Community discussions

 
voltsifer
just joined
Topic Author
Posts: 6
Joined: Wed Jun 26, 2013 9:13 pm

"No such item (4)" while counting connections

Sat Sep 22, 2018 3:56 pm

Hello!
Please help me understand why I get "no such item" error in this code:
[admin1@MT1] > /ip firewall connection print count-only where dst-address~"1.1.1.1|2.2.2.2|3.3.3.3|4.4.4.4|5.5.5.5"
212
no such item (4)
[admin1@MT1] > /ip firewall connection print count-only where dst-address~"1.1.1.1|2.2.2.2|3.3.3.3|4.4.4.4|5.5.5.5"
413
[admin1@MT1] > /ip firewall connection print count-only where dst-address~"1.1.1.1|2.2.2.2|3.3.3.3|4.4.4.4|5.5.5.5"
268
no such item (4)
[admin1@MT1] > /ip firewall connection print count-only where dst-address~"1.1.1.1|2.2.2.2|3.3.3.3|4.4.4.4|5.5.5.5"
413


 
User avatar
ADahi
Member Candidate
Member Candidate
Posts: 217
Joined: Thu Sep 21, 2017 7:16 pm
Location: Iraq, Ninavah
Contact:

Re: "No such item (4)" while counting connections

Sat Sep 22, 2018 9:28 pm

/ip firewall connection print count-only where dst-address~"[1-5]+\\.[1-5]+\\.[1-5]+\\.[1-5]+"
OR
/ip firewall connection print count-only where (dst-address~"1.1.1.1" || dst-address~"2.2.2.2" || dst-address~"3.3.3.3" || dst-address~"4.4.4.4" || dst-address~"5.5.5.5")
Last edited by ADahi on Sun Sep 23, 2018 10:34 pm, edited 1 time in total.
 
voltsifer
just joined
Topic Author
Posts: 6
Joined: Wed Jun 26, 2013 9:13 pm

Re: "No such item (4)" while counting connections

Sun Sep 23, 2018 2:41 pm

Thanks for your explanation, but it does not solve the problem.
In fact, I get "no such item" error even without using logical operations and searching for a single IP address.
[admin1@MT1] > /ip firewall connection print count-only where dst-address="1.1.1.1"
0
no such item (4)
[admin1@MT1] > /ip firewall connection print count-only where dst-address="1.1.1.1"
0
[admin1@MT1] > /ip firewall connection print count-only where dst-address~"1.1.1.1"
235
no such item (4)
[admin1@MT1] > /ip firewall connection print count-only where dst-address~"1.1.1.1" 
436
It is interesting that the problem occurs only in about half the cases.

Also, it is related to the number of entries in the connection table.
The more entries - the higher the probability of "no such item" error.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5829
Joined: Mon Jun 08, 2015 12:09 pm

Re: "No such item (4)" while counting connections

Sun Sep 23, 2018 3:04 pm

Likely the "where" clause is walking through the connections list and while it is doing so some connections disappear.
The more users/connections you have, the more likely that probably is to occur.

This is always a problem in such "first/next" walking through lists that are not static.
Whether that should have been covered in RouterOS and handled invisibly from the users is a matter for debate...
 
voltsifer
just joined
Topic Author
Posts: 6
Joined: Wed Jun 26, 2013 9:13 pm

Re: "No such item (4)" while counting connections

Sun Sep 23, 2018 3:29 pm

The main problem is that this error terminates the script execution and I do not understand how to ignore this error.
Suppose I have this script:
  ... Some code ....
/ip firewall connection print count-only where dst-address~"1.1.1.1" 
Getting "no such item" - Script terminating.
  ... Some code - 2 ....
The code "Some code - 2" will not be executed.

Is it possible to force ROS ignore "no such item" error and continue code execution?
 
pe1chl
Forum Guru
Forum Guru
Posts: 5829
Joined: Mon Jun 08, 2015 12:09 pm

Re: "No such item (4)" while counting connections

Sun Sep 23, 2018 4:41 pm

You should read the manual on Scripting before attempting anything serious... because there are so many pitfalls!
https://wiki.mikrotik.com/wiki/Manual:S ... ime_errors
https://wiki.mikrotik.com/wiki/Manual:S ... and_Tricks
 
voltsifer
just joined
Topic Author
Posts: 6
Joined: Wed Jun 26, 2013 9:13 pm

Re: "No such item (4)" while counting connections

Sun Sep 23, 2018 5:20 pm

Thanks for reply.
I tried do {} on-error = {}
But it did not solve my problem.

