1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cronjob to Drop Idle Connection

Discussion in 'Tomato Firmware' started by trialbeing, Nov 4, 2007.

  1. trialbeing

    trialbeing LI Guru Member

    Hi, everybody...

    I always use the Drop Idle button in Advanced/Conntrack and find it quite effective to make my router run better after flood with bittorrent connection. Though, I am too lazy to do it manually :biggrin: So, is there anyway to make cronjob for it? e.g. to make it clean "1 minute idle connection" for every 30 minutes? I can't find the shell command to run Drop Idle.

    Thank You very much for your help :thumbup:
  2. Sopmod

    Sopmod Network Guru Member

    Probably on the same subject. I recently saw these entries on my log.

    Nov 4 18:44:09 NAME user.warn kernel: ip_conntrack: table full, dropping packet.
    Nov 4 18:44:09 NAME user.warn kernel: NET: 111 messages suppressed.

    I up'd the Max Connections from 2048 to 4096, but also would like to know how to "clean" none active connections so I can reduce the Max Connections back down to default 2048.

    My router is rock solid and doesn't need rebooting for dodgy behaviour. As in ever.

    I also do P2P as the above poster.
  3. roadkill

    roadkill Super Moderator Staff Member Member

    try to reduce the tcp timeout for established connections/none so you won't have to bother with the conntrack.
  4. trialbeing

    trialbeing LI Guru Member

    Thanks Roadkill, but if I reduced timeout for ESTABLISHED, the active connection (non-idle) is gone too. My purpose is to kill only idle connection. And the magic "Drop Idle" button did great job :biggrin:, just curious how to run it as shell command.

    By the way, what is time out for NONE, coz everytime when I clicked "Count Current" to track connections, it shows "0" connection in this state.

    If NONE refer to idle connection, why it show only "0" all the time.:confused:
  5. roadkill

    roadkill Super Moderator Staff Member Member

    I think it shows connection requests that were not established.

    from what I can tell by looking at the page source that button is simply expiring all connections
    any connection that is in use will be recreated... just set the timeout to a shorter value it has the same result.
  6. PeterT

    PeterT Network Guru Member

    From browsing the source, I have a feeling that all you need is a shell script that does
    echo 15 > /proc/net/expire_early
  7. trialbeing

    trialbeing LI Guru Member

    Roadkill: Thanks for advice, I will also try to play with shorter timeout. :biggrin:

    PerterT: Thanks for the code, it works!!! :clap: and by adjusting the default value (15), this code can specific what connection to be considered as "Idle".

    TOMATO! :thumbup:
  8. acid12

    acid12 Guest

    This is what I was looking for :]

    but (there's always one), how to make it work all the time, I mean every hour or two?

    I typed this
    echo 15 > /proc/net/expire_early
    to the ssh client and it worked, but have no idea where to put this line (or how to modify) that it will call every hour.

    Do I need to type it into the Administration-> Scripts -> firewall, or somewhere else??

    please help
  9. TexasFlood

    TexasFlood Network Guru Member

    I just did a quick and dirty as an experiment just now. Here is what I'm trying, feel free to try as well.

    Under the init section of http://{router name or IP address}/admin-scripts.asp, paste the following: (all between, but not including, the []brackets, no line breaks)

    [echo "0 * * * * echo 15 > /proc/net/expire_early">>/var/spool/cron/crontabs/root]

    Save it and reboot the router. As the router boots, the "0 * * * * echo 15 > /proc/net/expire_early" line gets appended to the root crontab. After reboot, log in and cat /var/spool/cron/crontabs/root to be check that the got added. This runs the command at the top of every hour or modify the cron parameters for your preferred schedule. I used 15 for the expiration value but drop in there whatever you prefer. Does the value 15 define what is considered an idle connection or is it simply the number of seconds to wait befrore the "early expiration" takes place as I suspect? I tested "echo 0 > /proc/net/expire_early" from an SSH command line and it did seem to work faster, :-D . The number of connections in the conntrack GUI on my router are definitely dropping at the top of the hour.


    I guess the officially recommended Tomato method of adding to cron is to use cru, so the following line also works although when I first put it in the router locked up for some reason when rebooting after and I had to pull the power plug to bring it back. If you want to do something more complex then would have to create a script file then run that but for a cron one liner, cru should work fine.

    [cru a HourlyExpireEarly "0 * * * * echo 0 > /proc/net/expire_early"]

Share This Page