Sync the latest code from the 202305 branch.

Makefile.work

@@ -539,6 +539,7 @@ SONIC_BUILD_INSTRUCTION :=  $(MAKE) \
                            DOCKER_LOCKFILE_SAVE=$(DOCKER_LOCKFILE_SAVE) \
                            SONIC_CONFIG_USE_NATIVE_DOCKERD_FOR_BUILD=$(SONIC_CONFIG_USE_NATIVE_DOCKERD_FOR_BUILD) \
                            SONIC_INCLUDE_SYSTEM_TELEMETRY=$(INCLUDE_SYSTEM_TELEMETRY) \
+                           SONIC_INCLUDE_SYSTEM_EVENTD=$(INCLUDE_SYSTEM_EVENTD) \
                            INCLUDE_DHCP_RELAY=$(INCLUDE_DHCP_RELAY) \
                            INCLUDE_MACSEC=$(INCLUDE_MACSEC) \
                            SONIC_INCLUDE_RESTAPI=$(INCLUDE_RESTAPI) \

device/mellanox/x86_64-mlnx_msn2010-r0/installer.conf

@@ -1 +1 @@
-ONIE_PLATFORM_EXTRA_CMDLINE_LINUX="acpi_enforce_resources=lax acpi=noirq"
+ONIE_PLATFORM_EXTRA_CMDLINE_LINUX="acpi_enforce_resources=lax acpi=noirq libata.force=noncq"

device/mellanox/x86_64-mlnx_msn2700-r0/installer.conf

@@ -1 +1 @@
-ONIE_PLATFORM_EXTRA_CMDLINE_LINUX="acpi_enforce_resources=lax acpi=noirq"
+ONIE_PLATFORM_EXTRA_CMDLINE_LINUX="acpi_enforce_resources=lax acpi=noirq libata.force=noncq"

device/mellanox/x86_64-mlnx_msn2700a1-r0/installer.conf

@@ -0,0 +1 @@
+ONIE_PLATFORM_EXTRA_CMDLINE_LINUX="libata.force=noncq"

device/mellanox/x86_64-mlnx_msn3420-r0/installer.conf

@@ -0,0 +1 @@
+ONIE_PLATFORM_EXTRA_CMDLINE_LINUX="libata.force=noncq"

device/mellanox/x86_64-mlnx_msn3700-r0/installer.conf

@@ -0,0 +1 @@
+ONIE_PLATFORM_EXTRA_CMDLINE_LINUX="libata.force=noncq"

device/mellanox/x86_64-mlnx_msn3700c-r0/installer.conf

@@ -0,0 +1 @@
+ONIE_PLATFORM_EXTRA_CMDLINE_LINUX="libata.force=noncq"

device/mellanox/x86_64-mlnx_msn3800-r0/installer.conf

@@ -0,0 +1 @@
+ONIE_PLATFORM_EXTRA_CMDLINE_LINUX="libata.force=noncq"

device/mellanox/x86_64-mlnx_msn4410-r0/installer.conf

@@ -0,0 +1 @@
+ONIE_PLATFORM_EXTRA_CMDLINE_LINUX="libata.force=noncq"

device/mellanox/x86_64-mlnx_msn4600-r0/installer.conf

@@ -0,0 +1 @@
+ONIE_PLATFORM_EXTRA_CMDLINE_LINUX="libata.force=noncq"

device/mellanox/x86_64-mlnx_msn4600c-r0/installer.conf

@@ -0,0 +1 @@
+ONIE_PLATFORM_EXTRA_CMDLINE_LINUX="libata.force=noncq"

device/mellanox/x86_64-mlnx_msn4700-r0/installer.conf

@@ -0,0 +1 @@
+ONIE_PLATFORM_EXTRA_CMDLINE_LINUX="libata.force=noncq"

device/mellanox/x86_64-nvidia_sn2201-r0/installer.conf

@@ -1 +1 @@
-ONIE_PLATFORM_EXTRA_CMDLINE_LINUX="acpi_enforce_resources=lax"
+ONIE_PLATFORM_EXTRA_CMDLINE_LINUX="acpi_enforce_resources=lax libata.force=noncq"

device/mellanox/x86_64-nvidia_sn4800-r0/installer.conf

@@ -0,0 +1 @@
+ONIE_PLATFORM_EXTRA_CMDLINE_LINUX="libata.force=noncq"

device/mellanox/x86_64-nvidia_sn5600-r0/installer.conf

@@ -0,0 +1 @@
+ONIE_PLATFORM_EXTRA_CMDLINE_LINUX="libata.force=noncq"

dockers/docker-dhcp-relay/Dockerfile.j2

@@ -35,13 +35,17 @@ COPY ["dhcp-relay.programs.j2", "dhcpv4-relay.agents.j2", "dhcpv6-relay.agents.j
 COPY ["files/supervisor-proc-exit-listener", "/usr/bin"]
 COPY ["critical_processes", "/etc/supervisor"]
 COPY ["cli", "/cli/"]
+
+{% if include_system_eventd == "y" %}
+{% if build_reduce_image_size != "y" or sonic_asic_platform != "broadcom" %}
 # Copy regex json and rsyslog_plugin.conf file into rsyslog.d
 COPY ["*.json", "/etc/rsyslog.d/"]
 COPY ["files/rsyslog_plugin.conf.j2", "/etc/rsyslog.d/"]
-
 # Create dhcp_relay_regex.conf
 RUN j2 -f json /etc/rsyslog.d/rsyslog_plugin.conf.j2 /etc/rsyslog.d/events_info.json  > /etc/rsyslog.d/dhcp_relay_events.conf
 RUN rm -f /etc/rsyslog.d/rsyslog_plugin.conf.j2
 RUN rm -f /etc/rsyslog.d/events_info.json
+{% endif %}
+{% endif %}
 
 ENTRYPOINT ["/usr/bin/docker_init.sh"]

dockers/docker-fpm-frr/Dockerfile.j2

@@ -54,15 +54,19 @@ COPY ["TSC", "/usr/bin/TSC"]
 COPY ["TS", "/usr/bin/TS"]
 COPY ["files/supervisor-proc-exit-listener", "/usr/bin"]
 COPY ["zsocket.sh", "/usr/bin/"]
-COPY ["*.json", "/etc/rsyslog.d/"]
-COPY ["files/rsyslog_plugin.conf.j2", "/etc/rsyslog.d/"]
 RUN chmod a+x /usr/bin/TSA && \
     chmod a+x /usr/bin/TSB && \
     chmod a+x /usr/bin/TSC && \
     chmod a+x /usr/bin/zsocket.sh
 
+{% if include_system_eventd == "y" %}
+{% if build_reduce_image_size != "y" or sonic_asic_platform != "broadcom" %}
+COPY ["*.json", "/etc/rsyslog.d/"]
+COPY ["files/rsyslog_plugin.conf.j2", "/etc/rsyslog.d/"]
 RUN j2 -f json /etc/rsyslog.d/rsyslog_plugin.conf.j2 /etc/rsyslog.d/events_info.json  > /etc/rsyslog.d/bgp_events.conf
 RUN rm -f /etc/rsyslog.d/rsyslog_plugin.conf.j2
 RUN rm -f /etc/rsyslog.d/events_info.json
+{% endif %}
+{% endif %}
 
 ENTRYPOINT ["/usr/bin/docker_init.sh"]

dockers/docker-fpm-frr/TS

@@ -4,7 +4,12 @@ switch_type=`sonic-cfggen -d -v "DEVICE_METADATA['localhost']['switch_type']"`
 # Check whether the routemap is for internal BGP sessions.
 function is_internal_route_map()
 {
-    [[ "$1" =~ .*"_INTERNAL_".* || "$1" =~ .*"VOQ_".* ]]
+    if [[ "$1" =~ .*"_INTERNAL_".* || "$1" =~ .*"VOQ_".* ]]
+    then
+         return 1
+    else
+         return 0
+    fi
 }
 
 function check_not_installed()
@@ -13,7 +18,10 @@ function check_not_installed()
   config=$(vtysh -c "show run")
   for route_map_name in $(echo "$config" | sed -ne 's/  neighbor \S* route-map \(\S*\) out/\1/p' | egrep 'V4|V6' | uniq);
   do
-    is_internal_route_map $route_map_name && continue
+    is_internal_route_map $route_map_name
+    if [[ $? -eq 1 ]]; then
+        continue
+    fi
     echo "$config" | egrep -q "^route-map $route_map_name permit 20$"
     c=$((c+$?))
     echo "$config" | egrep -q "^route-map $route_map_name permit 30$"
@@ -31,7 +39,10 @@ function check_installed()
   config=$(vtysh -c "show run")
   for route_map_name in $(echo "$config" | sed -ne 's/  neighbor \S* route-map \(\S*\) out/\1/p' | egrep 'V4|V6' | uniq);
   do
-    is_internal_route_map $route_map_name && continue
+    is_internal_route_map $route_map_name
+    if [[ $? -eq 1 ]]; then
+        continue
+    fi
     echo "$config" | egrep -q "^route-map $route_map_name permit 20$"
     c=$((c+$?))
     e=$((e+1))
@@ -51,7 +62,10 @@ function find_num_routemap()
   config=$(vtysh -c "show run")
   for route_map_name in $(echo "$config" | sed -ne 's/  neighbor \S* route-map \(\S*\) out/\1/p' | egrep 'V4|V6' | uniq);
   do
-    is_internal_route_map $route_map_name && continue
+    is_internal_route_map $route_map_name
+    if [[ $? -eq 1 ]]; then
+        continue
+    fi
     c=$((c+1))
   done
   return $c

dockers/docker-fpm-frr/TSA

@@ -16,7 +16,8 @@ then
   TSA_FILE=$(mktemp)
   for route_map_name in $(echo "$config" | sed -ne 's/  neighbor \S* route-map \(\S*\) out/\1/p' | uniq);
   do
-    is_internal_route_map $route_map_name && continue
+    is_internal_route_map $route_map_name
+    internal_route_map=$?
     case "$route_map_name" in
       *V4*)
         ip_version=V4
@@ -30,7 +31,7 @@ then
         continue
       ;;
     esac
-    sonic-cfggen -d -a "{\"route_map_name\":\"$route_map_name\", \"ip_version\": \"$ip_version\", \"ip_protocol\": \"$ip_protocol\"}" -y /etc/sonic/constants.yml -t /usr/share/sonic/templates/bgpd/tsa/bgpd.tsa.isolate.conf.j2 > "$TSA_FILE"
+    sonic-cfggen -d -a "{\"route_map_name\":\"$route_map_name\", \"ip_version\": \"$ip_version\", \"ip_protocol\": \"$ip_protocol\", \"internal_route_map\": \"$internal_route_map\"}" -y /etc/sonic/constants.yml -t /usr/share/sonic/templates/bgpd/tsa/bgpd.tsa.isolate.conf.j2 > "$TSA_FILE"
     vtysh -f "$TSA_FILE"
     rm -f "$TSA_FILE"
   done

dockers/docker-fpm-frr/TSB

@@ -16,7 +16,8 @@ then
   TSB_FILE=$(mktemp)
   for route_map_name in $(echo "$config" | sed -ne 's/  neighbor \S* route-map \(\S*\) out/\1/p' | uniq);
   do
-    is_internal_route_map $route_map_name && continue
+    is_internal_route_map $route_map_name
+    internal_route_map=$?
     case "$route_map_name" in
       *V4*)
       ;;
@@ -26,7 +27,7 @@ then
         continue
       ;;
     esac
-    sonic-cfggen -d -a "{\"route_map_name\":\"$route_map_name\"}" -t /usr/share/sonic/templates/bgpd/tsa/bgpd.tsa.unisolate.conf.j2 > "$TSB_FILE"
+    sonic-cfggen -d -a "{\"route_map_name\":\"$route_map_name\", \"internal_route_map\": \"$internal_route_map\"}" -t /usr/share/sonic/templates/bgpd/tsa/bgpd.tsa.unisolate.conf.j2 > "$TSB_FILE"
     vtysh -f "$TSB_FILE"
     rm -f "$TSB_FILE"
   done

dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2

@@ -16,12 +16,17 @@ route-map FROM_BGP_INTERNAL_PEER_V6 permit 2
  set originator-id {{ get_ipv4_loopback_address(CONFIG_DB__LOOPBACK_INTERFACE, "Loopback4096") | ip }}
 {% elif CONFIG_DB__DEVICE_METADATA['localhost']['switch_type'] == 'chassis-packet' %}
 bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit {{ constants.bgp.internal_community }}
+bgp community-list standard NO_EXPORT permit no-export
 !
 route-map FROM_BGP_INTERNAL_PEER_V4 permit 1
   match community DEVICE_INTERNAL_COMMUNITY
   set comm-list DEVICE_INTERNAL_COMMUNITY delete
   set tag {{ constants.bgp.internal_community_match_tag }}
 !
+route-map FROM_BGP_INTERNAL_PEER_V4 permit 2
+  match community NO_EXPORT
+  set local-preference 80
+!
 route-map FROM_BGP_INTERNAL_PEER_V6 permit 1
  set ipv6 next-hop prefer-global
  on-match next
@@ -31,6 +36,10 @@ route-map FROM_BGP_INTERNAL_PEER_V6 permit 2
   set comm-list DEVICE_INTERNAL_COMMUNITY delete
   set tag {{ constants.bgp.internal_community_match_tag }}
 !
+route-map FROM_BGP_INTERNAL_PEER_V6 permit 3
+  match community NO_EXPORT
+  set local-preference 80
+!
 route-map TO_BGP_INTERNAL_PEER_V4 permit 1
   match ip address prefix-list PL_LoopbackV4
   set community {{ constants.bgp.internal_community }}

dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/policies.conf.j2

@@ -2,12 +2,17 @@
 ! template: bgpd/templates/voq_chassis/policies.conf.j2
 !
 bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit {{ constants.bgp.internal_community }}
+bgp community-list standard NO_EXPORT permit no-export
 !
 route-map FROM_VOQ_CHASSIS_V4_PEER permit 1
   match community DEVICE_INTERNAL_COMMUNITY
   set comm-list DEVICE_INTERNAL_COMMUNITY delete
   set tag {{ constants.bgp.internal_community_match_tag }}
 !
+route-map FROM_VOQ_CHASSIS_V4_PEER permit 2
+  match community NO_EXPORT
+  set local-preference 80
+!
 route-map FROM_VOQ_CHASSIS_V4_PEER permit 100
 !
 route-map TO_VOQ_CHASSIS_V4_PEER permit 1
@@ -26,6 +31,10 @@ route-map FROM_VOQ_CHASSIS_V6_PEER permit 2
   set comm-list DEVICE_INTERNAL_COMMUNITY delete
   set tag {{ constants.bgp.internal_community_match_tag }}
 !
+route-map FROM_VOQ_CHASSIS_V6_PEER permit 3
+  match community NO_EXPORT
+  set local-preference 80
+!
 route-map FROM_VOQ_CHASSIS_V6_PEER permit 100
 !
 route-map TO_VOQ_CHASSIS_V6_PEER permit 1

dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.isolate.conf.j2

@@ -1,3 +1,8 @@
+{%- if internal_route_map == '1' -%}
+route-map {{ route_map_name }} permit 20
+  set community no-export additive
+{# #}
+{%- else -%}
 route-map {{ route_map_name }} permit 20
   match {{ ip_protocol }} address prefix-list PL_Loopback{{ ip_version }}
   set community {{ constants.bgp.traffic_shift_community }}
@@ -5,4 +10,6 @@ route-map {{ route_map_name }} permit 30
   match tag {{ constants.bgp.internal_community_match_tag }}
   set community {{ constants.bgp.traffic_shift_community }}
 route-map {{ route_map_name }} deny 40
+{# #}
+{%- endif -%}
 !

dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.unisolate.conf.j2

@@ -1,4 +1,10 @@
+{%- if internal_route_map == '1' -%}
+no route-map {{ route_map_name }} permit 20
+{# #}
+{%- else -%}
 no route-map {{ route_map_name }} permit 20
 no route-map {{ route_map_name }} permit 30
 no route-map {{ route_map_name }} deny 40
+{# #}
+{%- endif -%}
 !

dockers/docker-fpm-frr/frr/zebra/zebra.interfaces.conf.j2

@@ -24,5 +24,13 @@ interface {{ pc }}
 link-detect
 !
 {% endfor %}
+{% if (DEVICE_METADATA is defined) and ('localhost' in DEVICE_METADATA) and ('subtype' in DEVICE_METADATA['localhost']) and (DEVICE_METADATA['localhost']['subtype'].lower() == 'dualtor') %}
+! Disable link-detect on VLAN interfaces for dualtor
+{% for (name, prefix) in VLAN_INTERFACE|pfx_filter|unique(attribute=0) %}
+interface {{ name }}
+no link-detect
+!
+{% endfor %}
+{% endif %}
 {% endblock interfaces %}
 !

dockers/docker-orchagent/Dockerfile.j2

@@ -75,17 +75,20 @@ COPY ["files/supervisor-proc-exit-listener", "/usr/bin"]
 # Copy all Jinja2 template files into the templates folder
 COPY ["*.j2", "/usr/share/sonic/templates/"]
 
-# Copy all regex json files and rsyslog_plugin.conf to rsyslog.d
-COPY ["*.json", "/etc/rsyslog.d/"]
-COPY ["files/rsyslog_plugin.conf.j2", "/etc/rsyslog.d/"]
-
 RUN sonic-cfggen -a "{\"ENABLE_ASAN\":\"{{ENABLE_ASAN}}\"}" -t /usr/share/sonic/templates/docker-init.j2 > /usr/bin/docker-init.sh
 RUN rm -f /usr/share/sonic/templates/docker-init.j2
 RUN chmod 755 /usr/bin/docker-init.sh
 
+{% if include_system_eventd == "y" %}
+{% if build_reduce_image_size != "y" or sonic_asic_platform != "broadcom" %}
+# Copy all regex json files and rsyslog_plugin.conf to rsyslog.d
+COPY ["*.json", "/etc/rsyslog.d/"]
+COPY ["files/rsyslog_plugin.conf.j2", "/etc/rsyslog.d/"]
 # Create swss rsyslog_plugin conf file
 RUN j2 -f json /etc/rsyslog.d/rsyslog_plugin.conf.j2 /etc/rsyslog.d/events_info.json  > /etc/rsyslog.d/swss_events.conf
 RUN rm -f /etc/rsyslog.d/rsyslog_plugin.conf.j2
 RUN rm -f /etc/rsyslog.d/events_info.json
+{% endif %}
+{% endif %}
 
 ENTRYPOINT ["/usr/bin/docker-init.sh"]

files/build_templates/init_cfg.json.j2

@@ -38,7 +38,6 @@
                    ("lldp", "enabled", true, "enabled"),
                    ("pmon", "enabled", true, "enabled"),
                    ("snmp", "enabled", true, "enabled"),
-                   ("eventd", "enabled", false, "enabled"),
                    ("swss", "enabled", false, "enabled"),
                    ("syncd", "enabled", false, "enabled")] %}
 {%- if include_router_advertiser == "y" %}{% do features.append(("radv", "enabled", false, "enabled")) %}{% endif %}
@@ -58,6 +57,11 @@
 {%- if include_sflow == "y" %}{% do features.append(("sflow", "disabled", true, "enabled")) %}{% endif %}
 {%- if include_macsec == "y" %}{% do features.append(("macsec", "{% if 'type' in DEVICE_METADATA['localhost'] and DEVICE_METADATA['localhost']['type'] == 'SpineRouter' and DEVICE_RUNTIME_METADATA['MACSEC_SUPPORTED'] %}enabled{% else %}disabled{% endif %}", false, "enabled")) %}{% endif %}
 {%- if include_system_telemetry == "y" %}{% do features.append(("telemetry", "enabled", true, "enabled")) %}{% endif %}
+{%- if include_system_eventd == "y" and BUILD_REDUCE_IMAGE_SIZE == "y" and sonic_asic_platform == "broadcom" %}
+    {% do features.append(("eventd","disabled", false, "enabled")) %}
+{%- elif include_system_eventd == "y" %}
+    {% do features.append(("eventd", "enabled", false, "enabled")) %}
+{%- endif %}
     "FEATURE": {
 {# delayed field if set, will start the feature systemd .timer unit instead of .service unit #}
 {%- for feature, state, delayed, autorestart in features %}

files/build_templates/qos_config.j2

@@ -83,7 +83,7 @@
         ('type' in DEVICE_METADATA['localhost'] and
           DEVICE_METADATA['localhost']['type'] in backend_device_types) and
         ('resource_type' in DEVICE_METADATA['localhost'] and
-          DEVICE_METADATA['localhost']['resource_type'] == 'Compute-AI') %}
+          DEVICE_METADATA['localhost']['resource_type'] == 'ComputeAI') %}
     {{- generate_tc_to_pg_map() }}
 {% else %}
     "TC_TO_PRIORITY_GROUP_MAP": {
@@ -147,7 +147,7 @@
          ('type' in DEVICE_METADATA['localhost'] and
            DEVICE_METADATA['localhost']['type'] in backend_device_types) and
          ('resource_type' in DEVICE_METADATA['localhost'] and
-           DEVICE_METADATA['localhost']['resource_type'] == 'Compute-AI') %}
+           DEVICE_METADATA['localhost']['resource_type'] == 'ComputeAI') %}
     {{- generate_dscp_to_tc_map() }}
 {% else %}
     "DSCP_TO_TC_MAP": {
@@ -241,7 +241,7 @@
         ('type' in DEVICE_METADATA['localhost'] and
           DEVICE_METADATA['localhost']['type'] in backend_device_types) and
         ('resource_type' in DEVICE_METADATA['localhost'] and
-          DEVICE_METADATA['localhost']['resource_type'] == 'Compute-AI') %}
+          DEVICE_METADATA['localhost']['resource_type'] == 'ComputeAI') %}
     "SCHEDULER": {
         "scheduler.0": {
             "type"  : "DWRR",
@@ -406,7 +406,7 @@
 {% if 'type' in DEVICE_METADATA['localhost'] and
        DEVICE_METADATA['localhost']['type'] in backend_device_types and
       'resource_type' in DEVICE_METADATA['localhost'] and
-       DEVICE_METADATA['localhost']['resource_type'] == 'Compute-AI' %}
+       DEVICE_METADATA['localhost']['resource_type'] == 'ComputeAI' %}
 {% for port in PORT_ACTIVE %}
         "{{ port }}|0": {
             "scheduler": "scheduler.0"

files/build_templates/sonic_debian_extension.j2

@@ -322,6 +322,9 @@ sudo dpkg --root=$FILESYSTEM_ROOT -i {{deb}} || sudo LANG=C DEBIAN_FRONTEND=noni
 sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/sonic-db-cli_*.deb || \
     sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
 
+
+{% if include_system_eventd == "y" %}
+{% if build_reduce_image_size != "y" or sonic_asic_platform != "broadcom" %}
 # Install sonic-rsyslog-plugin
 sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/sonic-rsyslog-plugin_*.deb || \
     sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
@@ -336,6 +339,9 @@ sudo cp $BUILD_TEMPLATES/kernel_regex.json $FILESYSTEM_ROOT_ETC/rsyslog.d/
 sudo cp $BUILD_TEMPLATES/dockerd_regex.json $FILESYSTEM_ROOT_ETC/rsyslog.d/
 sudo cp $BUILD_TEMPLATES/seu_regex.json $FILESYSTEM_ROOT_ETC/rsyslog.d/
 
+{% endif %}
+{% endif %}
+
 # Install custom-built monit package and SONiC configuration files
 sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/monit_*.deb || \
     sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f

files/image_config/sysctl/sysctl-net.conf

@@ -15,6 +15,7 @@ net.ipv4.conf.all.arp_announce=1
 net.ipv4.conf.all.arp_filter=0
 net.ipv4.conf.all.arp_notify=1
 net.ipv4.conf.all.arp_ignore=2
+net.ipv4.ip_local_port_range="32768 50001"
 net.ipv4.neigh.default.base_reachable_time_ms=1800000
 net.ipv6.neigh.default.base_reachable_time_ms=1800000
 net.ipv4.neigh.default.gc_thresh1=1024

platform/broadcom/sai.mk

@@ -1,4 +1,4 @@
-LIBSAIBCM_XGS_VERSION = 8.4.39.2
+LIBSAIBCM_XGS_VERSION = 8.4.41.1
 LIBSAIBCM_DNX_VERSION = 9.2.12.1
 LIBSAIBCM_XGS_BRANCH_NAME = SAI_8.4.0_GA
 LIBSAIBCM_DNX_BRANCH_NAME = SAI_9.2.0.3

platform/mellanox/fw.mk

@@ -21,33 +21,33 @@ MLNX_FW_BASE_PATH = $(MLNX_SDK_BASE_PATH)
 # Place an URL here to FW if you want to download FW instead
 MLNX_FW_BASE_URL =
 
-SIMX_VERSION = 23.10-1119
+SIMX_VERSION = 23.10-1123
 
 FW_FROM_URL = y
 
-MLNX_FW_ASSETS_RELEASE_TAG = fw-2012.2134
+MLNX_FW_ASSETS_RELEASE_TAG = fw-2012.2202
 MLNX_FW_ASSETS_URL = $(MLNX_ASSETS_GITHUB_URL)/releases/download/$(MLNX_FW_ASSETS_RELEASE_TAG)
 
 ifeq ($(MLNX_FW_BASE_URL), )
 MLNX_FW_BASE_URL = $(MLNX_FW_ASSETS_URL)
 endif
 
-MLNX_SPC_FW_VERSION = 13.2012.2134
+MLNX_SPC_FW_VERSION = 13.2012.2202
 MLNX_SPC_FW_FILE = fw-SPC-rel-$(subst .,_,$(MLNX_SPC_FW_VERSION))-EVB.mfa
 $(MLNX_SPC_FW_FILE)_PATH = $(MLNX_FW_BASE_PATH)
 $(MLNX_SPC_FW_FILE)_URL = $(MLNX_FW_BASE_URL)/$(MLNX_SPC_FW_FILE)
 
-MLNX_SPC2_FW_VERSION = 29.2012.2134
+MLNX_SPC2_FW_VERSION = 29.2012.2202
 MLNX_SPC2_FW_FILE = fw-SPC2-rel-$(subst .,_,$(MLNX_SPC2_FW_VERSION))-EVB.mfa
 $(MLNX_SPC2_FW_FILE)_PATH = $(MLNX_FW_BASE_PATH)
 $(MLNX_SPC2_FW_FILE)_URL = $(MLNX_FW_BASE_URL)/$(MLNX_SPC2_FW_FILE)
 
-MLNX_SPC3_FW_VERSION = 30.2012.2134
+MLNX_SPC3_FW_VERSION = 30.2012.2202
 MLNX_SPC3_FW_FILE = fw-SPC3-rel-$(subst .,_,$(MLNX_SPC3_FW_VERSION))-EVB.mfa
 $(MLNX_SPC3_FW_FILE)_PATH = $(MLNX_FW_BASE_PATH)
 $(MLNX_SPC3_FW_FILE)_URL = $(MLNX_FW_BASE_URL)/$(MLNX_SPC3_FW_FILE)
 
-MLNX_SPC4_FW_VERSION = 34.2012.2134
+MLNX_SPC4_FW_VERSION = 34.2012.2202
 MLNX_SPC4_FW_FILE = fw-SPC4-rel-$(subst .,_,$(MLNX_SPC4_FW_VERSION))-EVB.mfa
 $(MLNX_SPC4_FW_FILE)_PATH = $(MLNX_FW_BASE_PATH)
 $(MLNX_SPC4_FW_FILE)_URL = $(MLNX_FW_BASE_URL)/$(MLNX_SPC4_FW_FILE)

platform/mellanox/mlnx-platform-api/sonic_platform/thermal.py

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2019-2023 NVIDIA CORPORATION & AFFILIATES.
+# Copyright (c) 2019-2024 NVIDIA CORPORATION & AFFILIATES.
 # Apache-2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -215,15 +215,15 @@ def create_indexable_thermal(rule, index, sysfs_folder, position, presence_cb=No
     index += rule.get('start_index', 1)
     name = rule['name'].format(index)
     temp_file = os.path.join(sysfs_folder, rule['temperature'].format(index))
-    _check_thermal_sysfs_existence(temp_file)
+    _check_thermal_sysfs_existence(temp_file, presence_cb)
     if 'high_threshold' in rule:
         high_th_file = os.path.join(sysfs_folder, rule['high_threshold'].format(index))
-        _check_thermal_sysfs_existence(high_th_file)
+        _check_thermal_sysfs_existence(high_th_file, presence_cb)
     else:
         high_th_file = None
     if 'high_critical_threshold' in rule:
         high_crit_th_file = os.path.join(sysfs_folder, rule['high_critical_threshold'].format(index))
-        _check_thermal_sysfs_existence(high_crit_th_file)
+        _check_thermal_sysfs_existence(high_crit_th_file, presence_cb)
     else:
         high_crit_th_file = None
     if not presence_cb:
@@ -244,15 +244,15 @@ def create_single_thermal(rule, sysfs_folder, position, presence_cb=None):
         return None
 
     temp_file = os.path.join(sysfs_folder, temp_file)
-    _check_thermal_sysfs_existence(temp_file)
+    _check_thermal_sysfs_existence(temp_file, presence_cb)
     if 'high_threshold' in rule:
         high_th_file = os.path.join(sysfs_folder, rule['high_threshold'])
-        _check_thermal_sysfs_existence(high_th_file)
+        _check_thermal_sysfs_existence(high_th_file, presence_cb)
     else:
         high_th_file = None
     if 'high_critical_threshold' in rule:
         high_crit_th_file = os.path.join(sysfs_folder, rule['high_critical_threshold'])
-        _check_thermal_sysfs_existence(high_crit_th_file)
+        _check_thermal_sysfs_existence(high_crit_th_file, presence_cb)
     else:
         high_crit_th_file = None
     name = rule['name']
@@ -262,7 +262,11 @@ def create_single_thermal(rule, sysfs_folder, position, presence_cb=None):
         return RemovableThermal(name, temp_file, high_th_file, high_crit_th_file, position, presence_cb)
 
 
-def _check_thermal_sysfs_existence(file_path):
+def _check_thermal_sysfs_existence(file_path, presence_cb):
+    if presence_cb:
+        status, _ = presence_cb()
+        if not status:
+            return
     if not os.path.exists(file_path):
         logger.log_error('Thermal sysfs {} does not exist'.format(file_path))
 

platform/mellanox/sdk.mk

@@ -14,7 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-MLNX_SDK_VERSION = 4.6.2134
+MLNX_SDK_VERSION = 4.6.2202
 MLNX_SDK_ISSU_VERSION = 101
 
 MLNX_SDK_DRIVERS_GITHUB_URL = https://github.com/Mellanox/Spectrum-SDK-Drivers

rules/config

@@ -125,6 +125,9 @@ SONIC_DPKG_CACHE_SOURCE ?= /var/cache/sonic/artifacts
 DEFAULT_VS_PREPARE_MEM = yes
 
 
+# INCLUDE_SYSTEM_EVENTD - build docker-eventd for system eventd support
+INCLUDE_SYSTEM_EVENTD = y
+
 # INCLUDE_SYSTEM_TELEMETRY - build docker-sonic-telemetry for system telemetry support
 INCLUDE_SYSTEM_TELEMETRY = y
 

rules/docker-eventd.mk

@@ -25,10 +25,14 @@ $(DOCKER_DHCP)_SERVICE_REQUIRES = updategraph
 $(DOCKER_DHCP)_SERVICE_AFTER = database
 
 SONIC_DOCKER_IMAGES += $(DOCKER_EVENTD)
+ifeq ($(INCLUDE_SYSTEM_EVENTD), y)
 SONIC_INSTALL_DOCKER_IMAGES += $(DOCKER_EVENTD)
+endif
 
 SONIC_DOCKER_DBG_IMAGES += $(DOCKER_EVENTD_DBG)
+ifeq ($(INCLUDE_SYSTEM_EVENTD), y)
 SONIC_INSTALL_DOCKER_DBG_IMAGES += $(DOCKER_EVENTD_DBG)
+endif
 
 $(DOCKER_EVENTD)_CONTAINER_NAME = eventd
 $(DOCKER_EVENTD)_RUN_OPT += --privileged -t

slave.mk

@@ -157,6 +157,10 @@ ifeq ($(SONIC_INCLUDE_SYSTEM_TELEMETRY),y)
 INCLUDE_SYSTEM_TELEMETRY = y
 endif
 
+ifeq ($(SONIC_INCLUDE_SYSTEM_EVENTD),y)
+INCLUDE_SYSTEM_EVENTD = y
+endif
+
 ifeq ($(SONIC_INCLUDE_RESTAPI),y)
 INCLUDE_RESTAPI = y
 endif
@@ -413,6 +417,7 @@ $(info "VS_PREPARE_MEM"                  : "$(VS_PREPARE_MEM)")
 $(info "INCLUDE_MGMT_FRAMEWORK"          : "$(INCLUDE_MGMT_FRAMEWORK)")
 $(info "INCLUDE_ICCPD"                   : "$(INCLUDE_ICCPD)")
 $(info "INCLUDE_SYSTEM_TELEMETRY"        : "$(INCLUDE_SYSTEM_TELEMETRY)")
+$(info "INCLUDE_SYSTEM_EVENTD"           : "$(INCLUDE_SYSTEM_EVENTD)")
 $(info "ENABLE_HOST_SERVICE_ON_START"    : "$(ENABLE_HOST_SERVICE_ON_START)")
 $(info "INCLUDE_RESTAPI"                 : "$(INCLUDE_RESTAPI)")
 $(info "INCLUDE_SFLOW"                   : "$(INCLUDE_SFLOW)")
@@ -1062,6 +1067,8 @@ $(addprefix $(TARGET_PATH)/, $(DOCKER_IMAGES)) : $(TARGET_PATH)/%.gz : .platform
 		sudo mount --bind $(PYTHON_DEBS_PATH) $($*.gz_PATH)/python-debs $(LOG)
 		sudo mount --bind $(PYTHON_WHEELS_PATH) $($*.gz_PATH)/python-wheels $(LOG)
 		# Export variables for j2. Use path for unique variable names, e.g. docker_orchagent_debs
+		export include_system_eventd="$(INCLUDE_SYSTEM_EVENTD)"
+		export build_reduce_image_size="$(BUILD_REDUCE_IMAGE_SIZE)"
 		$(eval export $(subst -,_,$(notdir $($*.gz_PATH)))_debs=$(shell printf "$(subst $(SPACE),\n,$(call expand,$($*.gz_DEPENDS),RDEPENDS))\n" | awk '!a[$$0]++'))
 		$(eval export $(subst -,_,$(notdir $($*.gz_PATH)))_pydebs=$(shell printf "$(subst $(SPACE),\n,$(call expand,$($*.gz_PYTHON_DEBS)))\n" | awk '!a[$$0]++'))
 		$(eval export $(subst -,_,$(notdir $($*.gz_PATH)))_whls=$(shell printf "$(subst $(SPACE),\n,$(call expand,$($*.gz_PYTHON_WHEELS)))\n" | awk '!a[$$0]++'))
@@ -1288,6 +1295,8 @@ $(addprefix $(TARGET_PATH)/, $(SONIC_INSTALLERS)) : $(TARGET_PATH)/% : \
 	export sonic_su_mode="$(SECURE_UPGRADE_MODE)"
 	export sonic_su_prod_signing_tool="/sonic/scripts/$(shell basename -- $(SECURE_UPGRADE_PROD_SIGNING_TOOL))"
 	export include_system_telemetry="$(INCLUDE_SYSTEM_TELEMETRY)"
+	export include_system_eventd="$(INCLUDE_SYSTEM_EVENTD)"
+	export build_reduce_image_size="$(BUILD_REDUCE_IMAGE_SIZE)"
 	export include_restapi="$(INCLUDE_RESTAPI)"
 	export include_nat="$(INCLUDE_NAT)"
 	export include_p4rt="$(INCLUDE_P4RT)"

src/dhcpmon

@@ -1 +1 @@
-Subproject commit 7c55e502a1b054aa01c056dc1018e4b863975445
+Subproject commit fc20a97ba2eba753974ea95d504d130093030596

src/sonic-bgpcfgd/bgpcfgd/managers_device_global.py

@@ -91,14 +91,16 @@ class DeviceGlobalCfgMgr(Manager):
             # For packet-based chassis, the bgp session between the linecards are also considered internal sessions
             # While isolating a single linecard, these sessions should not be skipped
             if "_INTERNAL_" in rm or "VOQ_" in rm:
-                continue
+                is_internal="1"
+            else:
+                is_internal="0"
             if "V4" in rm:
                 ipv="V4" ; ipp="ip"
             elif "V6" in rm:
                 ipv="V6" ; ipp="ipv6"
             else:
                 continue
-            cmd += template.render(route_map_name=rm,ip_version=ipv,ip_protocol=ipp, constants=self.constants)
+            cmd += template.render(route_map_name=rm,ip_version=ipv,ip_protocol=ipp,internal_route_map=is_internal, constants=self.constants)
             cmd += "\n"
         return cmd
 

src/sonic-bgpcfgd/staticroutebfd/main.py

@@ -373,7 +373,7 @@ class StaticRouteBfd(object):
 
         valid, is_ipv4, ip = check_ip(ip_prefix)
         if not valid:
-            log_err("invalid ip prefix for static route: ", key)
+            log_err("invalid ip prefix for static route: '%s'"%(key))
             return True
 
         arg_list  = lambda v: [x.strip() for x in v.split(',')] if len(v.strip()) != 0 else None

src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_chassis_packet_isolate.conf

@@ -0,0 +1,35 @@
+!
+! template: bgpd/templates/internal/peer-group.conf.j2
+!
+  neighbor INTERNAL_PEER_V4 peer-group
+  neighbor INTERNAL_PEER_V6 peer-group
+  neighbor INTERNAL_PEER_V4 update-source Loopback4096 
+  address-family ipv4
+    neighbor INTERNAL_PEER_V4 soft-reconfiguration inbound
+    neighbor INTERNAL_PEER_V4 allowas-in 1
+    neighbor INTERNAL_PEER_V4 route-map FROM_BGP_INTERNAL_PEER_V4 in
+    neighbor INTERNAL_PEER_V4 route-map TO_BGP_INTERNAL_PEER_V4 out
+    neighbor INTERNAL_PEER_V4 send-community
+    neighbor INTERNAL_PEER_V4 ttl-security hops 1
+  exit-address-family
+  neighbor INTERNAL_PEER_V6 update-source Loopback4096 
+  address-family ipv6
+    neighbor INTERNAL_PEER_V6 soft-reconfiguration inbound
+    neighbor INTERNAL_PEER_V6 allowas-in 1
+    neighbor INTERNAL_PEER_V6 route-map FROM_BGP_INTERNAL_PEER_V6 in
+    neighbor INTERNAL_PEER_V6 route-map TO_BGP_INTERNAL_PEER_V6 out
+    neighbor INTERNAL_PEER_V6 send-community
+    neighbor INTERNAL_PEER_V6 ttl-security hops 1
+  exit-address-family
+!
+! end of template: bgpd/templates/internal/peer-group.conf.j2
+!
+
+
+route-map TO_BGP_INTERNAL_PEER_V4 permit 20
+  set community no-export additive
+!
+route-map TO_BGP_INTERNAL_PEER_V6 permit 20
+  set community no-export additive
+!
+

src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_chassis_packet_unisolate.conf

@@ -0,0 +1,33 @@
+!
+! template: bgpd/templates/internal/peer-group.conf.j2
+!
+  neighbor INTERNAL_PEER_V4 peer-group
+  neighbor INTERNAL_PEER_V6 peer-group
+  neighbor INTERNAL_PEER_V4 update-source Loopback4096 
+  address-family ipv4
+    neighbor INTERNAL_PEER_V4 soft-reconfiguration inbound
+    neighbor INTERNAL_PEER_V4 allowas-in 1
+    neighbor INTERNAL_PEER_V4 route-map FROM_BGP_INTERNAL_PEER_V4 in
+    neighbor INTERNAL_PEER_V4 route-map TO_BGP_INTERNAL_PEER_V4 out
+    neighbor INTERNAL_PEER_V4 send-community
+    neighbor INTERNAL_PEER_V4 ttl-security hops 1
+  exit-address-family
+  neighbor INTERNAL_PEER_V6 update-source Loopback4096 
+  address-family ipv6
+    neighbor INTERNAL_PEER_V6 soft-reconfiguration inbound
+    neighbor INTERNAL_PEER_V6 allowas-in 1
+    neighbor INTERNAL_PEER_V6 route-map FROM_BGP_INTERNAL_PEER_V6 in
+    neighbor INTERNAL_PEER_V6 route-map TO_BGP_INTERNAL_PEER_V6 out
+    neighbor INTERNAL_PEER_V6 send-community
+    neighbor INTERNAL_PEER_V6 ttl-security hops 1
+  exit-address-family
+!
+! end of template: bgpd/templates/internal/peer-group.conf.j2
+!
+
+
+no route-map TO_BGP_INTERNAL_PEER_V4 permit 20
+!
+no route-map TO_BGP_INTERNAL_PEER_V6 permit 20
+!
+

src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf

@@ -2,12 +2,17 @@
 ! template: bgpd/templates/internal/policies.conf.j2
 !
 bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit 12345:556
+bgp community-list standard NO_EXPORT permit no-export
 !
 route-map FROM_BGP_INTERNAL_PEER_V4 permit 1
   match community DEVICE_INTERNAL_COMMUNITY
   set comm-list DEVICE_INTERNAL_COMMUNITY delete
   set tag 101
 !
+route-map FROM_BGP_INTERNAL_PEER_V4 permit 2
+  match community NO_EXPORT
+  set local-preference 80
+!
 route-map FROM_BGP_INTERNAL_PEER_V6 permit 1
  set ipv6 next-hop prefer-global
  on-match next
@@ -17,6 +22,10 @@ route-map FROM_BGP_INTERNAL_PEER_V6 permit 2
   set comm-list DEVICE_INTERNAL_COMMUNITY delete
   set tag 101
 !
+route-map FROM_BGP_INTERNAL_PEER_V6 permit 3
+  match community NO_EXPORT
+  set local-preference 80
+!
 route-map TO_BGP_INTERNAL_PEER_V4 permit 1
   match ip address prefix-list PL_LoopbackV4
   set community 12345:556

src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/result_base.conf

@@ -2,12 +2,17 @@
 ! template: bgpd/templates/voq_chassis/policies.conf.j2
 !
 bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit 12345:556
+bgp community-list standard NO_EXPORT permit no-export
 !
 route-map FROM_VOQ_CHASSIS_V4_PEER permit 1
   match community DEVICE_INTERNAL_COMMUNITY
   set comm-list DEVICE_INTERNAL_COMMUNITY delete
   set tag 101
 !
+route-map FROM_VOQ_CHASSIS_V4_PEER permit 2
+  match community NO_EXPORT
+  set local-preference 80
+!
 route-map FROM_VOQ_CHASSIS_V4_PEER permit 100
 !
 route-map TO_VOQ_CHASSIS_V4_PEER permit 1
@@ -25,6 +30,10 @@ route-map FROM_VOQ_CHASSIS_V6_PEER permit 2
   set comm-list DEVICE_INTERNAL_COMMUNITY delete
   set tag 101
 !
+route-map FROM_VOQ_CHASSIS_V6_PEER permit 3
+  match community NO_EXPORT
+  set local-preference 80
+!
 route-map FROM_VOQ_CHASSIS_V6_PEER permit 100
 !
 route-map TO_VOQ_CHASSIS_V6_PEER permit 1

src/sonic-bgpcfgd/tests/test_device_global.py

@@ -11,6 +11,7 @@ from copy import deepcopy
 
 TEMPLATE_PATH = os.path.abspath('../../dockers/docker-fpm-frr/frr')
 BASE_PATH = os.path.abspath('../sonic-bgpcfgd/tests/data/general/peer-group.conf/')
+INTERNAL_BASE_PATH = os.path.abspath('../sonic-bgpcfgd/tests/data/internal/peer-group.conf/')
 global_constants = {
     "bgp":  {
         "traffic_shift_community" :"12345:12345",
@@ -18,7 +19,7 @@ global_constants = {
     }
 }
 
-def constructor():
+def constructor(check_internal=False):
     cfg_mgr = MagicMock()
     def get_text():
         text = []
@@ -29,7 +30,10 @@ def constructor():
         text += ["     "]
         return text
     def update():
-        cfg_mgr.changes = get_string_from_file("/result_all.conf")
+        if check_internal:
+            cfg_mgr.changes = get_string_from_file("/result_chasiss_packet.conf", INTERNAL_BASE_PATH)
+        else:
+            cfg_mgr.changes = get_string_from_file("/result_all.conf")
     def push(cfg):
         cfg_mgr.changes += cfg + "\n"
     def get_config():
@@ -59,6 +63,15 @@ def test_isolate_device(mocked_log_info):
     mocked_log_info.assert_called_with("DeviceGlobalCfgMgr::Done")
     assert m.cfg_mgr.get_config() == get_string_from_file("/result_all_isolate.conf")
 
+@patch('bgpcfgd.managers_device_global.log_debug')
+def test_isolate_device_internal_session(mocked_log_info):
+    m = constructor(check_internal=True)
+    res = m.set_handler("STATE", {"tsa_enabled": "true"})
+    assert res, "Expect True return value for set_handler"
+    mocked_log_info.assert_called_with("DeviceGlobalCfgMgr::Done")
+    assert m.cfg_mgr.get_config() == get_string_from_file("/result_chassis_packet_isolate.conf", INTERNAL_BASE_PATH)
+
+
 @patch('bgpcfgd.managers_device_global.log_debug')
 def test_unisolate_device(mocked_log_info):
     m = constructor()
@@ -67,6 +80,15 @@ def test_unisolate_device(mocked_log_info):
     mocked_log_info.assert_called_with("DeviceGlobalCfgMgr::Done")
     assert m.cfg_mgr.get_config() == get_string_from_file("/result_all_unisolate.conf")
 
+@patch('bgpcfgd.managers_device_global.log_debug')
+def test_unisolate_device_internal_session(mocked_log_info):
+    m = constructor(check_internal=True)
+    res = m.set_handler("STATE", {"tsa_enabled": "false"})
+    assert res, "Expect True return value for set_handler"
+    mocked_log_info.assert_called_with("DeviceGlobalCfgMgr::Done")
+    assert m.cfg_mgr.get_config() == get_string_from_file("/result_chassis_packet_unisolate.conf", INTERNAL_BASE_PATH)
+
+
 def test_check_state_and_get_tsa_routemaps():
     m = constructor()
     m.set_handler("STATE", {"tsa_enabled": "true"})
@@ -93,8 +115,8 @@ def test_get_tsb_routemaps():
     expected_res = get_string_from_file("/result_unisolate.conf")
     assert res == expected_res
 
-def get_string_from_file(filename):
-    fp = open(BASE_PATH + filename, "r")
+def get_string_from_file(filename, base_path=BASE_PATH):
+    fp = open(base_path + filename, "r")
     cfg = fp.read()
     fp.close()
 

src/sonic-bgpcfgd/tests/test_static_rt_bfd.py

@@ -95,6 +95,23 @@ def intf_setup(dut):
         {}
     )
 
+@patch('staticroutebfd.main.log_err')
+def test_invalid_key(mocked_log_err):
+    dut = constructor()
+    intf_setup(dut)
+
+    set_del_test(dut, "srt",
+        "SET",
+        ("2.2.2/24", {
+            "bfd": "true",
+            "nexthop": "192.168.1.2 , 192.168.2.2, 192.168.3.2",
+            "ifname": "if1, if2, if3",
+        }),
+        {},
+        {}
+    )
+    mocked_log_err.assert_called_with("invalid ip prefix for static route: '2.2.2/24'")
+
 def test_set_del():
     dut = constructor()
     intf_setup(dut)

src/sonic-config-engine/tests/sample_output/py2/zebra_frr_dualtor.conf

@@ -0,0 +1,49 @@
+!
+! =========== Managed by sonic-cfggen DO NOT edit manually! ====================
+! generated by templates/zebra/zebra.conf.j2 using config DB data
+! file: zebra.conf
+!
+!
+! Force disable next hop group support
+no zebra nexthop kernel enable
+! Uses the old known FPM behavior of including next hop information in the route (e.g. RTM_NEWROUTE) messages
+no fpm use-next-hop-groups
+!
+fpm address 127.0.0.1
+!
+! template: common/daemons.common.conf.j2
+!
+hostname switch-t0
+password zebra
+enable password zebra
+!
+log syslog informational
+log facility local4
+!
+! end of template: common/daemons.common.conf.j2!
+!
+!
+! Enable nht through default route
+ip nht resolve-via-default
+ipv6 nht resolve-via-default
+! Enable link-detect (default disabled)
+interface PortChannel03
+link-detect
+!
+interface PortChannel02
+link-detect
+!
+interface PortChannel01
+link-detect
+!
+interface PortChannel04
+link-detect
+!
+! Disable link-detect on VLAN interfaces for dualtor
+interface Vlan2000
+no link-detect
+!
+interface Vlan1000
+no link-detect
+!
+!!

src/sonic-config-engine/tests/sample_output/py3/zebra_frr_dualtor.conf

@@ -0,0 +1,49 @@
+!
+! =========== Managed by sonic-cfggen DO NOT edit manually! ====================
+! generated by templates/zebra/zebra.conf.j2 using config DB data
+! file: zebra.conf
+!
+!
+! Force disable next hop group support
+no zebra nexthop kernel enable
+! Uses the old known FPM behavior of including next hop information in the route (e.g. RTM_NEWROUTE) messages
+no fpm use-next-hop-groups
+!
+fpm address 127.0.0.1
+!
+! template: common/daemons.common.conf.j2
+!
+hostname switch-t0
+password zebra
+enable password zebra
+!
+log syslog informational
+log facility local4
+!
+! end of template: common/daemons.common.conf.j2!
+!
+!
+! Enable nht through default route
+ip nht resolve-via-default
+ipv6 nht resolve-via-default
+! Enable link-detect (default disabled)
+interface PortChannel01
+link-detect
+!
+interface PortChannel02
+link-detect
+!
+interface PortChannel03
+link-detect
+!
+interface PortChannel04
+link-detect
+!
+! Disable link-detect on VLAN interfaces for dualtor
+interface Vlan1000
+no link-detect
+!
+interface Vlan2000
+no link-detect
+!
+!!

src/sonic-config-engine/tests/test_frr.py

@@ -74,3 +74,7 @@ class TestCfgGen(TestCase):
     def test_bgpd_frr_dualtor(self):
         extra_data = {"DEVICE_METADATA": {"localhost": {"subtype": "DualToR"}}}
         self.assertTrue(*self.run_case('bgpd/bgpd.conf.j2', 'bgpd_frr_dualtor.conf', extra_data=extra_data))
+
+    def test_zebra_frr_dualtor(self):
+        extra_data = {"DEVICE_METADATA": {"localhost": {"subtype": "DualToR"}}}
+        self.assertTrue(*self.run_case('zebra/zebra.conf.j2', 'zebra_frr_dualtor.conf', extra_data=extra_data))

src/sonic-utilities

@@ -1 +1 @@
-Subproject commit 83a548decee29f843b9d3178824f6393af9b73e6
+Subproject commit c5e30e38f51ae009b7eed015f6d8fe2115a1c92c

src/tacacs/bash_tacplus/bash_tacplus.c

@@ -471,8 +471,9 @@ int on_shell_execve (char *user, int shell_level, char *cmd, char **argv)
                 fprintf(stdout, "%s not authorized by TACACS+ with given arguments, not executing\n", cmd);
             break;
             default:
+                // when command reject by server, authorization will failed immediately
                 fprintf(stdout, "%s authorize failed by TACACS+ with given arguments, not executing\n", cmd);
-            break;
+                return ret;
         }
 
         if ((tacacs_ctrl & AUTHORIZATION_FLAG_LOCAL) == 0) {