Problem
15 L7 protocol parsers process raw network bytes from eBPF. The ClickHouse parser already has recover() for panics, suggesting other parsers are also vulnerable to panics on malformed packets.
A single panic in the event handler goroutine (registry.go handleEvents) takes down the entire agent — all containers on that node lose observability.
Fix
Two approaches (both should be done):
- Short-term: Wrap each protocol parser call in
recover() in the L7 event handler
- Long-term: Add fuzz tests (
testing.F) for every protocol parser. These parsers handle untrusted network data and must be crash-proof.
Protocols to fuzz: HTTP, HTTP2, Postgres, MySQL, Redis, Memcached, MongoDB, Kafka, Cassandra, RabbitMQ, NATS, DNS, ClickHouse, Zookeeper, FoundationDB, Dubbo2.
Impact
High — a single malformed packet can crash the entire node agent.
Problem
15 L7 protocol parsers process raw network bytes from eBPF. The ClickHouse parser already has
recover()for panics, suggesting other parsers are also vulnerable to panics on malformed packets.A single panic in the event handler goroutine (registry.go
handleEvents) takes down the entire agent — all containers on that node lose observability.Fix
Two approaches (both should be done):
recover()in the L7 event handlertesting.F) for every protocol parser. These parsers handle untrusted network data and must be crash-proof.Protocols to fuzz: HTTP, HTTP2, Postgres, MySQL, Redis, Memcached, MongoDB, Kafka, Cassandra, RabbitMQ, NATS, DNS, ClickHouse, Zookeeper, FoundationDB, Dubbo2.
Impact
High — a single malformed packet can crash the entire node agent.