Zombie processes after adding VLAN.



  • I recently added a VLAN to handle our public Wireless network. After adding the VLAN, adding the outbound NAT rule, and setting up DHCP on the vlaned interface CPU utilization soared to 100% i SSHd into the box and saw that all the CPU is taken up by a handful of zombie processes and the Syslog process.

    
    USER     PID %CPU %MEM   VSZ   RSS  TT  STAT STARTED      TIME COMMAND
    root   36583 85.7  0.4  1440  1032  ??  Rs   Tue09AM 3588:45.05 /usr/sbin/syslogd -ss -f /var/etc/syslog.conf
    root   19455 56.9  0.0     0     0  ??  ZN   10:43AM   0:01.30 <defunct>root   29377 42.0  0.0     0     0  ??  ZN   11:09AM   0:01.02 <defunct>root   91036 28.0  0.0     0     0  ??  ZN    4:27AM   0:00.54 <defunct>root   31321 23.0  0.0     0     0  ??  ZN   11:15AM   0:00.88 <defunct>root   31576 12.4  8.4 23852 21140  ??  DN   11:17AM   0:00.87 /usr/local/bin/php /etc/rc.filter_configure_sync
    root   69561  3.4  7.1 19292 17872  ??  S    10:22PM   0:14.23 /usr/local/bin/php</defunct></defunct></defunct></defunct> 
    

    Everything else is working fine except for the new VLAN which is really unresponsive, sometimes DHCP will bless me with an IP and sometimes i can even NAT out to the internet. most of the time i get nothing.

    Is it safe to kill the zombie processes, anyway to see why syslog is taking up all my CPU? All the logs aren't showing more traffic than normal.

    I really want to avoid a reboot.



  • looks like the zombies were all from bandwidthd, uninstalled and they all went away. looks like syslog is my problem now, and in particular the IPSEC log is really getting hammered.

    
    Nov 4 14:02:54 	racoon: INFO: fe80::21b:21ff:fe08:3e9c%em0[500] used as isakmp port (fd=21)
    Nov 4 14:02:54 	racoon: [Self]: INFO: 66.193.100.234[500] used as isakmp port (fd=20)
    Nov 4 14:02:54 	racoon: INFO: fe80::21b:21ff:fe08:3e9d%em1[500] used as isakmp port (fd=19)
    Nov 4 14:02:54 	racoon: INFO: fe80::203:47ff:fe40:2bb1%fxp0[500] used as isakmp port (fd=18)
    Nov 4 14:02:54 	racoon: [Self]: INFO: 192.168.1.1[500] used as isakmp port (fd=17)
    Nov 4 14:02:54 	racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=16)
    Nov 4 14:02:54 	racoon: INFO: ::1[500] used as isakmp port (fd=15)
    Nov 4 14:02:54 	racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=14)
    Nov 4 14:02:54 	racoon: INFO: fe80::21b:21ff:fe08:3e9c%vlan0[500] used as isakmp port (fd=13)
    Nov 4 14:02:54 	racoon: [Self]: INFO: 10.10.0.1[500] used as isakmp port (fd=12)
    Nov 4 14:02:54 	racoon: INFO: fe80::21b:21ff:fe08:3e9c%em0[500] used as isakmp port (fd=21)
    Nov 4 14:02:54 	racoon: [Self]: INFO: 66.193.100.234[500] used as isakmp port (fd=20)
    Nov 4 14:02:54 	racoon: INFO: fe80::21b:21ff:fe08:3e9d%em1[500] used as isakmp port (fd=19)
    Nov 4 14:02:54 	racoon: INFO: fe80::203:47ff:fe40:2bb1%fxp0[500] used as isakmp port (fd=18)
    Nov 4 14:02:54 	racoon: [Self]: INFO: 192.168.1.1[500] used as isakmp port (fd=17)
    Nov 4 14:02:54 	racoon: [Self]: INFO: 127.0.0.1[500] used as isakmp port (fd=16)
    Nov 4 14:02:54 	racoon: INFO: ::1[500] used as isakmp port (fd=15)
    Nov 4 14:02:54 	racoon: INFO: fe80::1%lo0[500] used as isakmp port (fd=14)
    Nov 4 14:02:54 	racoon: INFO: fe80::21b:21ff:fe08:3e9c%vlan0[500] used as isakmp port (fd=13)
    Nov 4 14:02:54 	racoon: [Self]: INFO: 10.10.0.1[500] used as isakmp port (fd=12)
    Nov 4 14:02:54 	racoon: INFO: fe80::21b:21ff:fe08:3e9c%em0[500] used as isakmp port (fd=21)
    Nov 4 14:02:54 	racoon: [Self]: INFO: 66.193.100.234[500] used as isakmp port (fd=20)
    Nov 4 14:02:54 	racoon: INFO: fe80::21b:21ff:fe08:3e9d%em1[500] used as isakmp port (fd=19)
    Nov 4 14:02:54 	racoon: INFO: fe80::203:47ff:fe40:2bb1%fxp0[500] used as isakmp port (fd=18)
    
    

    Do i need to force racoon to only use one interface? kind of at a loss now.


Log in to reply