Releases: antrea-io/antrea
Releases · antrea-io/antrea
Antrea v2.1.0
Added
- Add a new feature
BGPPolicy
that allows users to run a BGP process on selected Kubernetes Nodes and advertise Service IPs, Pod IPs, and Egress IPs to remote BGP peers.- Add
BGPPolicy
API and Controller. (#6009 #6203, @hongliangl) - Add BGP datapath interface and implement goBGP integration. (#6447, @hongliangl)
- Add documentation for the
BGPPolicy
feature. (#6524, @hongliangl) - Refer to this document for more information about this feature.
- Add
- Add a new feature
NodeLatencyMonitor
that allows users to do east/west connectivity monitoring and provides an API to query inter-Node latency. (#6120 #6392 #6479, @IRONICBo) - Add two new antctl commands to validate a K8s Cluster before Antrea installation, and allow users to validate basic network and security functionalities after Antrea is installed.
- Add
antctl check cluster
command to to ensure that a K8s cluster is configured properly before Antrea installation. (#6278, @kanha-gupta) - Add
antctl check installation
command to conduct Pod/Service connectivity checks and verify basic NetworkPolicy rules. (#6133 #6313 #6367, @kanha-gupta) - Add documentation for the new
antctl check
commands. (#6373, @kanha-gupta) - Refer to this document for more information about these new commands.
- Add
Changed
- Ensure Antrea Proxy handles all Service traffic with proxyAll enabled, even when kube-proxy is present. (#6308, @hongliangl)
- Optimize the containerized OVS installation on Windows, manual installation of the OVS kernel driver is usually not required anymore. (#6383, @wenyingd)
- Add OVS driver installation in initContainer for Antrea Agent on Windows. (#6312, @XinShuYang)
- Use HostProcess container base image and buildx to build the Antrea Agent Windows image, Window Server 2019 and later are now supported with the same image, including Windows Server 2022. (#6325, @wenyingd)
- Support shared LoadBalancerIP for multiple Services by introducing a new annotation
service.antrea.io/allow-shared-load-balancer-ip: true
. (#6480, @tnqn) - Promote feature
CleanupStaleUDPSvcConntrack
from Alpha to Beta. (#6372, @hongliangl) - Always include Pod labels in FlowAggregator IPFIX template. (#6418, @antoninbas)
- Fix live config updates on IPFIXExporter for FlowAggregator. (#6385, @antoninbas)
- Improve handling of config changes in FlowAggregator to support updating
recordContents.podLabels
at runtime. (#6378, @antoninbas) - Add an
EndpointResolver
to remove Antrea Agent's dependency on proxy to access Antrea Service. (#6361, @antoninbas) - Replace
bincover
with built-in Go coverage profiling tool. (#6090, @shikharish) - Trim unneeded fields stored in informers and Node objects to reduce memory footprint. (#6317 #6351, @tnqn)
- Remove stale multicast routes to improve the readability of multicast routes. (#3242, @ceclinux)
- Add
srcPodIP
field in Traceflow observations. (#6247, @Atish-iaf) - Use Helm to generate Antrea Windows manifests. (#6360, @shikharish)
- Upgrade CNI plugins from v1.4.1 to v1.5.1. (#6475, @antoninbas)
- Add documentation for the
sameLabels
feature in Antrea ClusterNetworkPolicy. (#6280, @Dyanngg) - Add recommended usage of FQDN policies. (#6389, @Dyanngg)
Fixed
- Fix NodePortLocal rules being deleted incorrectly due to PodIP recycle. (#6531, @tnqn)
- Fix "Access is denied" error when importing certificates into the trusted publishers store on Windows server 2022. (#6529, @wenyingd)
- Fix the Node network connection breaking when attaching a host interface to the secondary OVS bridge. (#6504, @wenyingd)
- Exclude terminated Pods from group members when calculating
AppliedToGroups
andEgressGroups
to prevent NetworkPolicies or Egresses applying to wrong Pods. (#6508, @tnqn) - Fix
install_cni_chaining
script not configuring CNI conf correctly with AKS or CNI chaining, when the CNI conf file is not ready. (#6506, @tnqn) - Wait for OVS bridge datapath ID to be available after creating br-int to avoid failures when the Antrea Agent tries to query supported OVS datapath features. (#6472, @antoninbas)
- Fix a bug causing Antrea Proxy not to delete stale UDP conntrack entries for the virtual NodePort DNAT IP. (#6379, @hongliangl)
- Fix Antrea Agent crash when enabling
proxyAll
innetworkPolicyOnly
mode. (#6259, @hongliangl) - Improve stale UDP conntrack entries deletion accuracy in Antrea Proxy. (#6193, @hongliangl)
- Remove unexpected
altname
after renaming interface to avoid failure when moving host interface to OVS bridge. (#6321, @gran-vmv) - Avoid generating a zombie process when starting Suricata, the L7 ANP engine. (#6366, @hongliangl)
- Fix a single rule deletion bug for NodePortLocal on Linux and improve robustness of NPL rule cleanup. (#6284, @antoninbas)
- Delay removal of
flow-restore-wait
to fix traffic interruption issue when Antrea Agent restarts. (#6342, @antoninbas) - Fix
antctl mc deploy
command usage to make the version parameter optional. (#6287, @roopeshsn) - Fix inaccuracy in Traceflow user guide. (#6319, @antoninbas)
Antrea v2.1.0-beta.0
Note that this pre-release of v2.1.0 does not include BGPPolicy support, which will be a major feature in the final v2.1.0 release.
Antrea v2.0.1
Changed
- Update CNI binaries version to v1.4.1. (#6334, @antoninbas)
- Add documentation for the sameLabels feature in ACNP. (#6280, @Dyanngg)
Fixed
- Remove unexpected
altname
after renaming interface to avoid failure when moving host interface to OVS bridge. (#6321, @gran-vmv) - Fix a single rule deletion bug for NodePortLocal on Linux and improve robustness of NPL rule cleanup. (#6284, @antoninbas)
- Fix a bug causing AntreaProxy not to delete stale UDP conntrack entries for the virtual NodePort DNAT IP. (#6379, @hongliangl)
- Improve stale UDP conntrack entries deletion accuracy in AntreaProxy. (#6193, @hongliangl)
- Fix antrea-agent crash when enabling proxyAll in networkPolicyOnly mode. (#6259, @hongliangl)
- Avoid generating defunct process when starting Suricata, the L7 ANP engine. (#6366, @hongliangl)
- Fix inaccuracy in Traceflow user guide. (#6319, @antoninbas)
Antrea v1.15.2
Fixed
- Remove unexpected
altname
after renaming interface to avoid failure when moving host interface to OVS bridge. (#6321, @gran-vmv) - Do not try to update type of Secret in selfSignedCertProvider to avoid self-signed certificate update failure. (#6205, @tnqn)
- Install multicast related iptables rules only on IPv4 chains to fix the antrea-agent initialization failure occurring when the Multicast feature is enabled in dual-stack clusters. (#6123, @wenyingd)
- Fix a single rule deletion bug for NodePortLocal on Linux and improve robustness of NPL rule cleanup. (#6284, @antoninbas)
- Fix a bug causing AntreaProxy not to delete stale UDP conntrack entries for the virtual NodePort DNAT IP. (#6379, @hongliangl)
- Improve stale UDP conntrack entries deletion accuracy in AntreaProxy. (#6193, @hongliangl)
- Fix antrea-agent crash when enabling proxyAll in networkPolicyOnly mode. (#6259, @hongliangl)
- Fix a bug preventing local traffic from being identified in networkPolicyOnly mode. (#6251, @hongliangl)
- Avoid generating defunct process when starting Suricata, the L7 ANP engine. (#6366, @hongliangl)
Antrea v2.0.0
Some deprecated APIs have been removed in Antrea v2.0. Before upgrading, please read these guidelines carefully.
Added
- Support
LoadBalancerIPMode
in AntreaProxy to implement K8s KEP-1860. (#6102, @hongliangl) - Add
sameLabels
field support for Antrea ClusterNetworkPolicy peer Namespace selection to allow users to create ACNPs that isolate Namespaces based on their label values. (#4537, @Dyanngg) - Add multiple physical interfaces support for the secondary network bridge. (#5959, @aroradaman)
- Use a Node's primary NIC as the secondary OVS bridge physical interface. (#6108, @aroradaman)
- Add user documentation for Antrea native secondary network support. (#6015 #6042, @jianjuns @antoninbas)
- Add a new versioned API
NetworkPolicyEvaluation
and a new antctl sub-command for querying the effective policy rule applied to particular traffic. (#5740 #6112, @qiyueyao)
Changed
- Multiple deprecated APIs, fields and options have been removed from Antrea.
- Remove deprecated v1alpha1 CRDs
Tier
,ClusterNetworkPolicy
,NetworkPolicy
,Traceflow
andExternalEntity
. (#6162 #6177 #6238, @luolanzone @hjiajing @antoninbas) - Remove deprecated v1alpha2 and v1alpha3 CRDs
ClusterGroups
,ExternalIPPool
,ClusterGroup
andGroup
. (#6049 #6239, @luolanzone @antoninbas) - Remove deprecated
ServiceAccount
field inClusterSet
type for Antrea Multi-cluster. (#6134, @luolanzone) - Remove deprecated options
enableIPSecTunnel
,multicastInterfaces
,multicluster.enable
andlegacyCRDMirroring
. (#5158, @luolanzone) - Clean up unused code for NodePortLocal and remove the deprecated
nplPortRange
config. (#5943, @luolanzone) - Clean up deprecated APIServices. (#6002, @tnqn)
- Remove deprecated v1alpha1 CRDs
- Documentation has been updated to reflect recent changes and provide better guidance to users.
- Add upgrade instructions for Antrea v2.0. (#6261, @antoninbas)
- Update the OVS pipeline document and workflow diagram to keep them up to date. (#5412, @hongliangl)
- Clarify documentation for
IPPool
andExternalIPPool
CRDs. (#6183, @antoninbas) - Document Pods using FQDN based policies must respect DNS TTL. (#6230, @tnqn)
- Document the limitations of Audit Logging for policy rules. (#6225, @antoninbas)
- Optimizing Antrea binaries size.
- Optimize package organization to reduce antctl binary size. (#6037, @tnqn)
- Reduce antrea-cni binary size by removing unnecessary import packages. (#6038, @tnqn)
- Strip all debug symbols from Go binaries by default. (#6035, @antoninbas)
- Disable cgo for all Antrea binaries. (#5988, @antoninbas)
- Increase the minimum supported Kubernetes version to v1.19. (#6089, @hjiajing)
- Add OVS groups dump information to support bundle to help troubleshooting. (#6195, @shikharish)
- Add
egressNodeName
in flow records for Antrea Flow Aggregator. (#6012, @Atish-iaf) - Add
EgressNode
field in the Traceflow Egress observation to include the name of the Egress Node. (#5949, @Atish-iaf) - Upgrade
IPPool
CRD to v1beta1 and make the subnet definition consistent with the one inExternalIPPool
CRD. (#6036, @mengdie-song) - Request basic memory for antrea-controller to improve its scheduling and reduce its OOM adjustment score, enhancing overall robustness. (#6233, @tnqn)
- Increase default rate limit of antrea-controller to improve performance for batch requests. (#6231, @tnqn)
- Remove Docker support for antrea-agent on Windows, update Windows documentation to remove all Docker-specific instructions, and all mentions of (userspace) kube-proxy. (#6019 #6255, @XinShuYang @antoninbas)
- Stop publishing the legacy unified image. (#6182, @antoninbas)
- Avoid unnecessary DNS queries for FQDN rule of NetworkPolicy in antrea-agent. (#6200, @tnqn)
- Stop using
projects.registry.vmware.com
for user-facing images. (#6073, @antoninbas) - Fall back to lenient decoding when strict decoding config fails to tolerate unknown fields and duplicate fields, ensuring forward compatibility of configurations. (#6156, @tnqn)
- Skip loading
openvswitch
kernel module if it's already built-in. (#5979, @antoninbas) - Persist TLS certificate and key of antrea-controller and sync the CA cert periodically to improve robustness. (#5955 #6205, @tnqn)
- Add more validations for
ExternalIPPool
CRD to improve robustness. (#5898, @aroradaman) - Add Antrea L7 NetworkPolicy logs for
allowed
HTTP traffic. (#6014, @qiyueyao) - Update maximum number of buckets to 700 in OVS group add/insert_bucket message. (#5942, @hongliangl)
- Add a flag for antctl to print OVS table names when users run
antctl get ovsflows --table-names-only
. (#5895 #6100, @luolanzone) - Improve log message when antrea-agent fails to join a new Node. (#6048, @roopeshsn)
- Remove the prefix
rancher-wins
when collecting antrea-agent logs on Windows. (#6223, @wenyingd) - Upgrade K8s libraries to v0.29.2. (#5843, @hjiajing)
- Upgrade base image from UBI8 to UBI9 for Antrea UBI images. (#5737, @xliuxu)
Fixed
- Fix nil pointer dereference when
ClusterGroup
/Group
is used in NetworkPolicy controller. (#6077, @tnqn) - Disable
libcapng
to make logrotate run as root in UBI images to fix an OVS crash issue. (#6052, @xliuxu) - Fix a race condition in antrea-agent Traceflow controller when a tag is associated again with a new Traceflow before the old Traceflow deletion event is processed. (#5954, @tnqn)
- Change the maximum flags from 7 to 255 to fix the wrong TCP flags validation issue in
Traceflow
CRD. (#6050, @gran-vmv) - Use 65000 MTU upper bound for interfaces in
encap
mode to account for the MTU automatically configured by OVS on tunnel ports, and avoid packet drops on some clusters. (#5997, @antoninbas) - Install multicast related iptables rules only on IPv4 chains to fix the antrea-agent initialization failure occurred when the Multicast feature is enabled in dual-stack clusters. (#6123, @wenyingd)
- Remove incorrect AntreaProxy warning on Windows when
proxyAll
is disabled. (#6242, @antoninbas) - Explicitly set kubelet's log files in Prepare-Node.ps1 on Windows, to ensure that they are included in support bundle collections. (#6221, @wenyingd)
- Add validation on antrea-agent options to fail immediately when encryption is requested and the Multicast feature enabled. (#5920, @wenyingd)
- Don't print the incorrect warning message when users run
antrea-controller --version
outside of K8s. (#5993, @prakrit55) - Record event when EgressIP is uninstalled from a Node and remains unassigned. (#6011, @jainpulkit22)
- Fix a bug that the local traffic cannot be identified on
networkPolicyOnly
mode. (#6251, @HongLia...
Antrea v1.13.4
Added
- Enable Windows OVS container to run on pristine host environment, without requiring some dependencies to be installed manually ahead of time. (#5440, @NamanAg30)
Changed
- Stop using
projects.registry.vmware.com
for user-facing images. (#6073, @antoninbas) - Persist TLS certificate and key of antrea-controller and periodically sync the CA cert to improve robustness. (#5955, @tnqn)
- Disable cgo for all Antrea binaries. (#5988, @antoninbas)
Fixed
- Disable
libcapng
to make logrotate run as root in UBI images to fix an OVS crash issue. (#6052, @xliuxu) - Fix nil pointer dereference when ClusterGroup/Group is used in NetworkPolicy controller. (#6077, @tnqn)
- Fix race condition in agent Traceflow controller when a tag is associated again with a new Traceflow before the old Traceflow deletion event is processed. (#5954, @tnqn)
- Change the maximum flags from 7 to 255 to fix the wrong TCP flags validation issue in Traceflow CRD. (#6050, @gran-vmv)
- Fix incorrect MTU configurations for the WireGuard encryption mode and GRE tunnel mode. (#5880 #5926, @hjiajing @tnqn)
- Use 65000 MTU upper bound for interfaces in encap mode in case of large packets being dropped unexpectedly. (#5997, @antoninbas)
- Install Multicast related iptables rules only on IPv4 chains to fix the Antrea agent initialization failure occurred when Multicast feature is enabled in dual-stack clusters. (#6123, @wenyingd)
Antrea v1.14.3
Changed
- Stop using
projects.registry.vmware.com
for user-facing images. (#6073, @antoninbas) - Persist TLS certificate and key of antrea-controller and periodically sync the CA cert to improve robustness. (#5955, @tnqn)
- Disable cgo for all Antrea binaries. (#5988, @antoninbas)
Fixed
- Disable
libcapng
to make logrotate run as root in UBI images to fix an OVS crash issue. (#6052, @xliuxu) - Fix nil pointer dereference when ClusterGroup/Group is used in NetworkPolicy controller. (#6077, @tnqn)
- Fix race condition in agent Traceflow controller when a tag is associated again with a new Traceflow before the old Traceflow deletion event is processed. (#5954, @tnqn)
- Change the maximum flags from 7 to 255 to fix the wrong TCP flags validation issue in Traceflow CRD. (#6050, @gran-vmv)
- Update maximum number of buckets to 700 in OVS group add/insert_bucket message. (#5942, @hongliangl)
- Use 65000 MTU upper bound for interfaces in encap mode in case of large packets being dropped unexpectedly. (#5997, @antoninbas)
Antrea v1.15.1
Changed
- Stop using
projects.registry.vmware.com
for user-facing images. (#6073, @antoninbas) - Persist TLS certificate and key of antrea-controller and periodically sync the CA cert to improve robustness. (#5955, @tnqn)
- Disable cgo for all Antrea binaries. (#5988, @antoninbas)
Fixed
- Disable
libcapng
to make logrotate run as root in UBI images to fix an OVS crash issue. (#6052, @xliuxu) - Fix nil pointer dereference when ClusterGroup/Group is used in NetworkPolicy controller. (#6077, @tnqn)
- Fix race condition in agent Traceflow controller when a tag is associated again with a new Traceflow before the old Traceflow deletion event is processed. (#5954, @tnqn)
- Change the maximum flags from 7 to 255 to fix the wrong TCP flags validation issue in Traceflow CRD. (#6050, @gran-vmv)
- Update maximum number of buckets to 700 in OVS group add/insert_bucket message. (#5942, @hongliangl)
- Use 65000 MTU upper bound for interfaces in encap mode in case of large packets being dropped unexpectedly. (#5997, @antoninbas)
- Skip loading openvswitch kernel module if it's already built-in. (#5979, @antoninbas)
Antrea v1.15.0
Added
- Support Egress using IPs from a subnet that is different from the default Node subnet
. (#5799, @tnqn)- Refer to this document for more information about this feature.
- Add a migration tool to support migrating from other CNIs to Antrea. (#5677, @hjiajing)
- Refer to this document for more information about this tool.
- Add L7 network flow export support in Antrea that enables exporting network flows with L7 protocol information. (#5218, @tushartathgur)
- Refer to this document for more information about this feature.
- Add a new feature
NodeNetworkPolicy
that allows users to applyClusterNetworkPolicy
to Kubernetes Nodes. (#5658 #5716, @hongliangl @Atish-iaf)- Refer to this document for more information about this feature.
- Add Antrea flexible IPAM support for the Multicast feature. (#4922, @ceclinux)
- Support Talos clusters to run Antrea as the CNI, and add Talos to the K8s installers document. (#5718 #5766, @antoninbas)
- Support secondary network when the network configuration in
NetworkAttachmentDefinition
does not include IPAM configuration. (#5762, @jianjuns) - Add instructions to install Antrea in
encap
mode in AKS. (#5901, @antoninbas)
Changed
- Change secondary network Pod controller to subscribe to CNIServer events to support bridging and VLAN network. (#5767, @jianjuns)
- Use Antrea IPAM for secondary network support. (#5427, @jianjuns)
- Create different images for antrea-agent and antrea-controller to minimize the overall image size, speeding up the startup of both antrea-agent and antrea-controller. (#5856 #5902 #5903, @jainpulkit22)
- Don't create tunnel interface (antrea-tun0) when using Wireguard encryption mode. (#5885 #5909, @antoninbas)
- Record an event when Egress IP assignment changes for better troubleshooting. (#5765, @jainpulkit22)
- Update Windows documentation with clearer installation guide and instructions. (#5789, @antoninbas)
- Enable IPv4/IPv6 forwarding on demand automatically to eliminate the need for user intervention or dependencies on other components. (#5833, @tnqn)
- Add ability to skip loading kernel modules in antrea-agent to support some specialized distributions (e.g.: Talos). (#5754, @antoninbas)
- Add NetworkPolicy rule name in Traceflow observation. (#5667, @Atish-iaf)
- Use Traceflow API v1beta1 instead of the deprecated API version in
antctl traceflow
. (#5689, @Atish-iaf) - Replace
net.IP
withnetip.Addr
in FlowExporter which optimizes the memory usage and improves the performance of the FlowExporter. (#5532, @antoninbas) - Update kubemark from v1.18.4 to v1.29.0 for antrea-agent-simulator. (#5820, @luolanzone)
- Upgrade CNI plugins to v1.4.0. (#5747 #5813, @antoninbas @luolanzone)
- Update the document for Egress feature's options and usage on AWS cloud. (#5436, @tnqn)
- Add Flexible IPAM design details in
antrea-ipam.md
. (#5339, @gran-vmv)
Fixed
- Fix incorrect MTU configurations for the WireGuard encryption mode and GRE tunnel mode. (#5880 #5926, @hjiajing @tnqn)
- Prioritize L7 NetworkPolicy flows over
TrafficControl
to avoid a potential issue that aTrafficControl
CR with a redirect action to the same Pod could bypass the L7 engine. (#5768, @hongliangl) - Delete OVS port and flows before releasing Pod IP. (#5788, @tnqn)
- Store NetworkPolicy in filesystem as fallback data source to let antre-agent fallback to use the files if it can't connect to antrea-controller on startup. (#5739, @tnqn)
- Enable Pod network after realizing initial NetworkPolicies to avoid traffic from/to Pods bypassing NetworkPolicy when antrea-agent restarts. (#5777, @tnqn)
- Fix Clean-AntreaNetwork.ps1 invocation in Prepare-AntreaAgent.ps1 for containerized OVS on Windows. (#5859, @antoninbas)
- Add missing space to kubelet args in Prepare-Node.ps1 so that kubelet can start successfully on Windows. (#5858, @antoninbas)
- Fix
antctl trace-packet
command failure which is caused by missing arguments. (#5838, @luolanzone) - Support Local ExternalTrafficPolicy for Services with ExternalIPs when Antrea proxyAll mode is enabled. (#5795, @tnqn)
- Set
net.ipv4.conf.antrea-gw0.arp_announce
to 1 to fix an ARP request leak when a Node or hostNetwork Pod accesses a local Pod and AntreaIPAM is enabled. (#5657, @gran-vmv) - Skip enforcement of ingress NetworkPolicies rules for hairpinned Service traffic (Pod accessing itself via a Service). (#5687 #5705, @GraysonWu)
- Add host-local IPAM GC on startup to avoid potential IP leak issue after antrea-agent restart. (#5660, @antoninbas)
- Fix the CrashLookBackOff issue when using the UBI-based image. (#5723, @antoninbas)
- Remove redundant log in
fillPodInfo
/fillServiceInfo
to fix log flood issue, and updateDestinationServiceAddress
for deny connections. (#5592 #5704, @yuntanghsu) - Enhance HNS network initialization on Windows to avoid some corner cases. (#5841, @XinShuYang)
- Fix endpoint querier rule index in response to improve troubleshooting. (#5783, @qiyueyao)
- Avoid unnecessary rule reconciliations in FQDN controller. (#5893, @Dyanngg)
- Update Windows OVS download link to remove the invalid certificate preventing unsigned OVS driver installation. (#5839, @XinShuYang)
- Fix IP annotation not working on StatefulSets for Antrea FlexibleIPAM. (#5715, @gran-vmv)
- Add DHCP IP retries in
PrepareHNSNetwork
to fix potential IP retrieving failure. (#5819, @XinShuYang) - Revise
antctl mc deploy
to support Antrea Multi-cluster deployment update when the manifests are changed. (#5257, @luolanzone)
Antrea v1.14.2
Changed
- Enable IPv4/IPv6 forwarding on demand automatically to eliminate the need for user intervention or dependencies on other components. (#5833, @tnqn)
Fixed
- Store NetworkPolicy in filesystem as fallback data source to let antrea-agent fallback to use the files if it can't connect to antrea-controller on startup. (#5739, @tnqn)
- Support Local ExternalTrafficPolicy for Services with ExternalIPs when Antrea proxyAll mode is enabled. (#5795, @tnqn)
- Enable Pod network after realizing initial NetworkPolicies to avoid traffic from/to Pods bypassing NetworkPolicy when antrea-agent restarts. (#5777, @tnqn)
- Fix Clean-AntreaNetwork.ps1 invocation in Prepare-AntreaAgent.ps1 for containerized OVS on Windows. (#5859, @antoninbas)
- Add missing space to kubelet args in Prepare-Node.ps1 so that kubelet can start successfully on Windows. (#5858, @antoninbas)
- Update Windows OVS download link to remove the redundant certificate to fix OVS driver installation failure. (#5839, @XinShuYang)
- Add DHCP IP retries in PrepareHNSNetwork on Windows to fix the potential race condition issue where acquiring a DHCP IP address may fail after CreateHNSNetwork. (#5819, @XinShuYang)
- Fix
antctl trace-packet
command failure which is caused by arguments missing issue. (#5838, @luolanzone) - Fix incorrect MTU configurations for the WireGuard encryption mode and GRE tunnel mode. (#5880 #5926, @hjiajing @tnqn)