Anybody familiar with coova chilli and/or network?

Hi guys,

I have a problem, We use coova-chilli 1.3.2 as a captive portal in our openwrt/lede routers (approx 700) and sometimes, chilli stop.

a lot of errors in a loop like

- dropping malformed DNS
- No message of desired type: fork() returned -1!
- Resource temporarily unavailable: could not read packet
- 11 net_read_eth(fd=2, len=65497, mtu=1500) == -1
- Authenticator 005AB44C05B68B0B82408C92FA6074F7(pkt) != 66D7AE705AC905B9F211EC9C3A80729E(calc)

I suspect infected devices. smartphone, labtop, tablet ... But i can make a mistake.

So my question is simple. How can i prevent that kind of flood ? dropping malformed DNS

Maybe simple iptables rules is enought.

Or maybe someone use an older version of coova like 1.3.0/1.3.1 and don't have this problems.

I saw last week a wrt1200ac with lede at 900 cpu load... with 600 chilli daemons at the same time... I didn't think that was possible... LOL

Using 1.3.1 on various device types, no problem.

Fork() failing kind of suggests that you are out of RAM.

1 Like

I'd look into trying to figure out what might be causing the problems. conntrack-tools and/or tcpdump would be my first steps. If you understand stream forwarding over ssh, I'd run wireshark on a "desktop" fed by the stream captured with tcpdump on your router. wireshark's ability to highlight malformed packets and unexpected packet sequences could be valuable.

you could also do this with port-forwarding on a switch.

Yeah, that was my idea. downgrade to 1.3.0 or 1.3.1. Thx for confirm that you don't have problems.

I don't think so... on wrt1200ac maybe, but we have X86 supermicro 8 cores 8Gb Ram and we have this problem too.

yeah, i tried with netstat, tcpdump, or conntrack. i already use conntrack but only for people "connected to internet" not for people blocked behind captive portal and i didn't see revelant problem.

I saw cloud shark package for openwrt. i already tried it in the past but when you have 400 peoples, analyze their traffic will be complicated :).

What do you mean ? could you explain a little ? thx

You might even downgrade to 1.3.0 or the last version originating by David, unless you need one of the newer features. As it is a piece of software, which dynamically grew up (read: was patched over the years), I am a bit skeptical about the newer maintainers, getting the patches correct in all places.
Less code, less probability for bugs :slight_smile:

yes i'm skeptical too... this bug seems to exist since 3 years, and mainteners simply don't answers...

do you know witch commit ref to point for 1.3.0 ? project was originally on svn, but since they migred to github, they only tagged since 1.3.1.3.

A managed switch can usually mirror traffic from certain ports to a monitoring port. If you want to see what traffic is causing this you can use this technique to packet capture on a desktop machine all the traffic coming to your chili install.

yeah, but we can't access easily to ours switches. We doesn't work in "local mode" we can manage them only by remote access. but it's one idea :wink:

1 Like

Update on "dropping malformed DNS": I checked my logs of multiple routers, and also found this error a few times. Which is strange, as a local dnsmasq is used, connected via openVPN to private DNS-server. However, it looks like a bad quality of WAN (3g/4g) seems to generate more of these errors. Using coova-chilli 1.3.1-svn

Checked my logs for this one: Not to be found.

Checked for this one, too: Very few.
My suspicion: This might be indication of temp. network issues, or overload.

"malformed DNS": I checked one log in more detail, regarding this issue. And I found, that chilli generates this warning immediately after same user-MAC receives an IP via chillis dhcp:
88-79-7E-xx-xx-xx, which should be a Motorola device.
So I suspect, that in my case, this issue is related to the users device DNS request, not chillis upstream DNS handling. A vpn-tunnel via DNS comes to my mind ...

Sun Aug 19 20:54:52 2018 local6.notice coova-chilli[2067]: chilli.c: 5027: Client MAC=88-79-7E-xx-xx-xx assigned IP 10.1.0.41
Sun Aug 19 20:54:59 2018 local6.warn coova-chilli[2067]: dhcp.c: 1787: dropping malformed DNS
Sun Aug 19 20:55:04 2018 local6.warn coova-chilli[2067]: dhcp.c: 1787: dropping malformed DNS
Sun Aug 19 21:06:09 2018 local6.info coova-chilli[2067]: chilli.c: 5522: DHCP Released MAC=88-79-7E-xx-xx-xx IP=10.1.0.41

Similar to be found several times.

I used to use coovachilli also also had issues with the more recent version on github, so ended up with the older 1.3.0 which worked mostly without issue but throughput is limited due to the way chili routes traffic through a tun/tap interface - it's a bit of a problem when the customers (hotels) are on fibre > 100mbits and allow their guests to stream Netflix etc... So I settled for wifidog instead as it uses layer 3 with iptables, I modified it over time with similar features to chilli like Mac auth and DHCP.