From 816b4354c519773ed987b5dec6e30c9468dcb1e1ca9eecc32b7737591c51c124 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= Date: Tue, 26 Nov 2024 16:22:17 +0000 Subject: [PATCH] add iptables OBS-URL: https://build.opensuse.org/package/show/devel:microos/cni-plugins?expand=0&rev=15 --- .gitattributes | 23 ++ .gitignore | 1 + _service | 19 ++ _servicedata | 4 + cni-plugins-1.5.1.tar.xz | 3 + cni-plugins-1.6.0.tar.xz | 3 + cni-plugins.changes | 593 +++++++++++++++++++++++++++++++++++++++ cni-plugins.conf | 4 + cni-plugins.spec | 91 ++++++ 9 files changed, 741 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 _service create mode 100644 _servicedata create mode 100644 cni-plugins-1.5.1.tar.xz create mode 100644 cni-plugins-1.6.0.tar.xz create mode 100644 cni-plugins.changes create mode 100644 cni-plugins.conf create mode 100644 cni-plugins.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/_service b/_service new file mode 100644 index 0000000..77860b6 --- /dev/null +++ b/_service @@ -0,0 +1,19 @@ + + + https://github.com/containernetworking/plugins.git + git + cni-plugins + .git + v1.6.0 + @PARENT_TAG@ + enable + v(.*) + + + cni-plugins-*.tar + xz + + + cni-plugins + + diff --git a/_servicedata b/_servicedata new file mode 100644 index 0000000..334ab34 --- /dev/null +++ b/_servicedata @@ -0,0 +1,4 @@ + + + https://github.com/containernetworking/plugins.git + fec2d62676cbe4f2fd587b4840c7fc021bead3f9 \ No newline at end of file diff --git a/cni-plugins-1.5.1.tar.xz b/cni-plugins-1.5.1.tar.xz new file mode 100644 index 0000000..b6b3771 --- /dev/null +++ b/cni-plugins-1.5.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:681a5c79b48c26ab74dac1a587de043583b8e9a16f22c0b49b024bb72abf936b +size 2032368 diff --git a/cni-plugins-1.6.0.tar.xz b/cni-plugins-1.6.0.tar.xz new file mode 100644 index 0000000..6e0d117 --- /dev/null +++ b/cni-plugins-1.6.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a2ff0ca1528fc4cc0fdc242ce0de4276a256b8a4f0a1feb6b3bf1ac32ebd3811 +size 2045436 diff --git a/cni-plugins.changes b/cni-plugins.changes new file mode 100644 index 0000000..1ad89b9 --- /dev/null +++ b/cni-plugins.changes @@ -0,0 +1,593 @@ +------------------------------------------------------------------- +Tue Oct 22 12:13:41 UTC 2024 - Alexandre Vicenzi + +- Require iptables (bsc#1231424) + * Add cni-iptables.conf to load required kernel modules + +------------------------------------------------------------------- +Tue Oct 22 05:29:37 UTC 2024 - madhankumar.chellamuthu@suse.com + +- Update to version 1.6.0: + * Pass status along ipam update + * feat(dhcp): Cancel backoff retry on stop + * fix(dhcp): can not renew an ip address + * build(deps): bump golang.org/x/sys in the golang group + * VRF: Wait for the local/host routes to be added + * add problem hint + * make test working again + * Revert "Merge pull request #921 from oOraph/dev/exclude_subnets_from_traffic_shapping2" + * resolve merge conflicts + * build(deps): bump the golang group across 1 directory with 2 updates + * host-device: use temp network namespace for rename + * Fix txqueuelen being accidentally set to zero + * Ignore link-local routes in SBR tests + * build(deps): bump the golang group with 3 updates + * ci, go.mod: bump to go 1.23 (#1094) + * dhcp: Add priority option to dhcp. + * .github: add check to verify vendor directory + * Add nftables backend to portmap + * Fix portmap unit tests + * Add a backend abstraction to the portmap plugin + * Add nftables implementation of ipmasq + * Vendor nftables library, add utils.SupportsIPTables and utils.SupportsNFTables + * Use of Scope for routes in IPAM + * SBR: option to pass the table id (#1088) + * Update containernetworking/cni to v1.2.3 for GC + * Update go-iptables + * macvlan: add bcqueuelen setting + * build(deps): bump the golang group across 1 directory with 4 updates + * build: update github.com/vishvananda/netlink to 1.3.0 + * Fix unnecessary retrying when the link is down in dhcp. + * test: bump go version + * .github: fix double-triggering CI + * Change chown to change current dir as well + * build(deps): bump the golang group with 2 updates + +------------------------------------------------------------------- +Mon Jun 17 15:56:20 UTC 2024 - Enrico Belleri + +- Update to version 1.5.1: + * Support DeviceID on Auxiliary Bus + * Dev/exclude subnets from traffic shaping + * Use temporary name for netdevice when moving in/out of NS + +- Update to version 1.5.0: + + New Features: + + * Support DeviceID on Auxiliary Bus by @adrianchiris in #1003 + * Dev/exclude subnets from traffic shaping by @oOraph in #921 + + Fixes: + + * Fix release script in github action by @s1061123 in #1037. + * Use temporary name for netdevice when moving in/out of NS by @adrianchiris in #1002 + +------------------------------------------------------------------- +Wed Mar 06 12:28:38 UTC 2024 - dcermak@suse.com + +- Update to version 1.4.0: + * build(deps): bump the golang group with 2 updates + * Bump to golang:1.21-alpine in release.sh + * Add CNI_NETNS_OVERRIDE for upcoming CNI change + * build(deps): bump the golang group with 3 updates + * revert some code in pr 962 + * bridge: fix spelling + * bridge: remove useless firstV4Addr + * bridge: remove useless check + * Add ndisc_notify in ipvlan for ipv6 ndp + * macvlan: enable ipv6 ndisc_notify + * build(deps): bump google.golang.org/grpc from 1.50.1 to 1.56.3 + * build(deps): bump the golang group with 3 updates + * dependabot: batch updates + * fix workflow warnings + * fix lint errors + * macvlan cmdDel: replace the loadConf function with json.unmarshal + * build(deps): bump github.com/onsi/gomega from 1.27.8 to 1.28.0 + * build(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 + * build(deps): bump github.com/Microsoft/hcsshim from 0.9.9 to 0.11.1 + * build(deps): bump golang.org/x/sys from 0.10.0 to 0.13.0 + * Create IPAM files with 0600 permissions + * build: Use POSIX sh for shell scripts + * build(deps): bump actions/checkout from 3 to 4 + * ci(lint) extend timeout to 5 min + * build(deps): bump github.com/coreos/go-iptables from 0.6.0 to 0.7.0 + * vrf: fix route filter to use output iface + * test_linux.sh: Do not fail if called twice + * meta: firewall: Fix firewalld test with non-abstract sockets + * plugins: meta: portmap: Implement a teardown() fast path + * utils: iptables: Use go-iptables' ChainExists() + * spoofcheck: Make use of go-nft's ApplyConfigEcho() + * test: install binaries using `go install` + * build(deps): bump golang.org/x/sys from 0.9.0 to 0.10.0 + * [tuning]add ability to set tx queue len + * build(deps): bump github.com/onsi/ginkgo/v2 from 2.9.2 to 2.11.0 + * build(deps): bump golang.org/x/sys from 0.7.0 to 0.9.0 + * Fix race conditions in DHCP test + * Add routes propagation for VRF plugin + * github: remove stale issue cleanup + * tap: allow for a tap device to be created as a bridge port + * build(deps): bump alpine in /.github/actions/retest-action + +------------------------------------------------------------------- +Mon Oct 9 09:40:50 UTC 2023 - Dan Čermák + +- Bump BuildRequired golang version to >= 1.21, fixes bsc#1216006 + +------------------------------------------------------------------- +Wed Sep 06 06:16:36 UTC 2023 - danish.prakash@suse.com + +- Update to version v1.3.0: + * [sbr]: Ignore LinkNotFoundError during cmdDel + * build(deps): bump github.com/Microsoft/hcsshim from 0.9.8 to 0.9.9 + * Bump to golang 1.20 to pick up go1.19.6 / go1.20.1 CVE fixes + * Fix ValidateExpectedRoute with non default routes and nil GW + * tuning: fix cmdCheck when using IFNAME + * bridge, del: timeout after 55 secs of trying to list rules + * bridge, spoofcheck: only read the prerouting chain on CNI delete + * build: consume specific tables/chains via go-nft + * bridge: add vlan trunk support + * enable govet and unparam linters + * build(deps): bump golang.org/x/sys from 0.6.0 to 0.7.0 + * Add parameter to disable default vlan + * bridge, spoof check: remove drop rule index + * go.mod: bump all deps + * linter: fix ginkgolinter errors + * Fix wastedassign linter errors + * build(deps): bump actions/stale from 7 to 8 + * Fix revive linter errors + * build(deps): bump actions/setup-go from 3 to 4 + * enable durationcheck, predeclared, unconvert, unused and wastedassign linters + * remove govet and gofmt from test_linux.sh + * enable ginkgolinter linter + * enable revive linter + * enable gocritic linter + * enable gosimple linter + * enable nonamedreturns linter + * enable ineffassign linter + * enable contextcheck linter + * enable staticcheck linter + * ci(lint): setup golangci-lint + * ci(lint): setup yamllint linter Signed-off-by: Matthieu MOREL + * Fix overwritten error var in getMTUByName + * Update tests to utilize ginkgo/v2 + * Update ginkgo to v2 in go.mod, go.sum, vendor + * Tap plugin + * build(deps): bump github.com/onsi/gomega from 1.24.2 to 1.26.0 + * build(deps): bump golang.org/x/sys from 0.4.0 to 0.5.0 + * Only check ipv6 when an IPv6 is configured + * Add support for in-container master for macvlans + * Add support for in-container master for ipvlan + * Add support for in-container master for vlans + * bridge: re-fetch mac address + * Update Allocate method to reuse lease if present + * build(deps): bump github.com/safchain/ethtool to v0.2.0 + * build(deps): bump golang.org/x/sys from 0.3.0 to 0.4.0 + * Add IPv6 support for AddDefaultRoute + * build(deps): bump github.com/containernetworking/cni from 1.0.1 to 1.1.2 + * build(deps): bump github.com/coreos/go-systemd/v22 from 22.3.2 to 22.5.0 + * build(deps): bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5 + * build(deps): bump alpine in /.github/actions/retest-action + * build(deps): bump github.com/godbus/dbus/v5 from 5.0.4 to 5.1.0 + * build(deps): bump github.com/vishvananda/netlink + * build(deps): bump github.com/alexflint/go-filemutex from 1.1.0 to 1.2.0 + * build(deps): bump github.com/Microsoft/hcsshim from 0.8.20 to 0.9.6 + * build(deps): bump github.com/onsi/gomega from 1.15.0 to 1.24.2 + * Update dependabot.yml + * build(deps): bump actions/checkout from 2 to 3 + * build(deps): bump actions/stale from 4 to 7 + * build(deps): bump actions/setup-go from 2 to 3 + * Update dependabot.yml + * Update dependabot.yml + * ci(deps): setup dependabot + * Fix tuning path validation + * Update email to gmail + * Update portmap test's iptables error check + * Remove references to io/ioutil package + * fix bug on getting NextIP of addresses with first byte 0 + * Fix path substitution to enable setting sysctls on vlan interfaces + * support masquerade all config + * host-local: remove unused Release(ip) from type Store interface + * Cleanup Socket and Pidfile on exit + * dummy: Create a Dummy CNI plugin that creates a virtual interface. + * Use the same options for acquiring, renewing lease + * bridge: update vlanFiltering variable to make code more readable + * ci: only rerun failed jobs on `/retest` + * build: support riscv64 + * Check for duplicated sysctl keys + * Update github.com/vishvananda/netlink to v1.2.0-beta + * bridge: support IPAM DNS settings + * Bump to go 1.18 + * V2 API support for win-overlay CNI + * bug: return errors when iptables and ip6tables are unusable + * github: ignore issues with "keep" label from stale closing + * Make description for `static` plugin more exact + * workflow: add something to auto-close stale PRs + * ipam/dhcp: Fix client id in renew/release + * call ipam.ExceDel after clean up device in netns fix #666 + * Add sysctl allowlist + +------------------------------------------------------------------- +Tue Mar 29 10:08:13 UTC 2022 - fvogt@suse.com + +- Update to version 1.1.1: + * ipam/dhcp: Fix client id in renew/release + * call ipam.ExceDel after clean up device in netns fix #666 + * portmap: fix checkPorts result when chain does not exist + * portmap: fix bug that new udp connection deletes all existing conntrack entries + * Enhanced dad set to 1 + * Add boolean to enable/disable dad + * Disable DAD for container side veth + * firewall: support ingressPolicy=(open|same-bridge) for isolating bridges as in Docker + * Fix host-device gofmt + * host-device: Bring interfaces up after moving into container + * pkg/ns: use file system magic numbers from golang.org/x/sys/unix + * gofmt + * go mod tidy + * build: bump to go 1.17 + * Remove arp notify setting per comment + * plugins: replace arping package with arp_notify + * fix #685 + * Ran go fmt so tests would pass + * Fixed DHCP problem that broke when fast retry was added. + * dhcp ipam: adjust retry mechanism + * add ipam tests for dpdk device + * add ipam support for dpdk device + * ipvlan: Send Gratuitous ARP after IPs are set + * dhcp ipam: fix client id + * dhcp ipam: rename inconsistent options among files + * dhcp ipam: add more options capable for sending + * dhcp ipam: add fast retry + * dhcp ipam: support customizing dhcp options + * dhcp ipam: truncate client id to 254 bytes + * dhcp ipam: print error correctly without format string + * dhcp ipam: using full config to regular the code + * Allow setting sysctls on a particular interface + * dhcp: remove implemented TODO + * Don't redundantly filepath.Clean the output of filepath.Join + * Use crypto/rand.Read, not crypto.Reader.Read + * bridge: Add macspoofchk support + * plugins: fix bug where support for CNI version 0.4.0 or 1.0.0 was dropped + * vendor: bump to libcni v1.0.1 + * static ipam: do not parse the CIDR twice + * static ipam: improve error msgs when provisioning invalid CIDR + * bump go to 1.16, other misc fixes + * vendor: bump all direct dependencies + * vendor: bump to libcni v1.0 + * docs: Update the CI badge from Travis CI to GitHub Actions + * bridge: Fix typo in error message for promiscuous mode + * ip: place veth peer in host namspace directly + * bridge: Add mac field to specify container iface mac + * static ipam: decide wrong cidr error msg + * static ipam: stop wrapping net.ParseCIDR errors + * static ipam: show confusing error msg + * utils, hwaddr: Remove unused package + * ip, link_linux: Remove unused SetHWAddrByIP function + * plugins: remove flannel + * refactor(win-bridge): netconf + * refactor(win-bridge): hcn api processing + * refactor(win-bridge): hns api processing + * chore(win-bridge): location related + * chore(win-bridge): text related + * Remove Bryan Boreham as maintainer + * host-local: support ip/prefix in env args and CNI args + * [sbr]: Use different tableID for every ipCfg Check tableID not in use for every ipCfg + * Small typo improves in README.md + * Allow multiple routes to be added for the same prefix. Enables ECMP + * Update to lastest vendor/github.com/vishvananda/netlink + * tuning: always update MAC in CNI result + * vendor: bump to libcni v1.0-rc1 + * tuning: Add support of altering the allmulticast flag + * [sbr]: Use different tableID for every ipCfg Move default table routes which match the ipCfg config + * Fix nil-pointer check + * host-local: support custom IPs allocation through runtime configuration + * pkg/ip: introduce a new type `IP` to support formated [/] + * go.mod: github.com/j-keck/arping v1.0.1 + * go.mod: github.com/buger/jsonparser v1.1.1 + * go.mod: github.com/alexflint/go-filemutex v1.1.0 + * go.mod github.com/Microsoft/hcsshim v0.8.16 + * go.mod: godbus/dbus/v5 v5.0.3, coreos/go-systemd v22.2.0 + * go.mod: github.com/mattn/go-shellwords v1.0.11 + * go.mod: github.com/sirupsen/logrus v1.8.1 + * CI: Install linux-modules-extra for VRF module + * Fix broken links to online docs in plugin READMEs + * gha: update actions/setup-go@v2 + * remove redundant startRange in RangeIter due to overlap check on multi ranges + * fix(win-bridge): panic while calling HNS api + * portmap: use slashes in sysctl template to support interface names which separated by dots + * pkg/ipam: use slash as sysctl separator so interface name can have dot + * [macvlan] Stop setting proxy-arp on macvlan interface + * tuning: increase test coverage to 1.0.0 and older spec versions + * portmap: increase test coverage to 1.0.0 and older spec versions + * flannel: increase test coverage to 1.0.0 and older spec versions + * firewall: increase test coverage to 1.0.0 and older spec versions + * bandwidth: increase test coverage to 1.0.0 and older spec versions + * host-local: increase test coverage to 1.0.0 and older spec versions + * static: increase test coverage to 1.0.0 and older spec versions + * dhcp: increase test coverage to 1.0.0 and older spec versions + * dhcp: add -resendmax option to limit lease acquisition time for testcases + * vlan: increase test coverage to 1.0.0 and older spec versions + * ptp: increase test coverage to 1.0.0 and older spec versions + * macvlan: increase test coverage to 1.0.0 and older spec versions + * loopback: increase test coverage to 1.0.0 and older spec versions + * ipvlan: increase test coverage to 1.0.0 and older spec versions + * host-device: increase test coverage to 1.0.0 and older spec versions + * bridge: increase test coverage to 1.0.0 and older spec versions + * bridge: simplify version-based testcase code + * testutils: add test utilities for spec version features + * plugins: update to spec version 1.0.0 + * vendor: bump CNI to 1.0.0-pre @ 62e54113 (fixes bsc#1181961 aka CVE-2021-20206) +- Drop %go_nostrip + +------------------------------------------------------------------- +Mon Apr 26 17:17:41 UTC 2021 - rpm@fthiessen.de + +- Update to version 0.9.1: + * ipam/dhcp: Add broadcast flag + * add flannel to support dual stack ip + * bandwidth: fix panic in tests + * host-device: Add support for DPDK device + * [main/vlan] Fix error handling for delegate IPAM plugin + * dhcp: default dhcp clien timeout is 10s + * vlan: fix error message text by removing ptp references + * dhcp: daemon dhcp client timeout is configurable + * dhcp: timeout value is set in DHCP daemon + * remove unused function + * deps: go mod tidy coreos/go-iptables + * deps: bump coreos/go-iptables + +------------------------------------------------------------------- +Fri Jan 08 12:16:37 UTC 2021 - rbrown@suse.com + +- Update to version 0.9.0: + * tuning: revert values on delete (#540) + * go mod tidy + * bump to go 1.15 + * Add ability to trigger retests via comments + * pkg/ns: fix test case to tolerate pids going away. + * Add github build & test actions + * bridge: fix testcase to check addresses we care about + * Remove travis. + * vendor: bump ginkgo, gover + * portmap plugin should flush previous udp connections + * Updating plugin README.md files (#549) + * update netlink dependencies + * Xdhcp: fix example configuration + * VRF: extend supported version to 0.3.1 too. + * VRF CNI: Add an optional table parameter. + * Add more tests for the vrf cni plugin. + * Update github.com/vishvananda/netlink to v1.1.0 + * Introduce a new VRF CNI meta plugin. + * Travis: run tests on arm64 + * Replace nc with the local echo client. + * Add an echo client to be used instead of nc. + * Bump up the ubuntu version used in CI to bionic. + * flannel: allow input ipam parameters as basis for delegate + * ipvlan: make master config as optional + * Remove extraneous test file in Windows plugin + +------------------------------------------------------------------- +Mon Aug 31 09:15:35 UTC 2020 - dmueller@suse.com + +- Update to version 0.8.7: + * Fix race condition in GetCurrentNS + * lo: CNI_IFNAME is no longer ignored + * cni: bump to 0.8.0 + * Bump Go version to 1.13 and 1.14 + * Add contact info + * Update firewall README.md CNI-ADMIN + * firewall: fix some typos in docs + * portmap DEL noop if no portMappings present + * flannel: remove net conf file after DEL succeed + +------------------------------------------------------------------- +Wed Jun 17 08:38:27 UTC 2020 - John Paul Adrian Glaubitz + +- Update to version 0.8.6 (bsc#1172410 CVE-2020-10749) + * New features + * Support device id in host device plugin (#471). + * win-bridge: add support for portMappings capability (#475). + * Make host-device to work with virtio net device (#453). + * Small improvements + * ptp, bridge: disable accept_ra on the host-side interface (#484). + * modify the error url of windowscontainer (#460). + * portmap: Apply the DNAT hairpin to the whole subnet (#469). The DNAT hairpin + rule only allow the * container itself to access the ports it is exposing thru + the host IP. Other containers in the same subnet might also want to access this + service via the host IP, so apply this rule to the whole subnet instead of just + for the container. + * Unlock OS thread after netns is restored (#455). + * Bugfixes + * plugins/meta/sbr: Adjusted ipv6 address mask to /128 (#479). A /64 mask was used + which routed an entire cidr based on source, not only the bound address. + * check bridge's port state (#468). fix #463 + * Reset the route flag before moving the rule (#472). + * replace juju/errors because of CNCF license scan (#458). ref to #457 + * loopback: Fix ipv6 address checks (#442). Fixes a minor bug in loopback plugin. + The IPv6 address check loops over IPv4 addresses. +- from version 0.8.5 + * Bugfixes + * bridge: Fix for the case where kernel doesn't have CONFIG_BRIDGE_VLAN_FILTERING + (#434) fixes #370. + * vlan: Fix vlan plugin returning error when device is already removed (#438). + * Improvements + * sysctl: Improve support of sysctl name separators (#437). + +------------------------------------------------------------------- +Thu Jan 9 13:24:41 UTC 2020 - Sascha Grunert + +- Update to version 0.8.4 (bsc#1160460): + * add support for mips64le + * Add missing cniVersion in README example + * bump go-iptables module to v0.4.5 + * iptables: add idempotent functions + * portmap doesn't fail if chain doesn't exist + * fix portmap port forward flakiness + * Add Bruce Ma and Piotr Skarmuk as owners + +------------------------------------------------------------------- +Mon Nov 11 14:53:55 UTC 2019 - sgrunert@suse.com + +- Update to version 0.8.3: + * Enhancements: + * static: prioritize the input sources for IPs (#400). + * tuning: send gratuitous ARP in case of MAC address update (#403). + * bandwidth: use uint64 for Bandwidth value (#389). + * ptp: only override DNS conf if DNS settings provided (#388). + * loopback: When prevResults are not supplied to loopback plugin, create results to return (#383). + * loopback support CNI CHECK and result cache (#374). + * Better input validation: + * vlan: add MTU validation to loadNetConf (#405). + * macvlan: add MTU validation to loadNetConf (#404). + * bridge: check vlan id when loading net conf (#394). + * Bugfixes: + * bugfix: defer after err check, or it may panic (#391). + * portmap: Fix dual-stack support (#379). + * firewall: don't return error in DEL if prevResult is not found (#390). + * bump up libcni back to v0.7.1 (#377). + * Tests: + * integration: fix ip address collision in integration tests (#409). + * testutils: newNS() works in a rootless user namespace (#401). + * Bump Go version (#386). + * Cleanup netns after test suite (#375). + * Docs: + * contributing doc: revise test script name to run (#396). + * contributing doc: describe cnitool installation (#397). + +------------------------------------------------------------------- +Fri Aug 16 12:18:36 UTC 2019 - John Paul Adrian Glaubitz + +- Update plugins to v0.8.2 + + New features: + * Support "args" in static and tuning + * Add Loopback DSR support, allow l2tunnel networks + to be used with the l2bridge plugin + * host-local: return error if same ADD request is seen twice + * bandwidth: fix collisions + * Support ips capability in static and mac capability in tuning + * pkg/veth: Make host-side veth name configurable + + Bug fixes: + * Fix: failed to set bridge addr: could not add IP address to "cni0": file exists + * host-device: revert name setting to make retries idempotent (#357). + * Vendor update go-iptables. Vendor update go-iptables to + obtain commit f1d0510cabcb710d5c5dd284096f81444b9d8d10 + * Update go.mod & go.sub + * Remove link Down/Up in MAC address change to prevent route flush (#364). + * pkg/ip unit test: be agnostic of Linux version, on Linux 4.4 the syscall + error message is "invalid argument" not "file exists" + * bump containernetworking/cni to v0.7.1 + +------------------------------------------------------------------- +Thu Jun 6 12:36:17 UTC 2019 - John Paul Adrian Glaubitz + +- Updated plugins to v0.8.1: + + Bugs: + * bridge: fix ipMasq setup to use correct source address + * fix compilation error on 386 + * bandwidth: get bandwidth interface in host ns through + container interface + + Improvements: + * Release: bump go to v1.12 + * host-device: add pciBusID property +- Drop patches merged upstream: + + 0001_use_Go_facilities_to_get_a_socket.patch + +------------------------------------------------------------------- +Mon May 20 09:41:05 UTC 2019 - John Paul Adrian Glaubitz + +- Updated plugins to v0.8.0: + + New plugins: + * bandwidth - limit incoming and outgoing bandwidth + * firewall - add containers to firewall rules + * sbr - convert container routes to source-based routes + * static - assign a fixed IP address + * win-bridge, win-overlay: Windows plugins + + Plugin features / changelog: + * CHECK Support + * macvlan: + - Allow to configure empty ipam for macvlan + - Make master config optional + * bridge: + - Add vlan tag to the bridge cni plugin + - Allow the user to assign VLAN tag + - L2 bridge Implementation. + * dhcp: + - Include Subnet Mask option parameter in DHCPREQUEST + - Add systemd unit file to activate socket with systemd + - Add container ifName to the dhcp clientID, making the + clientID value + * flannel: + - Pass through runtimeConfig to delegate + * host-local: + - host-local: add ifname to file tracking IP address used + * host-device: + - Support the IPAM in the host-device + - Handle empty netns in DEL for loopback and host-device + * tuning: + - adds 'ip link' command related feature into tuning + + Bug fixes & minor changes + * Correctly DEL on ipam failure for all plugins + * Fix bug on ip revert if cmdAdd fails on macvlan and host-device + * host-device: Ensure device is down before rename + * Fix -hostprefix option + * some DHCP servers expect to request for explicit router options + * bridge: release IP in case of error + * change source of ipmasq rule from ipn to ip + + Build fixes: + * test: add coveralls support + * plugins: correctly output build version, cosmetic cleanups + * Move Windows tests to Travis +- from version v0.7.5: + + This release takes a minor change to the portmap plugin: + * Portmap: append, rather than prepend, entry rules + + This fixes a potential issue where firewall rules may + be bypassed by port mapping +- Include patch to fix the build on i586: + + 0001_use_Go_facilities_to_get_a_socket.patch +- Use new build_linux.sh script instead of removed build.sh + +------------------------------------------------------------------- +Fri Jan 25 10:44:20 UTC 2019 - Sascha Grunert + +- Updated plugins to v0.7.4: + - Add host-device plugin, which simply moves a device from the + host network namespace + - Portmap now uses a more efficient rule structure + - host-local can receive ranges as a RuntimeArgument + - DHCP daemon can be containerized + - DHCP now correctly parses routes + - Various Windows build fixes + - Waiting for DAD is skipped when possible + - Bridge now uses a stable mac + - Fix a regression where the interface's MAC address was no + longer populated in the return type. + +------------------------------------------------------------------- +Wed Dec 12 15:53:32 UTC 2018 - alvaro.saurin@suse.com + +- Updated to a supported version of Go (due to security reasons) + +------------------------------------------------------------------- +Tue Jun 5 08:22:45 UTC 2018 - dcassany@suse.com + +- Refactor %license usage to a simpler form + +------------------------------------------------------------------- +Mon Jun 4 13:40:36 UTC 2018 - dcassany@suse.com + +- Make use of %license macro + +------------------------------------------------------------------- +Tue Dec 19 13:08:33 UTC 2017 - alvaro.saurin@suse.com + +- Require cni + +------------------------------------------------------------------- +Mon Aug 28 18:15:00 UTC 2017 - alvaro.saurin@suse.com + +- Install docs in the cni-plugins dir + +------------------------------------------------------------------- +Mon Aug 28 15:13:37 UTC 2017 - alvaro.saurin@suse.com + +- Initial version from CNI plugins v0.6.0 diff --git a/cni-plugins.conf b/cni-plugins.conf new file mode 100644 index 0000000..fbebebb --- /dev/null +++ b/cni-plugins.conf @@ -0,0 +1,4 @@ +# A rootless user has no permsissions to load kernel modules. +# CNI requires iptables. +ip_tables +ip6_tables diff --git a/cni-plugins.spec b/cni-plugins.spec new file mode 100644 index 0000000..dd2642b --- /dev/null +++ b/cni-plugins.spec @@ -0,0 +1,91 @@ +# +# spec file for package cni-plugins +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define cni_bin_dir %{_libexecdir}/cni +%define cni_doc_dir %{_docdir}/cni-plugins +Name: cni-plugins +Version: 1.6.0 +Release: 0 +Summary: Container Network Interface plugins +License: Apache-2.0 +Group: System/Management +URL: https://github.com/containernetworking/plugins +Source: %{name}-%{version}.tar.xz +Source1: %{name}.conf +BuildRequires: shadow +BuildRequires: systemd-rpm-macros +BuildRequires: xz +BuildRequires: golang(API) >= 1.21 +Requires: cni +Requires: iptables +Requires(post): %fillup_prereq +%{?systemd_requires} + +%description +The CNI (Container Network Interface) project consists of a +specification and libraries for writing plugins to configure +network interfaces in Linux containers, along with a number of +supported plugins. CNI concerns itself only with network +connectivity of containers and removing allocated resources when +the container is deleted. Because of this focus, CNI has a wide +range of support and the specification is simple to implement. + +These are the additional CNI network plugins provided by +the containernetworking team. + +%prep +%setup -q + +%build +%ifnarch ppc64 +export GOFLAGS="-buildmode=pie" +%endif +./build_linux.sh + +%install + +# install the plugins +install -m 755 -d "%{buildroot}%{cni_bin_dir}" +cp bin/* "%{buildroot}%{cni_bin_dir}/" + +mkdir -p %{buildroot}%{_prefix}/lib/modules-load.d +install -m 0644 -t %{buildroot}%{_prefix}/lib/modules-load.d/ %{SOURCE1} + +# documentation +install -m 755 -d "%{buildroot}%{cni_doc_dir}" + +# TODO: copy the READMEs +#for i in plugins/main/*/README.md ; do +# cp Documentation/* %%{buildroot}%%{cni_doc_dir}/plugins/ +#done + +%post +%{fillup_only -n %{name}} + +%files +%dir %{cni_doc_dir} +%doc CONTRIBUTING.md +%doc README.md +%license LICENSE +%dir %{cni_bin_dir} +%{cni_bin_dir}/* +%dir %{_prefix}/lib/modules-load.d +%{_prefix}/lib/modules-load.d/%{name}.conf +# %%{cni_doc_dir}/plugins/* + +%changelog