GO-2024-2656: Unencrypted traffic between nodes with IPsec in github.com/cilium/cilium

GO-2024-2666: Insecure IPsec transparent encryption in github.com/cilium/cilium

linuxrouting

package

v1.8.2 Latest Latest Go to latest Published: Jul 23, 2020 License: Apache-2.0 Imports: 10 Imported by: 4

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cilium/cilium

Links

Open Source Insights

Documentation ¶

Index ¶

func Delete(ip net.IP) error
type RoutingInfo
- func NewRoutingInfo(gateway string, cidrs []string, mac string, masquerade bool) (*RoutingInfo, error)
- func (info *RoutingInfo) Configure(ip net.IP, mtu int, masq bool) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Delete ¶

func Delete(ip net.IP) error

Delete removes the ingress and egress rules that control traffic for endpoints. Note that the routes within these rules are not deleted as they can be reused when another endpoint is created on the same node. The reason for this is that ENI devices under-the-hood are simply network interfaces and all network interfaces have an ifindex. This index is then used as the table ID when these rules are created. The routes are created inside a table with this ID, and because this table ID equals the ENI ifindex, it's stable to rely on and therefore can be reused.

Types ¶

type RoutingInfo ¶

type RoutingInfo struct {
	// IPv4Gateway is the gateway where outbound/egress traffic is directed.
	IPv4Gateway net.IP

	// IPv4CIDRs is a list of CIDRs which the interface has access to. In most
	// cases, it'll at least contain the CIDR of the IPv4Gateway IP address.
	IPv4CIDRs []net.IPNet

	// MasterIfMAC is the MAC address of the master interface that egress
	// traffic is directed to. This is the MAC of the interface itself which
	// corresponds to the IPv4Gateway IP addr.
	MasterIfMAC mac.MAC
}

RoutingInfo represents information that's required to enable connectivity via the local rule and route tables while in ENI or Azure IPAM mode. The information in this struct is used to create rules and routes which direct traffic out of the interface (egress).

This struct is mostly derived from the `ipam.AllocationResult` as the information comes from IPAM.

func NewRoutingInfo ¶

func NewRoutingInfo(gateway string, cidrs []string, mac string, masquerade bool) (*RoutingInfo, error)

NewRoutingInfo creates a new RoutingInfo struct, from data that will be parsed and validated. Note, this code assumes IPv4 values because IPv4 (on either ENI or Azure interface) is the only supported path currently. Azure does not support masquerade yet (subnets CIDRs aren't provided): untill it does, we forward a masquerade bool to opt out ipam.Cidrs use.

func (*RoutingInfo) Configure ¶

func (info *RoutingInfo) Configure(ip net.IP, mtu int, masq bool) error

Configure sets up the rules and routes needed when running in ENI or Azure IPAM mode. These rules and routes direct egress traffic out of the interface and ingress traffic back to the endpoint (`ip`).

ip: The endpoint IP address to direct traffic out / from interface. info: The interface routing info used to create rules and routes. mtu: The interface MTU. masq: Whether masquerading is enabled.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL