10-27-2009 10:05 PM
chargen/tcp: accept: No buffer space available
discard/tcp: accept: No buffer space available
daytime/tcp: accept: No buffer space available
ftp/tcp: accept: No buffer space available
swat/tcp: accept: No buffer space available
dtspc/tcp: accept: No buffer space available
printer/tcp: accept: No buffer space available
ident/tcp: accept: No buffer space available
exec/tcp: accept: No buffer space available
shell/tcp: accept: No buffer space available
login/tcp: accept: No buffer space available
telnet/tcp: accept: No buffer space available
Can any one please help me to understand why i am getting above mention error.
Solved! Go to Solution.
10-27-2009 10:13 PM
Do you have lastest "Kernel RPC cumulative patch" ?
what os version ?
10-27-2009 10:24 PM
# for idle TCP connection to one hour
# Example 2: Change the interval for sending keepalive probes to 1 minute
# when TCP is detached. (e.g.FIN_WAIT_2)
# Example 3: Change the amount of time TCP endpoints persist in TIME_WAIT
# state to 30 seconds.
# Example 4: Change the UDP default ttl parameter to 128
# Example 5: Change the amount of time that ARP entries can stay in
# ARP cache to 10 minutes.
HP-UX B.11.11 U 9000/800
10-27-2009 10:44 PM
RPC cumulative patch ?
Contact with HP regarding the patches
can you post below values ?
do you have
Stop any application running (important)
NOTE: n = 0, 1, 2, 3, 4 ....
10-27-2009 11:45 PM
10-28-2009 12:03 AM
This has nothing to do with filesystem buffer cache (dbc_max_pct and dbc_min_pct) - it is simply a message telling you that when inetd tried to open sockets for these applications using the accept() system call, it returned an error code indicating "no buffer space available". This actually means that there is insufficient kernel memory available to create bufferes for these socket connections. These errors are usually transient and if you don't have a problem now can probably be ignored (all well behaved applications should re-try when they get ENOBUFS returned from accept() ). I'm sure Rick Jones can do a better job of explaining that than I can...
The fact you see the same message for a bunch of different ports in what looks (to me) like ascending order suggests that someone may be running a port scanner against this system - are you aware of anyone attempting that (e.g. using nmap or nessus or some other security scanning tool?)
10-28-2009 12:31 AM
You may have to change various TCP parameters if some changes have been done your system recently.
10-28-2009 04:50 PM
99 times out of 10, a "No buffer space available" (aka ENOBUFS) on an accept() call means that by the time the server (again in this case inetd) got around to calling accept() on the listen endpoint, the remote end of the connection had given-up and gone away.
It means that your server was not keeping-up with the connection establishement rate.
Now, getting to the present, that they have appeared for all those services suggests that someone may have been bombarding your system with bogus connection requests - hardly anyone but crusty old network performance types :) connect to the chargen (character generator - spits-out a steady stream of bytes on the connection) or discard (bit buckets anything it is sent) services.
If your system is "external facing" on a (semi) public network you may want to look into disabling many of those services and doing other "hardening" things.
You can go into /etc/inetd.conf and disable chargen, discard and daytime straight away. You can *probably* disable ident. Some of the others will depend on whether or not you actually use those services on that server.