fix: [NPM] [Linux] panic if applyIPSets continues to fail

Signed-off-by: Hunter Gregory <42728408+huntergregory@users.noreply.github.com>
Azure · Aug 28, 2024 · 5527fc0 · 5527fc0
1 parent 6b05df1
commit 5527fc0
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/npm/pkg/dataplane/ipsets/ipsetmanager.go b/npm/pkg/dataplane/ipsets/ipsetmanager.go
@@ -51,6 +51,9 @@ type IPSetManager struct {
 	setMap     map[string]*IPSet
 	dirtyCache dirtyCacheInterface
 	ioShim     *common.IOShim
+	// consecutiveApplyFailures is used in Linux to count the number of consecutive failures to apply ipsets
+	// if this count exceeds a threshold, we will panic
+	consecutiveApplyFailures int
 	sync.RWMutex
 }
 

diff --git a/npm/pkg/dataplane/ipsets/ipsetmanager_linux.go b/npm/pkg/dataplane/ipsets/ipsetmanager_linux.go
@@ -54,6 +54,8 @@ const (
 	destroySectionPrefix           = "delete"
 	addOrUpdateSectionPrefix       = "add/update"
 	ipsetRestoreLineFailurePattern = "Error in line (\\d+):"
+
+	maxConsecutiveFailures = 100
 )
 
 var (
@@ -408,8 +410,18 @@ func (iMgr *IPSetManager) applyIPSets() error {
 	creator := iMgr.fileCreatorForApply(maxTryCount)
 	restoreError := creator.RunCommandWithFile(ipsetCommand, ipsetRestoreFlag)
 	if restoreError != nil {
+		iMgr.consecutiveApplyFailures++
+		if iMgr.consecutiveApplyFailures >= maxConsecutiveFailures {
+			klog.Errorf("exceeded max consecutive failures (%d) when applying ipsets", maxConsecutiveFailures)
+			metrics.SendErrorLogAndMetric(util.IpsmID, "exceeded max consecutive failures (%d) when applying ipsets", maxConsecutiveFailures)
+			panic(fmt.Sprintf("exceeded max consecutive failures when applying ipsets (%d)", maxConsecutiveFailures))
+		}
+
 		return npmerrors.SimpleErrorWrapper("ipset restore failed when applying ipsets", restoreError)
 	}
+
+	iMgr.consecutiveApplyFailures = 0
+
 	return nil
 }