Affected by GO-2022-0959 and 9 other vulnerabilities

GO-2022-0959: Network Policies & (Clusterwide) Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels in github.com/cilium/cilium

GO-2023-1643: Potential network policy bypass when routing IPv6 traffic in github.com/cilium/cilium

GO-2023-1730: Debug mode leaks confidential data in Cilium in github.com/cilium/cilium

GO-2023-1785: Potential HTTP policy bypass when using header rules in Cilium in github.com/cilium/cilium

GO-2023-2078: Kubernetes users may update Pod labels to bypass network policy in github.com/cilium/cilium

GO-2023-2079: Specific Cilium configurations vulnerable to DoS via Kubernetes annotations in github.com/cilium/cilium

GO-2023-2080: Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy in github.com/cilium/cilium

GO-2024-2656: Unencrypted traffic between nodes with IPsec in github.com/cilium/cilium

GO-2024-2666: Insecure IPsec transparent encryption in github.com/cilium/cilium

GO-2024-3072: Policy bypass for Host Firewall policy due to race condition in Cilium agent in github.com/cilium/cilium

fence

package

v1.11.7 Latest Latest Go to latest Published: Jul 15, 2022 License: Apache-2.0 Imports: 4 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cilium/cilium

Links

Open Source Insights

Documentation ¶

Index ¶

type Fencer
- func (f Fencer) Clear(uuid string)
- func (f Fencer) Fence(m Meta) bool
type Meta
- func (m *Meta) FromObjectMeta(om *v1.ObjectMeta) error
- func (m *Meta) FromSlimObjectMeta(om *slim_metav1.ObjectMeta) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Fencer ¶

type Fencer map[string]uint64

Fencer provides a method set to prevent processing out of order events.

Fencer will keep track of the last seen revision (monotonically increasing event id) for each seen UUID (globally unique identifier for a resource producing an event.)

func (Fencer) Clear ¶

func (f Fencer) Clear(uuid string)

Clear removes the uuid and revision from its internal storage.

This method should only be invoked once the caller can ensure the provided UUID will not be seen again.

func (Fencer) Fence ¶

func (f Fencer) Fence(m Meta) bool

Fence evalutes the passed in meta and informs the caller whether to not process the event (fence) or not process the event (no fence)

True is returned when the caller should fence the event. False is returned when the caller should not.

type Meta ¶

type Meta struct {
	// UUID is an immutable identifier for resource producing
	// this event.
	UUID string
	// Rev is a revision number in a total order of revision numbers
	// for the resource producing this event.
	Rev uint64
}

Meta provides metadata from the resource which triggered this package's events.

func (*Meta) FromObjectMeta ¶

func (m *Meta) FromObjectMeta(om *v1.ObjectMeta) error

FromSlimObjectMeta allocates a meta derived from a k8s ObjectMeta and stores it at the memory pointed to by m.

func (*Meta) FromSlimObjectMeta ¶ added in v1.11.0

func (m *Meta) FromSlimObjectMeta(om *slim_metav1.ObjectMeta) error

FromSlimObjectMeta allocates a meta derived from a slim k8s ObjectMeta and stores it at the memory pointed to by m.

Source Files ¶

View all Source files

fence.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL