Commit Graph

6290 Commits

Author SHA1 Message Date
Longxiang Lyu
7d06c7f621 [minigraph][dualtor] Support parsing soc_ip out of dpg (#11207)
Why I did it
To further support parse out soc_ipv4 and soc_ipv6 out of Dpg:

<DeviceDataPlaneInfo>
  <IPSecTunnels />
  <LoopbackIPInterfaces xmlns:a="http://schemas.datacontract.org/2004/07/Microsoft.Search.Autopilot.Evolution">
    <a:LoopbackIPInterface>
      <ElementType>LoopbackInterface</ElementType>
      <Name>HostIP</Name>
      <AttachTo>Loopback0</AttachTo>
      <a:Prefix xmlns:b="Microsoft.Search.Autopilot.NetMux">
        <b:IPPrefix>10.10.10.2/32</b:IPPrefix>
      </a:Prefix>
      <a:PrefixStr>10.10.10.2/32</a:PrefixStr>
    </a:LoopbackIPInterface>
    <a:LoopbackIPInterface>
      <ElementType>LoopbackInterface</ElementType>
      <Name>HostIP1</Name>
      <AttachTo>Loopback0</AttachTo>
      <a:Prefix xmlns:b="Microsoft.Search.Autopilot.NetMux">
        <b:IPPrefix>fe80::0002/128</b:IPPrefix>
      </a:Prefix>
      <a:PrefixStr>fe80::0002/128</a:PrefixStr>
    </a:LoopbackIPInterface>
    <a:LoopbackIPInterface>
      <ElementType>LoopbackInterface</ElementType>
      <Name>SoCHostIP0</Name>
      <AttachTo>server2SOC</AttachTo>
      <a:Prefix xmlns:b="Microsoft.Search.Autopilot.NetMux">
        <b:IPPrefix>10.10.10.3/32</b:IPPrefix>
      </a:Prefix>
      <a:PrefixStr>10.10.10.3/32</a:PrefixStr>
    </a:LoopbackIPInterface>
    <a:LoopbackIPInterface>
      <ElementType>LoopbackInterface</ElementType>
      <Name>SoCHostIP1</Name>
      <AttachTo>server2SOC</AttachTo>
      <a:Prefix xmlns:b="Microsoft.Search.Autopilot.NetMux">
        <b:IPPrefix>fe80::0003/128</b:IPPrefix>
      </a:Prefix>
      <a:PrefixStr>fe80::0003/128</a:PrefixStr>
    </a:LoopbackIPInterface>
  </LoopbackIPInterfaces>
</DeviceDataPlaneInfo>
Signed-off-by: Longxiang Lyu lolv@microsoft.com

How I did it
For servers loopback definitions in Dpg, if they contain LoopbackIPInterface with tags AttachTo, which has value of format like <server_name>SOC, the address will be regarded as a SoC IP, and sonic-cfggen now will treat the port connected to the server as active-active if the redundancy_type is either Libra or Mixed.

How to verify it
Pass the unittest.

Signed-off-by: Longxiang Lyu <lolv@microsoft.com>
2022-07-05 22:51:11 +00:00
Sudharsan Dhamal Gopalarathnam
187f351b23 [Mellanox]Check dmi file permission before access (#11309)
Signed-off-by: Sudharsan Dhamal Gopalarathnam sudharsand@nvidia.com

Why I did it
During the system boot up when 'show platform status' or 'show version' command is executed before STATE_DB CHASSIS_INFO table is populated, the show will try to fallback to use the platform API. The DMI file in mellanox platforms require root permission for access. So if the show commands are executed as admin or any other user, the following error log will appear in the syslog

Jun 28 17:21:25.612123 sonic ERR show: Fail to decode DMI /sys/firmware/dmi/entries/2-0/raw due to PermissionError(13, 'Permission denied')

How I did it
Check the file permission before accessing it.

