Affected by GO-2023-2078 and 11 other vulnerabilities

GO-2023-2078: Kubernetes users may update Pod labels to bypass network policy in github.com/cilium/cilium

GO-2023-2079: Specific Cilium configurations vulnerable to DoS via Kubernetes annotations in github.com/cilium/cilium

GO-2023-2080: Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy in github.com/cilium/cilium

GO-2024-2568: Unencrypted ingress/health traffic when using Wireguard transparent encryption in github.com/cilium/cilium

GO-2024-2569: Unencrypted traffic between pods when using Wireguard and an external kvstore in github.com/cilium/cilium

GO-2024-2653: HTTP policy bypass in github.com/cilium/cilium

GO-2024-2656: Unencrypted traffic between nodes with IPsec in github.com/cilium/cilium

GO-2024-2657: Unencrypted traffic between nodes with WireGuard in github.com/cilium/cilium

GO-2024-2666: Insecure IPsec transparent encryption in github.com/cilium/cilium

GO-2024-2922: Cilium leaks sensitive information in cilium-bugtool in github.com/cilium/cilium

GO-2024-3072: Policy bypass for Host Firewall policy due to race condition in Cilium agent in github.com/cilium/cilium

GO-2024-3208: Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present in github.com/cilium/cilium

ipmasq

package

v1.14.1 Latest Latest Go to latest Published: Aug 11, 2023 License: Apache-2.0 Imports: 8 Imported by: 5

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cilium/cilium

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func IPMasq4Map() *bpf.Map
func IPMasq6Map() *bpf.Map
type IPMasqBPFMap
type Key4
- func (k *Key4) New() bpf.MapKey
- func (k *Key4) String() string
type Key6
- func (k *Key6) New() bpf.MapKey
- func (k *Key6) String() string
type Value
- func (v *Value) New() bpf.MapValue
- func (v *Value) String() string

Constants ¶

View Source

const (
	MapNameIPv4    = "cilium_ipmasq_v4"
	MaxEntriesIPv4 = 16384
	MapNameIPv6    = "cilium_ipmasq_v6"
	MaxEntriesIPv6 = 16384
)

Variables ¶

This section is empty.

Functions ¶

func IPMasq4Map ¶

func IPMasq4Map() *bpf.Map

func IPMasq6Map ¶

func IPMasq6Map() *bpf.Map

Types ¶

type IPMasqBPFMap ¶

type IPMasqBPFMap struct{}

func (*IPMasqBPFMap) Delete ¶

func (*IPMasqBPFMap) Delete(cidr net.IPNet) error

func (*IPMasqBPFMap) Dump ¶

func (*IPMasqBPFMap) Dump() ([]net.IPNet, error)

Dump dumps the contents of the ip-masq-agent maps for IPv4 and/or IPv6, as required based on configuration options.

func (*IPMasqBPFMap) DumpForProtocols ¶

func (*IPMasqBPFMap) DumpForProtocols(ipv4Needed, ipv6Needed bool) ([]net.IPNet, error)

DumpForProtocols dumps the contents of the ip-masq-agent maps for IPv4 and/or IPv6, as requested by the caller. Given that the package does not expose the maps directly, it's necessary to specify which protocol we need when ipMasq4Map/ipMasq6Map, or config options, have not been set, as is the case when calling from the CLI, for example.

func (*IPMasqBPFMap) Update ¶

func (*IPMasqBPFMap) Update(cidr net.IPNet) error

type Key4 ¶

type Key4 struct {
	PrefixLen uint32
	Address   types.IPv4
}

func (*Key4) New ¶

func (k *Key4) New() bpf.MapKey

func (*Key4) String ¶

func (k *Key4) String() string

type Key6 ¶

type Key6 struct {
	PrefixLen uint32
	Address   types.IPv6
}

func (*Key6) New ¶

func (k *Key6) New() bpf.MapKey

func (*Key6) String ¶

func (k *Key6) String() string

type Value ¶

type Value struct {
	Pad uint8 // not used
}

func (*Value) New ¶

func (v *Value) New() bpf.MapValue

func (*Value) String ¶

func (v *Value) String() string

Source Files ¶

View all Source files

ipmasq.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL