What's new

Solved Weird bug with executing nat start scripts

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Vexira

Part of the Furniture
i was trying to banish the kernel: nf_conntrack: expectation table full, which appeared again out of nowhere despite me using the nf Contrack scripts of Maverickcdn and RamGuy.
the issue I've discovered is that for some reason the nat start script did not work when executed via SH, using the command cat /proc/sys/net/netfilter/nf_conntrack_expect_max yielded the default result of 150 on my AX88U, even though the log stated it was waiting for nat start to finish, so i decided to reboot, upon the completion of reboot it worked, but then instantly on subsequent runs of cat /proc/sys/net/netfilter/nf_conntrack_expect_max the value had reverted from the experimental value of 750 i set back to 150 the original value, which brings me to the concern that the ntp merlin scripts re direction feature may not be working exactly or the issue only affects the contrack scripts execution.
 
#!/bin/sh
# increase nf_conntrack_expect_max
echo 750 > /proc/sys/net/netfilter/nf_conntrack_expect_max

logger -t conntrackscript "Value 750 written to nf_conntrack_expect_max, restarting conntrack"
sleep 2
service restart_conntrack

/jffs/scripts/ntpmerlin ntpredirect # ntpMerlin
 
My guess is that the first time that code is run the variable doesn't exist so it creates it using the current kernel value. Subsequent runs of setup_conntrack use the nvram value.

So the solution to @Vexira's problem would appear to be to replace
echo 750 > /proc/sys/net/netfilter/nf_conntrack_expect_max
with
nvram set ct_expect_max=750

Note that this only applies to non-HND routers. See post #7.
 
Last edited:
My guess is that the first time that code is run the variable doesn't exist so it creates it using the current kernel value. Subsequent runs of setup_conntrack use the nvram value.

So the solution to @Vexira's problem would appear to be to replace
echo 750 > /proc/sys/net/netfilter/nf_conntrack_expect_max
with
nvram set ct_expect_max=750

Note that this only applies to non-HND routers.
it works both you and @dave14305 are absolutely brilliant its now sticking 750 actually sticks, thank you guys so much i deeply appreciate it.

The modified script as follows:

#!/bin/sh
# increase nf_conntrack_expect_max
nvram set ct_expect_max=750

logger -t conntrackscript "Value 750 written to nf_conntrack_expect_max, restarting conntrack"
sleep 2
service restart_conntrack
 
vexira@RT-AX88U-C528:/tmp/home/root# cat /proc/sys/net/netfilter/nf_conntrack_expect_max
750
vexira@RT-AX88U-C528:/tmp/home/root# cat /proc/sys/net/netfilter/nf_conntrack_expect_max
750
vexira@RT-AX88U-C528:/tmp/home/root# cat /proc/sys/net/netfilter/nf_conntrack_expect_max
750
vexira@RT-AX88U-C528:/tmp/home/root# cat /proc/sys/net/netfilter/nf_conntrack_expect_max
750

that's after a reboot to its holding well now.
 
I would think you only need to set nvram once outside the script.
Code:
nvram set ct_expect_max=750
nvram commit
 
This has already been addressed upstream by Asus.
 
This has already been addressed upstream by Asus.
Hey Merlin thanks for replying. I have about 372/300000 - 100 active ;

Would that have triggered the conntrack syslog issue? Everytime I fac reset the FW, gameplay feels great ; Then after a an hour or so, I get those conntrack syslog failures then the game feels like crap... Is it dropped packets or full NAT Table?

I apologize for the random questions ; I did follow the steps above for increasing it to the 750.

Also, could you possibly explain the coding behind the "gaming port"

Others says it doesn't do anything but that's 100% false, Ive done numerous tests and it definitely does something. Exactly what type of qos does it us?
 
and for the conntrack -L result = 21 expectations and for the other conntack -E command, its an endless cycle of connections so idk
 
My log is filled w this?

Should i be concerned or is this normal
 

Attachments

  • 1626127827425.png
    1626127827425.png
    616.5 KB · Views: 206
Hey Merlin thanks for replying. I have about 372/300000 - 100 active ;
Tracked connections does not necessarily match the content of the expect table. I don't know the difference, you will have to do some research on it.

Also, could you possibly explain the coding behind the "gaming port"
No idea what it does, sounds like marketing smoke to me.
 
The gaming port is probably the 2.5gb port with QoS priority
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top