How to verify it
Added UT to verify. Manually verified if the error log is not thrown.
2022-07-05 16:12:31 +00:00
judyjoseph
4657d8138e Revert "Update include_macsec flag if type is SpineRouter (#11141)" (#11306)
This reverts commit c9f36957db.
2022-07-05 16:12:17 +00:00
xumia
a96a07ec5d [Build] Add the missing debian security mirrors in slave images (#11305)
Why I did it
The build below was broken, it was caused by one of the required debian mirror missing.
https://dev.azure.com/mssonic/build/_build/results?buildId=116719&view=logs&j=88ce9a53-729c-5fa9-7b6e-3d98f2488e3f&t=88f376cf-c35d-5783-0a48-9ad83a873284

 libpci-dev : Depends: libudev-dev (>= 196) but it is not going to be installed
 libsystemd-dev : Depends: libsystemd0 (= 232-25+deb9u14) but 232-25+deb9u13 is to be installed
How I did it
Add the missing mirrors for buster and stretch.
2022-07-05 16:12:12 +00:00
Yakiv Huryk
fd287b7d24 [ci] add docker-sonic-vs with ASAN build (#11297)
The asan-enabled docker image will be used in other CIs that run DVS tests.

Why I did it
To add a possibility to run DVS tests with ASAN for other CIs (e.g. swss).

How I did it
Added the 'asan_image' flag to the vs job group.

How to verify it
Run the CI and check the docker-sonic-vs-asan.gz artifact.
2022-07-05 16:11:48 +00:00
Rajkumar-Marvell
0bc054e308 [Marvell] Update armhf sai deb (#11296)
1) Migrate SAI to 1.10.2
2) MRVL-SAI fixes from 202012 branch

Signed-off-by: rajkumar38 <rpennadamram@marvell.com>
2022-07-05 16:11:39 +00:00
Liu Shilong
f16eaf5382 [build] Fix libssl version issue. (#11287)
The following packages have unmet dependencies:
 libssl-dev : Depends: libssl1.1 (= 1.1.1n-0+deb11u3) but 1.1.1n-0+deb11u2 is to be installed
E: Unable to correct problems, you have held broken packages.
2022-07-05 16:11:23 +00:00
Junhua Zhai
477ed2c344 [macsec] CLI Supports display of gearbox macsec counter (#11113)
Why I did it
To support gearbox macsec counter display, following Azure/sonic-swss-common#622.

How I did it
Use swsscommon CounterTable API
2022-07-05 16:11:08 +00:00
vmittal-msft
8035e3d9a7 Updated Chassis MMU settings for 40G/100G/400G line cards (#11108)
* Updated Chassis MMU settings for 40G/100G/400G line cards
2022-07-05 16:10:50 +00:00
Volodymyr Samotiy
421b659161 [Mellanox] Update SDK/FW to 4.5.2262/xx.2010.2262 (#10882)
- Why I did it
To include latest fixes:
1. Warmboot | When trying to reconfigure the Flex Parser header and Flex transition parameters after ISSU, the switch will returned an error even if the configuration was identical to that done before performing the ISSU.
2. Link Up | When toggling many ports of the Spectrum devices while raising 10GbE link up and link maintenance is enabled, the switch may get stuck and may need to be rebooted.
3. Shared buffer | While moving from lossless to lossy while shared headroom was used, reduction of the shared headroom can only be done prior to pool type change and when shared headroom is not utilized.

- How I did it
Updated SDK submodule along with the relevant Makefiles

- How to verify it
Build an image and run tests from "sonic-mgmt".

Signed-off-by: Volodymyr Samotiy <volodymyrs@nvidia.com>
2022-07-05 16:10:23 +00:00
arista-nwolfe
b3672c1f57
Setting the soc property for num_sa_per_sc on macsec encrypt/decrypt (cherry-pick of PR 11166) (#11279) 2022-07-05 09:06:24 -07:00
mssonicbld
0acc47ecc9
[ci/build]: Upgrade SONiC package versions (#11189)
Upgrade SONiC Versions
2022-07-04 20:19:43 +08:00
Ying Xie
ded05adb3e
[202205][swss][utilities] advance submodule head (#11294)
swss:
* 6bafea4 2022-06-29 | [vnetorch] [vxlanorch] fix a set of memory usage issues (#2352) (HEAD -> 202205, github/202205) [Yakiv Huryk]

utilities:
* c64454c 2022-06-28 | [GCU] Moving UniqueLanes from only validating moves, to be a supplemental YANG validator (#2234) (HEAD -> 202205, github/202205) [Mohamed Ghoneim]
* fbd79d4 2022-06-29 |  Add check to not allow deleting PO if its member of vlan (#2237) [anilkpan]

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2022-06-30 10:35:51 -07:00
judyjoseph
37c9b27ce2 [macsec] Parse masec_enabled and macsec_profile from minigraph (#10917)
* Updates needed to parse the macsec config from minigraph
* Add unit tests in tests/test_cfggen.py::TestCfgGen, and updates
2022-06-30 05:27:17 +00:00
davidpil2002
f17d55dc67 Add support for Password Hardening (#10323)
- Why I did it
New security feature for enforcing strong passwords when login or changing passwords of existing users into the switch.

- How I did it
By using mainly Linux package named pam-cracklib that support the enforcement of user passwords, the daemon named hostcfgd, will support add/modify password policies that enforce and strengthen the user passwords.

- How to verify it
Manually Verification-
1. Enable the feature, using the new sonic-cli command passw-hardening or manually add the password hardening table like shown in HLD by using redis-cli command

2. Change password policies manually like in step 1.
Notes:
password hardening CLI can be found in sonic-utilities repo-
P.R: Add support for Password Hardening sonic-utilities#2121
code config path: config/plugins/sonic-passwh_yang.py
code show path: show/plugins/sonic-passwh_yang.py

3. Create a new user (using adduser command) or modify an existing password by using passwd command in the terminal. And it will now request a strong password instead of default linux policies.

Automatic Verification - Unitest:
This PR contained unitest that cover:
1. test default init values of the feature in PAM files
2. test all the types of classes policies supported by the feature in PAM files
3. test aging policy configuration in PAM files
2022-06-30 05:25:58 +00:00
yozhao101
ab87fb8b60 [tunnel_packet_handler] Add a whitespace in the warning syslog message. (#11232)
*This PR aims to add a whitespace in the warning syslog message of process tunnel_packet_handler.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
2022-06-30 05:22:34 +00:00
Jing Zhang
f25a84c148 Avoid write_standby in warm restart context (#11283)
Avoid write_standby in warm restart context.

sign-off: Jing Zhang zhangjing@microsoft.com

Why I did it
In warm restart context, we should avoid mux state change.

How I did it
Check warm restart flag before applying changes to app db.

How to verify it
Ran write_standby in table missing, key missing, field missing scenarios.
Did a warm restart, app db changes were skipped. Saw this in syslog:
WARNING write_standby: Taking no action due to ongoing warmrestart.
2022-06-30 05:15:41 +00:00
jingwenxie
6708a55654 [yang] update TCP_FLAGS format in sonic-acl.yang (#11270)
Why I did it
Fix #11224
TCP_FLAGS supports flags/mask pattern.

How I did it
Change the pattern.

How to verify it
Add unit test.
2022-06-30 05:15:41 +00:00
bingwang-ms
d9cd1a1355 Add extra lossy PG profile for ports between T1 and T2 (#11157)
Signed-off-by: bingwang <wang.bing@microsoft.com>

Why I did it
This PR brings two changes

Add lossy PG profile for PG2 and PG6 on T1 for ports between T1 and T2.
After PR Update qos config to clear queues for bounced back traffic #10176 , the DSCP_TO_TC_MAP and TC_TO_PG_MAP is updated when remapping is enable

DSCP_TO_TC_MAP
Before	After	Why do this change
"2" : "1"	"2" : "2"	Only change for leaf router to map DSCP 2 to TC 2 as TC 2 will be used for lossless TC
"6" : "1"	"6" : "6"	Only change for leaf router to map DSCP 6 to TC 6 as TC 6 will be used for lossless TC

TC_TO_PRIORITY_GROUP_MAP
Before	After	Why do this change
"2" : "0"	"2" : "2"	Only change for leaf router to map TC 2 to PG 2 as PG 2 will be used for lossless PG
"6" : "0"	"6" : "6"	Only change for leaf router to map TC 6 to PG 6 as PG 6 will be used for lossless PG

So, we have two new lossy PGs (2 and 6) for the T2 facing ports on T1, and two new lossless PGs (2 and 6) for the T0 facing port on T1.
However, there is no lossy PG profile for the T2 facing ports on T1. The lossless PGs for ports between T1 and T0 have been handled by buffermgrd .Therefore, We need to add lossy PG profiles for T2 facing ports on T1.

