Affected by GO-2022-0457
and 10 other vulnerabilities
GO-2022-0457 : Access to Unix domain socket can lead to privileges escalation in Cilium in github.com/cilium/cilium
GO-2022-0458 : Improper Privilege Management in Cilium in github.com/cilium/cilium
GO-2022-0959 : Network Policies & (Clusterwide) Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels in github.com/cilium/cilium
GO-2023-1643 : Potential network policy bypass when routing IPv6 traffic in github.com/cilium/cilium
GO-2023-1785 : Potential HTTP policy bypass when using header rules in Cilium in github.com/cilium/cilium
GO-2023-2078 : Kubernetes users may update Pod labels to bypass network policy in github.com/cilium/cilium
GO-2023-2079 : Specific Cilium configurations vulnerable to DoS via Kubernetes annotations in github.com/cilium/cilium
GO-2023-2080 : Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy in github.com/cilium/cilium
GO-2024-2656 : Unencrypted traffic between nodes with IPsec in github.com/cilium/cilium
GO-2024-2666 : Insecure IPsec transparent encryption in github.com/cilium/cilium
GO-2024-3072 : Policy bypass for Host Firewall policy due to race condition in Cilium agent in github.com/cilium/cilium
Discover Packages
github.com/cilium/cilium
pkg
maps
metricsmap
package
Version:
v1.5.0-rc3
Opens a new window with list of versions in this module.
Published: Apr 8, 2019
License: Apache-2.0
Opens a new window with license information.
Imports: 14
Opens a new window with list of imports.
Imported by: 17
Opens a new window with list of known importers.
Documentation
Documentation
¶
Package metricsmap represents the BPF metrics map in the BPF programs. It is
implemented as a hash table containing an entry of different drop and forward
counts for different drop/forward reasons and directions.
View Source
const (
MapName = "cilium_metrics"
MaxEntries = 65536
)
SyncMetricsMap is called periodically to sync off the metrics map by
aggregating it into drops (by drop reason and direction) and
forwards (by direction) with the prometheus server.
type Key struct {
Reason uint8 `align:"reason"`
Dir uint8 `align:"dir"`
Reserved [3]uint16 `align:"reserved"`
}
Key must be in sync with struct metrics_key in <bpf/lib/common.h>
Direction gets the direction in human readable string format
DropForwardReason gets the forwarded/dropped reason in human readable string format
GetKeyPtr returns the unsafe pointer to the BPF key
IsDrop checks if the reason is drop or not.
NewValue returns a new empty instance of the structure representing the BPF
map value
String converts the key into a human readable string format
type Value struct {
Count uint64 `align:"count"`
Bytes uint64 `align:"bytes"`
}
Value must be in sync with struct metrics_value in <bpf/lib/common.h>
CountFloat converts the request count to float
GetValuePtr returns the unsafe pointer to the BPF value.
RequestBytes returns drop/forward bytes in a human readable string format
RequestCount returns the drop/forward count in a human readable string format
String converts the value into a human readable string format
Source Files
¶
Click to show internal directories.
Click to hide internal directories.