diff --git a/cfgmgr/teammgr.cpp b/cfgmgr/teammgr.cpp index c53228120e8..be9b3ebe347 100644 --- a/cfgmgr/teammgr.cpp +++ b/cfgmgr/teammgr.cpp @@ -34,7 +34,8 @@ TeamMgr::TeamMgr(DBConnector *confDb, DBConnector *applDb, DBConnector *statDb, m_appLagTable(applDb, APP_LAG_TABLE_NAME), m_statePortTable(statDb, STATE_PORT_TABLE_NAME), m_stateLagTable(statDb, STATE_LAG_TABLE_NAME), - m_stateMACsecPortTable(statDb, STATE_MACSEC_PORT_TABLE_NAME) + m_stateMACsecPortTable(statDb, STATE_MACSEC_PORT_TABLE_NAME), + m_stateFeatureTable(statDb, "FEATURE") { SWSS_LOG_ENTER(); @@ -99,6 +100,27 @@ bool TeamMgr::isLagStateOk(const string &alias) return true; } +bool TeamMgr::isMACsecFeatureEnabled() +{ + SWSS_LOG_ENTER(); + + vector temp; + if (!m_stateFeatureTable.get("macsec", temp)) + { + return false; + } + + auto opt = swss::fvsGetValue(temp, "state", true); + + if (!opt || *opt != "enabled") + { + SWSS_LOG_INFO("MACsec feature isn't enabled"); + return false; + } + + return true; +} + bool TeamMgr::isMACsecSetted(const std::string &port) { SWSS_LOG_ENTER(); @@ -348,10 +370,13 @@ void TeamMgr::doLagMemberTask(Consumer &consumer) continue; } - if (isMACsecSetted(member) && !isMACsecStateOk(member)) + if (isMACsecFeatureEnabled()) { - it++; - continue; + if (isMACsecSetted(member) && !isMACsecStateOk(member)) + { + it++; + continue; + } } if (addLagMember(lag, member) == task_need_retry) diff --git a/cfgmgr/teammgr.h b/cfgmgr/teammgr.h index 8ce81a3e1af..8ce1db776a1 100644 --- a/cfgmgr/teammgr.h +++ b/cfgmgr/teammgr.h @@ -28,6 +28,7 @@ class TeamMgr : public Orch Table m_statePortTable; Table m_stateLagTable; Table m_stateMACsecPortTable; + Table m_stateFeatureTable; ProducerStateTable m_appPortTable; ProducerStateTable m_appLagTable; @@ -56,6 +57,7 @@ class TeamMgr : public Orch bool checkPortIffUp(const std::string &); bool isPortStateOk(const std::string&); bool isLagStateOk(const std::string&); + bool isMACsecFeatureEnabled(); bool isMACsecSetted(const std::string &); bool isMACsecStateOk(const std::string &); uint16_t generateLacpKey(const std::string&); diff --git a/tests/test_macsec.py b/tests/test_macsec.py index ef60a4b3d66..3709005ff70 100644 --- a/tests/test_macsec.py +++ b/tests/test_macsec.py @@ -765,7 +765,8 @@ def test_macsec_attribute_change(self, dvs: conftest.DockerVirtualSwitch, testlo def test_macsec_with_portchannel(self, dvs: conftest.DockerVirtualSwitch, testlog): # Set MACsec enabled on Ethernet0 - ConfigTable(dvs, "PORT")["Ethernet0"] = {"macsec": "test"} + ConfigTable(dvs, "PORT")["Ethernet0"] = {"macsec" : "test"} + StateDBTable(dvs, "FEATURE")["macsec"] = {"state": "enabled"} # Setup Port-channel ConfigTable(dvs, "PORTCHANNEL")["PortChannel001"] = {"admin": "up", "mtu": "9100", "oper_status": "up"} @@ -831,6 +832,15 @@ def test_macsec_with_portchannel(self, dvs: conftest.DockerVirtualSwitch, testlo macsec_port_identifier, 0) + # remove port channel member + del ConfigTable(dvs, "PORTCHANNEL_INTERFACE")["PortChannel001"] + del ConfigTable(dvs, "PORTCHANNEL_INTERFACE")["PortChannel001|40.0.0.0/31"] + del ConfigTable(dvs, "PORTCHANNEL_MEMBER")["PortChannel001|Ethernet0"] + + # remove port channel + del ConfigTable(dvs, "PORTCHANNEL")["PortChannel001"] + + # Add Dummy always-pass test at end as workaroud # for issue when Flaky fail on final test it invokes module tear-down # before retrying