We don't have this issue on T0 because PG 2 and PG 6 are lossless PGs, and there is no lossy traffic mapped to PG 2 and PG 6

Map port level TC7 to PG0
Before the PCBB change, DSCP48 -> TC 6 -> PG 0.
After the PCBB change, DSCP48 -> TC 7 -> PG 7
Actually, we can map TC7 to PG0 to save a lossy PG.

How I did it
Update the qos and buffer template.

How to verify it
Verified by UT.
2022-06-30 05:15:41 +00:00
Ying Xie
4ad895c312
[202205][pmon] advance submodule head (#11293)
pmon:
* 547acc0 2022-06-29 | [ycabled] add some retry logic for gRPC channel setup;fix no channel gRPC notification (#269) (HEAD -> 202205, github/202205) [vdahiya12]

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2022-06-29 22:15:05 -07:00
Ying Xie
f16d4949bb
[202205][swss][linkmgrd] advance submodule head (#11275)
swss:
* 665bbbb 2022-06-27 | Add support for IP interface loopback action (#2307) (HEAD -> 202205, github/202205) [Lior Avramov]
* c7f5743 2022-06-28 | [asan] suppress the static variable leaks (#2354) [Yakiv Huryk]
* 37e2a31 2022-06-28 | [tests] [asan] add graceful stop flag (#2347) [Yakiv Huryk]
* 5ab84cf 2022-06-28 | [202205][cherry-pick] Fix mux_acl_rule adding issue (#2358) [bingwang-ms]

linkmgrd:
* a836ef7 2022-06-28 | Use Vlan MAC as src MAC for link prober by default  (#93) (HEAD -> 202205) [Jing Zhang]
* a828e86 2022-06-28 | Fix inconsistent mux state (#92) (github/202205) [Longxiang Lyu]

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2022-06-28 19:46:55 -07:00
Junchao-Mellanox
097e315f08 [system-health] Fix error log system_service'state' while doing confi… (#11225)
- Why I did it
While doing config reload, FEATURE table may be removed and re-add. During this process, updating FEATURE table is not atomic. It could be that the FEATURE table has entry, but each entry has no field. This PR introduces a retry mechanism to avoid this.

- How I did it
Introduces a retry mechanism to avoid this.

- How to verify it
New unit test added to verify the flow as well as running some manual test.
2022-06-28 16:11:17 +00:00
Yakiv Huryk
97cb613729 [asan] add print_suppressions=0 to ASAN configs (#11252)
- Why I did it
To provide an ability to suppress ASAN false positives and have a clean ASAN report for docker-sonic-vs/mlnx-syncd/orchagent docker

- How I did it
Added the "print_suppressions=0" to ASAN configs.

- How to verify it
add a suppression to some ASAN-enabled component (the suppression should catch some leak)
build with ENABLE_ASAN=y
run a test and see that the ASAN report is empty instead of having the suppression summary

Signed-off-by: Yakiv Huryk <yhuryk@nvidia.com>
2022-06-28 16:11:05 +00:00
Ze Gan
7d832d1a8a [submodule]: Update submodule for wpa-supplicant (#11264)
3f43852b8 [sonic_operators.cpp]: Increasing select timeout (#55)
a1142e251  [sonic_operators.cpp] Update sonic_db_manager::get_counter (#56)
1069d2dd4 [sonic_operators.cpp]: Fixbug wait with false positive to return success (#54)

Signed-off-by: Ze Gan <ganze718@gmail.com>
2022-06-28 16:10:50 +00:00
judyjoseph
d7db8a285d Update include_macsec flag if type is SpineRouter (#11141)
Add the support to enable macsec when type is SpineRouter
2022-06-28 16:07:24 +00:00
Jing Kan
68f6833d81 [minigraph] Support parse IPv6 in device_desc.xml (#11095)
Signed-off-by: Jing Kan jika@microsoft.com
2022-06-28 16:06:58 +00:00
xumia
e2bee174e1 [Build]: Support to use symbol links for lazy installation targets to reduce the image size (#10923)
Why I did it
Support to use symbol links in platform folder to reduce the image size.
The current solution is to copy each lazy installation targets (xxx.deb files) to each of the folders in the platform folder. The size will keep growing when more and more packages added in the platform folder. For cisco-8000 as an example, the size will be up to 2G, while most of them are duplicate packages in the platform folder.

