GO-2023-2078
and 15 other vulnerabilities
GO-2023-2078 : Kubernetes users may update Pod labels to bypass network policy in github.com/cilium/cilium
GO-2023-2079 : Specific Cilium configurations vulnerable to DoS via Kubernetes annotations in github.com/cilium/cilium
GO-2023-2080 : Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy in github.com/cilium/cilium
GO-2024-2568 : Unencrypted ingress/health traffic when using Wireguard transparent encryption in github.com/cilium/cilium
GO-2024-2569 : Unencrypted traffic between pods when using Wireguard and an external kvstore in github.com/cilium/cilium
GO-2024-2653 : HTTP policy bypass in github.com/cilium/cilium
GO-2024-2656 : Unencrypted traffic between nodes with IPsec in github.com/cilium/cilium
GO-2024-2657 : Unencrypted traffic between nodes with WireGuard in github.com/cilium/cilium
GO-2024-2666 : Insecure IPsec transparent encryption in github.com/cilium/cilium
GO-2024-2922 : Cilium leaks sensitive information in cilium-bugtool in github.com/cilium/cilium
GO-2024-3072 : Policy bypass for Host Firewall policy due to race condition in Cilium agent in github.com/cilium/cilium
GO-2024-3208 : Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present in github.com/cilium/cilium
GO-2025-3415 : DoS in Cilium agent DNS proxy from crafted DNS responses in github.com/cilium/cilium
GO-2025-3416 : Cilium has an information leakage via insecure default Hubble UI CORS header in github.com/cilium/cilium
GO-2025-3635 : In Cilium, packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters in github.com/cilium/cilium
GO-2025-4167 : Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic in Ciliumgithub.com/cilium/cilium
Discover Packages
github.com/cilium/cilium
pkg
socketlb
package
Version:
v1.14.0
Opens a new window with list of versions in this module.
Published: Jul 27, 2023
License: Apache-2.0
Opens a new window with license information.
Imports: 13
Opens a new window with list of imports.
Imported by: 0
Opens a new window with list of known importers.
Documentation
¶
View Source const (
Subsystem = "socketlb"
Connect4 = "cil_sock4_connect"
SendMsg4 = "cil_sock4_sendmsg"
RecvMsg4 = "cil_sock4_recvmsg"
GetPeerName4 = "cil_sock4_getpeername"
PostBind4 = "cil_sock4_post_bind"
PreBind4 = "cil_sock4_pre_bind"
Connect6 = "cil_sock6_connect"
SendMsg6 = "cil_sock6_sendmsg"
RecvMsg6 = "cil_sock6_recvmsg"
GetPeerName6 = "cil_sock6_getpeername"
PostBind6 = "cil_sock6_post_bind"
PreBind6 = "cil_sock6_pre_bind"
)
Disable detaches all bpf programs for socketlb.
func Enable() (err error )
Enable attaches necessary bpf programs for socketlb based on ciliums config.
On restart, Enable can also detach unnecessary programs if specific configuration
options have changed.
It expects bpf_sock.c to be compiled previously, so that bpf_sock.o is present
in the Runtime dir.
¶
Click to show internal directories.
Click to hide internal directories.
Affected by 
Documentation
¶
Source Files