MACSec SAI Attribute enhancements

rushanmu-cisco · rushanmu-cisco · commit cf91b03eaabf · 2025-10-05T01:10:06.000-07:00
Signed-off-by: rushanmu &lt;rushanmu@cisco.com&gt;
diff --git a/doc/SAI-Proposal-MACSec-Enhancements.md b/doc/SAI-Proposal-MACSec-Enhancements.md
@@ -221,13 +221,19 @@ TCI Octet Structure (8 bits):
 - **C (Changed Text, Bit 3)**: Indicates if the frame length has changed
 - **AN (Association Number, Bits 2-1)**: Identifies the Security Association used for frame protection
 
-- **End Station(ES)**: The ES bit helps the receiving MACsec entity understand the role of the sender in the network topology. Setting this bit allows receivers to identify traffic originating directly from an endpoint, distinguishing it from traffic that has passed through intermediate switches or other devices.
+Currently SAI_MACSEC_SC_ATTR_MACSEC_EXPLICIT_SCI_ENABLE attribute is used to configure the Secure Channel(SC) bit in the TCI field. This proposal introduces attributes to configure ES and SCB bits.
 
-- **Single Copy Broadcast**: The SCB is used to indicate if the ethernet frame belongs to a broadcast/multicast domain (hence its not re-encrypted by intermediate relays) vs a fully protected unicast domain (hence decrypted and re-encrypted hop-by-hop). When the bit is set, it indicates that the frame is associated with an SC that supports the Ethernet Passive Optical Network (EPON) Single Copy Broadcast capability, which is typically point-to-multipoint in nature.
+### End Station (ES)
+
+The ES bit helps the receiving MACsec entity understand the role of the sender in the network topology. Setting this bit allows receivers to identify traffic originating directly from an endpoint, distinguishing it from traffic that has passed through intermediate switches or other devices.
+
+### Single Copy Broadcast (SCB)
+
+The SCB is used to indicate if the ethernet frame belongs to a broadcast/multicast domain (hence its not re-encrypted by intermediate relays) vs a fully protected unicast domain (hence decrypted and re-encrypted hop-by-hop). When the bit is set, it indicates that the frame is associated with an SC that supports the Ethernet Passive Optical Network (EPON) Single Copy Broadcast capability, which is typically point-to-multipoint in nature.
 
 ## SAI Attribute Enhancement
 
-The below MACSec Secure Channel (SC) attribute is newly introduced to allow configuration of the ES and SCB bits in the TCI. Both the attributes are configurable only when creating a Secure Channel in the Transmit (Egress) direction.
+The below MACSec Secure Channel (SC) attributes are newly introduced to allow configuration of the ES and SCB bits in the TCI. Both the attributes are configurable only when creating a Secure Channel in the Transmit (Egress) direction.
 
 ```c
     /**
