nf_conntrack: expectation table full and other log oddities

[randomName]

Yes they were still persistent for me as well on 384.15

They are unrelated to any wifi issues, use the Wireless log and the wlceventd messages in Syslog to help find the config that works the best for you, I have to run with just about everything disabled in wireless advanced to keep my old N devices happy, but still have a tablet that disconnects on the hour every hour so likely just the device itself.

#!/bin/sh
# increase nf_conntrack_expect_max
echo 352 > /proc/sys/net/netfilter/nf_conntrack_expect_max

logger -t conntrackscript "Value 352 written to nf_conntrack_expect_max, restarting conntrack"
sleep 2
service restart_conntrack

I've ventured back to trying Fullcone NAT. Does the permissions have to be 0755? Also I pretty much copied and pasted the script and saved to all files files in editor, is that correct?

Thanks!

 

[Striker317]

I've ventured back to trying Fullcone NAT. Does the permissions have to be 0755? Also I pretty much copied and pasted the script and saved to all files files in editor, is that correct?

Thanks!

I've ventured back to trying Fullcone NAT. Does the permissions have to be 0755? Also I pretty much copied and pasted the script and saved to all files files in editor, is that correct?

Thanks!

Correct. You will know if it worked if you see the 352 written into blah blah blah in your system log.

 

[Vexira]

I've ventured back to trying Fullcone NAT. Does the permissions have to be 0755? Also I pretty much copied and pasted the script and saved to all files files in editor, is that correct?

Thanks!

Yes it has to be inorder to execute the script.

 

[Vexira]

Ive been running 240 for quite awhile now and havent seen the messages reappear.

Next time you reflash, it might be worth connecting devices one by one to find out which one of your clients is causing the issue, it could be something misconfigured on a client that is causing the router to have such a large number of expected connections.

Either this issue doesnt affect many users (likely) or people arent posting about this issue, but it remains its a symptom of network configuration/devices and not a fault of the firmware per se

Good news after a factory reset 256 works perfectly with your script, I'm half thinking that my old installation was in need of a major clean up.

 

[Vexira]

I think as long as its an even integer anything will go in, being a multiple of 8 isnt a requirement



Send them a support message about it.

The one issue with the script is you are changing a value that is supposed to be calculated based on other nf_conntrack values for other things, for Asus to fix it they may have to adjust multiple other values to maintain the configuration properly.

i sent a message to jack about it awating a response.

 

[randomName]

i sent a message to jack about it awating a response.

tl:dr
Any update to: 'kernel: nf_conntrack: expectation table full' ?

 

[Vexira]

as from last message he forwarded it to the dev team.

 

[randomName]

as from last message he forwarded it to the dev team.

Cool.

Yeah I've been looking for the issue and haven't seen it.

I've been using:

#!/bin/sh
# increase nf_conntrack_expect_max
echo 256 > /proc/sys/net/netfilter/nf_conntrack_expect_max
service restart_conntrack

I might add in:

logger -t conntrackscript "Value 256 written to nf_conntrack_expect_max, restarting conntrack"
sleep 2
service restart_conntrack

One thing I am seeing and I'm unsure about is this:

Jun 12 08:04:40 custom_script: Running /jffs/scripts/nat-start
Jun 12 08:04:40 conntrackscript: Value 256 written to nf_conntrack_expect_max, restarting conntrack
Jun 12 08:04:40 custom_script: Running /jffs/scripts/firewall-start (args: eth0)
Jun 12 08:04:42 rc_service: service 2852:notify_rc restart_conntrack
Jun 12 08:04:42 custom_script: Running /jffs/scripts/service-event (args: restart conntrack)
Jun 12 08:04:42 modprobe: module nf_conntrack_proto_gre not found in modules.dep
Jun 12 08:04:42 modprobe: module nf_nat_proto_gre not found in modules.dep
Jun 12 08:04:42 modprobe: module nf_conntrack_pptp not found in modules.dep
Jun 12 08:04:42 modprobe: module nf_nat_pptp not found in modules.dep

Not sure what the modprobe is reporting


EDIT: So everytime a new device connects to the router the conntrack restarts?

 

[Vexira]

Cool.

Yeah I've been looking for the issue and haven't seen it.

I've been using:

#!/bin/sh
# increase nf_conntrack_expect_max
echo 256 > /proc/sys/net/netfilter/nf_conntrack_expect_max
service restart_conntrack

I might add in:

logger -t conntrackscript "Value 256 written to nf_conntrack_expect_max, restarting conntrack"
sleep 2
service restart_conntrack

One thing I am seeing and I'm unsure about is this:

Jun 12 08:04:40 custom_script: Running /jffs/scripts/nat-start
Jun 12 08:04:40 conntrackscript: Value 256 written to nf_conntrack_expect_max, restarting conntrack
Jun 12 08:04:40 custom_script: Running /jffs/scripts/firewall-start (args: eth0)
Jun 12 08:04:42 rc_service: service 2852:notify_rc restart_conntrack
Jun 12 08:04:42 custom_script: Running /jffs/scripts/service-event (args: restart conntrack)
Jun 12 08:04:42 modprobe: module nf_conntrack_proto_gre not found in modules.dep
Jun 12 08:04:42 modprobe: module nf_nat_proto_gre not found in modules.dep
Jun 12 08:04:42 modprobe: module nf_conntrack_pptp not found in modules.dep
Jun 12 08:04:42 modprobe: module nf_nat_pptp not found in modules.dep

Not sure what the modprobe is reporting


EDIT: So everytime a new device connects to the router the conntrack restarts?

i noticed that error after upgrading to alpha 1 of .19, apparently that error is not new do you have a flash drive connected by any chance?

[Release] Asuswrt-Merlin 384.14 (and 384.13_2) are now available

updated my 86u and no issues thus far. is it advisable to use AiProtect on a merlin firmware? You should experiment with AI protect on your side. Some of us prefer to just use Skynet and keep it off due to it using alot of resources in the router. But others have it running and have no...

www.snbforums.com

 

[randomName]

i noticed that error after upgrading to alpha 1 of .19, apparently that error is not new do you have a flash drive connected by any chance?

I do, attatched to USB 3.0 hub. I've disabled Wifi 2.4GHz.

As far as using Full Cone with this script I've going back to symmetric. I'm just not finding enough benefit with it.

 

[Vexira]

I do, attatched to USB 3.0 hub. I've disabled Wifi 2.4GHz.

As far as using Full Cone with this script I've going back to symmetric. I'm just not finding enough benefit with it.

Are you running it with a swap file by any chance?

 

[randomName]

Are you running it with a swap file by any chance?

It had a swap file for Skynet

 

[Vexira]

It had a swap file for Skynet

Ahh I see I had the error even after I removed my flash drive which I found odd.

 

[Lothsahn]

I put the script in place on my RT-AX3000, but restarting the conntrack service (service restart_conntrack) always resets /proc/sys/net/netfilter/nf_conntrack_expect_max to 150.

So at least on RT-AX3000 386.4_0, I expect this script does nothing. I am also getting the errors in dmesg.

That said, all the stability, out of memory issues, and wireless disconnects were solved by 386.4_0, so I highly recommend anyone having issues attempt upgrading. (9 days uptime, currently)

 

[tongerks]

reenablng firewall fix the issue for me.