------------------------------------------------------------------- Mon Jun 17 15:56:20 UTC 2024 - Enrico Belleri - Update to version 1.5.1: * Support DeviceID on Auxiliary Bus * Dev/exclude subnets from traffic shaping * Use temporary name for netdevice when moving in/out of NS - Update to version 1.5.0: New Features: * Support DeviceID on Auxiliary Bus by @adrianchiris in #1003 * Dev/exclude subnets from traffic shaping by @oOraph in #921 Fixes: * Fix release script in github action by @s1061123 in #1037. * Use temporary name for netdevice when moving in/out of NS by @adrianchiris in #1002 ------------------------------------------------------------------- Wed Mar 06 12:28:38 UTC 2024 - dcermak@suse.com - Update to version 1.4.0: * build(deps): bump the golang group with 2 updates * Bump to golang:1.21-alpine in release.sh * Add CNI_NETNS_OVERRIDE for upcoming CNI change * build(deps): bump the golang group with 3 updates * revert some code in pr 962 * bridge: fix spelling * bridge: remove useless firstV4Addr * bridge: remove useless check * Add ndisc_notify in ipvlan for ipv6 ndp * macvlan: enable ipv6 ndisc_notify * build(deps): bump google.golang.org/grpc from 1.50.1 to 1.56.3 * build(deps): bump the golang group with 3 updates * dependabot: batch updates * fix workflow warnings * fix lint errors * macvlan cmdDel: replace the loadConf function with json.unmarshal * build(deps): bump github.com/onsi/gomega from 1.27.8 to 1.28.0 * build(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 * build(deps): bump github.com/Microsoft/hcsshim from 0.9.9 to 0.11.1 * build(deps): bump golang.org/x/sys from 0.10.0 to 0.13.0 * Create IPAM files with 0600 permissions * build: Use POSIX sh for shell scripts * build(deps): bump actions/checkout from 3 to 4 * ci(lint) extend timeout to 5 min * build(deps): bump github.com/coreos/go-iptables from 0.6.0 to 0.7.0 * vrf: fix route filter to use output iface * test_linux.sh: Do not fail if called twice * meta: firewall: Fix firewalld test with non-abstract sockets * plugins: meta: portmap: Implement a teardown() fast path * utils: iptables: Use go-iptables' ChainExists() * spoofcheck: Make use of go-nft's ApplyConfigEcho() * test: install binaries using `go install` * build(deps): bump golang.org/x/sys from 0.9.0 to 0.10.0 * [tuning]add ability to set tx queue len * build(deps): bump github.com/onsi/ginkgo/v2 from 2.9.2 to 2.11.0 * build(deps): bump golang.org/x/sys from 0.7.0 to 0.9.0 * Fix race conditions in DHCP test * Add routes propagation for VRF plugin * github: remove stale issue cleanup * tap: allow for a tap device to be created as a bridge port * build(deps): bump alpine in /.github/actions/retest-action ------------------------------------------------------------------- Mon Oct 9 09:40:50 UTC 2023 - Dan Čermák - Bump BuildRequired golang version to >= 1.21, fixes bsc#1216006 ------------------------------------------------------------------- Wed Sep 06 06:16:36 UTC 2023 - danish.prakash@suse.com - Update to version v1.3.0: * [sbr]: Ignore LinkNotFoundError during cmdDel * build(deps): bump github.com/Microsoft/hcsshim from 0.9.8 to 0.9.9 * Bump to golang 1.20 to pick up go1.19.6 / go1.20.1 CVE fixes * Fix ValidateExpectedRoute with non default routes and nil GW * tuning: fix cmdCheck when using IFNAME * bridge, del: timeout after 55 secs of trying to list rules * bridge, spoofcheck: only read the prerouting chain on CNI delete * build: consume specific tables/chains via go-nft * bridge: add vlan trunk support * enable govet and unparam linters * build(deps): bump golang.org/x/sys from 0.6.0 to 0.7.0 * Add parameter to disable default vlan * bridge, spoof check: remove drop rule index * go.mod: bump all deps * linter: fix ginkgolinter errors * Fix wastedassign linter errors * build(deps): bump actions/stale from 7 to 8 * Fix revive linter errors * build(deps): bump actions/setup-go from 3 to 4 * enable durationcheck, predeclared, unconvert, unused and wastedassign linters * remove govet and gofmt from test_linux.sh * enable ginkgolinter linter * enable revive linter * enable gocritic linter * enable gosimple linter * enable nonamedreturns linter * enable ineffassign linter * enable contextcheck linter * enable staticcheck linter * ci(lint): setup golangci-lint * ci(lint): setup yamllint linter Signed-off-by: Matthieu MOREL * Fix overwritten error var in getMTUByName * Update tests to utilize ginkgo/v2 * Update ginkgo to v2 in go.mod, go.sum, vendor * Tap plugin * build(deps): bump github.com/onsi/gomega from 1.24.2 to 1.26.0 * build(deps): bump golang.org/x/sys from 0.4.0 to 0.5.0 * Only check ipv6 when an IPv6 is configured * Add support for in-container master for macvlans * Add support for in-container master for ipvlan * Add support for in-container master for vlans * bridge: re-fetch mac address * Update Allocate method to reuse lease if present * build(deps): bump github.com/safchain/ethtool to v0.2.0 * build(deps): bump golang.org/x/sys from 0.3.0 to 0.4.0 * Add IPv6 support for AddDefaultRoute * build(deps): bump github.com/containernetworking/cni from 1.0.1 to 1.1.2 * build(deps): bump github.com/coreos/go-systemd/v22 from 22.3.2 to 22.5.0 * build(deps): bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5 * build(deps): bump alpine in /.github/actions/retest-action * build(deps): bump github.com/godbus/dbus/v5 from 5.0.4 to 5.1.0 * build(deps): bump github.com/vishvananda/netlink * build(deps): bump github.com/alexflint/go-filemutex from 1.1.0 to 1.2.0 * build(deps): bump github.com/Microsoft/hcsshim from 0.8.20 to 0.9.6 * build(deps): bump github.com/onsi/gomega from 1.15.0 to 1.24.2 * Update dependabot.yml * build(deps): bump actions/checkout from 2 to 3 * build(deps): bump actions/stale from 4 to 7 * build(deps): bump actions/setup-go from 2 to 3 * Update dependabot.yml * Update dependabot.yml * ci(deps): setup dependabot * Fix tuning path validation * Update email to gmail * Update portmap test's iptables error check * Remove references to io/ioutil package * fix bug on getting NextIP of addresses with first byte 0 * Fix path substitution to enable setting sysctls on vlan interfaces * support masquerade all config * host-local: remove unused Release(ip) from type Store interface * Cleanup Socket and Pidfile on exit * dummy: Create a Dummy CNI plugin that creates a virtual interface. * Use the same options for acquiring, renewing lease * bridge: update vlanFiltering variable to make code more readable * ci: only rerun failed jobs on `/retest` * build: support riscv64 * Check for duplicated sysctl keys * Update github.com/vishvananda/netlink to v1.2.0-beta * bridge: support IPAM DNS settings * Bump to go 1.18 * V2 API support for win-overlay CNI * bug: return errors when iptables and ip6tables are unusable * github: ignore issues with "keep" label from stale closing * Make description for `static` plugin more exact * workflow: add something to auto-close stale PRs * ipam/dhcp: Fix client id in renew/release * call ipam.ExceDel after clean up device in netns fix #666 * Add sysctl allowlist ------------------------------------------------------------------- Tue Mar 29 10:08:13 UTC 2022 - fvogt@suse.com - Update to version 1.1.1: * ipam/dhcp: Fix client id in renew/release * call ipam.ExceDel after clean up device in netns fix #666 * portmap: fix checkPorts result when chain does not exist * portmap: fix bug that new udp connection deletes all existing conntrack entries * Enhanced dad set to 1 * Add boolean to enable/disable dad * Disable DAD for container side veth * firewall: support ingressPolicy=(open|same-bridge) for isolating bridges as in Docker * Fix host-device gofmt * host-device: Bring interfaces up after moving into container * pkg/ns: use file system magic numbers from golang.org/x/sys/unix * gofmt * go mod tidy * build: bump to go 1.17 * Remove arp notify setting per comment * plugins: replace arping package with arp_notify * fix #685 * Ran go fmt so tests would pass * Fixed DHCP problem that broke when fast retry was added. * dhcp ipam: adjust retry mechanism * add ipam tests for dpdk device * add ipam support for dpdk device * ipvlan: Send Gratuitous ARP after IPs are set * dhcp ipam: fix client id * dhcp ipam: rename inconsistent options among files * dhcp ipam: add more options capable for sending * dhcp ipam: add fast retry * dhcp ipam: support customizing dhcp options * dhcp ipam: truncate client id to 254 bytes * dhcp ipam: print error correctly without format string * dhcp ipam: using full config to regular the code * Allow setting sysctls on a particular interface * dhcp: remove implemented TODO * Don't redundantly filepath.Clean the output of filepath.Join * Use crypto/rand.Read, not crypto.Reader.Read * bridge: Add macspoofchk support * plugins: fix bug where support for CNI version 0.4.0 or 1.0.0 was dropped * vendor: bump to libcni v1.0.1 * static ipam: do not parse the CIDR twice * static ipam: improve error msgs when provisioning invalid CIDR * bump go to 1.16, other misc fixes * vendor: bump all direct dependencies * vendor: bump to libcni v1.0 * docs: Update the CI badge from Travis CI to GitHub Actions * bridge: Fix typo in error message for promiscuous mode * ip: place veth peer in host namspace directly * bridge: Add mac field to specify container iface mac * static ipam: decide wrong cidr error msg * static ipam: stop wrapping net.ParseCIDR errors * static ipam: show confusing error msg * utils, hwaddr: Remove unused package * ip, link_linux: Remove unused SetHWAddrByIP function * plugins: remove flannel * refactor(win-bridge): netconf * refactor(win-bridge): hcn api processing * refactor(win-bridge): hns api processing * chore(win-bridge): location related * chore(win-bridge): text related * Remove Bryan Boreham as maintainer * host-local: support ip/prefix in env args and CNI args * [sbr]: Use different tableID for every ipCfg Check tableID not in use for every ipCfg * Small typo improves in README.md * Allow multiple routes to be added for the same prefix. Enables ECMP * Update to lastest vendor/github.com/vishvananda/netlink * tuning: always update MAC in CNI result * vendor: bump to libcni v1.0-rc1 * tuning: Add support of altering the allmulticast flag * [sbr]: Use different tableID for every ipCfg Move default table routes which match the ipCfg config * Fix nil-pointer check * host-local: support custom IPs allocation through runtime configuration * pkg/ip: introduce a new type `IP` to support formated [/] * go.mod: github.com/j-keck/arping v1.0.1 * go.mod: github.com/buger/jsonparser v1.1.1 * go.mod: github.com/alexflint/go-filemutex v1.1.0 * go.mod github.com/Microsoft/hcsshim v0.8.16 * go.mod: godbus/dbus/v5 v5.0.3, coreos/go-systemd v22.2.0 * go.mod: github.com/mattn/go-shellwords v1.0.11 * go.mod: github.com/sirupsen/logrus v1.8.1 * CI: Install linux-modules-extra for VRF module * Fix broken links to online docs in plugin READMEs * gha: update actions/setup-go@v2 * remove redundant startRange in RangeIter due to overlap check on multi ranges * fix(win-bridge): panic while calling HNS api * portmap: use slashes in sysctl template to support interface names which separated by dots * pkg/ipam: use slash as sysctl separator so interface name can have dot * [macvlan] Stop setting proxy-arp on macvlan interface * tuning: increase test coverage to 1.0.0 and older spec versions * portmap: increase test coverage to 1.0.0 and older spec versions * flannel: increase test coverage to 1.0.0 and older spec versions * firewall: increase test coverage to 1.0.0 and older spec versions * bandwidth: increase test coverage to 1.0.0 and older spec versions * host-local: increase test coverage to 1.0.0 and older spec versions * static: increase test coverage to 1.0.0 and older spec versions * dhcp: increase test coverage to 1.0.0 and older spec versions * dhcp: add -resendmax option to limit lease acquisition time for testcases * vlan: increase test coverage to 1.0.0 and older spec versions * ptp: increase test coverage to 1.0.0 and older spec versions * macvlan: increase test coverage to 1.0.0 and older spec versions * loopback: increase test coverage to 1.0.0 and older spec versions * ipvlan: increase test coverage to 1.0.0 and older spec versions * host-device: increase test coverage to 1.0.0 and older spec versions * bridge: increase test coverage to 1.0.0 and older spec versions * bridge: simplify version-based testcase code * testutils: add test utilities for spec version features * plugins: update to spec version 1.0.0 * vendor: bump CNI to 1.0.0-pre @ 62e54113 (fixes bsc#1181961 aka CVE-2021-20206) - Drop %go_nostrip ------------------------------------------------------------------- Mon Apr 26 17:17:41 UTC 2021 - rpm@fthiessen.de - Update to version 0.9.1: * ipam/dhcp: Add broadcast flag * add flannel to support dual stack ip * bandwidth: fix panic in tests * host-device: Add support for DPDK device * [main/vlan] Fix error handling for delegate IPAM plugin * dhcp: default dhcp clien timeout is 10s * vlan: fix error message text by removing ptp references * dhcp: daemon dhcp client timeout is configurable * dhcp: timeout value is set in DHCP daemon * remove unused function * deps: go mod tidy coreos/go-iptables * deps: bump coreos/go-iptables ------------------------------------------------------------------- Fri Jan 08 12:16:37 UTC 2021 - rbrown@suse.com - Update to version 0.9.0: * tuning: revert values on delete (#540) * go mod tidy * bump to go 1.15 * Add ability to trigger retests via comments * pkg/ns: fix test case to tolerate pids going away. * Add github build & test actions * bridge: fix testcase to check addresses we care about * Remove travis. * vendor: bump ginkgo, gover * portmap plugin should flush previous udp connections * Updating plugin README.md files (#549) * update netlink dependencies * Xdhcp: fix example configuration * VRF: extend supported version to 0.3.1 too. * VRF CNI: Add an optional table parameter. * Add more tests for the vrf cni plugin. * Update github.com/vishvananda/netlink to v1.1.0 * Introduce a new VRF CNI meta plugin. * Travis: run tests on arm64 * Replace nc with the local echo client. * Add an echo client to be used instead of nc. * Bump up the ubuntu version used in CI to bionic. * flannel: allow input ipam parameters as basis for delegate * ipvlan: make master config as optional * Remove extraneous test file in Windows plugin ------------------------------------------------------------------- Mon Aug 31 09:15:35 UTC 2020 - dmueller@suse.com - Update to version 0.8.7: * Fix race condition in GetCurrentNS * lo: CNI_IFNAME is no longer ignored * cni: bump to 0.8.0 * Bump Go version to 1.13 and 1.14 * Add contact info * Update firewall README.md CNI-ADMIN * firewall: fix some typos in docs * portmap DEL noop if no portMappings present * flannel: remove net conf file after DEL succeed ------------------------------------------------------------------- Wed Jun 17 08:38:27 UTC 2020 - John Paul Adrian Glaubitz - Update to version 0.8.6 (bsc#1172410 CVE-2020-10749) * New features * Support device id in host device plugin (#471). * win-bridge: add support for portMappings capability (#475). * Make host-device to work with virtio net device (#453). * Small improvements * ptp, bridge: disable accept_ra on the host-side interface (#484). * modify the error url of windowscontainer (#460). * portmap: Apply the DNAT hairpin to the whole subnet (#469). The DNAT hairpin rule only allow the * container itself to access the ports it is exposing thru the host IP. Other containers in the same subnet might also want to access this service via the host IP, so apply this rule to the whole subnet instead of just for the container. * Unlock OS thread after netns is restored (#455). * Bugfixes * plugins/meta/sbr: Adjusted ipv6 address mask to /128 (#479). A /64 mask was used which routed an entire cidr based on source, not only the bound address. * check bridge's port state (#468). fix #463 * Reset the route flag before moving the rule (#472). * replace juju/errors because of CNCF license scan (#458). ref to #457 * loopback: Fix ipv6 address checks (#442). Fixes a minor bug in loopback plugin. The IPv6 address check loops over IPv4 addresses. - from version 0.8.5 * Bugfixes * bridge: Fix for the case where kernel doesn't have CONFIG_BRIDGE_VLAN_FILTERING (#434) fixes #370. * vlan: Fix vlan plugin returning error when device is already removed (#438). * Improvements * sysctl: Improve support of sysctl name separators (#437). ------------------------------------------------------------------- Thu Jan 9 13:24:41 UTC 2020 - Sascha Grunert - Update to version 0.8.4 (bsc#1160460): * add support for mips64le * Add missing cniVersion in README example * bump go-iptables module to v0.4.5 * iptables: add idempotent functions * portmap doesn't fail if chain doesn't exist * fix portmap port forward flakiness * Add Bruce Ma and Piotr Skarmuk as owners ------------------------------------------------------------------- Mon Nov 11 14:53:55 UTC 2019 - sgrunert@suse.com - Update to version 0.8.3: * Enhancements: * static: prioritize the input sources for IPs (#400). * tuning: send gratuitous ARP in case of MAC address update (#403). * bandwidth: use uint64 for Bandwidth value (#389). * ptp: only override DNS conf if DNS settings provided (#388). * loopback: When prevResults are not supplied to loopback plugin, create results to return (#383). * loopback support CNI CHECK and result cache (#374). * Better input validation: * vlan: add MTU validation to loadNetConf (#405). * macvlan: add MTU validation to loadNetConf (#404). * bridge: check vlan id when loading net conf (#394). * Bugfixes: * bugfix: defer after err check, or it may panic (#391). * portmap: Fix dual-stack support (#379). * firewall: don't return error in DEL if prevResult is not found (#390). * bump up libcni back to v0.7.1 (#377). * Tests: * integration: fix ip address collision in integration tests (#409). * testutils: newNS() works in a rootless user namespace (#401). * Bump Go version (#386). * Cleanup netns after test suite (#375). * Docs: * contributing doc: revise test script name to run (#396). * contributing doc: describe cnitool installation (#397). ------------------------------------------------------------------- Fri Aug 16 12:18:36 UTC 2019 - John Paul Adrian Glaubitz - Update plugins to v0.8.2 + New features: * Support "args" in static and tuning * Add Loopback DSR support, allow l2tunnel networks to be used with the l2bridge plugin * host-local: return error if same ADD request is seen twice * bandwidth: fix collisions * Support ips capability in static and mac capability in tuning * pkg/veth: Make host-side veth name configurable + Bug fixes: * Fix: failed to set bridge addr: could not add IP address to "cni0": file exists * host-device: revert name setting to make retries idempotent (#357). * Vendor update go-iptables. Vendor update go-iptables to obtain commit f1d0510cabcb710d5c5dd284096f81444b9d8d10 * Update go.mod & go.sub * Remove link Down/Up in MAC address change to prevent route flush (#364). * pkg/ip unit test: be agnostic of Linux version, on Linux 4.4 the syscall error message is "invalid argument" not "file exists" * bump containernetworking/cni to v0.7.1 ------------------------------------------------------------------- Thu Jun 6 12:36:17 UTC 2019 - John Paul Adrian Glaubitz - Updated plugins to v0.8.1: + Bugs: * bridge: fix ipMasq setup to use correct source address * fix compilation error on 386 * bandwidth: get bandwidth interface in host ns through container interface + Improvements: * Release: bump go to v1.12 * host-device: add pciBusID property - Drop patches merged upstream: + 0001_use_Go_facilities_to_get_a_socket.patch ------------------------------------------------------------------- Mon May 20 09:41:05 UTC 2019 - John Paul Adrian Glaubitz - Updated plugins to v0.8.0: + New plugins: * bandwidth - limit incoming and outgoing bandwidth * firewall - add containers to firewall rules * sbr - convert container routes to source-based routes * static - assign a fixed IP address * win-bridge, win-overlay: Windows plugins + Plugin features / changelog: * CHECK Support * macvlan: - Allow to configure empty ipam for macvlan - Make master config optional * bridge: - Add vlan tag to the bridge cni plugin - Allow the user to assign VLAN tag - L2 bridge Implementation. * dhcp: - Include Subnet Mask option parameter in DHCPREQUEST - Add systemd unit file to activate socket with systemd - Add container ifName to the dhcp clientID, making the clientID value * flannel: - Pass through runtimeConfig to delegate * host-local: - host-local: add ifname to file tracking IP address used * host-device: - Support the IPAM in the host-device - Handle empty netns in DEL for loopback and host-device * tuning: - adds 'ip link' command related feature into tuning + Bug fixes & minor changes * Correctly DEL on ipam failure for all plugins * Fix bug on ip revert if cmdAdd fails on macvlan and host-device * host-device: Ensure device is down before rename * Fix -hostprefix option * some DHCP servers expect to request for explicit router options * bridge: release IP in case of error * change source of ipmasq rule from ipn to ip + Build fixes: * test: add coveralls support * plugins: correctly output build version, cosmetic cleanups * Move Windows tests to Travis - from version v0.7.5: + This release takes a minor change to the portmap plugin: * Portmap: append, rather than prepend, entry rules + This fixes a potential issue where firewall rules may be bypassed by port mapping - Include patch to fix the build on i586: + 0001_use_Go_facilities_to_get_a_socket.patch - Use new build_linux.sh script instead of removed build.sh ------------------------------------------------------------------- Fri Jan 25 10:44:20 UTC 2019 - Sascha Grunert - Updated plugins to v0.7.4: - Add host-device plugin, which simply moves a device from the host network namespace - Portmap now uses a more efficient rule structure - host-local can receive ranges as a RuntimeArgument - DHCP daemon can be containerized - DHCP now correctly parses routes - Various Windows build fixes - Waiting for DAD is skipped when possible - Bridge now uses a stable mac - Fix a regression where the interface's MAC address was no longer populated in the return type. ------------------------------------------------------------------- Wed Dec 12 15:53:32 UTC 2018 - alvaro.saurin@suse.com - Updated to a supported version of Go (due to security reasons) ------------------------------------------------------------------- Tue Jun 5 08:22:45 UTC 2018 - dcassany@suse.com - Refactor %license usage to a simpler form ------------------------------------------------------------------- Mon Jun 4 13:40:36 UTC 2018 - dcassany@suse.com - Make use of %license macro ------------------------------------------------------------------- Tue Dec 19 13:08:33 UTC 2017 - alvaro.saurin@suse.com - Require cni ------------------------------------------------------------------- Mon Aug 28 18:15:00 UTC 2017 - alvaro.saurin@suse.com - Install docs in the cni-plugins dir ------------------------------------------------------------------- Mon Aug 28 15:13:37 UTC 2017 - alvaro.saurin@suse.com - Initial version from CNI plugins v0.6.0