Open irongomme opened 6 years ago
I've probably found one working solution. With some unauthenticated devices, we have a lot opened tcp connections on port 3990. In real life, people have some app (facebook, instagram, twitter, etc...) which lives in background, doing hundred and hundred of requests. I think this make a bottleneck in chilli input. So I've added a new iptables rules to limit parrallel connections on port 3990 :
iptables -I INPUT -i tun11 -d 192.168.180.1 -p tcp --syn --dport 3990 -m connlimit --connlimit-above 5 -j REJECT
For now there is a positive result ! I will wait to see if we can rely on it.
I'm facing an issue, but I don't really undestand how it triggers ... Sometimes, there are hundred of chilli subprocess, and some of them have some subprocess too. It results on unavailabity of chilli service for several minutes, and sometimes a crash of the router.
Here is some chilli smaples logs when it happens :
Has someone an explaination to this behavior ?