-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CURL fails to make call to IMDS in AWS request signing filter if Envoy process uses over 1024 file descriptors #24136
Comments
great find @PeterL328 ! 👏 |
Thanks for this great find. And could you also create a RP for this fix (may be after the curl releases a new version)? |
Sure, no problem. |
This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions. |
This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". Thank you for your contributions. |
@wbpcode Are you able to reopen this issue? |
Created the PR #24719 to bump CURL version |
Title: CURL fails to make call to IMDS in AWS request signing filter if Envoy process uses over 1024 file/socket descriptors
Description:
CURL fails to make call to IMDSv1 in AWS request signing filter if Envoy process uses over 1024 file/socket descriptors.
Potential cause:
From my investigations, CURL failed to make the call to IMDSv1 because poll() could not be used and CURL used select() as fallback. Since select() is very limited due to it being only able to handle up to 1024 file descriptors(i.e opened files, socket connections, etc), poll() is generally preferred with a much higher limit for handing file descriptors. For reference on poll() and select() usage in CURL, see here.
The reason CURL is falling back to select() is due to CURL checking if CMAKE_TOOLCHAIN_FILE is defined. If it is defined, then CURL will not use poll() and use select(). In the Envoy repo, we build CURL with CMAKE_TOOLCHAIN_FILE defined. This causes Envoy's CURL to always use select() instead of poll().
Possible fixes:
This issue has recently been addressed in the CURL repo, PR link. It should be part of version 7.87 of CURL and Envoy should just get the fix for free.
This issue is created to raise awareness of the issue in case people run into some similar errors.
Logs:
The text was updated successfully, but these errors were encountered: