Commit Graph

6144 Commits

Author SHA1 Message Date
xumia
b9ecaa3234
[Build]: Support to use the base image version when a package version not specified (#10971)
Why I did it
It is to fix issue: #10952
[Build]: Support to use the base image version when a package version not specified
2022-05-30 12:06:32 +08:00
Ying Xie
ed27eff71f
[swss] advance sonic-swss submodule head (#10959)
* 910bfd4 2022-05-28 | [ACL] Add default action_list for default ACL table type (#2298) (github/master) [bingwang-ms]
* 4d6fa42 2022-05-27 | [ci] Change artifact reference pipeline to common lib pipeline. (#2294) [Shilong Liu]
* 583236f 2022-05-26 | [P4Orch] Lazy UDF match creation to avoid failure during warm reboot (#2282) [Yilan Ji]
* d7b5ff7 2022-05-26 | [ci] Use correct branch when downloading artifact. (#2292) [Shilong Liu]
* 2f13244 2022-05-26 | [ci] Improve azp trigger settings to automaticlly support new release branch. (#2289) [Shilong Liu]

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2022-05-30 09:21:03 +08:00
davidpil2002
ab0930313b
[YANG] Add support for Password Hardening (#10322)
- Why I did it
Yang Model about password hardening feature, the sonic CLI of this feature was autogenerated from this Yang model

- How I did it
Create new Yang model in src/sonic-yang-models/yang-models/sonic-passwh.yang.

- How to verify it
There are unitests(yang test) in this P.R covering all the passwords policies with good and bad values cases.
Or is possible manually using the config/show password commands that were autogenerated from this Yang model. (this CLI code added in sonic-utilities)
2022-05-29 13:54:51 +03:00
Andriy Yurkiv
29043ff026
[MFT] Update MFT version to MFT 4.20.0-34 (#10933)
- Why I did it
Update MFT to newer version

- How I did it
Update MFT_VERSION in platform/mellanox/mft.mk

- How to verify it
Check version via dpkg -l | grep mft

Signed-off-by: Andriy Yurkiv <ayurkiv@nvidia.com>
2022-05-28 15:45:02 +03:00
bingwang-ms
b62526c46c
Define SYSTEM_DEFAULTS table to control tunnel_qos_remap (#10877)
* Define SYSTEM_DEFAULTS table to control tunnel_qos_remap

Signed-off-by: bingwang <wang.bing@microsoft.com>
2022-05-28 15:34:28 +08:00
Ze Gan
9bf84fcad5
[submodule]: Update submodule for sonic-wpa-supplicant (#10957)
1069d2dd4 [sonic_operators.cpp]: Fixbug wait with false positive to return success

Signed-off-by: Ze Gan <ganze718@gmail.com>
2022-05-28 12:01:32 +08:00
Hasan Naqvi
1ac60d39f0
[frr]: fix official build break (#10947)
Official build fails complaining missing below targets:
2022-05-25T10:50:38.0560306Z tar: target/debs/buster/libyang2-cpp1_2.0.112-6_amd64.deb: Cannot stat: No such file or directory
2022-05-25T10:50:38.0571392Z tar: target/debs/buster/libyang2-cpp-dev_2.0.112-6_amd64.deb: Cannot stat: No such file or directory
2022-05-25T10:50:38.0588893Z tar: target/debs/buster/libyang2-cpp1-dbgsym_2.0.112-6_amd64.deb: Cannot stat: No such file or directory
2022-05-25T10:50:38.0590887Z tar: target/debs/buster/yang-tools_2.0.112-6_all.deb: Cannot stat: No such file or directory
2022-05-27 13:49:58 -07:00
Alexander Allen
71c868f56a
Upgrade libasan to version 6 in docker-syncd-mlnx to align with bullseye libasan (#10886) 2022-05-27 11:28:01 -07:00
Neetha John
1bce88ad29
[sonic-config-engine] Fix typo in hwsku name in sample graph (#10941)
Signed-off-by: Neetha John <nejo@microsoft.com>

