Affected by GO-2024-2666 and 10 other vulnerabilities

GO-2024-2666: Insecure IPsec transparent encryption in github.com/cilium/cilium

GO-2024-2922: Cilium leaks sensitive information in cilium-bugtool in github.com/cilium/cilium

GO-2024-3071: Gateway API route matching order contradicts specification in github.com/cilium/cilium

GO-2024-3072: Policy bypass for Host Firewall policy due to race condition in Cilium agent in github.com/cilium/cilium

GO-2024-3074: Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API in github.com/cilium/cilium

GO-2024-3208: Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present in github.com/cilium/cilium

GO-2025-3415: DoS in Cilium agent DNS proxy from crafted DNS responses in github.com/cilium/cilium

GO-2025-3416: Cilium has an information leakage via insecure default Hubble UI CORS header in github.com/cilium/cilium

GO-2025-3560: Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers in github.com/cilium/cilium

GO-2025-3635: In Cilium, packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters in github.com/cilium/cilium

GO-2025-4167: Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic in Ciliumgithub.com/cilium/cilium

maglev

package

v1.15.2 Latest Latest Go to latest Published: Mar 13, 2024 License: Apache-2.0 Imports: 9 Imported by: 3

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cilium/cilium

Links

Documentation ¶

Index ¶

Constants
Variables
func GetLookupTable(backendsMap map[string]*loadbalancer.Backend, m uint64) []int
func Init(seed string, m uint64) error

Constants ¶

View Source

const (
	DefaultTableSize = 16381

	// seed=$(head -c12 /dev/urandom | base64 -w0)
	DefaultHashSeed = "JLfvgnHc2kaSUFaI"
)

Variables ¶

View Source

var (
	SeedJhash0 uint32
	SeedJhash1 uint32
)

Functions ¶

func GetLookupTable ¶

func GetLookupTable(backendsMap map[string]*loadbalancer.Backend, m uint64) []int

GetLookupTable returns the Maglev lookup table of the size "m" for the given backends. The lookup table contains the IDs of the given backends.

Maglev algorithm might produce different lookup table for the same set of backends listed in a different order. To avoid that sort backends by name, as the names are the same on all nodes (in opposite to backend IDs which are node-local).

The weights implementation is inspired by https://github.com/envoyproxy/envoy/pull/2982.

A backend weight is honored by altering the frequency how often a backend's turn is selected. A backend weight is multiplied in each turn by (n + 1) and compared to weightCntr[backendName] value which is an incrementation of weightSum (but starts at backend's weight / number of backends, so that each backend is selected at least once). If this is lower than weightCntr[backendName], another backend has a turn (and weightCntr[backendName] is incremented). This way we honor the weights.

func Init ¶

func Init(seed string, m uint64) error

Init initializes the Maglev subsystem with the seed and the backend table size (m).

Types ¶

This section is empty.

Source Files ¶

View all Source files

maglev.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL