DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 23rd July 2009
chris chris is offline
Port Guard
 
Join Date: May 2008
Location: United Kingdom
Posts: 35
Thanked 6 Times in 3 Posts
Default error: reexec socketpair: No buffer space available

Hi guys,
I'm seeing these errors in /var/log/messages recently;
Quote:
sshd[26794]: error: reexec socketpair: No buffer space available
This leads to delays in logging in via ssh and other problems such as not being able to connect to the local database server. My initial thoughts were to look at the mbuf usage but I couldn't see any problems here;
Quote:
root# netstat -mb
8421/14244/22665 mbufs in use (current/cache/total)
388/674/1062/40960 mbuf clusters in use (current/cache/total/max)
388/547 mbuf+clusters out of packet secondary zone in use (current/cache)
12/370/382/12800 4k (page size) jumbo clusters in use (current/cache/total/max)
0/0/0/6400 9k jumbo clusters in use (current/cache/total/max)
0/0/0/3200 16k jumbo clusters in use (current/cache/total/max)
2935K/6389K/9324K bytes allocated to network (current/cache/total)
0/0/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters)
0/0/0 requests for jumbo clusters denied (4k/9k/16k)
0/230/6656 sfbufs in use (current/peak/max)
0 requests for sfbufs denied
0 requests for sfbufs delayed
45353 requests for I/O initiated by sendfile
0 calls to protocol drain routines

Does anyone have any suggestions? This machine is a 7.1-RELEASE-p6

Thanks,
Chris
Reply With Quote
  #2   (View Single Post)  
Old 23rd July 2009
chris chris is offline
Port Guard
 
Join Date: May 2008
Location: United Kingdom
Posts: 35
Thanked 6 Times in 3 Posts
Default

OK, I figured out why the problem was occurring; port 22 was getting hammered with over 1000 connections a second (i forgot to check pfstat, auth.log and tcpdump which gave me glaring indications of a flood). I've decided to change the sshd listen port to something other than 22 and wait til my attacker finds it out.
Reply With Quote
  #3   (View Single Post)  
Old 23rd July 2009
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Helpful companion
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Thanked 193 Times in 184 Posts
Default

You could use a firewall to automatically blacklist people who hammer your server like that, pf supports this.. presumably ipfw does as well.
Reply With Quote
  #4   (View Single Post)  
Old 24th July 2009
chris chris is offline
Port Guard
 
Join Date: May 2008
Location: United Kingdom
Posts: 35
Thanked 6 Times in 3 Posts
Default

Oddly enough I did have both pf and ossec, a brute-force log analyser running but clearly this time the attack was larger than previous ones. Here's the pf rule i had, perhaps it was too lenient;
Code:
pass in log on $ext_if proto tcp from any to any port 22 keep state (source-track rule, max-src-states 40, max-src-conn 15, max-src-conn-rate 15/60)
Attached Images
File Type: jpg pfstat-packets_day.jpg (16.5 KB, 45 views)
Reply With Quote
Reply

Tags
mbuf, no buffer space available, reexec socketpair

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
no space left on drive while installing? knasbas OpenBSD Installation and Upgrading 2 20th July 2009 09:50 PM
Disk space gone missing EricM FreeBSD General 0 26th February 2009 02:25 AM
dhcpd:No Buffer space avaible marsjanq OpenBSD General 8 13th September 2008 07:52 PM
Missing hard drive space. df and du can't agree tsan FreeBSD General 2 30th July 2008 09:08 PM
Strange reporting on space missing. aleunix OpenBSD Packages and Ports 0 11th June 2008 08:34 AM


All times are GMT. The time now is 07:57 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick