Export remote address to environment variable for TACACS authorization.
#### Why I did it
When remote user login, nss-tacplus need user remove address for TACACSS authorization.
#### How I did it
Export remote address to environment variable "SSH_REMOTE_IP"
#### How to verify it
Pass all E2E test.
#### Which release branch to backport (provide reason below if selected)
<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->
- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111
- [ ] 202205
#### Description for the changelog
Export remote address to environment variable for TACACS authorization.
#### Ensure to add label/tag for the feature raised. example - PR#2174 under sonic-utilities repo. where, Generic Config and Update feature has been labelled as GCU.
#### Link to config_db schema for YANG module changes
<!--
Provide a link to config_db schema for the table for which YANG model
is defined
Link should point to correct section on https://github.com/Azure/sonic-buildimage/blob/master/src/sonic-yang-models/doc/Configuration.md
-->
#### A picture of a cute animal (not mandatory but encouraged)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`subprocess` is used with `shell=True`, which is very dangerous for shell injection.
#### How I did it
remove `shell=True`, use `shell=False`
#### How to verify it
Pass UT
Manual test
* Fix kube mode to local mode long duration issue
* Remove IPV6 parameters which is not necessary
* Fix read node labels bug
* Tag the running image to latest if it's stable
* Disable image_version_higher check
* Change image_version_higher checker test case
Signed-off-by: Yun Li <yunli1@microsoft.com>
Send remote address in TACACS+ authorization message.
#### Why I did it
TACACS+ authorization message not send remote address to server side.
#### How I did it
Send remote address in TACACS+ authorization message.
#### How to verify it
Pass all E2E test.
Create new test case to validate remote address been send to server side.
#### Which release branch to backport (provide reason below if selected)
<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->
- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111
- [ ] 202205
#### Description for the changelog
Send remote address in TACACS+ authorization message.
#### Ensure to add label/tag for the feature raised. example - [PR#2174](https://github.com/sonic-net/sonic-utilities/pull/2174) where, Generic Config and Update feature has been labelled as GCU.
#### Link to config_db schema for YANG module changes
<!--
Provide a link to config_db schema for the table for which YANG model
is defined
Link should point to correct section on https://github.com/Azure/sonic-buildimage/blob/master/src/sonic-yang-models/doc/Configuration.md
-->
#### A picture of a cute animal (not mandatory but encouraged)
Changes:
-- Change name-space from Azure to sonic-net.
-- Sort yang list in setup.py for yang-models list.
#### Why I did it
Sonic repo has moved to Linux-foundation.
#### How I did it
[yang-models]: Change name-space from Azure to sonic-net.
#### How to verify it
PR Tests are good enough to verify.
* [openssh]: Restore behavior of ClientAliveCountMax=0
OpenSSH 8.2 changed the behavior of ClientAliveCountMax=0 such that
setting it to 0 disables connection-killing entirely when the connection
is idle. Revert that change.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
* Remove build-dep command that should not be there
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`subprocess.Popen()` and `subprocess.run()` is used with `shell=True`, which is very dangerous for shell injection.
`os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content
#### How I did it
Replace `os` by `subprocess`, remove `shell=True`
#### How to verify it
Passed UT
Tested in DUT
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`subprocess` is used with `shell=True`, which is very dangerous for shell injection.
#### How I did it
remove `shell=True`, use `shell=False`
#### How to verify it
Pass UT
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`subprocess` is used with `shell=True`, which is very dangerous for shell injection.
`os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content
`yaml.load` can create arbitrary Python objects
#### How I did it
Replace `os` by `subprocess`, remove `shell=True`
Use `yaml.safe_load()`
#### How to verify it
Pass UT
- Why I did it
Add the ability to the user to save the loglevel and make it persistent to reboot.
- How I did it
Move the logger tables from the LOGLEVEL DB to the CONFIG DB. Add new yang model to verify the new config schema.
- How to verify it
1. change the orchagent loglevel (for example) -> swssloglevel -c orchagent -l DEBUG
2. save the loglevel -> run config save
3. reboot
4. verify that the orchagent log level is still DEBUG ->run run redis-cli -n 4 hgetall "LOGGER|orchagent"
Update sonic-utilities submodule pointer to include the following:
4a3d49d Fix exception in adding mirror_session when gre_type is absent (#2458)
7e7d05c Update the DBmigrator to support persistent loglevel during warm-upgrade (#2370)
c2841b8 [doc]: Update Command-Reference.md (#2444)
254cafc Event Counters CLI (#2449)
2dab0d0 [techsupport] Adding FRR EVPN dumps (#2442)
3c0aece [show][muxcable] add support for show mux firmware version all (#2441)
Signed-off-by: dprital <drorp@nvidia.com>
Update sonic-swss-common submodule pointer to include the following:
* abda263 Make the loglevel persistent by moving the LOGGER table from the LOGLEVEL DB to the CONFIG DB ([#687](https://github.com/sonic-net/sonic-swss-common/pull/687))
Signed-off-by: dprital <drorp@nvidia.com>
d0fdf62 Check whether a pointer created by dynamic_cast is null before using it. (#689)
2cae742 [Fast/Warm restart] Implement helper class for waiting restart done (#691)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`subprocess` is used with `shell=True`, which is very dangerous for shell injection.
#### How I did it
remove `shell=True`, use `shell=False`
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`getstatusoutput()` function from `subprocess` module has shell injection issue because it includes `shell=True` in the implementation
#### How I did it
Use `getstatusoutput_noshell()` from sonic_py_common library
#### How to verify it
Tested in DUT
* Fix CVE-2022-37032 on FRR submodule
Patch was cherry picked from FRRouting/frr repo - d8d77d3733bc299ed5dd7b44c4d464ba2bfed288
* Fix CVE-2022-37032 on FRR submodule
Patch was cherry picked from FRRouting/frr repo - d8d77d3733bc299ed5dd7b44c4d464ba2bfed288
* Update patch version number
#### Why I did it
Update sonic-host-services submodule to include below commits:
```
bc8698d Merge pull request #21 from abdosi/feature
557a110 Fix the issue where if dest port is not specified in ACL rule than for multi-asic where we create NAT rule to forward traffic from Namespace to host fail with exception.
6e45acc (master) Merge pull request #14 from abdosi/feature
4d6cad7 Merge remote-tracking branch 'upstream/master' into feature
bceb13e Install libyang to azure pipeline (#20)
82299f5 Merge pull request #13 from SuvarnaMeenakshi/cacl_fabricns
15d3bf4 Merge branch 'master' into cacl_fabricns
de54082 Merge pull request #16 from ZhaohuiS/feature/caclmgrd_external_client_warning_log
b4b368d Add warning log if destination port is not defined
d4bb96d Merge branch 'master' into cacl_fabricns
35c76cb Add unit-test and fix typo.
17d44c2 Made Changes to be Python 3.7 compatible
978afb5 Aligning Code
1fbf8fb Merge remote-tracking branch 'upstream/master' into feature
7b8c7d1 Added UT for the changes
91c4c42 Merge pull request #9 from ZhaohuiS/feature/caclmgrd_external_client
7c0b56a Add 4 test cases for external_client_acl, including single port and port range for ipv4 and ipv6
b71e507 Merge remote-tracking branch 'origin/master' into HEAD
d992dc0 Merge branch 'master' into feature/caclmgrd_external_client
bd7b172 DST_PORT is configuralbe in json config file for EXTERNAL_CLIENT_ACL
f9af7ae [CLI] Move hostname, mgmt interface/vrf config to hostcfgd (#2)
70ce6a3 Merge pull request #10 from sujinmkang/cold_reset
29be8d2 Added Support to render Feature Table using Device running metadata. Also added support to render 'has_asic_scope' field of Feature Table.
3437e35 [caclmgrd][chassis]: Add ip tables rules to accept internal docker traffic from fabric asic namespaces.
8720561 Fix and add hardware reboot cause determination tests
0dcc7fe remove the empty bracket if no hardware reboot cause minor
e47d831 fix the wrong expected result comparision
ef86b53 Fix startswith Attribute error
8a630bb fix mock patch
8543ddf update the reboot cause logic and update the unit test
53ad7cd fix the mock patch function
7c8003d fix the reboot-cause regix for test
1ba611f fix typo
25379d3 Add unit test case
a56133b Add hardware reboot cause as actual reboot cause for soft reboot failed
c7d3833 Support Restapi/gnmi control plane acls
f6ea036 caclmgrd: Don't block traffic to mgmt by default
a712fc4 Update test cases
adc058b caclmgrd: Don't block traffic to mgmt by default
06ff918 Merge pull request #7 from bluecmd/patch-1
e3e23bc ci: Rename sonic-buildimage repository
e83a858 Merge pull request #4 from kamelnetworks/acl-ip2me-test
f5a2e50 [caclmgrd]: Tests for IP2ME rules generation
```
aedc05ecf [QoS] Support dynamic headroom calculation for Barefoot platforms (#2306)
7f4da26f2 [app_ext] [auto-ts] Add available_mem_threshold option (#2423)
b25070176 YANG Validation for ConfigDB Updates: Fix Decorator Bug (#2405)
f62d1e596 [watermarkstat] Add new warning message for the 'q_shared_multi' counters (#2408)
25fda264e [chassis]Add fabric counter cli commands (#1860)
ae97e597e Update sonic command doc to add CLIs relative to SONiC fips (#2377)
abd5eba49 [generate_dump]: Enhance show techsupport for cisco-8000 platform (#2403)
ee15b74a2 Include configuring laser frequency and tx power (#2437)
70be50cdc Add a subcommand to display a hexdump of transceiver EEPROM page (#2379)
c246801ba Filter port invalid MTU configuration (#2378)
362ec9bd7 [show] vnet advertised-route command (#2390)
2372e2983 [show priority-group drop counters] Remove backup with cached PG drop counters after 'config reload' (#2386)
Signed-off-by: Vivek Reddy Karri <vkarri@nvidia.com>
Signed-off-by: Vivek Reddy Karri <vkarri@nvidia.com>
Why I did it
#4021 describes an issue that is still being observed on master image whereby sensord does not start in pmon due to missing service.
How I did it
Updated the lm-sensors install patch with a case for systemd
How to verify it
Verified that sensord is up in pmon after boot
Co-authored-by: Boyang Yu <byu@arista.com>
Fixing issue FRRouting/frr#11108
For interface based peers with peer-groups, "no neighbor capability extended-nexthop" gets added by default. This will result in IPv4 routes not having ipv6 next hops.
- How I did it
Porting the commit FRRouting/frr@8e89adc to FRR 8.2.2 which fixes the issue
- How to verify it
Load FRR and verify if the "no neighbor capability extended-nexthop" not gets added for interfaces associated with peer-groups
- Why I did it
Update sonic-platform-common submodule pointer to include the following:
Read CMIS data path state duration (#312)
Remove shell=True (#313)
[credo][ycable] remove mux-toggle inprogress flags for some API's (#311)
[Cdb fw upgrade (#308)
[Credo][Ycable] enhancement and error exception for some APIs (#303)
[ycable] add definitions of some new API's for Y-Cable infrastructure (#301)
Install libyang to azure pipeline (#310)
Update the return of update_firmware for the image not exist case (#306)
[CMIS] 'get_transceiver_info' should return 'None' when CMIS cable EEPROM is not ready (#305)
uplift code coverage 80% (#307)
[sonic-pcie] Add UT for pcie_common.py (#293)
[CMIS] Catch Exception to avoid CMIS code crash (#299)
[Credo][Ycable] fix incorrect uart statistics (#296)
Add PSU input voltage and input current (#295)
- How I did it
Advance sonic-platform-common pointer
Signed-off-by: dprital <drorp@nvidia.com>
- Why I did it
Update sonic-sairedis submodule pointer to include the following:
2585a1f [Support gearbox SAI_PORT_ATTR_PORT_SERDES_ID on vs (#1082)
fd9bc84 [SAI NAT aging notification (#987)
3fa8f34 [[doc]: Update README.md (#1122)
157e573 [[lgtm] Fix libyang missing in lgtm validation issue (#1135)
af80caa Add Voqs to Virtual Switch (#1061)
f9008ad [fastboot] fastboot enhancement: Use warm-boot infrastructure for fast-boot (#1100)
- How I did it
Advance sonic-sairedis pointer
Signed-off-by: dprital <drorp@nvidia.com>
Why I did it
Revert change in syslog such that it does not utilize c++ string
How I did it
Code change
How to verify it
Which release branch to backport (provide reason below if selected)
201811
201911
202006
202012
202106
202111
202205
Description for the changelog
Ensure to add label/tag for the feature raised. example - PR#2174 under sonic-utilities repo. where, Generic Config and Update feature has been labelled as GCU.
Link to config_db schema for YANG module changes
A picture of a cute animal (not mandatory but encouraged)
What I did
Filter port invalid MTU configuration
How I did it
Adjust the MTU value to the range of [68,9216]
How to verify it
Use "config interface mtu Ethernet1 40" command to configure the port MTU. The following error will occur in SWSS.
Why I did it
There is an outstanding FRR issue #12380. This seems to be a known issue but without good fix so far. The root cause is around zebra and kernel netlink interaction. The failure was previously not noticed by zebra.
How I did it
Port the patch that would make the issue obvious.
Signed-off-by: Ying Xie ying.xie@microsoft.com
changes:
-- yang model for dhcp_server table.
-- tests.
Why I did it
yang model for dhcp_server table.
How I did it
-- yang model for dhcp_server table.
-- yang model tests.
How to verify it
-- yang model build time tests.
changes:
-- yang model for mpls_tc_to_tc_map table.
-- tests.
#### Why I did it
yang model for mpls_tc_to_tc_map table.
#### How I did it
-- yang model for mpls_tc_to_tc_map table.
-- yang model tests.
#### How to verify it
-- yang model build time tests.
This is causing a build failure for all builds. The PR build was incorrectly marked as passing due to a different build issue.
libyang[0]: Regular expression "(/[a-zA-Z0-9_-.]+)*/([a-zA-Z0-9_-.]+)./[a-z]{3}" is not valid (".]+)*/([a-zA-Z0-9_-.]+)./[a-z]{3})$": range out of order in character class).
libyang[0]: Module "sonic-restapi" parsing failed.
ERROR:YANG-TEST: Exception >Module "sonic-restapi" parsing failed.< in /sonic/src/sonic-yang-models/tests/yang_model_tests/test_yang_model.py:114
ERROR:YANG-TEST: Exception >Module "sonic-restapi" parsing failed.< in /sonic/src/sonic-yang-models/tests/yang_model_test
This reverts commit e1765121b2.
- Why I did it
Fixes#11431
- How I did it
dhcp6relay binds to ipv6 addresses configured on these vlan interfaces
Thus check if they are ready before launching dhcp6relay
- How to verify it
Unit Tests
Tested on a live device
Signed-off-by: Vivek Reddy Karri <vkarri@nvidia.com>
Why I did it
Fix apt-get remove/purge version not locked issue when the apt-get options not specified.
How I did it
Add a space character before and after the command line parameters.
ac71d745d [VxLAN]Fix Vxlan delete command to throw error when there are references (#2404)
7419c6731 Added cisco config platform commands (#2242)
8760bbe80 Add UT to check sonic installer does not depend on database (#2401)
6bef65260 [doc] add documentation on automatic techsupport based on memory (#2411)
4a783745f [doc] update "config feature" section with "--block" option (#2409)
dd6210fcc [Vxlanmgrd] [CPA] Update the vxlan_tunnel name len to be under IFNAMIZ to overcome netdev creation failure (#2398)
bdc4a8a60 Fix broken pipeline build URL (#2363)
b31681b43 Fix display disorder problem of show vrf (#2392)
123504a85 YANG validation for ConfigDB Updates: portchannel add/remove, loopback interface, VLAN
28f6820c6 [link-local]Modify RIF check to include link-local enabled interfaces (#2394)
Signed-off-by: Neetha John nejo@microsoft.com
Why I did it
slb and bgp mon peers are not needed for storage backend. These neighbor are present in the minigraph.
How I did it
After minigraph parsing, remove these neighbors if it is a storage backend device
How to verify it
Unit tests
Verified on the device that once these tables are removed, these peers don't show up in "show runningconfig bgp" output
Include:
df92fb72 Improve verbosity level and provide more info in the log (#2472)
e81ed20b [intfmgr]: Enable `accept_untracked_na` kernel param (#2436)
24d29f18 [orchdaemon]: Fixed sairedis record file rotation (#2299)
b8ee07d7 [build] add missing package libyang-dev in lgtm.yml (#2475)
e46dd294 [crm] Fix issue with continues EXCEEDED and CLEAR logs for ACL group/table counters (#2463)
b61d24cd [doc]: Update README.md (#2456)
b9ade5d2 [orchagent] Fix issue: ip prefix shall be inited even if VRF/VNET is not ready (#2461)
f0f1eb47 Revert "[counters] Improve performance by polling only configured ports buffer queue/pg counters (#2360)" (#2458)
3d757a83 [ci][asan] add DVS tests run with ASAN (#2441)
04fbc8e3 [ci] Only when test stage succeeded or succeededwithissues, PR run Gcov (#2460)
7cc035f9 [orchagent]: Publish identified events via structured-events channel (#2446)
efa0f01d [QoS] Enforce drop probability only for colors whose WRED are enabled (#2422)
05c5c2f6 [swss] Replace memset functions (#2423)
9ff993db Modified the test file to remove click commands and do the REDIS-DB u… (#2264)
9e376af3 Install libyang in azure pipeline. (#2445)
c1eb99a7 check state_db for po before sending ARP/ND pkts (#2444)
43cc4869 [portmgr] Fixed the orchagent crash due to late arrival of notif (#2431)
b62c7162 Enhance orchagent and buffer manager in error handling (#2414)
13bda3c6 [Everflow/ERSPAN] Set correct destination port and mac address when the nexthop is updated for ERSPAN mirror destination (#2392)
0ccb315c Revert "[VS Test] Skip failing subport tests (#2370)" (#2421)
ac8a83f0 [UT] [Portsyncd] Added Unit Tests for portsyncd (#2297)
83a186a9 Change the log messages in addKernelNeigh/Route from ERROR to INFO (#2437)
9c23389b [BFD]Clean up state_db BFD entries on swss restart (#2434)
d41aebfd EntityBulker SIGSEGV when create_entry attr_count 0 (#2224)
f52a7b1c Fix the Fec Mode Setting of gbsyncd (#2430)
8cc0a451 [neighsyncd] Enabling ipv4 link local entries for non-dualtor (#2427)
5624e875 Revert "[ci][asan] add DVS tests run with ASAN (#2363)" (#2433)
a26b26ac Dynamic port configuration - add port buffer cfg to the port ref counter (#2194)
486939a9 tlm_teamd: Filter portchannel subinterface events from STATE_DB LAG_TABLE (#2408)
a4b89925 [counters] Improve performance by polling only configured ports buffer queue/pg counters (#2360)
4aaeec91 added support for Xsight platform (#2426)
ca9edcad [ci][asan] add DVS tests run with ASAN (#2363)
dec4570c Handle dual ToR neighbor miss scenario (#2151)
9eb44220 Upstream new development on p4orch (#2237)
e9be2c0e [lgtm] Fix dependency (#2419)
c0168f35 [muxorch] Returning true if nbr in skip_neighbor_ in isNeighborActive() (#2415)
cfcf3d87 [macsec]: Set MTU for MACsec (#2398)
8346034b Delete Invalid if condition in intfsorch.cpp (#2411)
Signed-off-by: Lawrence Lee <lawlee@microsoft.com>
0a7557bd9 [minigraph] add option to specify golden path in load_minigraph (#2350)
322aefc37 [GCU]Remove GCU unique lane check for duplicate lanes platforms (#2343)
7099fffa7 [fastboot] fastboot enhancement: Use warm-boot infrastructure for fast-boot (#2286)
09026edbb [warm-reboot] fix warm-reboot when /tmp/cache is missing (#2367)
a3c404c74 Fix typo in platform_sfputil_helper.is_rj45_port (#2374)
637d834ce Vnet_route_check Vxlan tunnel route update. (#2281)
29a3e5180 Added support for tunnel route status in show vnet routes all. (#2341)
1ac584bb3 Use 'default' VRF when VRF name is not provided (#2368)
4d377a620 [subinterface]Added additional checks in portchannel and subinterface commands (#2345)
bbcdf2ed7 disk_check: Publish event for RO state (#2320)
3fd537b0a Support the bandit check by GitHub Action (#2358)
491d3d380 [generate dump]Added error message when saisdkdump fails (#2356)
6830e01ec [counterpoll]Fixing counterpoll show for tunnel and acl stats (#2355)
3be2ad7de [fast-reboot]Avoid stopping masked services during fast-reboot (#2335)
0e1b0cf20 [GCU] Fix missing backend in dry run (#2347)
676c31bd0 Add verification for override (#2305)
48997c266 Add Password Hardening CLI support (#2338)
414e239ea update unit tests for swap allocator
a91a4922f consider swap checking memory in installer
f0ce58635 [route_check]: Ignore standalone tunnel routes (#2325)
Porting sonic_db_dump_load.py from sonic-py-swsssdk to sonic-py-common.
#### Why I did it
sonic-py-swsssdk will be deprecate, so porting sonic_db_dump_load.py to sonic-py-common.
#### How I did it
Copy sonic_db_dump_load.py to sonic-py-common, and fix minor API different.
#### How to verify it
Pass all E2E test.
The platform_tests/test_advanced_reboot.py::test_warm_reboot will cover this script.
#### Which release branch to backport (provide reason below if selected)
<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->
- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111
- [ ] 202205
#### Description for the changelog
Porting sonic_db_dump_load.py from sonic-py-swsssdk to sonic-py-common.
#### Ensure to add label/tag for the feature raised. example - [PR#2174](https://github.com/sonic-net/sonic-utilities/pull/2174) where, Generic Config and Update feature has been labelled as GCU.
#### Link to config_db schema for YANG module changes
<!--
Provide a link to config_db schema for the table for which YANG model
is defined
Link should point to correct section on https://github.com/Azure/sonic-buildimage/blob/master/src/sonic-yang-models/doc/Configuration.md
-->
#### A picture of a cute animal (not mandatory but encouraged)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`getstatusoutput()` function from `subprocess` module has shell injection issue because it includes `shell=True` in the implementation
Eliminate duplicate code
#### How I did it
Reimplement `getstatusoutput_noshell()` and `getstatusoutput_noshell_pipe()` functions with `shell=False`
Add `check_output_pipe()` function
#### How to verify it
Pass UT
- Why I did it
As part of Persistent log level HLD , LOGLEVEL_DB content is moved to CONFIG_DB.
In addition, it was decided to remove jinja2_cache which currently appear on LOGLEVEL_DB
This cache was added to speed up template rendering in start scripts. There were a lot of them rendered during system start. This caused a delay in warm boot LAG restore time. It was tested and verified that with and without the cache we don't see any difference in this timing now. It is probably due to a lot of other optimizations done to sonic-cfggen. Since there is no noticeable improvement made by j2 cache now it is safe to remove it.
- How I did it
Remove redis_bcc.py file and and remove the bytcode_cache from sonic-sfggen
- How to verify it
Warm boot was tested with \ without this jinja2_cache and it there is no difference in performance
Why I did it
Replace configuration parameter for gnmi write, and we will add other gnmi write features in the future.
How I did it
Update rules/config and other Makefile.
How to verify it
Build sonic image.
Why I did it
Current isc-dhcp uses below code to remove DHCP option:
memmove(sp, op, op[1] + 2);
sp += op[1] + 2;
sp points to the option to be stripped, we can call it as option S.
op points to the option after options S, we can call it as option O.
DHCP option is a typical type-length-value structure, the first byte is type, the second byte is length, and remain parts are value.
In this case, option O length is bigger than option S, and more than 2 bytes, after the memmove, we will get this result:
Now Option S and Option O are overwritten, op[1] was the length of Option O, and it's modified after memmove.
But current implementation is still using op[1] as length to update sp (sp+=op[1]+2), so we get the wrong sp.
How I did it
Create patch from https://github.com/isc-projects/dhcp
The new impelementation use mlen to store the length of Option O before memmove, that's how it fixed the bug.
size_t mlen = op[1] + 2;
memmove(sp, op, mlen);
sp += mlen;
How to verify it
I have a PR for sonic-mgmt to cover this issue:
sonic-net/sonic-mgmt#6330
Signed-off-by: Gang Lv ganglv@microsoft.com
* Make client indentity by AME cert
* Join k8s cluster by ipv6
* Change join test cases
* Test case bug fix
* Improve read node label func
* Configure kubelet and change test cases
* For kubernetes version 1.22.2
* Fix undefine issue
Signed-off-by: Yun Li <yunli1@microsoft.com>
Why I did it
Replace unsafe functions in iccpd
How I did it
Replace memset() by zero initialization
Replace strtok() by strtok_r()
Signed-off-by: maipbui <maibui@microsoft.com>
*The sonic-frr was upgraded to FRR 8.2.2 as part of PR #10691. However, sonic-frr/frr submodule was still referring to previous 7.5 version. Update the sonic-frr/frr submodule to 8.2.2 commit id. Fixes issue #11484.
