What's new

UDP connection always have state UNREPLIED

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

reerden

Regular Contributor
I noticed that in the active connections tab in the system log, UDP connection never show up as ASSURED. They're always UNREPLIED.

Is this normal? I am able to establish connections just fine, I'm just worried this messes up the UDP timeout values. (i.e. an established connection being treated as UNREPLIED with short timeouts)
 
I noticed that in the active connections tab in the system log, UDP connection never show up as ASSURED. They're always UNREPLIED.

Is this normal? I am able to establish connections just fine, I'm just worried this messes up the UDP timeout values. (i.e. an established connection being treated as UNREPLIED with short timeouts)

Typically this happens when a torrent client out there tries to connect to your IP, where there was previously a running torrent application. This is normal.
 
Typically this happens when a torrent client out there tries to connect to your IP, where there was previously a running torrent application. This is normal.

Ok. But it's weird that even when connections are established at the client, there are no ASSURED entries in the router. Are they simply not tracked or not appearing in the connections tab?
 
Ok. But it's weird that even when connections are established at the client, there are no ASSURED entries in the router. Are they simply not tracked or not appearing in the connections tab?

They should - I have quite a few of them myself. Make sure your torrent port forwarding is working properly (typically you should be using uPNP).
 
They should - I have quite a few of them myself. Make sure your torrent port forwarding is working properly (typically you should be using uPNP).

Well, I have none. UPnP forwarded the correct ports for Skype, Xbox and torrent's. All of them are using UDP connections. All of them have clients connected, but there isn't a single UDP ASSURED entry in the list.

EDIT: I did increased the ASSURED timeout to 300 but I doubt that's the problem here.
 
Last edited:
Well, I have none. UPnP forwarded the correct ports for Skype, Xbox and torrent's. All of them are using UDP connections. All of them have clients connected, but there isn't a single UDP ASSURED entry in the list.

EDIT: I did increased the ASSURED timeout to 300 but I doubt that's the problem here.

Try running "netstat-nat" over SSH just in case the webui list would be somehow truncated (the webui script can timeout if the list is too long or the name resolution is taking too long for the total list).
 
Try running "netstat-nat" over SSH just in case the webui list would be somehow truncated (the webui script can timeout if the list is too long or the name resolution is taking too long for the total list).

Did a netstat-nat while playing an online game on my Xbox. The UDP connections listed all had state UNREPLIED. But they where definitely the IP-addresses of the people connected to the game.

EDIT: they also stayed listed the entire game. Way longer than the 30 second timeout so they where definitely active connections.
 
Last edited:
Did a netstat-nat while playing an online game on my Xbox. The UDP connections listed all had state UNREPLIED. But they where definitely the IP-addresses of the people connected to the game.

EDIT: they also stayed listed the entire game. Way longer than the 30 second timeout so they where definitely active connections.

No idea what's wrong with your setup then. I definitely get a lot of ASSURED connections here.
 
With what commands can I read out the time out values from NVRAM?

Nvram setting is ct_udp_timeout. However I don't remember the order the values are encoded in it. If you really want to play with them at the shell level rather than through the UI, best directly modify them in the Linux kernel, through the /proc interface.
 
Nvram setting is ct_udp_timeout. However I don't remember the order the values are encoded in it. If you really want to play with them at the shell level rather than through the UI, best directly modify them in the Linux kernel, through the /proc interface.
I checked the values and they were alright. ct_udp_timeout was set was set to "30 300", in both the NVRAM and
/proc.

I noticed that local connections to the router were getting state assured (netstat-nat -L). I'm going to do a complete NVRAM reset this weekend. If it isn't solved after that I'm going to assume it works as designed.
 
Last edited:
I checked the values and they were alright. ct_udp_timeout was set was set to "30 300", in both the NVRAM and
/proc.

I noticed that local connections to the router were getting state assured (netstat-nat -L). I'm going to do a complete NVRAM reset this weekend. If it isn't solved after that I'm going to assume it works as designed.

One possibility is that it's a side-effect of NAT acceleration.
 
One possibility is that it's a side-effect of NAT acceleration.
Hmm, I see. But this shouldn't matter in practice, right? Even though the ports are marked with UNREPLIED, they still do have the ASSURED timeout (either the custom value I set in the webUI or some default in the broadcom CTF)

EDIT: it was indeed the NAT acceleration. If I turn it off, assured connection started popping up in the list. My question is, is it better to leave it enabled? Do connections, even though they are listed as UNREPLIED still have an ASSURED timeout since the CTL module is apparently handling it?
 
Last edited:
Can anyone tell me if the TCP/UDP timeout values in the firmware are actually working with HW acceleration enabled? Or does CTF has its own timeout values?

Also, UDP connection appear as UNREPLIED since the response is routed through CTF apparently. Does this negatively effect timeouts?
 
A late response, but I've been tinkering with this issue and I would say that it works as designed knowing the CTF bypasses iptables and such. My UNREPLIED's go away after the timeout and new ones pop up like when I open a game that has UDP ports.

I would say its working even though CTF is bypassing the connection tracker for UDP state. I don't have any connectivity issues (timing out) with games or web browsing.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top