Why I did it
There was a typo in hwsku specified as part of #10889

How I did it
Replaced with the correct hwsku

How to verify it
test_cfggen.py is passing
2022-05-27 09:46:23 -07:00
Sudharsan Dhamal Gopalarathnam
441cd1d283
[yang] add Sample configuration for ACL_TABLE_TYPE (#10937)
Signed-off-by: Sudharsan Dhamal Gopalarathnam <sudharsand@nvidia.com>
2022-05-27 09:45:29 -07:00
Hua Liu
054eb25c85
Update sonic-swss-common submodule (#10872)
Updating sonic-utilities sub module with the following commits

    84dbd93 Clear the fvs vector before popping the message out of notification
    a90b2b7 selectabletimer: add mutex to start() and stop()
    7ae22be Fix SIGTERM can't terminate PubSub::listen issue

#### Why I did it

    To fix hostcfgd can't terminate by sigint issue, need update sonic-swss-common submodule.  

#### How I did it

#### How to verify it

#### Which release branch to backport (provide reason below if selected)

#### Description for the changelog

    84dbd93 Clear the fvs vector before popping the message out of notification
    a90b2b7 selectabletimer: add mutex to start() and stop()
    7ae22be Fix SIGTERM can't terminate PubSub::listen issue

#### A picture of a cute animal (not mandatory but encouraged)
2022-05-27 08:58:40 +08:00
AmitKaushik7
e61bfd7bb4
Add crm sample data for snat/dnat/ipmc entries for Yang Model (#10865)
#### Why I did it
For yang model, sample_config_db.json file was missing Sample data for the features SNAT/DNAT/IPMC

#### How I did it
Added the SNAT,DNAT,IPMC(low Threshold/high threshold/threshold_type)entries in CRM table.

#### How to verify it
With sanity Build/test only.
2022-05-26 11:50:07 -07:00
Dror Prital
a5932e3264
[submodule] Advanced sonic-swss pointer (#10926)
[muxorch] Handling optional attributes in muxorch (#2288)
Update netlink messages handler (#2233)
Broadcast Unknown-multicast and Unknown-unicast Storm-control (#1306)
[vstest]: Increase PollingConfig default timeout (#2285)
[FDB] Fix fbdorch to properly handle syncd FDB FLUSH Notif (#2254)
[macsecorch]: Support for non-default sa per sc (#2250)
Migrating the NAT vs tests from Click to direct DB access (#2278)
[neighsync] Ignoring IPv4 link local addresses (#2260)
[IntfMgrd] Retry adding ipv6 prefix by setting disabled_ipv6 flag  (#2267)
Increase Redis Timeout value for Switch Create Opration for Packet (#2243)
Update fdborch.cpp (#2261)

Signed-off-by: dprital <drorp@nvidia.com>
2022-05-26 18:33:59 +03:00
Kebo Liu
c618a653a1
[yang] Support new interface types CR8/SR8/KR8/LR8 (#10826)
- Why I did it
With SAI V.1.10.2, new interface types CR8/SR8/KR8/LR8 have been introduced, we should also support them from the CLI configuration.

- How I did it
Add new enum for the new interface types

- How to verify it
Run the "config interface type" command to verify new interface types can be accepted and handled correctly.

Signed-off-by: Kebo Liu <kebol@nvidia.com>
2022-05-26 18:16:23 +03:00
xumia
cc9a4beb0c
Touch the donwload files to change the modified time (#10929)
Why I did it
It is to improve the build performance, when building multiple targets.
The modified time of downloaded files should be not older than the file .platform.
If not, the file will be downloaded again, when building any dependent targets.

How I did it
When downloading the packages from web site, the modified time will be changed by the command "touch".
2022-05-26 21:55:13 +08:00
xumia
f0dfd398a6
Revert "Reduce image size for lazy installation packages (#10775)" (#10916)
This reverts commit 15cf9b0d70.
Why I did it
Revert the PR #10775, for it has impact on onie installation.
It is caused by the symbol links not supported in some of the onie unzip.
We will enable after fixing the issue, see #10914
2022-05-26 09:39:48 +08:00
Neetha John
b5e59a1355
[sonic-config-engine] Change hwsku for sample graph in unit tests (#10889)
#### Why I did it
To ensure that some internal testcases do not break due to external changes

#### How to verify it
Ran test_cfggen.py with the changes and it passed
2022-05-25 15:48:02 -07:00
Zain Budhwani
8315d11959
Add YANG model and unit tests for sonic-telemetry (#10840)
- Why I did it

YANG schema is missing for sonic-telemetry

- How I did it

Added YANG schema to sonic-yang-models and appropriate unit tests inside of test and test_config

- How to verify it

Build sonic-yang-models python wheels target and verify that unit tests are passing
2022-05-25 10:17:47 -07:00
Taylor Cai
11f0bffe13
[device/celestica]:Fix failed test case of Haliburton snmp (#10844) 2022-05-26 00:06:50 +08:00
abdosi
0285bfe42e
[chassis] Fix issues regarding database service failure handling and mid-plane connectivity for namespace. (#10500)
What/Why I did:

Issue1: By setting up of ipvlan interface in interface-config.sh we are not tolerant to failures. Reason being interface-config.service is one-shot and do not have restart capability. 

Scenario: For example if let's say database service goes in fail state  then interface-services also gets failed because of dependency check but later database service gets restart but interface service will remain in stuck state and the ipvlan interface nevers get created.

Solution: Moved all the logic in database service from interface-config service which looks more align logically also since the namespace is created here and all the network setting (sysctl) are happening here.With this if database starts we recreate the interface.

Issue 2: Use of IPVLAN vs MACVLAN

Currently we are using ipvlan mode.  However above failure scenario is not handle correctly by ipvlan mode. Once the ipvlan interface is created and ip address assign to it and if we restart interface-config or database (new PR) service Linux Kernel gives error "Error: Address already assigned to an ipvlan device."  based on this:https://github.com/torvalds/linux/blob/master/drivers/net/ipvlan/ipvlan_main.c#L978Reason being if we do not do cleanup of ip address assignment (need to be unique for IPVLAN)  it remains in Kernel Database and never goes to free pool even though namespace is deleted. 

Solution: Considering this hard dependency of unique ip macvlan mode is better for us and since everything is managed by Linux Kernel and no dependency for on user configured IP address.

Issue3: Namespace database Service do not check reachability to Supervisor Redis Chassis   Server.

Currently there is no explicit check as we never do Redis PING from namespace to Supervisor Redis Chassis  Server. With this check it's possible we will start database and all other docker even though there is no connectivity and will hit the error/failure late in cycle

Solution: Added explicit PING from namespace that will check this reachability.

Issue 4:flushdb give exception when trying to accces Chassis Server DB over Unix Sokcet.

Solution: Handle gracefully via try..except and log the message.
2022-05-24 16:54:12 -07:00
Hasan Naqvi
a477dbb175
Frr 8.2 upgrade (#10691)
Why I did it
Upgrade FRR to version 8.2.2. Build libyang2 required by FRR.

How I did it
Update FRR version and tag.

How to verify it
Following tests were performed on sonic-vs:

BGP docker status check
BGP configuration and session establishment
Route redistribution and ping
Issued show commands to check the bgp neighbor and routes
Checked app-db to ensure bgp routes are installed with correct interface and nexthop.
Create VRF and check FRR knows the VRF
Check VRF routes are installed in app-db with correct Vrf name and next-hop
Establish BGP Evpn session and check if Evpn routes (multicast, mac, prefix) are exchanged and installed correctly in app-db.
2022-05-24 14:47:09 -07:00
kellyyeh
2ead3aaefc
[dhcp6relay] Fix option parsing and add dhcpv6 client messages (#10819) 2022-05-24 14:37:16 -07:00
arlakshm
915f2834b0
[voq][chassis]fix recirc port admin status (#10769)
Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan arlakshm@microsoft.com

Why I did it
resolves #10761.
For VOQ chassis, the Recirc port, which was added for the Everflow, stays admin down after load minigraph.
This PR add the fix to make the recirc port as admin up

How I did it
The PR adds a change in minigraph.py,  if port has role as Rec make the the port as admin-status up.

How to verify it
UT

Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
2022-05-24 14:36:09 -07:00
Ze Gan
a6b1b0a968
[submodule]: Update submodule for sonic-wpa-supplicant (#10904)
64caafe38 [driver_macsec_sonic]: Fixing missing zeros at the beginning of SCI (#52)

Signed-off-by: Ze Gan <ganze718@gmail.com>
2022-05-25 05:25:57 +08:00
Ze Gan
0156c21eff
[macsec-cli]: Fixing to config MACsec on the port will clear port attributes in config db (#10903)
Why I did it
There is a bug that the Port attributes in CONFIG_DB will be cleared if using sudo config macsec port add Ethernet0 or sudo config macsec port del Ethernet0

How I did it
To fetch the port attributes before set/remove MACsec field in port table.

Signed-off-by: Ze Gan <ganze718@gmail.com>
2022-05-24 18:42:54 +08:00
Longxiang Lyu
8f7ef1e593
[dualtor][minigraph.py] Add soc_ipv4 and cable_type to MUX_CABLE (#10776)
Why I did it
To further add cable_type and soc_ipv4 field to table MUX_CABLE, this PR tries to parse the minigraph like the following:
```
      <Device i:type="SmartCable">
        <ElementType>SmartCable</ElementType>
        <SubType>active-active</SubType>
        <Address xmlns:d5p1="Microsoft.Search.Autopilot.NetMux">
          <d5p1:IPPrefix>192.168.0.3/21</d5p1:IPPrefix>
        </Address>
        <AddressV6 xmlns:d5p1="Microsoft.Search.Autopilot.NetMux">
          <d5p1:IPPrefix>::/0</d5p1:IPPrefix>
        </AddressV6>
        <ManagementAddress xmlns:d5p1="Microsoft.Search.Autopilot.NetMux">
          <d5p1:IPPrefix>0.0.0.0/0</d5p1:IPPrefix>
        </ManagementAddress>
        <ManagementAddressV6 xmlns:d5p1="Microsoft.Search.Autopilot.NetMux">
          <d5p1:IPPrefix>::/0</d5p1:IPPrefix>
        </ManagementAddressV6>
        <SerialNumber i:nil="true" />
        <Hostname>svcstr-7050-acs-1-Servers0-SC</Hostname>
      </Device>
      <Device i:type="Server">
        <ElementType>Server</ElementType>
        <Address xmlns:d5p1="Microsoft.Search.Autopilot.NetMux">
          <d5p1:IPPrefix>192.168.0.2/21</d5p1:IPPrefix>
        </Address> 
        <AddressV6 xmlns:d5p1="Microsoft.Search.Autopilot.NetMux">
          <d5p1:IPPrefix>fc02:1000::2/64</d5p1:IPPrefix>
        </AddressV6>
        <ManagementAddress xmlns:d5p1="Microsoft.Search.Autopilot.NetMux">
          <d5p1:IPPrefix>0.0.0.0/0</d5p1:IPPrefix>
        </ManagementAddress>
        <Hostname>Servers0</Hostname>
      </Device>
```
Signed-off-by: Longxiang Lyu lolv@microsoft.com

How I did it
get_mux_cable_entries will try to get the mux cable device from the devices list and get the cable type and soc ip address from the device definition.

How to verify it
Pass the unit-test
2022-05-24 15:10:48 +08:00
Ze Gan
2faa69eed2
[Azp]: Ignore the result of t0-sonic pool (#10905)
Signed-off-by: Ze Gan <ganze718@gmail.com>
2022-05-24 10:42:09 +08:00
jerseyang
c92bfe0728
Add belgite support (#9511)
Why I did it
add celestica belgite platform

How I did it
add belgite platform in celestica

Co-authored-by: nicwu-cel <nicwu@celestica.com>
Co-authored-by: anjian <anjian@celestica.com>
Co-authored-by: sandycelestica <sandyli@celestica.com>
2022-05-23 18:45:37 -07:00
Song Yuan
b23ad6748a
[Arista] Add QOS and buffer profiles for SKU Arista-7800R3-48CQM2-C48 (#10752)
* Add QOS and buffer profiles for Arista SKU.

