Added Support to runtime render bgp and teamd feature `state` and lldp `has_asic_scope` flag
Needed for SONiC on chassis.
Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
Co-authored-by: mlok <marty.lok@nokia.com>
This PR is part of the following HLD:
Persistent loglevel HLD: sonic-net/SONiC#1041
- Why I did it
After the Logger tables moved from the LOGLEVEL_DB to the CONFIG_DB and the jinja2_cache was deleted the LOGLEVEL_DB is not in use.
- How I did it
Removed the LOGLEVEL_DB from the SONiC code
- How to verify it
All tests were passed
- Why I did it
Pointer variable platform not initialized before use in get_num_of_asic of src/systemd-sonic-generator/systemd-sonic-generator.c. Then wild pointer will introduce undetermined exception when use in snprintf at line 545 .
Other pointers in this function like token will be assigned the value before use, and will not have such issue.
- How I did it
Initialized pointer platform to NULL when defined and before use.
Update sonic-py-swsssdk submodule pointer to include the following:
7f008a1 Fix UT test_BlockUseSwsssdk() (#128)
e30a1e1 Throw exception when not use swsssdk in UT. (#126)
Signed-off-by: dprital <drorp@nvidia.com>
- Why I did it
The values for config_db "docker_routing_config_mode" are:
separated: FRR config generated from ConfigDB, each FRR daemon has its own config file
unified: FRR config generated from ConfigDB, single FRR config file
split: FRR config not generated from ConfigDB, each FRR daemon has its own config file
This commit adds:
split-unified: FRR config not generated from ConfigDB, single FRR config file
- How I did it
In docker_init.sh, when split-unified is used, the FRR configs are not generated
from ConfigDB. What's more, "service integrated-vtysh-config" is configured in vtysh.conf.
- How to verify it
FRR config not overwritten when FRR container starts.
Signed-off-by: Arnaud le Taillanter <a.letaillanter@criteo.com>
swss update with following commits:
81f4ea9 orchagent/portsorch: Missing scheduler group after SWSS restart (#2174)
e557855 [SWSS] Innovium platform specific changes in PFC Detect lua script (#2493)
6e288dc New P4Orch development. (#2425)
ab0e474 swss: Fixing race condition for rif counters (#2488)
724f914 [tests] [asan] extend graceful stop flag to also stop syncd (#2491)
84642f3 [Dynamic buffer calculation][Mellanox] Enhance the logic to identify buffer pools and profiles (#2498)
e04bb43 Fix vs test issue: failed to remove vlan due to referenced by vlan interface (#2504)
52c561f Added LAG member check on addLagMember() (#2464)
* Advance submodule sonic-utilities
d5a6da31 Do not configure physical attributes on port channels in portconfig (#2456)
48ee7722 Change db_migrator major version on master branch from version 3 to 4 (#2470)
f3746163 [GCU] Fix JsonPointerFilter bug (#2477)
58dbb3e6 YANG Validation for ConfigDB Updates: TACPLUS, TACPLUS_SERVER, AAA, VLAN_SUB_INTERFACE tables + decorated validated_mod_entry (#2452)
062f18a0 fix show interface neighbor expected empty issue (#2465)
569edf3b Fix display disorder problem of show mirror_session (#2447)
daaf0ffc Disable "tag as local" when reboot (#2451)
6621120b Fix sudo sfputil show error-status on a multiasic platform issue (#2373)
e8b1dcdf Add IP remove warnings for VRF commands (#2351)
40cc8e11 [scripts/generate_dump] add information to tech-support file (#2357)
8473517e Revert "[config reload]: On dual ToR systems, cache ARP and FDB table (#2460)
Signed-off-by: Stephen Sun <stephens@nvidia.com>
* Advance sonic-platform-common
aa860837 Fix issue: rounding float value for txpower and rxpower (#320)
2052a63d Fix issue: copper cable should not display DOM information (#318)
cf4c6af7 CmisApi::get_application_advertisement catch AttributeError as well (#316)
Signed-off-by: Stephen Sun <stephens@nvidia.com>
Signed-off-by: Stephen Sun <stephens@nvidia.com>
Advance sonic-swss submodule to pick up new commits:
dbdf31c [counters] Improve performance by polling only configured ports buffer queue/pg counters sonic-net/sonic-swss#2473
ab4f804 [portsorch] remove port OID from saiOidToAlias map on port deletion sonic-net/sonic-swss#2483
ab29920 [QoS] Support dynamic headroom calculation for Barefoot platforms sonic-net/sonic-swss#2412
15beee4 Add support for voq counters in portsorch. sonic-net/sonic-swss#2467
c8d4905 [vlanmgr] Disable arp_evict_nocarrier for vlan host intf sonic-net/sonic-swss#2469
31c9321 [chassis][voq]Collect counters for fabric links sonic-net/sonic-swss#1944
Signed-off-by: Kebo Liu <kebol@nvidia.com>
sonic-host-services submodule update with following changes
6eac2d3 Merge pull request #19 from judyjoseph/macsec_feature_enable
31c6108 Sync has_per_asic_scope attribute to config_db in all namespaces for multi-asic
185547f Add UT to improve coverage, for namespace config update
7c3aca0 macsec_supported info is part of DEVICE_RUNTIME_METADATA itself.
686b9b1 Update Makefile to provision the ability of building with non-upstream patches (#296)
3b95205 [patch]: Introduce sysctl param `arp_evict_no_carrier` (#293)
Signed-off-by: Vivek Reddy <vkarri@nvidia.com>
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`subprocess` is used with `shell=True`, which is very dangerous for shell injection.
#### How I did it
remove `shell=True`, use `shell=False`
#### How to verify it
Manual test
Pass UT
#### Why I did it
Submodule update for sonic-swss-common with following change:
```
276f47c [sonic-db-cli] Fix sonic-db-cli crash when database config file not ready issue. (#639)
```
#### How I did it
#### How to verify it
#### Which release branch to backport (provide reason below if selected)
<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->
- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
#### Description for the changelog
Submodule update for sonic-swss-common with following change:
276f47c [sonic-db-cli] Fix sonic-db-cli crash when database config file not ready issue. (#639)
#### A picture of a cute animal (not mandatory but encouraged)
Export remote address to environment variable for TACACS authorization.
#### Why I did it
When remote user login, nss-tacplus need user remove address for TACACSS authorization.
#### How I did it
Export remote address to environment variable "SSH_REMOTE_IP"
#### How to verify it
Pass all E2E test.
#### Which release branch to backport (provide reason below if selected)
<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->
- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111
- [ ] 202205
#### Description for the changelog
Export remote address to environment variable for TACACS authorization.
#### Ensure to add label/tag for the feature raised. example - PR#2174 under sonic-utilities repo. where, Generic Config and Update feature has been labelled as GCU.
#### Link to config_db schema for YANG module changes
<!--
Provide a link to config_db schema for the table for which YANG model
is defined
Link should point to correct section on https://github.com/Azure/sonic-buildimage/blob/master/src/sonic-yang-models/doc/Configuration.md
-->
#### A picture of a cute animal (not mandatory but encouraged)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`subprocess` is used with `shell=True`, which is very dangerous for shell injection.
#### How I did it
remove `shell=True`, use `shell=False`
#### How to verify it
Pass UT
Manual test
* Fix kube mode to local mode long duration issue
* Remove IPV6 parameters which is not necessary
* Fix read node labels bug
* Tag the running image to latest if it's stable
* Disable image_version_higher check
* Change image_version_higher checker test case
Signed-off-by: Yun Li <yunli1@microsoft.com>
Send remote address in TACACS+ authorization message.
#### Why I did it
TACACS+ authorization message not send remote address to server side.
#### How I did it
Send remote address in TACACS+ authorization message.
#### How to verify it
Pass all E2E test.
Create new test case to validate remote address been send to server side.
#### Which release branch to backport (provide reason below if selected)
<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->
- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111
- [ ] 202205
#### Description for the changelog
Send remote address in TACACS+ authorization message.
