Commit Graph

8331 Commits

Author SHA1 Message Date
Junchao-Mellanox
8de7cb5988
[202311] [Mellanox] update asic and module temperature in a thread for CMIS management (#16955) (#17699)
- Why I did it
When module is totally under software control, driver cannot get module temperature/temperature threshold from firmware. In this case, sonic needs to get temperature/temperature threshold from EEPROM. In this PR, a thread thermal updater is created to update module temperature/temperature threshold while software control is enabled.

- How I did it
Query ASIC temperature from SDK sysfs and update hw-management-tc periodically
Query Module temperature from EEPROM and update hw-management-tc periodically

- How to verify it
Manual test
New Unit tests
2024-01-08 10:50:59 -08:00
mssonicbld
4060f5ce5b
[Mellanox] Remove EEPROM write limitation if it is software control (#17030) (#17694) 2024-01-07 13:16:25 +08:00
mssonicbld
fb7bad2d11
[Mellanox] Implement low power mode for cmis host management (#17159) (#17693) 2024-01-06 07:55:41 +08:00
Junchao-Mellanox
7368df7839
[Mellanox] Enable CMIS host management (#16846) (#17684)
- Why I did it
Enable CMIS host management for Mellanox devices which are expected to support the feature

- How I did it
new thread in a new file and changing logic in platform code in chassis.py which is calling this thread from get_change_event()
this thread in the new file handles the state machine per port.
first the static detection takes place once the thread is up (during switch bootup sequence), until final decision if it's FW control or SW control module.
After it ends, the dynamic detection takes place, listening to changes in the sysfs fds, per port,
so it will be able to detect plug in or out events of a cable.

- How to verify it
Enhanced unit tests
run sonic mgmt on Nvidia SN4700 with CMIS host management enabled

Co-authored-by: dbarashinvd <105214075+dbarashinvd@users.noreply.github.com>
2024-01-05 12:07:30 -08:00
mssonicbld
aafbf5bdc6
Update Dockerfile.j2 (#17663) (#17682) 2024-01-05 06:22:58 +08:00
mssonicbld
ac4f6fcbc2
[docker_image_ctl.j2]: swss docker initialization improvements (#17628) (#17680) 2024-01-05 04:39:16 +08:00
mssonicbld
c5473c1d8b
Update backend_acl.py to specify ACL table name (#17553) (#17668) 2024-01-04 10:45:26 +08:00
Junchao-Mellanox
6d43d2f636 [Mellanox] Provide default implementation for sfp error description when CMIS host management is enabled (#17294)
- Why I did it
Provide a dummy implementation for SFP error description when CMIS host management is enabled. A future feature shall be raised to implement SFP error description for such mode.

- How I did it
if SFP is under software control, provide "Not supported" as error description
if SFP is under initialization, provide "Initializing" as error description

- How to verify it
unit test
2024-01-04 10:38:38 +08:00
mssonicbld
48885b6ac9
[image_config]: Update DHCP rate-limit for mgmt TOR devices (#17630) (#17655) 2024-01-03 17:36:12 +08:00
mssonicbld
27c1e9bb42
[dhcp_server] Fix ut issue in test_utils and test_dhcp_cfggen (#17646) (#17651) 2024-01-03 04:40:15 +08:00
Ying Xie
af08f29d4d
[202311][YANG][sonic-utilities] update sonic DB version string format (#17600)
Old format: version_a_b_c
New format: version_<branch>_<nn>

sonic-utilities:
* fba4bf0b 2023-12-21 | [202311][db_migrator] add db migrator version space for 202305/202311 branch (#3082) (HEAD -> 202311, github/202311) [Ying Xie]

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2023-12-22 11:23:31 -08:00
Ying Xie
16e695b912
[202311] lock down submodule branches (#17597)
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2023-12-22 08:49:34 -08:00
Nazarii Hnydyn
49e96c3daa
[mellanox]: Disable MFT bash autocompletion. (#17543)
Signed-off-by: Nazarii Hnydyn <nazariig@nvidia.com>
2023-12-21 09:45:42 -08:00
Yevhen Fastiuk
f78cb9c55c
[202311][cherry-pick][NTP] Add NTP extended configuration (#17487)
* Add NTP YANG model

Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com>

* Extend NTP config generation mechanism

Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com>

* Add NTP YANG nodel tests

Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com>

* Add test for NTP Jinja templates

Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com>

* Add ntpdate package

Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com>

* Fix 'bad' when auth disabled

Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com>

* [NTP] Changed owner for ntp keys config file to root and remove read access for other.

Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com>

* Fix NTP warnings after restarting the service

Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com>

* Add ability to encrypt/decrypt NTP keys

Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com>

* Update Configuration reference

Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com>

* Fix NTP configuration template

* Align the description for setting interface
* Fix the usage of scoped variable

Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com>

* Fix YANG model description and tests

Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com>

* Align NTP test according to fixed condition

Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com>

* Allow eth0 to be as source ifc without defining it

Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com>

* Update sample config with NTP config

Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com>

---------

Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com>
2023-12-21 09:45:29 -08:00
kellyyeh
bd8ed6bc6d
Advance dhcprelay submodule (#17585)
5ae186f Yaqiang Zhu Tue Dec 19 12:05:15 2023 -0500 [counter] Clear counter table when init (#45)
2023-12-20 22:49:23 -08:00
Ying Xie
9e94c3689a
[202311] set sonic release value (#17582)
Why I did it
Each release branch needs to have release number set.

Work item tracking
Microsoft ADO (number only):
How I did it
How to verify it
This PR test.
2023-12-21 13:26:53 +08:00
Ze Gan
e28b48b842
[202311][submodule]: Update submodule sonic-swss/sonic-dash-api/protobuf (#17521)
* [submodule]: Update submodule sonic-swss/sonic-dash-api/protobuf (#17413)

1. Protobuf 3.21 has been released in the Debian bookworm
2. Update submodule sonic-swss and sonic-dash-api because they include related updates.

- Microsoft ADO **(number only)**:

1. In the protobuf.mk, If it isn't bullseye, ignore to compile the protobuf package
2. Move sonic-swss commits:
```
fd852084 (HEAD, origin/master, origin/HEAD) [dashrouteorch]: Rename dash route namespace (#2966)
```
3. Move sonic-dash-api and move build chain to its submodule
```
d4448c7 (HEAD, origin/master, origin/HEAD, master) [azp]: Add multi-platform artifacts (#11)
8a5e5cc [debian]: Add debian package (#10)
d96163a [misc]: Add dash utils and its tests (#9)
```

Signed-off-by: Ze Gan <ganze718@gmail.com>
2023-12-20 17:25:23 -08:00
Junhua Zhai
3d7459ccfc
[gbsyncd] Graceful shutdown of syncd process in container gbsyncd (#16812) (#17563)
Fix #16608. Need to gracefully shutdown syncd/gbsyncd individually.
2023-12-20 09:23:14 -08:00
Arun Saravanan Balachandran
9dbb016ad8 [Dell] S6100 - Update EEPROM API serial_number_str to return service tag instead of serial number (#17440)
To modify EEPROM API serial_number_str to return service tag instead of serial number in Dell S6100.
Ref PR: #1239

How I did it
Update EEPROM API serial_number_str to return service tag instead of serial number.

How to verify it
Verify decode-syseeprom -s returns service tag in Dell S6100.
2023-12-15 09:37:01 +08:00
mssonicbld
0cb0891227
[submodule] Update submodule sonic-utilities to the latest HEAD automatically (#17457)
src/sonic-utilities

* 1b1402f5 - (HEAD -> 202311, origin/202311) [hash]: Add ECMP/LAG hash algorithm CLI (#3036) (9 days ago) [Nazarii Hnydyn]
* 71514ea3 - Revert "Run yang validation in unit test (#3025)" (#3055) (9 days ago) [Ying Xie]
* b5daf5d4 - [dhcp_relay] Fix dhcp_relay counter display issue (#3054) (9 days ago) [Yaqiang Zhu]
* b3172505 - [sflow][db_migrator] Egress Sflow support (#3020) (9 days ago) [Rajkumar-Marvell]
* 1e813105 - [wol] Implement wol command line utility (#3048) (3 weeks ago) [Zhijian Li]
* 8ebc56a0 - [sonic_installer]: Improve exception handling: introduce notes. (#3029) (3 weeks ago) [Nazarii Hnydyn]
* 3610ce93 - [sonic-package-manager] Fix YANG validation failure on upgrade when feature has constraints in YANG model on FEATURE table (#2933) (3 weeks ago) [Stepan Blyshchak]
* cfd2dd39 - Add container rsyslog.conf to the sys dump (#3039) (4 weeks ago) [Vivek]
* c4b07828 - Support new platform in generic configuration update (#3038) (4 weeks ago) [Stephen Sun]
* a8d236c8 - [fast-reboot-filter-routes.py] Remove click and improve error reporting (#3030) (4 weeks ago) [Stepan Blyshchak]
* 75199c0f - [sonic-package-manager] insert newline in /etc/sonic/generated_services.conf (#3040) (4 weeks ago) [Stepan Blyshchak]
* cd855698 - [VOQ][saidump] Modify generate_dump: replace save_saidump with save_saidump_by_route_size (#2972) (4 weeks ago) [JunhongMao]
* f1e24ae5 - GCU support for Cisco-8000 features (#3010) (4 weeks ago) [rbpittman]
* 67e1c3dc - Update GCU rsyslog validator (#3012) (4 weeks ago) [jingwenxie]
* 253b7975 - [sonic-package-manager] do not modify config_db.json (#3032) (5 weeks ago) [Stepan Blyshchak]
* 177dd8e8 - [sonic-package-manager] add generated service to /etc/sonic/generated_services.conf (#3037) (5 weeks ago) [Stepan Blyshchak]
* 62fcd77a - Configure NTP according to extended configuration (#2835) (5 weeks ago) [Yevhen Fastiuk]
* ced09404 - [dualtor_neighbor_check] Adjust zero-mac check condition (#3034) (5 weeks ago) [Longxiang Lyu]
* a4eeb698 - [config] config reload should generate sysinfo if missing  (#3031) (6 weeks ago) [jingwenxie]
* e01fc891 - Run yang validation in unit test (#3025) (6 weeks ago) [ganglv]
2023-12-14 13:16:39 -08:00
zitingguo-ms
bd15b77ba9 change branch name (#17267)
Why I did it
Upgrade xgs SAI to 10.1 version.

Work item tracking
Microsoft ADO (number only): 25931321
How I did it
Upgrade xgs SAI version in sai.mk file.

How to verify it
Run full qualification on 7050cx3/7260cx3:

7050cx3:
https://dev.azure.com/mssonic/internal/_build/results?buildId=425450&view=results
https://dev.azure.com/mssonic/internal/_build/results?buildId=425449&view=results
7260cx3: https://elastictest.org/scheduler/testplan/656f2b2b617fb27e41557494?leftSideViewMode=detail&prop=status&order=ascending
2023-12-14 14:36:07 +08:00
mssonicbld
ee75667fd1
[submodule] Update submodule sonic-platform-daemons to the latest HEAD automatically (#17452)
src/sonic-platform-daemons

* 502c0b6 - (HEAD -> 202311, origin/202311) Add Port SI Configuration Per Speed  (#400) (12 days ago) [Tomer Shalvi]
* e2d9f87 - Add dynamic sensor logic for fixed and psu presence/state checking in thermalctld (#401) (2 weeks ago) [Gregory Boudreau]
2023-12-13 17:43:09 -08:00
mssonicbld
093abe423a
[submodule] Update submodule sonic-swss-common to the latest HEAD automatically (#17456)
src/sonic-swss-common

* 8dc6218 - (HEAD -> 202311, origin/202311) Add STATE_TRANSCEIVER_INFO_TABLE_NAME to shcema.h (#824) (2 weeks ago) [noaOrMlnx]
2023-12-13 17:34:35 -08:00
mssonicbld
4ee9a5c368
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#17455)
src/sonic-swss

* d839eec3 - (HEAD -> 202311, origin/202311) Add support for fabric monitor daemon (swss part). (#2920) (11 days ago) [jfeng-arista]
* 8dc0a856 - Add support for new Port SI parameters in PortsOA (#2929) (11 days ago) [Tomer Shalvi]
* 9458b855 - [hash]: Add ECMP/LAG hash algorithm to OA (#2953) (12 days ago) [Nazarii Hnydyn]
* dac3972d - [coppmgrd] Fix Copp processing logic by using Producer del instead of del from Table (13 days ago) [Vivek]
* f6a35e98 - [gcov]: Fix directory prefix issue for (#2969) (13 days ago) [Lawrence Lee]
* 14408ca3 - [Chassis][master][orchagent] : Added test case to verify WRED profile on system ports (#2954) (2 weeks ago) [vmittal-msft]
* 2ca3deb0 - [dash] fix DASH ACL Rule protocol use-after-free (#2958) (3 weeks ago) [Yakiv Huryk]
* b8841ecb - [orchagent]: Extend the SRv6Orch to support the programming of the L3Adj (#2902) (3 weeks ago) [Carmine Scarpitta]
* 194566a7 - Fix the Orchagent Qos error messages reported in Issue #16787 (#2947) (3 weeks ago) [saksarav-nokia]
2023-12-13 15:42:15 -08:00
mssonicbld
d174ad33b7
[submodule] Update submodule sonic-platform-common to the latest HEAD automatically (#17450)
src/sonic-platform-common

* 5d69644 - (HEAD -> 202311, origin/202311) Adding supported vendor PNs for remote CDB FW upgrade (#418) (#419) (5 days ago) [mihirpat1]
* 036b2fc - [Credo][Ycable] Correct the lane mapping in the debugdumpregister function for the 50G cable (#417) (11 days ago) [Xinyu Lin]
* 2efe97e - Fix VDM freeze and unfreeze needed for PM stats collection  (#402) (2 weeks ago) [jaganbal-a]
* cb80f17 - Fix issue: QSFP module with id 0x0d can be parsed using 8636 (#412) (3 weeks ago) [Stephen Sun]
2023-12-13 15:41:55 -08:00
mssonicbld
f215595699
[submodule] Update submodule sonic-sairedis to the latest HEAD automatically (#17454)
src/sonic-sairedis

* 9621316 - (HEAD -> 202311, origin/202311) [syncd] Remove notify pointers manual handling (#1326) (2 weeks ago) [Kamil Cudnik]
* 4ee9c25 - Add TestSwitch missing attribute (#1327) (2 weeks ago) [noaOrMlnx]
* 4cbbeed - Add SAI Notification support for host_tx_ready (#1307) (2 weeks ago) [noaOrMlnx]
* 9804bd7 - Fix compilation issue due to PORT_STATE_CHANGE_QUEUE_SIZE undefined (#1324) (3 weeks ago) [Ashish Singh]
2023-12-13 15:34:35 -08:00
mssonicbld
2e8c2eba14
Revert "[swss/syncd] remove dependency on interfaces-config.service (#13084) (#14341)" (#15094) (#17367) (#17447) 2023-12-09 10:22:55 +08:00
Aravind-Subbaroyan
62429a2328
Update cisco-8000.ini (#17429)
FCS/CRC Errors will only be reported as RX_ERR.
Fix to avoid the mac port related errors.
Fix for sharedResSize testcase failure in QoS-SAI
Fix the issue related to voltage in 'show platform psustatus'.
Support WRED drop for lossy queues.
Fixed an issue where lossy traffic was getting dropped.
Enhancement of SAI logging for errors and interrupts
2023-12-07 17:04:45 -08:00
Ying Xie
6d22649c81
[202311] lock down some sub module branches (#17405)
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2023-12-04 18:35:14 -08:00
zitingguo-ms
897a023637 Upgrade xgs SAI version to 8.4.31.0 (#17059)
Why I did it
Upgrade the xgs SAI version to 8.4.31.0 to include the following changes:

8.4.22.0: [SDK upgrade][CSP CS00012314723][SAI_BRANCH rel_ocp_sai_8_4] SID:bcmtmPfcDdrScan thread takes 100% CPU utilization
8.4.23.0: [SDK upgrade][CSP CS00012290176[SAI_BRANCH rel_ocp_sai_8_4] SDK-323160: bcm_l3_ecmp_member_add returns Table Full error while ISSU
8.4.24.0:
[SDK upgrade]Merge "[CSP NA][SAI_BRANCH rel_ocp_sai_8_4] SID: Software LinkScan Not Catching Short Local/Remote Fault Events" into hsdk_6.5.27_SAI_8.4.0_GA
[SDK upgrade][CSP NA][SAI_BRANCH rel_ocp_sai_8_4] SID: Software LinkScan Not Catching Short Local/Remote Fault Events
8.4.25.0: [SAI_BRANCH rel_ocp_sai_8_4]CLONE - SAI - 8.4 - _brcm_sai_cosq_stat_get errors for CPU queue 41
8.4.26.0: [CSP CS00012307911] Fixed incorrect CPU related SAI port obj encoding/decoding in most subsystems
8.4.27.0: [CSP CS00012309154] [TD3] SAI_STATUS_INVALID_PARAMETER on setting SAI_BUFFER_POOL_ATTR_SIZE, OA crash
8.4.28.0: [CSP CS00012315552] Excessive logging from _brcm_sai_acl_tbl_grp_mbr_migration
8.4.29.0: [CSP CS00012321369] Fix TH2 regression with MMU/pool size
8.4.30.0: [SDK upgrade][CSP CS00012316299][SAI_BRANCH rel_ocp_sai_8_4] L3 entry delete failed when SER error is present
8.4.31.0: [CSP CS00012307911] Revert and limit scope of previous change due to WB issue.
Work item tracking
Microsoft ADO (number only): 26021230
How I did it
Upgrade the SAI version in sai.mk file.

How to verify it
Run advanced reboot on TH2 and TD3:

https://dev.azure.com/mssonic/internal/_build/results?buildId=422024&view=results
https://dev.azure.com/mssonic/internal/_build/results?buildId=423352&view=results
@saiarcot895 run warm reboot from 202012 to target image and they've passed
TH2: https://dev.azure.com/mssonic/internal/_build/results?buildId=423112&view=logs&j=76acabad-01e9-5c52-6fe6-d396d63e85d2&t=0d14fb40-14d5-50ca-4a23-af1778140cbf
TH: https://dev.azure.com/mssonic/internal/_build/results?buildId=423119&view=logs&j=76acabad-01e9-5c52-6fe6-d396d63e85d2&t=0d14fb40-14d5-50ca-4a23-af1778140cbf
TD3: https://dev.azure.com/mssonic/internal/_build/results?buildId=423074&view=logs&j=76acabad-01e9-5c52-6fe6-d396d63e85d2&t=0d14fb40-14d5-50ca-4a23-af1778140cbf
2023-12-04 22:14:03 +00:00
Kebo Liu
2528b70630 [Mellanox] Add special rsyslog filter for MSN2410 platform (#17365)
- Why I did it
Mellanox MSN2410 platforms have a non-functional error log: "ERR pmon#sensord: Error getting sensor data: dps460/#10: Can't read". This error is because of a firmware issue with some PSU, we are not able to upgrade the FW online. Since there is no functional impact, this error log can be ignored safely

- How I did it
Add a new rsyslog rule to the rsyslog-container.conf.j2, if the docker name is pmon and the platform name matches, the new rule will be inserted into the docker rsyslogd.conf

- How to verify it
run regression on the MSN2410 platform to make the error log will not be printed to the syslog.

Signed-off-by: Kebo Liu <kebol@nvidia.com>
2023-12-04 22:14:03 +00:00
Sudharsan Dhamal Gopalarathnam
8c782c91a4 [FRR]zebra: Fix fpm multipath encap addition (#17247)
Why I did it
To fix the EVPN type5 failure seen in FRR when there are multipaths for nexthop. The type5 routes were queued

show ip route vrf Vrf1
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

VRF Vrf1:
B>q 5.5.5.0/24 [200/0] via 30.0.0.2, Vlan100 onlink, weight 1, 00:00:40
  q                    via 40.0.0.3, Vlan100 onlink, weight 1, 00:00:40
C>* 10.0.0.0/24 is directly connected, Vlan10, 00:00:43
B>q 100.0.0.0/24 [200/0] via 30.0.0.2, Vlan100 onlink, weight 1, 00:00:40
  q                      via 40.0.0.3, Vlan100 onlink, weight 1, 00:00:40
Work item tracking
Microsoft ADO (number only):
How I did it
Porting the FRR fix FRRouting/frr#14835

How to verify it
Validated EVPN multipath with the scenario and confirmed its working.
2023-12-04 22:14:03 +00:00
Dev Ojha
15d9177c14 [Snappi] Update snappi module on sonic-mgmt docker (#17269)
* Update snappi module on Dockerfile.j2

* Update snappi module on Dockerfile.j2

* Update snappi module for py2 and venv
2023-12-04 22:14:03 +00:00
Tomer Shalvi
dccc5bf6cf Media_settings.json Validator Update (#16908)
The format of the media_settings.json file was updated to support the Port SI Per Speed Enhancements. Since media_checker is the validator for the media_settings.json file, it needs to be updated to align with the new format.


How I did it
I added six new SI parameter names introduced as part of the Port SI Per Speed Enhancements. Additionally, I implemented handling for the new hierarchy level (lane_speed_key) in the updated media_settings.json format while maintaining backward compatibility with vendors whose JSON does not support port SI per speed.

How to verify it
I locally built the Debian package using 'make target/debs/bullseye/sonic-device-data_1.0-1_all.deb,' and it completed successfully. Jenkins also built the entire image, which includes the media_checker as part of its process.
2023-12-04 22:14:03 +00:00
Pavan-Nokia
451398f801 [Nokia-7215][armhf] Enable Watchdog service (#16612)
Enable CPUWDT service to enable watchdog
2023-12-04 22:14:03 +00:00
Lawrence Lee
7d308e340a [arp_update]: Flush neighbors with incorrect MAC info (#17238)
[arp_update]: Flush MAC mismatch neighbors

- Check for MAC mismatch between neighbor entries in the kernel and APPL_DB
- Flush any entries with a mismatch
2023-12-04 22:14:03 +00:00
Yaqiang Zhu
345064dccb [dhcp_server] Set to build dhcp_server image in vs image (#17340)
Currently in this repo would not build dhcp_server container image by default, which would cause that building issue for dhcp_server introduced by other modules cannot be noticed in time.
This PR is to set build dhcp_server container in vs image.
2023-12-04 22:14:03 +00:00
ShiyanWangMS
936f8689b9 Remove Python3 venv in Python3-only sonic-mgmt-docker (#17337)
How I did it
Remove Python3 venv in Python3-only sonic-mgmt-docker

How to verify it
There is no impact to sonic-mgmt-docker:latest tag.
Build sonic-mgmt-docker with LEGACY_SONIC_MGMT_DOCKER=y, see python3 venv is there.
Build sonic-mgmt-docker with LEGACY_SONIC_MGMT_DOCKER=n, see python3 venv is NOT included.
2023-12-04 22:14:03 +00:00
Xincun Li
b78e3a0d20 Ensure that 'logrotate-config.service' is set as a dependency to start before 'logrotate.service'. (#17312)
* Ensure that 'logrotate-config.service' is set as a dependency to start before 'logrotate.service'.
2023-12-04 22:14:03 +00:00
arista-nwolfe
dfe7c1e720 [Arista]: Disable SA_EQUALS_DA trap on DNX LC SKUs (#17206)
This change was submitted directly to 202205 but it's also needed in master and 202305 with SAI9.x
#13346

There has been a couple CSPs for this as well:
CS00012273013 - [7.1][J2, J2c+] Disable SA Equals DA trap on DNX
CS00012320965 - SAI9.2: iBGP doesn't work due to SA_EQUALS_DA trap

If SA_EQUALS_DA trap is enabled iBGP won't work as the Ethernet-IB0 ports are expected to get packets with SA==DA.

In the VOQ chassis design, for outgoing control plane packets, the packets goes the recycle port for routing, therefore the dmac of the packet should be the asic router mac. The source mac is assigned by the kernel, so it is also the asic router mac.
2023-12-04 22:14:03 +00:00
Yaqiang Zhu
82cebcd690 [dhcp_server] Rename sonic_dhcp_server to sonic_dhcp_utilities (#17276)
Why I did it
sonic_dhcp_server.whl contains not only dhcp_server functionality but also part of dhcp_relay functionality, the existing naming is not appropriate.
2023-12-04 22:14:03 +00:00
Mai Bui
a40daff883 [docker-sonic-mgmt-framework] limit privileged flag for mgmt-framework container (#17217)
Why I did it
HLD implementation: Container Hardening (sonic-net/SONiC#1364)

Work item tracking
Microsoft ADO (number only): 14807420
How I did it
Reduce linux capabilities in privileged flag

How to verify it
Check container's settings: Privileged is false and container only has default Linux caps, does not have extended caps.
2023-12-04 22:14:03 +00:00
Yaqiang Zhu
ab8af94a2c [dhcp_server] Mark dhcp_server docker as Bullseyse docker (#17290)
How I did it
Mark dhcp_server docker as Bullseyse docker

How to verify it
Set INCLUDE_DHCP_SERVER to y and build image, build successfully
2023-12-04 22:14:03 +00:00
Yaqiang Zhu
7764805aa8 [dhcp_server] Add support for only configures 1 ip in dhcp_server range (#17280)
How I did it
Add support for only configures 1 ip in dhcp_server range.
Treat range with value out of order as invalid range.
2023-12-04 22:14:03 +00:00
Pavan-Nokia
6020fbfac3 [armhf][Nokia-7215] Remove platform reboot (#17010) 2023-12-04 22:14:03 +00:00
Vivek
5c36732f3b [lldp] Clean up service start logic owing to port init start optimization (#17268)
Signed-off-by: Vivek Reddy <vkarri@nvidia.com>
2023-12-04 22:14:02 +00:00
Yaqiang Zhu
f48e8b61cf [dhcp_relay] Use dhcprelayd to manage critical processes (#17236)
Modify j2 template files in docker-dhcp-relay. Add dhcprelayd to group dhcp-relay instead of isc-dhcp-relay-VlanXXX, which would make dhcprelayd to become critical process.
In dhcprelayd, subscribe FEATURE table to check whether dhcp_server feature is enabled.
2.1 If dhcp_server feature is disabled, means we need original dhcp_relay functionality, dhcprelayd would do nothing. Because dhcrelay/dhcpmon configuration is generated in supervisord configuration, they will automatically run.
2.2 If dhcp_server feature is enabled, dhcprelayd will stop dhcpmon/dhcrelay processes started by supervisord and subscribe dhcp_server related tables in config_db to start dhcpmon/dhcrelay processes.
2.3 While dhcprelayd running, it will regularly check feature status (by default per 5s) and would encounter below 4 state change about dhcp_server feature:
A) disabled -> enabled
In this scenario, dhcprelayd will subscribe dhcp_server related tables and stop dhcpmon/dhcrelay processes started by supervisord and start new pair of dhcpmon/dhcrelay processes. After this, dhcpmon/dhcrelay processes are totally managed by dhcprelayd.
B) enabled -> enabled
In this scenaro, dhcprelayd will monitor db changes in dhcp_server related tables to determine whether to restart dhcpmon/dhrelay processes.
C) enabled -> disabled
In this scenario, dhcprelayd would unsubscribe dhcp_server related tables and kill dhcpmon/dhcrelay processes started by itself. And then dhcprelayd will start dhcpmon/dhcrelay processes via supervisorctl.
D) disabled -> disabled
dhcprelayd will check whether dhcrelay processes running status consistent with supervisord configuration file. If they are not consistent, dhcprelayd will kill itself, then dhcp_relay container will stop because dhcprelayd is critical process.
2023-12-04 22:14:02 +00:00
Sudharsan Dhamal Gopalarathnam
e86ceaac90 [FRR]Fixing CVEs CVE-2023-46752 CVE-2023-46753 CVE-2023-47234 CVE-2023-47235 (#17259)
Why I did it
Fixing CVEs CVE-2023-46752 CVE-2023-46753 CVE-2023-47234 CVE-2023-47235

Work item tracking
Microsoft ADO (number only):
How I did it
Porting the fixes in the below PRs

FRRouting/frr#14645
FRRouting/frr#14716

How to verify it
Running regression
2023-12-04 22:14:02 +00:00
Kebo Liu
f96742fb98 [Mellanox] Revert LPM implementation to the old way (#17096)
- Why I did it
The current low power mode setting implementation requests the user to set the port to admin down first before toggling LP mode, this is not backward compatible, now revert it to the old way so that the user can toggle the LP mode regardless of the port admin status.

- How I did it
Revert the recent changes related to LPM in PR #14130 and #16545

- How to verify it
Run all sfputil and SFP platform API related tests on all the Mellanox platforms.

Signed-off-by: Kebo Liu <kebol@nvidia.com>
2023-12-04 22:14:02 +00:00
Sudharsan Dhamal Gopalarathnam
8c1bd85830 [yang]Fixing sonic-cfg-help to handle nested container (#17260)
Why I did it
Fixing sonic-cfg-help to handle nested container scenario. In case of nested container, the inner container name acts as key for the table. For e.g.

"AUTO_TECHSUPPORT": {
        "GLOBAL": {
         }
}
Previous output

AUTO_TECHSUPPORT
Description: AUTO_TECHSUPPORT part of config_db.json

+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| Field                   | Description                                        | Mandatory   | Default   | Reference   |
+=========================+====================================================+=============+===========+=============+
| state                   | Knob to make techsupport invocation event-driven   |             |           |             |
|                         | based on core-dump generation                      |             |           |             |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| rate_limit_interval     | Minimum time in seconds between two successive     |             |           |             |
|                         | techsupport invocations. Configure 0 to explicitly |             |           |             |
|                         | disable                                            |             |           |             |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| max_techsupport_limit   | Max Limit in percentage for the cummulative size   |             |           |             |
|                         | of ts dumps. No cleanup is performed if the value  |             |           |             |
|                         | isn't configured or is 0.0                         |             |           |             |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| max_core_limit          | Max Limit in percentage for the cummulative size   |             |           |             |
|                         | of core dumps. No cleanup is performed if the      |             |           |             |
|                         | value isn't congiured or is 0.0                    |             |           |             |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| available_mem_threshold | Memory threshold; 0 to disable techsupport         |             | 10.0      |             |
|                         | invocation on memory usage threshold crossing      |             |           |             |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| min_available_mem       | Minimum Free memory (in MB) that should be         |             | 200       |             |
|                         | available for the techsupport execution to start   |             |           |             |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| since                   | Only collect the logs & core-dumps generated since |             |           |             |
|                         | the time provided. A default value of '2 days ago' |             |           |             |
|                         | is used if this value is not set explicitly or a   |             |           |             |
|                         | non-valid string is provided                       |             |           |             |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+


New output

AUTO_TECHSUPPORT
Description: AUTO_TECHSUPPORT part of config_db.json

key - GLOBAL
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| Field                   | Description                                        | Mandatory   | Default   | Reference   |
+=========================+====================================================+=============+===========+=============+
| state                   | Knob to make techsupport invocation event-driven   |             |           |             |
|                         | based on core-dump generation                      |             |           |             |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| rate_limit_interval     | Minimum time in seconds between two successive     |             |           |             |
|                         | techsupport invocations. Configure 0 to explicitly |             |           |             |
|                         | disable                                            |             |           |             |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| max_techsupport_limit   | Max Limit in percentage for the cummulative size   |             |           |             |
|                         | of ts dumps. No cleanup is performed if the value  |             |           |             |
|                         | isn't configured or is 0.0                         |             |           |             |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| max_core_limit          | Max Limit in percentage for the cummulative size   |             |           |             |
|                         | of core dumps. No cleanup is performed if the      |             |           |             |
|                         | value isn't congiured or is 0.0                    |             |           |             |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| available_mem_threshold | Memory threshold; 0 to disable techsupport         |             | 10.0      |             |
|                         | invocation on memory usage threshold crossing      |             |           |             |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| min_available_mem       | Minimum Free memory (in MB) that should be         |             | 200       |             |
|                         | available for the techsupport execution to start   |             |           |             |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| since                   | Only collect the logs & core-dumps generated since |             |           |             |
|                         | the time provided. A default value of '2 days ago' |             |           |             |
|                         | is used if this value is not set explicitly or a   |             |           |             |
|                         | non-valid string is provided                       |             |           |             |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+


Work item tracking
Microsoft ADO (number only):
How I did it
Fixing sonic-cfg-help tool to handle nested container

How to verify it
Added UT to verify it.
2023-12-04 22:14:02 +00:00