This repository was archived by the owner on Jan 3, 2023. It is now read-only.
Merged
Conversation
* [quagga]: update quagga submodule 0bc6bd6 2018-05-11 | ignore nexthop attribute when NLRI is present (#18) (HEAD, origin/debian/0.99.24.1, origin/HEAD) [lguohan] Signed-off-by: Guohan Lu <[email protected]> * add vs bgp test Signed-off-by: Guohan Lu <[email protected]>
[lua]: use not to check whether the field exists (sonic-net#492) [PFCWD]: Periodically poll WD counters (sonic-net#473) [teamsyncd]: Add team_ifindex2ifname return value check (sonic-net#500) [qos]: fix SAI_BUFFER_PROFILE_ATTR_SHARED_DYNAMIC_TH value mismatch bug (sonic-net#495) [copporch]: Add SAI_HOSTIF_TRAP_TYPE_UDLD (sonic-net#480) Signed-off-by: Shu0T1an ChenG <[email protected]>
…l classes: retry after reinit_data() throws (sonic-net#1700)
…#1706) Adds a platform_reboot script for 7050QX-32, 7050QX-32S and 7060CX-32S. This allow a proper cold reboot to happen.
…nic-net#1716) * [fast-reboot]: support encoded & gzipped minigraph in fast reboot Signed-off-by: Guohan Lu <[email protected]> * add acl.json and snmp.yml into fast-reboot Signed-off-by: Guohan Lu <[email protected]>
Signed-off-by: Volodymyr Samotiy <[email protected]>
Signed-off-by: Guohan Lu <[email protected]>
Signed-off-by: Guohan Lu <[email protected]>
…c-net#1729) * Update sonic-sairedis and sonic-swss submodules * Update sonic-swss submodule. Don't collect unwanted counters * sonic-swss-common update too
This commit adds new code to support z9100 PFC T0 support with broadcom recommended MMU settings for PFC feature. Unit tested the setting by loading sonic-broadcom.bin and checking the hardware for the values from the JSON file. The T0 configs supports fan-out of 100G ports on Z9100. Added new config.bcm for fanout of 100G ports and tested the fanout by sending traffic using bcmcmd, new config.bcm file will be copied to /usr/share/sonic/hwsku/th-z9100-8x100-48x50G.config.bcm. The sai.profile file is updated to point to hwsku directory. Signed-off-by: Harish Venkatraman <[email protected]>
This commit adds new code to support z9100 PFC T1 support with broadcom recommended MMU settings for PFC feature. Unit tested the setting by loading sonic-broadcom.bin and checking the hardware for the values from the JSON file. Added the config.bcm file th-z9100-32x100G.config.bcm to this folder and updated the sai.profile file to point to hwsku directory. sai.profile now points to /usr/share/sonic/hwsku/th-z9100-32x100G.config.bcm Signed-off-by: Harish Venkatraman <[email protected]>
…andles missing PSU (sonic-net#1732)
…0-QX32, 7050-QX-32S (sonic-net#1733)
…c-net#1727) * Add noise config for PortChannel & EthernetInterface in simple-sample-graph.xml * Add noise config for PORTCHANNEL_INTERFACE in simple-sample-graph.xml Signed-off-by: Wenda <[email protected]> * Add noice config for DEVICE_NEIGHBOR in t0-sample-graph.xml Add unit test against introducing ports not existing in port_config.ini into DEVICE_NEIGHBOR Signed-off-by: Wenda <[email protected]> * DeviceInterfaceLink in minigraph.xml can contain port not existing in port_config.ini but contraining non-zero Bandwidth attribute Add noice config in simple-sample-graph.xml to capture the case that such a port is leaked into config_db.json Signed-off-by: Wenda <[email protected]> * Protect PORTCHANNEL from ports not existing in port_config.ini Signed-off-by: Wenda <[email protected]> * Protect PORTCHANNEL_INTERFACE from portchannels containing ports not existing in port_config.ini Signed-off-by: Wenda <[email protected]> * Protect DEVICE_NEIGHBOR from ports not existing in port_config.ini Signed-off-by: Wenda <[email protected]> * Add noise config Ethernet1 in DeviceInterfaceLinks in simple-sample-graph.xml as it is in PortChannel1001 Signed-off-by: Wenda <[email protected]> * Add noise config Ethernet1 in DeviceInterfaceLinks in simple-sample-graph.xml as it is in PortChannel1001 Signed-off-by: Wenda <[email protected]> * Protect PORTCHANNEL from ports not existing in port_config.ini Signed-off-by: Wenda <[email protected]> * Protect PORTCHANNEL_INTERFACE from portchannels containing ports not existing in port_config.ini Signed-off-by: Wenda <[email protected]> * Protect DEVICE_NEIGHBOR from ports not existing in port_config.ini Signed-off-by: Wenda <[email protected]> * Correct space in minigraph.py Signed-off-by: Wenda <[email protected]> * Does not allow non-port_config.ini port to get into the port list Signed-off-by: Wenda <[email protected]> * Check PORTCHANNEL against PORT list only if port_config_file exists Signed-off-by: Wenda <[email protected]> * Correct format Signed-off-by: Wenda <[email protected]> * print warning when a port coming from DeviceInterfaceLink is not in port_config.ini Signed-off-by: Wenda <[email protected]> * Change Ethernet1 and 2 to fortyGigE0/1 and 2,respectively Signed-off-by: Wenda <[email protected]> * Change Ethernet1 and 2 to fortyGigE0/1 and 2,respectively Signed-off-by: Wenda <[email protected]> * print warning when ignoring ports, portchannels, portchannel interfaces, and device neighbors Update t0-sample-graph.xml with interface name 'fortyGigE0/2' and the ACL_TABLE output Signed-off-by: Wenda <[email protected]>
…1740) Signed-off-by: Ying Xie <[email protected]>
Signed-off-by: Ying Xie <[email protected]>
* [rc.local] refactor platform identification code to separate function Signed-off-by: Ying Xie <[email protected]> * [rc.local] infrastructure to take action according to installer.conf * [serial port watchdog] add service to watch serial port processes Monitor serial port processes. Kill ones stuck for too long. Signed-off-by: Ying Xie <[email protected]> * [rc.local] start watchdog on serial port specified by installer.conf Signed-off-by: Ying Xie <[email protected]>
…ed ACL table configuration (sonic-net#1712) * Fix minigraph parser issue when handling LAG related ACL table configuration * rephrase the warning message. * pick up swss change in sonic-net/sonic-swss#494
…et#1739) * Add QoS and Buffers config for Mellanox MSN2410 Signed-off-by: Andriy Moroz <[email protected]> * Add QoS and Buffers config for Mellanox MSN2100 Signed-off-by: Andriy Moroz <[email protected]>
…al (sonic-net#1752) * [serial watchdog] remove serial watchdog service dependency to rc.local When restarting this service in rc.local, the dependency causes an error in syslog. Removing the dependency to mute the error log entry. * remove lines with empty inputs
Signed-off-by: Wenda <[email protected]>
Signed-off-by: Guohan Lu <[email protected]>
…thon (sonic-net#1756) https://github.com/Azure/azure-kusto-python azure-kusto-data Package provides the capability to query Kusto clusters with Python. azure-kusto-ingest Package allows sending data to Kusto service - i.e. ingest data. The removed package adal is a dependent of the Azure Kusto Library. The removed azure-storage is deprecated and being replaced with new packages that are also the dependents of the Azure Kusto Library. (https://github.com/Azure/azure-storage-python) Signed-off-by: Shu0T1an ChenG <[email protected]>
* Revert "[serial watchdog] remove serial watchdog service dependency to rc.local (sonic-net#1752)" * Revert "[service] introducing serial port watchdog service (sonic-net#1743)"
…ptables/ip6tables accordingly (sonic-net#1767) * [caclmgrd] Heuristically determine whether ACL is IPv4 or IPv6, use iptables/ip6tables accordingly * Check all rules in table until we find one with a SRC_IP
bcmsh is not copied to /usr/bin/ at host side
…-net#1748) * [slave.mk]: Fix displaying username and password in build summary We display contents of DEFAULT_USERNAME and DEFAULT_PASSWORD, while image can be build with USERNAME and/or PASSWORD given on make(1) command line. For example: $ make USERNAME=adm PASSWORD=mypass target/sonic-broadcom.bin Fix by displaying USERNAME and PASSWORD variables in build summary. Signed-off-by: Sergey Popovich <[email protected]> * [baseimage]: Improve default user account handling There are couple of issues with current implementation of default user account management in baseimage: 1) It uses DES to encrypt accounts password. Furthermore this effectively limits password length to 8 symbols, even if more provided with PASSWORD or DEFAULT_PASSWORD from rules/config. 2) Salt value for password is same on all builds even with different password increasing attack surface. 3) During the build process password passed as command line parameter either as plain text (if given to make(1) as "make PASSWORD=...") or DES encrypted (if given to build_debian.sh) can be seen by non-build users using /proc/<pid>/cmdline file that has group and world readable permissions. Both 1) and 2) come from: perl -e 'print crypt("$(PASSWORD)", "salt"),"\n"')" that by defalt uses DES if salt does not have format $<id>$<salt>$, where <id> is hashing function id. See crypt(3) for more details on valid <id> values. To address issues above we propose following changes: 1) Do not create password by hands (e.g. using perl snippet above): put this job to chpasswd(8) which is aware about system wide password hashing policy specified in /etc/login.defs with ENCRYPT_METHOD (by default it is SHA512 for Debian 8). 2) Now chpasswd(8) will take care about proper salt value. 3) This has two steps: 3.1) For compatibility reasons accept USERNAME and PASSWORD as make(1) parameters, but warn user that this is unsafe. 3.2) Use process environment to pass USERNAME and PASSWORD variables from Makefile to build_debian.sh as more secure alternative to passing via command line parameters: /proc/<pid>/environ readable only by user running process or privileged users like root. Before change: -------------- hash1 ----- # u='admin' # p="$(LANG=C perl -e 'print crypt("YourPaSs", "salt"),"\n"')" ^^^^^^^^ 8 symbols # echo "$u:$p" | chpasswd -e # getent shadow admin admin:sazQDkwgZPfSk:17680:0:99999:7::: ^^^^^^^^^^^^^ Note the hash (DES encrypted password) hash2 ----- # u='admin' # p="$(LANG=C perl -e 'print crypt("YourPaSsWoRd", "salt"),"\n"')" ^^^^^^^^^^^^ 12 symbols # echo "$u:$p" | chpasswd -e # getent shadow admin admin:sazQDkwgZPfSk:17680:0:99999:7::: ^^^^^^^^^^^^^ Hash is the same as for "YourPaSs" After change: ------------- hash1 ----- # echo "admin:YourPaSs" | chpasswd # getent shadow admin admin:$6$1Nho1jHC$T8YwK58FYToXMFuetQta7/XouAAN2q1IzWC3bdIg86woAs6WuTg\ ^^^^^^^^ Note salt here ksLO3oyQInax/wNVq.N4de6dyWZDsCAvsZ1:17681:0:99999:7::: hash2 ----- # echo "admin:YourPaSs" | chpasswd # getent shadow admin admin:$6$yKU5g7BO$kdT02Z1wHXhr1VCniKkZbLaMPZXK0WSSVGhSLGrNhsrsVxCJ.D9\ ^^^^^^^^ Here salt completely different from case above plFpd8ksGNpw/Vb92hvgYyCL2i5cfI8QEY/:17681:0:99999:7::: Since salt is different hashes for same password different too. hash1 ----- # LANG=C perl -e 'print crypt("YourPaSs", "\$6\$salt\$"),"\n"' ^^^^^ We want SHA512 hash $6$salt$qkwPvXqUeGpexO1vatnIQFAreOTXs6rnDX.OI.Sz2rcy51JrO8dFc9aGv82bB\ yd2ELrIMJ.FQLNjgSD0nNha7/ hash2 ----- # LANG=C perl -e 'print crypt("YourPaSsWoRd", "\$6\$salt\$"),"\n"' $6$salt$1JVndGzyy/dj7PaXo6hNcttlQoZe23ob8GWYWxVGEiGOlh6sofbaIvwl6Ho7N\ kYDI8zwRumRwga/A29nHm4mZ1 Now with same "salt" and $<id>$, and same 8 symbol prefix in password, but different password length we have different hashes. Signed-off-by: Sergey Popovich <[email protected]>
Signed-off-by: Stepan Blyschak <[email protected]>
Signed-off-by: Stepan Blyschak <[email protected]>
…rdes_firmware_mode_xe=0x1' line (sonic-net#1779) * Add Broadcom config files for Arista-7050-QX32 and Arista-7050-Q16S64 SKUs under respective directories * Remove 'serdes_firmware_mode_xe=0x1' line from Arista 7050 Broadcom config files
Signed-off-by: Qi Luo <[email protected]>
…an Stretch (sonic-net#1795) Signed-off-by: Qi Luo <[email protected]>
Fix mirror session destination update bug causing no resources issue Signed-off-by: Shu0T1an ChenG <[email protected]>
) Signed-off-by: Qi Luo <[email protected]>
…nds fixed (sonic-net#1798) Signed-off-by: Denis Maslov <[email protected]>
…ed (sonic-net#1801) * Manually send SIGHUP to vtysh when the current session was disconnected * Address comments
mkbalani
pushed a commit
that referenced
this pull request
Oct 4, 2018
Use single start script for all platforms and remove symbolic links Change path to system eeprom Signed-off-by: marian-pritsak <[email protected]>
sunesh
pushed a commit
that referenced
this pull request
Dec 22, 2018
…-net#2339) - Merge pull request #18 from yxieca/no_buffering - Revert "Pep 8 compliance, code cleanup (#15)" (#16) - Pep 8 compliance, code cleanup (#15) - add detailed comments for get_transceiver_change_event (#12) Signed-off-by: Ying Xie <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
- What I did
- How I did it
- How to verify it
- Description for the changelog
- A picture of a cute animal (not mandatory but encouraged)