mirror of
https://github.com/Telecominfraproject/ols-nos.git
synced 2025-12-02 14:13:43 +00:00
5efd6f9748
Why I did it
To support clear MACsec counters by sonic-clear macsec
How I did it
Add macsec sub-command in sonic-clear to cache the current macsec stats, and in the show macsec command to check the cache and return the diff with cache file.
How to verify it
admin@vlab-02:~$ show macsec Ethernet0
MACsec port(Ethernet0)
--------------------- -----------
cipher_suite GCM-AES-128
enable true
enable_encrypt true
enable_protect true
enable_replay_protect false
replay_window 0
send_sci true
--------------------- -----------
MACsec Egress SC (52540067daa70001)
----------- -
encoding_an 0
----------- -
MACsec Egress SA (0)
------------------------------------- --------------------------------
auth_key 9DDD4C69220A1FA9B6763F229B75CB6F
next_pn 1
sak BA86574D054FCF48B9CD7CF54F21304A
salt 000000000000000000000000
ssci 0
SAI_MACSEC_SA_ATTR_CURRENT_XPN 52
SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0
SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED 0
------------------------------------- --------------------------------
MACsec Ingress SC (525400d4fd3f0001)
MACsec Ingress SA (0)
--------------------------------------- --------------------------------
active true
auth_key 9DDD4C69220A1FA9B6763F229B75CB6F
lowest_acceptable_pn 1
sak BA86574D054FCF48B9CD7CF54F21304A
salt 000000000000000000000000
ssci 0
SAI_MACSEC_SA_ATTR_CURRENT_XPN 56
SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED 0
SAI_MACSEC_SA_STAT_IN_PKTS_INVALID 0
SAI_MACSEC_SA_STAT_IN_PKTS_LATE 0
SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA 0
SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID 0
SAI_MACSEC_SA_STAT_IN_PKTS_OK 0
SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED 0
SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA 0
SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0
--------------------------------------- --------------------------------
admin@vlab-02:~$ sonic-clear macsec
Clear MACsec counters
admin@vlab-02:~$ show macsec Ethernet0
MACsec port(Ethernet0)
--------------------- -----------
cipher_suite GCM-AES-128
enable true
enable_encrypt true
enable_protect true
enable_replay_protect false
replay_window 0
send_sci true
--------------------- -----------
MACsec Egress SC (52540067daa70001)
----------- -
encoding_an 0
----------- -
MACsec Egress SA (0)
------------------------------------- --------------------------------
auth_key 9DDD4C69220A1FA9B6763F229B75CB6F
next_pn 1
sak BA86574D054FCF48B9CD7CF54F21304A
salt 000000000000000000000000
ssci 0
SAI_MACSEC_SA_ATTR_CURRENT_XPN 52
SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0
SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED 0
------------------------------------- --------------------------------
MACsec Ingress SC (525400d4fd3f0001)
MACsec Ingress SA (0)
--------------------------------------- --------------------------------
active true
auth_key 9DDD4C69220A1FA9B6763F229B75CB6F
lowest_acceptable_pn 1
sak BA86574D054FCF48B9CD7CF54F21304A
salt 000000000000000000000000
ssci 0
SAI_MACSEC_SA_ATTR_CURRENT_XPN 0 <---this counters was cleared.
SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED 0
SAI_MACSEC_SA_STAT_IN_PKTS_INVALID 0
SAI_MACSEC_SA_STAT_IN_PKTS_LATE 0
SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA 0
SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID 0
SAI_MACSEC_SA_STAT_IN_PKTS_OK 0
SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED 0
SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA 0
SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0
--------------------------------------- --------------------------------
Signed-off-by: Ze Gan <ganze718@gmail.com>
Co-authored-by: Judy Joseph <jujoseph@microsoft.com>