mirror of https://github.com/rancher/plugins.git synced 2025-08-28 19:22:41 +00:00

k3s has removed some standard plugins, which we need. So fork and add it back.

Go to file

Edward Haas 081ed44a1d bridge: Add macspoofchk support The new macspoofchk field is added to the bridge plugin to support anti-mac-spoofing. When the parameter is enabled, traffic is limited to the mac addresses of the container interface (the veth peer that is placed in the container ns). Any traffic that exits the pod is checked against the source mac address that is expected. If the mac address is different, the frames are dropped. The implementation is using nftables and should only be used on nodes that support it. Signed-off-by: Edward Haas <edwardh@redhat.com>		2021-09-14 12:46:15 +03:00
.github	bridge: Add macspoofchk support	2021-09-14 12:46:15 +03:00
integration	Replace nc with the local echo client.	2020-10-07 20:13:24 +02:00
pkg	bridge: Add macspoofchk support	2021-09-14 12:46:15 +03:00
plugins	bridge: Add macspoofchk support	2021-09-14 12:46:15 +03:00
scripts	bump go to 1.16, other misc fixes	2021-08-11 17:26:35 +02:00
vendor	bridge: Add macspoofchk support	2021-09-14 12:46:15 +03:00
.gitignore	Update Vendor	2018-09-21 00:34:07 +08:00
build_linux.sh	Add github build & test actions	2020-12-09 17:46:25 +01:00
build_windows.sh	Add github build & test actions	2020-12-09 17:46:25 +01:00
CONTRIBUTING.md	Merge pull request #396 from oshothebig/contributing-doc	2019-10-09 10:21:03 -05:00
DCO	Add missing DCO	2018-10-11 16:15:24 +01:00
go.mod	bridge: Add macspoofchk support	2021-09-14 12:46:15 +03:00
go.sum	bridge: Add macspoofchk support	2021-09-14 12:46:15 +03:00
LICENSE	Initial commit	2017-03-10 16:46:52 +01:00
OWNERS.md	Remove Bryan Boreham as maintainer	2021-05-21 13:13:36 +00:00
README.md	docs: Update the CI badge from Travis CI to GitHub Actions	2021-08-09 09:47:39 +00:00
RELEASING.md	Add release process	2017-07-11 13:57:49 -07:00
test_linux.sh	Add github build & test actions	2020-12-09 17:46:25 +01:00
test_windows.sh	Add github build & test actions	2020-12-09 17:46:25 +01:00

README.md

Plugins

Some CNI network plugins, maintained by the containernetworking team. For more information, see the CNI website.

Read CONTRIBUTING for build and test instructions.

Plugins supplied:

Main: interface-creating

bridge: Creates a bridge, adds the host and the container to it.
ipvlan: Adds an ipvlan interface in the container.
loopback: Set the state of loopback interface to up.
macvlan: Creates a new MAC address, forwards all traffic to that to the container.
ptp: Creates a veth pair.
vlan: Allocates a vlan device.
host-device: Move an already-existing device into a container.

Windows: Windows specific

win-bridge: Creates a bridge, adds the host and the container to it.
win-overlay: Creates an overlay interface to the container.

IPAM: IP address allocation

dhcp: Runs a daemon on the host to make DHCP requests on behalf of the container
host-local: Maintains a local database of allocated IPs
static: Allocate a static IPv4/IPv6 addresses to container and it's useful in debugging purpose.

Meta: other plugins

tuning: Tweaks sysctl parameters of an existing interface
portmap: An iptables-based portmapping plugin. Maps ports from the host's address space to the container.
bandwidth: Allows bandwidth-limiting through use of traffic control tbf (ingress/egress).
sbr: A plugin that configures source based routing for an interface (from which it is chained).
firewall: A firewall plugin which uses iptables or firewalld to add rules to allow traffic to/from the container.

Sample

The sample plugin provides an example for building your own plugin.

Contact

For any questions about CNI, please reach out via:

Email: cni-dev
Slack: #cni on the CNCF slack.

If you have a security issue to report, please do so privately to the email addresses listed in the OWNERS file.