Solved Weird bug with executing nat start scripts

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Vexira

Part of the Furniture
i was trying to banish the kernel: nf_conntrack: expectation table full, which appeared again out of nowhere despite me using the nf Contrack scripts of Maverickcdn and RamGuy.
the issue I've discovered is that for some reason the nat start script did not work when executed via SH, using the command cat /proc/sys/net/netfilter/nf_conntrack_expect_max yielded the default result of 150 on my AX88U, even though the log stated it was waiting for nat start to finish, so i decided to reboot, upon the completion of reboot it worked, but then instantly on subsequent runs of cat /proc/sys/net/netfilter/nf_conntrack_expect_max the value had reverted from the experimental value of 750 i set back to 150 the original value, which brings me to the concern that the ntp merlin scripts re direction feature may not be working exactly or the issue only affects the contrack scripts execution.
 

ColinTaylor

Part of the Furniture
Post your complete nat-start script. Without seeing it we can't help you.
 

Vexira

Part of the Furniture
#!/bin/sh
# increase nf_conntrack_expect_max
echo 750 > /proc/sys/net/netfilter/nf_conntrack_expect_max

logger -t conntrackscript "Value 750 written to nf_conntrack_expect_max, restarting conntrack"
sleep 2
service restart_conntrack

/jffs/scripts/ntpmerlin ntpredirect # ntpMerlin
 

dave14305

Part of the Furniture
There is an nvram variable ct_expect_max that sets that during a conntrack restart. Never used it, but mine is set to 150.
 

ColinTaylor

Part of the Furniture
My guess is that the first time that code is run the variable doesn't exist so it creates it using the current kernel value. Subsequent runs of setup_conntrack use the nvram value.

So the solution to @Vexira's problem would appear to be to replace
echo 750 > /proc/sys/net/netfilter/nf_conntrack_expect_max
with
nvram set ct_expect_max=750

Note that this only applies to non-HND routers. See post #7.
 
Last edited:

Vexira

Part of the Furniture
My guess is that the first time that code is run the variable doesn't exist so it creates it using the current kernel value. Subsequent runs of setup_conntrack use the nvram value.

So the solution to @Vexira's problem would appear to be to replace
echo 750 > /proc/sys/net/netfilter/nf_conntrack_expect_max
with
nvram set ct_expect_max=750

Note that this only applies to non-HND routers.
it works both you and @dave14305 are absolutely brilliant its now sticking 750 actually sticks, thank you guys so much i deeply appreciate it.

The modified script as follows:

#!/bin/sh
# increase nf_conntrack_expect_max
nvram set ct_expect_max=750

logger -t conntrackscript "Value 750 written to nf_conntrack_expect_max, restarting conntrack"
sleep 2
service restart_conntrack
 

Vexira

Part of the Furniture
[email protected]:/tmp/home/root# cat /proc/sys/net/netfilter/nf_conntrack_expect_max
750
[email protected]:/tmp/home/root# cat /proc/sys/net/netfilter/nf_conntrack_expect_max
750
[email protected]:/tmp/home/root# cat /proc/sys/net/netfilter/nf_conntrack_expect_max
750
[email protected]:/tmp/home/root# cat /proc/sys/net/netfilter/nf_conntrack_expect_max
750

that's after a reboot to its holding well now.
 

dave14305

Part of the Furniture
I would think you only need to set nvram once outside the script.
Code:
nvram set ct_expect_max=750
nvram commit
 

RMerlin

Asuswrt-Merlin dev
This has already been addressed upstream by Asus.
 

Xrsenal

Regular Contributor
This has already been addressed upstream by Asus.
Hey Merlin thanks for replying. I have about 372/300000 - 100 active ;

Would that have triggered the conntrack syslog issue? Everytime I fac reset the FW, gameplay feels great ; Then after a an hour or so, I get those conntrack syslog failures then the game feels like crap... Is it dropped packets or full NAT Table?

I apologize for the random questions ; I did follow the steps above for increasing it to the 750.

Also, could you possibly explain the coding behind the "gaming port"

Others says it doesn't do anything but that's 100% false, Ive done numerous tests and it definitely does something. Exactly what type of qos does it us?
 

Xrsenal

Regular Contributor
and for the conntrack -L result = 21 expectations and for the other conntack -E command, its an endless cycle of connections so idk
 

Xrsenal

Regular Contributor
My log is filled w this?

Should i be concerned or is this normal
 

Attachments

  • 1626127827425.png
    1626127827425.png
    616.5 KB · Views: 21

RMerlin

Asuswrt-Merlin dev
Hey Merlin thanks for replying. I have about 372/300000 - 100 active ;
Tracked connections does not necessarily match the content of the expect table. I don't know the difference, you will have to do some research on it.

Also, could you possibly explain the coding behind the "gaming port"
No idea what it does, sounds like marketing smoke to me.
 

Vexira

Part of the Furniture
The gaming port is probably the 2.5gb port with QoS priority
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top