diff --git a/dockers/docker-fpm-frr/frr/zebra/zebra.interfaces.conf.j2 b/dockers/docker-fpm-frr/frr/zebra/zebra.interfaces.conf.j2 index 44e8bca8b9..82b973d37c 100644 --- a/dockers/docker-fpm-frr/frr/zebra/zebra.interfaces.conf.j2 +++ b/dockers/docker-fpm-frr/frr/zebra/zebra.interfaces.conf.j2 @@ -24,5 +24,13 @@ interface {{ pc }} link-detect ! {% endfor %} +{% if (DEVICE_METADATA is defined) and ('localhost' in DEVICE_METADATA) and ('subtype' in DEVICE_METADATA['localhost']) and (DEVICE_METADATA['localhost']['subtype'].lower() == 'dualtor') %} +! Disable link-detect on VLAN interfaces for dualtor +{% for (name, prefix) in VLAN_INTERFACE|pfx_filter|unique(attribute=0) %} +interface {{ name }} +no link-detect +! +{% endfor %} +{% endif %} {% endblock interfaces %} ! diff --git a/platform/broadcom/sai.mk b/platform/broadcom/sai.mk index 341cfc8662..c589fa8fda 100644 --- a/platform/broadcom/sai.mk +++ b/platform/broadcom/sai.mk @@ -1,4 +1,4 @@ -LIBSAIBCM_XGS_VERSION = 8.4.39.2 +LIBSAIBCM_XGS_VERSION = 8.4.41.0 LIBSAIBCM_DNX_VERSION = 9.2.12.1 LIBSAIBCM_XGS_BRANCH_NAME = SAI_8.4.0_GA LIBSAIBCM_DNX_BRANCH_NAME = SAI_9.2.0.3 diff --git a/src/sonic-config-engine/tests/sample_output/py2/zebra_frr_dualtor.conf b/src/sonic-config-engine/tests/sample_output/py2/zebra_frr_dualtor.conf new file mode 100644 index 0000000000..0f49b229b8 --- /dev/null +++ b/src/sonic-config-engine/tests/sample_output/py2/zebra_frr_dualtor.conf @@ -0,0 +1,49 @@ +! +! =========== Managed by sonic-cfggen DO NOT edit manually! ==================== +! generated by templates/zebra/zebra.conf.j2 using config DB data +! file: zebra.conf +! +! +! Force disable next hop group support +no zebra nexthop kernel enable +! Uses the old known FPM behavior of including next hop information in the route (e.g. RTM_NEWROUTE) messages +no fpm use-next-hop-groups +! +fpm address 127.0.0.1 +! +! template: common/daemons.common.conf.j2 +! +hostname switch-t0 +password zebra +enable password zebra +! +log syslog informational +log facility local4 +! +! end of template: common/daemons.common.conf.j2! +! +! +! Enable nht through default route +ip nht resolve-via-default +ipv6 nht resolve-via-default +! Enable link-detect (default disabled) +interface PortChannel03 +link-detect +! +interface PortChannel02 +link-detect +! +interface PortChannel01 +link-detect +! +interface PortChannel04 +link-detect +! +! Disable link-detect on VLAN interfaces for dualtor +interface Vlan2000 +no link-detect +! +interface Vlan1000 +no link-detect +! +!! diff --git a/src/sonic-config-engine/tests/sample_output/py3/zebra_frr_dualtor.conf b/src/sonic-config-engine/tests/sample_output/py3/zebra_frr_dualtor.conf new file mode 100644 index 0000000000..2741ba54cf --- /dev/null +++ b/src/sonic-config-engine/tests/sample_output/py3/zebra_frr_dualtor.conf @@ -0,0 +1,49 @@ +! +! =========== Managed by sonic-cfggen DO NOT edit manually! ==================== +! generated by templates/zebra/zebra.conf.j2 using config DB data +! file: zebra.conf +! +! +! Force disable next hop group support +no zebra nexthop kernel enable +! Uses the old known FPM behavior of including next hop information in the route (e.g. RTM_NEWROUTE) messages +no fpm use-next-hop-groups +! +fpm address 127.0.0.1 +! +! template: common/daemons.common.conf.j2 +! +hostname switch-t0 +password zebra +enable password zebra +! +log syslog informational +log facility local4 +! +! end of template: common/daemons.common.conf.j2! +! +! +! Enable nht through default route +ip nht resolve-via-default +ipv6 nht resolve-via-default +! Enable link-detect (default disabled) +interface PortChannel01 +link-detect +! +interface PortChannel02 +link-detect +! +interface PortChannel03 +link-detect +! +interface PortChannel04 +link-detect +! +! Disable link-detect on VLAN interfaces for dualtor +interface Vlan1000 +no link-detect +! +interface Vlan2000 +no link-detect +! +!! diff --git a/src/sonic-config-engine/tests/test_frr.py b/src/sonic-config-engine/tests/test_frr.py index 3b89f9452c..92deef9227 100644 --- a/src/sonic-config-engine/tests/test_frr.py +++ b/src/sonic-config-engine/tests/test_frr.py @@ -74,3 +74,7 @@ def test_zebra_frr(self): def test_bgpd_frr_dualtor(self): extra_data = {"DEVICE_METADATA": {"localhost": {"subtype": "DualToR"}}} self.assertTrue(*self.run_case('bgpd/bgpd.conf.j2', 'bgpd_frr_dualtor.conf', extra_data=extra_data)) + + def test_zebra_frr_dualtor(self): + extra_data = {"DEVICE_METADATA": {"localhost": {"subtype": "DualToR"}}} + self.assertTrue(*self.run_case('zebra/zebra.conf.j2', 'zebra_frr_dualtor.conf', extra_data=extra_data)) diff --git a/src/tacacs/bash_tacplus/bash_tacplus.c b/src/tacacs/bash_tacplus/bash_tacplus.c index 82f57c724c..85756de319 100644 --- a/src/tacacs/bash_tacplus/bash_tacplus.c +++ b/src/tacacs/bash_tacplus/bash_tacplus.c @@ -471,8 +471,9 @@ int on_shell_execve (char *user, int shell_level, char *cmd, char **argv) fprintf(stdout, "%s not authorized by TACACS+ with given arguments, not executing\n", cmd); break; default: + // when command reject by server, authorization will failed immediately fprintf(stdout, "%s authorize failed by TACACS+ with given arguments, not executing\n", cmd); - break; + return ret; } if ((tacacs_ctrl & AUTHORIZATION_FLAG_LOCAL) == 0) {