Author Topic: Prox 4.2 using 100% CPU  (Read 2622 times)

hpguru

  • Sr. Member
  • ****
  • Posts: 257
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • http://lightning.prohosting.com/~hpguru/
    • Email
Prox 4.2 using 100% CPU
« on: May 19, 2002, 07:03:31 PM »
Occasionally I find that Prox 4.2 is consuming nearly 100% CPU. When the problem first manifested I thought perhaps I had a filter that was producing an infinite regress but since that time I have completely rewritten my config. As far as I can tell there are no filters capable of producing an infinite regress.

When the bug manifests I can usually stop it by exiting and reopening Prox but sometimes I'll note that Prox remains in memory still consuming CPU cycles forcing me to terminate its process via Task Manager. This is a hit and miss solution as Prox will often begin using 100% CPU as soon as I open it again.
If it helps I've also noticed nothing is written to the log window while Prox is consuming CPU cycles.

When I was taking my MCSE course our MCT told us that if we observe a process continually consuming 100% CPU that it is a virus. If fact he added "I guarantee you you have a virus". That guy is a veritable almanac of everything *Microsoft* but I think he was wrong on this one. I've scanned my system with several scanners and I found no virii, trojans, worms or suspicious files. Besides that this bug has persisted through several incarnations of Win2k as I had to install and reinstall all the different flavors of Win2k quite frequently during the time I was taking the MCSE course.

Anyway I decided to backdown to v4.1 and thus far (two days) the bug hasn't manifested.

Any ideas?

 
Facing each other,
a thousand miles apart.

Jor

  • Sr. Member
  • ****
  • Posts: 421
    • ICQ Messenger - 10401286
    • AOL Instant Messenger - jor otf
    • Yahoo Instant Messenger - jor_otf
    • View Profile
    • http://members.outpost10f.com/~jor/
    • Email
Prox 4.2 using 100% CPU
« Reply #1 on: May 20, 2002, 02:14:41 AM »
Just a thought -- are you using winXP? I found adding a manifest file to Prox, is a horrible idea -- it leads to the 100% CPU usage bug on my system.

Edited by - Jor on 20 May 2002  03:16:44
 

hpguru

  • Sr. Member
  • ****
  • Posts: 257
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • http://lightning.prohosting.com/~hpguru/
    • Email
Prox 4.2 using 100% CPU
« Reply #2 on: May 20, 2002, 02:25:51 AM »
Nop. Win2k Pro SP2. No manifest file here.

 
Facing each other,
a thousand miles apart.

pooms

  • Jr. Member
  • **
  • Posts: 75
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • Email
Prox 4.2 using 100% CPU
« Reply #3 on: May 21, 2002, 06:21:25 PM »
I think I ran into the 100% cpu use with Prox 4.1, but never since I
installed 4.2. I'm running W2K Server SP2 on my laptop.

As for the comment that 100% cpu usage is always a virus, that's
silly. I've accidently written enough infinite-loop programs in
my time to know that it is certainly possible to trigger a
hidden infinite-loop bug in a program. I recently triggered an
100% cpu utilization problem between oracle database and
a java application server.

I also managed to trigger a 100% cpu utilization bug in Proxo
by a badly designed filter. I was playing with redirecting
GET requests for favicon.ico, which are triggered from MSIE
whenever you bookmark a site. Unfortunately I managed to
trigger an infinite loop between MSIE and Proxo by using
$JUMP!

 
 

Scott Lemmon

  • Full Member
  • ***
  • Posts: 103
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • http://proxomitron.cjb.net/
    • Email
Prox 4.2 using 100% CPU
« Reply #4 on: May 21, 2002, 08:33:38 PM »
There's a fairly rare DNS problem that can cause this sometimes. If this is the case it may even happen when Proxomitron is in bypass mode (which will rule out filter problems). It's usually caused when the DNS server for some hostname is down. For some reason the winsock name resolution function can sometimes go wacky and start eating up CPU waiting for a reply that'll never come. One symptom of this is the connection count will not return to zero as it should since the DNS lookup can't be aborted while in progress and takes awhile to time out. Other more general problems with your ISPs DNS server could possibly cause it too perhaps.

The only solution I know is to find the bad URL (often times some off-site counter image or such) then just block that host.



 
 

hpguru

  • Sr. Member
  • ****
  • Posts: 257
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • http://lightning.prohosting.com/~hpguru/
    • Email
Prox 4.2 using 100% CPU
« Reply #5 on: May 21, 2002, 10:28:14 PM »
Thanks for the input fellas. That gives me a few things to investigate.

Pooms, my MCT was referring to a controlled enterprise environment. Sure, as home users trying out a variety of different apps, we're going to run into some cpu hogs but in an enterprise computing environment (setup and administered according to Microsoft specifications) if you suddenly observe a known stable process begin eating up 100% cpu when none of your software has changed then one of the first things to investigate would in fact be the possibility of a viral infection. Even  though I don't think he was globally correct it still isn't bad advice.

Scott that makes sense about the dns problem and that may well prove to be a part of the problem but I have seen rare occasions where I can close my browser, kill Prox via Task Manager,  reopen Prox and it will immediately begin eating up cpu again. Doesn't matter which browser I'm using either, IE or Opera - same bahavior.

Anyway I'm going to continue with 4.1 long enough to determine that it doesn't have the same problem and then take another stab at the problem with 4.2.

 
Facing each other,
a thousand miles apart.

pooms

  • Jr. Member
  • **
  • Posts: 75
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • Email
Prox 4.2 using 100% CPU
« Reply #6 on: May 22, 2002, 01:59:42 AM »
Actually, I'm a developer of enterprise applications running Java on
Windows & Unix machines. So far I've never had a virus being the cause
of a problem like yours. But you're right, anyone administrating a
pure microsoft enterprise computing environment had better be prepared
to suspect viruses as a cause of unusual behaviour like that.

As for Scott's comments about active connections, I've always assumed
that the count should fall back to zero after some period of time, but
usually I've noticed that I have 2 active connections far after the
last http activity. I've never figured out why that is.




 
 

Scott Lemmon

  • Full Member
  • ***
  • Posts: 103
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • http://proxomitron.cjb.net/
    • Email
Prox 4.2 using 100% CPU
« Reply #7 on: May 22, 2002, 02:37:57 AM »
Normally the connections should go back down to zero.  Try opening the log window as soon as the program loads - perhaps there's some background application making requests.   Another thing to check regarding the CPU issue, is IE6 can get stuck making repeated requests to windows update - seems to be a flaw in its proxy handling. Again the log window's probably the easiest way to see if that's the case.

 
 

hpguru

  • Sr. Member
  • ****
  • Posts: 257
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • http://lightning.prohosting.com/~hpguru/
    • Email
Prox 4.2 using 100% CPU
« Reply #8 on: May 22, 2002, 07:15:40 AM »
Hi Scott,

Actually I was running Prox with the log window open at all times in hopes that when the bug manifested I'd have some useful info to help diagnose the problem. No strangeness there.

The only applications that have access to the proxy are my browsers. Everything else that might attempt to use it is blocked at the firewall so Prox never "hears" them. But when I considered the possibility of a virus I did check my seclog (I record process event audits) to see if something might have opened one of my browsers in a hidden window but the but the only entries recorded were for when *I* opened or closed them.

As for IE6 checking updates, I don't have it configured for that.

Oh there is one thing I left out - - which may or may not be linked to the cpu bug but it might help. I can make Proxo 4.2 hang under Win2k by clicking either the Abort button on the main dialog or the Kill Connections button on the Active Connections dialog when there are active connections. This *only* occurs if the log window is open. If it is closed Prox will kill the connections as expected. When it hangs with the log window open the Task Manager will indicate Prox as Not Responding and using nearly 100% cpu forcing me to kill its process. I have also noted intermittent hangs while using the Profiler in the web filter test dialog. Sometimes the Profiler will take a minute or two to return and sometimes it just never returns. Merely testing the same filter will return in milliseconds. Of course most of the time it works just fine and so I've never been able to figure out what precipitates the problem there.

Scott if you can come up with some tests I might perform to try and force the cpu bug to show itself or if there is any information I can provide you with that you think might help just let me know. Anything to help improve The Proxomitron!

 
Facing each other,
a thousand miles apart.