f81043b1f9ff02196629655f4735b33afd7f0ae1 (HEAD -> 202111, origin/202111) [port2alias]: Fix to get right number of return values (#1906)
bbbf65943ec46e9330eadaed8bcdf1612cb8bd55 [CLI][show bgp] On chassis don't show internal BGP sessions by default (#1927)
e12de7e7bf6cff3ec127f261bf88e4d29776d27b [port] Fix port speed set (#1952)
cae7af752d484956d7fe40e4c3a849ddad460976 Fix invalid output of syslog IPv6 servers (#1933)
6009341ddf790094166be5f0a81b4c114f00220b Routed subinterface enhancements (#1821)
6ab9d67ca6550c592b97afb513804be474f84eb0 Enhance sfputil for CMIS QSFP (#1949)
76cc67ba4f81c69b20efb3341808037c9db8f703 [debug dump] Refactoring Modules and Unit Tests (#1943)
cff58a8171423e4012bc8caf9748996a1e98b7e2 Add command reference for trap flow counters (#1876)
71cf3ee43524d56ad57dd90b937cfbf4bf63ba6a [Reclaim buffer] [Mellanox] Db migrator support reclaiming reserved buffer for unused ports (#1822)
e699b49fb722e6d6fe5a1d2dacd2d39eb085c1e4 Add show command for BFD sessions (#1942)
bb6c5774c843dbfad5f1ba00ee76dae7720902d1 [warm-reboot] Fix failures of warm reboot on disconnect of ssh session (#1529)
2e8bbb308477862a76d2327fcf696875e8f08650 Add trap flow counter support (#1868)
58407c1386ef13772a9a9320a795e380f162ab2c [load_minigraph] Delay pfcwd start until the buffer templates are rendered (#1937)
eb388e0584ba1fe8d8dba58f1c5a148036ffe047 [sonic-package-manager] support sonic-cli-gen and packages with YANG model (#1650)
2371d84e7d281bdb9988b5a1a012498dbbfb89ec generic_config_updater: Filename changed & VLAN validator added (#1919)
7c0718dfaf23289d4ecc3ada9332e465c9a4e56b [config reload] Update command reference (#1941)
Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
c2aac75 [SFP-Refactor] Fix LP mode API issue (#247)
dba17c8 Firmware upgrade CLI support for QSFP-DD transceivers (#244)
cd69212 [SFP-Refactor] Implement CMIS Low Power mode (#237)
9cea07f Fix RegGroupField decode (#245)
6ae1909 Add CMIS QSFP support (#246)
c1f317d Gracefully handle CMIS APIs for passive modules (#238)
ec7335d fix for firmware functions (#243)
cf2ebe9 Fix RegBitField decode/encode (#242)
ef4f2c6 Fix SFP_CABLE_TECH_FIELD (#240)
e118644 remove time counting message in functions because function running time could be difficult to predict in unit tests (#241)
Signed-off-by: Prince George <prgeor@microsoft.com>
Bring in the following commit:
405f1df Use build profiles instead of distro version for Python 2 binding build (#558)
This change requires a corresponding change in this repo to set a build
profile to not build the python 2 bindings on Bullseye.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
This pull request integrate audisp-tacplus to SONiC for per-command accounting.
#### Why I did it
To support TACACS per-command accounting, we integrate audisp-tacplus project to sonic.
#### How I did it
1. Add auditd service to SONiC
2. Port and patch audisp-tacplus to SONiC
#### How to verify it
UT with CUnit to cover all new code in usersecret-filter.c
Also pass all current UT.
#### Which release branch to backport (provide reason below if selected)
N/A
#### Description for the changelog
Add audisp-tacplus for per-command accounting.
#### A picture of a cute animal (not mandatory but encouraged)
The BGP_VOQ_CHASSIS_NEIGHBOR keepalive and holdtime timers are
configured similar to general neighbors. Changes are done to configure
BGP_VOQ_CHASSIS_NEIGHBOR timers similar to BGP_INTENAL_NEIGBOR since voq
chassis bgp neighbors are similar to bgp internal neighbors in
multi-asic. As it is done for bgp internal neighbors, the keepalive and
holdtime timers are set to 3 and 10 seconds respectively. Also similar
to bgp internal neighbors, connection retry timer is also configured for
voq chassis bgp neighbors.
Signed-off-by: vedganes <vedavinayagam.ganesan@nokia.com>
Why I did it
Add bgpcfgd support to advertise routes.
How I did it
Make bgpcfgd subscribe to the ADVERTISE_NETWORK table in STATE_DB and configure route advertisement accordingly.
How to verify it
Added unit tests in bgpcfgd and verify on KVM about route advertisement.
* Routed subinterfae enhancements HLD #833
* Adding python API support to get routed subinterface long name to get correct parent interface for the routed subinterface.
Signed-off-by: Stephen Sun stephens@nvidia.com
Why I did it
Support zero buffer profiles
Add buffer profiles and pool definition for zero buffer profiles
Support applying zero profiles on INACTIVE PORTS
Enable dynamic buffer manager to load zero pools and profiles from a JSON file
Dependency: It depends on Azure/sonic-swss#1910 and submodule advancing PR once the former merged.
How I did it
Add buffer profiles and pool definition for zero buffer profiles
If the buffer model is static:
Apply normal buffer profiles to admin-up ports
Apply zero buffer profiles to admin-down ports
If the buffer model is dynamic:
Apply normal buffer profiles to all ports
buffer manager will take care when a port is shut down
Update buffers_config.j2 to support INACTIVE PORTS by extending the existing macros to generate the various buffer objects, including PGs, queues, ingress/egress profile lists
Originally, all the macros to generate the above buffer objects took active ports only as an argument
Now that buffer items need to be generated on inactive ports as well, an extra argument representing the inactive ports need to be added
To be backward compatible, a new series of macros are introduced to take both active and inactive ports as arguments
The original version (with active ports only) will be checked first. If it is not defined, then the extended version will be called
Only vendors who support zero profiles need to change their buffer templates
Enable buffer manager to load zero pools and profiles from a JSON file:
The JSON file is provided on a per-platform basis
It is copied from platform/<vendor> folder to /usr/share/sonic/temlates folder in compiling time and rendered when the swss container is being created.
To make code clean and reduce redundant code, extract common macros from buffer_defaults_t{0,1}.j2 of all SKUs to two common files:
One in Mellanox-SN2700-D48C8 for single ingress pool mode
The other in ACS-MSN2700 for double ingress pool mode
Those files of all other SKUs will be symbol link to the above files
Update sonic-cfggen test accordingly:
Adjust example output file of JSON template for unit test
Add unit test in for Mellanox's new buffer templates.
How to verify it
Regression test.
Unit test in sonic-cfggen
Run regression test and manually test.
* Add macsec-xpn-support iproute2 in syncd
Signed-off-by: Ze Gan <ganze718@gmail.com>
* Polish code
Signed-off-by: Ze Gan <ganze718@gmail.com>
* Remove useless files
Signed-off-by: Ze Gan <ganze718@gmail.com>
* Add self-compiled iproute2 to docker sonic vs
Signed-off-by: Ze Gan <ganze718@gmail.com>
* Enhance apt install for iproute2 dependencies
Signed-off-by: Ze Gan <ganze718@gmail.com>
Why I did it
resolves#8979 and #9055
How I did it
Remove the file static.conf.j2,which adds the default route on eth0 from bgp docker
Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
a0bff26a [acl-loader] modify acl-loader with change in STATE DB ACL capability table (#1896)
a395e284 [debug dump util] Changes for EVPN and VxLAN dump module (#1892)
02a98ef1 [debug dump util] Route Module added (#1913)
ac8382fd [generic-config-updater] Logging change just before applying it (#1934)
9ab6c515 [flex counter] Flex counter threads consume too much CPU resources. #9202 (#1925)
2ec47a59 [generic-config-updater] Handling empty tables while sorting a patch (#1923)
fdedcbf6 [fdbshow]: Handle FDB cleanup gracefully. (#1926)
e7535ae3 [sonic-cli-gen] first phase implementation of the SONiC CLI Auto-generation tool (#1644)
Signed-off-by: Vivek Reddy Karri <vkarri@nvidia.com>
What I did:
Added option 'advertise':'true'/'false' to STATIC_TALE to control whether given route need to be advertise into BGP.
How I did:
Add a route in FRR with tag (1 for advertise and 2 for not advertise)
Create Route Map to match on tag as 1 and permit
Attach route-map to redistribute static.
Minigraph option to parse advertise option of Static Route.
bb0733aa [aclorch] Add ACL_TABLE_TYPE configuration (#1982)
59cab5d9 Support for setting switch level DSCP to TC QoS map (#2023)
da21172e [aclorch] add generic AclOrch::updateAclRule() method (#1993)
4f6cb055 [Reclaiming buffer] Support reclaiming buffer in traditional model (#2011)
32d7a69e [Reclaiming buffer] Common code update (#1996)
b91d8ba7 [swss] L2 Forwarding Enhancements (#1716)
797dab41 [muxorch] Bind all ports to drop ACL table (#2027)
99929cd7 [lgtm.yml] add libgmock-dev (#2035)
8727ae5c [flex counter] Flex counter threads consume too much CPU resources #9202 (#2031)
103fdf05 Remove redundant calls to get child scheduler group during initialization (#1965)
18ea8404 [macsec]: MACsec statistics support (#1867)
0c462420 [orchagent] Flush pipeline every 1 second, not only when select will timeout (#2003)
339101cf [cbf] Add class-based forwarding support (#1963)
24a615bd Fix issue: accumulative headroom can exceed limit in rare scenario (#2020)
708e232a Test divide by zero processing path (#2028)
8f1d035c [macsecmgr]: Wait for port up before enabling macsec (#2032)
4912a770 Remove buffer drop counter when port is removed (#1860)
f9462c49 [Dynamic buffer] [Mellanox] Calculate the peer response time according to the speed (#1930)
8b5a401e Routed subinterface enhancements (#2017)
cdea5e9b Fix next hop compilation (#2025)
37c197d0 [SRV6] Sonic-swss changes for SRV6 (#1964)
f502c320 [vnetorch] Add ECMP support for vnet tunnel routes (#1960)
Signed-off-by: Stephen Sun <stephens@nvidia.com>
HLD updated here: https://github.com/Azure/SONiC/pull/887
#### Why I did it
Command `monit summary -B` can no longer display the status for each critical process, system-health should not depend on it and need find a way to monitor the status of critical processes. The PR is to address that. monit is still used by system-health to do file system check as well as customize check.
#### How I did it
1. Get container names from FEATURE table
2. For each container, collect critical process names from file critical_processes
3. Use “docker exec -it <container_name> bash -c ‘supervisorctl status’” to get processes status inside container, parse the output and check if any critical processes exit
#### How to verify it
1. Add unit test case to cover it
2. Adjust sonic-mgmt cases to cover it
3. Manual test
* [yang_models]: Update extension yang and types yang with new yang extensions and types respectively.
* [YANG] Added CVL specific type and moved sonic-types to j2 template.
* [sonic-acl] add ACL_TABLE_TYPE table
I implemented ACL table type concept. Till this change, there are predefined ACL table types orchagent knows about (L3, L3V6, etc.) and if other orch requires a custom table a new table type needs to be defined in aclorch.
This PR addresses this limitation by introducing AclTableType which can be constructed from a set of matches, actions and bpoint types user needs. There is also a new handler for ACL_TABLE_TYPE table which is used for user to define table types.
Currently, some of built-in ACL table types that requires special handling are distinguished from others by their names (TABLE_TYPE_MIRROR, TABLE_TYPE_MIRRORV6) and a special handling is performed by an AclOrch.
Signed-off-by: Stepan Blyshchak <stepanb@nvidia.com>
When we update the a sai package downing from a remote server, we need to update the version file as well currently, but the reproducible build feature is not enabled in master, it can only be detected when merging the code into the release branches, such as 202106, 202012, etc.
The reproducible feature is to reduce the build failure, not need to break the build when the version not specified. If version not specified, the best choice is to accept the version from remote server.
Co-authored-by: Ubuntu <xumia@xumia-vm1.jqzc3g5pdlluxln0vevsg3s20h.xx.internal.cloudapp.net>
a3e34e30 [Auto Techsupport] Event driven Techsupport Changes (#1796)
efa2ff62 [show][platform summary] Add chassis type in the platform summary output(#1922)
a39350c6 [aclshow] enhance ACL counters to work with FC infrastructure (#1858)
ed880131 [sonic-package-manager] fix registry requests failing when no service field in Bearer fields (#1921)
00b60455 [VS test] Increase test timeout (#1924)
Previously the Yang model unit tests pulled directly from the Yang model source code for their models. This worked up to a point where we had jinja templates which needed to be rendered before they could be tested on. Now we need to reference the install location of the rendered templates for the unit tests.
Additionally, PBH yang was never added to the list of models to install onto a switch so I have resolved that (another example why pulling directly from the source was not correct)
My best explanation for why we only saw this failing on mellanox was that these tests could not have possibly been running on the broadcom build (I have not investigated this specifically). There was no way for these tests to pass recently given they were referencing Yang models which did not exist in the source (ACL).
Signed-off-by: pettershao-ragilenetworks pettershao@ragilenetworks.com
What I did it
Add new platform x86_64-ragile_ra-b6510-32c-r0 (Trident 3)
ASIC Vendor: Broadcom
Switch ASIC: Trident 3
Port Config: 32x100G
Add new platform x86_64-ragile_ra-b6920-4s-r0 (Tomahawk 3)
ASIC Vendor: Broadcom
Switch ASIC: Tomahawk 3
Port Config: 128x100G
-How I did it
Provide device and platform related files.
-How to verify it
show platform fan
show platform ssdhealth
show platform psustatus
show platform summary
show platform syseeprom
show platform temperature
show interface status
c8eceec 400zr initial support (#228)
ef55364 SSD Health: Retrieve SSD health and temperature values from generic SSD info (#229)
26c8346 Fix cmis cable length issue (#225)
671927d Fix typo in the simulated y_cable driver (#226)
51a9aca [sfp-refactor] Add initial support for CMIS in sonic_xcvr (#220)
Signed-off-by: Prince George <prgeor@microsoft.com>
#### Why I did it
Changes required for feature "Event Driven TechSupport Invocation & CoreDump Mgmt". [HLD](https://github.com/Azure/SONiC/pull/818 )
Requires: https://github.com/Azure/sonic-utilities/pull/1796.
Merging in any order would be fine.
Summary of the changes:
- Added the YANG Models for the new tables introduces as a part of this feature.
- Enhanced init_cfg.json with the default config required
- Added a compile Time flag which enables/disables the config required for this feature inside the init_cfg.json
- Enhanced the supervisor-proc-exit-listener script to populate `<feature>:<critical_proc> = <comm>:<pid>` info in the STATE_DB when it observes an proc exit notification for the critical processes running inside the docker.
6f1a0ea (HEAD, origin/master, origin/HEAD, master) [FlexCounter] Add support for ACL counters (#953)
67b3136 [vslib] fill aclcapability.is_action_list_mandatory field (#957)
eba6a1b [ci]: use native armhf and arm64 pool (#965)
04793b1 [az] Set diff coverage threshold to 50% (#963)
6092d50 [syncd] Add workaround for warm boot new objects (#960)
88b62ce Added Flex Counters support for tunnel counters (#886)
a718226 [Counters] Query Counters Stats Capabilities (#952)
This commit fixes/avoids the following errors encountered during the
marvell-armhf build for bullseye
- Fix Marvell prestera DMA driver build failure due to kallsyms_lookup_name()
no longer being exported by the updated bullseye kernel. This is a temporary
fix that will be replaced by a future version of the DMA driver.
- Update qemu-user-static version to align with the new glibc version included
in bullseye
- Skip systemd-sonic-generator unit tests to avoid test failures. Root cause is
still TBD
#### Why I did it
Fix the following build errors observed when building marvell-armhf for bullseye
1. Marvell Prestera DMA driver uses kernel API no longer exported
ERROR: modpost: "kallsyms_lookup_name" [/sonic/platform/marvell-armhf/prestera/mrvl-prestera/cpssEnabler/linuxNoKernelModule/drivers//mvDmaDrv.ko] undefined!
2. Old qemu-user-static version does not support semop() leading to following build failure
semop(1): encountered an error: Function not implemented
3. systemd-sonic-generator unit test failure
ssg-test.cc:217: Failure
Expected equality of these values:
find_string_in_file(str_t, target, num_asics)
Which is: false
expected_result
Which is: true
Error validating Before=single_inst.service in test.service
[ FAILED ] SsgMainTest.ssg_main_40_npu (20 ms)
[----------] 4 tests from SsgMainTest (36 ms total)
[----------] Global test environment tear-down
[==========] 10 tests from 3 test suites ran. (54 ms total)
[ PASSED ] 7 tests.
[ FAILED ] 3 tests, listed below:
[ FAILED ] SsgMainTest.ssg_main_single_npu
[ FAILED ] SsgMainTest.ssg_main_10_npu
[ FAILED ] SsgMainTest.ssg_main_40_npu
3 FAILED TESTS
This pull request add a bash plugin for TACACS+ per-command authorization
#### Why I did it
1. To support TACACS per command authorization, we check user command before execute it.
2. Fix libtacsupport.so can't parse tacplus_nss.conf correctly issue:
Support debug=on setting.
Support put server address and secret in same row.
3. Fix the parse_config_file method not reset server list before parse config file issue.
#### How I did it
The bash plugin will be called before every user command, and check user command with remote TACACS+ server for per-command authorization.
#### How to verify it
UT with CUnit cover all code in this plugin.
Also pass all current UT.
#### Which release branch to backport (provide reason below if selected)
N/A
#### Description for the changelog
Add Bash TACACS+ plugin.
#### A picture of a cute animal (not mandatory but encouraged)
Fix support for DHCPV6 Relay multi vlan functionality. Make sure the relayed packet is received at correct interface.
How I did it
Bind a socket to each vlan interface's global and link-local address.
Socket binded to global address is used for relaying data from client to server and receiving data from servers.
Socket binded to link-local address is used for relaying data received from server back to the client.
When sshd realizes that this login can't succeed due to internal device state
or configuration, instead of failing right there, it proceeds to prompt for
password, so as the user does not get any clue on where is the failure point.
Yet to ensure that this login does not proceed, sshd replaces user provided password
with a specific pattern of characters matching length of user provided password.
This pattern is "INCORRECT", which is bound to fail.
If user provided length is smaller/equal, the substring of pattern is overwritten.
If user provided length is greater, the pattern is repeated until length is exhausted.
But if the PAM-tacacs plugin would send this password to AAA, the user could get
locked out by AAA, for providing incorrect value.
How I did it
Hence this fix, matches obtained password against the pattern. If match, fail just before
reaching AAA server.
Why I did it
To add ACL FC to the YANG model.
How I did it
Added to the YANG model and added a UT.
How to verify it
Together with depends PRs. Run ACL/Everflow test suite.
Signed-off-by: Stepan Blyshchak <stepanb@nvidia.com>