Why I did it
This PR is to update TC_TO_QUEUE_MAP|AZURE for SKU Arista-7050CX3-32S-D48C8 and Arista-7260CX3 T0.
The change is only to align the TC_TO_QUEUE_MAP for regular traffic and bounced traffic. It has no impact on business because we have no traffic being mapped to TC2 or TC6.
How I did it
Update TC_TO_QUEUE_MAP|AZURE , and test cases as well.
How to verify it
Verified by running test case test_j2files.py
/sonic/src/sonic-config-engine$ python3 setup.py test -s tests/test_j2files.py
running test
......
----------------------------------------------------------------------
Ran 29 tests in 25.390s
OK
- Why I did it
Update sonic-platform-daemons submodule pointer to include the following:
[ycabled] enable telemetry for 'active-active'; fix gRPC portid ordering (#284)
[ycabled] remove some spurious logs (#282)
Correct the peer forwarding state table (#281)
add psu input voltage and current (#276)
[ycabled] add capability to enable/disable telemetry (#279)
Signed-off-by: dprital <drorp@nvidia.com>
Update sonic-utilities submodule pointer to include the following:
Replace cmp in acl_loader with operator.eq (#2328)
Subinterface vrf bind issue fix (#2211)
[VRF]Adding CLI checks to ensure Vrf is valid in interface bind and static route commands (#2333)
[doc]: Add MACsec CLI doc (#2334)
[sonic-package-manager] Drop 'expires_in' (#2002)
Handle non-front-panel ports in is_rj45_port (#2327)
[service_mgmt]: Fix fetch MULTI_INST_DEPENDENT bug in service_mgmt.sh.j2 (#2319)
correct an error by changing "show bgp summary" to "show bfd summary" (#2324)
Update VRF unbind command (#2331)
Fix issue: port_type is referenced before initialized (#2323)
Fix issue: exception in is_rj45_port in multi ASIC env (#2313)
Delete .DS_Store (#2244)
Fix bug with checking VRF's routes in route_check.py (#2301)
[decode-syseeprom] Fix setting use_db based on support_eeprom_db (#2270)
Fix vrf UT failed issue (#2309)
add lacp_rate to portchannel (#2036)
With this PR in, you flap BGP and use events_tool to see the published events.
With telemetry PR #111 in and corresponding submodule update done in buildimage, one could run gnmi_cli to capture BGP flap events.
Why I did it
Address issue #10970
sign-off: Jing Zhang zhangjing@microsoft.com
How I did it
Add sonic-mux-cable.yang and unit tests.
How to verify it
Compile Compile target/python-wheels/sonic_yang_mgmt-1.0-py3-none-any.whl and target/python-wheels/sonic_yang_models-1.0-py3-none-any.whl.
Pass sonic-config-engine unit test.
Which release branch to backport (provide reason below if selected)
201811
201911
202006
202012
202106
202111
202205
Description for the changelog
Link to config_db schema for YANG module changes
f8fe41a023/src/sonic-yang-models/doc/Configuration.md (mux_cable)
Why I did it:
API get_device_runtime_metadata() added by #11795 uses merge operator for dict but that is supported only for python version >=3.9. This API will be be used by scrips eg:hostcfgd which is still build for buster which does not have python 3.9 support.
#### Why I did it
Structured events code like eventd, rsyslogplugin, requires changes made in swss-common
Submodule adds these newest commits:
56b0f18 (HEAD, origin/master, origin/HEAD, master) Events: APIs to set/get global options (#672)
5467c89 Add changes to yml file to improve pytest (#674)
#### How I did it
Updated git submodule
#### How to verify it
Check new commit pointer
2022-07-28 854d54e: Add support of mdio IPC server class using sai switch api and unix socket (sonic-net/sonic-sairedis#1080) (Jiahua Wang)
2022-07-27 513cb2a: [FlexCounter] Refactor FlexCounter class (sonic-net/sonic-sairedis#1073) (Junchao-Mellanox)
Why I did it
VoQ chassis supervisor will have Fabric asics and the sub_role for fabric asics will be "Fabric".
The fabric asics namespaces are not being returned in get_all_namespaces() and is required in caclmgrd to add right cacl to allow internal docker traffic from fabric asic namespaces.
test_cacl_application fails on VoQ chassis Supervisor with the error:
Failed: Missing expected iptables rules: set(['-A INPUT -s 240.127.1.1/32 -d 240.127.1.1/32 -j ACCEPT', '-A INPUT -s 240.127.1.3/32 -d 240.127.1.1/32 -j ACCEPT', '-A INPUT -s 240.127.1.2/32 -d 240.127.1.1/32 -j ACCEPT'])
How I did it
Update get_all_namespaces to return fabric namespaces list.
How to verify it
Verified on VoQ chassis.
Why I did it
Address issue #10966
sign-off: Jing Zhang zhangjing@microsoft.com
How I did it
Add sonic-peer-switch.yang and unit tests.
How to verify it
Compile Compile target/python-wheels/sonic_yang_mgmt-1.0-py3-none-any.whl and target/python-wheels/sonic_yang_models-1.0-py3-none-any.whl.
Which release branch to backport (provide reason below if selected)
201811
201911
202006
202012
202106
202111
202205
Description for the changelog
Link to config_db schema for YANG module changes
b721ff87b9/src/sonic-yang-models/doc/Configuration.md (peer-switch)
#### Why I did it
This fixed memory leak in ETHERLIKE-MIB. The fix is not part of net-snmp(5.7.3 version). This PR includes the patch to fix memory leak issue.
```
ke->name in stdup-ed at line 297: n->name = strdup(RTA_DATA(tb[IFLA_IFNAME]));
```
#### How I did it
patched the fix.
[net-snmp] upstream fix link -> [snmpd}upstream link](ed4e48b5fa)
#### How to verify it
**Before The fix**
used valgrind to find memory leak.
```
root@lnos-x1-a-csw06:/# grep "definitely lost" valgrind-out.txt
==493== 4 bytes in 1 blocks are definitely lost in loss record 1 of 333
==493== 16 bytes in 1 blocks are definitely lost in loss record 25 of 333
==493== 757 bytes in 71 blocks are definitely lost in loss record 214 of 333
==493== 1,168 (32 direct, 1,136 indirect) bytes in 1 blocks are definitely lost in loss record 293 of 333
==493== 1,168 (32 direct, 1,136 indirect) bytes in 1 blocks are definitely lost in loss record 294 of 333
==493== 1,168 (32 direct, 1,136 indirect) bytes in 1 blocks are definitely lost in loss record 295 of 333
==493== 1,168 (32 direct, 1,136 indirect) bytes in 1 blocks are definitely lost in loss record 296 of 333
==493== definitely lost: 905 bytes in 77 blocks
```
_we can see the memory leak see in stack trace._
-> dot3stats_linux -> get_nlmsg -> strdup
https://github.com/net-snmp/net-snmp/blob/v5.7.3/agent/mibgroup/etherlike-mib/data_access/dot3stats_linux.chttps://github.com/net-snmp/net-snmp/blob/v5.7.3/agent/mibgroup/etherlike-mib/data_access/dot3stats_linux.c#L277
```
n = malloc(sizeof(*n));
memset(n, 0, sizeof(*n));
n->ifindex = ifi->ifi_index;
n->name = strdup(RTA_DATA(tb[IFLA_IFNAME]));
memcpy(&n->stats, RTA_DATA(tb[IFLA_STATS]), sizeof(n->stats));
n->next = kern_db;
kern_db = n;
return 0;
```
we were not freeing space for EtherLike-MIB.AS interface mib queries were getting increased, we see memory increment.
```
kern_db = ke->next;
free(ke);
```
https://github.com/net-snmp/net-snmp/blob/v5.7.3/agent/mibgroup/etherlike-mib/data_access/dot3stats_linux.c#L467
```
==55== 757 bytes in 71 blocks are definitely lost in loss record 186 of 299
==55== at 0x483577F: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==55== by 0x4EB6E49: strdup (strdup.c:42)
==55== by 0x493F278: get_nlmsg (dot3stats_linux.c:299)
==55== by 0x493F529: rtnl_dump_filter_l.constprop.3 (dot3stats_linux.c:370)
==55== by 0x493FD7A: rtnl_dump_filter (dot3stats_linux.c:401)
==55== by 0x493FD7A: _dot3Stats_netlink_get_errorcntrs (dot3stats_linux.c:424)
==55== by 0x494009F: interface_dot3stats_get_errorcounters (dot3stats_linux.c:530)
==55== by 0x48F6FDA: dot3StatsTable_container_load (dot3StatsTable_data_access.c:330)
==55== by 0x485E76B: _cache_load (cache_handler.c:700)
==55== by 0x485FA37: netsnmp_cache_helper_handler (cache_handler.c:638)
==55== by 0x48720BC: netsnmp_call_handler (agent_handler.c:526)
==55== by 0x48720BC: netsnmp_call_next_handler (agent_handler.c:640)
==55== by 0x4865F75: table_helper_handler (table.c:717)
==55== by 0x4871B66: netsnmp_call_handler (agent_handler.c:526)
==55== by 0x4871B66: netsnmp_call_handlers (agent_handler.c:611)
757 bytes in 71 blocks are definitely lost in loss record 214 of 333
==493== at 0x483577F: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==493== by 0x4EB6E49: strdup (strdup.c:42)
==493== by 0x493F278: ??? (in /usr/lib/x86_64-linux-gnu/libnetsnmpmibs.so.30.0.3)
==493== by 0x493F529: ??? (in /usr/lib/x86_64-linux-gnu/libnetsnmpmibs.so.30.0.3)
==493== by 0x493FD7A: _dot3Stats_netlink_get_errorcntrs (in /usr/lib/x86_64-linux-gnu/libnetsnmpmibs.so.30.0.3)
==493== by 0x494009F: interface_dot3stats_get_errorcounters (in /usr/lib/x86_64-linux-gnu/libnetsnmpmibs.so.30.0.3)
==493== by 0x48F6FDA: dot3StatsTable_container_load (in /usr/lib/x86_64-linux-gnu/libnetsnmpmibs.so.30.0.3)
==493== by 0x485E76B: _cache_load (cache_handler.c:700)
==493== by 0x485FA37: netsnmp_cache_helper_handler (cache_handler.c:638)
==493== by 0x48720BC: netsnmp_call_handler (agent_handler.c:526)
==493== by 0x48720BC: netsnmp_call_next_handler (agent_handler.c:640)
==493== by 0x4865F75: table_helper_handler (table.c:717)
==493== by 0x4871B66: netsnmp_call_handler (agent_handler.c:526)
==493== by 0x4871B66: netsnmp_call_handlers (agent_handler.c:611)
```
```
**After The fix**
no memory leak in valgrind stack trace related to etherlike MIB.
```
- Why I did it
Profiled the execution for the following cmd intfutil -c status
- How I did it
Cached the following information:
1. get_sonic_version_info()
2. get_platform_info()
None of the API exposed to the user libraries (for eg: sonic-utilities) has been modified
These methods involve reading text files or from redis. Thus, caching helped to improve the execution time
- How to verify it
Added UT's.
Verified on the device
Signed-off-by: Vivek Reddy Karri <vkarri@nvidia.com>
Why I did it
Currently the CLI commands show interface status show interface counters and show interface description displays Ethernet-IB and Ethernet-Rec ports in the output. These are internal ports should only be displayed when the option -d all is used for the above mentioned CLI commands
How I did it
Add the port roles Inb and Rec when classifing a port as internal port.
How to verify it
Verify the CLI output of the command show interface status doesnt display the Ethenet-IB and Ethernet-Rec port when -d all option in not present
Before
Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
Why I did it
On a supervisor card in a chassis, syncd/teamd/swss/lldp etc dockers are created for each Switch Fabric card. However, not all chassis would have all the switch fabric cards present. In this case, only dockers for Switch Fabrics present would be created.
The monit 'container_checker' fails in this scenario as it is expecting dockers for all Switch Fabrics (based on NUM_ASIC defined in asic.conf file).
* [snmpd]: Update to 5.9+dfsg-4+deb11u1 to match Debian version
This brings in some security fixes.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
* Update snmpd makefile
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
* Remove binNMU for snmpd
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
* [Bgpcfgd] Enhance add_peer/add_peer_ipv6 unit tests
Why I did it
The current input to add_peer/add_peer_ipv6 is admin status change, update the UT to supply new peer information.
Current UT does not check for case when check_neig_meta is true, update UT to check for this case
How I did it
By changing the input to add_peer/add_peer_ipv6
By modifying load_constants/constructor to take constants path as an input, and add two UT that uses a version of constants.yml that sets check_neig_meta to true.
How to verify it
UT failing before the change, and passing after the change.
Signed-off-by: maipbui <maibui@microsoft.com>
<!--
Please make sure you've read and understood our contributing guidelines:
https://github.com/Azure/SONiC/blob/gh-pages/CONTRIBUTING.md
** Make sure all your commits include a signature generated with `git commit -s` **
If this is a bug fix, make sure your description includes "fixes #xxxx", or
"closes #xxxx" or "resolves #xxxx"
Please provide the following information:
-->
#### Why I did it
Replace unsafe functions to safe functions
#### How I did it
Replace `strtok()` by `strtok_r()`
#### How to verify it
#### Which release branch to backport (provide reason below if selected)
<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->
- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111
- [ ] 202205
#### Description for the changelog
<!--
Write a short (one line) summary that describes the changes in this
pull request for inclusion in the changelog:
-->
#### Link to config_db schema for YANG module changes
<!--
Provide a link to config_db schema for the table for which YANG model
is defined
Link should point to correct section on https://github.com/Azure/sonic-buildimage/blob/master/src/sonic-yang-models/doc/Configuration.md
-->
#### A picture of a cute animal (not mandatory but encouraged)
Fix#10549Fix#10550
#### Why I did it
Create sonic yang model for SNMP
Tables:SNMP, SNMP_COMMUNITY
#### How I did it
Defined yang models based for SNMP based on snmp.yml
#### How to verify it
Added test cases to verify
Why I did it
This PR is to update Yang model for pfc_enable and pfcwd_sw_enable fields to support more than 2 queues, like 2,3,4,6.
Before this change, the regex "[0-7](,[0-7])?" accepts only no more than 2 queues.
How I did it
Update the regex pattern for pfc_enable and pfcwd_sw_enable, from "[0-7](,[0-7])?" to "[0-7](,[0-7])*
How to verify it
The change is verified by UT. The test input is updated to cover the change.
collected 3 items
tests/test_sonic_yang_models.py .. [ 66%]
tests/yang_model_tests/test_yang_model.py .
* Update BRCM KNET module to support new psample definitions from sflow dropmon feature
* Update BRCM KNET module to support new psample definitions from sflow dropmon feature
* Advance saibcm-modules-dnx
Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan arlakshm@microsoft.com
Why I did it
Generate the port configuration required 400G ZR port from minigraph.
How I did it
Add parse logic to get tx_power and laser_freq from LinkMetadata section of the minigraph.
Add UT for packet-chassis and voq chassis
How to verify it
UT
Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
Why I did it
Update sonic-swss-common submodule to include events API that will be used to stream structured events
Contains only:
ecc13b2 2022-08-10 | APIs to support streaming structured events (https://github.com/sonic-net/sonic-buildimage/pull/667) [Zain Budhwani]
How I did it
Pull from latest commit in sonic-swss-common
How to verify it
Look at pointer for sonic-swss-common
Why I did it
2 things are missing in current allow-prefix list implementation.
In some usecase, need to tell the BGP neighbor and have different allow-prefix list for different neighbors, which is not supported.
for the prefix list, can't support flexible le and ge.
How I did it
To enhance the bgp allow-prefix list feature to have:
To include the neighbor type info for the allow-prefix list.
To support flexible le and ge length for allow-prefix list.
How to verify it
4 new unit test cases are added in this PR to cover changes.
* Advance sonic-utilities pointer
7919077f Add FEC correctable and uncorrectable port stats (#2027)
ecb91367 Add CLI to configure YANG config validation (#2147)
e9ab5235 Add override testcase to verify removal (#2288)
c6794b55 Fix version in db_migrator for `PORT_QOS_MAP|global` (#2289)
92b889b7 [intfutil] Check whether the FEC mode is supported on the platform before configuring it to CONFIG_DB (#2223)
dab0d065 Transfer organization from Azure to sonic-net (#2284)
6de18a1d [watermarkstat] Fix CLI script for unconfigured PG counters (#2239)
ac2f5530 Improve the way to check port type of RJ45 port (#2249)
142185c9 Fix the issue that sonic_platform is not installed on vs image (#2300)
ca14133f [crm] add checking for CRM interval range (#2293)
Signed-off-by: Stephen Sun <stephens@nvidia.com>
* Advance swss
dc8bc1c4 [portsorch] Expose supported FEC modes to STABE_DB and check whether FEC mode is supported before setting it (#2333)
6565b502 Revert "[portsorch] Expose supported FEC modes to STABE_DB and check whether FEC mode is supported before setting it (#2333)" (#2396)
dc88d55d Revert hwinfo count change (#2383)
75fc9659 [DualToR] Handle race condition between tunnel_decap and mux orchestrator (#2397)
525a57fa Fix for remote system interface not getting created (#2364)
3161eaae portsorch: initial support for link-training (#2359)
dc477fb0 [swss/cfgmgr] teammgr configure lacp rate (#2121)
2489ad57 Improve pytest speend by grouping 20 tests together. (#2390)
168bd3b3 [EVPN]Modified tunnel creation logic when creating tunnel in VRF-VNI map creation flow (#2404)
1e1438e4 [portsorch] Expose supported FEC modes to STABE_DB and check whether FEC mode is supported before setting it (#2400)
9f2e27b4 [QoS] Fix issue: the WRED profile can not be set if current min > new max or current max < new min (#2379)
d36c17d6 [asan][aclorch] fix a memory leak in the SaiAttrWrapper::swap() (#2382)
Signed-off-by: Stephen Sun <stephens@nvidia.com>
* More sonic-utilities PRs
be1866fd Fix GCU bug when backend service modifying config (#2295)
bcf36eb3 Fix issues for sonic_installer upgrade-docker and sonic_installer rollback-docker (#2278)
Signed-off-by: Stephen Sun <stephens@nvidia.com>
Signed-off-by: Stephen Sun <stephens@nvidia.com>
Update sonic-platform-daemons submodule pointer to include the following:
Xcvrd changes to support 400G ZR configuration (#270)
[ycabled] add secure channel support for grpc dualtor active-active connectivity (#275)
Signed-off-by: dprital <drorp@nvidia.com>
Update sonic-swss-common submodule pointer to include the following:
Add docker-mux related table names (#627)
Transfer organization from Azure to sonic-net (#656)
Signed-off-by: dprital <drorp@nvidia.com>
Update sonic-platform-common submodule pointer to include the following:
[eeprom] Add UT for eeprom_tlvinfo.py (#292)
Fix Cmis memmap field offset (#290)
Fix AttributeError for "sfputil show error-status -hw" (#291)
Why I did it
Fix CVE-2017-1000487 alert in thrift 0.14.1.
See https://nvd.nist.gov/vuln/detail/CVE-2017-1000487
How I did it
Change the version of org.codehaus.plexus:plexus-utils from 3.0.14 to 3.0.16.
24f505148 [eloop.c]: Increase timeout of signal termination (#62)
2b2c1ad72 [driver_macsec_sonic.c]: Fixbug: a wrong db_wait in delete sa (#61)
Signed-off-by: Ze Gan <ganze718@gmail.com>
#### Why I did it
Update bgpmon.py from py-swsssdk to swsscommon
#### How I did it
Change bgpmon.py to use swsscommon.
#### How to verify it
Pass all E2E test case
#### Which release branch to backport (provide reason below if selected)
<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->
- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111
- [ ] 202205
#### Description for the changelog
Update bgpmon.py from py-swsssdk to swsscommon
#### Link to config_db schema for YANG module changes
<!--
Provide a link to config_db schema for the table for which YANG model
is defined
Link should point to correct section on https://github.com/Azure/sonic-buildimage/blob/master/src/sonic-yang-models/doc/Configuration.md
-->
#### A picture of a cute animal (not mandatory but encouraged)
Co-authored-by: liuh-80 <azureuser@liuh-dev-vm-02.5fg3zjdzj2xezlx1yazx5oxkzd.hx.internal.cloudapp.net>
#### Why I did it
Submodule update for sonic-swss-common with following change:
```
2247dbe 2022-08-01 | Fix memory leak issue in ConfigDBConnector. (#655) [Hua Liu]
4af97d6 2022-07-27 | Add new table schemas for DASH (#654) [prabhataravind]
d72e5ea 2022-07-23 | Fix epoll and socket resource leak issue. (#651) [Hua Liu]
dda857b 2022-07-21 | Microsoft mandatory file (#620) [microsoft-github-policy-service[bot]]
4132d14 2022-07-21 | Fix PING database command not backward compatible with python version issue. (#650) [Hua Liu]
```
#### How I did it
#### How to verify it
#### Which release branch to backport (provide reason below if selected)
<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->
- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
#### Description for the changelog
Submodule update for sonic-swss-common with following change:
```
2247dbe 2022-08-01 | Fix memory leak issue in ConfigDBConnector. (#655) [Hua Liu]
4af97d6 2022-07-27 | Add new table schemas for DASH (#654) [prabhataravind]
d72e5ea 2022-07-23 | Fix epoll and socket resource leak issue. (#651) [Hua Liu]
dda857b 2022-07-21 | Microsoft mandatory file (#620) [microsoft-github-policy-service[bot]]
4132d14 2022-07-21 | Fix PING database command not backward compatible with python version issue. (#650) [Hua Liu]
```
#### A picture of a cute animal (not mandatory but encouraged)
Co-authored-by: liuh-80 <azureuser@liuh-dev-vm-02.5fg3zjdzj2xezlx1yazx5oxkzd.hx.internal.cloudapp.net>
#### Why I did it
To support Yang models for SRV6 CM
#### How I did it
Added yang models for SRV6 MY_SID_ENTRY and Nexthop
#### How to verify it
Added SRV6 CRM yang tests.
#### Which release branch to backport (provide reason below if selected)
202111
#### Why I did it
Submodule update for sonic-dbsyncd with following change:
```
0d67faf 2022-07-28 | Replace pyswsssdk with sonic-py-common (#45) [Hua Liu]
265c833 2022-01-11 | Updated the Azure pipeline for Code Coverage (#44) [abdosi]
6548116 2021-04-04 | [ci]: add proper azp [Guohan Lu]
43b9dab 2021-04-04 | [pytest]: add pytest.ini [Guohan Lu]
```
#### How I did it
#### How to verify it
#### Which release branch to backport (provide reason below if selected)
<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->
- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
#### Description for the changelog
Submodule update for sonic-dbsyncd with following change:
```
0d67faf 2022-07-28 | Replace pyswsssdk with sonic-py-common (#45) [Hua Liu]
265c833 2022-01-11 | Updated the Azure pipeline for Code Coverage (#44) [abdosi]
6548116 2021-04-04 | [ci]: add proper azp [Guohan Lu]
43b9dab 2021-04-04 | [pytest]: add pytest.ini [Guohan Lu]
```
#### A picture of a cute animal (not mandatory but encouraged)
Co-authored-by: liuh-80 <azureuser@liuh-dev-vm-02.5fg3zjdzj2xezlx1yazx5oxkzd.hx.internal.cloudapp.net>
Why I did it
The bgpcfgd doesn't support deletion of 'zebra set src', if an interface is deleted, the bgpcfgd will drop a warning message. In current implementation, we only care about the loopback0 interface but not others.
To improve the log print to have the key info, which will give the name of the deleted interface. We can ignore it if it is not the loopback0 interface. The application layer should be aware of that update and deletion is not supported, delete or update with a new address of loopback0 could cause issue, this log can give enough info to root cause the issue.
How I did it
How to verify it
Upgrade submodule sairedis to take the fix for saithrift build
Upgrade SAI to latest for building in bullseye (#1093)
involve other changes in sairedis:
[sairedis] Fix reopen recoding file (#1087)
Update PN with XPN support (#1081)
[syncd] Remove error message when tryTranslateVidToRid fails (#1048)
Signed-off-by: richardyu-ms <richard.yu@microsoft.com>
feeac84 [counters] Keep counters cache in a single directory (#2232)
cd7909e Updated the CLI file for Radius and Linux kernel commands (#2276)
cd6898b Update db_migrator to support `PORT_QOS_MAP|global` (#2205)
8f4fc62 Revert "Revert "[scripts/fast-reboot] Shutdown remaining containers through systemd (#2133)" (#2161)" (#2184)
27667cf Fix test for pfcwd_sw_enable in db_migrator_test (#2253)
e1866e3 [MultiAsic] sudo reboot command doesn't gracefully stop Asic syncd# on multiasic platform (#2258)
9e3ba82 Change db_migrator major version on master branch from version 2 to 3 (#2272)
65346ce Microsoft mandatory file (#2177)
308e25f portconfig option to configure Tx power and laser frequency of ZR transceiver module (#2197)
e49b1e8 [vnet_route_check] Align DB data parse logic with format used by swsscommon API (#2268)
Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
Why I did it
This PR is to backport PR #11056 and PR #11045 into master branch.
This PR is to enable tunnel_qos_remap on T1 and T0 in DualToR deployment.
On T1, we check the property DownstreamRedundancyTypes. On T0, we check the property RedundancyType.
tunnel_qos_remap is set to enabled if gemini is in DownstreamRedundancyTypes (on T1) or RedundancyType (on T0).
How I did it
The change is implemented in minigraph.py.
How to verify it
Verified by test_minigraph_case.py and 'test_j2files.py`.
sonic-platform-daemon submodule update
005ec30 [ycabled] remove some redundant logging for active-active cable type (#274)
e889625 [ycabled][grpc] Fix some time interval,options for grpc keep alive to work (#271)
1651050 [ycabled] add some retry logic for gRPC channel setup;fix no channel gRPC notification (#269)
7c0be24 [CMIS]Improved 400G link bring up sequence (#254)
df447b4 [ycabled] Fix the init values for active-active ports (#266)
ec84af4 [sonic-ycabled] fix grpc logic for timeout,cli HWSTATUS value retrival logic for active-active cable (#264)
Co-authored-by: Jaganathan Anbalagan <jaganbal@cisco.com>
Updating swss submodule with below commits
4a6f940 [EVPN]Fix missing Vlan member update notification in P2MP scenario
e9984d8 Enable p4orch unit test for test workflow. (#2375)
33c420d [Buffer Orch] Support removing buffer port profile list (#2371)
419ab1b [macsecmgr]: Fix cleanup macsec objs if container stop (#2376)
Why I did it
ip command cannot update packet number if the cipher is XPN.
How I did it
Specify SSCI when update packet number and ignore SSCI value if update action.
Signed-off-by: Ze Gan <ganze718@gmail.com>
* Ported Marvell armhf build on x86 for debian buster to use cross-compilation instead of qemu emulation
Current armhf Sonic build on amd64 host uses qemu emulation. Due to the
nature of the emulation it takes a very long time, about 22-24 hours to
complete the build. The change I did to reduce the building time by
porting Sonic armhf build on amd64 host for Marvell platform for debian
buster to use cross-compilation on arm64 host for armhf target. The
overall Sonic armhf building time using cross-compilation reduced to
about 6 hours.
Signed-off-by: marvell <marvell@cpss-build3.marvell.com>
* Fixed final Sonic image build with dockers inside
* Update Dockerfile.j2
Fixed qemu-user-static:x86_64-aarch64-5.0.0-2 .
* Update cross-build-arm-python-reqirements.sh
Added support for both armhf and arm64 cross-build platform using $PY_PLAT environment variable.
* Update Makefile
Added TARGET=<cross-target> for armhf/arm64 cross-compilation.
* Reviewer's @qiluo-msft requests done
Signed-off-by: marvell <marvell@cpss-build3.marvell.com>
* Added new radius/pam patch for arm64 support
* Update slave.mk
Added missing back tick.
* Added libgtest-dev: libgmock-dev: to the buster Dockerfile.j2. Fixed arm perl version to be generic
* Added missing armhf/arm64 entries in /etc/apt/sources.list
* fix libc-bin core dump issue from xumia:fix-libc-bin-install-issue commit
* Removed unnecessary 'apt-get update' from sonic-slave-buster/Dockerfile.j2
* Fixed saiarcot895 reviewer's requests
* Fixed README and replaced 'sed/awk' with patches
* Fixed ntp build to use openssl
* Unuse sonic-slave-buster/cross-build-arm-python-reqirements.sh script (put all prebuilt python packages cross-compilation/install inside Dockerfile.j2). Fixed src/snmpd/Makefile to use -j1 in all cases
* Clean armhf cross-compilation build fixes
* Ported cross-compilation armhf build to bullseye
* Additional change for bullseye
* Set CROSS_BUILD_ENVIRON default value n
* Removed python2 references
* Fixes after merge with the upstream
* Deleted unused sonic-slave-buster/cross-build-arm-python-reqirements.sh file
* Fixed 2 @saiarcot895 requests
* Fixed @saiarcot895 reviewer's requests
* Removed use of prebuilt python wheels
* Incorporated saiarcot895 CC/CXX and other simplification/generalization changes
Signed-off-by: marvell <marvell@cpss-build3.marvell.com>
* Fixed saiarcot895 reviewer's additional requests
* src/libyang/patch/debian-packaging-files.patch
* Removed --no-deps option when installing wheels. Removed unnecessary lazy_object_proxy arm python3 package instalation
Co-authored-by: marvell <marvell@cpss-build3.marvell.com>
Co-authored-by: marvell <marvell@cpss-build2.marvell.com>
- Why I did it
To implement Syslog Source IP feature
In order to include the following commit: 8e5d478 [ssip]: Add CLI (#2191)
- How I did it
Updated syslog config template
Advanced submodule sonic-utilities
ea11b22 [sonic-bootchart] add sonic-bootchart (#2195)
8e5d478 [ssip]: Add CLI (#2191)
1dacb7f Replace pyswsssdk with swsscommon (#2251)
- How to verify it
make configure PLATFORM=mellanox
make target/sonic-mellanox.bin
Signed-off-by: Nazarii Hnydyn <nazariig@nvidia.com>
- Why I did it
Support Mellanox-SN4600C-C64 as T1 switch in dual-ToR scenario
This is to port #11032 and #11299 from 202012 to master.
Support additional queue and PG in buffer templates, including both traditional and dynamic model
Support mapping DSCP 2/6 to lossless traffic in the QoS template.
Add macros to generate additional lossless PG in the dynamic model
Adjust the order in which the generic/dedicated (with additional lossless queues) macros are checked and called to generate buffer tables in common template buffers_config.j2
Buffer tables are rendered via using macros.
Both generic and dedicated macros are defined on our platform. Currently, the generic one is called as long as it is defined, which causes the generic one always being called on our platform. To avoid it, the dedicated macrio is checked and called first and then the generic ones.
Support MAP_PFC_PRIORITY_TO_PRIORITY_GROUP on ports with additional lossless queues.
On Mellanox-SN4600C-C64, buffer configuration for t1 is calculated as:
40 * 100G downlink ports with 4 lossless PGs/queues, 1 lossy PG, and 3 lossy queues
16 * 100G uplink ports with 2 lossless PGs/queues, 1 lossy PG, and 5 lossy queues
Signed-off-by: Stephen Sun <stephens@nvidia.com>
#### Why I did it
Submodule update for sonic-swss-common with following change:
597b022 Add SonicDBConfig.getInstanceList() API (#639)
7073dc6 add table name for vlan_stacking (#646)
7e39f31 Add SonicV2Connector::set method for int value. (#648)
154cc9c Improve hset and hdel performance with RedisPipeline. (#647)
#### How I did it
#### How to verify it
#### Which release branch to backport (provide reason below if selected)
<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->
- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
#### Description for the changelog
Submodule update for sonic-swss-common with following change:
597b022 Add SonicDBConfig.getInstanceList() API (#639)
7073dc6 add table name for vlan_stacking (#646)
7e39f31 Add SonicV2Connector::set method for int value. (#648)
154cc9c Improve hset and hdel performance with RedisPipeline. (#647)
#### A picture of a cute animal (not mandatory but encouraged)
Signed-off-by: Neetha John <nejo@microsoft.com>
Why I did it
Improve throughput and latency for 7260 deployments
How I did it
Update the dynamic threshold to 0 and ECN settings as 2mb/10mb/5%
How to verify it
Updated unit tests to use the modified values for 7260 ecn settings.
What I did:
Added Support for deployment_id parsing for Device Asic metadata.
Why I did:-
Deployment Id is used in BGP docker for FRR template generation. For multi-asic platforms running in namespace without deployment id as key in DEVICE_METADATA FRR template generation fails. This change is needed after this #10154 where if deployment_id is none we don't update DEVICE_METADA dictionary.
How I verify:-
Added unit-test.
Why I did it
This PR is to add a flag to control whether to generate PORT_QOS_MAP|global entry or not.
It's because for some HWSKU, such as BackEndToRRouter and BackEndLeafRouter, there is no DSCP_TO_TC_MAP defined.
Hence, if the PORT_QOS_MAP|global entry is generated, OA will report some error because the DSCP_TO_TC_MAP map AZURE can not be found.
Jul 14 00:24:40.286767 str2-7050qx-32s-acs-03 ERR swss#orchagent: :- saiObjectTypeQuery: invalid object id oid:0x7fddb43605d0
Jul 14 00:24:40.286767 str2-7050qx-32s-acs-03 ERR swss#orchagent: :- meta_generic_validation_objlist: SAI_SWITCH_ATTR_QOS_DSCP_TO_TC_MAP:SAI_ATTR_VALUE_TYPE_OBJECT_ID object on list [0] oid 0x7fddb43605d0 is not valid, returned null object id
Jul 14 00:24:40.286767 str2-7050qx-32s-acs-03 ERR swss#orchagent: :- applyDscpToTcMapToSwitch: Failed to apply DSCP_TO_TC QoS map to switch rv:-5
Jul 14 00:24:40.286767 str2-7050qx-32s-acs-03 ERR swss#orchagent: :- doTask: Failed to process QOS task, drop it
This PR is to address the issue.
How I did it
Add a flag require_global_dscp_to_tc_map to control whether to generate the PORT_QOS_MAP|global entry. The default value for require_global_dscp_to_tc_map is true. If the device type is storage backend, the value is changed to false. Then the PORT_QOS_MAP|global entry is not generated.
How to verify it
Update the current test_qos_dscp_remapping_render_template to cover storage backend.
Why I did it
Enable UT code coverage in sonic-buildimage repo submodule and enable LGTM
How I did it
create separate repo for sonic-host-services in sonic-net, and update submodule for sonic-buildimage
How to verify it
Build image
- Why I did it
To implement Syslog Source IP feature
- How I did it
Added the relevant yang doc
- How to verify it
N/A
Signed-off-by: Nazarii Hnydyn <nazariig@nvidia.com>
Updating sonic-utilities submodule with the following commits
d6b8869 [Auto-Techsupport] Fix the coredump_gen_handler Exception when the History table is empty
b41da8f Fix README to reflect sonic-utilities being built in Bullseye
Signed-off-by: Neetha John <nejo@microsoft.com>
Why I did it
There is a need to select different mmu profiles based on deployment type
How I did it
There will be separate subfolders (RDMA-CENTRIC, TCP-CENTRIC, BALANCED) in each hwsku folder which contains deployment specific mmu and qos settings. SonicQosProfile attribute in the minigraph will be used to determine which settings to use. If that attribute is not present, the default settings that exist in the hwsku folder will be used
Why I did it
Add infrastructure to support adding feature specific acls.
If feature specific ACLs has to be added:
if feature_name in self.feature_present and self.feature_present.get('feature_name'):
add_feature_specific_acls()
How I did it
Add function to get features present in feature table.
How to verify it
unit-test passes.
Why I did it
Currently interfaces.j2 hardcodes to eth0 even when there are multiple interfaces in MGMT_INTERFACE. This change adds support to generate /e/n/i when there are multiple interfaces in MGMT_INTERFACE.
How I did it
By removing hardcoded eth0 when looping through MGMT_INTERFACE.
How to verify it
Verified through unit test.
Which release branch to backport (provide reason below if selected)
201811
201911
202006
202012
202106
202111
202205
Description for the changelog
Link to config_db schema for YANG module changes
A picture of a cute animal (not mandatory but encouraged)
Why I did it
src/dhcprelay is being split out to be its own submodule.
How I did it
Add existing dhcprelay commits into the new repo.
Clean up Makefile (sonic-net/sonic-dhcp-relay@772625f)
Add LGTM config (sonic-net/sonic-dhcp-relay@5cc0889)
Add Azure pipeline config (sonic-net/sonic-dhcp-relay@c79cdb7)
Add submodule reference, renaming most references of dhcp6relay to dhcprelay (to reflect that this will not just be for IPv6 in the future).
How to verify it
Successful run of LGTM is tested at sonic-net/sonic-dhcp-relay#4. Failure run of LGTM is tested at sonic-net/sonic-dhcp-relay#3.
Azure pipeline is run for each commit/PR, and will build for amd64, armhf, and arm64. UT/code coverage check is not yet done.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
[master][sonic-linkmgrd] submodule update
58d8aae Longxiang Lyu Sat Jul 2 10:14:50 2022 +0800 Enforce switch after config mux to active (Azure/sonic-linkmgrd#95)
600df46 Longxiang Lyu Thu Jun 30 15:09:10 2022 +0800 Add unittest to verify mux toggle active (Azure/sonic-linkmgrd#94)
400b1b8 gregshpit Wed Jun 29 21:32:45 2022 +0300 For Sonic cross-compilation build. CC variable is used as gcc compiler. CXX variable is used as g++ compiler. (Azure/sonic-linkmgrd#91)
a516668 Jing Zhang Tue Jun 28 11:07:23 2022 -0700 Use Vlan MAC as src MAC for link prober by default (Azure/sonic-linkmgrd#93)
6b5d739 Longxiang Lyu Tue Jun 28 22:46:12 2022 +0800 Fix inconsistent mux state (Azure/sonic-linkmgrd#92)
9265497 Jing Zhang Fri Jun 24 09:10:12 2022 -0700 Remove exception throwing when initializing missing loopback interface (Azure/sonic-linkmgrd#90)
sign-off: Jing Zhang zhangjing@microsoft.com
#### Why I did it
Update scripts in sonic-buildimage from py-swsssdk to swsscommon
#### How I did it
Change code to use swsscommon.
#### How to verify it
Pass all E2E test case
#### Which release branch to backport (provide reason below if selected)
<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->
- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111
- [ ] 202205
#### Description for the changelog
Update scripts in sonic-buildimage from py-swsssdk to swsscommon
#### Link to config_db schema for YANG module changes
<!--
Provide a link to config_db schema for the table for which YANG model
is defined
Link should point to correct section on https://github.com/Azure/sonic-buildimage/blob/master/src/sonic-yang-models/doc/Configuration.md
-->
#### A picture of a cute animal (not mandatory but encouraged)
Updating sonic-utilities sub module with the following commits
cc847a2 Change diff coverage threshold to 80%
ca785a2 Remove sonic-db-cli
#### Why I did it
To fix sonic-db-cli high CPU usage on SONiC startup issue: https://github.com/Azure/sonic-buildimage/issues/10218
sonic-db-cli re-write with c++ and move to sonic-swss-common repo.
#### How I did it
#### How to verify it
#### Which release branch to backport (provide reason below if selected)
#### Description for the changelog
cc847a2 Change diff coverage threshold to 80%
ca785a2 Remove sonic-db-cli
#### A picture of a cute animal (not mandatory but encouraged)
Co-authored-by: liuh-80 <azureuser@liuh-dev-vm-02.5fg3zjdzj2xezlx1yazx5oxkzd.hx.internal.cloudapp.net>
Why I did it
Database container takes long time ( more than 1.5 minutes ) on some vendor platforms.
This makes the determine-reboot-cause starts later than process-reboot-cause service.
And that results in the incorrect reboot-cause determination.
How I did it
Add the dependency of determine-reboot-cause service to process-reboot-cause service
* [device]: Add SAI checksum verify to TD3 config
* A new config option was added to control the value of IPV4_INCR_CHECKSUM_ORIGINAL_VALUE_VERIFY in the EGR_FLEX_CONFIG control register (this prevents checksums of 0xffff from being propagated to other devices)
Why I did it
SONiC Yang support for VXLAN
How I did it
Added a new sonic-vxlan.yang file.
Please refer to EVPN VXLAN HLD for DB details
https://github.com/Azure/SONiC/tree/master/doc/vxlan/EVPN
How to verify it
Added tests for sonic vxlan yang.
Why I did it
Daemon dhcp6relay may crash due to null pointer access to ifa_addr member of struct ifaddrs. It's not guaranteed that the interface must have available ifa_addr. That is true for some special virtual/pseudo interfaces.
How I did it
Check the pointer to ifa_addr is valid ahead of accessing it.
Why I did it
Fix the missing debian package for reproducible build issue.
The gnupg2 should be added into the version file.
https://dev.azure.com/mssonic/build/_build/results?buildId=118139&view=logs&j=88ce9a53-729c-5fa9-7b6e-3d98f2488e3f&t=8d99be27-49d0-54d0-99b1-cfc0d47f0318
The following packages have unmet dependencies:
gnupg2 : Depends: gnupg (>= 2.2.27-2+deb11u2) but 2.2.27-2+deb11u1 is to be installed
E: Unable to correct problems, you have held broken packages.
The issue was caused by the gnupg2 removed, and not detected.
sonic-buildimage/build_debian.sh
Line 250 in 4fb6cf0
sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y remove software-properties-common gnupg2 python3-gi
How I did it
Export the debian packages when any debian package being removed.
#### Why I did it
To deprecate sonic-py-swsssdk, need move some code to sonic-py-common.
#### How I did it
Porting util.py and port_util.py from sonic-py-swsssdk to sonic-py-common.
#### How to verify it
Pass UT.
Pass all E2E test.
#### Which release branch to backport (provide reason below if selected)
<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->
- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111
- [ ] 202205
#### Description for the changelog
Porting util.py and port_util.py from sonic-py-swsssdk to sonic-py-common.
Co-authored-by: liuh-80 <azureuser@liuh-dev-vm-02.5fg3zjdzj2xezlx1yazx5oxkzd.hx.internal.cloudapp.net>
Signed-off-by: Neetha John nejo@microsoft.com
Why I did it
For storage backend, certain rules will be applied to the DATAACL table to allow only vlan tagged packets and drop untagged packets.
How I did it
Create DATAACL table if the device is a storage backend device
To avoid ACL resource issues, remove EVERFLOW related tables if the device is a storage backend device
How to verify it
Added the following unit tests
- verify that EVERFLOW acl tables is removed and DATAACL table is added for storage backend tor
- verify that no DATAACL tables are created and EVERFLOW tables exist for storage backend leaf
Update sonic-utilities submodule to include below commits:
7070794 Fix DBConfig not initialize issue in pfcwd (#2238)
b5d6659 [config/load_mgmt_config] Support load IPv6 mgmt IP (#2206)
3274b0e Added bf_drivers.log to zipped dump after execution of "show techsupport" (#2164)
8dee36c [portstat] Update portstat to use CounterTable API (#2207)
7d9faf3 Added support for Sonic cross-compilation build. (#2233)
c3620fc [GCU] Moving UniqueLanes from only validating moves, to be a supplemental YANG validator (#2234)
Signed-off-by: Suvarna Meenakshi <sumeenak@microsoft.com>
Why I did it
Storage backend has all vlan members tagged. If untagged packets are received on those links, they are accounted as RX_DROPS which can lead to false alarms in monitoring tools. Using this acl to hide these drops.
How I did it
Created a acl template which will be loaded during minigraph load for backend. This template will allow tagged vlan packets and dropped untagged
How to verify it
Unit tests
Signed-off-by: Neetha John <nejo@microsoft.com>
10cd834 [select] break the select loop if interrupt_on_signal flag is set (#624)
d0cd8a0 Fix: missing sonic-db-cli in docker-sonic-vs image (#640)
567f0df Change diff coverage threshold to 80% (#630)
Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
Why I did it
To further support parse out soc_ipv4 and soc_ipv6 out of Dpg:
<DeviceDataPlaneInfo>
<IPSecTunnels />
<LoopbackIPInterfaces xmlns:a="http://schemas.datacontract.org/2004/07/Microsoft.Search.Autopilot.Evolution">
<a:LoopbackIPInterface>
<ElementType>LoopbackInterface</ElementType>
<Name>HostIP</Name>
<AttachTo>Loopback0</AttachTo>
<a:Prefix xmlns:b="Microsoft.Search.Autopilot.NetMux">
<b:IPPrefix>10.10.10.2/32</b:IPPrefix>
</a:Prefix>
<a:PrefixStr>10.10.10.2/32</a:PrefixStr>
</a:LoopbackIPInterface>
<a:LoopbackIPInterface>
<ElementType>LoopbackInterface</ElementType>
<Name>HostIP1</Name>
<AttachTo>Loopback0</AttachTo>
<a:Prefix xmlns:b="Microsoft.Search.Autopilot.NetMux">
<b:IPPrefix>fe80::0002/128</b:IPPrefix>
</a:Prefix>
<a:PrefixStr>fe80::0002/128</a:PrefixStr>
</a:LoopbackIPInterface>
<a:LoopbackIPInterface>
<ElementType>LoopbackInterface</ElementType>
<Name>SoCHostIP0</Name>
<AttachTo>server2SOC</AttachTo>
<a:Prefix xmlns:b="Microsoft.Search.Autopilot.NetMux">
<b:IPPrefix>10.10.10.3/32</b:IPPrefix>
</a:Prefix>
<a:PrefixStr>10.10.10.3/32</a:PrefixStr>
</a:LoopbackIPInterface>
<a:LoopbackIPInterface>
<ElementType>LoopbackInterface</ElementType>
<Name>SoCHostIP1</Name>
<AttachTo>server2SOC</AttachTo>
<a:Prefix xmlns:b="Microsoft.Search.Autopilot.NetMux">
<b:IPPrefix>fe80::0003/128</b:IPPrefix>
</a:Prefix>
<a:PrefixStr>fe80::0003/128</a:PrefixStr>
</a:LoopbackIPInterface>
</LoopbackIPInterfaces>
</DeviceDataPlaneInfo>
Signed-off-by: Longxiang Lyu lolv@microsoft.com
How I did it
For servers loopback definitions in Dpg, if they contain LoopbackIPInterface with tags AttachTo, which has value of format like <server_name>SOC, the address will be regarded as a SoC IP, and sonic-cfggen now will treat the port connected to the server as active-active if the redundancy_type is either Libra or Mixed.
How to verify it
Pass the unittest.
Signed-off-by: Longxiang Lyu <lolv@microsoft.com>
#### Why I did it
Added a tool to generate configuration based on yang model
#### How I did it
Parse the yang model and create documentation based on description field.
#### How to verify it
Added UT to verify it.
<!--
Please make sure you've read and understood our contributing guidelines:
https://github.com/Azure/SONiC/blob/gh-pages/CONTRIBUTING.md
** Make sure all your commits include a signature generated with `git commit -s` **
If this is a bug fix, make sure your description includes "fixes #xxxx", or
"closes #xxxx" or "resolves #xxxx"
Please provide the following information:
-->
#### Why I did it
The tests that are available for interfaces.j2 only covers the case when ZTP is disabled and MGMT_INTERFACE is defined. This change adds unit tests for:
1) When ZTP is enabled, with combination of (ip enabled/disabled, inband enabled/disabled)
2) When ZTP is disabled, and MGMT_INTERFACE is not defined, with mgmtVrfEnabled set to true/false
#### How I did it
I created multiple mock-up files to:
1) Enable/disable ZTP, and subconditions under ZTP
2) Created graph file that has no management interface defined
#### How to verify it
Compared output with interfaces.j2 template to ensure the output is expected.
#### Which release branch to backport (provide reason below if selected)
<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->
- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111
- [ ] 202205
#### Description for the changelog
<!--
Write a short (one line) summary that describes the changes in this
pull request for inclusion in the changelog:
-->
#### Link to config_db schema for YANG module changes
<!--
Provide a link to config_db schema for the table for which YANG model
is defined
Link should point to correct section on https://github.com/Azure/sonic-buildimage/blob/master/src/sonic-yang-models/doc/Configuration.md
-->
#### A picture of a cute animal (not mandatory but encouraged)
#### Why I did it
To address https://github.com/Azure/sonic-buildimage/issues/11110 - Add yang model unit test for check_up_status field type
#### How I did it
Add check_up_status with different values in sample_config_db.json and
the field with correct and incorrect values in feature.json
#### How to verify it
Build sonic_yang_models-1.0-py3-none-any.whl
#### Why I did it
Revert PR '[Submodule] Update src/sonic-py-swsssdk #10996' which break UT in sonic-swss and sonic-swss-common
#### How I did it
#### How to verify it
#### Which release branch to backport (provide reason below if selected)
<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->
- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111
- [ ] 202205
#### Description for the changelog
Revert PR '[Submodule] Update src/sonic-py-swsssdk #10996'
#### Link to config_db schema for YANG module changes
#### A picture of a cute animal (not mandatory but encouraged)
- Why I did it
New security feature for enforcing strong passwords when login or changing passwords of existing users into the switch.
