Affected by GO-2022-0617 and 3 other vulnerabilities

GO-2022-0617: WITHDRAWN: Potential proxy IP restriction bypass in Kubernetes in k8s.io/kubernetes

GO-2025-3521: Kubernetes GitRepo Volume Inadvertent Local Repository Access in k8s.io/kubernetes

GO-2025-3547: Kubernetes kube-apiserver Vulnerable to Race Condition in k8s.io/kubernetes

GO-2025-3915: Kubernetes Nodes can delete themselves by adding an OwnerReference in k8s.io/kubernetes

iptables

package

v1.30.12 Latest Latest Go to latest Published: Apr 22, 2025 License: Apache-2.0 Imports: 2 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kubernetes/kubernetes

Links

Open Source Insights

Documentation ¶

Index ¶

type LocalTrafficDetector

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type LocalTrafficDetector ¶

type LocalTrafficDetector interface {
	// IsImplemented returns true if the implementation does something, false otherwise
	IsImplemented() bool

	// IfLocal returns iptables arguments that will match traffic from a pod
	IfLocal() []string

	// IfNotLocal returns iptables arguments that will match traffic that is not from a pod
	IfNotLocal() []string

	// IfLocalNFT returns nftables arguments that will match traffic from a pod
	IfLocalNFT() []string

	// IfNotLocalNFT returns nftables arguments that will match traffic that is not from a pod
	IfNotLocalNFT() []string
}

LocalTrafficDetector in a interface to take action (jump) based on whether traffic originated locally at the node or not

func NewDetectLocalByBridgeInterface ¶ added in v1.24.0

func NewDetectLocalByBridgeInterface(interfaceName string) (LocalTrafficDetector, error)

NewDetectLocalByBridgeInterface implements the LocalTrafficDetector interface using a bridge interface name. This can be used when a bridge can be used to capture the notion of local traffic from pods.

func NewDetectLocalByCIDR ¶

func NewDetectLocalByCIDR(cidr string) (LocalTrafficDetector, error)

NewDetectLocalByCIDR implements the LocalTrafficDetector interface using a CIDR. This can be used when a single CIDR range can be used to capture the notion of local traffic.

func NewDetectLocalByInterfaceNamePrefix ¶ added in v1.24.0

func NewDetectLocalByInterfaceNamePrefix(interfacePrefix string) (LocalTrafficDetector, error)

NewDetectLocalByInterfaceNamePrefix implements the LocalTrafficDetector interface using an interface name prefix. This can be used when a pod interface name prefix can be used to capture the notion of local traffic. Note that this will match on all interfaces that start with the given prefix.

func NewNoOpLocalDetector ¶

func NewNoOpLocalDetector() LocalTrafficDetector

NewNoOpLocalDetector is a no-op implementation of LocalTrafficDetector

Source Files ¶

View all Source files

traffic.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL