Edward Haas 081ed44a1d bridge: Add macspoofchk support
The new macspoofchk field is added to the bridge plugin to support
anti-mac-spoofing.
When the parameter is enabled, traffic is limited to the mac addresses
of the container interface (the veth peer that is placed in the
container ns).
Any traffic that exits the pod is checked against the source mac address
that is expected. If the mac address is different, the frames are
dropped.

The implementation is using nftables and should only be used on nodes
that support it.

Signed-off-by: Edward Haas <edwardh@redhat.com>
2021-09-14 12:46:15 +03:00

192 lines
6.6 KiB
Plaintext

# github.com/Microsoft/go-winio v0.4.17
github.com/Microsoft/go-winio
github.com/Microsoft/go-winio/pkg/guid
github.com/Microsoft/go-winio/pkg/security
github.com/Microsoft/go-winio/vhd
# github.com/Microsoft/hcsshim v0.8.20
## explicit
github.com/Microsoft/hcsshim
github.com/Microsoft/hcsshim/computestorage
github.com/Microsoft/hcsshim/hcn
github.com/Microsoft/hcsshim/internal/cni
github.com/Microsoft/hcsshim/internal/cow
github.com/Microsoft/hcsshim/internal/hcs
github.com/Microsoft/hcsshim/internal/hcs/schema1
github.com/Microsoft/hcsshim/internal/hcs/schema2
github.com/Microsoft/hcsshim/internal/hcserror
github.com/Microsoft/hcsshim/internal/hns
github.com/Microsoft/hcsshim/internal/interop
github.com/Microsoft/hcsshim/internal/log
github.com/Microsoft/hcsshim/internal/logfields
github.com/Microsoft/hcsshim/internal/longpath
github.com/Microsoft/hcsshim/internal/mergemaps
github.com/Microsoft/hcsshim/internal/oc
github.com/Microsoft/hcsshim/internal/regstate
github.com/Microsoft/hcsshim/internal/runhcs
github.com/Microsoft/hcsshim/internal/safefile
github.com/Microsoft/hcsshim/internal/timeout
github.com/Microsoft/hcsshim/internal/vmcompute
github.com/Microsoft/hcsshim/internal/wclayer
github.com/Microsoft/hcsshim/internal/winapi
github.com/Microsoft/hcsshim/osversion
# github.com/alexflint/go-filemutex v1.1.0
## explicit
github.com/alexflint/go-filemutex
# github.com/buger/jsonparser v1.1.1
## explicit
github.com/buger/jsonparser
# github.com/containerd/cgroups v1.0.1
github.com/containerd/cgroups/stats/v1
# github.com/containernetworking/cni v1.0.0
## explicit
github.com/containernetworking/cni/libcni
github.com/containernetworking/cni/pkg/invoke
github.com/containernetworking/cni/pkg/skel
github.com/containernetworking/cni/pkg/types
github.com/containernetworking/cni/pkg/types/020
github.com/containernetworking/cni/pkg/types/040
github.com/containernetworking/cni/pkg/types/100
github.com/containernetworking/cni/pkg/types/create
github.com/containernetworking/cni/pkg/types/internal
github.com/containernetworking/cni/pkg/utils
github.com/containernetworking/cni/pkg/version
# github.com/coreos/go-iptables v0.6.0
## explicit
github.com/coreos/go-iptables/iptables
# github.com/coreos/go-systemd/v22 v22.3.2
## explicit
github.com/coreos/go-systemd/v22/activation
# github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c
## explicit
github.com/d2g/dhcp4
# github.com/d2g/dhcp4client v1.0.0
## explicit
github.com/d2g/dhcp4client
# github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5
## explicit
github.com/d2g/dhcp4server
github.com/d2g/dhcp4server/leasepool
github.com/d2g/dhcp4server/leasepool/memorypool
# github.com/fsnotify/fsnotify v1.4.9
github.com/fsnotify/fsnotify
# github.com/godbus/dbus/v5 v5.0.4
## explicit
github.com/godbus/dbus/v5
# github.com/gogo/protobuf v1.3.2
github.com/gogo/protobuf/gogoproto
github.com/gogo/protobuf/proto
github.com/gogo/protobuf/protoc-gen-gogo/descriptor
# github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e
github.com/golang/groupcache/lru
# github.com/j-keck/arping v1.0.2
## explicit
github.com/j-keck/arping
# github.com/mattn/go-shellwords v1.0.12
## explicit
github.com/mattn/go-shellwords
# github.com/networkplumbing/go-nft v0.2.0
## explicit
github.com/networkplumbing/go-nft/nft
github.com/networkplumbing/go-nft/nft/config
github.com/networkplumbing/go-nft/nft/exec
github.com/networkplumbing/go-nft/nft/schema
# github.com/nxadm/tail v1.4.8
github.com/nxadm/tail
github.com/nxadm/tail/ratelimiter
github.com/nxadm/tail/util
github.com/nxadm/tail/watch
github.com/nxadm/tail/winfile
# github.com/onsi/ginkgo v1.16.4
## explicit
github.com/onsi/ginkgo
github.com/onsi/ginkgo/config
github.com/onsi/ginkgo/extensions/table
github.com/onsi/ginkgo/formatter
github.com/onsi/ginkgo/internal/codelocation
github.com/onsi/ginkgo/internal/containernode
github.com/onsi/ginkgo/internal/failer
github.com/onsi/ginkgo/internal/global
github.com/onsi/ginkgo/internal/leafnodes
github.com/onsi/ginkgo/internal/remote
github.com/onsi/ginkgo/internal/spec
github.com/onsi/ginkgo/internal/spec_iterator
github.com/onsi/ginkgo/internal/specrunner
github.com/onsi/ginkgo/internal/suite
github.com/onsi/ginkgo/internal/testingtproxy
github.com/onsi/ginkgo/internal/writer
github.com/onsi/ginkgo/reporters
github.com/onsi/ginkgo/reporters/stenographer
github.com/onsi/ginkgo/reporters/stenographer/support/go-colorable
github.com/onsi/ginkgo/reporters/stenographer/support/go-isatty
github.com/onsi/ginkgo/types
# github.com/onsi/gomega v1.15.0
## explicit
github.com/onsi/gomega
github.com/onsi/gomega/format
github.com/onsi/gomega/gbytes
github.com/onsi/gomega/gexec
github.com/onsi/gomega/internal
github.com/onsi/gomega/matchers
github.com/onsi/gomega/matchers/support/goraph/bipartitegraph
github.com/onsi/gomega/matchers/support/goraph/edge
github.com/onsi/gomega/matchers/support/goraph/node
github.com/onsi/gomega/matchers/support/goraph/util
github.com/onsi/gomega/types
# github.com/pkg/errors v0.9.1
github.com/pkg/errors
# github.com/safchain/ethtool v0.0.0-20210803160452-9aa261dae9b1
## explicit
github.com/safchain/ethtool
# github.com/sirupsen/logrus v1.8.1
## explicit
github.com/sirupsen/logrus
# github.com/vishvananda/netlink v1.1.1-0.20210330154013-f5de75959ad5
## explicit
github.com/vishvananda/netlink
github.com/vishvananda/netlink/nl
# github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f
## explicit
github.com/vishvananda/netns
# go.opencensus.io v0.22.3
go.opencensus.io
go.opencensus.io/internal
go.opencensus.io/trace
go.opencensus.io/trace/internal
go.opencensus.io/trace/tracestate
# golang.org/x/net v0.0.0-20210428140749-89ef3d95e781
golang.org/x/net/bpf
golang.org/x/net/html
golang.org/x/net/html/atom
golang.org/x/net/html/charset
golang.org/x/net/internal/iana
golang.org/x/net/internal/socket
golang.org/x/net/ipv4
# golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e
## explicit
golang.org/x/sys/internal/unsafeheader
golang.org/x/sys/unix
golang.org/x/sys/windows
golang.org/x/sys/windows/registry
# golang.org/x/text v0.3.6
golang.org/x/text/encoding
golang.org/x/text/encoding/charmap
golang.org/x/text/encoding/htmlindex
golang.org/x/text/encoding/internal
golang.org/x/text/encoding/internal/identifier
golang.org/x/text/encoding/japanese
golang.org/x/text/encoding/korean
golang.org/x/text/encoding/simplifiedchinese
golang.org/x/text/encoding/traditionalchinese
golang.org/x/text/encoding/unicode
golang.org/x/text/internal/language
golang.org/x/text/internal/language/compact
golang.org/x/text/internal/tag
golang.org/x/text/internal/utf8internal
golang.org/x/text/language
golang.org/x/text/runes
golang.org/x/text/transform
# gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7
gopkg.in/tomb.v1
# gopkg.in/yaml.v2 v2.4.0
gopkg.in/yaml.v2