Add per-port MACsec PFC mode attribute#2293
Open
darius-nexthop wants to merge 1 commit into
Open
Conversation
Signed-off-by: Darius Grassi <darius@nexthop.ai>
Collaborator
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Gnanapriya27
reviewed
Jul 9, 2026
| * @flags CREATE_AND_SET | ||
| * @default SAI_PORT_MACSEC_PFC_MODE_UNENCRYPTED | ||
| */ | ||
| SAI_PORT_ATTR_MACSEC_PFC_MODE, |
There was a problem hiding this comment.
Why is the SAI_PORT_ATTR_MACSEC_PFC_MODE placed in saiport.h rather than as a SAI_MACSEC_PORT_ATTR_* in saimacsec.h on SAI_OBJECT_TYPE_MACSEC_PORT? All other MACsec port config id defined there. Placing it on the generic port creates GET/SET ambiguity when MACSEC is not enabled on this port.
| * @default SAI_PORT_MACSEC_PFC_MODE_UNENCRYPTED | ||
| */ | ||
| SAI_PORT_ATTR_MACSEC_PFC_MODE, | ||
|
|
There was a problem hiding this comment.
New attr is placed in-between the existing attr - pl note that this placement changes the enum integer values of subsequent port attributes, which is an API break. The SAI community convention is to add new attributes at the end of the list, immediately before SAI_XXX_ATTR_END
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Define a new per-port attribute to control whether PFC frames on a MACsec-enabled port are handled as unencrypted (clear) or encrypted (secure) PFC frames.
Per-port control is needed because mixed rollout scenarios are possible on a single device, and a global knob does not scale well for dynamic port management and staged deployment.
The default behavior is set to unencrypted PFC.