Affected by GO-2022-0457 and 12 other vulnerabilities

GO-2022-0457: Access to Unix domain socket can lead to privileges escalation in Cilium in github.com/cilium/cilium

GO-2022-0458: Improper Privilege Management in Cilium in github.com/cilium/cilium

GO-2022-0959: Network Policies & (Clusterwide) Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels in github.com/cilium/cilium

GO-2023-1643: Potential network policy bypass when routing IPv6 traffic in github.com/cilium/cilium

GO-2023-1785: Potential HTTP policy bypass when using header rules in Cilium in github.com/cilium/cilium

GO-2023-2078: Kubernetes users may update Pod labels to bypass network policy in github.com/cilium/cilium

GO-2023-2079: Specific Cilium configurations vulnerable to DoS via Kubernetes annotations in github.com/cilium/cilium

GO-2023-2080: Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy in github.com/cilium/cilium

GO-2024-2656: Unencrypted traffic between nodes with IPsec in github.com/cilium/cilium

GO-2024-2666: Insecure IPsec transparent encryption in github.com/cilium/cilium

GO-2024-3072: Policy bypass for Host Firewall policy due to race condition in Cilium agent in github.com/cilium/cilium

GO-2025-4167: Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic in Ciliumgithub.com/cilium/cilium

GO-2026-4856: Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic in github.com/cilium/cilium

cidrmap

package

v0.10.0 Latest Latest Go to latest Published: Jul 21, 2017 License: Apache-2.0 Imports: 5 Imported by: 20

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cilium/cilium

Links

Documentation ¶

Index ¶

Constants
type CIDRMap
- func OpenMap(path string, prefixlen int) (*CIDRMap, bool, error)

Constants ¶

View Source

const (
	MAX_KEYS           = 1024
	LPM_MAP_VALUE_SIZE = 1
)

View Source

const (
	MapName = "cilium_cidr_"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CIDRMap ¶

type CIDRMap struct {
	Fd       int
	AddrSize int // max prefix length in bytes, 4 for IPv4, 16 for IPv6
	// contains filtered or unexported fields
}

CIDRMap refers to an LPM trie map at 'path'.

func OpenMap ¶

func OpenMap(path string, prefixlen int) (*CIDRMap, bool, error)

OpenMap opens a new CIDRMap. 'bool' returns 'true' if the map was created, and 'false' if the map already existed.

func (*CIDRMap) AllowCIDR ¶

func (cm *CIDRMap) AllowCIDR(cidr net.IPNet) error

AllowCIDR inserts an entry to 'cm' with key 'cidr'. Value is currently not used.

func (*CIDRMap) CIDRExists ¶

func (cm *CIDRMap) CIDRExists(cidr net.IPNet) bool

CIDRExists returns true if 'cidr' exists in map 'cm'

func (*CIDRMap) Close ¶

func (cm *CIDRMap) Close() error

Close closes the FD of the given CIDRMap

func (*CIDRMap) DeepCopy ¶

func (cm *CIDRMap) DeepCopy() *CIDRMap

DeepCopy duplicates CIDRMap 'cm', but both copies refer to the same map.

func (*CIDRMap) String ¶

func (cm *CIDRMap) String() string

String returns the path of the map.

Source Files ¶

View all Source files

cidrmap.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL