1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

nf_conntrack: expectation table full and other log oddities

Discussion in 'Asuswrt-Merlin' started by Maverickcdn, Mar 5, 2019.

  1. Maverickcdn

    Maverickcdn Occasional Visitor

    Mar 14, 2018
    I have serious issues with 5G clients dropping connection, especially when starting a streamed video. But havent correlated anything to conntrack_max issues myself. I notice it gets induced by my ethernet clients as much as my wifi ones.

    352 is just a random number I tried out in the beginning. You could likely try 1352 and not 'brick' anything. Just take a backup of your router settings before experimenting changing the conntrack_max.

    As I mentioned, other manufacturers vary wildly in their values.... Ive seen specs on some consumer Ubiquiti Edge routers that have their conntrack_max @ 4096

    Id recommend maybe trying to disconnect your torrent server and see if the messages persist, then from there you can confirm it is the culprit and adjust router values and torrent settings till you can suppress the messages

    For me, I only did this to have the logs cleaner, Ive never noticed any connection issues at default or my altered values.
  2. RamGuy

    RamGuy Senior Member

    Aug 6, 2008
    Okay, I will just try with larger values, changed my script to;

    # Purpose: Increase nf_conntrack_expect_max to maximum value
    # Author: RamGuy
    # ------------------------------------------------------------
    echo 4096 > /proc/sys/net/netfilter/nf_conntrack_expect_max
    echo 300000 > /proc/sys/net/netfilter/nf_conntrack_max
    echo 120 > /proc/sys/net/netfilter/nf_conntrack_generic_timeout
    echo 1800 > /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_established
    service restart_conntrack
  3. lilstone87

    lilstone87 Senior Member

    Dec 13, 2012
    Well since I added the AX88U as my main router last friday, my router log gets spammed filled with the these two errors.

    nf_conntrack: Expectation table full
    kernel: net_ratelimit: callbacks suppressed
    I wanted to use "WAN Aggregation" feature on my AX88U, however this issue becomes really bad when enabled. I was using a RT-AC3100 before, with my same home setup, and this wasn't an issue. So I don't know what kind of "Values" are set on it, but for me at least, it seemed to work fine on that router.

    So at this point... I'm honestly annoyed with this spam filling my router log, and I would love to change whatever is mentioned in this thread to settle this down. However I currently don't know how to go about doing this. To be honest, I would love to create a script if possible, and have this modified on boot. So if a router reboot is needed, this change will re-apply itself. So I'm all ears on trying to get something to work for myself, as it seems this will be an issue, till Asus decides this setting needs to be changed. Which we all know that might be awhile, if ever.
  4. lilstone87

    lilstone87 Senior Member

    Dec 13, 2012
    Well it has been almost 12 hours since I used the code @RamGuy posted above. No signs of any router related issue, and my router log has been clean of this error since I used the code he posted above. So I have zero clue as to why Asus would decide it's smart to lower this setting on a newer, and better overall router. But they did... as I didn't have this issue on my RT-AC3100 I used as my main router, before replacing it with the AX88U. Here's my router log since I applied the change close to 12 hours ago.

    May  9 23:40:50 dropbear[5625]: Exit (***): Exited normally
    May 10 02:45:02 dnsmasq-dhcp[1085]: DHCPREQUEST(br0) 
    May 10 02:45:02 dnsmasq-dhcp[1085]: DHCPACK(br0) 
    May 10 03:20:27 dnsmasq-dhcp[1085]: DHCPREQUEST(br0) 
    May 10 03:20:27 dnsmasq-dhcp[1085]: DHCPACK(br0)
    May 10 03:30:00 adaptive QOS: Scheduled Persistence Check -> No modifications necessary
    May 10 03:54:16 dnsmasq-dhcp[1085]: DHCPREQUEST(br0) 
    May 10 03:54:16 dnsmasq-dhcp[1085]: DHCPACK(br0) 
    May 10 04:12:04 dnsmasq-dhcp[1085]: DHCPREQUEST(br0) 
    May 10 04:12:04 dnsmasq-dhcp[1085]: DHCPACK(br0) 
    May 10 04:13:07 dnsmasq-dhcp[1085]: DHCPREQUEST(br0) 
    May 10 04:13:07 dnsmasq-dhcp[1085]: DHCPACK(br0) 
    May 10 04:22:13 dnsmasq-dhcp[1085]: DHCPREQUEST(br0) 
    May 10 04:22:13 dnsmasq-dhcp[1085]: DHCPACK(br0) 
    May 10 04:22:20 dnsmasq-dhcp[1085]: DHCPREQUEST(br0) 
    May 10 04:22:20 dnsmasq-dhcp[1085]: DHCPACK(br0) 
    May 10 04:38:58 dnsmasq-dhcp[1085]: DHCPREQUEST(br0) 
    May 10 04:38:58 dnsmasq-dhcp[1085]: DHCPACK(br0) 
    May 10 04:39:59 dnsmasq-dhcp[1085]: DHCPREQUEST(br0) 
    May 10 04:39:59 dnsmasq-dhcp[1085]: DHCPACK(br0) 
    May 10 06:56:25 dnsmasq-dhcp[1085]: DHCPDISCOVER(br0) 
    May 10 06:56:25 dnsmasq-dhcp[1085]: DHCPOFFER(br0)
    May 10 06:56:25 dnsmasq-dhcp[1085]: DHCPREQUEST(br0) 
    May 10 06:56:25 dnsmasq-dhcp[1085]: DHCPACK(br0) 
    May 10 07:29:01 dnsmasq-dhcp[1085]: DHCPREQUEST(br0) 
    May 10 07:29:01 dnsmasq-dhcp[1085]: DHCPACK(br0) 
    May 10 08:20:02 dnsmasq-dhcp[1085]: DHCPREQUEST(br0) 
    May 10 08:20:02 dnsmasq-dhcp[1085]: DHCPACK(br0) 
    May 10 11:06:48 dnsmasq-dhcp[1085]: DHCPREQUEST(br0) 
    May 10 11:06:48 dnsmasq-dhcp[1085]: DHCPACK(br0)
    Vexira likes this.
  5. Vexira

    Vexira Very Senior Member

    Jan 20, 2017
    Does the script still work or is it not worth using?
  6. Vexira

    Vexira Very Senior Member

    Jan 20, 2017
    So far the script is working I wonder if it fixed the htb errors form QoS.