Add independent DPU upgrade support via gNOI streaming operations (#532)

* Add gRPC interceptor framework and DPU proxy for gNMI

Implement a gRPC interceptor framework to support request routing
based on metadata headers. Add DPU proxy interceptor that detects
requests with x-sonic-ss-target-type=dpu metadata and resolves
DPU information from Redis STATE_DB.

Changes:
- Add pkg/interceptors: Core interceptor framework with chaining support
- Add pkg/interceptors/dpuproxy: DPU proxy implementation with:
  - Metadata extraction for x-sonic-ss-target-type and x-sonic-ss-target-index
  - Redis client interface and adapter for pure Go compatibility
  - DPU resolver to query CHASSIS_MIDPLANE_TABLE from STATE_DB
  - Comprehensive unit and integration tests using miniredis

Current implementation (Phase 1.5):
- Intercepts unary and streaming gRPC calls
- Extracts DPU routing metadata from request headers
- Resolves DPU IP address and reachability status from Redis
- Logs resolved information and passes through to local handler

Future work (Phase 2):
- Implement actual gRPC forwarding to DPU servers
- Add connection pooling for DPU clients
- Handle bidirectional streaming proxy

Testing:
- All pure Go packages pass make -f pure.mk ci
- Integration tests with miniredis for Redis operations
- Verified on hardware with DPU metadata headers

* Implement DPU gRPC client framework with Time method forwarding

Add connection pooling with keepalive for long-lived connections to DPU
gNOI servers. Implement forwarding for System.Time method to enable
testing of the DPU proxy infrastructure.

* Implement gNOI File.Put RPC with comprehensive unit tests

- Enable File.Put RPC in gnmi_server to handle file uploads
- Implement HandlePut function in pkg/gnoi/file with:
  - Streaming file upload support
  - MD5 hash verification
  - Path security validation (only /tmp and /var/tmp allowed)
  - Atomic file write (temp file + rename)
  - Container path translation support
- Add comprehensive unit tests covering:
  - Successful uploads and multi-chunk transfers
  - Hash validation and mismatch detection
  - Path security enforcement
  - Error handling for invalid inputs
  - Large file uploads (1MB test)
  - Edge cases (EOF, invalid messages)
- Achieve 86.4% test coverage with 83.3% for HandlePut

* Refactor DPU TransferToRemote logic to pure package

- Move HandleTransferToRemoteForDPU from gnoi_file.go to pkg/gnoi/file
- Update gnoi_file.go to use pure package function
- Add proper parameter validation and documentation
- Maintain same functionality with cleaner separation
- Business logic now in testable pure package

* Fix hardcoded DPU gNMI port - read from CONFIG_DB

- Add CONFIG_DB lookup for DPU gNMI port configuration
- Update DPUResolver to query both StateDB and ConfigDB
- Add GNMIPort field to DPUInfo structure
- Update getConnection to use dynamic port instead of hardcoded 50052
- Initialize both Redis clients in telemetry.go
- Default to 50052 if CONFIG_DB doesn't specify gnmi_port
- Improve error messages to show actual connection targets

Fixes connection failures when DPUs use non-standard gNMI ports.

* Add robust DPU gNMI port discovery with fallback

- Try multiple common gNMI ports (8080, 50052) if first fails
- Add GNMIPortsToTry field to DPUInfo for port list
- Update getConnection to attempt multiple ports with quick health check
- Cache successful port for better logging
- Prioritize CONFIG_DB configured port, then try common alternatives
- Improve error messages to show all attempted ports
- Prevents connection failures due to port misconfigurations

This makes the DPU proxy resilient to:
- CONFIG_DB vs actual service port mismatches
- Different DPU gNMI service configurations
- Port configuration changes

* Refactor System.SetPackage to use sonic-installer instead of dbus

- Move SetPackage business logic from gnmi_server to pure pkg/gnoi/system package
- Replace dbus.InstallImage() with sonic-installer install -y command execution
- Replace dbus.DownloadImage() with requirement for local images only
- Use pkg/exec for sonic-installer command execution via nsenter
- Add comprehensive test coverage for pure packages (71.1% coverage)
- Remove RemoteDownload support - images must be local for security
- Update pure.mk to include new testable packages: pkg/exec, pkg/gnoi/os, pkg/gnoi/system
- Simplify gnmi_server/gnoi_system.go SetPackage from 87 lines to 22 lines
- Also refactor OS.Verify to use sonic-installer list instead of dbus

This eliminates dbus dependency for image management operations and makes
the business logic testable without SONiC environment dependencies.

Tested end-to-end: System.SetPackage successfully installs and activates
SONiC images using sonic-installer commands.

* Fix code formatting with gofmt

- Remove trailing empty lines and fix indentation
- Clean up whitespace in struct field alignment
- Remove extra blank lines between constants

No functional changes, only formatting cleanup.

* Fix dpuproxy package tests to use dual Redis clients

Update test functions to match NewDPUResolver constructor signature that
requires separate state and config Redis clients instead of single client.
This fixes the broken CI for pure packages.

* Add DPU reboot capability to gNOI System.Reboot RPC

- Add HandleDPUReboot function to pkg/gnoi/system for DPU-specific reboot logic
- Modify System.Reboot to detect DPU metadata and route to HandleDPUReboot when present
- Register /gnoi.system.System/Reboot in DPU proxy with HandleOnNPU mode
- Use reboot -d DPU{index} command via pkg/exec for host-level DPU control
- Handle async reboot behavior - don't treat non-zero exit codes as errors
- Add comprehensive tests for DPU reboot validation and function signatures
- Preserve existing system reboot functionality for non-DPU requests

This enables remote DPU rebooting via gRPC metadata headers:
x-sonic-ss-target-type: dpu
x-sonic-ss-target-index: 3

Tested with DPU3 on NPU 10.3.146.230 - successfully reboots DPU.

* Add DPU streaming support for gNOI System.SetPackage RPC

- Add SetPackage to forwardable methods registry for DPU proxy
- Implement forwardSetPackageStream function for streaming RPC forwarding
- Increase timeouts for sonic-installer commands (10min install, 2min set-default)
- Enable complete DPU package installation workflow through proxy

* Implement streaming proxy for DPU File.TransferToRemote operations

This change replaces the inefficient download-store-upload pattern with a
direct streaming proxy that eliminates NPU disk usage and minimizes memory
consumption for large file transfers to DPU devices.

Key improvements:
- Zero NPU disk usage (was: full file size)
- Constant memory usage ~128KB (was: full file in RAM)
- Concurrent MD5 hash calculation during streaming
- Direct HTTP-to-gRPC streaming with io.TeeReader
- Comprehensive test coverage (85.5% download, 91.7% hash)

Components added:
- internal/download: DownloadHTTPStreaming() for size-limited HTTP streams
- internal/hash: StreamingMD5Calculator for concurrent hash calculation
- pkg/gnoi/file: HandleTransferToRemoteForDPUStreaming() main proxy logic
- gnmi_server: Updated routing to use streaming implementation

The streaming proxy maintains the same security model and error handling
while dramatically improving resource efficiency for large firmware and
package transfers to DPU devices.

* format fix

* Fix duplicate OSServer function declarations causing build failure

Remove duplicate Activate and Verify functions from gnoi.go that were
incorrectly added during merge resolution. These functions already exist
in gnoi_os.go as part of the gNOI OS refactor from master branch.

The duplication caused compilation errors:
- OSServer.Activate redeclared
- OSServer.Verify redeclared

Also cleaned up unused imports that were only needed by the removed functions.

* Move DPU interceptor setup logic to pure package with proper cleanup

Extract DPU proxy creation logic from telemetry.go into pkg/interceptors/setup.go
to improve testability and fix resource leaks identified by Copilot review.

Changes:
- Add pkg/interceptors/setup.go with NewServerChain() factory function
- Simplify telemetry.go from 13 lines of setup to 4 lines
- Fix Redis client resource leak with proper defer cleanup
- Maintain pure package architecture for better testing

This addresses Copilot feedback about Redis clients never being closed,
preventing connection leaks during server operation.

* Fix critical closure variable capture bug in interceptor chain

Address closure capture issue identified by GitHub Copilot where loop variables
were captured by reference instead of value, causing all interceptors to use
the last iteration's values.

Changes:
- Fix UnaryInterceptor: Use immediate function invocation to capture variables by value
- Fix StreamInterceptor: Apply same pattern for streaming RPCs
- Remove unused "strings" import from gnoi.go

This bug would have caused complete failure of the DPU interceptor chain,
where all interceptors would reference the same (last) interceptor instance,
breaking the entire DPU upgrade workflow.

The fix uses the Go idiom of immediate function invocation to capture loop
variables by value rather than reference, ensuring each interceptor closure
captures the correct interceptor instance.

* Fix temp file cleanup in gNOI File.Put operations

Improve temp file cleanup logic to only remove files on error paths,
preventing removal of successfully renamed files. Add error logging
for cleanup failures to aid troubleshooting.

Changes:
- Replace unconditional os.Remove with conditional cleanup
- Check file existence before attempting removal
- Log cleanup errors without failing the operation
- Add missing log import for error reporting

This resolves a potential temp file leak when rename operations
fail after successful file writes.

* Improve error handling and resource management across core components

* Enhanced temp file cleanup error handling in gNOI file operations
* Simplified exit code handling in command execution for more consistent behavior
* Replaced connection state checks with actual RPC health checks in DPU proxy
* Added proper interceptor chain lifecycle management in telemetry server
* Improved logging for DPU reboot operations to reflect expected behavior
* Added detailed comments for file size limit detection logic

These changes focus on defensive programming practices and prevent resource leaks in long-running services.

* Remove obsolete tests after pure package refactoring

* Remove TestSetPackage tests in gnmi_server that tested deprecated dbus implementation
* Remove Put_Fails_with_Unimplemented_Error test since gNOI File.Put is now implemented
* Keep pure package tests in pkg/gnoi/system for new sonic-installer implementation

These test removals address pipeline failures caused by tests expecting obsolete behavior
after the DPU interceptor and pure package refactoring.

* Enhance test coverage for pure packages

- Add comprehensive tests for pkg/gnoi/file/file.go (39.3% -> 70.1% coverage)
- Add extensive DPU function validation and HTTP streaming tests
- Add missing tests for pkg/interceptors/setup.go (0% -> 97.1% coverage)
- Enhance pkg/gnoi/os/os_test.go with context cancellation tests
- Add validation tests for pkg/gnoi/system/system_test.go
- Improve error path coverage across all pure packages
- Add security validation and edge case tests

Coverage improvements:
- pkg/interceptors/setup.go: 0% -> 97.1% (+97.1%)
- pkg/gnoi/file/file.go: 39.3% -> 70.1% (+30.8%)
- pkg/gnoi/os/os.go: 41.7% -> 66.7% (+25.0%)
- Comprehensive validation and error handling coverage

Note: DPU gRPC functions remain at ~55-57% due to untestable
networking code that requires full integration test setup.

* fix format

* just to rerun pipeline

* Refactor DPU routing logic to pure Go package and improve test coverage

Move DPU metadata parsing from gnmi_server/gnoi_file.go to pkg/gnoi/file/file.go
to enable easier testing without CGO dependencies. This improves architecture
by separating authentication concerns from business logic.

Changes:
- Move DPU routing logic into HandlePut function in pure Go package
- Simplify gnmi_server Put implementation to just auth + delegation
- Add comprehensive tests for DPU routing in pure Go package
- Achieve 71.4% coverage for pkg/gnoi/file package
- Add missing Put success path test for gnmi_server coverage

Benefits:
- Better testability with pure Go package (no CGO required)
- Cleaner separation of concerns (auth vs business logic)
- Reduced complexity in gnmi_server layer
- Improved test coverage for DPU functionality

* Achieve 87.1% test coverage for pkg/gnoi/file package

- Add comprehensive monkey patching tests for DPU functions using gomonkey
- Update pure.mk to include -gcflags="all=-N -l" for monkey patching compatibility
- Add coverage boost tests for edge cases and error paths
- Fix infinite recursion issues in container path testing

Coverage improvements:
- HandleTransferToRemoteForDPU: 57.1% → 83.7%
- HandleTransferToRemoteForDPUStreaming: 55.0% → 88.3%
- Overall package coverage: 71.4% → 87.1% (exceeds 80% requirement)

The monkey patching tests mock the entire call chain (HandleTransferToRemote,
grpc.Dial, gNOI file client methods) to test DPU routing logic without
requiring actual network connections or external dependencies.

Pipeline fix: The key issue was that Azure pipeline ran tests without
-gcflags="all=-N -l" flags needed for monkey patching. Without these flags,
Go compiler optimizations prevent gomonkey from working, causing DPU function
tests to fail and resulting in lower coverage (71.4% vs 87.1%).

* Achieve 100% test coverage for pkg/gnoi/os package

- Add comprehensive monkey patching tests for HandleVerify function
- Mock exec.RunHostCommand to test success and error paths
- Test various sonic-installer output formats and parsing edge cases

Coverage improvements:
- HandleVerify: 42.9% → 100%
- parseCurrentVersion: 100% (maintained)
- Overall package coverage: 66.7% → 100%

The monkey patching tests cover all execution paths:
- Successful sonic-installer execution with version parsing
- Command execution failures (permission denied, etc.)
- Version parsing failures (malformed output)
- Different version string formats (standard, master builds, with spaces)

This exceeds the 80% coverage requirement for the pipeline.

* Achieve 100% test coverage for pkg/gnoi/system package

- Add comprehensive monkey patching tests for all system functions
- Mock exec.RunHostCommand to test success and error paths
- Test HandleDPUReboot function with various DPU indices
- Test package installation and activation workflows

Coverage improvements:
- HandleSetPackage: 75.9% → 100%
- installPackage: 66.7% → 100%
- activatePackage: 66.7% → 100%
- HandleDPUReboot: 0% → 100%
- Overall package coverage: 60.7% → 100%

The monkey patching tests cover all execution paths:
- Successful package installation with and without activation
- Command execution failures (permission denied, command not found)
- DPU reboot operations for different DPU indices
- Error handling in both installation and activation phases

This far exceeds the 80% coverage requirement for the pipeline.

* Extract business logic from server wrappers to pure handlers for testability

Moved DPU metadata extraction and routing logic from server wrapper files
into testable pure handler functions to improve test coverage and resolve
diff coverage issues preventing merge approval.

Changes:
- Consolidated DPU routing logic into existing handlers (HandleTransferToRemote, HandleReboot, HandleSetPackageStream)
- Simplified server wrappers to delegate all business logic to pure handlers
- Added comprehensive tests using gomonkey for newly testable pure functions
- Coverage improvements: file 87.8%, system 95.9% (target: 80% minimum)

Fixes diff coverage below threshold in:
- gnmi_server/gnoi_file.go (lines 117,120,125-126)
- gnmi_server/gnoi_system.go (lines 206,210,337,342)

* Format and cleanup test files

* Fix compilation errors for incremental build

Remove unused imports and fix variable declarations:
- Remove unused dpuproxy import from gnoi_system.go
- Remove unused metadata import from gnoi_file.go
- Fix variable naming conflict in sendRebootReqOnNotifCh usage

Enables successful dpkg-buildpackage build with extracted business logic.

* Replace NPU terminology with generic local device terminology

Update symbols and comments to use more accurate terminology:
- HandleOnNPU → HandleLocally (clearer intent for local processing)
- handleTransferToRemoteNPU → handleTransferToRemoteLocal
- TestHandleReboot_NPU_Fallback → TestHandleReboot_Local_Fallback
- Update comments: 'NPU fallback/handling' → 'local fallback/handling'

Improves architectural clarity by distinguishing between:
- DPU operations (forwarded to remote DPU)
- Local operations (processed on host device)

No functional changes - purely terminology cleanup for better code readability.

Author: hdwhdw

gnmi_server/gnoi_file.go

@@ -97,27 +97,30 @@ func (srv *FileServer) Get(req *gnoi_file_pb.GetRequest, stream gnoi_file_pb.Fil
 	return status.Errorf(codes.Unimplemented, "Method file.Get is unimplemented.")
 }
 
-// TransferToRemote RPC is unimplemented.
+// TransferToRemote downloads a file from a remote URL.
+// If DPU headers are present (HandleOnNPU mode), it downloads to NPU then uploads to the specified DPU.
 func (srv *FileServer) TransferToRemote(ctx context.Context, req *gnoi_file_pb.TransferToRemoteRequest) (*gnoi_file_pb.TransferToRemoteResponse, error) {
 	log.Infof("GNOI File TransferToRemote RPC called with request: %+v", req)
 	_, err := authenticate(srv.config, ctx, "gnoi", false)
 	if err != nil {
 		log.Errorf("authentication failed in TransferToRemote RPC: %v", err)
 		return nil, err
 	}
+
+	// Delegate all logic to the pure handler function
 	return gnoifile.HandleTransferToRemote(ctx, req)
 }
 
-// Put RPC is unimplemented.
+// Put implements the gNOI File.Put RPC.
+// It authenticates the request and delegates to the pure Go handler.
 func (srv *FileServer) Put(stream gnoi_file_pb.File_PutServer) error {
 	log.Infof("GNOI File Put RPC called")
 	_, err := authenticate(srv.config, stream.Context(), "gnoi", false)
 	if err != nil {
 		log.Errorf("authentication failed in Put RPC: %v", err)
 		return err
 	}
-	log.Warning("file.Put RPC is unimplemented")
-	return status.Errorf(codes.Unimplemented, "Method file.Put is unimplemented.")
+	return gnoifile.HandlePut(stream)
 }
 
 // Remove implements the corresponding RPC.

gnmi_server/gnoi_file_test.go

@@ -10,18 +10,28 @@ import (
 	"github.com/agiledragon/gomonkey/v2"
 	gnoi_common "github.com/openconfig/gnoi/common"
 	gnoi_file_pb "github.com/openconfig/gnoi/file"
+	gnoifile "github.com/sonic-net/sonic-gnmi/pkg/gnoi/file"
 	ssc "github.com/sonic-net/sonic-gnmi/sonic_service_client"
 
 	"github.com/stretchr/testify/assert"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/credentials/insecure"
+	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/status"
 )
 
 // === Test Setup Helpers ===
-func createFileServer(t *testing.T, port int) *grpc.Server {
-	listener, err := net.Listen("tcp", fmt.Sprintf(":%d", port))
+func createFileServer(t *testing.T, port int) (*grpc.Server, string) {
+	var listener net.Listener
+	var err error
+
+	if port == 0 {
+		// Use dynamic port
+		listener, err = net.Listen("tcp", ":0")
+	} else {
+		listener, err = net.Listen("tcp", fmt.Sprintf(":%d", port))
+	}
 	if err != nil {
 		t.Fatalf("Failed to listen: %v", err)
 	}
@@ -40,19 +50,19 @@ func createFileServer(t *testing.T, port int) *grpc.Server {
 		}
 	}()
 
-	return s
+	return s, listener.Addr().String()
 }
 
 // === Actual Tests ===
 func TestGnoiFileServer(t *testing.T) {
-	s := createFileServer(t, 8081)
+	s, addr := createFileServer(t, 0) // Use dynamic port
 	defer s.Stop()
 
 	//tlsConfig := &tls.Config{InsecureSkipVerify: true}
 	//opts := []grpc.DialOption{grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig))}
 	opts := []grpc.DialOption{grpc.WithTransportCredentials(insecure.NewCredentials())}
 
