Affected by GO-2022-0617 and 14 other vulnerabilities

GO-2022-0617: WITHDRAWN: Potential proxy IP restriction bypass in Kubernetes in k8s.io/kubernetes

GO-2022-0983: ANSI escape characters not filtered in kubectl in k8s.io/kubernetes

GO-2023-1628: Kubernetes vulnerable to path traversal in k8s.io/kubernetes

GO-2023-1629: Kubernetes vulnerable to validation bypass in k8s.io/kubernetes

GO-2023-1864: Kubelet vulnerable to bypass of seccomp profile enforcement in k8s.io/kubernetes

GO-2023-1891: Vulnerable to policy bypass in kube-apiserver in k8s.io/kubernetes

GO-2023-1892: Kubernetes mountable secrets policy bypass in k8s.io/kubernetes

GO-2023-2341: Kubernetes Improper Input Validation vulnerability in k8s.io/kubernetes

GO-2024-2994: Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes

GO-2024-3277: Kubernetes Nil pointer dereference in KCM after v1 HPA patch request in k8s.io/kubernetes

GO-2025-3465: Node Denial of Service via kubelet Checkpoint API in k8s.io/kubernetes

GO-2025-3521: Kubernetes GitRepo Volume Inadvertent Local Repository Access in k8s.io/kubernetes

GO-2025-3522: Kubernetes allows Command Injection affecting Windows nodes via nodes/*/logs/query API in k8s.io/kubernetes

GO-2025-3547: Kubernetes kube-apiserver Vulnerable to Race Condition in k8s.io/kubernetes

GO-2025-3915: Kubernetes Nodes can delete themselves by adding an OwnerReference in k8s.io/kubernetes

iptables

package

v1.24.5-rc.0 Latest Latest Go to latest Published: Aug 17, 2022 License: Apache-2.0 Imports: 3 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kubernetes/kubernetes

Links

Open Source Insights

Documentation ¶

Index ¶

type LocalTrafficDetector

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type LocalTrafficDetector ¶

type LocalTrafficDetector interface {
	// IsImplemented returns true if the implementation does something, false otherwise
	IsImplemented() bool

	// IfLocal returns iptables arguments that will match traffic from a pod
	IfLocal() []string

	// IfNotLocal returns iptables arguments that will match traffic that is not from a pod
	IfNotLocal() []string
}

LocalTrafficDetector in a interface to take action (jump) based on whether traffic originated locally at the node or not

func NewDetectLocalByBridgeInterface ¶ added in v1.24.0

func NewDetectLocalByBridgeInterface(interfaceName string) (LocalTrafficDetector, error)

NewDetectLocalByBridgeInterface implements the LocalTrafficDetector interface using a bridge interface name. This can be used when a bridge can be used to capture the notion of local traffic from pods.

func NewDetectLocalByCIDR ¶

func NewDetectLocalByCIDR(cidr string, ipt utiliptables.Interface) (LocalTrafficDetector, error)

NewDetectLocalByCIDR implements the LocalTrafficDetector interface using a CIDR. This can be used when a single CIDR range can be used to capture the notion of local traffic.

func NewDetectLocalByInterfaceNamePrefix ¶ added in v1.24.0

func NewDetectLocalByInterfaceNamePrefix(interfacePrefix string) (LocalTrafficDetector, error)

NewDetectLocalByInterfaceNamePrefix implements the LocalTrafficDetector interface using an interface name prefix. This can be used when a pod interface name prefix can be used to capture the notion of local traffic. Note that this will match on all interfaces that start with the given prefix.

func NewNoOpLocalDetector ¶

func NewNoOpLocalDetector() LocalTrafficDetector

NewNoOpLocalDetector is a no-op implementation of LocalTrafficDetector

Source Files ¶

View all Source files

traffic.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL