starred/Cloak
1
0
Fork 0
mirror of https://github.com/cbeuw/Cloak.git synced 2026-04-25 20:45:59 +03:00
Code Issues 144 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #77] Memory hog / crash after receiving a real https request #68

New issue
Closed
opened 2026-02-26 12:33:53 +03:00 by kerem · 1 comment
kerem commented 2026-02-26 12:33:53 +03:00
Owner
Copy link

Originally created by @yatli on GitHub (Nov 24, 2019).
Original GitHub issue: https://github.com/cbeuw/Cloak/issues/77

I'm running cloak as a shadowsocks plugin.
A few ck-server instances are spawned on startup, each taking a gentle amount of memory. However after a while, all these ck-server instances blow up eating hundreds of megs, and then die.

A screenshot of dying instances:
image

Here are a few warnings at the end of the SS log:

● shadowsocks-libev.service - Shadowsocks-libev Default Server Service
   Loaded: loaded (/lib/systemd/system/shadowsocks-libev.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Sun 2019-11-24 17:25:19 UTC; 59s ago
     Docs: man:shadowsocks-libev(8)
  Process: 2254 ExecStart=/usr/bin/ss-server -c $CONFFILE $DAEMON_ARGS (code=exited, status=0/SUCCESS)
 Main PID: 2254 (code=exited, status=0/SUCCESS)

Nov 24 17:25:05 __server_name__ ss-server[2254]: time="2019-11-24T17:25:05Z" level=warning msg="unreconised protocol" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:41544" sessionId=0
Nov 24 17:25:05 __server_name__ ss-server[2254]: time="2019-11-24T17:25:05Z" level=warning msg="unreconised protocol" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:41546" sessionId=0
Nov 24 17:25:05 __server_name__ ss-server[2254]: time="2019-11-24T17:25:05Z" level=warning msg="unreconised protocol" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:41548" sessionId=0
Nov 24 17:25:05 __server_name__ ss-server[2254]: time="2019-11-24T17:25:05Z" level=warning msg="unreconised protocol" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:41550" sessionId=0
Nov 24 17:25:05 __server_name__ ss-server[2254]: time="2019-11-24T17:25:05Z" level=warning msg="unreconised protocol" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:41552" sessionId=0
Nov 24 17:25:05 __server_name__ ss-server[2254]: time="2019-11-24T17:25:05Z" level=warning msg="unreconised protocol" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:41554" sessionId=0
Nov 24 17:25:05 __server_name__ ss-server[2254]: time="2019-11-24T17:25:05Z" level=warning msg="unreconised protocol" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:41556" sessionId=0
Nov 24 17:25:05 __server_name__ ss-server[2254]: time="2019-11-24T17:25:05Z" level=warning msg="unreconised protocol" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:41558" sessionId=0
Nov 24 17:25:05 __server_name__ ss-server[2254]: time="2019-11-24T17:25:05Z" level=warning msg="unreconised protocol" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:41560" sessionId=0
Nov 24 17:25:05 __server_name__ ss-server[2254]: time="2019-11-24T17:25:05Z" level=warning msg="unreconised protocol" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:41562" sessionId=0

This typically means some scanner has been trying to reach the port thinking it's https, but ck-server doesn't like those requests.

To repro, open up a browser, navigate to https://__server__.com and see how the ck-server instances crash.

Originally created by @yatli on GitHub (Nov 24, 2019). Original GitHub issue: https://github.com/cbeuw/Cloak/issues/77 I'm running cloak as a shadowsocks plugin. A few ck-server instances are spawned on startup, each taking a gentle amount of memory. However after a while, all these ck-server instances blow up eating hundreds of megs, and then die. A screenshot of dying instances: ![image](https://user-images.githubusercontent.com/20684720/69498390-8f8e6500-0f22-11ea-8465-8c8165ca1831.png) Here are a few warnings at the end of the SS log: ``` ● shadowsocks-libev.service - Shadowsocks-libev Default Server Service Loaded: loaded (/lib/systemd/system/shadowsocks-libev.service; enabled; vendor preset: enabled) Active: inactive (dead) since Sun 2019-11-24 17:25:19 UTC; 59s ago Docs: man:shadowsocks-libev(8) Process: 2254 ExecStart=/usr/bin/ss-server -c $CONFFILE $DAEMON_ARGS (code=exited, status=0/SUCCESS) Main PID: 2254 (code=exited, status=0/SUCCESS) Nov 24 17:25:05 __server_name__ ss-server[2254]: time="2019-11-24T17:25:05Z" level=warning msg="unreconised protocol" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:41544" sessionId=0 Nov 24 17:25:05 __server_name__ ss-server[2254]: time="2019-11-24T17:25:05Z" level=warning msg="unreconised protocol" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:41546" sessionId=0 Nov 24 17:25:05 __server_name__ ss-server[2254]: time="2019-11-24T17:25:05Z" level=warning msg="unreconised protocol" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:41548" sessionId=0 Nov 24 17:25:05 __server_name__ ss-server[2254]: time="2019-11-24T17:25:05Z" level=warning msg="unreconised protocol" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:41550" sessionId=0 Nov 24 17:25:05 __server_name__ ss-server[2254]: time="2019-11-24T17:25:05Z" level=warning msg="unreconised protocol" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:41552" sessionId=0 Nov 24 17:25:05 __server_name__ ss-server[2254]: time="2019-11-24T17:25:05Z" level=warning msg="unreconised protocol" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:41554" sessionId=0 Nov 24 17:25:05 __server_name__ ss-server[2254]: time="2019-11-24T17:25:05Z" level=warning msg="unreconised protocol" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:41556" sessionId=0 Nov 24 17:25:05 __server_name__ ss-server[2254]: time="2019-11-24T17:25:05Z" level=warning msg="unreconised protocol" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:41558" sessionId=0 Nov 24 17:25:05 __server_name__ ss-server[2254]: time="2019-11-24T17:25:05Z" level=warning msg="unreconised protocol" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:41560" sessionId=0 Nov 24 17:25:05 __server_name__ ss-server[2254]: time="2019-11-24T17:25:05Z" level=warning msg="unreconised protocol" UID= encryptionMethod=0 proxyMethod= remoteAddr="127.0.0.1:41562" sessionId=0 ``` This typically means some scanner has been trying to reach the port thinking it's https, but `ck-server` doesn't like those requests. To repro, open up a browser, navigate to `https://__server__.com` and see how the `ck-server` instances crash.
kerem closed this issue 2026-02-26 12:33:53 +03:00
kerem commented 2026-02-26 12:33:53 +03:00
Author
Owner
Copy link

@yatli commented on GitHub (Nov 24, 2019):

Meh, I did not set up a redir server.

<!-- gh-comment-id:557910907 --> @yatli commented on GitHub (Nov 24, 2019): Meh, I did not set up a redir server.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
renovate/go-github.com-refraction-networking-utls-vulnerability
dependabot/go_modules/golang.org/x/crypto-0.45.0
utls-1.7.0
deps-20250430
padding
docker-tests
ptspec
legacy-v1
v2.12.0
v2.11.0
v2.10.0
v2.9.0
v2.8.0
v2.7.1-pre
v2.7.0
v2.6.1
v2.6.0
v2.5.5
v2.5.4
v2.5.3
v2.5.2
v2.5.1
v2.5.0
v2.4.1
v2.4.0
v2.3.2
v2.3.1
v2.3.0
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.3
v2.1.2
v2.1.1
v2.1.0
v2.0.2
v2.0.1
v2.0.0
v1.1.2
v1.1.1
v1.1.0
v1.0.0
v0.2.0
v0.1.0
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/Cloak#68
No description provided.