ITQC/containernetworking-plugins
24
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 34 Wiki Activity
1,753 Commits 6 Branches 48 Tags
Commit Graph

1753 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Casey Callendrello
90e8e1faf9 Fix host-device gofmt 
Signed-off-by: Casey Callendrello <cdc@redhat.com>
 2022-01-26 18:00:39 +01:00
David Ward
3b2afc93dc host-device: Bring interfaces up after moving into container 
If an interface is not configured with IPAM (because it functions at
layer 2), it will not be brought up otherwise.

Signed-off-by: David Ward <david.ward@ll.mit.edu>
 2022-01-26 18:00:39 +01:00
Tobias Klauser
9649ec14f5
pkg/ns: use file system magic numbers from golang.org/x/sys/unix 
Use the constants already defined in the golang.org/x/sys/unix package
instead of open-coding them.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
 2022-01-20 12:43:20 +01:00
Casey Callendrello
27e830b73e
Merge pull request #691 from squeed/bump-go 
Bump go to 1.17
 2022-01-19 20:27:17 +01:00
Casey Callendrello
0c12d8a1c8 gofmt 
Signed-off-by: Casey Callendrello <cdc@redhat.com>
 2022-01-19 18:25:39 +01:00
Casey Callendrello
152e7a48e4 go mod tidy 
Signed-off-by: Casey Callendrello <cdc@redhat.com>
 2022-01-19 18:24:47 +01:00
Casey Callendrello
4319bc47f6 build: bump to go 1.17 
Signed-off-by: Casey Callendrello <cdc@redhat.com>
 2022-01-19 18:23:45 +01:00
Casey Callendrello
186edecd6c
Merge pull request #687 from MikeZappa87/issue/588/removegArp 
Replace arping package with arp_notify
 2022-01-19 18:14:55 +01:00
Matt Dupre
de5cffee1d
Merge pull request #686 from silenceper/master 
Ignore NetNS path errors on delete
 2022-01-19 09:08:06 -08:00
Dan Williams
135eb1dd85
Merge pull request #681 from mjwaxios/master 
Fixed DHCP problem that broke when fast retry was added.
 2022-01-19 10:47:53 -06:00
Michael Zappa
7a55617a0e Remove arp notify setting per comment 
Signed-off-by: Michael Zappa <Michael.Zappa@stateless.net>
 2022-01-08 10:03:44 -07:00
Michael Zappa
5d073d690c plugins: replace arping package with arp_notify 
this replaces the arping package with the linux arp_notify feature.

Resolves: #588
Signed-off-by: Michael Zappa <Michael.Zappa@stateless.net>
 2022-01-06 20:53:54 -07:00
silenceper
67110e02ba
fix #685 
Signed-off-by: silenceper <silenceper@gmail.com>
 2022-01-06 20:57:52 +08:00
Michael Wyrick
1324428a9a Ran go fmt so tests would pass 
Signed-off-by: Michael Wyrick <Michael.Wyrick@caci.com>
 2021-12-28 10:43:52 -05:00
Michael Wyrick
fd4c3350ae Fixed DHCP problem that broke when fast retry was added. 
Signed-off-by: Michael Wyrick <Michael.Wyrick@caci.com>
 2021-12-27 13:48:44 -05:00
Dan Williams
cc32993e9e
Merge pull request #670 from SilverBut/ipam-dhcp-more-options 
dhcp ipam: support customizing dhcp options from CNI args
 2021-12-15 10:50:52 -06:00
Dan Williams
b76849596f
Merge pull request #642 from Nordix/dpdk-ipam 
host-device: add ipam support for dpdk device
 2021-12-15 10:50:31 -06:00
SilverBut
c9d0423023 dhcp ipam: adjust retry mechanism 
Signed-off-by: SilverBut <SilverBut@users.noreply.github.com>
 2021-11-28 06:41:53 +08:00
Matt Dupre
57e95c5dfe
Merge pull request #669 from containernetworking/jell/per_if_sysctl 
Allow setting sysctls on a particular interface
 2021-11-24 09:07:17 -08:00
Dan Williams
092009035b
Merge pull request #675 from nokia/ipvlan-garp 
ipvlan: Send Gratuitous ARP after IPs are set
 2021-11-24 10:57:21 -06:00
Periyasamy Palanisamy
547a516c30 add ipam tests for dpdk device 
Signed-off-by: Periyasamy Palanisamy <periyasamy.palanisamy@est.tech>
 2021-11-18 15:10:29 +01:00
Periyasamy Palanisamy
3033fd2e75 add ipam support for dpdk device 
Signed-off-by: Periyasamy Palanisamy <periyasamy.palanisamy@est.tech>
 2021-11-17 21:08:08 +01:00
Ferenc Toth
d5a6569102 ipvlan: Send Gratuitous ARP after IPs are set 
Signed-off-by: Ferenc Toth <ferenc.2.toth@nokia.com>
 2021-11-16 14:32:57 +01:00
Matt Dupre
f1f128e3c9
Merge pull request #639 from EdDev/bridge-macspoofchk 
bridge: Add macspoofchk support
 2021-10-06 08:39:10 -07:00
SilverBut
27fdec5cb9 dhcp ipam: fix client id 
First byte of client ID is type, instead of value. See this from
RFC2132:

   Code   Len   Type  Client-Identifier
   +-----+-----+-----+-----+-----+---
   |  61 |  n  |  t1 |  i1 |  i2 | ...
   +-----+-----+-----+-----+-----+---

Signed-off-by: SilverBut <SilverBut@users.noreply.github.com>
 2021-10-03 05:57:27 +08:00
SilverBut
a1051f3bf1 dhcp ipam: rename inconsistent options among files 
Signed-off-by: SilverBut <SilverBut@users.noreply.github.com>
 2021-10-02 23:49:59 +08:00
SilverBut
c627ea807c dhcp ipam: add more options capable for sending 
Signed-off-by: SilverBut <SilverBut@users.noreply.github.com>
 2021-10-02 23:30:59 +08:00
SilverBut
4b216e9d9b dhcp ipam: add fast retry 
Almost every first retry of DHCP will fail due to interface is not up. Add a
fast retry to reduce unnecessary latency.

Signed-off-by: SilverBut <SilverBut@users.noreply.github.com>
 2021-10-02 23:04:24 +08:00
SilverBut
2bebd89aa2 dhcp ipam: support customizing dhcp options 
Signed-off-by: SilverBut <SilverBut@users.noreply.github.com>
 2021-10-02 22:48:05 +08:00
SilverBut
be383cf30d dhcp ipam: truncate client id to 254 bytes 
Signed-off-by: SilverBut <SilverBut@users.noreply.github.com>
 2021-10-02 22:41:05 +08:00
SilverBut
6d1f71e55a dhcp ipam: print error correctly without format string 
Signed-off-by: SilverBut <SilverBut@users.noreply.github.com>
 2021-10-02 22:40:44 +08:00
SilverBut
24259e7d21 dhcp ipam: using full config to regular the code 
Signed-off-by: SilverBut <SilverBut@users.noreply.github.com>
 2021-10-02 22:40:19 +08:00
Piotr Skamruk
c16cff9805 Allow setting sysctls on a particular interface 
Signed-off-by: Piotr Skamruk <piotr.skamruk@gmail.com>
 2021-10-01 18:09:40 +02:00
SilverBut
7cb3453c36 dhcp: remove implemented TODO 
Signed-off-by: SilverBut <SilverBut@users.noreply.github.com>
 2021-09-30 13:10:45 +00:00
Dan Williams
2a9114d1af
Merge pull request #665 from edef1c/filepath-clean 
Don't redundantly filepath.Clean the output of filepath.Join
 2021-09-29 10:35:48 -05:00
Matt Dupre
2c46a72680
Merge pull request #664 from edef1c/rand-read 
Use crypto/rand.Read, not crypto.Reader.Read
 2021-09-22 09:08:01 -07:00
edef
ceb34eb2e6 Don't redundantly filepath.Clean the output of filepath.Join 
filepath.Join is already specified to clean its output,
and the implementation indeed does so.

Signed-off-by: edef <edef@edef.eu>
 2021-09-17 14:12:46 +00:00
edef
90c018566c Use crypto/rand.Read, not crypto.Reader.Read 
The current code accidentally ignores partial reads, since it doesn't
check the return value of (io.Reader).Read.

What we actually want is io.ReadFull(rand.Reader, buf), which is
conveniently provided by rand.Read(buf).

Signed-off-by: edef <edef@edef.eu>
 2021-09-17 13:30:14 +00:00
Bruce Ma
a6b5412c55
Merge pull request #638 from maiqueb/fix-confusing-error-msg-invalid-cidr 
Fix confusing error msg invalid cidr
 2021-09-16 17:47:05 +08:00
Edward Haas
081ed44a1d bridge: Add macspoofchk support 
The new macspoofchk field is added to the bridge plugin to support
anti-mac-spoofing.
When the parameter is enabled, traffic is limited to the mac addresses
of the container interface (the veth peer that is placed in the
container ns).
Any traffic that exits the pod is checked against the source mac address
that is expected. If the mac address is different, the frames are
dropped.

The implementation is using nftables and should only be used on nodes
that support it.

Signed-off-by: Edward Haas <edwardh@redhat.com>
 2021-09-14 12:46:15 +03:00
Dan Williams
189d0c06aa
Merge pull request #661 from squeed/firewall-version 
plugins: fix bug where support for CNI version 0.4.0 or 1.0.0 was dropped
v1.0.1 		2021-09-07 09:24:23 -05:00
Casey Callendrello
ba48f8a659 plugins: fix bug where support for CNI version 0.4.0 or 1.0.0 was dropped 
Signed-off-by: Casey Callendrello <cdc@redhat.com>
 2021-09-07 15:48:16 +02:00
Casey Callendrello
62952ffdac vendor: bump to libcni v1.0.1 
Signed-off-by: Casey Callendrello <cdc@redhat.com>
 2021-09-07 15:43:54 +02:00
Miguel Duarte Barroso
8ab23366fb static ipam: do not parse the CIDR twice 
With this patch, when the IPs are provisioned via CNI args or via
`RuntimeConfig` the CIDR is only parsed once.

Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
 2021-08-24 13:19:37 +02:00
Miguel Duarte Barroso
2052c30acd static ipam: improve error msgs when provisioning invalid CIDR 
This commit addresses the scenarios when the invalid CIDR is
provisioned via:
- CNI_ARGS
- RuntimeConfig

Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
 2021-08-24 13:05:44 +02:00
Casey Callendrello
8632ace977
Merge pull request #649 from squeed/libcni-1.0 
libcni v1.0 bumps, dependency updates
v1.0.0 		2021-08-11 17:39:33 +02:00
Casey Callendrello
156e59ccd1 bump go to 1.16, other misc fixes 
- add selinux relabling to release.sh
- use same go version in root

Signed-off-by: Casey Callendrello <cdc@redhat.com>
 2021-08-11 17:26:35 +02:00
Casey Callendrello
0818512c7a vendor: bump all direct dependencies 
Just good hygiene.

Signed-off-by: Casey Callendrello <cdc@redhat.com>
 2021-08-10 14:55:43 +02:00
Casey Callendrello
9b1666d489 vendor: bump to libcni v1.0 
Signed-off-by: Casey Callendrello <cdc@redhat.com>
 2021-08-10 14:55:43 +02:00
Casey Callendrello
7995c2d934
Merge pull request #651 from tnir/tnir/bridge/promiscuous 
bridge: Fix typo in error message for promiscuous mode
 2021-08-10 14:55:21 +02:00