Opened 4 years ago

Closed 4 years ago

Last modified 2 years ago

#12196 closed defect (fixed)

Upgrade to AA beta: incompatible sysctl.conf (nf_conntrack_max too low)

Reported by: martin@… Owned by: developers
Priority: normal Milestone: Barrier Breaker 14.07
Component: base system Version: Attitude Adjustment 12.09 Beta
Keywords: sysctl conntrack Cc:


Using TL-1043ND. Upgrade from Backfire 10.03.1 went smoothly. Got really bad performance when updating a game server list from a client PC (lots of new connections). Found out that my /etc/sysctl.conf had entries like:


which apparently is incorrect for the current kernel.

sysctl net.nf_conntrack_max

gives a value of between 1000-2000 (forgot the exact number).

I see under /rom/etc a sysctl.conf that has correct setting but I guess a lot of sysupgrading users will run into this issue.

Attachments (0)

Change History (3)

comment:1 Changed 4 years ago by jow

  • Resolution set to fixed
  • Status changed from new to closed

Fixed with r33448

comment:2 Changed 4 years ago by hnyman <hannu.nyman@…>

Should the default AA sysctl.conf be patched to match the current kernels now, when all supported kernels are at 3.3.8? Apparently it contains several options that are no longer supported.

root@OpenWrt:~# sysctl -p /etc/sysctl.conf
kernel.panic = 3
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.ip_forward = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.tcp_ecn = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 120
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_dsack = 1
sysctl: error: 'net.ipv4.netfilter.ip_conntrack_checksum' is an unknown key
sysctl: error: 'net.ipv4.netfilter.ip_conntrack_max' is an unknown key
sysctl: error: 'net.ipv4.netfilter.ip_conntrack_tcp_timeout_established' is an unknown key
sysctl: error: 'net.ipv4.netfilter.ip_conntrack_udp_timeout' is an unknown key
sysctl: error: 'net.ipv4.netfilter.ip_conntrack_udp_timeout_stream' is an unknown key
net.ipv6.conf.all.forwarding = 1
net.netfilter.nf_conntrack_acct = 1
net.netfilter.nf_conntrack_checksum = 0
net.netfilter.nf_conntrack_max = 16384
net.netfilter.nf_conntrack_tcp_timeout_established = 3600
net.netfilter.nf_conntrack_udp_timeout = 60
net.netfilter.nf_conntrack_udp_timeout_stream = 180
sysctl: error: 'net.bridge.bridge-nf-call-arptables' is an unknown key
sysctl: error: 'net.bridge.bridge-nf-call-ip6tables' is an unknown key
sysctl: error: 'net.bridge.bridge-nf-call-iptables' is an unknown key

r26204 added support for the new options, but also left the old ones there (as some targets still used the old kernels at that point).

Might be something for the after release todo list.

comment:3 Changed 2 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

as closed .
The resolution will be deleted. Next status will be 'reopened'.

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.