Big load (socat STDIO OPENSSL:api.turris.cz:5679)


#1

Zdravim / hello.
I see that my turris is getting a bit hot and have like load 77.

There is some top and ps -w outputs. It seems to stuck socat STDIO OPENSSL:api.turris.cz:5679,cafile=/etc/ssl/ucollect-server.pem … process, there were tons of them. Anyway Ive rebooted router because it starting to drop connections evey hour or so.

http://pastebin.com/zYFJtbs5
http://pastebin.com/iCzz2fqa


Spousta socat spojeni
#2

I’ve seen this problem before, but I’m pretty confident we released a fix for that already. Does it still happen after the reboot? If so, can you check if your automatic updates work as they should (eg. by running updater.sh and checking it doesn’t produce errors)?


#3

With all software up-to-date, I seem to have a similar problem, where two socat processes get spawned by ucollect. One is fine but the other one with args ending with ‘pf=ip6’ seem to peg an entire core all the time.

I do have IPv6 set up and running properly. Is there a way to troubleshoot IPv6 data collection somehow?


#4

I see the same problem as @mamash. After a reboot I have one socat process at 40-50% CPU, the other socat process looks normal. Killing the first one gets the load back to near zero again.


#5

i had same problem, it persisted after reboot, the updater worked fine. the solution was to turn off data collection / sending completely. no problem since then.


#6

I confirm the issue. I just updated and rebooted and we still have this problem :frowning: Killing the crazy socat process decreased the temperature by 10°


#7

I have this problem too… Omnia unboxed and updated 2016-11-02.


#8


#9

Uhm, well … NOT fixed.
Today again load 145. And tons of:

socat STDIO OPENSSL:api.turris.cz:5679,cafile=/etc/ssl/ucollect-server.pem,cipher=HIGH:!LOW:!MEDIUM:!SSLv2:!aNULL:!eNULL:!DES:!3DES:!AES128:!CAMELLIA128,method=TLS1.2,pf=ip6
socat STDIO OPENSSL:api.turris.cz:5679,cafile=/etc/ssl/ucollect-server.pem,cipher=HIGH:!LOW:!MEDIUM:!SSLv2:!aNULL:!eNULL:!DES:!3DES:!AES128:!CAMELLIA128,method=TLS1.2,pf=ip4


#10

It seems it was never formally reported as a bug against Turris Omnia (and I’m not sure the developers read this forum), so I filed an issue in the bug tracker https://gitlab.labs.nic.cz/turris/turris-os-packages/issues/10


#11

Comment from developer on this issue from gitlab:
"I believe we fixed this issue some time ago, but it seems we forgot to increase the version number ‒ so the new version didn’t get installed.
Can you try reinstalling socat, for example by:

opkg remove --force-depends socat
updater.sh

"


#12

I removed socat form LuCI and reinstall in SSH. This decreased the CPU temperature about 10°C, now is about 65°C.

But command is not same, now is: socat OPENSSL-LISTEN:6513,fork,method=TLS1.2,cert=/usr/share/nuci/tls/ca/nuci.cert,key=/usr/share/nuci/tls/ca/nuci.key,cafile=/usr/share/nuci/tls/ca/ca.cert,dhparam=/usr/share/nuci/tls/ca/dhparam.pem,reuseaddr,forever,pf=ip6,ipv6only=0 EXEC:/usr/bin/nuci


#13

Latest socat seems to have solved this for me :slight_smile:


#14

For me too, but now i see this commands:
socat STDIO OPENSSL:api.turris.cz:5679,cafile=/etc/ssl/ucollect-server.pem,cipher=HIGH:!LOW:!MEDIUM:!SSLv2:!aNULL:!eNULL:!DES:!3DES:!AES128:!CAMELLIA128,method=TLS1.2,pf=ip6

and this:

socat OPENSSL-LISTEN:6513,fork,method=TLS1.2,cert=/usr/share/nuci/tls/ca/nuci.cert,key=/usr/share/nuci/tls/ca/nuci.key,cafile=/usr/share/nuci/tls/ca/ca.cert,dhparam=/usr/share/nuci/tls/ca/dhparam.pem,reuseaddr,forever,pf=ip6,ipv6only=0 EXEC:/usr/bin/nuci

Have you same commands in processes?


#15

The first one is a connection of the uCollect (the thing to collect network analysis) to the server.

The second is part of the „Access tokens“ group of packages, which allows you to connect to the router programatically over netconf. Are you actually using something that needs it, or did you just checked all the options there?


#16

Thanks for reply. I know, that first one is for uCollect. I thought that was second replaced uCollect pf=ip4, when i manually reinstall socat, but it is for SPECTATOR.


closed #17