[ZTP]: Add DHCP_L2 and DHCPV6_L2 traps to COPP trap map#11
Closed
[ZTP]: Add DHCP_L2 and DHCPV6_L2 traps to COPP trap map#11
Conversation
…ctive ACL binding (sonic-net#2165)" (sonic-net#2306) This reverts commit 390cae1.
What I did Fix issue sonic-net/sonic-buildimage#10850 partially by adding sanity check in port_rates.lua. If the must-have counters of one port are not able to get, skip its rate computation. Why I did it It avoids port_rates.lua execution exits abnormally.
…2308) **What I did** Purge package sonic-db-cli which depends on libswsscommon **Why I did it** Since sonic-db-cli depends on libswsscommon, we could not simply only purge libswsscommon, so we purge both together.
* Two fixes: sleep after stop and check values in routes
…ts buffer queue/pg counters (sonic-net#2143)" (sonic-net#2315) This reverts commit eba212d.
* Combine PG3 and PG4 to PG3-4 Signed-off-by: bingwang <[email protected]>
Return the next hop weight obtained from kernel as-is. Sample next hop weight: admin@svcstr-7050-acs-4:~$ ip route show 193.11.248.128/25 193.11.248.128/25 nhid 1452 proto bgp src 10.1.0.33 metric 20 nexthop via 10.0.1.61 dev PortChannel103 weight 1 nexthop via 10.0.1.63 dev PortChannel104 weight 1 nexthop via 10.0.1.59 dev PortChannel102 weight 1 nexthop via 10.0.1.57 dev PortChannel101 weight 1 Signed-off-by: Ying Xie <[email protected]>
*After the latest changes in this PR sonic-net#2190 an issue was introduced. When the tunnel was deleted the TunnelTermEntries were deleted from ASIC but not from the OA cache. Due to that then the same tunnel is created the TunnelTermEntries are not created as OA has it in local cache. Signed-off-by: Myron Sosyak <[email protected]>
… values are equal (sonic-net#2327) * [crmorch] Prevent exceededLogCounter from resetting when low and high values are equal
…nic-net#2314) * Apply DSCP_TO_TC_MAP|AZURE to switch level Signed-off-by: bingwang <[email protected]>
* [ci] Fix test stage retry failure issue.
*[intfmgr]: Set proxy_arp kernel param Signed-off-by: Lawrence Lee <[email protected]>
…et#2155) * Fix DTel acl rule creation The significant rewrite of aclorch when adding ACL_TABLE_TYPE configuration caused a bug that prevents configuration of any DTel rules. This is due to use of an incorrect set of enum mappings while determining which type of AclRule to create.
…s reload flows (sonic-net#2262) What I did Enhance the mock test of the dynamic buffer manager in port remove and config qos clear flow and fix bugs during mock test implementation Implement mock method ProduceStateTable::del Signed-off-by: Stephen Sun [email protected] How I verified it Run regression test, mock test, vs test, and manual test. Details if related 1. Support mock test for dynamic buffer manager config qos clear and reclaiming buffer Remove port 2. Handle port remove/create flow Cache cable length for a port Try reclaiming unused buffer when maximum buffer parameters are received for a port whose state is ADMIN_DOWN and m_bufferCompletelyInitialized is true 3. Handle config qos clear If all buffer pools are removed when m_bufferPoolReady is true, remove all zero pools and profiles. Reload zero profiles and pools if they have not been loaded when reclaiming buffer
Signed-off-by: bingwang <[email protected]>
…h swssconfig #11046" (sonic-net#2332) * Fix updated to not flush static mac
…2326) [Dtel] Fix set user vrf in DTel report session and confirm the DTel report sent out via the user vrf
What I did This PR is to fix ACL table creation failure for certain types. We saw PFCWD table failed to be created at EGRESS stage. The error logs are Jun 21 07:00:03.409283 str2-7050cx3-acs-08 ERR syncd#syncd: [none] SAI_API_ACL:_brcm_sai_create_acl_table:11205 field group config create failed with error Feature unavailable (0xfffffff0). Jun 21 07:00:03.409738 str2-7050cx3-acs-08 ERR syncd#syncd: [none] SAI_API_ACL:brcm_sai_create_acl_table:298 create table entry failed with error -2. Jun 21 07:00:03.409738 str2-7050cx3-acs-08 ERR syncd#syncd: :- sendApiResponse: api SAI_COMMON_API_CREATE failed in syncd mode: SAI_STATUS_NOT_SUPPORTED Jun 21 07:00:03.409780 str2-7050cx3-acs-08 ERR syncd#syncd: :- processQuadEvent: attr: SAI_ACL_TABLE_ATTR_ACL_BIND_POINT_TYPE_LIST: 1:SAI_ACL_BIND_POINT_TYPE_PORT Jun 21 07:00:03.409820 str2-7050cx3-acs-08 ERR syncd#syncd: :- processQuadEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_IN_PORTS: true Jun 21 07:00:03.409820 str2-7050cx3-acs-08 ERR syncd#syncd: :- processQuadEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_TC: true Jun 21 07:00:03.410144 str2-7050cx3-acs-08 ERR syncd#syncd: :- processQuadEvent: attr: SAI_ACL_TABLE_ATTR_ACL_ACTION_TYPE_LIST: 2:SAI_ACL_ACTION_TYPE_PACKET_ACTION,SAI_ACL_ACTION_TYPE_COUNTER Jun 21 07:00:03.410144 str2-7050cx3-acs-08 ERR syncd#syncd: :- processQuadEvent: attr: SAI_ACL_TABLE_ATTR_ACL_STAGE: SAI_ACL_STAGE_EGRESS Jun 21 07:00:03.410144 str2-7050cx3-acs-08 ERR swss#orchagent: :- create: create status: SAI_STATUS_NOT_SUPPORTED Jun 21 07:00:03.410144 str2-7050cx3-acs-08 ERR swss#orchagent: :- addAclTable: Failed to create ACL table pfcwd_egress The root cause for the issue is SAI_ACL_TABLE_ATTR_FIELD_IN_PORTS is not supported at EGRESS stage. This PR addressed the issue by adding match field according to the stage. For ACL type TABLE_TYPE_PFCWD and TABLE_TYPE_DROP at INGRESS stage, the match field SAI_ACL_TABLE_ATTR_FIELD_IN_PORTS is added, while for EGRESS the field is not added. Why I did it To fix ACL table creation issue. How I verified it Verified by vstest test_acl.py::TestAcl::test_AclTableMandatoryMatchFields[ingress] PASSED [ 87%] test_acl.py::TestAcl::test_AclTableMandatoryMatchFields[egress] PASSED [ 90%] Verified by building a new image and run on a TD3 device. Signed-off-by: bingwang <[email protected]>
* Default macsec poll interval 10s, except of xpn1s * Correct COUNTERS_MACSEC_NAME_MAP entry in GB_COUNTERS_DB for gearbox macsec * Support macsec flex couner config * Correct port flex counter config for gearbox * Add IN_UCAST_PKTS/IN_NON_UCAST_PKTS/OUT_UCAST_PKTS/OUT_NON_UCAST_PKTS in gearbox port counter list
- What I did Added Sflow gtest - Why I did it Improve sflow orcagent coverage - How I verified it ayurkiv@487e531606e9:/sonic/src/sonic-swss/tests/mock_tests$ ./tests --gtest_filter=SflowOrchTest* Running main() from /build/googletest-YnT0O3/googletest-1.10.0.20201025/googletest/src/gtest_main.cc Note: Google Test filter = SflowOrchTest* [==========] Running 2 tests from 1 test suite. [----------] Global test environment set-up. [----------] 2 tests from SflowOrchTest [ RUN ] SflowOrchTest.SflowEnableDisable [ OK ] SflowOrchTest.SflowEnableDisable (46 ms) [ RUN ] SflowOrchTest.SflowCreateDelete [ OK ] SflowOrchTest.SflowCreateDelete (46 ms) [----------] 2 tests from SflowOrchTest (92 ms total) [----------] Global test environment tear-down [==========] 2 tests from 1 test suite ran. (93 ms total) [ PASSED ] 2 tests. Signed-off-by: Andriy Yurkiv <[email protected]>
* Add/remove macsec name map w/o gearbox correctly * Add macsec counter unit test
…ns #11235 (sonic-net#2351) Signed-off-by: rck-innovium <[email protected]>
- What I did using a copy of FDBEntry fields (stored in FDBUpdate) instead of a reference since the reference gets invalidated in the storeFdbEntryState() simplified clearFdbEntry() interface - Why I did it To fix the memory usage issue The issue is that the SWSS_LOG_INFO() uses the mac&, port_alias&, and bv_id& which are invalidated in the storeFdbEntryState(). - How I verified it Run the tests that were used to find the issues and checked the ASAN report Signed-off-by: Yakiv Huryk <[email protected]>
- What I did Optimize swssconfig: 1. Use unix socket 2. Cache producer table to avoid create it for same table name - Why I did it We found that generating large scale static routes via swssconfig is very slow. - How I verified it After the optimization, generating 100K routes via swssconfig take 2 seconds, however, before the optimization it takes > 60 seconds.
…storm is detected (sonic-net#2304) What I did Avoid dropping traffic that is ingressing the port/pg that is in storm. The code changes in this PR avoid creating the ingress zero pool and profile and does not attach any zero profile to the ingress pg when pfcwd is triggered Revert changes related to sonic-net#1480 where the retry mechanism was added to BufferOrch which caches the task retries and while the PG is locked by PfcWdZeroBufferHandler. Revert changes related to sonic-net#2164 in PfcWdZeroBufferHandler & ZeroBufferProfile & BufferOrch. Updated UT's accordingly How I verified it UT's. Ran the sonic-mgmt test with these changes sonic-net/sonic-mgmt#5665 and verified if they've passed. Signed-off-by: Vivek Reddy Karri <[email protected]>
* [orchagent]: srv6orch support for uSID
* Add IP interface loopback action support Co-authored-by: liora <[email protected]>
Currently, ASAN sometimes reports the BufferOrch::m_buffer_type_maps and QosOrch::m_qos_maps as leaked. However, their lifetime is the lifetime of a process so they are not really 'leaked'.
This also adds a simple way to add more suppressions later if required.
Example of ASAN report:
Direct leak of 48 byte(s) in 1 object(s) allocated from:
#0 0x7f96aa952d30 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xead30)
#1 0x55ca1da9f789 in __static_initialization_and_destruction_0 /__w/2/s/orchagent/bufferorch.cpp:39
#2 0x55ca1daa02af in _GLOBAL__sub_I_bufferorch.cpp /__w/2/s/orchagent/bufferorch.cpp:1321
#3 0x55ca1e2a9cd4 (/usr/bin/orchagent+0xe89cd4)
Direct leak of 48 byte(s) in 1 object(s) allocated from:
#0 0x7f96aa952d30 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xead30)
#1 0x55ca1da6d2da in __static_initialization_and_destruction_0 /__w/2/s/orchagent/qosorch.cpp:80
#2 0x55ca1da6ecf2 in _GLOBAL__sub_I_qosorch.cpp /__w/2/s/orchagent/qosorch.cpp:2000
#3 0x55ca1e2a9cd4 (/usr/bin/orchagent+0xe89cd4)
- What I did
Added an lsan suppression config with static variable leak suppression
- Why I did it
To suppress ASAN false positives
- How I verified it
Run a test that produces the static variable leaks report and checked that report has these leaks suppressed.
Signed-off-by: Yakiv Huryk <[email protected]>
- What I did Added a new flag to DVS tests - Why I did it Currently, when running the tests with ASAN-enabled image, leak reports are not generated. The reason is that dvs.destroy() (via 'ctn.remove(force=True)') uses SIGKILL to stop the container. To address this, a new flag is added. When the new flag is set, the swss processes are gracefully stopped (via SIGTERM). So ASAN reports can be generated as a result of DVS tests run - How I verified it Run the tests with --graceful-stop, observe that swss processes are stopped via SIGTERM Signed-off-by: Yakiv Huryk <[email protected]>
* [vnetorch] fix use-after-free in removeBfdSession() * using a copy of monitor ip instead of a reference since the reference gets invalidated after the endpoint is erased Signed-off-by: Yakiv Huryk <[email protected]>
Signed-off-by: Ze Gan [email protected], Judy Joseph [email protected] What I did If a member of portchannel has macsec profile attached in config, enable MACsec on the port before it's been added as a member of portchannel. Why I did it Due to some hardware limitation, cannot enable MACsec on a member of portchannel. So we enable the macsec on interface first and then add it as part of portchannel. Note: This is a work around which will be removed when h/w supports it future releases. The approach taken in this PR is In the teamdMgr when an interface is added as part of the LAG, we wait for the macsecPort creation done in SAI and Ingress SA creation complete (if macsec is enabled on the interface) The above takes care of config reload, reboot scenario's where we cannot guarantee the sequence of macsec attach to interface, add interface as part of portchannel. If we do a manual removal of port from portchannel, or remove macsec config from the interface, Please follow this steps First remove the portchannel member out of portchannel Remove the macsec profile attached to interface. How I verified it Verified with config reload, reboot with the macsec profile attached to portchannel member interfaces. Verified case when SAK rekey is enabled on macsec on portchannel members Verified case when member interface link flaps
* Skip failing subport tests
*portsyncd no longer handle port configuration change and put it to APP DB *Implement incremental configuration change in portmgr *Adjust portsorch to meet incremental configuration change requirement
*Fix: missing sonic-db-cli in docker-sonic-vs image
What I did This PR is to fix the issue of adding mux_acl_rule into IngressTableDrop. The error log is Jun 25 08:02:37.159020 svcstr-7050-acs-4 ERR swss#orchagent: :- validateAclRuleMatch: Match SAI_ACL_ENTRY_ATTR_FIELD_IN_PORTS in rule mux_acl_rule is not supported by table IngressTableDrop PR sonic-net#2341 added support for different matching field in different stage (INGRESS/EGRESS). For example, SAI_ACL_ENTRY_ATTR_FIELD_IN_PORTS is only supported at INGRESS stage. However, PR sonic-net#2341 only handled one path for creating ACL table, that is by CONFIG_DB entry. There is a case that addAclTable is directly called from other orch, such as MuxOrch. In that case, the stage dependent matcing field is not added. As a resule, we will see the above error logs. To address the issue, I moved the call of addStageMandatoryMatchFields from doAclTableTask to addAclTable to ensure addStageMandatoryMatchFields is always called. Please be noted that addMandatoryActions is called from both doAclTableTask and addAclTable to ensure the validation of ACL table is passing. Why I did it To fix ACL rule issue for mux. How I verified it Verified by running test_pfcwd Verified by checking syslog Signed-off-by: bingwang <[email protected]>
*Add BGP profile support to Vnet routes
**What I did** Replace py-swsssdk with sonic-swss-common **Why I did it** To deprecate py-swsssdk, need replace it from code. **How I verified it** Pass all UT. **Details if related**
…-net#2350) *Run pytests one test at a time.
…h before enabling transceiver<CMIS compliant> Tx. (sonic-net#2277) * Signed-off-by: Jaganathan Anbalagan <[email protected]> orchagent changes for sonic-net/SONiC#916 * Signed-off-by: Jaganathan Anbalagan <[email protected]> Addressing PR comment * Signed-off-by: Jaganathan Anbalagan <[email protected]> Addressing PR comments-cosmetic * Signed-off-by: Jaganathan Anbalagan <[email protected]> fixed typo * Signed-off-by: Jaganathan Anbalagan <[email protected]> VS test code and addressing PR comment * Signed-off-by: Jaganathan Anbalagan <[email protected]> set host_tx_ready to false if gbsyncd SAI API fails. Co-authored-by: Jaganathan Anbalagan <[email protected]>
What I did For SoC IPs of ports in active-active cable type, if mux is toggled to standby, still use direct link instead of changing next-hop to the tunnel. Why I did it In an active-active dualtor setup, changing the nexthop of route to SoC IP to the tunnel will have the following problem: If lower ToR is already standby, and somehow the upper ToR decides to toggle itself to standby, the toggle will fail: linkmgrd decide to toggle to standby --> muxorch disables the SoC IP neighbor and change the route next-hop to the tunnel --> ycabled could not setup gRPC connection. How I verified it Add unittest and verify the change on active-active testbeds.
* [vxlan]Fixing L2MC vlan member caching issue
* Add support for generic hwinfo string in gearbox_config.json The SAI_SWITCH_ATTR_SWITCH_HARDWARE_INFO formatting is vendor specific. * Remove the formating check that assumes its of the mdio sysfs format * Note the the count remains without including the NULL termintor, which is not compliant with the SAI header definintion that indicates a NULL terminated string. Signed-off-by: [email protected] * Add support to allow Firmware Major Version to return unsupported" Some external phys do not support Firmware upgrades and therefore do not have a firmware version. The SAI_SWITCH_ATTR_FIRMWARE_MAJOR_VERSION may return SAI_STATUS_ATTR_NOT_SUPPORTED which needs to be gracefully supported and allow the phy to be created. * Allow SAI_STATUS_NOT_SUPPORTED return value and set version to empty string. Signed-off-by: Aaron Payment <[email protected]> * Address review comments * Address review comments, fix hwinfo Co-authored-by: Aaron Payment <[email protected]>
Signed-off-by: liora <[email protected]>
liorghub
pushed a commit
that referenced
this pull request
Feb 18, 2024
**What I did**
Fix the Mem Leak by moving the raw pointers in type_maps to use smart pointers
**Why I did it**
```
Indirect leak of 83776 byte(s) in 476 object(s) allocated from:
#0 0x7f0a2a414647 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:99
#1 0x5555590cc923 in __gnu_cxx::new_allocator, std::allocator > const, referenced_object> > >::allocate(unsigned long, void const*) /usr/include/c++/10/ext/new_allocator.h:115
#2 0x5555590cc923 in std::allocator_traits, std::allocator > const, referenced_object> > > >::allocate(std::allocator, std::allocator > const, referenced_object> > >&, unsigned long) /usr/include/c++/10/bits/alloc_traits.h:460
#3 0x5555590cc923 in std::_Rb_tree, std::allocator >, std::pair, std::allocator > const, referenced_object>, std::_Select1st, std::allocator > const, referenced_object> >, std::less, std::allocator > >, std::allocator, std::allocator > const, referenced_object> > >::_M_get_node() /usr/include/c++/10/bits/stl_tree.h:584
#4 0x5555590cc923 in std::_Rb_tree_node, std::allocator > const, referenced_object> >* std::_Rb_tree, std::allocator >, std::pair, std::allocator > const, referenced_object>, std::_Select1st, std::allocator > const, referenced_object> >, std::less, std::allocator > >, std::allocator, std::allocator > const, referenced_object> > >::_M_create_node, std::allocator > const&>, std::tuple<> >(std::piecewise_construct_t const&, std::tuple, std::allocator > const&>&&, std::tuple<>&&) /usr/include/c++/10/bits/stl_tree.h:634
#5 0x5555590cc923 in std::_Rb_tree_iterator, std::allocator > const, referenced_object> > std::_Rb_tree, std::allocator >, std::pair, std::allocator > const, referenced_object>, std::_Select1st, std::allocator > const, referenced_object> >, std::less, std::allocator > >, std::allocator, std::allocator > const, referenced_object> > >::_M_emplace_hint_unique, std::allocator > const&>, std::tuple<> >(std::_Rb_tree_const_iterator, std::allocator > const, referenced_object> >, std::piecewise_construct_t const&, std::tuple, std::allocator > const&>&&, std::tuple<>&&) /usr/include/c++/10/bits/stl_tree.h:2461
#6 0x5555590e8757 in std::map, std::allocator >, referenced_object, std::less, std::allocator > >, std::allocator, std::allocator > const, referenced_object> > >::operator[](std::__cxx11::basic_string, std::allocator > const&) /usr/include/c++/10/bits/stl_map.h:501
#7 0x5555590d48b0 in Orch::setObjectReference(std::map, std::allocator >, std::map, std::allocator >, referenced_object, std::less, std::allocator > >, std::allocator, std::allocator > const, referenced_object> > >*, std::less, std::allocator > >, std::allocator, std::allocator > const, std::map, std::allocator >, referenced_object, std::less, std::allocator > >, std::allocator, std::allocator > const, referenced_object> > >*> > >&, std::__cxx11::basic_string, std::allocator > const&, std::__cxx11::basic_string, std::allocator > const&, std::__cxx11::basic_string, std::allocator > const&, std::__cxx11::basic_string, std::allocator > const&) orchagent/orch.cpp:450
#8 0x5555594ff66b in QosOrch::handleQueueTable(Consumer&, std::tuple, std::allocator >, std::__cxx11::basic_string, std::allocator >, std::vector, std::allocator >, std::__cxx11::basic_string, std::allocator > >, std::allocator, std::allocator >, std::__cxx11::basic_string, std::allocator > > > > >&) orchagent/qosorch.cpp:1763
#9 0x5555594edbd6 in QosOrch::doTask(Consumer&) orchagent/qosorch.cpp:2179
#10 0x5555590c8743 in Consumer::drain() orchagent/orch.cpp:241
#11 0x5555590c8743 in Consumer::drain() orchagent/orch.cpp:238
#12 0x5555590c8743 in Consumer::execute() orchagent/orch.cpp:235
#13 0x555559090dad in OrchDaemon::start() orchagent/orchdaemon.cpp:755
#14 0x555558e9be25 in main orchagent/main.cpp:766
#15 0x7f0a299b6d09 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x23d09)
```
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What I did
Add DHCP_L2 and DHCPV6_L2 traps to COPP trap map.
Why I did it
In order to enable DHCP packets to CPU on L2 interfaces. This is being used by ZTP.
How I verified it
I have verified both traps are registered when ZTP operation starts and being deleted when ZTP finishes its operation.
Details if related