From d16f8f1d44989b3501db72b046cc89fa4a174526 Mon Sep 17 00:00:00 2001
From: arista-nwolfe <94405414+arista-nwolfe@users.noreply.github.com>
Date: Wed, 18 May 2022 09:56:35 -0700
Subject: [PATCH] [macsecorch]: Support for non-default sa per sc (#2250)

What I did
Taught MacsecOrch to use the SAI_MACSEC_ATTR_MAX_SECURE_ASSOCIATIONS_PER_SC attribute added in
opencomputeproject/SAI#1420

Why I did it
To support SAI_MACSEC_ATTR_MAX_SECURE_ASSOCIATIONS_PER_SC in MacsecOrch.

How I verified it
The changes have no impact until SAI_MACSEC_ATTR_MAX_SECURE_ASSOCIATIONS_PER_SC is supported by the platform.

Details
Cache the the result of SAI_MACSEC_ATTR_MAX_SECURE_ASSOCIATIONS_PER_SC in MACsecObject.m_max_sa_per_sc.
Set STATE_DB MACSEC_PORT_TABLE's max_sa_per_sc to the value cached in MACsecObject.m_max_sa_per_sc in createMACsecPort.

Signed-off-by: Nathan Wolfe <nwolfe@arista.com>
---
 orchagent/macsecorch.cpp | 27 +++++++++++++++++++++++++++
 orchagent/macsecorch.h   |  1 +
 2 files changed, 28 insertions(+)

diff --git a/orchagent/macsecorch.cpp b/orchagent/macsecorch.cpp
index 5b65dbdd3cde..20b60577330a 100644
--- a/orchagent/macsecorch.cpp
+++ b/orchagent/macsecorch.cpp
@@ -1082,6 +1082,32 @@ bool MACsecOrch::initMACsecObject(sai_object_id_t switch_id)
     }
     macsec_obj.first->second.m_sci_in_ingress_macsec_acl = attrs.front().value.booldata;
 
+    attrs.clear();
+    attr.id = SAI_MACSEC_ATTR_MAX_SECURE_ASSOCIATIONS_PER_SC;
+    attrs.push_back(attr);
+    status = sai_macsec_api->get_macsec_attribute(
+                    macsec_obj.first->second.m_ingress_id,
+                    static_cast<uint32_t>(attrs.size()),
+                    attrs.data());
+    if (status != SAI_STATUS_SUCCESS)
+    {
+        // Default to 4 if SAI_MACSEC_ATTR_MAX_SECURE_ASSOCIATION_PER_SC isn't supported
+        macsec_obj.first->second.m_max_sa_per_sc = 4;
+    } else {
+        switch (attrs.front().value.s32)
+        {
+            case SAI_MACSEC_MAX_SECURE_ASSOCIATIONS_PER_SC_TWO:
+                macsec_obj.first->second.m_max_sa_per_sc = 2;
+                break;
+            case SAI_MACSEC_MAX_SECURE_ASSOCIATIONS_PER_SC_FOUR:
+                macsec_obj.first->second.m_max_sa_per_sc = 4;
+                break;
+            default:
+                SWSS_LOG_WARN( "Unsupported value returned from SAI_MACSEC_ATTR_MAX_SECURE_ASSOCIATION_PER_SC" );
+                return false;
+        }
+    }
+
     recover.clear();
     return true;
 }
@@ -1266,6 +1292,7 @@ bool MACsecOrch::createMACsecPort(
     SWSS_LOG_NOTICE("MACsec port %s is created.", port_name.c_str());
 
     std::vector<FieldValueTuple> fvVector;
+    fvVector.emplace_back("max_sa_per_sc", std::to_string(macsec_obj.m_max_sa_per_sc));
     fvVector.emplace_back("state", "ok");
     m_state_macsec_port.set(port_name, fvVector);
 
diff --git a/orchagent/macsecorch.h b/orchagent/macsecorch.h
index 33f7b7082e1f..b59984a3a613 100644
--- a/orchagent/macsecorch.h
+++ b/orchagent/macsecorch.h
@@ -110,6 +110,7 @@ class MACsecOrch : public Orch
         sai_object_id_t                                 m_ingress_id;
         map<std::string, std::shared_ptr<MACsecPort> >  m_macsec_ports;
         bool                                            m_sci_in_ingress_macsec_acl;
+        sai_uint8_t                                     m_max_sa_per_sc;
     };
     map<sai_object_id_t, MACsecObject>              m_macsec_objs;
     map<std::string, std::shared_ptr<MACsecPort> >  m_macsec_ports;