[macsecmgr]: Fix cleanup macsec objs if container stop (#2376)

What I did Introduce SIGTERM handlers in macsecmgrd. When the macsecmgrd exit with signal SIGTERM, all existing MACsec objs will clean up. Adjust the cleanup order to follow the wpa_supplicant did (Remove Ingress objs firstly and Egress objs then). Why I did it When “docker stop”, macsecmgrd need also to cleanup all exiting MACsec objs. How I verified it Try "sudo config feature state macsec disabled`, the MACsec objs were removed. Signed-off-by: Ze Gan <[email protected]>
sonic-net · Jul 19, 2022 · 419ab1b · 419ab1b
1 parent 9045995
commit 419ab1b
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 7 deletions.
diff --git a/cfgmgr/macsecmgrd.cpp b/cfgmgr/macsecmgrd.cpp
@@ -1,4 +1,5 @@
 #include <unistd.h>
+#include <signal.h>
 #include <vector>
 #include <sstream>
 #include <fstream>
@@ -45,6 +46,20 @@ string gResponsePublisherRecordFile;
 /* Global database mutex */
 mutex gDbMutex;
 
+static bool received_sigterm = false;
+static struct sigaction old_sigaction;
+
+static void sig_handler(int signo)
+{
+ SWSS_LOG_ENTER();
+
+ if (old_sigaction.sa_handler != SIG_IGN && old_sigaction.sa_handler != SIG_DFL) {
+ old_sigaction.sa_handler(signo);
+ }
+
+ received_sigterm = true;
+ return;
+}
 
 int main(int argc, char **argv)
 {
@@ -54,6 +69,15 @@ int main(int argc, char **argv)
  Logger::linkToDbNative("macsecmgrd");
  SWSS_LOG_NOTICE("--- Starting macsecmgrd ---");
 
+ /* Register the signal handler for SIGTERM */
+ struct sigaction sigact = {};
+ sigact.sa_handler = sig_handler;
+ if (sigaction(SIGTERM, &sigact, &old_sigaction))
+ {
+ SWSS_LOG_ERROR("failed to setup SIGTERM action handler");
+ exit(EXIT_FAILURE);
+ }
+
  swss::DBConnector cfgDb("CONFIG_DB", 0);
  swss::DBConnector stateDb("STATE_DB", 0);
 
@@ -73,7 +97,7 @@ int main(int argc, char **argv)
  }
 
  SWSS_LOG_NOTICE("starting main loop");
- while (true)
+ while (!received_sigterm)
  {
  Selectable *sel;
  int ret;

diff --git a/orchagent/macsecorch.cpp b/orchagent/macsecorch.cpp
@@ -1482,22 +1482,22 @@ bool MACsecOrch::deleteMACsecPort(
 
  bool result = true;
 
- auto sc = macsec_port.m_egress_scs.begin();
- while (sc != macsec_port.m_egress_scs.end())
+ auto sc = macsec_port.m_ingress_scs.begin();
+ while (sc != macsec_port.m_ingress_scs.end())
  {
  const std::string port_sci = swss::join(':', port_name, MACsecSCI(sc->first));
  sc ++;
- if (deleteMACsecSC(port_sci, SAI_MACSEC_DIRECTION_EGRESS) != task_success)
+ if (deleteMACsecSC(port_sci, SAI_MACSEC_DIRECTION_INGRESS) != task_success)
  {
  result &= false;
  }
  }
- sc = macsec_port.m_ingress_scs.begin();
- while (sc != macsec_port.m_ingress_scs.end())
+ sc = macsec_port.m_egress_scs.begin();
+ while (sc != macsec_port.m_egress_scs.end())
  {
  const std::string port_sci = swss::join(':', port_name, MACsecSCI(sc->first));
  sc ++;
- if (deleteMACsecSC(port_sci, SAI_MACSEC_DIRECTION_INGRESS) != task_success)
+ if (deleteMACsecSC(port_sci, SAI_MACSEC_DIRECTION_EGRESS) != task_success)
  {
  result &= false;
  }