#### Ensure to add label/tag for the feature raised. example - [PR#2174](https://github.com/sonic-net/sonic-utilities/pull/2174) where, Generic Config and Update feature has been labelled as GCU.
#### Link to config_db schema for YANG module changes
<!--
Provide a link to config_db schema for the table for which YANG model
is defined
Link should point to correct section on https://github.com/Azure/sonic-buildimage/blob/master/src/sonic-yang-models/doc/Configuration.md
-->
#### A picture of a cute animal (not mandatory but encouraged)
Changes:
-- Change name-space from Azure to sonic-net.
-- Sort yang list in setup.py for yang-models list.
#### Why I did it
Sonic repo has moved to Linux-foundation.
#### How I did it
[yang-models]: Change name-space from Azure to sonic-net.
#### How to verify it
PR Tests are good enough to verify.
* [openssh]: Restore behavior of ClientAliveCountMax=0
OpenSSH 8.2 changed the behavior of ClientAliveCountMax=0 such that
setting it to 0 disables connection-killing entirely when the connection
is idle. Revert that change.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
* Remove build-dep command that should not be there
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`subprocess.Popen()` and `subprocess.run()` is used with `shell=True`, which is very dangerous for shell injection.
`os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content
#### How I did it
Replace `os` by `subprocess`, remove `shell=True`
#### How to verify it
Passed UT
Tested in DUT
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`subprocess` is used with `shell=True`, which is very dangerous for shell injection.
#### How I did it
remove `shell=True`, use `shell=False`
#### How to verify it
Pass UT
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`subprocess` is used with `shell=True`, which is very dangerous for shell injection.
`os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content
`yaml.load` can create arbitrary Python objects
#### How I did it
Replace `os` by `subprocess`, remove `shell=True`
Use `yaml.safe_load()`
#### How to verify it
Pass UT
- Why I did it
Add the ability to the user to save the loglevel and make it persistent to reboot.
- How I did it
Move the logger tables from the LOGLEVEL DB to the CONFIG DB. Add new yang model to verify the new config schema.
- How to verify it
1. change the orchagent loglevel (for example) -> swssloglevel -c orchagent -l DEBUG
2. save the loglevel -> run config save
3. reboot
4. verify that the orchagent log level is still DEBUG ->run run redis-cli -n 4 hgetall "LOGGER|orchagent"
Update sonic-utilities submodule pointer to include the following:
4a3d49d Fix exception in adding mirror_session when gre_type is absent (#2458)
7e7d05c Update the DBmigrator to support persistent loglevel during warm-upgrade (#2370)
c2841b8 [doc]: Update Command-Reference.md (#2444)
254cafc Event Counters CLI (#2449)
2dab0d0 [techsupport] Adding FRR EVPN dumps (#2442)
3c0aece [show][muxcable] add support for show mux firmware version all (#2441)
Signed-off-by: dprital <drorp@nvidia.com>
Update sonic-swss-common submodule pointer to include the following:
* abda263 Make the loglevel persistent by moving the LOGGER table from the LOGLEVEL DB to the CONFIG DB ([#687](https://github.com/sonic-net/sonic-swss-common/pull/687))
Signed-off-by: dprital <drorp@nvidia.com>
d0fdf62 Check whether a pointer created by dynamic_cast is null before using it. (#689)
2cae742 [Fast/Warm restart] Implement helper class for waiting restart done (#691)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`subprocess` is used with `shell=True`, which is very dangerous for shell injection.
#### How I did it
remove `shell=True`, use `shell=False`
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`getstatusoutput()` function from `subprocess` module has shell injection issue because it includes `shell=True` in the implementation
#### How I did it
Use `getstatusoutput_noshell()` from sonic_py_common library
#### How to verify it
Tested in DUT
* Fix CVE-2022-37032 on FRR submodule
Patch was cherry picked from FRRouting/frr repo - d8d77d3733bc299ed5dd7b44c4d464ba2bfed288
* Fix CVE-2022-37032 on FRR submodule
Patch was cherry picked from FRRouting/frr repo - d8d77d3733bc299ed5dd7b44c4d464ba2bfed288
* Update patch version number
