From 6c02acfef814878d4133bfbaf77da43ab8b3d422 Mon Sep 17 00:00:00 2001
From: byu343 <byu@arista.com>
Date: Sat, 24 Apr 2021 12:51:55 -0700
Subject: [PATCH] [MACsec]: Set macsec to bypass by default (#1719)

In adapting to the MACsec driver for Arista 7280Cr3, we found it is necessary to set SAI_MACSEC_ATTR_PHYSICAL_BYPASS_ENABLE to True, to successfully change the MACsec status from enable to disable (expecting that the traffic can pass through without encryption thereafter). The reason behind is that the default value of the attribute is False, if it is False, the driver understands it as the user is not allowing to bypass MACsec, yielding the result of disabling MACsec not as expected.
---
 orchagent/macsecorch.cpp | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/orchagent/macsecorch.cpp b/orchagent/macsecorch.cpp
index 8d349759890f..a03a6807cd37 100644
--- a/orchagent/macsecorch.cpp
+++ b/orchagent/macsecorch.cpp
@@ -789,6 +789,11 @@ bool MACsecOrch::initMACsecObject(sai_object_id_t switch_id)
     attr.id = SAI_MACSEC_ATTR_DIRECTION;
     attr.value.s32 = SAI_MACSEC_DIRECTION_EGRESS;
     attrs.push_back(attr);
+
+    attr.id = SAI_MACSEC_ATTR_PHYSICAL_BYPASS_ENABLE;
+    attr.value.booldata = true;
+    attrs.push_back(attr);
+
     sai_status_t status = sai_macsec_api->create_macsec(
                                 &macsec_obj.first->second.m_egress_id,
                                 switch_id,
@@ -809,6 +814,11 @@ bool MACsecOrch::initMACsecObject(sai_object_id_t switch_id)
     attr.id = SAI_MACSEC_ATTR_DIRECTION;
     attr.value.s32 = SAI_MACSEC_DIRECTION_INGRESS;
     attrs.push_back(attr);
+
+    attr.id = SAI_MACSEC_ATTR_PHYSICAL_BYPASS_ENABLE;
+    attr.value.booldata = true;
+    attrs.push_back(attr);
+
     status = sai_macsec_api->create_macsec(
                                 &macsec_obj.first->second.m_ingress_id,
                                 switch_id,