Fix #4396: Add timeout to establish_connection to prevent infinite loop #5104
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2ZZ
force-pushed
the
fix-issue-2969-handshake-timeout
branch
from
0989d87 to
ec945bf
Compare
2ZZ
changed the title
2ZZ
force-pushed
the
fix-issue-2969-handshake-timeout
branch
from
ec945bf to
cbc2ea8
Compare
daipom
reviewed
Sep 29, 2025
Contributor
daipom
left a comment
daipom
left a comment
There was a problem hiding this comment.
Sorry for my late response.
Thanks so much for considering a fix for this critical issue!
I don’t fully understand the cause and haven’t been able to reproduce it, but at least, it would be good to address the risk of entering an infinite loop.
So, this fix looks good to me.
I left one comment. Could you please check it?
daipom
added
backport to v1.19
Contributor
|
I want to clarify the conditions for #4396, if possible.
It appears that the I’m concerned that |
…ite loop - Add timeout check in establish_connection method using send_timeout - Prevents infinite loop when connection drops during handshake protocol - Disables problematic nodes and logs timeout warnings - Add test case to verify timeout functionality works correctly Fixes issue where logs stop being flushed when handshake gets stuck in unstable network environments with proxy components. Signed-off-by: Ian Driver <[email protected]>
2ZZ
force-pushed
the
fix-issue-2969-handshake-timeout
branch
from
cbc2ea8 to
179bf0f
Compare
Contributor
Author
I agree, I wonder if the original reporter redacted their security config. I do use the security setting in the environment where I'm seeing this behaviour. |
Contributor
Thanks! |
Contributor
Author
Is there anything I need to do from here to get this merged? |
Contributor
No. I’m only waiting for the CI to pass. 😄 |
Contributor
|
Thanks! |
Watson1978
pushed a commit
that referenced
this pull request
Nov 4, 2025
…op (#5104) **Which issue(s) this PR fixes**: Fixes #4396 **What this PR does / why we need it**: Adds timeout mechanism to `establish_connection` method to prevent infinite loop when handshake protocol gets stuck. In unstable network environments with proxy components, if connection drops during handshake after TLS establishment, Fluentd gets stuck in infinite loop causing logs to stop being flushed. This fix uses existing `hard_timeout` configuration to break the loop, disable problematic nodes, and maintain log flow through healthy nodes. **Docs Changes**: None required - uses existing `hard_timeout` configuration parameter. **Release Note**: Fix infinite loop in out_forward handshake protocol that could cause logs to stop being flushed in unstable network environments. Signed-off-by: Ian Driver <[email protected]> Co-authored-by: Ian Driver <[email protected]> Signed-off-by: Shizuo Fujita <[email protected]>
Watson1978
pushed a commit
that referenced
this pull request
Nov 4, 2025
…op (#5104) **Which issue(s) this PR fixes**: Fixes #4396 **What this PR does / why we need it**: Adds timeout mechanism to `establish_connection` method to prevent infinite loop when handshake protocol gets stuck. In unstable network environments with proxy components, if connection drops during handshake after TLS establishment, Fluentd gets stuck in infinite loop causing logs to stop being flushed. This fix uses existing `hard_timeout` configuration to break the loop, disable problematic nodes, and maintain log flow through healthy nodes. **Docs Changes**: None required - uses existing `hard_timeout` configuration parameter. **Release Note**: Fix infinite loop in out_forward handshake protocol that could cause logs to stop being flushed in unstable network environments. Signed-off-by: Ian Driver <[email protected]> Co-authored-by: Ian Driver <[email protected]> Signed-off-by: Shizuo Fujita <[email protected]>
Watson1978
pushed a commit
that referenced
this pull request
Nov 4, 2025
…op (#5104) **Which issue(s) this PR fixes**: Fixes #4396 **What this PR does / why we need it**: Adds timeout mechanism to `establish_connection` method to prevent infinite loop when handshake protocol gets stuck. In unstable network environments with proxy components, if connection drops during handshake after TLS establishment, Fluentd gets stuck in infinite loop causing logs to stop being flushed. This fix uses existing `hard_timeout` configuration to break the loop, disable problematic nodes, and maintain log flow through healthy nodes. **Docs Changes**: None required - uses existing `hard_timeout` configuration parameter. **Release Note**: Fix infinite loop in out_forward handshake protocol that could cause logs to stop being flushed in unstable network environments. Signed-off-by: Ian Driver <[email protected]> Co-authored-by: Ian Driver <[email protected]> Signed-off-by: Shizuo Fujita <[email protected]>
Watson1978
pushed a commit
that referenced
this pull request
Nov 4, 2025
…op (#5104) **Which issue(s) this PR fixes**: Fixes #4396 **What this PR does / why we need it**: Adds timeout mechanism to `establish_connection` method to prevent infinite loop when handshake protocol gets stuck. In unstable network environments with proxy components, if connection drops during handshake after TLS establishment, Fluentd gets stuck in infinite loop causing logs to stop being flushed. This fix uses existing `hard_timeout` configuration to break the loop, disable problematic nodes, and maintain log flow through healthy nodes. **Docs Changes**: None required - uses existing `hard_timeout` configuration parameter. **Release Note**: Fix infinite loop in out_forward handshake protocol that could cause logs to stop being flushed in unstable network environments. Signed-off-by: Ian Driver <[email protected]> Co-authored-by: Ian Driver <[email protected]> Signed-off-by: Shizuo Fujita <[email protected]>
Watson1978
pushed a commit
that referenced
this pull request
Nov 6, 2025
…op (#5104) **Which issue(s) this PR fixes**: Fixes #4396 **What this PR does / why we need it**: Adds timeout mechanism to `establish_connection` method to prevent infinite loop when handshake protocol gets stuck. In unstable network environments with proxy components, if connection drops during handshake after TLS establishment, Fluentd gets stuck in infinite loop causing logs to stop being flushed. This fix uses existing `hard_timeout` configuration to break the loop, disable problematic nodes, and maintain log flow through healthy nodes. **Docs Changes**: None required - uses existing `hard_timeout` configuration parameter. **Release Note**: Fix infinite loop in out_forward handshake protocol that could cause logs to stop being flushed in unstable network environments. Signed-off-by: Ian Driver <[email protected]> Co-authored-by: Ian Driver <[email protected]> Signed-off-by: Shizuo Fujita <[email protected]>
Watson1978
pushed a commit
that referenced
this pull request
Dec 5, 2025
…op (#5104) **Which issue(s) this PR fixes**: Fixes #4396 **What this PR does / why we need it**: Adds timeout mechanism to `establish_connection` method to prevent infinite loop when handshake protocol gets stuck. In unstable network environments with proxy components, if connection drops during handshake after TLS establishment, Fluentd gets stuck in infinite loop causing logs to stop being flushed. This fix uses existing `hard_timeout` configuration to break the loop, disable problematic nodes, and maintain log flow through healthy nodes. **Docs Changes**: None required - uses existing `hard_timeout` configuration parameter. **Release Note**: Fix infinite loop in out_forward handshake protocol that could cause logs to stop being flushed in unstable network environments. Signed-off-by: Ian Driver <[email protected]> Co-authored-by: Ian Driver <[email protected]> Signed-off-by: Shizuo Fujita <[email protected]>
Watson1978
pushed a commit
that referenced
this pull request
Dec 5, 2025
…op (#5104) **Which issue(s) this PR fixes**: Fixes #4396 **What this PR does / why we need it**: Adds timeout mechanism to `establish_connection` method to prevent infinite loop when handshake protocol gets stuck. In unstable network environments with proxy components, if connection drops during handshake after TLS establishment, Fluentd gets stuck in infinite loop causing logs to stop being flushed. This fix uses existing `hard_timeout` configuration to break the loop, disable problematic nodes, and maintain log flow through healthy nodes. **Docs Changes**: None required - uses existing `hard_timeout` configuration parameter. **Release Note**: Fix infinite loop in out_forward handshake protocol that could cause logs to stop being flushed in unstable network environments. Signed-off-by: Ian Driver <[email protected]> Co-authored-by: Ian Driver <[email protected]> Signed-off-by: Shizuo Fujita <[email protected]>
Watson1978
pushed a commit
that referenced
this pull request
Dec 5, 2025
