Affected by GO-2024-2653 and 13 other vulnerabilities

GO-2024-2653: HTTP policy bypass in github.com/cilium/cilium

GO-2024-2656: Unencrypted traffic between nodes with IPsec in github.com/cilium/cilium

GO-2024-2657: Unencrypted traffic between nodes with WireGuard in github.com/cilium/cilium

GO-2024-2666: Insecure IPsec transparent encryption in github.com/cilium/cilium

GO-2024-2922: Cilium leaks sensitive information in cilium-bugtool in github.com/cilium/cilium

GO-2024-3071: Gateway API route matching order contradicts specification in github.com/cilium/cilium

GO-2024-3072: Policy bypass for Host Firewall policy due to race condition in Cilium agent in github.com/cilium/cilium

GO-2024-3074: Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API in github.com/cilium/cilium

GO-2024-3208: Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present in github.com/cilium/cilium

GO-2025-3415: DoS in Cilium agent DNS proxy from crafted DNS responses in github.com/cilium/cilium

GO-2025-3416: Cilium has an information leakage via insecure default Hubble UI CORS header in github.com/cilium/cilium

GO-2025-3560: Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers in github.com/cilium/cilium

GO-2025-3635: In Cilium, packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters in github.com/cilium/cilium

GO-2025-4167: Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic in Ciliumgithub.com/cilium/cilium

bwmap

package

v1.15.0 Latest Latest Go to latest Published: Jan 31, 2024 License: Apache-2.0 Imports: 7 Imported by: 5

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cilium/cilium

Links

Documentation ¶

Overview ¶

Package bwmap represents the BPF map used to enforce Pod bandwidth limitations via EDT (Earliest Departure Time) + BPF. +groupName=maps

Index ¶

Constants
func Delete(Id uint16) error
func SilentDelete(Id uint16) error
func ThrottleMap() *bpf.Map
func Update(Id uint16, Bps uint64) error
type EdtId
- func (k *EdtId) New() bpf.MapKey
- func (k *EdtId) String() string
type EdtInfo
- func (v *EdtInfo) New() bpf.MapValue
- func (v *EdtInfo) String() string

Constants ¶

View Source

const (
	MapName = "cilium_throttle"
	// Flow aggregate is per Pod, so same size as Endpoint map.
	MapSize = lxcmap.MaxEntries

	// DefaultDropHorizon represents maximum allowed departure
	// time delta in future. Given applications can set SO_TXTIME
	// from user space this is a limit to prevent buggy applications
	// to fill the FQ qdisc.
	DefaultDropHorizon = 2 * time.Second
)

Variables ¶

This section is empty.

Functions ¶

func Delete ¶

func Delete(Id uint16) error

func SilentDelete ¶

func SilentDelete(Id uint16) error

func ThrottleMap ¶

func ThrottleMap() *bpf.Map

func Update ¶

func Update(Id uint16, Bps uint64) error

Types ¶

type EdtId ¶

type EdtId struct {
	Id uint64 `align:"id"`
}

func (*EdtId) New ¶

func (k *EdtId) New() bpf.MapKey

func (*EdtId) String ¶

func (k *EdtId) String() string

type EdtInfo ¶

type EdtInfo struct {
	Bps             uint64    `align:"bps"`
	TimeLast        uint64    `align:"t_last"`
	TimeHorizonDrop uint64    `align:"t_horizon_drop"`
	Pad             [4]uint64 `align:"pad"`
}

func (*EdtInfo) New ¶

func (v *EdtInfo) New() bpf.MapValue

func (*EdtInfo) String ¶

func (v *EdtInfo) String() string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL