081ed44a1d
The new macspoofchk field is added to the bridge plugin to support anti-mac-spoofing. When the parameter is enabled, traffic is limited to the mac addresses of the container interface (the veth peer that is placed in the container ns). Any traffic that exits the pod is checked against the source mac address that is expected. If the mac address is different, the frames are dropped. The implementation is using nftables and should only be used on nodes that support it. Signed-off-by: Edward Haas <edwardh@redhat.com>
27 lines
985 B
Modula-2
27 lines
985 B
Modula-2
module github.com/containernetworking/plugins
|
|
|
|
go 1.16
|
|
|
|
require (
|
|
github.com/Microsoft/hcsshim v0.8.20
|
|
github.com/alexflint/go-filemutex v1.1.0
|
|
github.com/buger/jsonparser v1.1.1
|
|
github.com/containernetworking/cni v1.0.0
|
|
github.com/coreos/go-iptables v0.6.0
|
|
github.com/coreos/go-systemd/v22 v22.3.2
|
|
github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c
|
|
github.com/d2g/dhcp4client v1.0.0
|
|
github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5
|
|
github.com/godbus/dbus/v5 v5.0.4
|
|
github.com/j-keck/arping v1.0.2
|
|
github.com/mattn/go-shellwords v1.0.12
|
|
github.com/networkplumbing/go-nft v0.2.0
|
|
github.com/onsi/ginkgo v1.16.4
|
|
github.com/onsi/gomega v1.15.0
|
|
github.com/safchain/ethtool v0.0.0-20210803160452-9aa261dae9b1
|
|
github.com/sirupsen/logrus v1.8.1 // indirect
|
|
github.com/vishvananda/netlink v1.1.1-0.20210330154013-f5de75959ad5
|
|
github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f // indirect
|
|
golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e
|
|
)
|