Bit of a strange one but I was wondering if anyone has encou

Question

Bit of a strange one but I was wondering if anyone has encountered this before I m running osquery 5 8 2 in my development environment Any assistance or pointers would be greatly appreciated smile If I run osquery with a set of `load` decorators for collecting metadata from the cloudy clouds AWS IMDS and Azure friends but these services are not accessible due to running on a local virtual machine during development I have all sorts of trouble with I O timeouts between osquery and my extension However If I remove the `ec2 instance metadata` decorator and re run the extension loads and works reliably I m a little at a loss as to why this may be but I have a feeling it may be something to do with the IMDSv2 implementation based on the error messages thread

Peter · Answer

I ve uploaded the ` verbose` logs when loading osquery via `osqueryi` and with the relevant `load` decorators enabled and then disable there are two log entries in this paste with the `load` directives listed just prior to each <https pastebin com LvsUe7bS>

seph · Answer

It s a It if a guess but parts of osquery are single threaded I wonder if the timing out in the coins stuff is causing osquery to drop thrift connection stuff and the socket ends up a mess

Peter · Answer

Thanks for the note I ll dig in to the code next week and see what I can find slightly smiling face