------------------------------------------------------------------- Mon Aug 31 09:15:35 UTC 2020 - dmueller@suse.com - Update to version 0.8.7: * Fix race condition in GetCurrentNS * lo: CNI_IFNAME is no longer ignored * cni: bump to 0.8.0 * Bump Go version to 1.13 and 1.14 * Add contact info * Update firewall README.md CNI-ADMIN * firewall: fix some typos in docs * portmap DEL noop if no portMappings present * flannel: remove net conf file after DEL succeed ------------------------------------------------------------------- Wed Jun 17 08:38:27 UTC 2020 - John Paul Adrian Glaubitz - Update to version 0.8.6 (bsc#1172410 CVE-2020-10749) * New features * Support device id in host device plugin (#471). * win-bridge: add support for portMappings capability (#475). * Make host-device to work with virtio net device (#453). * Small improvements * ptp, bridge: disable accept_ra on the host-side interface (#484). * modify the error url of windowscontainer (#460). * portmap: Apply the DNAT hairpin to the whole subnet (#469). The DNAT hairpin rule only allow the * container itself to access the ports it is exposing thru the host IP. Other containers in the same subnet might also want to access this service via the host IP, so apply this rule to the whole subnet instead of just for the container. * Unlock OS thread after netns is restored (#455). * Bugfixes * plugins/meta/sbr: Adjusted ipv6 address mask to /128 (#479). A /64 mask was used which routed an entire cidr based on source, not only the bound address. * check bridge's port state (#468). fix #463 * Reset the route flag before moving the rule (#472). * replace juju/errors because of CNCF license scan (#458). ref to #457 * loopback: Fix ipv6 address checks (#442). Fixes a minor bug in loopback plugin. The IPv6 address check loops over IPv4 addresses. - from version 0.8.5 * Bugfixes * bridge: Fix for the case where kernel doesn't have CONFIG_BRIDGE_VLAN_FILTERING (#434) fixes #370. * vlan: Fix vlan plugin returning error when device is already removed (#438). * Improvements * sysctl: Improve support of sysctl name separators (#437). ------------------------------------------------------------------- Thu Jan 9 13:24:41 UTC 2020 - Sascha Grunert - Update to version 0.8.4 (bsc#1160460): * add support for mips64le * Add missing cniVersion in README example * bump go-iptables module to v0.4.5 * iptables: add idempotent functions * portmap doesn't fail if chain doesn't exist * fix portmap port forward flakiness * Add Bruce Ma and Piotr Skarmuk as owners ------------------------------------------------------------------- Mon Nov 11 14:53:55 UTC 2019 - sgrunert@suse.com - Update to version 0.8.3: * Enhancements: * static: prioritize the input sources for IPs (#400). * tuning: send gratuitous ARP in case of MAC address update (#403). * bandwidth: use uint64 for Bandwidth value (#389). * ptp: only override DNS conf if DNS settings provided (#388). * loopback: When prevResults are not supplied to loopback plugin, create results to return (#383). * loopback support CNI CHECK and result cache (#374). * Better input validation: * vlan: add MTU validation to loadNetConf (#405). * macvlan: add MTU validation to loadNetConf (#404). * bridge: check vlan id when loading net conf (#394). * Bugfixes: * bugfix: defer after err check, or it may panic (#391). * portmap: Fix dual-stack support (#379). * firewall: don't return error in DEL if prevResult is not found (#390). * bump up libcni back to v0.7.1 (#377). * Tests: * integration: fix ip address collision in integration tests (#409). * testutils: newNS() works in a rootless user namespace (#401). * Bump Go version (#386). * Cleanup netns after test suite (#375). * Docs: * contributing doc: revise test script name to run (#396). * contributing doc: describe cnitool installation (#397). ------------------------------------------------------------------- Fri Aug 16 12:18:36 UTC 2019 - John Paul Adrian Glaubitz - Update plugins to v0.8.2 + New features: * Support "args" in static and tuning * Add Loopback DSR support, allow l2tunnel networks to be used with the l2bridge plugin * host-local: return error if same ADD request is seen twice * bandwidth: fix collisions * Support ips capability in static and mac capability in tuning * pkg/veth: Make host-side veth name configurable + Bug fixes: * Fix: failed to set bridge addr: could not add IP address to "cni0": file exists * host-device: revert name setting to make retries idempotent (#357). * Vendor update go-iptables. Vendor update go-iptables to obtain commit f1d0510cabcb710d5c5dd284096f81444b9d8d10 * Update go.mod & go.sub * Remove link Down/Up in MAC address change to prevent route flush (#364). * pkg/ip unit test: be agnostic of Linux version, on Linux 4.4 the syscall error message is "invalid argument" not "file exists" * bump containernetworking/cni to v0.7.1 ------------------------------------------------------------------- Thu Jun 6 12:36:17 UTC 2019 - John Paul Adrian Glaubitz - Updated plugins to v0.8.1: + Bugs: * bridge: fix ipMasq setup to use correct source address * fix compilation error on 386 * bandwidth: get bandwidth interface in host ns through container interface + Improvements: * Release: bump go to v1.12 * host-device: add pciBusID property - Drop patches merged upstream: + 0001_use_Go_facilities_to_get_a_socket.patch ------------------------------------------------------------------- Mon May 20 09:41:05 UTC 2019 - John Paul Adrian Glaubitz - Updated plugins to v0.8.0: + New plugins: * bandwidth - limit incoming and outgoing bandwidth * firewall - add containers to firewall rules * sbr - convert container routes to source-based routes * static - assign a fixed IP address * win-bridge, win-overlay: Windows plugins + Plugin features / changelog: * CHECK Support * macvlan: - Allow to configure empty ipam for macvlan - Make master config optional * bridge: - Add vlan tag to the bridge cni plugin - Allow the user to assign VLAN tag - L2 bridge Implementation. * dhcp: - Include Subnet Mask option parameter in DHCPREQUEST - Add systemd unit file to activate socket with systemd - Add container ifName to the dhcp clientID, making the clientID value * flannel: - Pass through runtimeConfig to delegate * host-local: - host-local: add ifname to file tracking IP address used * host-device: - Support the IPAM in the host-device - Handle empty netns in DEL for loopback and host-device * tuning: - adds 'ip link' command related feature into tuning + Bug fixes & minor changes * Correctly DEL on ipam failure for all plugins * Fix bug on ip revert if cmdAdd fails on macvlan and host-device * host-device: Ensure device is down before rename * Fix -hostprefix option * some DHCP servers expect to request for explicit router options * bridge: release IP in case of error * change source of ipmasq rule from ipn to ip + Build fixes: * test: add coveralls support * plugins: correctly output build version, cosmetic cleanups * Move Windows tests to Travis - from version v0.7.5: + This release takes a minor change to the portmap plugin: * Portmap: append, rather than prepend, entry rules + This fixes a potential issue where firewall rules may be bypassed by port mapping - Include patch to fix the build on i586: + 0001_use_Go_facilities_to_get_a_socket.patch - Use new build_linux.sh script instead of removed build.sh ------------------------------------------------------------------- Fri Jan 25 10:44:20 UTC 2019 - Sascha Grunert - Updated plugins to v0.7.4: - Add host-device plugin, which simply moves a device from the host network namespace - Portmap now uses a more efficient rule structure - host-local can receive ranges as a RuntimeArgument - DHCP daemon can be containerized - DHCP now correctly parses routes - Various Windows build fixes - Waiting for DAD is skipped when possible - Bridge now uses a stable mac - Fix a regression where the interface's MAC address was no longer populated in the return type. ------------------------------------------------------------------- Wed Dec 12 15:53:32 UTC 2018 - alvaro.saurin@suse.com - Updated to a supported version of Go (due to security reasons) ------------------------------------------------------------------- Tue Jun 5 08:22:45 UTC 2018 - dcassany@suse.com - Refactor %license usage to a simpler form ------------------------------------------------------------------- Mon Jun 4 13:40:36 UTC 2018 - dcassany@suse.com - Make use of %license macro ------------------------------------------------------------------- Tue Dec 19 13:08:33 UTC 2017 - alvaro.saurin@suse.com - Require cni ------------------------------------------------------------------- Mon Aug 28 18:15:00 UTC 2017 - alvaro.saurin@suse.com - Install docs in the cni-plugins dir ------------------------------------------------------------------- Mon Aug 28 15:13:37 UTC 2017 - alvaro.saurin@suse.com - Initial version from CNI plugins v0.6.0