#### Why I did it
src/sonic-swss-common
```
* 16bc247 - (HEAD -> master, origin/master, origin/HEAD) [tests] fix binary_data_get unit test (#841) (72 minutes ago) [Yakiv Huryk]
* b2480ad - Add SonicDBConfig::reset method (#843) (4 weeks ago) [ganglv]
* ab3ce86 - [Azp]: Fix azp dash dependency (#842) (5 weeks ago) [Ze Gan]
* 5d1fe2d - add support for binary data read for Table::get() (#836) (5 weeks ago) [Yakiv Huryk]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-mgmt-common
```
* 891413a - (HEAD -> master, origin/master, origin/HEAD) Add 'AppTag' in translib app errors (8 hours ago) [Sachin Holla]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-swss
```
* 7702b8a2 - (HEAD -> master, origin/master, origin/HEAD) Add host_tx_ready enhancements (#2930) (10 hours ago) [noaOrMlnx]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/dhcpmon
```
* fc20a97 - (HEAD -> master, origin/master, origin/HEAD) [202311][counter] Clear counter table when dhcpmon init (#14) (2 hours ago) [Yaqiang Zhu]
```
#### How I did it
#### How to verify it
#### Description for the changelog
* [smart_switch][dhcp_server] Add related checker for smart_switch in dhcp_db_monitor
* [smart_switch][dhcp_server] Add smart_switch support in dhcpservd
#### Why I did it
src/sonic-snmpagent
```
* 29481f9 - (HEAD -> master, origin/master, origin/HEAD) Fix SNMP dropping some of the queue counter when create_only_config_db_buffers is set to true (#303) (69 minutes ago) [DavidZagury]
```
#### How I did it
#### How to verify it
#### Description for the changelog
What I did:
Added support when TSA is done on Line Card make sure it's completely
isolated from all e-BGP peer devices from this LC or remote LC
Why I did:
Currently when TSA is executed on LC routes are withdrawn from it's connected e-BGP peers only. e-BGP peers on remote LC can/will (via i-BGP) still have route pointing/attracting traffic towards this isolated LC.
How I did:
When TSA is applied on LC all the routes that are advertised via i-BGP are set with community tag of no-export so that when remote LC received these routes it does not send over to it's connected e-BGP peers.
Also once we receive the route with no-export over iBGP match on it and and set the local preference of that route to lower value (80) so that we remove that route from the forwarding database. Below scenario explains why we do this:
- LC1 advertise R1 to LC3
- LC2 advertise R1 to LC3
- On LC3 we have multi-path/ECMP over both LC1 and LC2
- On LC3 R1 received from LC1 is consider best route over R1 over received from LC2 and is send to LC3 e-BGP peers
- Now we do TSA on LC2
- LC3 will receive R1 from LC2 with community no-export and from LC1 same as earlier (no change)
- LC3 will still get traffic for R1 since it is still advertised to e-BGP peers (since R1 from LC1 is best route)
- LC3 will forward to both LC1 and LC2 (ecmp) and this causes issue as LC2 is in TSA mode and should not receive traffic
To fix above scenario we change the preference to lower value of R1 received from LC2 so that it is removed from Multi-path/ECMP group.
How I verfiy:
UT has been added to make sure Template generation is correct
Manual Verification of the functionality
sonic-mgmt test case will be updated accordingly.
Please note this PR is on top of this :#16714 which needs to be merged first.
Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
Why I did it
Enable Yang model for BGP_BBR config entry.
{
"BGP_BBR": {
"all": {
"status": "enabled"/"disabled"
}
}
}
Work item tracking
Microsoft ADO (number only): 25988660
How I did it
Add yang model and ut for BGP_BBR.
How to verify it
Use GCU cmd to change bbr status.
Create following json patch: disable_bbr.json-patch
[
{
"op": "replace",
"path": "/BGP_BBR/all/status",
"value": "disabled"
}
]
Run sudo config apply-patch ./disable_bbr.json-patch cmd on dut. Success.
### Why I did it
According to the design, the database instances of DPU will be kept in the NPU host.
### How I did it
Declare a new field, `has_per_dpu_scope`, in the config_db for database feature.
#### How to verify it
Check Azp
- Why I did it
Enhance the feature to support disabling password hardening as Linux support.
-1: expiration will never occur
0: expiration will expired immediately
Opened bug:
#17427
- How I did it
Added the -1 value to be supported in hostcfgd and this value will propagate to the relevant Linux files
- How to verify it
Pls see the details in the bug description that link attached above
- Why I did it
Fix kdump-tools to not overwrite MODULES conf to dep. Problem is seen if the build is failed and the build is retriggered immediately as part of retry mechanism
This command is failing during the second run
+ for kernel_release in $(ls $FILESYSTEM_ROOT/lib/modules/)
+ sudo LANG=C chroot ./fsroot-mellanox /etc/kernel/postinst.d/kdump-tools 6.1.0-11-2-amd64
+ clean_sys
https://github.com/sonic-net/sonic-buildimage/blob/master/files/build_templates/sonic_debian_extension.j2#L311
Community Issue: https://www.mail-archive.com/kernel-packages@lists.launchpad.net/msg515013.html
- How I did it
Add a patch to revert the override
- How to verify it
vkarri@482a053c44f4:/sonic$ sudo unsquashfs -d ./fsroot-mellanox target/sonic-mellanox.bin__mellanox__rfs.squashfs
Signed-off-by: Vivek Reddy <vkarri@nvidia.com>
#### Why I did it
src/dhcprelay
```
* 5ae186f - (HEAD -> master, origin/master, origin/HEAD) [counter] Clear counter table when init (#45) (10 hours ago) [Yaqiang Zhu]
```
#### How I did it
#### How to verify it
#### Description for the changelog
- Why I did it
Optimize syslog rate limit feature for fast and warm boot
- How I did it
Optimize redis start time
Don't render rsyslog.conf in container startup script
Disable containercfgd by default. There is a new CLI to enable it (in another PR)
- How to verify it
Manual test
Regression test
- Why I did it
Add the YANG model according to Smart Switch IP address assignment HDL.
- How I did it
Implement new YANG model containers.
- How to verify it
Run YANG model unit tests. The changes add new unit tests to cover new functionality.
#### Why I did it
src/sonic-platform-common
```
* c82ae54 - (HEAD -> master, origin/master, origin/HEAD) Implementing set_optoe_write_timeout API (#422) (8 hours ago) [mihirpat1]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-sairedis
```
* e849160 - (HEAD -> master, origin/master, origin/HEAD) [vslib] add support for ACL table available entry/counter attributes (#1333) (9 hours ago) [Yakiv Huryk]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-swss
```
* 5f367ebb - (HEAD -> master, origin/master, origin/HEAD) [dash] reduce the memory used by DASH ACL rules (#2984) (8 hours ago) [Yakiv Huryk]
```
#### How I did it
#### How to verify it
#### Description for the changelog
### Why I did it
Github issue: https://github.com/sonic-net/sonic-buildimage/issues/16356. The YANG definition breaks GCU feature.
We can either update sonic_yang and GCU's search algorithm to enable the same key count case or simply update YANG model to solve the issue.
The pros for update YANG model are it could solve the issue directly and we don't need to handle the complicate search algorithm in sonic_yang and GCU. This is the only YANG model that has this issue.
### How I did it
Combine two list into one. The previous YANG validation unit tests are still applicable.
#### How to verify it
Unit test and E2E test
Why I did it
Fan tolerance checking is done through new APIs, is_under_speed and is_over_speed, which populate corresponding fields into the database. speed_tolerance is no longer used and was removed, but system-health was not updated and indicates failures:
ADO: 25279165
root@sonic/# show system-health summary
System status summary
System status LED red_blink
Services:
Status: OK
Hardware:
Status: Not OK
Reasons: Failed to get speed tolerance for fantray5.fan1
Failed to get speed tolerance for fantray5.fan0
Failed to get speed tolerance for fantray4.fan1
Failed to get speed tolerance for fantray4.fan0
Failed to get speed tolerance for fantray3.fan1
Failed to get speed tolerance for fantray3.fan0
Failed to get speed tolerance for fantray2.fan1
Failed to get speed tolerance for fantray2.fan0
Failed to get speed tolerance for fantray1.fan1
Failed to get speed tolerance for fantray1.fan0
Failed to get speed tolerance for fantray0.fan1
Failed to get speed tolerance for fantray0.fan0
Failed to get speed tolerance for PSU1.fan0
Failed to get speed tolerance for PSU0.fan0
How I did it
Updated hardware_checker.py in system-health to consume new is_under_speed and is_over_speed database entries instead of speed_tolerance and hard-coded calculations.
How to verify it
root@sonic:/# show system-health summary
System status summary
System status LED green
Services:
Status: OK
Hardware:
Status: OK
#### Why I did it
src/sonic-swss
```
* ff524e6d - (HEAD -> master, origin/master, origin/HEAD) [dash] add a retry for an ACL rule creation if a tag is not created yet (#2972) (7 hours ago) [Yakiv Huryk]
* 620db3da - [ci] Allow partially success build artifact in PR checker pipeline. #2986 (3 days ago) [Liu Shilong]
* d357e6f1 - [copporch] Add safeguard during policer attribute update (#2977) (4 days ago) [Vivek]
* cb460394 - [fpmsyncd][WR] Relax the static schema constraint for ROUTE_TABLE (#2981) (5 days ago) [Vivek]
* a1ce21f6 - Change base directory referenced in coverage.xml (#2976) (6 days ago) [Lawrence Lee]
* 920959cf - [Dash] [UT] Add ZMQ test case for dash (#2967) (6 days ago) [Hua Liu]
```
#### How I did it
#### How to verify it
#### Description for the changelog
Fix zebra leaking memory with fib suppress enabled. Porting the fix from
FRRouting/frr#14983
While running test_stress_route.py, systems with lower memory started to throw low memory logs. On further investigation, a memory leak has been found in zebra which was fixed in the FRR community.
#### Why I did it
src/sonic-gnmi
```
* 88e82d4 - (HEAD -> master, origin/master, origin/HEAD) Replace PFC_WD_TABLE with PFC_WD (#173) (8 days ago) [Zain Budhwani]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/linkmgrd
```
* 79c3872 - (HEAD -> master, origin/master, origin/HEAD) [active-standby] Fix `show mux status` inconsistency introduced by orchagent rollback (#225) (24 hours ago) [Jing Zhang]
* ba913c0 - [warmboot] use config_db connector to update mux mode config instead of CLI (#223) (2 days ago) [Jing Zhang]
```
#### How I did it
#### How to verify it
#### Description for the changelog
### Why I did it
Current YANG model of sonic-events-swss:chk_crm_threshold has the type uint8 for leaf used_cnt which is too small of a range to hold values of used_cnt which can greatly exceed that. Updating leaf type of used_cnt and free_cnt to match defined definition.
Changed to uint32 as per defined here: https://github.com/sonic-net/sonic-swss/blob/master/orchagent/crmorch.h#L99
##### Work item tracking
- Microsoft ADO **(number only)**:26091912
#### How I did it
Update leaf value
#### How to verify it
UT and sonic-mgmt PR checker
- Why I did it
Add support of a new 't1-smartswitch' topology to the sample config generator. The topology passed to sonic-cfggen utility as a parameter to generate sample configuration for Smart Switch:
sonic-cfggen -k <SKU> --preset t1-smartswitch ...
- How I did it
Extend sample config generator to support new topology and read Smart Switch specific data from hwsku.json.
- How to verify it
Run unit tests. The changes are covered with the new unit tests.
#### Why I did it
src/sonic-swss
```
* 6026b6d6 - (HEAD -> master, origin/master, origin/HEAD) [dash] add ACL group bind check for rule create/update (#2974) (88 minutes ago) [Yakiv Huryk]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/linkmgrd
```
* e420df4 - (HEAD -> master, origin/master, origin/HEAD) Exclude DbInterface in PR coverage check (#224) (5 hours ago) [Jing Zhang]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-platform-common
```
* 427217b - (HEAD -> master, origin/master, origin/HEAD) Adding supported vendor PNs for remote CDB FW upgrade (#418) (2 hours ago) [mihirpat1]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-sairedis
```
* e7ad356 - (HEAD -> master, origin/master, origin/HEAD) [Azp]: Update dash api source from buildimage to submodule (#1330) (17 hours ago) [Ze Gan]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
SNMP query over IPv6 does not work due to issue in net-snmp where IPv6 query does not work on multi-nic environment.
To get around this, if snmpd listens on specific ipv4 or ipv6 address, then the issue is not seen.
We plan to configure Management IP and Loopback IP configured in minigraph.xml as SNMP_AGENT_ADDRESS in config_db., based on changes discussed in https://github.com/sonic-net/SONiC/pull/1457.
##### Work item tracking
- Microsoft ADO **(number only)**:26091228
#### How I did it
Modify minigraph parser to update SNMP_AGENT_ADDRESS_CONFIG with management and Loopback0 IP addresses.
Modify snmpd.conf.j2 to use SNMP_AGENT_ADDRESS_CONFIG table if it is present in config_db, if not listen on any IP.
Main change:
1. if minigraph.xml is used to configure the device, then snmpd will listen on mgmt and loopback IP addresses,
2. if config_db is used to configure the device, snmpd will listen IP present in SNMP_AGENT_ADDRESS_CONFIG if that table is present, if table is not present snmpd will listen on any IP.
#### How to verify it
config_db.json created from minigraph.xml for single asic VS image with mgmt and Loopback IP addresses.
```
"SNMP_AGENT_ADDRESS_CONFIG": {
"10.1.0.32|161|": {},
"10.250.0.101|161|": {},
"FC00:1::32|161|": {},
"fec0::ffff:afa:1|161|": {}
},
.....
snmpd listening on the above IP addresses:
admin@vlab-01:~$ sudo netstat -tulnp | grep 161
tcp 0 0 127.0.0.1:3161 0.0.0.0:* LISTEN 71522/snmpd
udp 0 0 10.250.0.101:161 0.0.0.0:* 71522/snmpd
udp 0 0 10.1.0.32:161 0.0.0.0:* 71522/snmpd
udp6 0 0 fec0::ffff:afa:1:161 :::* 71522/snmpd
udp6 0 0 fc00:1::32:161 :::* 71522/snmpd
```
#### Why I did it
src/sonic-sairedis
```
* cd41369 - (HEAD -> master, origin/master, origin/HEAD) [Link Event Damping] Serialization/deserialization logic for link event (#1322) (2 days ago) [Ashish Singh]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-restapi
```
* 24d440f - (HEAD -> master, origin/master, origin/HEAD) [build] Fix Makefile didn't set go build target file. #151 (39 minutes ago) [Liu Shilong]
```
#### How I did it
#### How to verify it
#### Description for the changelog
Signed-off-by: Nazarii Hnydyn nazariig@nvidia.comCloses#17345
This W/A was proposed by Nvidia FRR team before the long term solution is ready.
Why I did it
A W/A to fix default route installation during LAG member flap
Work item tracking
N/A
How I did it
Disabled FRR next hop group support
How to verify it
Do LAG member flap
### Why I did it
1. Protobuf 3.21 has been released in the Debian bookworm
2. Update submodule sonic-swss and sonic-dash-api because they include related updates.
##### Work item tracking
- Microsoft ADO **(number only)**:
#### How I did it
1. In the protobuf.mk, If it isn't bullseye, ignore to compile the protobuf package
2. Move sonic-swss commits:
```
fd852084 (HEAD, origin/master, origin/HEAD) [dashrouteorch]: Rename dash route namespace (#2966)
```
3. Move sonic-dash-api and move build chain to its submodule
```
d4448c7 (HEAD, origin/master, origin/HEAD, master) [azp]: Add multi-platform artifacts (#11)
8a5e5cc [debian]: Add debian package (#10)
d96163a [misc]: Add dash utils and its tests (#9)
```
#### How to verify it
Check Azp
Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue.
#### Why I did it
When device set with IPV6 TACACS server address, and shutdown all BGP, device can't connect to TACACS server via management interface.