Code:
:global result

:log info ("Step1")
:do {
      :set result [/ip firewall connection print count-only where dst-address~":80"];
} on-error={:log info ("Error1")};
:log info ("Result1: $result")

:log info ("Step2")
:do {
      :set result [/ip firewall connection print count-only where dst-address~":80"];
} on-error={:log info ("Error2")};
:log info ("Result2: $result")

Result:
[admin1@MT1] > 
17:15:49 echo: script,info Step1
[admin1@MT1] > 
17:16:07 echo: script,error script error: no such item (4)
The script is terminated. (((

Is there something wrong with my code?

On the low-loaded Mikrotik this code is executed successfully...
 
nostromog
Member Candidate
Member Candidate
Posts: 159
Joined: Wed Jul 18, 2018 3:39 pm

Re: "No such item (4)" while counting connections

Sun Sep 23, 2018 6:27 pm

I think using
:set result [:len [/ip firewall connection find where dst-address~":80"]]
is cleaner. And in my experience, for some arcane reason, avoids the non-atomic list traversal.
 
voltsifer
just joined
Topic Author
Posts: 6
Joined: Wed Jun 26, 2013 9:13 pm

Re: "No such item (4)" while counting connections

Sun Sep 23, 2018 6:45 pm

On Router (CRS125-24G-1S-2HnD) with 200 active connection entries:
[admin1@MikroTik] > :put [:len [/ip firewall connection find where dst-address~":80"]]          
4
[admin1@MikroTik] >

On Router (CCR1036-12G-4S) with 80000 active connection entries:
[admin1@MT1] > :put [:len [/ip firewall connection find where dst-address~":80"]]
no such item (4)
[admin1@MT1] >

Any ideas?
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5934
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: "No such item (4)" while counting connections

Tue Sep 25, 2018 11:35 am

Connection tracking is large periodically changing table. While processing entries that entry could already be removed, so you will get no such item.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5829
Joined: Mon Jun 08, 2015 12:09 pm

Re: "No such item (4)" while counting connections

Tue Sep 25, 2018 12:09 pm

That is what I expected, but why is the error not handled by do {} on-error = {} ?
 
voltsifer
just joined
Topic Author
Posts: 6
Joined: Wed Jun 26, 2013 9:13 pm

Re: "No such item (4)" while counting connections

Wed Sep 26, 2018 3:45 pm

Connection tracking is large periodically changing table. While processing entries that entry could already be removed, so you will get no such item.
Is it possible to perform a search in large periodically changing table without errors?


[admin1@MT1] > /ip firewall connection print where dst-address~":80"
Flags: E - expected, S - seen-reply, A - assured, C - confirmed, D - dying, F - fasttrack, s - srcnat, d - dstnat 
 #          PROTOCOL SRC-ADDRESS           DST-ADDRESS           TCP-STATE   TIMEOUT     ORIG-RATE REPL-RATE ORIG-PACKETS REPL-PACKETS      ORIG-BYTES      REPL-BYTES
 0  SAC  s  tcp      172.16.9.21:49346     203.119.201.254:80    established 17m58s           0bps      0bps          233          244          15 214          15 212
 1  SAC     tcp      x.x.x.x:7178   162.252.21.64:80      established 19m54s           0bps      0bps          908          908          37 228          36 320
 2  SAC  s  tcp      172.16.12.110:49003   185.221.47.112:80     established 19m59s      269.0kbps  19.7Mbps    3 182 536    7 845 361     134 840 136  11 591 313 145
 3  SAC  s  tcp      172.16.8.82:41163     140.205.195.98:80     established 19m38s           0bps      0bps          188          183          12 856          12 004
 4  SAC     tcp       x.x.x.x:50112   77.234.43.26:80       established 17m6s            0bps      0bps          118          199          20 810         112 745
 5  SAC     tcp       x.x.x.x:57974  203.119.205.0:80      established 17m19s           0bps      0bps          923        1 764          73 454         108 782
 6  SAC     udp       x.x.x.x:35529   47.91.93.96:8000                  1m19s            0bps      0bps        4 310        4 297         310 320         274 768
 7  SAC     tcp       x.x.x.x:58013  47.254.151.183:8080   established 18m32s           0bps      0bps        3 088        1 739         186 779         178 340
......................
Thats ok!


But
:put [/ip firewall connection find dst-address~":80"]
no such item (4)
WHY???
Is there another way to search the large connection table that does not cause errors?

Who is online

Users browsing this forum: No registered users and 1 guest