Merge pull request #2637 from weaveworks/2636-DNSSnooper-race

Avoid race conditions in DNSSnooper's cached domains
weaveworks · Jun 23, 2017 · 40bb28a · 40bb28a
2 parents 7e3c8b8 + 4006040
commit 40bb28a
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/probe/endpoint/dns_snooper_linux_amd64.go b/probe/endpoint/dns_snooper_linux_amd64.go
@@ -5,6 +5,7 @@ import (
 	"encoding/binary"
 	"fmt"
 	"math"
+	"sync"
 	"time"
 
 	log "github.com/Sirupsen/logrus"
@@ -23,8 +24,10 @@ const (
 
 // DNSSnooper is a snopper of DNS queries
 type DNSSnooper struct {
-	stop                chan struct{}
-	pcapHandle          *pcap.Handle
+	stop       chan struct{}
+	pcapHandle *pcap.Handle
+	// gcache is goroutine-safe, but the cached values aren't
+	reverseDNSMutex     sync.RWMutex
 	reverseDNSCache     gcache.Cache
 	decodingErrorCounts map[string]uint64 // for limiting
 }
@@ -101,10 +104,11 @@ func (s *DNSSnooper) CachedNamesForIP(ip string) []string {
 	if err != nil {
 		return result
 	}
-
+	s.reverseDNSMutex.RLock()
 	for domain := range domains.(map[string]struct{}) {
 		result = append(result, domain)
 	}
+	s.reverseDNSMutex.RUnlock()
 
 	return result
 }
@@ -272,7 +276,9 @@ func (s *DNSSnooper) processDNSMessage(dns *layers.DNS) {
 			s.reverseDNSCache.Set(ip, map[string]struct{}{newDomain: {}})
 		} else {
 			// TODO: Be smarter about the expiration of entries with pre-existing associated domains
+			s.reverseDNSMutex.Lock()
 			existingDomains.(map[string]struct{})[newDomain] = struct{}{}
+			s.reverseDNSMutex.Unlock()
 		}
 	}
 }