortMtu(port.m_port_id, macsec_port.m_original_mtu))
+    {
+        SWSS_LOG_WARN("Cannot set MTU to %u at the port %s", macsec_port.m_original_mtu, port_name.c_str());
+        return false;
+    }
+
     if (phy)
     {
         if (!setPFCForward(port_id, false))

orchagent/macsecorch.h

@@ -109,6 +109,7 @@ class MACsecOrch : public Orch
         bool                                m_sci_in_sectag;
         bool                                m_enable;
         uint32_t                            m_original_ipg;
+        uint32_t                            m_original_mtu;
     };
     struct MACsecObject
     {

orchagent/portsorch.cpp

@@ -1135,6 +1135,34 @@ bool PortsOrch::getPortAdminStatus(sai_object_id_t id, bool &up)
     return true;
 }
 
+bool PortsOrch::getPortMtu(sai_object_id_t id, sai_uint32_t &mtu)
+{
+    SWSS_LOG_ENTER();
+
+    sai_attribute_t attr;
+    attr.id = SAI_PORT_ATTR_MTU;
+
+    sai_status_t status = sai_port_api->get_port_attribute(id, 1, &attr);
+
+    if (status != SAI_STATUS_SUCCESS)
+    {
+        task_process_status handle_status = handleSaiGetStatus(SAI_API_PORT, status);
+        if (handle_status != task_success)
+        {
+            return parseHandleSaiStatusFailure(handle_status);
+        }
+    }
+
+    mtu = attr.value.u32 - (uint32_t)(sizeof(struct ether_header) + FCS_LEN + VLAN_TAG_LEN);
+
+    if (isMACsecPort(id))
+    {
+        mtu -= MAX_MACSEC_SECTAG_SIZE;
+    }
+
+    return true;
+}
+
 bool PortsOrch::setPortMtu(sai_object_id_t id, sai_uint32_t mtu)
 {
     SWSS_LOG_ENTER();
@@ -1144,6 +1172,11 @@ bool PortsOrch::setPortMtu(sai_object_id_t id, sai_uint32_t mtu)
     /* mtu + 14 + 4 + 4 = 22 bytes */
     attr.value.u32 = (uint32_t)(mtu + sizeof(struct ether_header) + FCS_LEN + VLAN_TAG_LEN);
 
+    if (isMACsecPort(id))
+    {
+        attr.value.u32 += MAX_MACSEC_SECTAG_SIZE;
+    }
+
     sai_status_t status = sai_port_api->set_port_attribute(id, &attr);
     if (status != SAI_STATUS_SUCCESS)
     {
@@ -7154,3 +7187,24 @@ bool PortsOrch::decrFdbCount(const std::string& alias, int count)
     }
     return true;
 }
+
+void PortsOrch::setMACsecEnabledState(sai_object_id_t port_id, bool enabled)
+{
+    SWSS_LOG_ENTER();
+
+    if (enabled)
+    {
+        m_macsecEnabledPorts.insert(port_id);
+    }
+    else
+    {
+        m_macsecEnabledPorts.erase(port_id);
+    }
+}
+
+bool PortsOrch::isMACsecPort(sai_object_id_t port_id) const
+{
+    SWSS_LOG_ENTER();
+
+    return m_macsecEnabledPorts.find(port_id) != m_macsecEnabledPorts.end();
+}

orchagent/portsorch.h

@@ -18,6 +18,7 @@
 
 #define FCS_LEN 4
 #define VLAN_TAG_LEN 4
+#define MAX_MACSEC_SECTAG_SIZE                           (32)
 #define PORT_STAT_COUNTER_FLEX_COUNTER_GROUP "PORT_STAT_COUNTER"
 #define PORT_RATE_COUNTER_FLEX_COUNTER_GROUP "PORT_RATE_COUNTER"
 #define PORT_BUFFER_DROP_STAT_FLEX_COUNTER_GROUP "PORT_BUFFER_DROP_STAT"
@@ -174,6 +175,11 @@ class PortsOrch : public Orch, public Subject
 
     bool decrFdbCount(const string& alias, int count);
 
+    void setMACsecEnabledState(sai_object_id_t port_id, bool enabled);
+    bool isMACsecPort(sai_object_id_t port_id) const;
+    bool getPortMtu(sai_object_id_t id, sai_uint32_t &mtu);
+    bool setPortMtu(sai_object_id_t id, sai_uint32_t mtu);
+
 private:
     unique_ptr<Table> m_counterTable;
     unique_ptr<Table> m_counterLagTable;
@@ -301,7 +307,6 @@ class PortsOrch : public Orch, public Subject
 
     bool setPortAdminStatus(Port &port, bool up);
     bool getPortAdminStatus(sai_object_id_t id, bool& up);
-    bool setPortMtu(sai_object_id_t id, sai_uint32_t mtu);
     bool setPortTpid(sai_object_id_t id, sai_uint16_t tpid);
     bool setPortPvid (Port &port, sai_uint32_t pvid);
     bool getPortPvid(Port &port, sai_uint32_t &pvid);
@@ -374,8 +379,8 @@ class PortsOrch : public Orch, public Subject
     void voqSyncAddLagMember(Port &lag, Port &port);
     void voqSyncDelLagMember(Port &lag, Port &port);
     unique_ptr<LagIdAllocator> m_lagIdAllocator;
+    set<sai_object_id_t> m_macsecEnabledPorts;
 
     std::unordered_set<std::string> generateCounterStats(const string& type, bool gearbox = false);
-
 };
 #endif /* SWSS_PORTSORCH_H */