- How I did it
By using mainly Linux package named pam-cracklib that support the enforcement of user passwords, the daemon named hostcfgd, will support add/modify password policies that enforce and strengthen the user passwords.
- How to verify it
Manually Verification-
1. Enable the feature, using the new sonic-cli command passw-hardening or manually add the password hardening table like shown in HLD by using redis-cli command
2. Change password policies manually like in step 1.
Notes:
password hardening CLI can be found in sonic-utilities repo-
P.R: Add support for Password Hardening sonic-utilities#2121
code config path: config/plugins/sonic-passwh_yang.py
code show path: show/plugins/sonic-passwh_yang.py
3. Create a new user (using adduser command) or modify an existing password by using passwd command in the terminal. And it will now request a strong password instead of default linux policies.
Automatic Verification - Unitest:
This PR contained unitest that cover:
1. test default init values of the feature in PAM files
2. test all the types of classes policies supported by the feature in PAM files
3. test aging policy configuration in PAM files
Signed-off-by: bingwang <wang.bing@microsoft.com>
Why I did it
This PR brings two changes
Add lossy PG profile for PG2 and PG6 on T1 for ports between T1 and T2.
After PR Update qos config to clear queues for bounced back traffic #10176 , the DSCP_TO_TC_MAP and TC_TO_PG_MAP is updated when remapping is enable
DSCP_TO_TC_MAP
Before After Why do this change
"2" : "1" "2" : "2" Only change for leaf router to map DSCP 2 to TC 2 as TC 2 will be used for lossless TC
"6" : "1" "6" : "6" Only change for leaf router to map DSCP 6 to TC 6 as TC 6 will be used for lossless TC
TC_TO_PRIORITY_GROUP_MAP
Before After Why do this change
"2" : "0" "2" : "2" Only change for leaf router to map TC 2 to PG 2 as PG 2 will be used for lossless PG
"6" : "0" "6" : "6" Only change for leaf router to map TC 6 to PG 6 as PG 6 will be used for lossless PG
So, we have two new lossy PGs (2 and 6) for the T2 facing ports on T1, and two new lossless PGs (2 and 6) for the T0 facing port on T1.
However, there is no lossy PG profile for the T2 facing ports on T1. The lossless PGs for ports between T1 and T0 have been handled by buffermgrd .Therefore, We need to add lossy PG profiles for T2 facing ports on T1.
We don't have this issue on T0 because PG 2 and PG 6 are lossless PGs, and there is no lossy traffic mapped to PG 2 and PG 6
Map port level TC7 to PG0
Before the PCBB change, DSCP48 -> TC 6 -> PG 0.
After the PCBB change, DSCP48 -> TC 7 -> PG 7
Actually, we can map TC7 to PG0 to save a lossy PG.
How I did it
Update the qos and buffer template.
How to verify it
Verified by UT.
- Why I did it
While doing config reload, FEATURE table may be removed and re-add. During this process, updating FEATURE table is not atomic. It could be that the FEATURE table has entry, but each entry has no field. This PR introduces a retry mechanism to avoid this.
- How I did it
Introduces a retry mechanism to avoid this.
- How to verify it
New unit test added to verify the flow as well as running some manual test.
2022-06-24 93af69c: [PFC_WD] Avoid applying ZeroBuffer Profiles to ingress PG when a PFC storm is detected (Azure/sonic-swss#2304)
2022-06-24 37349cf: [swssconfig] Optimize performance of swssconfig (Azure/sonic-swss#2336)
2022-06-24 84e9b07: [fdborch] fix heap-use-after-free in clearFdbEntry() (Azure/sonic-swss#2353)
2022-06-24 1b8bd94: Create ACL table fails due to incorrect check for supported ACL actions #11235 (Azure/sonic-swss#2351)
2022-06-24 1ed0b4b: [macsec] Refactor the logic of macsec name map (Azure/sonic-swss#2348)
2022-06-23 f88f992: [mock_tests] Add Sflow Orch UTs (Azure/sonic-swss#2295)
2022-06-23 ec57bf1: [macsec] Update macsec flex counter (Azure/sonic-swss#2338)
2022-06-22 6e0fc85: [ACL] Support stage particular match fields (Azure/sonic-swss#2341)
2022-06-22 efb4530: [orchagent, DTel]: report session support to set user vrf (Azure/sonic-swss#2326)
2022-06-22 d82874d: Fix for "orchagent crashed when trying to delete fdb static entry with swssconfig #11046" (Azure/sonic-swss#2332)
2022-06-22 0c789e6: Fix qos map test in vs test (Azure/sonic-swss#2343)
2022-06-17 1bb5070: Enhance mock test for dynamic buffer manager for port removing and qos reload flows (Azure/sonic-swss#2262)
2022-06-16 700492f: [aclorch] Fix and simplify DTel watchlist tables and entries (Azure/sonic-swss#2155)
Updating sonic-utilities submodule with the below commits
f64d280 [sfpshow/sfputil] Enhance sfpshow and sfputil to behavior correctly on RJ45 ports
2f6a547 Image-installer: Fix duplication of image prefix
cc775ab [generate dump] Move the Core/Log collection to the End of process Execution and removed default timeout
6dbb4bd Add an option in queue stat to display voq counters
248ddd5 Gives cisco-8000 more flexibility to easily add subcommnads under show platform
9f2607d [config reload] Fixing config reload when timer based services are disabled
This reverts commit 90a849ea85.
#### Why I did it
The interfaces unit test did not cover some of the conditions in interfaces.j2 that was changed in #11204. Therefore reverting the change and add the tests before making the change to interfaces.j2.
#### How I did it
Git revert.
#### How to verify it
#### Which release branch to backport (provide reason below if selected)
- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111
- [ ] 202205
#### Description for the changelog
#### Link to config_db schema for YANG module changes
#### A picture of a cute animal (not mandatory but encouraged)
Updating sonic-utilities sub module with the following commits
ca785a2 Remove sonic-db-cli
#### Why I did it
To fix sonic-db-cli high CPU usage on SONiC startup issue: https://github.com/Azure/sonic-buildimage/issues/10218
sonic-db-cli re-write with c++ and move to sonic-swss-common repo.
#### How I did it
#### How to verify it
#### Which release branch to backport (provide reason below if selected)
#### Description for the changelog
ca785a2 Remove sonic-db-cli
#### A picture of a cute animal (not mandatory but encouraged)
Co-authored-by: liuh-80 <azureuser@liuh-dev-vm-02.5fg3zjdzj2xezlx1yazx5oxkzd.hx.internal.cloudapp.net>
Updating sonic-utilities sub module with the following commits
40a685c [azp] Fix the 'make check' failure at the step 'Compile sonic sairedis'
ecf5bbc [sonic-cli] Fix sonic-db-cli output format not backward compatible with python version issue.
34c4b05 [portcounter] Check if counter ID exists before arithmetic operation
#### Why I did it
To fix sonic-db-cli output format not backward compatible with python version issue, need update sonic-swss-common submodule.
#### How I did it
#### How to verify it
#### Which release branch to backport (provide reason below if selected)
#### Description for the changelog
40a685c [azp] Fix the 'make check' failure at the step 'Compile sonic sairedis'
ecf5bbc [sonic-cli] Fix sonic-db-cli output format not backward compatible with python version issue.
34c4b05 [portcounter] Check if counter ID exists before arithmetic operation
#### A picture of a cute animal (not mandatory but encouraged)
- Why I did it
To implement Syslog Source IP feature based on HLD: https://github.com/sonic-net/SONiC/pull/1002
- How I did it
Added the relevant yang model
- How to verify it
Added unit test
Signed-off-by: Nazarii Hnydyn <nazariig@nvidia.com>
#### Why I did it
Support the following tables which were introduced during dynamic buffer calculation
- LOSSLESS_TRAFFIC_PATTERN
- DEFAULT_LOSSLESS_BUFFER_PARAMETER
#### How I did it
- LOSSLESS_TRAFFIC_PATTERN
|name|type|range|mandatory|description|
|---|---|---|---|---|
|mtu|uint16|64~10240|true|The maximum packet size of a lossless packet|
|small_packet_percentage|uint8|0~100|true|The percentage of small packet|
- DEFAULT_LOSSLESS_BUFFER_PARAMETER
|name|type|range|mandatory|description|
|---|---|---|---|---|
|default_dynamic_th|int8|-8~7|true|The default dynamic_th for all buffer profiles that are dynamically generated for lossless PG|
|over_subscribe_ratio|uint16|-|false|The oversubscribe ratio for shared headroom pool.|
|||||Semantically, the upper bound is the number of physical ports but it can not be represented in the yang module. So we keep the upper bound open. As the type is (signed) integer whose lower bound is 0 by nature, we do not need to specify the range.|
#### How to verify it
Run unit test
Update the bcm config file system_ref_core_clock_khz param to handlesystems with J2cplus linecards.
We need system_ref_core_clock_khz to be set to 1600000 for supporting j2 and j2cplus linecards on the same chassis.
#### Why I did it
There might be a case where service checker periodic operation determined that specific container is running but when it tries to perform an operation on it, it was already closed by the user. This is a valid flow and we should not log an error message, informative warning is enough.
#### How I did it
I reduce log severity.
#### How to verify it
I verified it manually.
The return statement does not end with a semicolon in function scheduler_csm_socket_cleanup, which generates a compilation warning and may cause unexpected problems.
Signed-off-by: ouxiaolong <ouxiaolong@asterfusion.com>
05c79ef Fix header for the output table following 'show ipv6 interface' command (#2219)
fc5633f increase coverage to 80% (#2214)
c0dffba [config][muxcable] fix minor config DB logic issue (#2210)
a50eca0 [generic-config-updater] Add NTP validator (#2212)
a3d1345 [gendump] Add Support to dump BCM-DNX commands (#1813)
bb185d5 [yang] remove mistakenly added parameter for 'get_module_name' (#2193)
2cccf26 [counters] skip showing counters that are not enabled (#2199)
ff05bc8 [config][muxcable] Add support for displaying soc_ipv4 and cable_type in config/show muxcable commands (#2189)
3197f39 Add check to not allow deleting PO if its member of vlan. (#2141)
2513da1 [dump] Optimized dump state cli and modified tests to not use common data (#2175)
9e310e5 Fix sonic-installer and 'show version' command crash when database docker not running issue. (#2183)
4ad70b9 [sonic-installer] use host docker startup arguments when running dockerd in chroot (#2179)
3d3c89b fix for non-coherent cmis modules (#2163)
2054680 [subinterface] Fix route add command to accept subinterface as dev (#2180)
5383e92 [subinterface]Avoid removing the subinterface when last configured ip is removed (#2181)
f5af780 [GCU] Handling type1 lists (#2171)
4516179 [yang] extend ConfigMgmt constructor to pass YANG options (#2118)
2f53bd4 [dump] implement ACL modules (#2153)
494dd62 show commands for SYSTEM READY (#1851)
4fc09b1 [GCU] Handling non-compliant leaf-list with string values (#2174)
675c7b6 Add sonic-delayed.target to Application Extension .timer file generator (#2176)
c587933 [portconfig] Allow to configure interface mtu for physical ports only
9881f3e Broadcast Unknown-multicast and Unknown-unicast Storm-control (#928)
88286cb sonic-utils: initial support for link-training (#2071)
* [Interfaces] Modify template to support multiple management interfaces
* Modify minigraph to process interfaces in sorted order
Signed-off-by: Ubuntu <gechen@gechen-sonic-dev.d0r25nej54guppclip4gpy5b5a.jx.internal.cloudapp.net>
* Add UT minigraph
Signed-off-by: Ubuntu <gechen@gechen-sonic-dev.d0r25nej54guppclip4gpy5b5a.jx.internal.cloudapp.net>
* make case insensitve comparison
Signed-off-by: George Chen <gechen@microsoft.com>
* Use natural sort
Signed-off-by: George Chen <gechen@microsoft.com>
Co-authored-by: Ubuntu <gechen@gechen-sonic-dev.d0r25nej54guppclip4gpy5b5a.jx.internal.cloudapp.net>
* [sflow + dropmon] added INCLUDE_SFLOW_DROPMON flag, added patches for hsflowd
*Added a capability of monitoring dropped packets for the sFlow daemon in order to improve network - monitoring, diagnostic, and troubleshooting. The drop monitor service allows the sFlow daemon to export another type of sample - dropped packets as Discard samples alongside Counter samples and Packet Flow samples.
