[vnetorch]: Use metadata matching for tunnel (#841)
[aclorch]: Add ICMP type/code match for v4/v6 (#868)
[restore_neighbors] fix failure with scapy 2.4.2 (#862)
[intfsorch] Fix bug for VRF existence check (#882)
Return 0 for CRM counter instead of None if no match (#879)
Undo skipping Vnet tests, Vrf check before enslaving (#857)
[Makefile]: Remove header files from source files (#883)
Signed-off-by: Shu0T1an ChenG <shuche@microsoft.com>
* Switch the nss look up order as "compat" followed by "tacplus".
This helps use the legacy passwd file for user info and go to tacacs only if not found.
This means, we never contact tacacs for local users like "admin".
This isolates local users from any issues with tacacs servers.
W/o this fix, the sudo commands by local users could take <count of servers> * <tacacs timeout> seconds, if the tacacs servers are unreachable.
* Skip tacacs server access for local non-tacacs users.
Revert the order of 'compat tacplus' to original 'tacplus compat' as tacplus
access is required for all tacacs users, who also get created locally.
- Add ebtables package, and install some filter rules:
1. ebtables -A FORWARD -d BGA -j DROP
2. ebtables -A FORWARD -p ARP -j DROP
Basically, we let the ARP packets in the VLAN being forwarded by the ASIC,
kernel gets a copy of these ARP packets and the forwarding from Kenerl gets
dropped. So there is always only one copy of ARP/response in the VLAN.
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* [platform/cel] Implement FAN APIs based on the new platform API
* [platform/cel] Move platform api to under device platform
* [platform/cel] Remove rule to build platform api python wheel
- use superviord to manage process in frr docker
- intro separated configuration mode for frr
- bring quagga configuration template to frr.
Signed-off-by: Guohan Lu <gulv@microsoft.com>
Submodule src/sonic-swss ea4cba6..f8792d5:
> [watermarkorch] only perform periodic clear if the polling is on (#781)
> [arp] copy arp IO to cpu instead of trap and drop (#812)
> fix bad parameter for gCrmOrch->incCrmAclUsedCounter in qosorch (#830)
> [test_watermark] avoid watermark clear vs test random failure (#873)
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* catch signal SIGINT and SIGTERM to set all fans full-speed before end fan monitor.
Signed-off-by: roy_lee <roy_lee@accton.com>
* Add fan_control monitor for as7816-64x.
Signed-off-by: roy_lee <roy_lee@accton.com>
* Fix typo.
Signed-off-by: roy_lee <roy_lee@accton.com>
* Correct typo and duty setting after verified.
Signed-off-by: roy_lee <roy_lee@accton.com>
* [frr]: change frr as default sonic routing stack
* fix quagga configuration
* [vstest]: fix bgp test for frr
* [vstest]: skip bgp/test_invalid_nexthop.py for frr
Signed-off-by: Guohan Lu <gulv@microsoft.com>
* [service] Restart SwSS Docker container if orchagent exits unexpectedly
* Configure systemd to stop restarting swss if it attempts to restart more than 3 times in 20 minutes
* Move supervisor-proc-exit-listener script
* [docker-dhcp-relay] Enhance wait_for_intf.sh.j2 to utilize STATEDB
* Ensure dependent services stop/start/restart with SwSS
* Change 'StartLimitInterval' to 'StartLimitIntervalSec', as Stretch installs systemd 232 (>= v230)
* Also update journald.conf options
* Remove 'PartOf' option from unit files
* Add '$(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT)' to new shared docker-orchagent makefile
* Make supervisor-proc-exit-listener script read from 'critical_processes' file inside container
* Update critical_processes file for swss container
Submodule src/sonic-utilities 6ee0aea..b531934:
> [db migrator] Introduce the DB migration infrastructure (#519)
> Skip INTERFACE entries w/o prefix (#477)
> Bring queue storm status to 'pfcwd show stats' (#500)
> Align PSU DB count field with the schema Spec. (#509)
> [scripts] remove duplicate script copying for nbrshow (#517)
> If fast-reboot-dump gives an error, don't continue with fast-reboot (#515)
> load_minigraph: restart hostcfgd (#511)
> [fast/warm reboot] add some sanity check before warm reboot (#510)
> show BPS, PPS, UTIL rates w/o previous clear (#508)
> In sync with our latest change, where we default failthrough to be False. (#507)
> Add warm-boot feature processing for wedge100bf_32x/65x platforms (#485)
> [generate_dump] system dump improvements (#503)
> [neighbor advertiser] convert int to string before concatenating (#505)
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* DellEMC S6000, xcvrd support
* sleep 1 second to avoid busy looping
* removal of dead code
* Correct typo error to 1 second
* Introduced 1 second sleep
* Revamped script with blocking call support
* get_transceiver_change_event api definition update
* adding timeout support for get_transceiver_change_event
Port libteam patch which fixes the race condition we observed during
warm reboot.
Remove early patches: 0006, 0008, 0009.
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* Base DHCP relay Docker image on Strech base Docker
* Change URL for isc-dhcp source repository
* Upgrade isc-dhcp source branch to 4.3.5-3.1
* Update patch #0001 to apply to isc-dhcp 4.3.5-3.1
* Update patch #0002 to apply to isc-dhcp 4.3.5-3.1
* Update patch #0003 to apply to isc-dhcp 4.3.5-3.1
* Update patch #0004 to apply to isc-dhcp 4.3.5-3.1
* Remove security patches, as they are now applied as part of 4.3.5-3.1 source
* Reorder patches to apply bug fix first, then features
* Extend makefile to build debug Docker image
* Update commit that series file applies against
SWSS clears DB tables, if teamd is not started after swss, there is a
race condition that swss might clear vital teamd information.
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* Add bridge-utils to orchagent image
- Add vxlanmgrd to supervisorctl in docker -orchagent
Signed-off-by: Ze Gan zegan@microsoft.com
* Update submodule pointer for swss to include Vxlanmgrd changes
The base syncd dockers follow a template, which defines the base docker as DOCKER_SYNCD_BASE instead of DOCKER_SYNCD_. Fix the docker-syncd-<mlnx, bfn>.mk to use the new one.
This service (weekly) will let SSD firmware to do the garbage collection
after file-system deleted files. It could avoid slowness or
even READ-ONLY error due to SSD not being able to free the pages
even though the file system thinks there was a lot of space left.
Signed-off-by: Zhenggen Xu <zxu@linkedin.com>
Overall goal: Build debug images for every stretch docker.
An earlier PR (#2789) made the first cut, by transforming broadcom/orchagent to build target/docker-orhagent-dbg.gz.
Changes in this PR:
Made docker-orchagent build to be platform independent.
1.1) Created rules/docker_orchagent.mk
1.2) Removed platform//docker-orchagent-*.mk
1.3) Removed the corresponding entry from platform//rules.mk
Extended the debug docker image build to stretch based syncd dockers.
2.1) For now, only mellanox & barefoot are stretch based.
2.2) All the common variable definitions are put in one place platform/template/docker-syncd-base.mk
2.3) platform/[mellanox, bfn]/docker-syncd-[mlnx, bfn].mk are updated as detailed below.
2.3.1) Set platform code and include template base file
2.3.2) Add the dependencies & debug dependencies and any update over what base template offers.
Extended all stretch based non-platform dockers to build debug dockers too.
3.1) Affected are:
docker-database.mk,
docker-platform-monitor.mk,
docker-router-advertiser.mk,
docker-teamd.mk,
docker-telemetry.mk
Next: Build debug flavor of final images with regular dockers replaced with debug dockers where available.
