GO-2023-2078
and 16 other vulnerabilities
GO-2023-2078 : Kubernetes users may update Pod labels to bypass network policy in github.com/cilium/cilium
GO-2023-2079 : Specific Cilium configurations vulnerable to DoS via Kubernetes annotations in github.com/cilium/cilium
GO-2023-2080 : Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy in github.com/cilium/cilium
GO-2024-2568 : Unencrypted ingress/health traffic when using Wireguard transparent encryption in github.com/cilium/cilium
GO-2024-2569 : Unencrypted traffic between pods when using Wireguard and an external kvstore in github.com/cilium/cilium
GO-2024-2653 : HTTP policy bypass in github.com/cilium/cilium
GO-2024-2656 : Unencrypted traffic between nodes with IPsec in github.com/cilium/cilium
GO-2024-2657 : Unencrypted traffic between nodes with WireGuard in github.com/cilium/cilium
GO-2024-2666 : Insecure IPsec transparent encryption in github.com/cilium/cilium
GO-2024-2922 : Cilium leaks sensitive information in cilium-bugtool in github.com/cilium/cilium
GO-2024-3072 : Policy bypass for Host Firewall policy due to race condition in Cilium agent in github.com/cilium/cilium
GO-2024-3208 : Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present in github.com/cilium/cilium
GO-2025-3415 : DoS in Cilium agent DNS proxy from crafted DNS responses in github.com/cilium/cilium
GO-2025-3416 : Cilium has an information leakage via insecure default Hubble UI CORS header in github.com/cilium/cilium
GO-2025-3635 : In Cilium, packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters in github.com/cilium/cilium
GO-2025-4167 : Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic in Ciliumgithub.com/cilium/cilium
GO-2026-4856 : Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic in github.com/cilium/cilium
Discover Packages
github.com/cilium/cilium
pkg
maps
metricsmap
package
Version:
v1.14.0
Opens a new window with list of versions in this module.
Published: Jul 27, 2023
License: Apache-2.0
Opens a new window with license information.
Imports: 8
Opens a new window with list of imports.
Imported by: 21
Opens a new window with list of known importers.
Documentation
¶
Package metricsmap represents the BPF metrics map in the BPF programs. It is
implemented as a hash table containing an entry of different drop and forward
counts for different drop/forward reasons and directions.
+groupName=maps
View Source const (
MapName = "cilium_metrics"
MaxEntries = 1024
)
MetricDirection gets the direction in human readable string format
SyncMetricsMap is called periodically to sync off the metrics map by
aggregating it into drops (by drop reason and direction) and
forwards (by direction) with the prometheus server.
IterateCallback represents the signature of the callback function expected by
the IterateWithCallback method, which in turn is used to iterate all the
keys/values of a metrics map.
type Key struct {
Reason uint8 `align:"reason"`
Dir uint8 `align:"dir"`
Reserved [3]uint16 `align:"reserved"`
}
Key must be in sync with struct metrics_key in <bpf/lib/common.h>
Direction gets the direction in human readable string format
DropForwardReason gets the forwarded/dropped reason in human readable string format
IsDrop checks if the reason is drop or not.
MetricsMap interface represents a metrics map, and can be reused to implement
mock maps for unit tests.
type Value struct {
Count uint64 `align:"count"`
Bytes uint64 `align:"bytes"`
}
Value must be in sync with struct metrics_value in <bpf/lib/common.h>
Values is a slice of Values
Bytes returns the sum of all the per-CPU bytes values
Count returns the sum of all the per-CPU count values
¶
Click to show internal directories.
Click to hide internal directories.
Affected by 
Documentation
¶
Source Files