quite a few unclassified connections

Discussion in 'Tomato Firmware' started by dankim831, Oct 5, 2006.

  1. dankim831

    dankim831 Network Guru Member

    i'm not sure if this is normal or is a bug, but I seem to have quite a few connections in the unclassified qos class.

    i have a few rules set and set the default classification to medium. my understanding is if the the connection doesn't match a rule it should be in the medium class.

    i know that internal network connections (LAN) goes into unclassified but why do I have some connections showing up with WAN addresses?

    anyone else notice this or is this normal.

    again, keep up the great work. the quality of this product is amazing even tho its still in beta.
  2. NateHoy

    NateHoy Network Guru Member

    If I understand it correctly, that might happen for a while after a QoS change / QoS engine restart. And, since connections are not cleared from the list very quickly, they might show up on the connections list for a while.

    I'm not sure if that is the problem in your case, but it's one possible theory... Check the connections again a couple of hours later and see if the "unclassified" ones are still around.
  3. robsonn

    robsonn Network Guru Member

    1. it looks like you didn't read the readme file added to the firmware ...
    2. QoS is working only on traffic that is routed (packets traveling from LAN/WLAN to WAN). If you click on unclassified class you will se that 99% of packets are connection with router GUI (and this is local traffic, non routed so QoS ignore this). Also there can be small amount of packets that aren't correctly matched by ex. L7 or IPP2P. Sometimes L7 and/or IPP2P needs more attempts to match several packets.
    Remeber that several P2P clients handles encryption so if you enable it router might have problems with matching packets or they go to the unclassified class.
    It's nothing unusual, just first time in firmware on WRT54 you have chance to observe how really QoS is working (and that it isn't ideal ;) ). It's fantastic tool to understand/learn/watch QoS.
  4. dankim831

    dankim831 Network Guru Member

    i did read the readme file, you didn't read my post.

    as stated above i understand that any internal LAN traffic that doesn't hit the firewall shouldn't be classified in QOS, but like I said above I've noticed there are definately connections that are terminating with WAN addresses in the unclassified category.

    the reason why i think that there shouldn't be any WAN terminating connections in this category is that in the QOS basic settings there is a setting that specifies what the default QOS class is. shouldn't any connections that don't match a L7 or IPP2P filter automatically be put into that default category?
  5. Reiper

    Reiper LI Guru Member

    AFAIK the unclassified classification is the default classification.
  6. dankim831

    dankim831 Network Guru Member

    i thought that whatever is set in QOS>Basic Settings>Default Class was the default class for anything that hits the firewall (WAN connections).???
  7. Reiper

    Reiper LI Guru Member

    Maybe I'm wrong but I was under the impression that if an outbound connection doesn't match any of your filters (whether it is L7, IPP2P, SRC IP, DST IP, SRC MAC, etc.) it whould be classified as the default class (whatever you set it to). However, in the Pie Chart screen it shows these same connections as unclassified but I'm assuming that whatever you set as your default connection would get applied to these connections.
  8. NateHoy

    NateHoy Network Guru Member

    Reiper - Correct, you should never get an "unclassified" connection (to the WAN) on a normally-running Tomato installation if you have a default class specified.

    However... to make my point from earlier a little clearer:

    From the README: "When changing QoS settings, the firmware will try to flush existing classifications for 30 seconds. During this time, active connections will return to being unclassified."

    Now, in my experience with Tomato, connections do not get instantly cleared from the tracking screens, even when I have disconnected them. I suspect it is simply dumping the NAT table. This would, of course, contain all connections until they are purged, whether they are used or not.

    So, I would make the assumption that anything that is showing up as "unclassified" is a leftover from the last time the QoS settings were changed, and they just haven't purged out yet.
  9. dankim831

    dankim831 Network Guru Member

    Natheoy, yea I understand that and definately agree. I'll keep an eye on it, but it's been a few days. My longest TCP time out value is 30 mins.... so... i'm a little suspicious... maybe it is just a glitch.
  10. lboregard

    lboregard LI Guru Member

    if you have setup custom iptables rules and those custom rules flush nat, mangle and/or filter tables, you will get the results you mention :)
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice