[macsecmgr]: Fix cleanup macsec objs if container stop (sonic-net#2376)

What I did

Introduce SIGTERM handlers in macsecmgrd.
When the macsecmgrd exit with signal SIGTERM, all existing MACsec objs will clean up.
Adjust the cleanup order to follow the wpa_supplicant did (Remove Ingress objs firstly and Egress objs then).
Why I did it
When “docker stop”, macsecmgrd need also to cleanup all exiting MACsec objs.

How I verified it
Try "sudo config feature state macsec disabled`, the MACsec objs were removed.

Signed-off-by: Ze Gan <[email protected]>

Author: Pterosaur

cfgmgr/macsecmgrd.cpp

@@ -1,4 +1,5 @@
 #include <unistd.h>
+#include <signal.h>
 #include <vector>
 #include <sstream>
 #include <fstream>
@@ -45,6 +46,20 @@ string gResponsePublisherRecordFile;
 /* Global database mutex */
 mutex gDbMutex;
 
+static bool received_sigterm = false;
+static struct sigaction old_sigaction;
+
+static void sig_handler(int signo)
+{
+    SWSS_LOG_ENTER();
+
+    if (old_sigaction.sa_handler != SIG_IGN && old_sigaction.sa_handler != SIG_DFL) {
+        old_sigaction.sa_handler(signo);
+    }
+
+    received_sigterm = true;
+    return;
+}
 
 int main(int argc, char **argv)
 {
@@ -54,6 +69,15 @@ int main(int argc, char **argv)
         Logger::linkToDbNative("macsecmgrd");
         SWSS_LOG_NOTICE("--- Starting macsecmgrd ---");
 
+        /* Register the signal handler for SIGTERM */
+        struct sigaction sigact = {};
+        sigact.sa_handler = sig_handler;
+        if (sigaction(SIGTERM, &sigact, &old_sigaction))
+        {
+            SWSS_LOG_ERROR("failed to setup SIGTERM action handler");
+            exit(EXIT_FAILURE);
+        }
+
         swss::DBConnector cfgDb("CONFIG_DB", 0);
         swss::DBConnector stateDb("STATE_DB", 0);
 
@@ -73,7 +97,7 @@ int main(int argc, char **argv)
         }
 
         SWSS_LOG_NOTICE("starting main loop");
-        while (true)
+        while (!received_sigterm)
         {
             Selectable *sel;
             int ret;

orchagent/macsecorch.cpp

@@ -1482,22 +1482,22 @@ bool MACsecOrch::deleteMACsecPort(
 
     bool result = true;
 
-    auto sc = macsec_port.m_egress_scs.begin();
-    while (sc != macsec_port.m_egress_scs.end())
+    auto sc = macsec_port.m_ingress_scs.begin();
+    while (sc != macsec_port.m_ingress_scs.end())
     {
         const std::string port_sci = swss::join(':', port_name, MACsecSCI(sc->first));
         sc ++;
-        if (deleteMACsecSC(port_sci, SAI_MACSEC_DIRECTION_EGRESS) != task_success)
+        if (deleteMACsecSC(port_sci, SAI_MACSEC_DIRECTION_INGRESS) != task_success)
         {
             result &= false;
         }
     }
-    sc = macsec_port.m_ingress_scs.begin();
-    while (sc != macsec_port.m_ingress_scs.end())
+    sc = macsec_port.m_egress_scs.begin();
+    while (sc != macsec_port.m_egress_scs.end())
     {
         const std::string port_sci = swss::join(':', port_name, MACsecSCI(sc->first));
         sc ++;
-        if (deleteMACsecSC(port_sci, SAI_MACSEC_DIRECTION_INGRESS) != task_success)
+        if (deleteMACsecSC(port_sci, SAI_MACSEC_DIRECTION_EGRESS) != task_success)
         {
             result &= false;
         }