How I did it
Create a new folder in platform/common, all the deb packages are copied to the folder, any other folders where use the packages are the symbol links to the common folder.

Why platform.tar?
We have implemented a patch for it, see #10775, but the problem is the the onie use really old unzip version, cannot support the symbol links.
The current solution is similar to the PR 10775, but make the platform folder into a tar package, which can be supported by onie. During the installation, the package.tar will be extracted to the original folder and removed.
2022-06-28 16:03:16 +00:00
Ying Xie
ae66e14f42
[202205][swss][swss-common][linkmgrd] advance submodule head (#11254)
swss:
* ad2d0ad 2022-06-24 | [PFC_WD] Avoid applying ZeroBuffer Profiles to ingress PG when a PFC storm is detected (#2304) (HEAD -> 202205) [Vivek R]
* ef75554 2022-06-25 | [swssconfig] Optimize performance of swssconfig (#2336) [Junchao-Mellanox]
* d9e9ba8 2022-06-24 | [fdborch] fix heap-use-after-free in clearFdbEntry() (#2353) [Yakiv Huryk]
* 585a69b 2022-06-24 | Create ACL table fails due to incorrect check for supported ACL actions #11235 (#2351) [Ravindranath C K]
* 0d19560 2022-06-24 | [macsec] Refactor the logic of macsec name map (#2348) [Junhua Zhai]
* 111dfc2 2022-06-23 | [macsec] Update macsec flex counter (#2338) (HEAD -> 202205, github/202205) [Junhua Zhai]

swss-common:
* 0213d55 2022-06-23 | [portcounter] Check if counter ID exists before arithmetic operation  (#632) (HEAD -> 202205, github/202205) [Junhua Zhai]
* c21c47e 2022-06-14 | [counter] Add counter table (#622) [Junhua Zhai]

utilities:
* 430cd65 2022-06-23 | [202205] [generate dump] Move the Core/Log collection to the End of process Execution and removed default timeout  (#2230) (github/202205) [Vivek R]

linkmgrd:
* 59334be 2022-06-24 | Remove exception throwing when initializing missing loopback interface (#90) (HEAD -> 202205) [Jing Zhang]

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2022-06-27 08:35:31 -07:00
Stephen Sun
71c2b40491 Support LOSSLESS_TRAFFIC_PATTERN and DEFAULT_LOSSLESS_BUFFER_PARAMETER (#11058)
#### Why I did it
Support the following tables which were introduced during dynamic buffer calculation
- LOSSLESS_TRAFFIC_PATTERN
- DEFAULT_LOSSLESS_BUFFER_PARAMETER

#### How I did it

- LOSSLESS_TRAFFIC_PATTERN

|name|type|range|mandatory|description|
|---|---|---|---|---|
|mtu|uint16|64~10240|true|The maximum packet size of a lossless packet|
|small_packet_percentage|uint8|0~100|true|The percentage of small packet|

- DEFAULT_LOSSLESS_BUFFER_PARAMETER

|name|type|range|mandatory|description|
|---|---|---|---|---|
|default_dynamic_th|int8|-8~7|true|The default dynamic_th for all buffer profiles that are dynamically generated for lossless PG|
|over_subscribe_ratio|uint16|-|false|The oversubscribe ratio for shared headroom pool.|
|||||Semantically, the upper bound is the number of physical ports but it can not be represented in the yang module. So we keep the upper bound open. As the type is (signed) integer whose lower bound is 0 by nature, we do not need to specify the range.|

#### How to verify it
Run unit test
2022-06-24 05:16:20 +00:00
vmittal-msft
7c5567553f Updated buffer profile settings for TD3 based HWSKUs (Arista-7050CX3-32S-C32, Arista-7050CX3-32S-D48C8) (#11202)
* Updated buffer profile settings for TD3 based HWSKUs (Arista-7050CX3-32S-C32, Arista-7050CX3-32S-D48C8)
2022-06-24 05:15:14 +00:00
Yakiv Huryk
75f73899e1 [vs][asan] add /var/log/asan to ASAN-enabled docker-sonic-vs image (#11059)
To ensure that ASAN logs are always generated. Currently, the way to get the logs is to map the "/var/log/asan" outside of a container, which doesn't work for DVS test run with "--imgname" option.

Signed-off-by: Yakiv Huryk <yhuryk@nvidia.com>
2022-06-24 05:14:33 +00:00
Ying Xie
f6f87f1a8c
[202205][swss][utilities][sairedis][pmon] advance submodule head (#11223)
swss:
* 43b9f06 2022-06-23 | [ACL] Support stage particular match fields (#2341) (HEAD -> 202205) [bingwang-ms]
* c7f1add 2022-06-22 | Fix qos map test in vs test (#2343) [bingwang-ms]
* 0549f3c 2022-06-22 | Fix for "orchagent crashed when trying to delete fdb static entry with swssconfig #11046" (#2332) [anilkpan]

utilities:
* 785508d 2022-05-25 | [GCU] Handling type1 lists (#2171) (HEAD -> 202205) [Mohamed Ghoneim]
* 56c2c6b 2022-06-22 | [config reload] Fixing config reload when timer based services are disabled (#2200) (#2226) (HEAD -> 202205, github/202205) [Sudharsan Dhamal Gopalarathnam]
* 600979e 2022-06-16 | Fix header for the output table following 'show ipv6 interface' command (#2219) [Dror Prital]

sairedis:
* 14fba45 2022-06-13 | [vslib]: Fixbug in cleanup MACsec device (#1059) (HEAD -> 202205) [Ze Gan]
* ac6e7ad 2022-04-29 | [vslib]: Update packet number of MACsec SA at runtime (#1007) [Ze Gan]

platform-daemons:
* 6ffec22 2022-06-22 | [ycabled] Fix the init values for active-active ports (#266) (HEAD -> 202205) [vdahiya12]

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2022-06-23 16:14:00 -07:00
Ying Xie
8249d0da80
[202205] add release tag file (#11222)
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2022-06-22 21:11:40 -07:00
Neetha John
ef9fb9db05 [sonic-config-engine] Generate expected output with different cable len (#11092)
Why I did it
To address internal build failures where the cable len for some of the skus is set to 300m for all tiers.

How I did it
For the buffers test, generate a new output file based off the original expected output with CABLE_LENGTH table updated to use 300m. In the comparison logic, compare against each of the expected output files and if any matches, the testcase is set to pass

Signed-off-by: Neetha John <nejo@microsoft.com>
2022-06-23 02:33:57 +00:00
Neetha John
3304fcd3a5 [qos]: Adjust 7260 buffer sizes to accomodate extra lossless queues (#11018)
Why I did it
As part of PCBB changes, we need to enable 2 extra lossless queues. The changes in this PR are done to adjust only the reserved sizes on Th2 for the additional 2 lossless queues
Calculations are done based on 40 downlinks for T1 and 16 uplinks for dual ToR

How to verify it
Verified that the rendering works fine on Th2 dut
Unit tests have been updated to reflect the modified buffer sizes when pcbb is enabled. There are existing testcases that will test the original buffer sizes when pcbb is disabled. With these changes, was able to build sonic-config-engine wheel successfully

Signed-off-by: Neetha John <nejo@microsoft.com>
2022-06-23 02:33:48 +00:00
Lior Avramov
f9e93d2f31 Change severity of log messages for cases where docker container was stopped during service checker operation (#11188)
#### Why I did it
There might be a case where service checker periodic operation determined that specific container is running but when it tries to perform an operation on it, it was already closed by the user. This is a valid flow and we should not log an error message, informative warning is enough. 

#### How I did it
I reduce log severity.

#### How to verify it
I verified it manually.
2022-06-22 23:09:39 +00:00
Ze Gan
40f7cec98d [azurepipeline]: Add t0-sonic pool back to Azp checker (#11181)
Why I did it
The t0-sonic pool has been fixed, so add it back to azp checker.

How I did it
Remove continueOnError in run-test-template.yml.

Signed-off-by: Ze Gan <ganze718@gmail.com>
2022-06-22 23:09:26 +00:00
Hua Liu
d97b336a5d [SSHD] Enable SSHD keepalive timeout feature (#11115)
#### Why I did it
SSHD keepalive timeout feature not enabled on sonic.

#### How I did it
Enable SSHD keepalive timeout feature by set ClientAliveCountMax to 1.

#### How to verify it
Pass All E2E test case.
Manually test with following steps:

1. Change config and restart sshd
2. Connect a ssh with -vvv option to show debug message
3. Get running ssh by command and stop it:

```
azureuser@liuh-dev-vm-02:~$ ps -auxww | grep vvv
azureus+ 1614153  0.0  0.0  12244  6004 pts/1S+   15:48   0:00 ssh admin@10.250.0.101 -vvv
azureus+ 1615570  0.0  0.0   8168  2424 pts/3S+   15:49   0:00 grep --color=auto vvv
azureuser@liuh-dev-vm-02:~$ kill -Stop 1614153
```

4. Check TCP status from server side with ss command:
https://man7.org/linux/man-pages/man8/ss.8.html

```
admin@vlab-01:~$ ss | grep -i ssh
tcp   ESTAB  0  010.250.0.101:ssh 10.250.0.1:58150
tcp   FIN-WAIT-2 0  010.250.0.101:ssh 10.250.0.1:58164
tcp   ESTAB  0  010.250.0.101:ssh 10.250.0.1:57978
```

FIN-WAIT-2 means server already terminate the connection and wait for client response:
https://kb.iu.edu/d/ajmi
.  FIN-WAIT-2  <-- <SEQ=300><ACK=101><CTL=ACK>  <-- CLOSE-WAIT

5. Check again later will show the session been complete closed:

```
admin@vlab-01:~$ ss | grep -i ssh
tcp   ESTAB  0  010.250.0.101:ssh 10.250.0.1:58150
tcp   ESTAB  0  010.250.0.101:ssh 10.250.0.1:57978
```
2022-06-22 23:09:15 +00:00
saksarav-nokia
1976e55010 Update platform/broadcom/sonic-platform-modules-nokia (#11107) 2022-06-22 23:09:01 +00:00
saksarav-nokia
5a3c8d693f Updated Nokia device BCM and platform config (#11106) 2022-06-22 23:08:51 +00:00
Sudharsan Dhamal Gopalarathnam
379d77af42 [lldp]Fix lldp spawned after reboot when disabled (#11080)
- Why I did it
When LLDP is disabled through feature command, it gets spawned after reboot.

- How I did it
In syncd.sh check if the service is enabled before spawning automatically during cold reboot.

- How to verify it
Disable lldp feature. Perform cold reboot and verify its not spawned.
2022-06-22 23:08:05 +00:00
Lior Avramov
e015232ebf Add IP interface loopback action related content to YANG models. (#11012)
*Add IP interface loopback action related content to the required YANG models.
2022-06-22 23:06:18 +00:00
Andriy Yurkiv
d9f8af8e31 [Mellanox] Install MFT package on platform monitor (pmon) container (#10932)
- Why I did it
Need to execute mlxreg inside pmon docker

- How I did it
Add MFT package to pmon Makefile

- How to verify it
Install image, go to pmon : docker exec -it pmon bash, exec mlxreg
Verifiy warm, fast and cold reboot while MFT is being called in pmon constantly 

Signed-off-by: Andriy Yurkiv <ayurkiv@nvidia.com>
2022-06-22 23:05:52 +00:00
bingwang-ms
6f713419ba Add two extra lossless queues for bounced back traffic (#10496)
Signed-off-by: bingwang <bingwang@microsoft.com>

Why I did it
This PR is to add two extra lossless queues for bounced back traffic.
HLD sonic-net/SONiC#950

SKUs include
Arista-7050CX3-32S-C32
Arista-7050CX3-32S-D48C8
Arista-7260CX3-D108C8
Arista-7260CX3-C64
Arista-7260CX3-Q64

How I did it
Update the buffers.json.j2 template and buffers_config.j2 template to generate new BUFFER_QUEUE table.

For T1 devices, queue 2 and queue 6 are set as lossless queues on T0 facing ports.
For T0 devices, queue 2 and queue 6 are set as lossless queues on T1 facing ports.
Queue 7 is added as a new lossy queue as DSCP 48 is mapped to TC 7, and then mapped into Queue 7

How to verify it
Verified by UT
Verified by coping the new template and generate buffer config with sonic-cfggen
2022-06-22 23:05:14 +00:00
Liu Shilong
57244dd24a
[build] Add version files to docker image dependencies (#11195)
* [ci] Support to skip vstest using include/exclude config file. (#11086)

example:
├── folderA
│  ├──  fileA (skip vstest)
│  ├──  fileB
│  └──  fileC
If we want to skip vstest when changing /folderA/fileA, and not skip vstest when changing fileB or fileC.

vstest-include:
^folderA/fileA

vstest-exclude:
^folderA

* [build] Add version files to docker image dependencies
2022-06-22 14:12:25 +08:00
Ying Xie
3ea8df3096
[202205][swss] advance submodule head (#11200)
swss:
* a3bfd96 2022-06-18 | Enhance mock test for dynamic buffer manager for port removing and qos reload flows (#2262) (HEAD -> 202205, github/202205) [Stephen Sun]
* b17d6c0 2022-05-28 | Support mock_test infra for dynamic buffer manager and fix issues found during mock test (#2234) [Stephen Sun]
* 3fb23a1 2022-06-16 | [aclorch] Fix and simplify DTel watchlist tables and entries (#2155) [Mickey Spiegel]
* 9ace643 2022-06-16 | [intfmgr]: Set proxy_arp kernel param (#2334) [Lawrence Lee]
* 013609a 2022-06-14 | [crmorch] Prevent exceededLogCounter from resetting when low and high values are equal (#2327) [Alexander Allen]
* 83a1306 2022-06-13 | Fix key generation in removeDecapTunnel (#2322) [Myron Sosyak]
* 3d018ad 2022-06-15 | Apply `DSCP_TO_TC_MAP` from `PORT_QOS_MAP|global` to switch level (#2314) [bingwang-ms]

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2022-06-21 09:28:46 -07:00
jingwenxie
7a22cbff28
[202205][utilities] advance utilities submodule head (#11184)
13ec600 [generic-config-updater] Add NTP validator (#2212)
4fc09b1 [GCU] Handling non-compliant leaf-list with string values (#2174)
ac89489 Modify override testcase to cover PORT admin_status (#2165)
d7953d2 [GCU] Validate peer_group_range ip_range are correct (#2145)
2022-06-20 09:02:24 -07:00
yozhao101
d63d16ba58 [memory_checker] Do not check memory usage of containers which are not created (#11129)
Signed-off-by: Yong Zhao yozhao@microsoft.com

Why I did it
This PR aims to fix an issue (#10088) by enhancing the script memory_checker.

Specifically, if container is not created successfully during device is booted/rebooted, then memory_checker do not need check its memory usage.

How I did it
In the script memory_checker, a function is added to get names of running containers. If the specified container name is not in current running container list, then this script will exit without checking its memory usage.

How to verify it
I tested on a lab device by following the steps:

Stops telemetry container with command sudo systemctl stop telemetry.service

Removes telemetry container with command docker rm telemetry

Checks whether the script memory_checker ran by Monit will generate the syslog message saying it will exit without checking memory usage of telemetry.
2022-06-19 08:01:18 +00:00
Ying Xie
36b54da653
[brcm docker build] remove extra line (#11182)
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2022-06-17 07:51:35 -07:00
Ying Xie
95dc2e23ff
[202205][BRCM_SAI] update Brcm SAI dependencies (#11173)
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2022-06-17 05:02:00 -07:00