Tags

Felix version 2.1.0-rc4

- Improve logs around resync.  Downgrade smoe spammy logs.
- glide: Pin libcalico-go

networking-calico 1.4.1 release

Felix version 2.1.0-rc3

Changes since 2.1.0-rc2:

- Implement loose RPF startup check. (#1322)
- Add coverage reporting target for golang. (#1323)
- Handle interfaces being renamed in interface monitor. (#1329)
- Aggressively re-check iptables after an update. (#1326)
- Rev libcalico-go to v1.1.0-rc1.

Felix version 2.1.0-rc2

Changes since 2.1.0-rc1:

- Add extra prometheus metrics (#1304)
- Switch to goimports for formatting code (#1305)
- Add gometalinter and fix a couple of bugs it spotted. (#1306)
- Increase timeout when doing async calc graph test. (#1312)
- Pass chain insert mode down to iptables.Table.
- Implement periodic refresh of route table. (#1313)
- Explicitly ACCEPT packets that are allowed by host policy. (#1318)
- Remove flags that are unused in golang dataplane driver. (#1321)
- Plumb through Ipv6Support flag and ReportingIntervalSecs. (#1320)
- Add automated check of dependency licenses.

Felix version 2.0.4

- Include more information in workload ID logs. (#1311)

Felix version 2.1.0-rc1

- Rework EventBuffer as EventSequencer.
- Change ActiveRulesCalculator to generate dummy drop rules.
- WiP on iptables writer.
- Improve logutils: avoid name clash with user-supplied fields.
- Implement iptables hash resync.  Fix up programming.
- Rework Felix's main() to pull out external dataplane driver.  Start of internal driver.
- Add IP set CRUD logic.
- Minor cleanups.
- Get IP sets programming in internal DP driver.
- Refactor to create a Rule and Chain class.
- Skeleton for policy programming.  Still needs rule rendering!
- Minor clean-ups.
- Skeleton for rule rendering logic and other minor tweaks.
- Implement basic dispatch chain logic.  Add endpointManager.
- Validate that workload endpoints have names; required by felix.
- Add drop action to dispatch chains.
- Add support for hooking kernel chains, use to hook FORWARD chain.
- Add backoff/panic on iptables failure.
- Factor out manager objects.
- Start of profile support.
- Add dedicated MatchCriteria type for building rules.
- Add profiles to endpoint chains.
- Fix failure to delete iptables chains.
- Switch to RenderInsert() for calculating insert rules.
- Fix up hash extraction and add UTs.
- Do deletes right at the end, after cleaning up insertions.
- WiP on routing table syncer.
- Add routing table syncer.  Currently poll-based.
- Skip interfaces that are marked as down when updating routes.
- Program workload endpoint routes.
- Minor fixes: - Fix that iptables.Table never set the in-sync flag. - Retry after failing to program routes. (Still need to start monitoring for changes.)
- Do per-interface proc-sys config.
- Implement mainline match criteria and fix V6 IP set rendering.
- Default to using internal dataplane driver.
- Fix up iptables UT.
- Add dummy endpoint status reports; should get OpenStack running.
- Fix name of outbound profile chain.
- WiP on ipsets cleanup.
- WiP on route programming retry/monitoring.
- Implement process status reporting.
- Add static NAT chains.  Add OpenStack Metadata IP special-case.
- Add support for setting destination MAC address when programming routes.
- Add an opaque ID/hash to each rule.
- Fix that dispatch chains were being calculated from stale data.
- Fixes to routing table:
- Add a make patch-script target.
- Fix copy/paste error in dispatch chain rendering.
- Add special-case regex used to find old felix rule insertions.
- Clean ups:
- Add IPAM pool masquerade support.
- Self review/go fmt markups.
- Fix UTs.
- WiP on IPIP mode.
- Make WorkloadEndpointChainName usable for host endpoints also
- Use clearer 'ifaceName' for EndpointChainName arg
- WiP on IPIP manager
- Remove label from IP address.
- Improve comments/logs in IPIP code.
- Improve handling of ICMPv6: guess the IP version from the protocol version.
- Add negated match criteria, UTs and fixes.
- Improve internal dataplane comments.
- Improve external dataplane commenting.
- Add log action, log prefix support and DropActionOverride support.
- Support >15 ports in a match.
- Tweak cleanup script to remove cali chains.
- Populate felix-INPUT chain, refine naming, split out wl-to-host chain.
- Fix UT broken by removal of field.
- Implement filter output chain, ready for host endpoints to be added.
- Fix that RouteTable was syncing routes for non-calico interfaces.
- Add missing return statement.
- IP sets self-review markups.
- Shim IP set commands for UT.
- UTs for ExistenceCache.
- Organise ipsets classes into files.  Move tests to ipsets_test package.
- Implement HostDispatchChains
- Start a test suite for the internal dataplane driver
- Enhance ifacemonitor to provide address updates as well
- Checkpoint - ** Coding tasks [4/8]
- Implement HostEndpointToIptablesChains
- Link from static input/output chains to host endpoint chains
- UT fix
- Implement host endpoint failsafe chains
- Fixes from running calico-felix by hand
- Finishing adding host endpoint failsafes
- Link in cali-INPUT and cali-OUTPUT
- Add UTs for IPSet object.
- More UTs for IP sets, cover failure cases.
- Revert incorrect empty map initializers
- Code review markups
- Add mainling UTs for IP set Registry.
- Add non-coverage UT target (which is lots faster).
- Making things work - but not sure I need all of these
- Code review markups
- Remove conntrack flows when an endpoint is removed.
- RouteTable and conntrack fixes:
- Remove optimization from RouteTable that is now incorrect.
- Code review markups
- Better error reporting on route sync.
- Change ifaceAddrs to be a Set
- Delay status reports: work around OpenStack FV issue.
- Implement endpoint status reporting.
- Improve comments and UTs in iptables package.
- Use host endpoint ID as map key, instead of pointer to ID
- Code review markups
- self-review markups
- Notify iface addrs regardless of iface oper state
- UT fix
- Start a UT suite for the 'set' package
- Improve logging.
- Work-in-progress on adding iptables UTs.
- Coverage tests for iptables Table object and minor improvements:
- Implement periodic iptables refresh.
- Fix comment.
- Refresh IPIP tunnel device config on a timer.
- Mop up some TODOs:
- Fix lack of log hook in intdataplane test suite.
- Implement configuration of mark bits, fix mark rendering and add UTs.
- Fix log leakage during test run.
- Downgrade spammy route programming failure log to Warning.
- Fix out-of-date comment.
- Improve logging when config parsing fails.
- Shim netlink in routetable package.
- Mainline tests for RouteTable along with removal of sync conditions.
- Recheck interface existence to avoid logging errors during tear down.
- Expand error filtering to more cases to avoid spammy logs on failures.
- Add more UT for set package.
- Minor cleanups to routetable.  Remove unused function.
- Fix that dispatchChains didn't indirect through DropRules().
- Create structure for ifacemonitor UT
- Progress on ifacemonitor UT
- ifacemonitor UT - full coverage except error conditions
- Call callbacks when link removal is spotted by resync
- Fix accidental channel write blocking
- Add comments to explain ifacemonitor testing
- Address callback now expected when link is down
- Don't notify addresses after link record deleted
- Only call address callback when iface addrs are changing
- Make callback detection channels non-global
- Remove sleep, make test resilient to slow running
- Other code review markups
- Support running Felix on a NAT gateway or router
- Code review markups.
- Add UT for conntrack package.
- Fix occasional test hang: need correct ifIndex on link deletion
- Add UT for static chains.
- Cover StaticNATTableChains.
- Cover rule rendering corner cases.
- Add UT for per-endpoint chain rendering.
- Add UT for NAT outgoing rules.
- Fix test hang: allow for occasional extra addr callback
- Retry iptables-save to improve robustness and avoid log spam.
- Code review markups
- Adjust jittered ticker tests to avoid comparing real sleeps.
- Fix tracking of best host endpoint match for a host interface
- Add extra logging around IPIP startup.
- Fix flap of IPIP tunnel address at start up.
- Avoid setting link MTU or flags if they're already correct.
- Write deltas to IP sets where possible.
- Endpoint manager UT
- Complete coverage of resolveHostEndpoints
- Rework host endpoint tests into better ginkgo style
- Fix: host i/fs map to programmed chains, not host endpoints
- Fix append bug
- Add tests with two resolved host interfaces
- Order rules by i/f name in both host and wl dispatch chains
- Test which gets used when multiple host eps match an interface
- Improve representation of host endpoint configuration
- Code review markups.
- Shim dataplane in IPIP manager.
- Add UT for IPIP manager dataplane programming.
- Add error-case coverage for IPIP manager.
- Rework ipipManager to deal with transient duplicate IPs.  Add UTs.
- Honour max IP set size.
- Add set.FromArray() and Set.AddAll() functions.
- Add UT for ipsets manager.
- Add set.From() and use to streamline UTs.
- Add UT for masquerade manager.
- UT masquerade manager dirtiness tracking.
- Add UTs for policy manager.
- Code review markups.
- Add UT for status combiner.
- Really test IPv4 and IPv6 versions of EndpointManager
- Add go-ut-watch make target.
- Workload endpoints UT
- Fix: remove old chains when endpoint's iface changes
- Introduce TableOptions parameter on NewTable.
- Rename 'procSysWriter' field to 'writeProcSys'
- Port ChainInsertMode to golang.
- Port LogPrefix parameter to Go.
- Implement tree-based dispatch chains.
- Code review markups.
- Code review markups.
- Floating IPs in golang dataplane driver
- Code fixes and missing manager reg
- Adapt existing UTs
- Code review markups
- UT and fixes
- Markups from FV testing:
- Add host endpoint status reports.
- Only recalculate the dispatch chains if the data they depend on has changed.
- Improve commenting/naming.
- Fix failure to make host endpoint status dirty and add UT.
- Code review markups.
- Add marker fields so that action types get traced out in UT output.
- Include all release notes since last packaging
- Allow overriding the Git-determined version
- Felix 2.0.2 Deb/RPM packaging
- Add support for untracked policies on host endpoints.
- Rename test file for event sequencer.
- UTs for untracked policy.
- Add marker fields so that action types get traced out in UT output.
- UT and fixes for raw host endpoint chain generation.
- UT for policy manager.
- UT for deletion of non-existing chain.
- Demote overly prominent ifacemonitor warning log
- Fix that iptables RPF check was being applied for IPv4.
- Add UT for raw chains.
- Endpoint manager UT and fixes for notrack.
- Add additional diags to iptables.Table when it's about to panic.
- Quick fix for policy/endpoint sequencing issue.  Program all policies to both raw and filter.
- Code review markups.
- Remove Python code and update Makefile.
- Move go code up to main directory.
- Fix up Golang imports after moving go files.
- Update Makefile for new location of go files.
- Guard against running builds from non-git dir.
- Move go/docs folder into root.
- Remove gen-version.sh.
- Remove unneeded line.
- Tidy up .gitignore.
- Make iptables mark allocation stateful.
- Add more UT.
- Improve dataplane driver API doc.
- Cleanup README, CONTRIBUTING and unused file.
- Fix that an empty string for FailsafeIn/OutboundHostPorts was rejected.
- Fix ifacemonitor UT concurrent map access
- Check for expected NAT OUTPUT chain
- Add NAT table insertion for OUTPUT chain
- Pin libcalico-go to v1.0.2
- Code review markups
- Switch to calico/go-build container
- Pin calico/build to version with Felix's deps.
- Code review markups.
- Add datamodel overview to API doc.
- Remove accidental inclusion of licensecheck code from other branch.
- Code review markups.
- Fix heading.

Felix version 2.0.3

- Pin libcalico-go to v1.0.2

Felix version 2.0.2

- Really use libcalico-go v1.0.1

Felix version 2.0.1

- Add support for policing forwarded traffic via host endpoints.
- Configure an option to append or insert the iptables rules generated by calico-felix.
- Fix that ipv4_nat was not working (for floating IPs).
- Fix slow Felix builds.
- Fix for https://github.com/projectcalico/calicoctl/issues/1419.
- Fix log spam when we fail to remove routes from a deleted interface.
- Improve calculation graph comments.
- Allow using dependencies that need SSH for access.
- Add make target for patching complete Felix 2.0.x install.
- Remove etcd version pin from glide.yaml.
- Use libcalico-go v1.0.1

Felix version 2.0.1-rc1

- Add support for policing forwarded traffic via host endpoints.
- Configure an option to append or insert the iptables rules generated by calico-felix.
- Python-driver-side plumbing for floating IPs
- Fix that ipv4_nat was not working (for floating IPs)
- Fix slow Felix builds.
- Fix logic in static link test.  Move inside container.
- Fix configure_ipip_device() to pass IPAddress to set_interface_ips().
- Fix log spam when we fail to remove routes from a deleted interface.
- Disable make's implicit rules, which slow down the build.
- Improve calculation graph comments.
- Felix 2.0.0 Deb/RPM packaging
- Document how to sign and publish Deb/RPM packages
- Allow using dependencies that need SSH for access
- Add make target for patching complete Felix 2.0.x install