Support for MACsec statistics

Author: qbdwlr

orchagent/flex_counter/flex_counter_manager.cpp

@@ -39,6 +39,8 @@ const unordered_map<CounterType, string> FlexCounterManager::counter_id_field_lo
     { CounterType::PORT,            PORT_COUNTER_ID_LIST },
     { CounterType::QUEUE,           QUEUE_COUNTER_ID_LIST },
     { CounterType::MACSEC_SA_ATTR,  MACSEC_SA_ATTR_ID_LIST },
+    { CounterType::MACSEC_SA,       MACSEC_SA_COUNTER_ID_LIST },
+    { CounterType::MACSEC_FLOW,     MACSEC_FLOW_COUNTER_ID_LIST },
 };
 
 FlexCounterManager::FlexCounterManager(

orchagent/flex_counter/flex_counter_manager.h

@@ -24,6 +24,8 @@ enum class CounterType
     PORT_DEBUG,
     SWITCH_DEBUG,
     MACSEC_SA_ATTR,
+    MACSEC_SA,
+    MACSEC_FLOW,
 };
 
 // FlexCounterManager allows users to manage a group of flex counters.

orchagent/macsecorch.cpp

@@ -19,7 +19,9 @@
 #define AVAILABLE_ACL_PRIORITIES_LIMITATION             (32)
 #define EAPOL_ETHER_TYPE                                (0x888e)
 #define MACSEC_STAT_FLEX_COUNTER_POLLING_INTERVAL_MS    (1000)
-#define COUNTERS_MACSEC_ATTR_GROUP                      "COUNTERS_MACSEC_ATTR"
+#define COUNTERS_MACSEC_SA_ATTR_GROUP                   "COUNTERS_MACSEC_SA_ATTR"
+#define COUNTERS_MACSEC_SA_GROUP                        "COUNTERS_MACSEC_SA"
+#define COUNTERS_MACSEC_FLOW_GROUP                      "COUNTERS_MACSEC_FLOW"
 
 extern sai_object_id_t   gSwitchId;
 extern sai_macsec_api_t *sai_macsec_api;
@@ -35,6 +37,62 @@ static const std::vector<std::string> macsec_sa_attrs =
     {
         "SAI_MACSEC_SA_ATTR_CURRENT_XPN",
 };
+static const std::vector<std::string> macsec_sa_ingress_stats =
+    {
+        "SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED",
+        "SAI_MACSEC_SA_STAT_OCTETS_PROTECTED",
+        "SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED",
+        "SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED",
+        "SAI_MACSEC_SA_STAT_IN_PKTS_LATE",
+        "SAI_MACSEC_SA_STAT_IN_PKTS_INVALID",
+        "SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID",
+        "SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA",
+        "SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA",
+        "SAI_MACSEC_SA_STAT_IN_PKTS_OK",
+};
+static const std::vector<std::string> macsec_sa_egress_stats =
+    {
+        "SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED",
+        "SAI_MACSEC_SA_STAT_OCTETS_PROTECTED",
+        "SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED",
+        "SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED",
+};
+static const std::vector<std::string> macsec_flow_ingress_stats =
+    {
+        "SAI_MACSEC_FLOW_STAT_OTHER_ERR",
+        "SAI_MACSEC_FLOW_STAT_OCTETS_UNCONTROLLED",
+        "SAI_MACSEC_FLOW_STAT_OCTETS_CONTROLLED",
+        "SAI_MACSEC_FLOW_STAT_UCAST_PKTS_UNCONTROLLED",
+        "SAI_MACSEC_FLOW_STAT_UCAST_PKTS_CONTROLLED",
+        "SAI_MACSEC_FLOW_STAT_MULTICAST_PKTS_UNCONTROLLED",
+        "SAI_MACSEC_FLOW_STAT_MULTICAST_PKTS_CONTROLLED",
+        "SAI_MACSEC_FLOW_STAT_BROADCAST_PKTS_UNCONTROLLED",
+        "SAI_MACSEC_FLOW_STAT_BROADCAST_PKTS_CONTROLLED",
+        "SAI_MACSEC_FLOW_STAT_CONTROL_PKTS",
+        "SAI_MACSEC_FLOW_STAT_PKTS_UNTAGGED",
+        "SAI_MACSEC_FLOW_STAT_IN_TAGGED_CONTROL_PKTS",
+        "SAI_MACSEC_FLOW_STAT_IN_PKTS_NO_TAG",
+        "SAI_MACSEC_FLOW_STAT_IN_PKTS_BAD_TAG",
+        "SAI_MACSEC_FLOW_STAT_IN_PKTS_NO_SCI",
+        "SAI_MACSEC_FLOW_STAT_IN_PKTS_UNKNOWN_SCI",
+        "SAI_MACSEC_FLOW_STAT_IN_PKTS_OVERRUN",
+};
+static const std::vector<std::string> macsec_flow_egress_stats =
+    {
+        "SAI_MACSEC_FLOW_STAT_OTHER_ERR",
+        "SAI_MACSEC_FLOW_STAT_OCTETS_UNCONTROLLED",
+        "SAI_MACSEC_FLOW_STAT_OCTETS_CONTROLLED",
+        "SAI_MACSEC_FLOW_STAT_OUT_OCTETS_COMMON",
+        "SAI_MACSEC_FLOW_STAT_UCAST_PKTS_UNCONTROLLED",
+        "SAI_MACSEC_FLOW_STAT_UCAST_PKTS_CONTROLLED",
+        "SAI_MACSEC_FLOW_STAT_MULTICAST_PKTS_UNCONTROLLED",
+        "SAI_MACSEC_FLOW_STAT_MULTICAST_PKTS_CONTROLLED",
+        "SAI_MACSEC_FLOW_STAT_BROADCAST_PKTS_UNCONTROLLED",
+        "SAI_MACSEC_FLOW_STAT_BROADCAST_PKTS_CONTROLLED",
+        "SAI_MACSEC_FLOW_STAT_CONTROL_PKTS",
+        "SAI_MACSEC_FLOW_STAT_PKTS_UNTAGGED",
+        "SAI_MACSEC_FLOW_STAT_OUT_PKTS_TOO_LONG",
+};
 
 template <typename T, typename... Args>
 static bool extract_variables(const std::string &input, char delimiter, T &output, Args &... args)
@@ -457,8 +515,16 @@ MACsecOrch::MACsecOrch(
                             m_state_macsec_ingress_sa(state_db, STATE_MACSEC_INGRESS_SA_TABLE_NAME),
                             m_counter_db("COUNTERS_DB", 0),
                             m_macsec_counters_map(&m_counter_db, COUNTERS_MACSEC_NAME_MAP),
-                            m_macsec_flex_counter_manager(
-                                COUNTERS_MACSEC_ATTR_GROUP,
+                            m_macsec_sa_attr_manager(
+                                COUNTERS_MACSEC_SA_ATTR_GROUP,
+                                StatsMode::READ,
+                                MACSEC_STAT_FLEX_COUNTER_POLLING_INTERVAL_MS, true),
+                            m_macsec_sa_stat_manager(
+                                COUNTERS_MACSEC_SA_GROUP,
+                                StatsMode::READ,
+                                MACSEC_STAT_FLEX_COUNTER_POLLING_INTERVAL_MS, true),
+                            m_macsec_flow_stat_manager(
+                                COUNTERS_MACSEC_FLOW_GROUP,
                                 StatsMode::READ,
                                 MACSEC_STAT_FLEX_COUNTER_POLLING_INTERVAL_MS, true)
 {
@@ -1095,7 +1161,7 @@ bool MACsecOrch::updateMACsecPort(MACsecPort &macsec_port, const TaskArgs &port_
         }
         else
         {
-            SWSS_LOG_WARN("Unknow Cipher Suite %s", cipher_suite.c_str());
+            SWSS_LOG_WARN("Unknown Cipher Suite %s", cipher_suite.c_str());
             return false;
         }
     }
@@ -1743,11 +1809,11 @@ task_process_status MACsecOrch::createMACsecSA(
     fvVector.emplace_back("state", "ok");
     if (direction == SAI_MACSEC_DIRECTION_EGRESS)
     {
-        m_state_macsec_egress_sa.set(swss::join('|', port_name, sci, an), fvVector);
+        installCounter(CounterType::MACSEC_SA, port_sci_an, sc->m_sa_ids[an], macsec_        m_state_macsec_egress_sa.set(swss::join('|', port_name, sci, an), fvVector);
     }
     else
     {
-        m_state_macsec_ingress_sa.set(swss::join('|', port_name, sci, an), fvVector);
+        installCounter(CounterType::MACSEC_SA, port_sci_an, sc->m_sa_ids[an], macsec_        m_state_macsec_ingress_sa.set(swss::join('|', port_name, sci, an), fvVector);
     }
 
     SWSS_LOG_NOTICE("MACsec SA %s is created.", port_sci_an.c_str());
@@ -1781,7 +1847,8 @@ task_process_status MACsecOrch::deleteMACsecSA(
 
     auto result = task_success;
 
-    uninstallCounter(port_sci_an, ctx.get_macsec_sc()->m_sa_ids[an]);
+    uninstallCounter(CounterType::MACSEC_SA_ATTR, port_sci_an, ctx.get_macsec_sc()->m_sa_ids[an]);
+    uninstallCounter(CounterType::MACSEC_SA, port_sci_an, ctx.get_macsec_sc()->m_sa_ids[an]);
     if (!deleteMACsecSA(ctx.get_macsec_sc()->m_sa_ids[an]))
     {
         SWSS_LOG_WARN("Cannot delete the MACsec SA %s.", port_sci_an.c_str());
@@ -1922,12 +1989,51 @@ void MACsecOrch::installCounter(
     {
         counter_stats.emplace(stat);
     }
-    m_macsec_flex_counter_manager.setCounterIdList(obj_id, counter_type, counter_stats);
+    switch(counter_type)
+    {
+        case CounterType::MACSEC_SA_ATTR:
+            m_macsec_sa_attr_manager.setCounterIdList(obj_id, counter_type, counter_stats);
+            break;
+
+        case CounterType::MACSEC_SA:
+            m_macsec_sa_stat_manager.setCounterIdList(obj_id, counter_type, counter_stats);
+            break;
+
+        case CounterType::MACSEC_FLOW:
+            m_macsec_flow_stat_manager.setCounterIdList(obj_id, counter_type, counter_stats);
+            break;
+
+        default:
+            SWSS_LOG_ERROR("Failed to install unknown counter type %u.\n",
+                           static_cast<uint32_t>(counter_type));
+            break;
+    }
 }
 
-void MACsecOrch::uninstallCounter(const std::string &obj_name, sai_object_id_t obj_id)
+void MACsecOrch::uninstallCounter(
+    CounterType counter_type,
+    const std::string &obj_name,
+    sai_object_id_t obj_id)
 {
-    m_macsec_flex_counter_manager.clearCounterIdList(obj_id);
+    switch(counter_type)
+    {
+        case CounterType::MACSEC_SA_ATTR:
+            m_macsec_sa_attr_manager.clearCounterIdList(obj_id);
+            break;
+
+        case CounterType::MACSEC_SA:
+            m_macsec_sa_stat_manager.clearCounterIdList(obj_id);
+            break;
+
+        case CounterType::MACSEC_FLOW:
+            m_macsec_flow_stat_manager.clearCounterIdList(obj_id);
+            break;
+
+        default:
+            SWSS_LOG_ERROR("Failed to uninstall unknown counter type %u.\n",
+                           static_cast<uint32_t>(counter_type));
+            break;
+    }
 
     m_counter_db.hdel(COUNTERS_MACSEC_NAME_MAP, obj_name);
 }

orchagent/macsecorch.h

@@ -63,7 +63,9 @@ class MACsecOrch : public Orch
 
     DBConnector         m_counter_db;
     Table               m_macsec_counters_map;
-    FlexCounterManager  m_macsec_flex_counter_manager;
+    FlexCounterManager  m_macsec_sa_attr_manager;
+    FlexCounterManager  m_macsec_sa_stat_manager;
+    FlexCounterManager  m_macsec_flow_stat_manager;
 
     struct MACsecACLTable
     {
@@ -195,7 +197,10 @@ class MACsecOrch : public Orch
         const std::string &obj_name,
         sai_object_id_t obj_id,
         const std::vector<std::string> &stats);
-    void uninstallCounter(const std::string &obj_name, sai_object_id_t obj_id);
+    void uninstallCounter(
+        CounterType counter_type,
+        const std::string &obj_name,
+        sai_object_id_t obj_id);
 
     /* MACsec ACL */
     bool initMACsecACLTable(