[Chilli] High CPU load

Tue Aug 31 07:11:15 UTC 2010

Sorry, I've just realised that I was replying directly to Henk :)

On 31/08/2010 08:51, Andrés Guerrero Doblado wrote:
>
> I have just suffered the problem again for some minutes: chilli takes 
> 100% of CPU for more than 5 minutes
>
> redir.c: 3124: 0 (Debug) Calling redir_getstate()
> redir.c: 3150: 0 (Debug) Receiving HTTP Request
> redir.c: 2119: 0 (Debug) Didn't see end of headers, continue...
> redir.c: 3194: 0 (Debug) Continue...
> redir.c: 3124: 0 (Debug) Calling redir_getstate()
> redir.c: 3150: 0 (Debug) Receiving HTTP Request
> redir.c: 2119: 0 (Debug) Didn't see end of headers, continue...
> redir.c: 3194: 0 (Debug) Continue...
> redir.c: 3124: 0 (Debug) Calling redir_getstate()
> redir.c: 3150: 0 (Debug) Receiving HTTP Request
> redir.c: 2119: 0 (Debug) Didn't see end of headers, continue...
> redir.c: 3194: 0 (Debug) Continue...
> main-redir.c: 533: 0 (Debug) #1 (20) 3553 connection from 10.0.193.11 
> 49192
> main-redir.c: 533: 0 (Debug) #2 (21) 3553 connection from 10.0.193.11 
> 49193
> main-redir.c: 533: 0 (Debug) #3 (22) 3553 connection from 10.0.193.11 
> 49194
> main-redir.c: 533: 0 (Debug) #4 (23) 3553 connection from 10.0.193.11 
> 49195
> main-redir.c: 533: 0 (Debug) #5 (24) 3553 connection from 10.0.193.11 
> 49196
> main-redir.c: 533: 0 (Debug) #6 (25) 3553 connection from 10.0.193.11 
> 49197
> main-redir.c: 533: 0 (Debug) #7 (26) 3553 connection from 10.0.193.11 
> 49198
> main-redir.c: 533: 0 (Debug) #8 (27) 3568 connection from 10.0.193.11 
> 49213
> main-redir.c: 533: 0 (Debug) #9 (28) 3568 connection from 10.0.193.11 
> 49214
> main-redir.c: 533: 0 (Debug) #10 (29) 3568 connection from 10.0.193.11 
> 49215
> main-redir.c: 533: 0 (Debug) #11 (30) 3568 connection from 10.0.193.11 
> 49216
> main-redir.c: 533: 0 (Debug) #12 (31) 3568 connection from 10.0.193.11 
> 49217
> main-redir.c: 533: 0 (Debug) #13 (32) 3568 connection from 10.0.193.11 
> 49218
> main-redir.c: 533: 0 (Debug) #14 (33) 3568 connection from 10.0.193.11 
> 49219
> main-redir.c: 533: 0 (Debug) #15 (34) 3583 connection from 10.0.193.11 
> 49235
> main-redir.c: 533: 0 (Debug) #16 (35) 3583 connection from 10.0.193.11 
> 49236
> main-redir.c: 533: 0 (Debug) #17 (36) 3584 connection from 10.0.193.11 
> 49237
> main-redir.c: 533: 0 (Debug) #18 (37) 3584 connection from 10.0.193.11 
> 49238
> main-redir.c: 533: 0 (Debug) #19 (38) 3584 connection from 10.0.193.11 
> 49239
> main-redir.c: 533: 0 (Debug) #20 (39) 3584 connection from 10.0.193.11 
> 49240
> main-redir.c: 533: 0 (Debug) #21 (40) 3584 connection from 10.0.193.11 
> 49241
>
> If I run a chilli_query list:
>
> [root at s-jrcsvqwi031p log]# chilli_query list
> 00-50-56-97-7B-BF 0.0.0.0 none 4c7ca3bd00000008 0 - 0/0 0/0 0/0 0/0 0 
> 0 0/0 0/0 -
> F8-1E-DF-DF-47-55 10.0.193.11 dnat 4c7ca31d00000001 0 - 0/0 0/0 0/0 
> 0/0 0 0 0/0 0/0 http://conn.skype.com/
> 00-1F-3C-01-40-4A 10.0.193.10 dnat 4c7ca1d000000003 0 - 0/0 0/0 0/0 
> 0/0 0 0 0/0 0/0 
> http://cr-tools.clients.google.com/service/check2?appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.2.183.23&applang=&machine=1&version=1.2.183.23&osversion=5.1&servicepack=Service%20Pack%203
> 00-22-55-42-6D-92 10.0.193.7 dnat 4c7c980900000007 0 - 0/0 0/0 0/0 0/0 
> 0 0 0/0 0/0 -
> 00-16-47-EA-37-A3 10.0.193.6 dnat 4c7c980800000006 0 - 0/0 0/0 0/0 0/0 
> 0 0 0/0 0/0 -
> 00-16-47-EA-37-98 10.0.193.5 dnat 4c7c980700000005 0 - 0/0 0/0 0/0 0/0 
> 0 0 0/0 0/0 -
> 00-16-47-EA-32-D1 10.0.193.4 dnat 4c7c980600000004 0 - 0/0 0/0 0/0 0/0 
> 0 0 0/0 0/0 -
> 00-16-47-EA-36-7E 10.0.193.3 dnat 4c7c969700000002 0 - 0/0 0/0 0/0 0/0 
> 0 0 0/0 0/0 -
>
> I've identified the machine F8-1E-DF-DF-47-55 and it's a Apple 
> machine. The software that seems to cause the problem is not a virus, 
> it seems to be Skype, so I think that trying to identify the client 
> and block the mac is not the solution.
>
> The users are redirected to the Apache webserver installed locally. 
> The AAA server is also local to this machine.
>
> On 31/08/2010 08:37, Henk Kleynhans wrote:
>> Could well be.
>>
>> Do a chilli_query list and see if you can find out more about the IP
>> 10.0.193.37
>>
>> If you're getting so many redirs, it's probably not authenticated, but
>> is connected. A virus could easily cause many redir requests.
>>
>> You should be able to block the client based on their mac address (can
>> be seen with chilli_query list)
>>
>> Also, where do you attempt to redir the client to? If you find this is
>> a common problem (which it will be if you have a large network), you
>> can redirect clients to a page on the router itself, then from there,
>> do a javascript redirection to your AAA server. In that way, you will
>> also be able to prevent thousands of attempted page loads being called
>> from your server (that will in any case get dumped once they get to
>> the router). It _might_ also reduce the load on your router (assuming
>> that trying to redirect to the server is to blame here)
>>
>> Henk
>>
>> 2010/8/31 Andrés Guerrero Doblado<andres at meigal.com>:
>>> Yes Henk. The problem occurs on "live". In fact, it only happens once is
>>> live. I think that the problem can be related with an infected machine
>>> connected to the network, because it was working last weekend perfectly, but
>>> yesterday at 9.30am (monday morning) the problem appears again.
>>>
>>>
>>> On 30/08/2010 23:06, Henk Kleynhans wrote:
>>>
>>> Hi Andres,
>>>
>>> Is this on "live" installation?
>>>
>>> Chilli sometimes misbehaves if your router isn't connected to a gateway.
>>>
>>> Henk
>>>
>>> 2010/8/30 Andrés Guerrero Doblado<andres at meigal.com>:
>>>
>>> Hi all,
>>>
>>> I've just migrated from Chillispot to CoovaChilli and I have a lot of
>>> problems with CPU load. It seems that from time to time, the chilli
>>> processes take all the CPU available.
>>> I'm using CoovaChilli 1.2.4. If I run it in debug mode, thousands of lines
>>> like these appear in the log:
>>>
>>> main-redir.c: 533: 0 (Debug) #23 (31) 264987 connection from 10.0.193.37
>>> 51844
>>> main-redir.c: 533: 0 (Debug) #24 (37) 264938 connection from 10.0.193.37
>>> 51778
>>> main-redir.c: 533: 0 (Debug) #25 (39) 264941 connection from 10.0.193.37
>>> 51781
>>> main-redir.c: 533: 0 (Debug) #26 (40) 264953 connection from 10.0.193.37
>>> 51799
>>> main-redir.c: 533: 0 (Debug) #27 (18) 264956 connection from 10.0.193.37
>>> 51802
>>> main-redir.c: 533: 0 (Debug) #28 (41) 264964 connection from 10.0.193.37
>>> 51811
>>> redir.c: 3124: 0 (Debug) Calling redir_getstate()
>>> redir.c: 3150: 0 (Debug) Receiving HTTP Request
>>> redir.c: 2119: 0 (Debug) Didn't see end of headers, continue...
>>> redir.c: 3194: 0 (Debug) Continue...
>>> redir.c: 3124: 0 (Debug) Calling redir_getstate()
>>> redir.c: 3150: 0 (Debug) Receiving HTTP Request
>>> redir.c: 2119: 0 (Debug) Didn't see end of headers, continue...
>>> redir.c: 3194: 0 (Debug) Continue...
>>> redir.c: 3124: 0 (Debug) Calling redir_getstate()
>>> redir.c: 3150: 0 (Debug) Receiving HTTP Request
>>> redir.c: 2119: 0 (Debug) Didn't see end of headers, continue...
>>> redir.c: 3194: 0 (Debug) Continue...
>>> redir.c: 3124: 0 (Debug) Calling redir_getstate()
>>> redir.c: 3150: 0 (Debug) Receiving HTTP Request
>>> redir.c: 2119: 0 (Debug) Didn't see end of headers, continue...
>>> redir.c: 3194: 0 (Debug) Continue...
>>> redir.c: 3124: 0 (Debug) Calling redir_getstate()
>>> redir.c: 3150: 0 (Debug) Receiving HTTP Request
>>> redir.c: 2119: 0 (Debug) Didn't see end of headers, continue...
>>> redir.c: 3194: 0 (Debug) Continue...
>>>
>>> Any clue?
>>>
>>>
>>> --
>>> Andrés Guerrero Doblado
>>> andres at meigal.com
>>>
>>> _______________________________________________
>>> Chilli mailing list
>>> Chilli at coova.org
>>> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>>>
>>>
>>>
>>>
>>>
>>> --
>>> Andrés Guerrero Doblado
>>> andres at meigal.com
>>
>
> -- 
> Andrés Guerrero Doblado
> andres at meigal.com

-- 
Andrés Guerrero Doblado
andres at meigal.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20100831/19e3c48f/attachment.htm>