1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ip_conntrack: table full, dropping packet

Discussion in 'Tomato Firmware' started by sonarman, Nov 18, 2006.

  1. sonarman

    sonarman Network Guru Member

    I am using 0.9 on a WRT54G. When I play Battlefield 2, I get the following message:
    user.warn kernel: ip_conntrack: table full, dropping packet


    I have the number of connections set to 2048, which is typically enough and did not have the problem with DD-wrt. Which other parameter do I need to adjust. I went to the usual timeout variables that I am familar with in nvram, but I do not see them

    Thanks in advance
     
  2. pfoomer

    pfoomer LI Guru Member

    I am also getting these, not doing any streaming/skpye/torrent, just html.

    I do have some access restriction words set up (all the usual advertising culprits)

    Cant see any way of increasing the proc entry to get over this

    (/proc/sys/net/ipv4/ip_conntrack_max)

    as suggested when I searched for a cause.
     
  3. mstombs

    mstombs Network Guru Member

  4. pfoomer

    pfoomer LI Guru Member

    Thanks for that, however, its set to 2048, and I doubt looking at the activity I was anywhere near that limit.

    I will experiment and put it higher

    Thanks again

    PS not sure if automatically removing idle connection would be a better option, with a threshold, ie max = 2048, threshold 2000, then its starts dumping idle connections?, or is this catered in the other settings and I should RTFM?
     
  5. mstombs

    mstombs Network Guru Member

  6. Kiwi8

    Kiwi8 LI Guru Member

    Try to put it at 4096, which will surely be more than enough. Also, try tweaking the timeout so that it is around say 1 hour, or even 30 mins.
     
  7. pfoomer

    pfoomer LI Guru Member

    Lets assume that the idle connections are dropped, albiet after a timeout, so if the connections are increasing, when they get to the drop idle connection threshold, ie 2000 (max 2048 connections for example), regardless of the timeout, the idle connections would be dropped.

    Just a thought as memory seems to be an issue for most of these routers etc.

    Or is this just a dumb idea?
     
  8. pfoomer

    pfoomer LI Guru Member

    I think leaving connections at 2048 based on the memory available may be wise, but reducing the time out from 4 hours to one hour may be a good thing to try.

    I think part of the problem is my hack logger, which sends out on syslog to the logger database, generating one (or two when its unresolved) connections, I am not sure if turning on the access restrictions would increase connections, if anthing reduce them?
     
  9. FRiC

    FRiC LI Guru Member

    I tried 4096 on my WRT54GL once and it ran out of memory and started killing random processes. :p
     
  10. namaste

    namaste LI Guru Member

    Normally my connections are like 200 and then also it drop packets. I play ET and lagometer says loosing packets.... dunno why.

    Connections is 3Mbps Download and 512kbps upload...
     

Share This Page