Affected by GO-2024-2653 and 13 other vulnerabilities

GO-2024-2653: HTTP policy bypass in github.com/cilium/cilium

GO-2024-2656: Unencrypted traffic between nodes with IPsec in github.com/cilium/cilium

GO-2024-2657: Unencrypted traffic between nodes with WireGuard in github.com/cilium/cilium

GO-2024-2666: Insecure IPsec transparent encryption in github.com/cilium/cilium

GO-2024-2922: Cilium leaks sensitive information in cilium-bugtool in github.com/cilium/cilium

GO-2024-3071: Gateway API route matching order contradicts specification in github.com/cilium/cilium

GO-2024-3072: Policy bypass for Host Firewall policy due to race condition in Cilium agent in github.com/cilium/cilium

GO-2024-3074: Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API in github.com/cilium/cilium

GO-2024-3208: Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present in github.com/cilium/cilium

GO-2025-3415: DoS in Cilium agent DNS proxy from crafted DNS responses in github.com/cilium/cilium

GO-2025-3416: Cilium has an information leakage via insecure default Hubble UI CORS header in github.com/cilium/cilium

GO-2025-3560: Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers in github.com/cilium/cilium

GO-2025-3635: In Cilium, packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters in github.com/cilium/cilium

GO-2025-4167: Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic in Ciliumgithub.com/cilium/cilium

maps

package

v1.15.0 Latest Latest Go to latest Published: Jan 31, 2024 License: Apache-2.0 Imports: 17 Imported by: 5

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cilium/cilium

Links

Documentation ¶

Overview ¶

Package maps performs various lifecycle operations related to maps in the datapath.

Index ¶

type MapSweeper
- func NewMapSweeper(g endpointManager, bwm bandwidth.Manager) *MapSweeper
- func (ms *MapSweeper) CollectStaleMapGarbage()
- func (ms *MapSweeper) RemoveDisabledMaps()

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type MapSweeper ¶

type MapSweeper struct {
	// contains filtered or unexported fields
}

MapSweeper is responsible for checking stale map paths on the filesystem and garbage collecting the endpoint if the corresponding endpoint no longer exists.

func NewMapSweeper ¶

func NewMapSweeper(g endpointManager, bwm bandwidth.Manager) *MapSweeper

NewMapSweeper creates an object that walks map paths and garbage-collects them.

func (*MapSweeper) CollectStaleMapGarbage ¶

func (ms *MapSweeper) CollectStaleMapGarbage()

CollectStaleMapGarbage cleans up stale content in the BPF maps from the datapath.

func (*MapSweeper) RemoveDisabledMaps ¶

func (ms *MapSweeper) RemoveDisabledMaps()

RemoveDisabledMaps removes BPF maps in the filesystem for features that have been disabled. The maps may still be in use in which case they will continue to live until the BPF program using them is being replaced.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL