Go to file

Or Mergi 7c122fabb4 bridge: Add option to enable port isolation

Enable bridge CNI plugin setting port-isolation [1] the interface.
When port-isolation is enabled, containers connected to the network
cannot communicate with each other over the linux-bridge.
Communication will be enable depending on the gateway appliance according
to its restrictions / policies.

For example: in a scenario the env connected to smart switch, enabling
port-isolation ensure traffic will go outbound, allowing the
smart-switch routing the traffic according to policies.

Add "portIsolation" flag to bridge plugin.
When true, configure the node interface with port-isolation [1].
Default is false.

[1] https://man7.org/linux/man-pages/man8/bridge.8.html (see "isolated" option)

Signed-off-by: Or Mergi <ormergi@redhat.com>

2025-01-29 16:10:47 +01:00

.github

build: split CI and go.mod version

2025-01-21 13:36:19 +01:00

integration

make test working again

2024-10-14 11:47:24 +02:00

pkg

ipmasq: fix nftables backend

2024-11-21 20:23:25 +01:00

plugins

bridge: Add option to enable port isolation

2025-01-29 16:10:47 +01:00

vendor

build(deps): bump the golang group across 1 directory with 3 updates

2025-01-14 22:02:20 +01:00

.gitignore

Update Vendor

2018-09-21 00:34:07 +08:00

.golangci.yml

ci, go.mod: bump to go 1.23 (#1094 )

2024-09-17 12:28:55 +02:00

.yamllint.yml

ci(lint): setup yamllint linter

2023-02-25 12:10:11 +00:00

build_linux.sh

build: Use POSIX sh for shell scripts

2023-09-29 16:57:19 +02:00

build_windows.sh

build: Use POSIX sh for shell scripts

2023-09-29 16:57:19 +02:00

CONTRIBUTING.md

Merge pull request #396 from oshothebig/contributing-doc

2019-10-09 10:21:03 -05:00

DCO

Add missing DCO

2018-10-11 16:15:24 +01:00

go.mod

build(deps): bump the golang group across 1 directory with 3 updates

2025-01-14 22:02:20 +01:00

go.sum

build(deps): bump the golang group across 1 directory with 3 updates

2025-01-14 22:02:20 +01:00

LICENSE

Initial commit

2017-03-10 16:46:52 +01:00

OWNERS.md

Update email to gmail

2022-12-07 11:57:16 -07:00

README.md

dummy: Create a Dummy CNI plugin that creates a virtual interface.

2022-08-11 13:50:37 +01:00

RELEASING.md

Add release process

2017-07-11 13:57:49 -07:00

test_linux.sh

test: enable unpriv user namespaces

2025-01-14 17:49:22 +01:00

test_windows.sh

build: Use POSIX sh for shell scripts

2023-09-29 16:57:19 +02:00

README.md

Plugins

Some CNI network plugins, maintained by the containernetworking team. For more information, see the CNI website.

Read CONTRIBUTING for build and test instructions.

Plugins supplied:

Main: interface-creating

bridge: Creates a bridge, adds the host and the container to it.
ipvlan: Adds an ipvlan interface in the container.
loopback: Set the state of loopback interface to up.
macvlan: Creates a new MAC address, forwards all traffic to that to the container.
ptp: Creates a veth pair.
vlan: Allocates a vlan device.
host-device: Move an already-existing device into a container.
dummy: Creates a new Dummy device in the container.

Windows: Windows specific

win-bridge: Creates a bridge, adds the host and the container to it.
win-overlay: Creates an overlay interface to the container.

IPAM: IP address allocation

dhcp: Runs a daemon on the host to make DHCP requests on behalf of the container
host-local: Maintains a local database of allocated IPs
static: Allocate a single static IPv4/IPv6 address to container. It's useful in debugging purpose.

Meta: other plugins

tuning: Tweaks sysctl parameters of an existing interface
portmap: An iptables-based portmapping plugin. Maps ports from the host's address space to the container.
bandwidth: Allows bandwidth-limiting through use of traffic control tbf (ingress/egress).
sbr: A plugin that configures source based routing for an interface (from which it is chained).
firewall: A firewall plugin which uses iptables or firewalld to add rules to allow traffic to/from the container.

Sample

The sample plugin provides an example for building your own plugin.

Contact

For any questions about CNI, please reach out via:

Email: cni-dev
Slack: #cni on the CNCF slack.

If you have a security issue to report, please do so privately to the email addresses listed in the OWNERS file.