-	conn, err := grpc.Dial("127.0.0.1:8081", opts...)
+	conn, err := grpc.Dial(addr, opts...)
 	if err != nil {
 		t.Fatalf("Failed to dial server: %v", err)
 	}
@@ -188,21 +198,6 @@ func TestGnoiFileServer(t *testing.T) {
 		assert.Contains(t, err.Error(), "invalid syntax")
 	})
 
-	t.Run("Put Fails with Unimplemented Error", func(t *testing.T) {
-		patch := gomonkey.ApplyFuncReturn(authenticate, nil, nil)
-		defer patch.Reset()
-
-		putStream, err := client.Put(context.Background())
-		if err != nil {
-			t.Fatalf("Failed to create Put stream: %v", err)
-		}
-
-		// Expect Unimplemented error on CloseAndRecv
-		_, err = putStream.CloseAndRecv()
-		if err == nil || status.Code(err) != codes.Unimplemented {
-			t.Fatalf("Expected Unimplemented error, got: %v", err)
-		}
-	})
 	t.Run("Put Fails with Auth Error", func(t *testing.T) {
 		patch := gomonkey.ApplyFuncReturn(authenticate, nil, status.Error(codes.Unauthenticated, "unauthenticated"))
 		defer patch.Reset()
@@ -236,6 +231,71 @@ func TestGnoiFileServer(t *testing.T) {
 		}
 	})
 
+	t.Run("TransferToRemote DPU Success", func(t *testing.T) {
+		patches := gomonkey.NewPatches()
+		defer patches.Reset()
+
+		// Mock authenticate to succeed
+		patches.ApplyFuncReturn(authenticate, nil, nil)
+
+		// Mock HandleTransferToRemoteForDPUStreaming to succeed
+		patches.ApplyFunc(gnoifile.HandleTransferToRemoteForDPUStreaming,
+			func(ctx context.Context, req *gnoi_file_pb.TransferToRemoteRequest, dpuIndex string, dpuAddr string) (*gnoi_file_pb.TransferToRemoteResponse, error) {
+				return &gnoi_file_pb.TransferToRemoteResponse{}, nil
+			})
+
+		fs := &FileServer{
+			Server: &Server{
+				config: &Config{},
+			},
+		}
+
+		// Create context with DPU metadata (lines 117, 120, 125-126)
+		md := metadata.New(map[string]string{
+			"x-sonic-ss-target-type":  "dpu",
+			"x-sonic-ss-target-index": "0",
+		})
+		ctx := metadata.NewIncomingContext(context.Background(), md)
+
+		req := &gnoi_file_pb.TransferToRemoteRequest{
+			LocalPath: "/tmp/test.txt",
+		}
+
+		resp, err := fs.TransferToRemote(ctx, req)
+		assert.NoError(t, err)
+		assert.NotNil(t, resp)
+	})
+
+	t.Run("TransferToRemote NPU Success", func(t *testing.T) {
+		patches := gomonkey.NewPatches()
+		defer patches.Reset()
+
+		// Mock authenticate to succeed
+		patches.ApplyFuncReturn(authenticate, nil, nil)
+
+		// Mock HandleTransferToRemote to succeed
+		patches.ApplyFunc(gnoifile.HandleTransferToRemote,
+			func(ctx context.Context, req *gnoi_file_pb.TransferToRemoteRequest) (*gnoi_file_pb.TransferToRemoteResponse, error) {
+				return &gnoi_file_pb.TransferToRemoteResponse{}, nil
+			})
+
+		fs := &FileServer{
+			Server: &Server{
+				config: &Config{},
+			},
+		}
+
+		ctx := context.Background() // No DPU metadata - should call regular function
+
+		req := &gnoi_file_pb.TransferToRemoteRequest{
+			LocalPath: "/tmp/test.txt",
+		}
+
+		resp, err := fs.TransferToRemote(ctx, req)
+		assert.NoError(t, err)
+		assert.NotNil(t, resp)
+	})
+
 	t.Run("TransferToRemote Fails with Auth Error", func(t *testing.T) {
 		patch := gomonkey.ApplyFuncReturn(authenticate, nil, status.Error(codes.Unauthenticated, "unauthenticated"))
 		defer patch.Reset()
@@ -399,4 +459,68 @@ func TestGnoiFileServer(t *testing.T) {
 		}
 	})
 
+	// Test Put function success path (line 143)
+	t.Run("Put_Success", func(t *testing.T) {
+		patches := gomonkey.NewPatches()
+		defer patches.Reset()
+
+		patches.ApplyFuncReturn(authenticate, nil, nil)
+
+		// Mock the gnoifile.HandlePut function to return success
+		patches.ApplyFunc(gnoifile.HandlePut,
+			func(stream gnoi_file_pb.File_PutServer) error {
+				return nil
+			})
+
+		fs := &FileServer{
+			Server: &Server{
+				config: &Config{},
+			},
+		}
+
+		// Create a mock stream
+		mockStream := &mockPutStream{
+			ctx: context.Background(),
+		}
+
+		err := fs.Put(mockStream)
+		assert.NoError(t, err)
+	})
+
+}
+
+// Mock stream for Put testing
+type mockPutStream struct {
+	ctx context.Context
+}
+
+func (m *mockPutStream) Context() context.Context {
+	return m.ctx
+}
+
+func (m *mockPutStream) SendMsg(msg interface{}) error {
+	return nil
+}
+
+func (m *mockPutStream) RecvMsg(msg interface{}) error {
+	return nil
+}
+
+func (m *mockPutStream) Recv() (*gnoi_file_pb.PutRequest, error) {
+	return nil, nil
+}
+
+func (m *mockPutStream) SendAndClose(resp *gnoi_file_pb.PutResponse) error {
+	return nil
+}
+
+func (m *mockPutStream) SendHeader(metadata.MD) error {
+	return nil
+}
+
+func (m *mockPutStream) SetTrailer(metadata.MD) {
+}
+
+func (m *mockPutStream) SetHeader(metadata.MD) error {
+	return nil
 }

gnmi_server/gnoi_system.go

@@ -12,6 +12,7 @@ import (
 	"github.com/golang/protobuf/proto"
 	syspb "github.com/openconfig/gnoi/system"
 	"github.com/sonic-net/sonic-gnmi/common_utils"
+	"github.com/sonic-net/sonic-gnmi/pkg/gnoi/system"
 	ssc "github.com/sonic-net/sonic-gnmi/sonic_service_client"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
@@ -198,7 +199,20 @@ func (srv *Server) Reboot(ctx context.Context, req *syspb.RebootRequest) (*syspb
 		return nil, status.Errorf(codes.InvalidArgument, err.Error())
 	}
 
-	// Initialize State DB.
+	// Try the pure handler first (it handles DPU routing internally)
+	resp, err := system.HandleReboot(ctx, req)
+	if err != nil {
+		// If it's not the "local fallback" error, return the actual error
+		if status.Code(err) != codes.Unimplemented {
+			return nil, err
+		}
+		// Otherwise fall through to local handling
+	} else {
+		// DPU case handled successfully by pure handler
+		return resp, nil
+	}
+
+	// Initialize State DB for local reboot.
 	rclient, err := common_utils.GetRedisDBClient()
 	if err != nil {
 		return nil, status.Errorf(codes.Internal, err.Error())
@@ -211,15 +225,15 @@ func (srv *Server) Reboot(ctx context.Context, req *syspb.RebootRequest) (*syspb
 	}
 
 	// System reboot.
-	resp, err, _ := sendRebootReqOnNotifCh(ctx, req, rclient, rebootKey)
+	respInterface, err, _ := sendRebootReqOnNotifCh(ctx, req, rclient, rebootKey)
 	if err != nil {
 		return nil, err
 	}
-	if resp == nil {
+	if respInterface == nil {
 		log.V(2).Info("Reboot request received empty response from Reboot Backend.")
-		resp = &syspb.RebootResponse{}
+		respInterface = &syspb.RebootResponse{}
 	}
-	return resp.(*syspb.RebootResponse), nil
+	return respInterface.(*syspb.RebootResponse), nil
 }
 
 // RebootStatus implements the corresponding RPC.
@@ -308,83 +322,8 @@ func (srv *Server) SetPackage(rs syspb.System_SetPackageServer) error {
 	}
 	log.V(1).Info("gNOI: SetPackage request received")
 
-	// Create D-Bus client
-	dbus, err := ssc.NewDbusClient()
-	if err != nil {
-		log.Errorf("Failed to create D-Bus client: %v", err)
-		return status.Errorf(codes.Internal, "failed to create D-Bus client: %v", err)
-	}
-	defer dbus.Close()
-
-	// Receive the package request
-	req, err := rs.Recv()
-	if err != nil {
-		log.Errorf("Failed to receive package request: %v", err)
-		return err
-	}
-
-	// Validate request type
-	pkg, ok := req.GetRequest().(*syspb.SetPackageRequest_Package)
-	if !ok {
-		errMsg := fmt.Sprintf("invalid request type: %T, expected SetPackageRequest_Package", req.GetRequest())
-		log.Errorf(errMsg)
-		return status.Errorf(codes.InvalidArgument, errMsg)
-	}
-
-	// A filename and a version must be provided
-	if pkg.Package.Filename == "" {
-		log.Errorf("Filename is missing in package request")
-		return status.Errorf(codes.InvalidArgument, "filename is missing in package request")
-	}
-	if pkg.Package.Version == "" {
-		log.Errorf("Version is missing in package request")
-		return status.Errorf(codes.InvalidArgument, "version is missing in package request")
-	}
-	// Log the package filename and version
-	log.V(1).Infof("Package filename: %s, version: %s", pkg.Package.Filename, pkg.Package.Version)
-
-	// Download the package if RemoteDownload is provided
-	if pkg.Package.RemoteDownload != nil {
-		// Validate RemoteDownload
-		log.V(1).Infof("RemoteDownload provided")
-		// Check if the path is provided
-		if pkg.Package.RemoteDownload.Path == "" {
-			log.Errorf("RemoteDownload path is missing")
-			return status.Errorf(codes.InvalidArgument, "remote download path is missing")
-		}
-		log.V(1).Infof("RemoteDownload path: %s", pkg.Package.RemoteDownload.Path)
-
-		// Download the package
-		err = dbus.DownloadImage(pkg.Package.RemoteDownload.Path, pkg.Package.Filename)
-		if err != nil {
-			log.Errorf("Failed to download image: %v", err)
-			return status.Errorf(codes.Internal, "failed to download image: %v", err)
-		}
-		log.V(1).Infof("Package %s downloaded successfully to %s", pkg.Package.Version, pkg.Package.Filename)
-	}
-
-	// If activate is requested, install the package and set it to be the next boot image
-	if pkg.Package.Activate {
-		log.V(1).Infof("Activate is requested")
-		// Install the package
-		err = dbus.InstallImage(pkg.Package.Filename)
-		if err != nil {
-			log.Errorf("Failed to install image: %v", err)
-			return status.Errorf(codes.Internal, "failed to install image: %v", err)
-		}
-		log.V(1).Infof("Package %s installed successfully", pkg.Package.Filename)
-		// Currently, Installing the image will automatically set it as the next boot image
-		log.V(1).Infof("Package %s set as next boot image", pkg.Package.Filename)
-	}
-
-	// Send response to client
-	if err := rs.SendAndClose(&syspb.SetPackageResponse{}); err != nil {
-		log.Errorf("Failed to send response: %v", err)
-		return err
-	}
-
-	log.V(1).Infof("SetPackage completed successfully for %s", pkg.Package.Filename)
-	return nil
+	// Delegate all logic to the pure handler
+	return system.HandleSetPackageStream(rs)
 }
 
 // SwitchControlProcessor implements the corresponding RPC.