After investigation, I found the IPV6 'default' route table does not add to route lookup:
admin@vlab-01:~$ ip -6 rule list
1001: from all lookup local
32765: from fec0::ffff:afa:1 lookup default
32766: from all lookup main
admin@vlab-01:~$
As compare:
admin@vlab-01:~$ ip -4 rule list
1001: from all lookup local
32764: from all to 172.17.0.1/24 lookup default
32765: from 10.250.0.101 lookup default
32766: from all lookup main
32767: from all lookup default <== 'default' route table exist in IPV4 route lookup
Issue fix by add 'default' route table to route lookup with following command:
admin@vlab-01:~$ sudo ip -6 rule add pref 32767 lookup default
admin@vlab-01:~$ ip -6 rule list
1001: from all lookup local
32765: from fec0::ffff:afa:1 lookup default
32766: from all lookup main
32767: from all lookup default <== 'default' route table been added to IPV6 route lookup
admin@vlab-01:~$
##### Work item tracking
- Microsoft ADO: 25798732
#### How I did it
When management interface using 'default' route table, add 'default' route table to IPV6 route lookup.
#### How to verify it
Pass all UT.
Add new UT to cover this change.
Manually verify issue fixed:
### Tested branch (Please provide the tested image version)
- [x] master-17281.417570-2133d58fa
#### Description for the changelog
Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue.
#### Why I did it
src/sonic-platform-common
```
* d09e009 - (HEAD -> master, origin/master, origin/HEAD) APIs to help in finding NPU SI settings (#410) (18 minutes ago) [mihirpat1]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-host-services
```
* e8ae2af - (HEAD -> master, origin/master, origin/HEAD) [featured]: Add database services for DPU (#84) (24 hours ago) [Ze Gan]
```
#### How I did it
#### How to verify it
#### Description for the changelog
Why I did it
To fix the EVPN type5 failure seen in FRR when there are multipaths for nexthop. The type5 routes were queued
show ip route vrf Vrf1
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
VRF Vrf1:
B>q 5.5.5.0/24 [200/0] via 30.0.0.2, Vlan100 onlink, weight 1, 00:00:40
q via 40.0.0.3, Vlan100 onlink, weight 1, 00:00:40
C>* 10.0.0.0/24 is directly connected, Vlan10, 00:00:43
B>q 100.0.0.0/24 [200/0] via 30.0.0.2, Vlan100 onlink, weight 1, 00:00:40
q via 40.0.0.3, Vlan100 onlink, weight 1, 00:00:40
Work item tracking
Microsoft ADO (number only):
How I did it
Porting the FRR fixFRRouting/frr#14835
How to verify it
Validated EVPN multipath with the scenario and confirmed its working.
The format of the media_settings.json file was updated to support the Port SI Per Speed Enhancements. Since media_checker is the validator for the media_settings.json file, it needs to be updated to align with the new format.
How I did it
I added six new SI parameter names introduced as part of the Port SI Per Speed Enhancements. Additionally, I implemented handling for the new hierarchy level (lane_speed_key) in the updated media_settings.json format while maintaining backward compatibility with vendors whose JSON does not support port SI per speed.
How to verify it
I locally built the Debian package using 'make target/debs/bullseye/sonic-device-data_1.0-1_all.deb,' and it completed successfully. Jenkins also built the entire image, which includes the media_checker as part of its process.
* Update sonic-utilities to master branch version
sonic-utilities was (intentionally) pointing to a commit on a fork,
since merging sonic-utilities's changes for Bookworm first onto the
master branch would result in PR checker failures. Now that
sonic-buildimage is on master branch and the Bookworm changes in
sonic-utilities have been merged into master, sonic-utilties can now
point to master.
17e77fe2 Revert "Run yang validation in unit test (#3025)" (#3055)
96dd5559 [dhcp_relay] Fix dhcp_relay counter display issue (#3054)
6dfeee69 [sflow][db_migrator] Egress Sflow support (#3020)
02a588b7 Don't collect /proc/sched_debug
d7ec3251 Fix error about having a mutable default for field headers in dataclass
0ab3ab91 Fix test execution on Bookworm (#3041)
ef8f6f83 Specify test dependencies under extra_requires
61c44e80 Update python packages
1e813105 [wol] Implement wol command line utility (#3048)
8ebc56a0 [sonic_installer]: Improve exception handling: introduce notes. (#3029)
3610ce93 [sonic-package-manager] Fix YANG validation failure on upgrade when feature has constraints in YANG model on FEATURE table (#2933)
cfd2dd39 Add container rsyslog.conf to the sys dump (#3039)
c4b07828 Support new platform in generic configuration update (#3038)
a8d236c8 [fast-reboot-filter-routes.py] Remove click and improve error reporting (#3030)
75199c0f [sonic-package-manager] insert newline in /etc/sonic/generated_services.conf (#3040)
cd855698 [VOQ][saidump] Modify generate_dump: replace save_saidump with save_saidump_by_route_size (#2972)
f1e24ae5 GCU support for Cisco-8000 features (#3010)
67e1c3dc Update GCU rsyslog validator (#3012)
253b7975 [sonic-package-manager] do not modify config_db.json (#3032)
177dd8e8 [sonic-package-manager] add generated service to /etc/sonic/generated_services.conf (#3037)
62fcd77a Configure NTP according to extended configuration (#2835)
ced09404 [dualtor_neighbor_check] Adjust zero-mac check condition (#3034)
a4eeb698 [config] config reload should generate sysinfo if missing (#3031)
e01fc891 Run yang validation in unit test (#3025)
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
#### Why I did it
src/sonic-host-services
```
* 445ec8b - (HEAD -> master, origin/master, origin/HEAD) Revert "Add support to make determine/process reboot-cause services restartable (#86)" (#89) (31 hours ago) [anamehra]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-platform-daemons
```
* e2d9f87 - (HEAD -> master, origin/master, origin/HEAD) Add dynamic sensor logic for fixed and psu presence/state checking in thermalctld (#401) (27 hours ago) [Gregory Boudreau]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-swss
```
* 14408ca3 - (HEAD -> master, origin/master, origin/HEAD) [Chassis][master][orchagent] : Added test case to verify WRED profile on system ports (#2954) (9 hours ago) [vmittal-msft]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-mgmt-common
```
* d96bfcd - (HEAD -> master, origin/master, origin/HEAD) YANG tree generator and linter (#113) (6 hours ago) [faraazbrcm]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-platform-common
```
* 2efe97e - (HEAD -> master, origin/master, origin/HEAD) Fix VDM freeze and unfreeze needed for PM stats collection (#402) (3 hours ago) [jaganbal-a]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-sairedis
```
* 9621316 - (HEAD -> master, origin/master, origin/HEAD) [syncd] Remove notify pointers manual handling (#1326) (19 hours ago) [Kamil Cudnik]
```
#### How I did it
#### How to verify it
#### Description for the changelog
This change was submitted directly to 202205 but it's also needed in master and 202305 with SAI9.x
#13346
There has been a couple CSPs for this as well:
CS00012273013 - [7.1][J2, J2c+] Disable SA Equals DA trap on DNX
CS00012320965 - SAI9.2: iBGP doesn't work due to SA_EQUALS_DA trap
If SA_EQUALS_DA trap is enabled iBGP won't work as the Ethernet-IB0 ports are expected to get packets with SA==DA.
In the VOQ chassis design, for outgoing control plane packets, the packets goes the recycle port for routing, therefore the dmac of the packet should be the asic router mac. The source mac is assigned by the kernel, so it is also the asic router mac.
Why I did it
sonic_dhcp_server.whl contains not only dhcp_server functionality but also part of dhcp_relay functionality, the existing naming is not appropriate.
#### Why I did it
src/sonic-sairedis
```
* 4ee9c25 - (HEAD -> master, origin/master, origin/HEAD) Add TestSwitch missing attribute (#1327) (12 hours ago) [noaOrMlnx]
* 4cbbeed - Add SAI Notification support for host_tx_ready (#1307) (18 hours ago) [noaOrMlnx]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-swss-common
```
* 8dc6218 - (HEAD -> master, origin/master, origin/HEAD) Add STATE_TRANSCEIVER_INFO_TABLE_NAME to shcema.h (#824) (12 hours ago) [noaOrMlnx]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-mgmt-common
```
* 268b67c - (HEAD -> master, origin/master, origin/HEAD) Integrating the transformer infra GET optimization, Request context cancel handling and other bug fixes (#111) (2 hours ago) [Balachandar Mani]
```
#### How I did it
#### How to verify it
#### Description for the changelog
Modify j2 template files in docker-dhcp-relay. Add dhcprelayd to group dhcp-relay instead of isc-dhcp-relay-VlanXXX, which would make dhcprelayd to become critical process.
In dhcprelayd, subscribe FEATURE table to check whether dhcp_server feature is enabled.
2.1 If dhcp_server feature is disabled, means we need original dhcp_relay functionality, dhcprelayd would do nothing. Because dhcrelay/dhcpmon configuration is generated in supervisord configuration, they will automatically run.
2.2 If dhcp_server feature is enabled, dhcprelayd will stop dhcpmon/dhcrelay processes started by supervisord and subscribe dhcp_server related tables in config_db to start dhcpmon/dhcrelay processes.
2.3 While dhcprelayd running, it will regularly check feature status (by default per 5s) and would encounter below 4 state change about dhcp_server feature:
A) disabled -> enabled
In this scenario, dhcprelayd will subscribe dhcp_server related tables and stop dhcpmon/dhcrelay processes started by supervisord and start new pair of dhcpmon/dhcrelay processes. After this, dhcpmon/dhcrelay processes are totally managed by dhcprelayd.
B) enabled -> enabled
In this scenaro, dhcprelayd will monitor db changes in dhcp_server related tables to determine whether to restart dhcpmon/dhrelay processes.
C) enabled -> disabled
In this scenario, dhcprelayd would unsubscribe dhcp_server related tables and kill dhcpmon/dhcrelay processes started by itself. And then dhcprelayd will start dhcpmon/dhcrelay processes via supervisorctl.
D) disabled -> disabled
dhcprelayd will check whether dhcrelay processes running status consistent with supervisord configuration file. If they are not consistent, dhcprelayd will kill itself, then dhcp_relay container will stop because dhcprelayd is critical process.
Why I did it
Fixing CVEs CVE-2023-46752 CVE-2023-46753 CVE-2023-47234 CVE-2023-47235
Work item tracking
Microsoft ADO (number only):
How I did it
Porting the fixes in the below PRs
FRRouting/frr#14645FRRouting/frr#14716
How to verify it
Running regression
Why I did it
Fixing sonic-cfg-help to handle nested container scenario. In case of nested container, the inner container name acts as key for the table. For e.g.
"AUTO_TECHSUPPORT": {
"GLOBAL": {
}
}
Previous output
AUTO_TECHSUPPORT
Description: AUTO_TECHSUPPORT part of config_db.json
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| Field | Description | Mandatory | Default | Reference |
+=========================+====================================================+=============+===========+=============+
| state | Knob to make techsupport invocation event-driven | | | |
| | based on core-dump generation | | | |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| rate_limit_interval | Minimum time in seconds between two successive | | | |
| | techsupport invocations. Configure 0 to explicitly | | | |
| | disable | | | |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| max_techsupport_limit | Max Limit in percentage for the cummulative size | | | |
| | of ts dumps. No cleanup is performed if the value | | | |
| | isn't configured or is 0.0 | | | |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| max_core_limit | Max Limit in percentage for the cummulative size | | | |
| | of core dumps. No cleanup is performed if the | | | |
| | value isn't congiured or is 0.0 | | | |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| available_mem_threshold | Memory threshold; 0 to disable techsupport | | 10.0 | |
| | invocation on memory usage threshold crossing | | | |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| min_available_mem | Minimum Free memory (in MB) that should be | | 200 | |
| | available for the techsupport execution to start | | | |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| since | Only collect the logs & core-dumps generated since | | | |
| | the time provided. A default value of '2 days ago' | | | |
| | is used if this value is not set explicitly or a | | | |
| | non-valid string is provided | | | |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
New output
AUTO_TECHSUPPORT
Description: AUTO_TECHSUPPORT part of config_db.json
key - GLOBAL
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| Field | Description | Mandatory | Default | Reference |
+=========================+====================================================+=============+===========+=============+
| state | Knob to make techsupport invocation event-driven | | | |
| | based on core-dump generation | | | |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| rate_limit_interval | Minimum time in seconds between two successive | | | |
| | techsupport invocations. Configure 0 to explicitly | | | |
| | disable | | | |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| max_techsupport_limit | Max Limit in percentage for the cummulative size | | | |
| | of ts dumps. No cleanup is performed if the value | | | |
| | isn't configured or is 0.0 | | | |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| max_core_limit | Max Limit in percentage for the cummulative size | | | |
| | of core dumps. No cleanup is performed if the | | | |
| | value isn't congiured or is 0.0 | | | |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| available_mem_threshold | Memory threshold; 0 to disable techsupport | | 10.0 | |
| | invocation on memory usage threshold crossing | | | |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| min_available_mem | Minimum Free memory (in MB) that should be | | 200 | |
| | available for the techsupport execution to start | | | |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| since | Only collect the logs & core-dumps generated since | | | |
| | the time provided. A default value of '2 days ago' | | | |
| | is used if this value is not set explicitly or a | | | |
| | non-valid string is provided | | | |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
Work item tracking
Microsoft ADO (number only):
How I did it
Fixing sonic-cfg-help tool to handle nested container
How to verify it
Added UT to verify it.
#### Why I did it
src/sonic-snmpagent
```
* 3b6a4ad - (HEAD -> master, origin/master, origin/HEAD) Enable faulthandler to provide more fault information (#301) (22 hours ago) [Hua Liu]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-sairedis
```
* 9804bd7 - (HEAD -> master, origin/master, origin/HEAD) Fix compilation issue due to PORT_STATE_CHANGE_QUEUE_SIZE undefined (#1324) (2 days ago) [Ashish Singh]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-swss
```
* 2ca3deb0 - (HEAD -> master, origin/master, origin/HEAD) [dash] fix DASH ACL Rule protocol use-after-free (#2958) (9 hours ago) [Yakiv Huryk]
* b8841ecb - [orchagent]: Extend the SRv6Orch to support the programming of the L3Adj (#2902) (24 hours ago) [Carmine Scarpitta]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-platform-common
```
* cb80f17 - (HEAD -> master, origin/master, origin/HEAD) Fix issue: QSFP module with id 0x0d can be parsed using 8636 (#412) (20 hours ago) [Stephen Sun]
```
#### How I did it
#### How to verify it
#### Description for the changelog
This is change taken as part of the HLD: sonic-net/SONiC#1470.
In this PR we add the logic to parse the SecondarySubnets field in the minigraph and add a flag in "secondary" in the vlan_interface table of the config db.
Microsoft ADO (number only): 16784946
How I did it
Made changes in the minigraph.py to parse the xml entry and add the parsed value to the config db
How to verify it
Added python tests in the sonic-config-engine folder to test the config db entries.
This is change taken as part of the HLD: sonic-net/SONiC#1470 and this is a follow up on the PR #16827 where in the docker-dhcp we pick the value of primary gateway of the interface from the VLAN_Interface table which has "secondary" flag set in the config_db
Microsoft ADO (number only): 16784946
How did I do it
- Changes in the j2 file to add a new "-pg" parameter in the dhcpv4-relay.agents.j2, the ip would be retrieved from the config db's vlan_interface table such that the interface which are picked will have secondary field set.
- Changes in isc-dhcp to re-order the addresses of the discovered interface and which has the ip which has the passed parameter.