* Add unit test for SKU Arista-7800R3-48CQM2-C48.
2022-05-23 13:50:04 -07:00
Samuel Angebault
70e2727b02
[Arista] Update platform submodules (#10800)
This update has following changes
Refactor pci topology logic for chassis (fixes some chassis commands and chassisd on linecard)
Introduce new cooling algorithm
Fix linecard poweroff logic when supervisor is going down
Fix linecard status led leading to system-health crashing
Misc fixes
2022-05-23 13:28:13 -07:00
Shilong Liu
b313563986
[ci] Add arm artifacts in common lib azure pipeline (#10817)
* [ci] Add arm artifacts in common lib azure pipeline
2022-05-23 17:52:56 +08:00
Maxime Lorrillere
392899682f
[Arista] Add support for Wolverine linecards (#8887)
Add support for WolverineQCpu, WolverineQCpuMs, WolverineQCpuBk, WolverineQCpuBkMs

Co-authored-by: Maxime Lorrillere <mlorrillere@arista.com>
2022-05-20 14:11:06 -07:00
Senthil Kumar Guruswamy
f37dd770cd
System Ready (#10479)
Why I did it
At present, there is no mechanism in an event driven model to know that the system is up with all the essential sonic services and also, all the docker apps are ready along with port ready status to start the network traffic. With the asynchronous architecture of SONiC, we will not be able to verify if the config has been applied all the way down to the HW. But we can get the closest up status of each app and arrive at the system readiness.

How I did it
A new python based system monitor tool is introduced under system-health framework to monitor all the essential system host services including docker wrapper services on an event based model and declare the system is ready. This framework gives provision for docker apps to notify its closest up status. CLIs are provided to fetch the current system status and also service running status and its app ready status along with failure reason if any.

How to verify it
"show system-health sysready-status" click CLI
Syslogs for system ready
2022-05-20 13:25:11 -07:00
xumia
f6927606b3
[Ci]: Fix to trigger the publish pipeline in failure build issue (#10847)
Why I did it
It is not necessary to trigger the publish pipeline when build is failed.

How I did it
Remove the condition in the azp task, change to use template condition.
2022-05-20 14:32:53 +08:00
abdosi
4fd629c021
Added Support for BGP allow list feature to have route-map action of setting tag (#10731)
What I did:
Added support to create route-map action set tag <user define value>
when the the allow prefix list matches. The tag can ben define by user in
constants.yml.

Why I did:
Since for Allow List feature we call from base route-map allow-list route-map having set tag option provides way for base route-map to do match tag and take any further action if needed. Adding tag provide metadata that can used by base route-map
2022-05-19 22:51:02 -07:00
Marty Y. Lok
937bf09c92
{nokia] Update Nokia IXR7250e supervisor card device data (#10595)
Signed-off-by: mlok <marty.lok@nokia.com>
2022-05-19 11:38:34 -07:00
vmittal-msft
f7882b3885
Fix for libsaithrift build for BRCM image (#10852)
Updated libsaibcm to fix libsaithrift compile issue on BRCM image
2022-05-19 11:15:34 -07:00
Ze Gan
b21cd70955
[Submodule]: update submodule for sonic-swss and sonic-wpa-supplicant (#10842)
Signed-off-by: Ze Gan <ganze718@gmail.com>
2022-05-20 01:21:11 +08:00
Andriy Yurkiv
70d71f99f5
[Mellanox] Credo Y-cable | add more log info, checks, fix exception message (#10779)
- Why I did it
Script fails when there is an exception while reading

- How I did it
Add more logs and checks. Fix wrong variable naming and messages.

- How to verify it
Provoke exception while read_eeprom() and check that it is handled properly
2022-05-19 17:36:02 +03:00
Ze Gan
910e1c6eb4
[docker-macsec]: MACsec CLI Plugin (#9390)
#### Why I did it
To provide MACsec config and show CLI for manipulating MACsec

#### How I did it
Add `config macsec` and `show macsec`.

#### How to verify it

This PR includes unittest for MACsec CLI, check Azp status.
- Add MACsec profile
```
admin@sonic:~$ sudo config macsec profile add --help
Usage: config macsec profile add [OPTIONS] <profile_name>

  Add MACsec profile

Options:
  --priority <priority>           For Key server election. In 0-255 range with
                                  0 being the highest priority.  [default:
                                  255]
  --cipher_suite <cipher_suite>   The cipher suite for MACsec.  [default: GCM-
                                  AES-128]
  --primary_cak <primary_cak>     Primary Connectivity Association Key.
                                  [required]
  --primary_ckn <primary_cak>     Primary CAK Name.  [required]
  --policy <policy>               MACsec policy. INTEGRITY_ONLY: All traffic,
                                  except EAPOL, will be converted to MACsec
                                  packets without encryption.  SECURITY: All
                                  traffic, except EAPOL, will be encrypted by
                                  SecY.  [default: security]
  --enable_replay_protect / --disable_replay_protect
                                  Whether enable replay protect.  [default:
                                  False]
  --replay_window <enable_replay_protect>
                                  Replay window size that is the number of
                                  packets that could be out of order. This
                                  field works only if ENABLE_REPLAY_PROTECT is
                                  true.  [default: 0]
  --send_sci / --no_send_sci      Send SCI in SecTAG field of MACsec header.
                                  [default: True]
  --rekey_period <rekey_period>   The period of proactively refresh (Unit
                                  second).  [default: 0]
  -?, -h, --help                  Show this message and exit.
```
- Delete MACsec profile
```
admin@sonic:~$ sudo config macsec profile del --help
Usage: config macsec profile del [OPTIONS] <profile_name>

  Delete MACsec profile

Options:
  -?, -h, --help  Show this message and exit.
```
- Enable MACsec on the port
```
admin@sonic:~$ sudo config macsec port add --help
Usage: config macsec port add [OPTIONS] <port_name> <profile_name>

  Add MACsec port

Options:
  -?, -h, --help  Show this message and exit.
```
- Disable MACsec on the port
```
admin@sonic:~$ sudo config macsec port del --help
Usage: config macsec port del [OPTIONS] <port_name>

  Delete MACsec port

Options:
  -?, -h, --help  Show this message and exit.