Signed-off-by: Vadym Hlushko <vadymh@nvidia.com>
- Why I did it
An issue is encountered when a value "False" is written for a feature in "check_up_status" field, which does not pass YANG validation.
- How I did it
We usually use stypes::boolean_type for such fields, even in this YANG model. This custom type, supports "False" value.
- How to verify it
Write "False" in "check_up_status" field and see if YANG validation passes.
Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
Why I did it
To address internal build failures where the cable len for some of the skus is set to 300m for all tiers.
How I did it
For the buffers test, generate a new output file based off the original expected output with CABLE_LENGTH table updated to use 300m. In the comparison logic, compare against each of the expected output files and if any matches, the testcase is set to pass
Signed-off-by: Neetha John <nejo@microsoft.com>
* 48cccb4 2022-06-13 | do not use sai_query_api_version if vendor sai does not support in VendorSai.cpp (#1064) (HEAD, origin/master, origin/HEAD) [Guohan Lu]
* 9b0f773 2022-06-13 | [vslib]: Fixbug in cleanup MACsec device (#1059) [Ze Gan]
* cdf9427 2022-06-11 | No sai api version check if vendor sai does not support (#1063) (HEAD, origin/master, origin/HEAD) [Guohan Lu]
* 3964cf1 2022-06-09 | [counter] Fix port flex counter (#1052) [Junhua Zhai]
* 2231b7a 2022-06-03 | Purge package sonic-db-cli which depends on libswsscommon (#1057) [Qi Luo]
* 7aa09b9 2022-06-01 | Set PR diff code coverage threshold to 80% (#1039) [Kamil Cudnik]
* 66a29bc 2022-05-18 | [syncd] Use vendor SAI instead of direct SAI api (#1042) [Kamil Cudnik]
* 564bea7 2022-05-18 | [ci] Paralize azure pipeline (#1040) [Shilong Liu]
* 57ed180 2022-05-17 | [configure.ac] implement SAI API version check (#1000) [Stepan Blyshchak]
* 8894dc7 2022-05-17 | vslib: add support for read-only port capabilities (#1038) [Dante (Kuo-Jung) Su]
* 42af975 2022-04-29 | [vslib]: Update packet number of MACsec SA at runtime (#1007) [Ze Gan]
Signed-off-by: Guohan Lu <lguohan@gmail.com>
29503ab [portchannel] Added ACL/PBH binding checks to the port before getting added to portchannel (#2151)
ac89489 Modify override testcase to cover PORT admin_status (#2165)
d7953d2 [GCU] Validate peer_group_range ip_range are correct (#2145)
aa81b97 [auto-ts] add memory check (#2116)
b370290 support new interface types CR8/SR8/KR8/LR8 which are brougnt by SAI V.1.10.2 (#2167)
87fc0a4 [scripts/fast-reboot] Add option to include ssd-upgrader-part boot option with SONiC partition (#2150)
90abc07 [config reload] Fix invalid rstrip. (#2157)
fac1769 Accept 0 for queue and dscp (#2162)
* [Tunnel PFC] Tests for adding property 'sai_remap_prio_on_tnl_egress'
Add tests for adding property 'sai_remap_prio_on_tnl_egress', this
property should only be added in dual tor environment.
Test done:
Run test test_j2files.py
Co-authored-by: richardyu <richardyu@contoso.com>
Why I did it
Provide fix for comment: https://github.com/Azure/sonic-buildimage/pull/10475/files#r847753187;
Move laoding database config to application code instead of portconfig as portconfig is used as a library.
#10581 was raised for this fix, but had to be reverted due to issue with multi-asic platform.
How I did it
Remove try exception handing from portconfig.py during config_db intialization.
Move loading of database config to application that uses portconfig.py.
How to verify it
unit-test passes.
Verified that it does not cause issue during boot up of multi-asic VS image.
Verified that config_db generation was successful in multi-asic VS.
* [BGP]Adding configuration knob to allow advertise Loopback ipv6 /128 prefix
By default when IPv6 address is configured with /128 as subnet mask in Loopback0 interface, it will be advertised as prefix with /64 subnet.
To control this behavior a new field 'bgp_adv_lo_prefix_as_128' is introduced in DEVICE_METADATA table which when set to true will advertise prefix with /128 subnet as it is.
Why I did it
As part of PCBB changes, we need to enable 2 extra lossless queues. The changes in this PR are done to adjust only the reserved sizes on Th2 for the additional 2 lossless queues
Calculations are done based on 40 downlinks for T1 and 16 uplinks for dual ToR
How to verify it
Verified that the rendering works fine on Th2 dut
Unit tests have been updated to reflect the modified buffer sizes when pcbb is enabled. There are existing testcases that will test the original buffer sizes when pcbb is disabled. With these changes, was able to build sonic-config-engine wheel successfully
Signed-off-by: Neetha John <nejo@microsoft.com>
#### Why I did it
Switch py-common from swsssdk to swsscommon.
#### How I did it
Change code and make file to use swsscommon.
#### How to verify it
Pass all UT and E2E test.
#### Which release branch to backport (provide reason below if selected)
<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->
- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111
#### Description for the changelog
<!--
Write a short (one line) summary that describes the changes in this
pull request for inclusion in the changelog:
-->
#### Link to config_db schema for YANG module changes
<!--
Provide a link to config_db schema for the table for which YANG model
is defined
Link should point to correct section on https://github.com/Azure/SONiC/wiki/Configuration.
-->
#### A picture of a cute animal (not mandatory but encouraged)
Why I did it
Recently the nightly testing pipeline found that the autorestart test case was failed when it was run against master image. The reason is Restart= field in each container's systemd configuration file was set to Restart=no even the value of auto_restart field in FEATURE table of CONFIG_DB is enabled.
This issue introduced by #10168 can be reproduced by the following steps:
Issues the config command to disable the auto-restart feature of a container
Runs command config reload or config reload minigraph to enable auto-restart of the container
Checks Restart= field in the container's systemd config file mentioned in step 1 by running the command
sudo systemctl cat <container_name>.service
Initially this PR (#10168) wants to revert the changes proposed by this: #8861. However, it did not fully revert all the changes.
How I did it
When hostcfgd started or was restarted, the Restart= field in each container's systemd configuration file should be initialized according to the value of auto_restart field in FEATURE table of CONFIG_DB.
How to verify it
I verified this change by running auto-restart test case against newly built master image and also ran the unittest:
Signed-off-by: bingwang <bingwang@microsoft.com>
Why I did it
This PR is to add two extra lossless queues for bounced back traffic.
HLD sonic-net/SONiC#950
SKUs include
Arista-7050CX3-32S-C32
Arista-7050CX3-32S-D48C8
Arista-7260CX3-D108C8
Arista-7260CX3-C64
Arista-7260CX3-Q64
How I did it
Update the buffers.json.j2 template and buffers_config.j2 template to generate new BUFFER_QUEUE table.
For T1 devices, queue 2 and queue 6 are set as lossless queues on T0 facing ports.
For T0 devices, queue 2 and queue 6 are set as lossless queues on T1 facing ports.
Queue 7 is added as a new lossy queue as DSCP 48 is mapped to TC 7, and then mapped into Queue 7
How to verify it
Verified by UT
Verified by coping the new template and generate buffer config with sonic-cfggen
#### Why I did it
Fix sonic-db-cli high CPU usage on SONiC startup issue: https://github.com/Azure/sonic-buildimage/issues/10218
ETA of this issue will be 2022/05/31
#### How I did it
Re-write sonic-cli with c++ in sonic-swss-common: https://github.com/Azure/sonic-swss-common/pull/607
Modify swss-common rules and slave.mk to install c++ version sonic-db-cli.
#### How to verify it
Pass all E2E test scenario.
#### Which release branch to backport (provide reason below if selected)
<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->
- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111
#### Description for the changelog
Build and install c++ version sonic-db-cli from swss-common.
#### Link to config_db schema for YANG module changes
<!--
Provide a link to config_db schema for the table for which YANG model
is defined
Link should point to correct section on https://github.com/Azure/SONiC/wiki/Configuration.
-->
#### A picture of a cute animal (not mandatory but encouraged)
- Why I did it
Yang Model about password hardening feature, the sonic CLI of this feature was autogenerated from this Yang model
- How I did it
Create new Yang model in src/sonic-yang-models/yang-models/sonic-passwh.yang.
- How to verify it
There are unitests(yang test) in this P.R covering all the passwords policies with good and bad values cases.
Or is possible manually using the config/show password commands that were autogenerated from this Yang model. (this CLI code added in sonic-utilities)
Signed-off-by: Neetha John <nejo@microsoft.com>
Why I did it
There was a typo in hwsku specified as part of #10889
How I did it
Replaced with the correct hwsku
How to verify it
test_cfggen.py is passing
Updating sonic-utilities sub module with the following commits
84dbd93 Clear the fvs vector before popping the message out of notification
a90b2b7 selectabletimer: add mutex to start() and stop()
7ae22be Fix SIGTERM can't terminate PubSub::listen issue
#### Why I did it
To fix hostcfgd can't terminate by sigint issue, need update sonic-swss-common submodule.
#### How I did it
#### How to verify it
#### Which release branch to backport (provide reason below if selected)
#### Description for the changelog
84dbd93 Clear the fvs vector before popping the message out of notification
a90b2b7 selectabletimer: add mutex to start() and stop()
7ae22be Fix SIGTERM can't terminate PubSub::listen issue
#### A picture of a cute animal (not mandatory but encouraged)
#### Why I did it
For yang model, sample_config_db.json file was missing Sample data for the features SNAT/DNAT/IPMC
#### How I did it
Added the SNAT,DNAT,IPMC(low Threshold/high threshold/threshold_type)entries in CRM table.
#### How to verify it
With sanity Build/test only.
[muxorch] Handling optional attributes in muxorch (#2288)
Update netlink messages handler (#2233)
Broadcast Unknown-multicast and Unknown-unicast Storm-control (#1306)
[vstest]: Increase PollingConfig default timeout (#2285)
[FDB] Fix fbdorch to properly handle syncd FDB FLUSH Notif (#2254)
[macsecorch]: Support for non-default sa per sc (#2250)
Migrating the NAT vs tests from Click to direct DB access (#2278)
[neighsync] Ignoring IPv4 link local addresses (#2260)
[IntfMgrd] Retry adding ipv6 prefix by setting disabled_ipv6 flag (#2267)
Increase Redis Timeout value for Switch Create Opration for Packet (#2243)
Update fdborch.cpp (#2261)
Signed-off-by: dprital <drorp@nvidia.com>
- Why I did it
With SAI V.1.10.2, new interface types CR8/SR8/KR8/LR8 have been introduced, we should also support them from the CLI configuration.
- How I did it
Add new enum for the new interface types
- How to verify it
Run the "config interface type" command to verify new interface types can be accepted and handled correctly.
Signed-off-by: Kebo Liu <kebol@nvidia.com>
Why I did it
It is to improve the build performance, when building multiple targets.
The modified time of downloaded files should be not older than the file .platform.
If not, the file will be downloaded again, when building any dependent targets.
How I did it
When downloading the packages from web site, the modified time will be changed by the command "touch".
#### Why I did it
To ensure that some internal testcases do not break due to external changes
#### How to verify it
Ran test_cfggen.py with the changes and it passed
- Why I did it
YANG schema is missing for sonic-telemetry
- How I did it
Added YANG schema to sonic-yang-models and appropriate unit tests inside of test and test_config
- How to verify it
Build sonic-yang-models python wheels target and verify that unit tests are passing
Why I did it
Upgrade FRR to version 8.2.2. Build libyang2 required by FRR.
How I did it
Update FRR version and tag.
How to verify it
Following tests were performed on sonic-vs:
BGP docker status check
BGP configuration and session establishment
Route redistribution and ping
Issued show commands to check the bgp neighbor and routes
Checked app-db to ensure bgp routes are installed with correct interface and nexthop.
Create VRF and check FRR knows the VRF
Check VRF routes are installed in app-db with correct Vrf name and next-hop
Establish BGP Evpn session and check if Evpn routes (multicast, mac, prefix) are exchanged and installed correctly in app-db.
Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan arlakshm@microsoft.com
Why I did it
resolves#10761.
For VOQ chassis, the Recirc port, which was added for the Everflow, stays admin down after load minigraph.
This PR add the fix to make the recirc port as admin up
How I did it
The PR adds a change in minigraph.py, if port has role as Rec make the the port as admin-status up.
How to verify it
UT
Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
