HPE Community
Operating System - HP-UX
1751685 Members
5130 Online
108781 Solutions
New Discussion юеВ

Re: No buffer space available

 
SOLVED
Go to solution
Duncan Edmonstone
HPE Pro

тАО10-28-2009 12:03 AM

тАО10-28-2009 12:03 AM

Solution

Re: No buffer space available

CBZ,

This has nothing to do with filesystem buffer cache (dbc_max_pct and dbc_min_pct) - it is simply a message telling you that when inetd tried to open sockets for these applications using the accept() system call, it returned an error code indicating "no buffer space available". This actually means that there is insufficient kernel memory available to create bufferes for these socket connections. These errors are usually transient and if you don't have a problem now can probably be ignored (all well behaved applications should re-try when they get ENOBUFS returned from accept() ). I'm sure Rick Jones can do a better job of explaining that than I can...

The fact you see the same message for a bunch of different ports in what looks (to me) like ascending order suggests that someone may be running a port scanner against this system - are you aware of anyone attempting that (e.g. using nmap or nessus or some other security scanning tool?)

HTH

Duncan

I am an HPE Employee
Accept or Kudo
Kapil Jha
Honored Contributor

тАО10-28-2009 12:31 AM

тАО10-28-2009 12:31 AM

Re: No buffer space available

Seems to be related to high memory utilization as well, what is the memory utilization.

You may have to change various TCP parameters if some changes have been done your system recently.

BR,
Kapil+
I am in this small bowl, I wane see the real world......
0 Kudos
CBZ
Occasional Advisor

тАО10-28-2009 05:44 AM

тАО10-28-2009 05:44 AM

Re: No buffer space available

Thanks to all Super SAs....you \m/Rocks\m/
0 Kudos
rick jones
Honored Contributor

тАО10-28-2009 04:50 PM

тАО10-28-2009 04:50 PM

Re: No buffer space available

What Duncan has said can be correct (BTW, while I see many Forum's postings, I don't see them all, and only chanced across this one) I'll repeat what was in the referenced entry from five years ago :)

99 times out of 10, a "No buffer space available" (aka ENOBUFS) on an accept() call means that by the time the server (again in this case inetd) got around to calling accept() on the listen endpoint, the remote end of the connection had given-up and gone away.

It means that your server was not keeping-up with the connection establishement rate.

Now, getting to the present, that they have appeared for all those services suggests that someone may have been bombarding your system with bogus connection requests - hardly anyone but crusty old network performance types :) connect to the chargen (character generator - spits-out a steady stream of bytes on the connection) or discard (bit buckets anything it is sent) services.

If your system is "external facing" on a (semi) public network you may want to look into disabling many of those services and doing other "hardening" things.

You can go into /etc/inetd.conf and disable chargen, discard and daytime straight away. You can *probably* disable ident. Some of the others will depend on whether or not you actually use those services on that server.
there is no rest for the wicked yet the virtuous have no pillows
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.