```
Show MACsec
```
MACsec port(Ethernet0)
---------------------  -----------
cipher_suite           GCM-AES-256
enable                 true
enable_encrypt         true
enable_protect         true
enable_replay_protect  false
replay_window          0
send_sci               true
---------------------  -----------
	MACsec Egress SC (5254008f4f1c0001)
	-----------  -
	encoding_an  2
	-----------  -
		MACsec Egress SA (1)
		-------------------------------------  ----------------------------------------------------------------
		auth_key                               849B69D363E2B0AA154BEBBD7C1D9487
		next_pn                                1
		sak                                    AE8C9BB36EA44B60375E84BC8E778596289E79240FDFA6D7BA33D3518E705A5E
		salt                                   000000000000000000000000
		ssci                                   0
		SAI_MACSEC_SA_ATTR_CURRENT_XPN         179
		SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED    0
		SAI_MACSEC_SA_STAT_OCTETS_PROTECTED    0
		SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED  0
		SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED  0
		-------------------------------------  ----------------------------------------------------------------
		MACsec Egress SA (2)
		-------------------------------------  ----------------------------------------------------------------
		auth_key                               5A8B8912139551D3678B43DD0F10FFA5
		next_pn                                1
		sak                                    7F2651140F12C434F782EF9AD7791EE2CFE2BF315A568A48785E35FC803C9DB6
		salt                                   000000000000000000000000
		ssci                                   0
		SAI_MACSEC_SA_ATTR_CURRENT_XPN         87185
		SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED    0
		SAI_MACSEC_SA_STAT_OCTETS_PROTECTED    0
		SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED  0
		SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED  0
		-------------------------------------  ----------------------------------------------------------------
	MACsec Ingress SC (525400edac5b0001)
		MACsec Ingress SA (1)
		---------------------------------------  ----------------------------------------------------------------
		active                                   true
		auth_key                                 849B69D363E2B0AA154BEBBD7C1D9487
		lowest_acceptable_pn                     1
		sak                                      AE8C9BB36EA44B60375E84BC8E778596289E79240FDFA6D7BA33D3518E705A5E
		salt                                     000000000000000000000000
		ssci                                     0
		SAI_MACSEC_SA_ATTR_CURRENT_XPN           103
		SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED       0
		SAI_MACSEC_SA_STAT_IN_PKTS_INVALID       0
		SAI_MACSEC_SA_STAT_IN_PKTS_LATE          0
		SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA  0
		SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID     0
		SAI_MACSEC_SA_STAT_IN_PKTS_OK            0
		SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED     0
		SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA     0
		SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED      0
		SAI_MACSEC_SA_STAT_OCTETS_PROTECTED      0
		---------------------------------------  ----------------------------------------------------------------
		MACsec Ingress SA (2)
		---------------------------------------  ----------------------------------------------------------------
		active                                   true
		auth_key                                 5A8B8912139551D3678B43DD0F10FFA5
		lowest_acceptable_pn                     1
		sak                                      7F2651140F12C434F782EF9AD7791EE2CFE2BF315A568A48785E35FC803C9DB6
		salt                                     000000000000000000000000
		ssci                                     0
		SAI_MACSEC_SA_ATTR_CURRENT_XPN           91824
		SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED       0
		SAI_MACSEC_SA_STAT_IN_PKTS_INVALID       0
		SAI_MACSEC_SA_STAT_IN_PKTS_LATE          0
		SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA  0
		SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID     0
		SAI_MACSEC_SA_STAT_IN_PKTS_OK            0
		SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED     0
		SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA     0
		SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED      0
		SAI_MACSEC_SA_STAT_OCTETS_PROTECTED      0
		---------------------------------------  ----------------------------------------------------------------
MACsec port(Ethernet1)
---------------------  -----------
cipher_suite           GCM-AES-256
enable                 true
enable_encrypt         true
enable_protect         true
enable_replay_protect  false
replay_window          0
send_sci               true
---------------------  -----------
	MACsec Egress SC (5254008f4f1c0001)
	-----------  -
	encoding_an  1
	-----------  -
		MACsec Egress SA (1)
		-------------------------------------  ----------------------------------------------------------------
		auth_key                               35FC8F2C81BCA28A95845A4D2A1EE6EF
		next_pn                                1
		sak                                    1EC8572B75A840BA6B3833DC550C620D2C65BBDDAD372D27A1DFEB0CD786671B
		salt                                   000000000000000000000000
		ssci                                   0
		SAI_MACSEC_SA_ATTR_CURRENT_XPN         4809
		SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED    0
		SAI_MACSEC_SA_STAT_OCTETS_PROTECTED    0
		SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED  0
		SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED  0
		-------------------------------------  ----------------------------------------------------------------
	MACsec Ingress SC (525400edac5b0001)
		MACsec Ingress SA (1)
		---------------------------------------  ----------------------------------------------------------------
		active                                   true
		auth_key                                 35FC8F2C81BCA28A95845A4D2A1EE6EF
		lowest_acceptable_pn                     1
		sak                                      1EC8572B75A840BA6B3833DC550C620D2C65BBDDAD372D27A1DFEB0CD786671B
		salt                                     000000000000000000000000
		ssci                                     0
		SAI_MACSEC_SA_ATTR_CURRENT_XPN           5033
		SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED       0
		SAI_MACSEC_SA_STAT_IN_PKTS_INVALID       0
		SAI_MACSEC_SA_STAT_IN_PKTS_LATE          0
		SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA  0
		SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID     0
		SAI_MACSEC_SA_STAT_IN_PKTS_OK            0
		SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED     0
		SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA     0
		SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED      0
		SAI_MACSEC_SA_STAT_OCTETS_PROTECTED      0
		---------------------------------------  ----------------------------------------------------------------
```
2022-05-19 21:59:37 +08:00
StormLiangMS
0cc9fdc69b
[bgpcfgd] ECMP overlay VxLan with BGP support (#10716)
Why I did it
https://github.com/Azure/SONiC/blob/master/doc/vxlan/Overlay%20ECMP%20with%20BFD.md
From the design, need to advertise the route with community string, the PR is to implement this.

How I did it
To use the route-map as the profile for the community string, all advertised routes can be associated with one route-map.
Add one file, mangers_rm.py, which is to add/update/del the route-map. Modified the managers_advertise_rt.py file to associate profile with IP route.

The route-map usage is very flexible, by this PR, we only support one fixed usage to add community string for route to simplify this design.

How to verify it
Implement new unit tests for mangers_rm.py and updated unit test for managers_advertise_rt.py.
Manually verified the test case in the test plan section, will add testcase in sonic-mgmt later. Azure/sonic-mgmt#5581
2022-05-19 10:07:31 +08:00
Lawrence Lee
70e8ad325d
[scapy]: Patch scapy 2.4.5 for sniffing on intfs (#10644)
Apply scapy fix (https://github.com/secdev/scapy/pull/3240) since it is not available in release yet

Signed-off-by: Lawrence Lee <lawlee@microsoft.com>
2022-05-18 13:01:27 -07:00
lizhuhuams
9e3f1c7914
Revert "[reboiot-cause] Fix a broken symlink of previous-reboot-cause file removal issue (#10751)" (#10849)
This reverts commit dee7655526.

Co-authored-by: Ubuntu <lizhuhua@lh-dev-vm-01.ziurp3vhri5utcxng1kcl2l1qa.xx.internal.cloudapp.net>
2022-05-18 10:37:32 -07:00
Lawrence Lee
0eeb249fd8
[swss]: Convert swss docker to bullseye (#10484)
* [swss]: Convert swss docker to bullseye

Signed-off-by: Lawrence Lee <lawlee@microsoft.com>
2022-05-17 13:55:59 -07:00
Qi Luo
59e11f6e79
Update Configuration doc: fix separator and indentation (#10839)
Update Configuration doc: fix separator and indentation
2022-05-17 09:38:12 -07:00
ganglv
1db50e54c8
[sonic-cfggen]: Update UT to run yang validation (#9700)
Why I did it
Config db schema generated by minigraph should run yang validation.

How I did it
Modify run_script to add yang validation.

How to verify it
Run sonic-config-engine unit test.

Signed-off-by: Gang Lv ganglv@microsoft.com
2022-05-16 11:42:20 +08:00
xumia
3567888b03
[Ci] Support to trigger a pipeline to download and publish artifacts to storage (#10820)
Why I did it
Support to trigger a pipeline to download and publish artifacts to storage and container registry.
Support to specify the patterns which docker images to upload.

How I did it
Pass the pipeline information and the artifact information by pipeline parameters to the pipeline which will be triggered a new build. It is to decouple the artifacts generation and the publish logic, how and where the artifacts/docker images will be published, depends on the triggered pipeline.

How to verify it
2022-05-16 08:57:26 +08:00
Dante (Kuo-Jung) Su
4b581f1e9d
sonic-port.yang: add link training support (#10025)
This is part of HLD  Azure/SONiC#925

#### Why I did it
Add link-training support

#### How I did it
Update SONiC YANG for port link-training support

#### Description for the changelog
Add "link_training" to sonic-port.yang

#### Link to config_db schema for YANG module changes

https://github.com/sonic-net/SONiC/wiki/Configuration#port
2022-05-15 12:52:22 -07:00
Longxiang Lyu
5eda219bdc
[sonic-config-gen] Modify lag names to enforce 15 chars limit (#10792)
Why I did it
Previous subport unit tests uses port channel names like PortChannel01, so for subport name generated PortChannel01.10, it exceeds Linux network interface name 15 char limit.

Signed-off-by: Longxiang Lyu lolv@microsoft.com

How I did it
Modify PortChannel01 to PortChannel1.
2022-05-15 13:02:49 +08:00
Vivek R
5ea244cac8
Removed platform specific reboot files for mellanox simx platforms (#10806)
- Why I did it
Platform_reboot files for simx doesn't do aything different apart from calling /sbin/reboot. which is anyway done in the /usr/local/bin/reboot script i.e. the parent script which calls the platform specific reboot scripts if present.

Moreover, /sbin/reboot invoked in the platform specific reboot script is a non-blocking call and thus it returns back to the original script (although /sbin/reboot does it job in the background) and we see messages like this.

Signed-off-by: Vivek Reddy Karri <vkarri@nvidia.com>
2022-05-14 15:20:57 +03:00