1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

"Inbound Layer 7" setting kills HTTP/S connections?

Discussion in 'Tomato Firmware' started by gordo_1, Apr 21, 2008.

  1. gordo_1

    gordo_1 LI Guru Member

    I don't know what this setting actually does, but ever since upgrading my WRT54GL to Tomato 1.18, I've been having trouble downloading files over the net (noticed it with HTTP and HTTPS mostly -- possibly exclusively). I recently upgraded to 1.19, hoping that whatever was causing the problem was resolved, but it didn't seem to make a difference... that is, until I noticed this "Inbound Layer 7" setting under Advanced-->Conntrack/Netfilter. Out of curiosity, I unchecked it and sure enough all my connection problems seem to have disappeared. For some reason, when "Inbound Layer 7" is enabled, brief TCP connections like to web pages seem to work fine, but longer connections, like downloads of larger files seem to get stuck at various completion points, at which point I get a slew of duplicate ACK packets and then a "TCP Window Full" at which point the connection seems to hang (all this seen in Wireshark.)

    I initially suspected QoS, but disabling QoS had no effect. Finally, disabling this mysterious "Inbound Layer 7" setting seems to restore normal operation. No idea what this is, but I'm glad to have my Internet connection back again. :)
  2. i1135t

    i1135t Network Guru Member

    I'd like to know the effectiveness of this as well. Can someone elaborate? I know that Layer 7 used for defining applications, but what's the use of it being disabled/enabled? What are the benefits having it on/off? Thanks!!
  3. jersully

    jersully Networkin' Nut Member

    Yeah, what the heck is that feature?

    I really love Tomato, but the documentation is sorely lacking. Yes, I've read the wiki multiple times. I hate to gripe, really.
  4. nvtweak

    nvtweak Networkin' Nut Member

    maybe it just unloads some modules..

    what is the output of lsmod before and after disabling this option?

    I don't think this option is full extent of your problems. Maybe you just forgot to erase nvram after upgrade.
  5. jockel

    jockel Addicted to LI Member

    Hi,
    may I bump this one to find the still missing answer to the question:
    What is this option "inbound layer 7" good for and under which
    circumstances should I enable/disable this option?

    Thank you for your help!

    Jockel
  6. GreenThumb

    GreenThumb Networkin' Nut Member

    Inbound Layer 7 is referring to the "application layer." It is part of the OSI model of communication protocols (which has 7 layers). TCP/IP incorporates many of the ideas from the OSI model. (OSI is more of an academic standard and model to follow than it is a real set of protocols). At least this is how I understand it, but I am no network engineer.

    I would wager a guess that most people would probably want layer 7 enabled, especially on desktop systems (and especially if you torrent). Here is a list of some applications that run on layer 7:

    http://en.wikipedia.org/wiki/Application_Layer
  7. jockel

    jockel Addicted to LI Member

    Hi GreenThumb,

    be assured, that I appreciate your answer. I had certainly searched/found those
    wiki pages and read about what is available there. But I am nevertheless stuck
    with the question, what this option in Tomato is actually ment for.
    For example, I have disabled "Inbound layer 7" but things like FTP, DHCP, http, smtp,
    POP3...just to mention a few I know by name, still work here on my routers.
    I am still looking for the answer to the question, what is actually enabled/disabled
    by checking/unchecking this option?

    Jockel
  8. nvtweak

    nvtweak Networkin' Nut Member

    I've always left it enabled without issue.
  9. jockel

    jockel Addicted to LI Member

    Hi nvtweak,

    o.k., I read all words but - this is certainly my fault, I am s simple user - still do not
    know, what features/functionalities will no longer be available if I disable it?

Share This Page