"ip_conntrack: table full, dropping packet" during

Discussion in 'DD-WRT Firmware' started by will792, Aug 9, 2005.

  1. will792

    will792 Network Guru Member

    I get a lot of "ip_conntrack: table full, dropping packet." router log messages from WRT54G v.2 with DD-WRT v.22 r2 when my kids are playing PC Halo online. I think it makes the game unresponsive. The game misses many frames.

    How can I fix it?

    Error message:
    <4> kernel: ip_conntrack: table full, dropping packet.

    Will
     
  2. rtau

    rtau Network Guru Member

    You may try to increase the value in Administration->Management->IP Filter Settings, Maximum Ports. 1024 should be a good try.
     
  3. will792

    will792 Network Guru Member

    Thank you for your advice. I bumped up # of ports and reduced timeout for TCP and UDP. Will post my results.

    I used to have HyperWRT where these settings were in a startup script:
    echo "600 1800 120 60 120 120 10 60 30 120" > /proc/sys/net/ipv4/ip_conntrack_tcp_timeouts

    The web interface in DD-WRT exposes only one timeout setting per protocol. I guess for established connections only.
     
  4. rtau

    rtau Network Guru Member

    Code:
    /etc # cat preinit
    #!/bin/sh
    # DD-WRT V22 Preinit script by Sebastian Gottschall (BrainSlayer). (some parts are taken from OpenWRT)
    
    export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/jffs/sbin:/jffs/bin:/jffs/usr/sbin:/jffs/usr/bin
    export LD_LIBRARY_PATH=/lib:/usr/lib:/jffs/lib:/jffs/usr/lib
    nvram set expert_mode=1
    #nvram set ipv6_enable=1
    # overclocking for stability (dont ask me)
    
    #if [ "$(nvram get clkfreq)" = "200" ]; then
    #    nvram set clkfreq=216
    #    nvram commit
    #    reboot
    #fi
    
    if [ -z "$(nvram get ipv6_enable)" ]; then
        nvram set ipv6_enable=0
        nvram set ipv6_enable0=0
        nvram commit
    fi
    if [ -z "$(nvram get ipv6_enable0)" ]; then
        nvram set ipv6_enable=0
        nvram set ipv6_enable0=0
        nvram commit
    fi
    
    if [ -z "$(nvram get mmc_enable)" ]; then
        nvram set mmc_enable=0
        nvram set mmc_enable0=0
        nvram commit
    fi
    
    if [ "$(nvram get mmc_enable)" = "1" ]; then
        insmod mmc
        insmod fat
        insmod vfat
        insmod msdos
        mount /dev/mmc/disc0/part1 /mmc -tmsdos
    fi
    
    if [ -z "$(nvram get enable_jffs2)" ]; then
        nvram set enable_jffs2=0
        nvram set clean_jffs2=0
        nvram set sys_enable_jffs2=0
        nvram set sys_clean_jffs2=0
        nvram commit
    fi
    
    if [ -z "$(nvram get http_enable)" ]; then
        nvram set http_enable=1
        nvram commit
    fi
    
    
    # validate settings and adjust if needed
    if [ -z "$(nvram get ip_conntrack_max)" ]; then
        nvram set ip_conntrack_max=4096
        nvram set ip_conntrack_tcp_timeouts=3600
        nvram set ip_conntrack_udp_timeouts=3600
        nvram commit
    fi
    
    # read setting from nvram
    CONNTRACK_MAX=$(nvram get ip_conntrack_max)
    CONNTRACK_TCP_TIMEOUTS=$(nvram get ip_conntrack_tcp_timeouts)
    CONNTRACK_UDP_TIMEOUTS=$(nvram get ip_conntrack_udp_timeouts)
    
    # adjust conntrack settings
    /bin/echo $CONNTRACK_MAX > /proc/sys/net/ipv4/ip_conntrack_max
    /bin/echo "3600 $CONNTRACK_TCP_TIMEOUTS 120 60 120 120 10 60 30 120" > /proc/sys/net/ipv4/ip_conntrack_tcp_timeouts
    /bin/echo "65 $CONNTRACK_UDP_TIMEOUTS" > /proc/sys/net/ipv4/ip_conntrack_udp_timeouts
    /bin/echo 1 > /proc/sys/net/ipv4/tcp_westwood
    
    You're right, I think.
     
  5. h41cyon

    h41cyon Guest

    How do you modify your preinit?

    vi -> w! doesnt wanna write to it.
     
  6. rtau

    rtau Network Guru Member

    Opp? Did we ever talk about modifying preinit? Why do you want to modify it?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice