You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This issue is here to document that Antrea is not vulnerable to the MitM attacks on IPv4 clusters using IPv6 rogue router advertisements described here: kubernetes/kubernetes#91507
The OVS pipeline defined by Antrea will drop all IPv6 traffic received from containers or the host gateway interface in the SpoofGuard table. This means that no IPv6 traffic will ever be forwarded by the Antrea datapath to other containers or enter the host network namespace.
As we work on IPv6 and dual-stack support (#136), and potentially relax the rules in the SpoofGuard table, we will keep this issue in mind and ensure that Antrea does not become vulnerable to such attacks.
The text was updated successfully, but these errors were encountered:
This issue is here to document that Antrea is not vulnerable to the MitM attacks on IPv4 clusters using IPv6 rogue router advertisements described here: kubernetes/kubernetes#91507
The OVS pipeline defined by Antrea will drop all IPv6 traffic received from containers or the host gateway interface in the SpoofGuard table. This means that no IPv6 traffic will ever be forwarded by the Antrea datapath to other containers or enter the host network namespace.
As we work on IPv6 and dual-stack support (#136), and potentially relax the rules in the SpoofGuard table, we will keep this issue in mind and ensure that Antrea does not become vulnerable to such attacks.
The text was updated successfully, but these errors were encountered: