[MACsec]: Set macsec to bypass by default (sonic-net#1719)

byu343 · web-flow · commit 6c02acfef814 · 2021-04-24T12:51:55.000-07:00
In adapting to the MACsec driver for Arista 7280Cr3, we found it is necessary to set SAI_MACSEC_ATTR_PHYSICAL_BYPASS_ENABLE to True, to successfully change the MACsec status from enable to disable (expecting that the traffic can pass through without encryption thereafter). The reason behind is that the default value of the attribute is False, if it is False, the driver understands it as the user is not allowing to bypass MACsec, yielding the result of disabling MACsec not as expected.
diff --git a/orchagent/macsecorch.cpp b/orchagent/macsecorch.cpp
@@ -789,6 +789,11 @@ bool MACsecOrch::initMACsecObject(sai_object_id_t switch_id)
     attr.id = SAI_MACSEC_ATTR_DIRECTION;
     attr.value.s32 = SAI_MACSEC_DIRECTION_EGRESS;
     attrs.push_back(attr);
+
+    attr.id = SAI_MACSEC_ATTR_PHYSICAL_BYPASS_ENABLE;
+    attr.value.booldata = true;
+    attrs.push_back(attr);
+
     sai_status_t status = sai_macsec_api->create_macsec(
                                 &macsec_obj.first->second.m_egress_id,
                                 switch_id,
@@ -809,6 +814,11 @@ bool MACsecOrch::initMACsecObject(sai_object_id_t switch_id)
     attr.id = SAI_MACSEC_ATTR_DIRECTION;
     attr.value.s32 = SAI_MACSEC_DIRECTION_INGRESS;
     attrs.push_back(attr);
+
+    attr.id = SAI_MACSEC_ATTR_PHYSICAL_BYPASS_ENABLE;
+    attr.value.booldata = true;
+    attrs.push_back(attr);
+
     status = sai_macsec_api->create_macsec(
                                 &macsec_obj.first->second.m_ingress_id,
                                 switch_id,