#### Why I did it
src/sonic-host-services
```
* 5dcd1e5 - (HEAD -> master, origin/master, origin/HEAD) Add support to make determine/process reboot-cause services restartable (#86) (6 hours ago) [anamehra]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-swss
```
* 194566a7 - (HEAD -> master, origin/master, origin/HEAD) Fix the Orchagent Qos error messages reported in Issue #16787 (#2947) (6 hours ago) [saksarav-nokia]
```
#### How I did it
#### How to verify it
#### Description for the changelog
This fixes lldpcli hitting some error related to being unable to get a
lock on /var/run/lldpd.socket. This version is the version in Debian
Bookworm, even though lldpd is in the lldp container, and that is on
Bullseye. This is because there is a change that went into 1.0.12 that
uses a separate lock file for the lldpd socket instead of locking the
socket file itself. This appears to cause problems in an unprivileged
docker container for unknown reasons (privileged docker container is
fine). Bullseye is on 1.0.11, which isn't new enough to have this
change.
I can't see any specific system capability that might address this.
Rather than debugging this further, just upgrade to the Bookworm
version.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
This fixes 3 issues:
* Specify test dependencies under extra_requires
* Update the PAM configuration for Bookworm
* Break a cyclical dependency between sonic-host-services and
sonic-buildimage by moving the contents of
src/sonic-host-services-data into sonic-host-services submodule
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
This fixes 4 issues:
* Update tabulate to 0.9.0 and deepdiff to 6.2.2
* Specify test dependencies under extra_requires
* Add check_output parameter to the setup function due to the patch
* Fix error about having a mutable default for field headers in
dataclass
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
Update test_cfggen_from_yang.py and test_yang_data.json to the current
config_db format, and allow tests for sonic-config-engine to run for
Bookworm.
Also update pyangbind to 0.8.2 for Bookworm to fix an issue with some
classes being moved into a different package.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
The help text printed for sonic-yang-mgmt has slight differences
depending on the package versions. Loosen this check to only check the
options themselves, rather than the surrounding text.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
Newer versions of pip/setuptools don't support test_requires, and the
current standard is to specify any extra dependencies (such as those
required for testing) under extra_requires.
Therefore, specify the testing dependencies under extra_requires. These
can be installed via pip using `pip install '.[testing]'`.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
#### Why I did it
src/sonic-host-services
```
* 50db9d3 - (HEAD -> master, origin/master, origin/HEAD) Move sonic-host-services-data from sonic-buildimage into this repo (3 hours ago) [Saikrishna Arcot]
* 1a9442f - Replace libpam-cracklib with libpam-pwquality (3 hours ago) [Saikrishna Arcot]
* 31590a1 - Fix diff output in test for Python 3 (3 hours ago) [Saikrishna Arcot]
* cc3e330 - Specify test dependencies under extra_requires (3 hours ago) [Saikrishna Arcot]
```
#### How I did it
#### How to verify it
#### Description for the changelog
What I did:
In Chassis TSA mode Loopback0 Ip's of each LC's should be advertise through e-BGP peers of each remote LC's
How I did:
- Route-map policy to Advertise own/self Loopback IP to other internal iBGP peers with a community internal_community as define in constants.yml
- Route-map policy to match on above internal_community when route is received from internal iBGP peers and set a internal tag as define in constants.yml and also delete the internal_community so we don't send to any of e-BGP peers
- In TSA new route-map match on above internal tag and permit the route (Loopback0 IP's of remote LC's) and set the community to traffic_shift_community.
- In TSB delete the above new route-map.
How I verify:
Manual Verification
UT updated.
sonic-mgmt PR: sonic-net/sonic-mgmt#10239
Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
- Why I did it
Added YANG model as part of Generic Hash feature development
- How I did it
Added YANG model
- How to verify it
1. Add UT
2. Verified manually with the feature qualification
Signed-off-by: Nazarii Hnydyn <nazariig@nvidia.com>
What I did:
Revert the GTSM feature for VOQ iBGP session done as part of #16777.
Why I did:
On VOQ chassis BGP packets go over Recycle Port and then for Ingress Pipeline Routing making ttl as 254 and failing single hop check.
Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
Sub PRs:
sonic-net/sonic-host-services#84
#17191
Why I did it
According to the design, the database instances of DPU will be kept in the NPU host.
Microsoft ADO (number only): 25072889
How I did it
To follow the multiple ASIC design, I assume a new platform environment variable NUM_DPU will be defined in the /usr/share/sonic/device/$PLATFORM/platform_env.conf. Based on this number, NPU host will launch a corresponding number of instances for the DPU database.
Signed-off-by: Ze Gan <ganze718@gmail.com>
#### Why I did it
src/sonic-dbsyncd
```
* e294eb0 - (HEAD -> master, origin/master, origin/HEAD) Update the code coverage rate to 80% (#63) (16 hours ago) [xumia]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-platform-daemons
```
* 55a6828 - (HEAD -> master, origin/master, origin/HEAD) Update the code coverage rate to 80% (#406) (16 hours ago) [xumia]
```
#### How I did it
#### How to verify it
#### Description for the changelog
Why I did it
Add config_db monitor and customize options for dhcpservd. HLD: sonic-net/SONiC#1282
Work item tracking
Microsoft ADO (number only): 25600859
How I did it
Add support to customize unassigned DHCP options. Current support type: binary, boolean, ipv4-address, string, uint8, uint16, uint32
Add db config change monitor for dhcpservd
How to verify it
Unit tests in sonic-dhcp-server all passed
#### Why I did it
src/sonic-mgmt-common
```
* faa2a51 - (HEAD -> master, origin/master, origin/HEAD) Go Code format checker and formatter (#112) (8 hours ago) [faraazbrcm]
* faaa9f5 - PathInfo optimizations (#115) (22 hours ago) [Sachin Holla]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-platform-common
```
* 30fb0ce - (HEAD -> master, origin/master, origin/HEAD) Implement is_copper for SFP (#414) (12 hours ago) [Junchao-Mellanox]
```
#### How I did it
#### How to verify it
#### Description for the changelog
In the ubuntu environment, the debian server key wasn't installed by default. So, we will get the following error in the Azp pipeline
gpg: WARNING: no command supplied. Trying to guess what you mean ...
gpg: Signature made Sun Apr 9 06:25:32 2023 UTC
gpg: using RSA key 7D887DC8BA7BBBA7B835E3BADCE310E7864CC8BF
gpg: Can't check signature: No public key
gpg: can't create `/home/vsts/.gnupg/random_seed': No such file or directory
Validation FAILED!!
Signed-off-by: Ze Gan <ganze718@gmail.com>
#### Why I did it
src/sonic-platform-common
```
* 5cc3e30 - (HEAD -> master, origin/master, origin/HEAD) Correct wrong constant (#411) (6 hours ago) [ChiouRung Haung]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-mgmt-common
```
* 7e3a8ad - (HEAD -> master, origin/master, origin/HEAD) Transformer infra enhancements and bug fixes (#104) (5 days ago) [amrutasali]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-host-services
```
* 586b1e9 - (HEAD -> master, origin/master, origin/HEAD) Disable systemd auto-restart of dependent services for spineRouters (#83) (5 hours ago) [Deepak Singhal]
```
#### How I did it
#### How to verify it
#### Description for the changelog
- Why I did it
PR checker is blocked by container_checker.
- How I did it
Disable telemetry in minigraph parser.
- How to verify it
Run pipeline and sanity check.
#### Why I did it
src/sonic-swss
```
* 644b227a - (HEAD -> master, origin/master, origin/HEAD) [portsorch]: Implement port PFC asym capability check (#2942) (3 days ago) [Nazarii Hnydyn]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/dhcprelay
```
* 40c6877 - (HEAD -> master, origin/master, origin/HEAD) [CodeQL] fix unmet dependency for `build-swss-common` (#44) (30 hours ago) [Jing Zhang]
```
#### How I did it
#### How to verify it
#### Description for the changelog
Back port a patch from upstream FRR - FRRouting/frr#14675
Why I did it
The EVPN route is not treated correctly and thus leading to messages:
Oct 30 11:40:00.494083 r-tigris-22 INFO swss#orchagent: :- addRoute: Failed to get next hop 30.0.0.2@Vlan200 for 20.0.0.2/32, resolving neighbor
Oct 30 11:40:00.494083 r-tigris-22 INFO swss#orchagent: :- addRoute: Failed to get next hop 30.0.0.2@Vlan200 for 200.0.0.0/24, resolving neighbor
Oct 30 11:40:00.494083 r-tigris-22 INFO swss#orchagent: :- addRoute: Failed to get next hop ::ffff:30.0.0.2@Vlan200 for 200::/64, resolving neighbor
Oct 30 11:40:00.494083 r-tigris-22 INFO swss#orchagent: :- addRoute: Failed to get next hop ::ffff:30.0.0.2@Vlan200 for 20::/64, resolving neighbor
Oct 30 11:40:00.494083 r-tigris-22 INFO swss#orchagent: :- addRoute: Failed to get next hop ::ffff:30.0.0.2@Vlan200 for 20::2/128, resolving neighbor
This happens because fpmsyncd does not get encap type field in FPM message.
Work item tracking
Microsoft ADO (number only):
How I did it
Backport fix from FRR.
How to verify it
EVPN scenario.
Orchagent uses PORTCHANNEL term when parsing this field. Change the YANG model to align to orchagent.
- Why I did it
When specifying PORTCHANNEL in ACL_TABLE_TYPE table YAGN model validation does not pass, when using term LAG orchagent does not accept such table type.
Fix it by aligning YANG model to orchagent.
- How I did it
Fix in YANG model.
- How to verify it
Create custom ACL table type.
Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
#### Why I did it
src/sonic-sairedis
```
* 7acd028 - (HEAD -> master, origin/master, origin/HEAD) [gbsyncd] Add asic db prefix for channel RESTARTQUERY (#1302) (3 hours ago) [Junhua Zhai]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-swss
```
* 51bfb4c1 - (HEAD -> master, origin/master, origin/HEAD) [muxorch] Fixing updateRoute logic (#2952) (3 hours ago) [Nikola Dancejic]
```
#### How I did it
#### How to verify it
#### Description for the changelog
#### Why I did it
src/sonic-swss
```
* 2b02c249 - (HEAD -> master, origin/master, origin/HEAD) Send hearbeat during warm reboot freese (#2923) (81 minutes ago) [Hua Liu]
```
#### How I did it
#### How to verify it
#### Description for the changelog
Why I did it
Share docker image to support gnmi container and telemetry container
Work item tracking
Microsoft ADO 25423918:
How I did it
Create telemetry image from gnmi docker image.
Enable gnmi container and disable telemetry container by default.
How to verify it
Run end to end test.
Why I did it
The current DEVICE_NEIGHBOR_METADATA yang model has two issues that would block GCU operation when it checks if the current config aligns with the YANG model:
Missing cluster field in YANG
Incomplete set of device type. The device type in YANG model doesn't include all the device type.
Work item tracking
Microsoft ADO (number only): 25577813
How I did it
Add cluster field in DEVICE_NEIGHBOR_METADATA YANG model.
Change device type to string.
Fix the UT test accordingly.
How to verify it
Build the image and verify the unit tests passed.
