From e2cdf1e084dabc8b42e69bae83ee49a74096ca1c Mon Sep 17 00:00:00 2001 From: Nathan Baker Date: Thu, 14 Sep 2023 16:56:39 -0400 Subject: [PATCH] fix(libsinsp): Don't loop forever on container api Add an escape clause on the container lookup path to make sure we're not just constantly getting timeouts. /kind bug /area libsinsp ```release-note NONE ``` Signed-off-by: Nathan Baker --- .../container_engine/docker/async_source.cpp | 1 + .../container_engine/docker/connection.h | 3 ++- .../docker/connection_linux.cpp | 17 +++++++++++++++++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/userspace/libsinsp/container_engine/docker/async_source.cpp b/userspace/libsinsp/container_engine/docker/async_source.cpp index f04457a771..d9c5087618 100644 --- a/userspace/libsinsp/container_engine/docker/async_source.cpp +++ b/userspace/libsinsp/container_engine/docker/async_source.cpp @@ -672,6 +672,7 @@ bool docker_async_source::parse(const docker_lookup_request& request, sinsp_cont } /* FALLTHRU */ case docker_connection::docker_response::RESP_ERROR: + case docker_connection::docker_response::RESP_TIMEOUT: g_logger.format(sinsp_logger::SEV_DEBUG, "docker_async (%s): Url fetch failed, returning false", request.container_id.c_str()); diff --git a/userspace/libsinsp/container_engine/docker/connection.h b/userspace/libsinsp/container_engine/docker/connection.h index 69f1eb9d65..c481b25a18 100644 --- a/userspace/libsinsp/container_engine/docker/connection.h +++ b/userspace/libsinsp/container_engine/docker/connection.h @@ -18,7 +18,8 @@ class docker_connection { enum docker_response { RESP_OK = 0, RESP_BAD_REQUEST = 1, - RESP_ERROR = 2 + RESP_ERROR = 2, + RESP_TIMEOUT = 3 }; docker_connection(); diff --git a/userspace/libsinsp/container_engine/docker/connection_linux.cpp b/userspace/libsinsp/container_engine/docker/connection_linux.cpp index 8248da95ed..0e41c4c7fb 100644 --- a/userspace/libsinsp/container_engine/docker/connection_linux.cpp +++ b/userspace/libsinsp/container_engine/docker/connection_linux.cpp @@ -20,6 +20,7 @@ limitations under the License. #include "sinsp_int.h" namespace { +const uint32_t max_allowed_timeouts = 5; size_t docker_curl_write_callback(const char *ptr, size_t size, size_t nmemb, std::string *json) { @@ -107,6 +108,7 @@ docker_connection::docker_response docker_connection::get_docker(const docker_lo return docker_response::RESP_ERROR; } + uint32_t num_timeouts = 0; while(true) { int still_running; @@ -141,6 +143,21 @@ docker_connection::docker_response docker_connection::get_docker(const docker_lo ASSERT(false); return docker_response::RESP_ERROR; } + if(numfds == 0) + { + // Operation timed out + if(++num_timeouts >= max_allowed_timeouts) + { + g_logger.format(sinsp_logger::SEV_WARNING, + "docker_async (%s): Max timeouts exceeded", + url.c_str()); + return docker_response::RESP_TIMEOUT; + } + g_logger.format(sinsp_logger::SEV_DEBUG, + "docker_async (%s): Operation timed out %d times", + url.c_str(), + num_timeouts); + } } if(curl_multi_remove_handle(m_curlm, curl) != CURLM_OK)