CNI plugins v1.6.0

This is the v1.6.0 release of the CNI community plugins.

Changelog

Important

• revert htb changes due to ongoing issues and missing maintainer by @h0nIg in #1105. This reverts the (undocumented) feature added in v1.5 where traffic from a specific CIDR would be exempted from bandwidth shaping. Unfortunately the implementation was lacking. We hope to re-add this feature in the future.

New features

• nftables support for ipmasq and portmap by @danwinship in #935
• dhcp: Add priority option to dhcp. by @lisongmin in #1091

CNI v1.1 support

• Use of Scope for routes in IPAM by @LionelJouin in #1087
• Pass status along ipam update by @LionelJouin in #1082

Other improvements

• macvlan: add bcqueuelen setting by @champtar in #1074
• SBR: option to pass the table id by @LionelJouin in #1088
• host-device: use temp network namespace for rename by @champtar in #1073

Fixes

• Fix unnecessary retrying when the link is down in dhcp by @lisongmin in #1076
• Fix inadvertent txqueuelen being set to zero by @gudmundur in #1100
• VRF: Wait for the local/host routes to be added by @LionelJouin in #1104
• fix(dhcp): can not renew an ip address by @lisongmin in #1092

Misc / CI

• Change chown to change current dir as well by @s1061123 in #1058
• ci, go.mod: bump to go 1.23 by @squeed in #1094
• Ignore link-local routes in SBR tests by @LionelJouin in #1102

New Contributors

• @lisongmin made their first contribution in #1076
• @LionelJouin made their first contribution in #1088
• @gudmundur made their first contribution in #1100
• @h0nIg made their first contribution in #1105

Full Changelog: v1.5.1...v1.6.0

v1.5.1

What's Changed

• Fix release tar images' owner to root by @s1061123 in #1054

Full Changelog: v1.5.0...v1.5.1

CNI Plugins v1.5.0

What's Changed

New Features:

• Support DeviceID on Auxiliary Bus by @adrianchiris in #1003
• Dev/exclude subnets from traffic shaping by @oOraph in #921

Fixes:

• Fix release script in github action by @s1061123 in #1037.
• Use temporary name for netdevice when moving in/out of NS by @adrianchiris in #1002

New Contributors

• @oOraph made their first contribution in #921
• @samuelkarp made their first contribution in #1029
• @testwill made their first contribution in #1034

Full Changelog: v1.4.1...v1.5.0

v1.4.1

Merge pull request #991 from containernetworking/dependabot/docker/do…

CNI Plugins v1.4.0

New features:

• (#832). tap: allow for a tap device to be created as a bridge port
• (#914). [tuning] add ability to set tx queue len

Improvements:

• (#969). Add CNI_NETNS_OVERRIDE
• (#979). Add ndisc_notify in ipvlan for ipv6 ndp
• (#974). macvlan: enable ipv6 ndisc_notify
• (#950). Create IPAM files with 0600 permissions
• (#924). More efficient iptables usage.
• (#902). spoofcheck: Make use of go-nft's ApplyConfigEcho(). This is much faster
• (#874). Add routes propagation for VRF plugin

Build:

• (#982). Bump to golang:1.21-alpine
• (#948). build: Use POSIX sh for shell scripts

Bug fixes:

• (#954). macvlan cmdDel: handle deletion when master has been deleted
• (#927). vrf: fix route filter to use output iface

CNI Plugins v1.3.0

This release introduces a new plugin: tap. Thanks to @mmirecki for contributing this

New features:

• (#784). tap: This PR adds a plugin to create tap devices.
• (#829). bridge: add vlan trunk support
• (#875). bridge: Add parameter to disable default vlan
• (#814). macvlan: Add support for in-container master
• (#813). ipvlan: Add support for in-container master
• (#781). vlan: Add support for in-container master

Improvements:

• (#880). bridge: read only required chain on cni del instead of the entire ruleset
• (#873). bridge, spoof check: remove drop rule index

Bug fixes:

• (#892). sbr: Ignore LinkNotFoundError during cmdDel null
• (#887). ptp: Fix ValidateExpectedRoute with non default routes and nil GW
• (#885). tuning: fix cmdCheck when using IFNAME
• (#831). Fix overwritten error var in getMTUByName
• (#821). Only check or del ipv6 when an IPv6 is configured

CNI Plugins v1.2.0

Changelog:

New plugins & features

• (#743). dummy: Create a Dummy CNI plugin that creates a virtual interface
• (#725). V2 API support for win-overlay CNI
• (#693). tuning Add sysctl allowList

Bug fixes

• (#809). bridge: refresh host-veth mac after port add
• (#802). Add IPv6 support for AddDefaultRoute
• (#779). Fix path substitution to enable setting sysctls on vlan interfaces
• (#782). host-local: fix bug on getting NextIP of addresses with first byte
• (#709). dhcp: Fix client id in renew/release

Improvements & Cleanups:

• (#772). portmap support masquerade all
• (#733). bridge: support IPAM DNS settings
• (#702). bridge: call ipam.ExecDel after clean up device in netns #702
• (#768). dhcp: Cleanup Socket and Pidfile on exit
• (#792). dhcp: Update Allocate method to reuse lease if present
• (#755). dhcp: Use the same options for acquiring, renewing lease
• (#730). tuning Check for duplicated sysctl keys
• (#739). build: support riscv64
• (#712). bug: return errors when iptables and ip6tables are unusable
• (#719). Make description for static plugin more exact

As always, many thanks to our contributors.

CNI plugins v1.1.1

Plugins release v1.1.1

This is a patch release that fixes the following bugs in v1.1.0:

• #702 bridge: call ipam.ExecDel after clean up device in netns
• #709 ipam/dhcp: Fix client id in renew/release

v1.1.0 Changelog:

One minor-but-major change is that we no longer wait for IPv6 Duplicate
Address Detection to complete. This reduces execution time by 2 seconds.

New features:

• firewall: support ingressPolicy=(open|same-bridge) for isolating bridges as in Docker (#584)
• dhcp ipam: support customizing dhcp options from CNI args (#670)
• Allow setting sysctls on a particular interface (#669)
• bridge: Add macspoofchk support (#639).

Bug fixes:

• portmap: fix bug that new udp connection deletes all existing conntrack entries (#705)
• portmap: fix checkPorts result when chain does not exist (#707)
• dhcp: fixed DHCP problem that broke when fast retry was added (#681)
• ipvlan: Send Gratuitous ARP after IPs are set (#675)

Improvements

• host-device: Bring interfaces up after moving into container (#679)
• Explicitly Disable Duplicate Address Detection For Container Side Veth (#695)
• Replace arping package with arp_notify (#687)
• host-device: add ipam support for dpdk device (#642)

Other changes

• Ignore NetNS path errors on delete (#686)
• Fix confusing error msg invalid cidr (#638)

CNI Plugins v1.1.0

This release brings a number of new features, along with the usual
smattering of bug fixes and cleanups.

One minor-but-major change is that we no longer wait for IPv6 Duplicate
Address Detection to complete. This reduces execution time by 2 seconds.

New features:

• firewall: support ingressPolicy=(open|same-bridge) for isolating bridges as in Docker (#584)
• dhcp ipam: support customizing dhcp options from CNI args (#670)
• Allow setting sysctls on a particular interface (#669)
• bridge: Add macspoofchk support (#639).

Bug fixes:

• portmap: fix bug that new udp connection deletes all existing conntrack entries (#705)
• portmap: fix checkPorts result when chain does not exist (#707)
• dhcp: fixed DHCP problem that broke when fast retry was added (#681)
• ipvlan: Send Gratuitous ARP after IPs are set (#675)

Improvements

• host-device: Bring interfaces up after moving into container (#679)
• Explicitly Disable Duplicate Address Detection For Container Side Veth (#695)
• Replace arping package with arp_notify (#687)
• host-device: add ipam support for dpdk device (#642)

Other changes

• Ignore NetNS path errors on delete (#686)
• Fix confusing error msg invalid cidr (#638)

🎉 CNI Plugins v1.0.1 🎉

CNI Plugins v1.0.1 is here

This release adds support for CNI Spec v1.0. Additionally, it officially declares CNI as a stable project.

The Flannel CNI plugin has been moved to a separate project, and is no longer included here.

Changes since v1.0.0 🤦‍♂️

• plugins: fix bug where support for CNI version 0.4.0 or 1.0.0 was dropped

Changes since v0.9.1

⚠️ Breaking Changes

• plugins: remove flannel (#633). Flannel's CNI plugin now has its own repository

📈 New Features

• bridge: Add mac field to specify container iface mac (#636).
• (generic) Allow multiple routes to be added for the same prefix (#615). Enables ECMP.
• (sbr): Add multi IP support (#623).

✨ Other improvements

• (generic): place veth peer in host namspace directly (#645).
• (windows): refactor win-bridge, support HNSv2 (#617).
• (host-local): support ip/prefix in env args and CNI args (#630).
• (host-local): support custom IPs allocation through runtime configuraton (#599).
• (tuning): always update MAC in CNI result (#626).
• (tuning): Add support of altering the allmulticast flag (#624).

🐛 Bug Fixes

• host-local: remove redundant startRange in RangeIterator to avoid mismatching with startIP (#583). Fixes possible infinite loop.
• portmap: use slashes in sysctl template to support interface names which separated by dots (#589).
• pkg/ipam: convert dots to slashes in interface names for sysctl (#585).
• win-bridge: fix panic while calling HNS api (#590). fix a nil pointer panic while calling HNS API (V1) on win-bridge.
• [macvlan] Stop setting proxy-arp on macvlan interface (#586).

As always, thanks to our dedicated maintainers and contributors!