…op (#5104) **Which issue(s) this PR fixes**: Fixes #4396 **What this PR does / why we need it**: Adds timeout mechanism to `establish_connection` method to prevent infinite loop when handshake protocol gets stuck. In unstable network environments with proxy components, if connection drops during handshake after TLS establishment, Fluentd gets stuck in infinite loop causing logs to stop being flushed. This fix uses existing `hard_timeout` configuration to break the loop, disable problematic nodes, and maintain log flow through healthy nodes. **Docs Changes**: None required - uses existing `hard_timeout` configuration parameter. **Release Note**: Fix infinite loop in out_forward handshake protocol that could cause logs to stop being flushed in unstable network environments. Signed-off-by: Ian Driver <[email protected]> Co-authored-by: Ian Driver <[email protected]> Signed-off-by: Shizuo Fujita <[email protected]>
kenhys
pushed a commit
that referenced
this pull request
Dec 5, 2025
…event infinite loop (#5104) (#5137) Backport #5104 **Which issue(s) this PR fixes**: Fixes #4396 **What this PR does / why we need it**: Adds timeout mechanism to `establish_connection` method to prevent infinite loop when handshake protocol gets stuck. In unstable network environments with proxy components, if connection drops during handshake after TLS establishment, Fluentd gets stuck in infinite loop causing logs to stop being flushed. This fix uses existing `hard_timeout` configuration to break the loop, disable problematic nodes, and maintain log flow through healthy nodes. **Docs Changes**: None required - uses existing `hard_timeout` configuration parameter. **Release Note**: Fix infinite loop in out_forward handshake protocol that could cause logs to stop being flushed in unstable network environments. Signed-off-by: Ian Driver <[email protected]> Signed-off-by: Shizuo Fujita <[email protected]> Co-authored-by: Ian Driver <[email protected]> Co-authored-by: Ian Driver <[email protected]>
Watson1978
added a commit
to Watson1978/fluentd
that referenced
this pull request
Dec 8, 2025
…nnection to prevent infinite loop (fluent#5104) (fluent#5137)" This reverts commit 18fe509.
Watson1978
added a commit
to Watson1978/fluentd
that referenced
this pull request
Dec 8, 2025
…nnection to prevent infinite loop (fluent#5104) (fluent#5137)" This reverts commit 18fe509.
daipom
pushed a commit
that referenced
this pull request
Dec 9, 2025
…event infinite loop (#5104) (#5138) Backport #5104 **Which issue(s) this PR fixes**: Fixes #4396 **What this PR does / why we need it**: Adds timeout mechanism to `establish_connection` method to prevent infinite loop when handshake protocol gets stuck. In unstable network environments with proxy components, if connection drops during handshake after TLS establishment, Fluentd gets stuck in infinite loop causing logs to stop being flushed. This fix uses existing `hard_timeout` configuration to break the loop, disable problematic nodes, and maintain log flow through healthy nodes. **Docs Changes**: None required - uses existing `hard_timeout` configuration parameter. **Release Note**: Fix infinite loop in out_forward handshake protocol that could cause logs to stop being flushed in unstable network environments. <!-- Thank you for contributing to Fluentd! Your commits need to follow DCO: https://probot.github.io/apps/dco/ And please provide the following information to help us make the most of your pull request: --> Signed-off-by: Ian Driver <[email protected]> Signed-off-by: Shizuo Fujita <[email protected]> Co-authored-by: Ian Driver <[email protected]> Co-authored-by: Ian Driver <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Which issue(s) this PR fixes:
Fixes #4396
What this PR does / why we need it:
Adds timeout mechanism to
establish_connectionmethod to prevent infinite loop when handshake protocol gets stuck. In unstable network environments with proxy components, if connection drops during handshake after TLS establishment, Fluentd gets stuck in infinite loop causing logs to stop being flushed. This fix uses existinghard_timeoutconfiguration to break the loop, disable problematic nodes, and maintain log flow through healthy nodes.Docs Changes:
None required - uses existing
hard_timeoutconfiguration parameter.Release Note:
out_forward: fix issue where could cause output to stop when using
<security>and TLS setting together under unstable network environments