ITQC/containernetworking-plugins
24
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 34 Wiki Activity
1,667 Commits 6 Branches 48 Tags
Commit Graph

1667 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Miguel Duarte Barroso
edab9efdea tap: allow for a tap device to be created as a bridge port 
This extends the tap plugin API enabling the user to instruct the CNI
plugin the created tap device must be set as a port of an *existing*
linux bridge on the pod network namespace.

This is helpful for KubeVirt, allowing network connectivity to be
extended from the pod's interface into the Virtual Machine running
inside the pod.

Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
 2023-05-19 16:26:14 +02:00
Casey Callendrello
38f18d26ec
Merge pull request #892 from e0ne/ignore-not-found 
[sbr]: Ignore LinkNotFoundError during cmdDel
v1.3.0 		2023-05-03 21:53:21 +02:00
Casey Callendrello
e51301765c
Merge pull request #891 from containernetworking/dependabot/go_modules/github.com/Microsoft/hcsshim-0.9.9 
build(deps): bump github.com/Microsoft/hcsshim from 0.9.8 to 0.9.9
 2023-05-03 17:26:09 +02:00
Ivan Kolodyazhny
7e918412d5 [sbr]: Ignore LinkNotFoundError during cmdDel 
Signed-off-by: Ivan Kolodyazhny <e0ne@e0ne.info>
 2023-05-02 14:08:11 +03:00
dependabot[bot]
99b475ab1a
build(deps): bump github.com/Microsoft/hcsshim from 0.9.8 to 0.9.9 
Bumps [github.com/Microsoft/hcsshim](https://github.com/Microsoft/hcsshim) from 0.9.8 to 0.9.9.
- [Release notes](https://github.com/Microsoft/hcsshim/releases)
- [Commits](https://github.com/Microsoft/hcsshim/compare/v0.9.8...v0.9.9)

---
updated-dependencies:
- dependency-name: github.com/Microsoft/hcsshim
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-01 03:02:09 +00:00
Dan Williams
10b5639361
Merge pull request #885 from champtar/tuning-CHECK 
tuning: fix cmdCheck when using IFNAME
 2023-04-24 10:46:37 -05:00
Casey Callendrello
65fe256058
Merge pull request #883 from mmorel-35/linter-2 
enable govet and unparam linters
 2023-04-24 17:42:55 +02:00
Dan Williams
00b82fb666
Merge pull request #887 from champtar/route-CHECK 
Fix ValidateExpectedRoute with non default routes and nil GW
 2023-04-24 10:41:24 -05:00
Casey Callendrello
c795a3c6b1
Merge pull request #888 from jingyuanliang/go120 
Bump to golang 1.20 to pick up go1.19.6 / go1.20.1 CVE fixes
 2023-04-24 17:37:28 +02:00
Casey Callendrello
c10af01dfb
Merge pull request #880 from maiqueb/mac-spoof-improv-read-only-required-chain-on-cni-del 
bridge: read only required chain on cni del instead of the entire ruleset
 2023-04-24 17:32:32 +02:00
Dan Williams
9cf1a09835
Merge pull request #829 from tjjh89017/bridge_vlan_trunk 
bridge: add vlan trunk support
 2023-04-24 10:25:16 -05:00
Jingyuan Liang
d8fc886bf0 Bump to golang 1.20 to pick up go1.19.6 / go1.20.1 CVE fixes 
Go 1.18 is already EOL and doesn't have fixes available.

Signed-off-by: Jingyuan Liang <jingyuanliang@google.com>
 2023-04-21 05:21:43 +00:00
Etienne Champetier
c347755f87 Fix ValidateExpectedRoute with non default routes and nil GW 
Using ptp plugin with non default routes, we get the following error
when cri-o call CheckNetworkList():
```
Expected Route {Dst:{IP:198.18.128.0 Mask:ffff8000} GW:<nil>} not found in routing table
```
Using cniVersion 0.3.1 to bypass the check, we can see that the
route is added with a gateway
```
$ ip r
198.18.0.0/17 via 198.18.0.1 dev eth0 src 198.18.3.102
198.18.0.1 dev eth0 scope link src 198.18.3.102
198.18.128.0/17 via 198.18.0.1 dev eth0
```

If GW is nil only check if we have a route with a DST that matches, and
ignore the GW.

Fixes #886
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
 2023-04-20 15:24:20 -04:00
Etienne Champetier
5b7a263e8f tuning: fix cmdCheck when using IFNAME 
Fixes: c16cff9805427c5db34b43de3155769b362f596e
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
 2023-04-20 11:19:23 -04:00
Miguel Duarte Barroso
135292e050 bridge, del: timeout after 55 secs of trying to list rules 
Making sure the exec'ed nft command is executed in 55 secs allows for
CNI to fail early, thus preventing CRI from sending another CNI DEL
while the previous NFT call is still being processed.

This fix prevents part of the behavior described in [0], in which:
> cnv-bridge and nft comes pile up in a loop, increasing every 60, never
completes

The timeout had to be less than 60 seconds (otherwise CRI would still
trigger CNI DEL again) but large enough for this feature to have a
chance of working on older kernels (e.g. centOS 8), where it takes
longer to access even a specific chain/table.

Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
 2023-04-20 11:19:07 +02:00
Miguel Duarte Barroso
7dcd738d34 bridge, spoofcheck: only read the prerouting chain on CNI delete 
Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
 2023-04-20 10:35:42 +02:00
Miguel Duarte Barroso
83fe87c5b0 build: consume specific tables/chains via go-nft 
This go-nft version allows its users to only read particular
tables/chains when invoking `ReadConfig`, instead of the entire ruleset.

This will make deleting rules from a large ruleset faster, thus speeding
up CNI DELs.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2175041

Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
 2023-04-20 10:08:18 +02:00
Date Huang
090af7db9a bridge: add vlan trunk support 
add vlan trunk support for veth
vlan trunk only support L2 only mode without any IPAM
refer ovs-cni design
https://github.com/k8snetworkplumbingwg/ovs-cni/blob/main/pkg/plugin/plugin.go

design:
origin "vlan" option will be PVID or untagged vlan for the network.
"vlanTrunk" will setup tagged vlan for veth.

entry type:
`{ "id": 100 }` will specify only tagged vlan 100
`{ "minID": 100, "maxID": 120 }` will specify tagged vlan from 100 to
120 (include 100 and 120)
vlanTrunk is a list of above entry type, so you can use this to add
tagged vlan
`[
  { "id": 100 },
  {
    "minID": 1000,
    "maxID": 2000
  }
]`

complete config will be like this
{
  "cniVersion": "0.3.1",
  "name": "mynet",
  "type": "bridge",
  "bridge": "mynet0",
  "vlan": 100,
  "vlanTrunk": [
    { "id": 101 },
    { "minID": 1000, "maxID": 2000 },
    { "minID": 3000, "maxID": 4000 }
  ],
  "ipam": {}
}

Signed-off-by: Date Huang <date.huang@suse.com>
 2023-04-19 22:55:14 +08:00
Casey Callendrello
9f1f9a588b
Merge pull request #875 from mlguerrero12/adddefaultvlanparam 
Add parameter to disable default vlan
 2023-04-17 17:47:34 +02:00
Casey Callendrello
71aa710196
Merge pull request #873 from maiqueb/mac-spoof-remove-index-when-adding-rules 
bridge, spoof check: remove drop rule index
 2023-04-17 17:07:11 +02:00
Matthieu MOREL
10ddd9e454
enable govet and unparam linters 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
 2023-04-11 12:07:04 +02:00
dependabot[bot]
4a6147a155
Merge pull request #881 from containernetworking/dependabot/go_modules/golang.org/x/sys-0.7.0 2023-04-05 19:24:31 +00:00
dependabot[bot]
435ef2235d
build(deps): bump golang.org/x/sys from 0.6.0 to 0.7.0 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/sys/releases)
- [Commits](https://github.com/golang/sys/compare/v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-04-05 19:14:01 +00:00
Casey Callendrello
43db9cc063
Merge pull request #879 from squeed/bump-deps 
go.mod: bump all deps
 2023-04-05 21:13:05 +02:00
Marcelo Guerrero Viveros
821982da1c Add parameter to disable default vlan 
This new parameter allows users to remove the default vlan

Fixes: #667
Signed-off-by: Marcelo Guerrero Viveros <marguerr@redhat.com>
 2023-04-05 18:20:40 +02:00
Miguel Duarte Barroso
cac8230e7c bridge, spoof check: remove drop rule index 
Rules are appendend by default, thus using an index is redundant.
Using an index also requires the full NFT cache, which causes a CNI ADD
to be extremely slow.

Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
 2023-04-04 17:10:08 +02:00
Casey Callendrello
bc5f3defe7 go.mod: bump all deps 
Bump all transitive and direct dependencies.

Signed-off-by: Casey Callendrello <c1@caseyc.net>
 2023-04-04 16:31:14 +02:00
Casey Callendrello
47a4319462
Merge pull request #861 from containernetworking/dependabot/github_actions/actions/setup-go-4 
build(deps): bump actions/setup-go from 3 to 4
 2023-04-04 16:27:44 +02:00
Casey Callendrello
68a661999a
Merge pull request #870 from containernetworking/dependabot/github_actions/actions/stale-8 
build(deps): bump actions/stale from 7 to 8
 2023-04-04 16:27:10 +02:00
Casey Callendrello
63235a2531
Merge pull request #878 from maiqueb/fix-ginkgo-linter-warnings 
linter: fix ginkgolinter errors
 2023-04-04 16:23:41 +02:00
Miguel Duarte Barroso
7bbd4d19e9 linter: fix ginkgolinter errors 
Use:
- `BeEmpty` instead of `HaveLen(0)`
- `Expect(x).To(BeZero())` instead of `Expect(x == 0).To(BeTrue())`

Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
 2023-04-04 16:09:01 +02:00
Casey Callendrello
deec68747e
Merge pull request #853 from mmorel-35/ginkgolinter 
enable ginkgolinter linter
 2023-04-04 15:24:20 +02:00
Casey Callendrello
6f6345ca05
Merge pull request #871 from mlguerrero12/fixwastedassignlinter 
Fix wastedassign linter errors
 2023-04-04 15:23:28 +02:00
Marcelo Guerrero Viveros
6c0d73ecc0 Fix wastedassign linter errors 
Signed-off-by: Marcelo Guerrero Viveros <marguerr@redhat.com>
 2023-03-27 18:42:49 +02:00
Dan Williams
8813bfea7b
Merge pull request #855 from mmorel-35/linters 
enable durationcheck,  predeclared, unconvert, unused and wastedassign linters
 2023-03-27 10:53:34 -05:00
Dan Williams
16d05ec100
Merge pull request #867 from mlguerrero12/fixlinters 
Fix revive linter errors
 2023-03-27 10:49:33 -05:00
dependabot[bot]
086f7eb7a1
build(deps): bump actions/stale from 7 to 8 
Bumps [actions/stale](https://github.com/actions/stale) from 7 to 8.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v7...v8)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-27 03:04:07 +00:00
Marcelo Guerrero Viveros
d71d0f2da1 Fix revive linter errors 
Golangci-lint is now running version 1.52.1. This introduced some errors.

Signed-off-by: Marcelo Guerrero Viveros <marguerr@redhat.com>
 2023-03-24 21:04:39 +01:00
dependabot[bot]
00e0d3b758
build(deps): bump actions/setup-go from 3 to 4 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-20 03:01:39 +00:00
Matthieu MOREL
2fb0efe8a3
enable durationcheck, predeclared, unconvert, unused and wastedassign linters 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
 2023-03-16 07:29:37 +01:00
Casey Callendrello
3bc00017e3
Merge pull request #854 from mmorel-35/clean-linters 
remove govet and gofmt from test_linux.sh
 2023-03-14 11:49:37 +01:00
Matthieu MOREL
c0fe3b7bde remove govet and gofmt from test_linux.sh 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
 2023-03-13 22:47:17 +00:00
Matthieu MOREL
09f36a295d enable ginkgolinter linter 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
 2023-03-13 22:27:21 +00:00
Casey Callendrello
d3ee71f240
Merge pull request #843 from mmorel-35/golangci-lint 
ci(lint): setup golangci-lint
 2023-03-13 22:26:32 +01:00
Matthieu MOREL
a02bf4b463 enable revive linter 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
 2023-03-13 17:59:41 +01:00
Matthieu MOREL
79f524689c enable gocritic linter 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
 2023-03-13 17:59:33 +01:00
Matthieu MOREL
5a7619c019 enable gosimple linter 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
 2023-03-13 17:59:31 +01:00
Matthieu MOREL
709e775b13 enable nonamedreturns linter 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
 2023-03-13 17:59:28 +01:00
Matthieu MOREL
3a04eb00bb
enable ineffassign linter 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
 2023-03-06 11:51:40 +01:00
Matthieu MOREL
16ba4222bc
enable contextcheck linter 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
 2023-03-06 11:23:07 +01:00