New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sync with upstream v0.8.7 #36
Commits on Jan 24, 2020
-
loopback: Fix ipv6 address checks
Signed-off-by: Onur Filiz <ofiliz@users.noreply.github.com>
Commits on Jan 27, 2020
-
Merge pull request #442 from ofiliz/loopback-fix
loopback: Fix ipv6 address checks
-
pkg/utils: sysctl package should use black-box testing
Signed-off-by: Bruce Ma <brucema19901024@gmail.com>
Commits on Jan 29, 2020
-
pkg/ip: use type cast instead of untrusty error message
Signed-off-by: Bruce Ma <brucema19901024@gmail.com>
-
ptp: remove some redundant lines
Signed-off-by: Bruce Ma <brucema19901024@gmail.com>
-
Merge pull request #445 from mars1024/bugfix/link_del
pkg/ip: use type cast instead of untrusty error message
-
Merge pull request #444 from mars1024/bugfix/ptp_redundant
ptp: remove some redundant lines
-
Merge pull request #443 from mars1024/bugfix/black_box_test
pkg/utils: sysctl package should use black-box testing
Commits on Feb 11, 2020
-
Make host-device to work with virtio net device
In case pciBusID contains pci address of the virtio device, then lookup the net directory under virtio<id> directory. Issue: containernetworking/plugins#320 Signed-off-by: Periyasamy Palanisamy <periyasamy.palanisamy@est.tech>
Commits on Feb 18, 2020
-
Merge pull request #453 from Nordix/nfvi_virtio
Make host-device to work with virtio net device
Commits on Feb 19, 2020
-
flannel: remove net conf file after DEL succeed
Signed-off-by: Bruce Ma <brucema19901024@gmail.com>
-
owners: updates for maintainer changes
Add Michael Cambria per containernetworking/cni#751 Remove Stefan Junker per personal request Update Casey's email to @redhat.com Signed-off-by: Dan Williams <dcbw@redhat.com>
-
Merge pull request #454 from dcbw/update-coreos-owners
owners: updates for maintainer changes
Commits on Feb 20, 2020
-
Unlock OS thread after netns is restored
The current ns package code is very careful about not leaving the calling thread with the overridden namespace set, for example when origns.Set() fails. This is achieved by starting a new green thread, locking its OS thread, and never unlocking it. Which makes golang runtime to scrap the OS thread backing the green thread after the go routine exits. While this works, it's probably not as optimal: stopping and starting a new OS thread is expensive and may be avoided if we unlock the thread after resetting network namespace to the original. On the other hand, if resetting fails, it's better to leave the thread locked and die. While it won't work in all cases, we can still make an attempt to reuse the OS thread when resetting the namespace succeeds. This can be achieved by unlocking the thread conditionally to the namespace reset success. Signed-off-by: Ihar Hrachyshka <ihrachys@redhat.com>
Commits on Mar 4, 2020
-
Merge pull request #455 from booxter/master
Unlock OS thread after netns is restored
Commits on Mar 5, 2020
-
modify the error url of windowscontainer
Signed-off-by: root <timyinshi>
Commits on Mar 11, 2020
-
build error utility package to replace juju/errors
Signed-off-by: Bruce Ma <brucema19901024@gmail.com>
Commits on Mar 17, 2020
-
[DO NOT REVIEW] vendor upate to remove useless dependencies
Signed-off-by: Bruce Ma <brucema19901024@gmail.com>
Commits on Apr 1, 2020
-
Merge pull request #458 from mars1024/remove/jujuerrors
replace juju/errors because of CNCF license scan
Commits on Apr 6, 2020
-
Reset the route flag before moving the rule
Signed-off-by: ahenan <ahenan00@gmail.com>
ahenan authored and ahenan committedApr 6, 2020
Commits on Apr 8, 2020
-
fix #463 link host veth pair to bridge, the Initial state of port is BR_STATE_DISABLED and change to BR_STATE_FORWARDING async. Signed-off-by: honglichang <honglichang@tencent.com>
-
Merge pull request #472 from ahenan/master
Reset the route flag before moving the rule
-
Merge pull request #468 from hongli-my/fix-port-state
check bridge's port state
Commits on Apr 15, 2020
-
win-bridge: add support for portMappings capability
If the pluging receives portMappings in runtimeConfig, the pluing will add a NAT policy for each port mapping on the generated endpoints. It enables HostPort usage on Windows with win-bridge. Signed-off-by: Vincent Boulineau <vincent.boulineau@datadoghq.com>
-
Support device id in host device plugin (#471)
* Add support for `deviceID` runtime config attribute Signed-off-by: Adrian Chiris <adrianc@mellanox.com>
Commits on Apr 17, 2020
-
portmap: Apply the DNAT hairpin to the whole subnet
The DNAT hairpin rule only allow the container itself to access the ports it is exposing thru the host IP. Other containers in the same subnet might also want to access this service via the host IP, so apply this rule to the whole subnet instead of just for the container. This is particularly useful with setups using a reverse proxy for https. With such a setup connections between containers (for ex. oauth2) have to downgrade to http, or need complex dns setup to make use of the internal IP of the reverse proxy. On the other hand going thru the host IP is easy as that is probably what the service name already resolve to. Signed-off-by: Alban Bedel <albeu@free.fr> -- v2: Fixed the tests v3: Updated iptables rules documentation in README.md v4: Fixed the network addresses in README.md to match iptables output
Commits on Apr 22, 2020
-
Merge pull request #475 from vboulineau/vboulineau/hostport_windows
win-bridge: add support for portMappings capability
-
Merge pull request #469 from AlbanBedel/portmap-hairpin-subnet
portmap: Apply the DNAT hairpin to the whole subnet
Commits on Apr 28, 2020
-
plugins/meta/sbr: Adjusted ipv6 address mask to /128
A /64 mask was used which routed an entire cidr based on source, not only the bound address. Fixes #478 Signed-off-by: Lars Ekman <lars.g.ekman@est.tech>
Lars Ekman committedApr 28, 2020
Commits on Apr 29, 2020
-
Merge pull request #479 from Nordix/issue-478
plugins/meta/sbr: Adjusted ipv6 address mask to /128
-
Merge pull request #460 from timyinshi/windowcontainer-new
modify the error url of windowscontainer
Commits on May 12, 2020
-
ptp, bridge: disable accept_ra on the host-side interface
The interface plugins should have absolute control over their addressing and routing. Signed-off-by: Casey Callendrello <cdc@redhat.com>
Commits on May 13, 2020
-
Merge pull request #484 from squeed/disable-ra
ptp, bridge: disable accept_ra on the host-side interface
Commits on May 17, 2020
-
host-device: Bring interfaces down before moving.
When trying to move a master and slave interface into a container it is not possible without first bringing the interfaces down. This change ensures that the interface is set to down prior to trying to move the interface into the container. This matches the behaviour on moving an interface out of the container. Signed-off-by: cns <christopher.swindle@metaswitch.com>
Commits on May 20, 2020
-
macvlan: set mac address from CNI_ARGS
This change sets the mac address if specified during the creation of the macvlan interface. This is superior to setting it via the tuning plugin because this ensures the mac address is set before an IP is set, allowing a container to get a reserved IP address from DHCP. Related #450 Signed-off-by: Clint Armstrong <clint@clintarmstrong.net>
Commits on May 27, 2020
-
Merge pull request #480 from clinta/macvlan-mac
macvlan: set mac address from args
-
Merge pull request #486 from Metaswitch/bring-down-interfaces
host-device: Bring interfaces down before moving.
-
portmap: don't use unspecified address as destination
It may happen that you want to map a port only in one IP family. It can be achieved using the unspecified IP address of the corresponding IP family as HostIP i.e.: podman run --rm --name some-nginx -d -p 0.0.0.0:8080:80 nginx The problem is that current implementation considers the unspecified address valid and appends it to the iptables rule: -A CNI-DN-60380cb3197c5457ed6ba -s 10.88.0.0/16 -d 0.0.0.0/32 -p tcp -m tcp --dport 8080 -j CNI-HOSTPORT-SETMARK This rule is not forwarding the traffic to the mapped port. We should use the unspecified address only to discriminate the IP family of the port mapping, but not use it to filter the dst. Signed-off-by: Antonio Ojea <antonio.ojea.garcia@gmail.com>
Commits on Jun 3, 2020
-
Merge pull request #487 from aojea/pmapHostIp
portmap: don't use unspecified address as iptables rule destination
Commits on Jun 19, 2020
Commits on Jun 24, 2020
Commits on Jun 29, 2020
-
Fix handling of delay in acquiring lease with stp turned on
Signed-off-by: Aneesh Puttur <aneeshputtur@gmail.com>
Commits on Jul 1, 2020
-
firewall: fix generate of admin chain comment
Signed-off-by: Dan Williams <dcbw@redhat.com>
-
Merge pull request #501 from aneeshkp/dhcp-timeout
Fix handling of delay in acquiring lease with stp turned on
Commits on Jul 8, 2020
-
Merge pull request #506 from dcbw/fw-admin-chain-comment
firewall: fix generate of admin chain comment
Commits on Jul 13, 2020
-
portmap DEL noop if no portMappings present
if the runtime is not passing portMappings in the runtimeConfig, then DEL is a noop. This solves performance issues, when the portmap plugin is executed multiple times, holding the iptables lock, despite it does not have anything to delete. Signed-off-by: Antonio Ojea <aojea@redhat.com>
Antonio Ojea committedJul 13, 2020 -
Document `CNI-ADMIN` chain usage as well as `iptablesAdminChainName` Signed-off-by: Sameer Vohra <vohra.sam@gmail.com>
Commits on Jul 15, 2020
-
Merge pull request #509 from aojea/portmapDel
portmap should not perform deletions if not portMapping config received
Commits on Jul 22, 2020
-
firewall: fix some typos in docs
Signed-off-by: Bruce Ma <brucema19901024@gmail.com>
-
Merge pull request #513 from mars1024/firewall_docs
firewall: fix some typos in docs
Commits on Aug 4, 2020
-
Update firewall README.md CNI-ADMIN
Signed-off-by: Sameer Vohra <vohra.sam@gmail.com>
Commits on Aug 5, 2020
-
Merge pull request #505 from xtreme-sameer-vohra/patch-1
Update firewall README.md
-
Merge pull request #520 from containernetworking/contact-info
Add contact info
-
Bump Go version to 1.13 and 1.14
Signed-off-by: Dan Williams <dcbw@redhat.com>
-
lo: CNI_IFNAME is no longer ignored
{ "code": 4, "msg": "interface name contains / or : or whitespace characters" } Signed-off-by: Dan Williams <dcbw@redhat.com>
-
Merge pull request #521 from dcbw/go-113
Bump Go version to 1.13 and 1.14
Commits on Aug 21, 2020
-
Fix race condition in GetCurrentNS
In GetCurrentNS, If there is a context-switch between getCurrentThreadNetNSPath and GetNS, another goroutine may execute in the original thread and change its network namespace, then the original goroutine would get the updated network namespace, which could lead to unexpected behavior, especially when GetCurrentNS is used to get the host network namespace in netNS.Do. The added test has a chance to reproduce it with "-count=50". The patch fixes it by locking the thread in GetCurrentNS. Signed-off-by: Quan Tian <qtian@vmware.com>
Commits on Aug 26, 2020
-
Merge pull request #523 from tnqn/ns-race
Fix race condition in GetCurrentNS
-
Merge pull request #449 from mars1024/bugfix/flannel_clean
flannel: remove net conf file after DEL succeed