Conntrack byte/packet accounting issues?

I've been writing iptables rules to categorise packets based on the number of bytes transferred on their connections (i.e. using -m connbytes), but these rules don't work properly. When I look at the connections in /proc/net/nf_conntrack there seems to be something odd happening - nearly all of the RX/TX packet and byte counters are zero, even for connections that I know for sure have sent and received data.

In addition, I have tried starting a large download and watching the counters, and they appear to get reset to zero regularly. For example, when downloading a 1GB test file from here:

I see the counters for the connection getting reset to zero at least four times during the forty or so seconds it takes to download the file. Perhaps this regular resetting explains why nearly all the counters are zero? In any case, this behaviour stops my iptables rules from working correctly, so it's a significant problem for me.

Does anyone know what is going on? It's quite possible that I'm missing something and I'm happy to be set straight. :slight_smile:

I'm using OpenWRT 19.07.1 on x86_64.

Do you have nlbwmon installed/running by any chance?

1 Like

Yes, I do...

I'll try removing it and report back. I never look at the stats and when I last looked it didn't seem to be working properly anyway.

Yep, looks like that was it. The numbers are instantly making more sense.

Thankyou very much indeed - I'm sure I would have wasted a lot more time before figuring that out!

As you may have guessed, I got bitten by nlbwmon when doing my own 'how many bytes on a connection?' playing :slight_smile:
It resets the data count every time it iterates over the conntrack list. There's an option to make it less frequent but you can't eliminate it entirely unless you simply don't run it.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.