[j-nsp] Error message in M20 Router
phil at juniper.net
Thu Jan 27 15:09:02 EST 2005
Eric Shih TP/ERT writes:
>Does someone know the error message " TPRouter ftpd: getpeername
>(ftpd): Socket is not connected " in M20 router ? It occurs at
>interval of every 30 miniutes. I have verifed that there's no ftp
>session from outside the router.
The error message is the ftp daemon (the ftp server running under
JUNOS) reporting that it could not get the peer's address from the
JUNOS kernel. The function "getpeername" fills in a structure
with the IP address; it is not fetching the DNS name. When ftpd
makes this call (which it does fairly early in its lifespan), the
kernel tells it that the socket is no longer connected.
The frequency would indicate someone probing your box, and the
small window of time between when inetd accepts the incoming
connection, starts ftpd, and ftpd calls getpeername() makes
this an unlikely error, unless the client closes the connection
immediately. Doesn't make much sense, eh?
Perhaps you're getting slammed with ftp requests and are only
occasionally hitting this window and getting the message? But given
that you're not seeing sessions on the router, this seems unlikely.
You could add a filter to catch tcp-initial packets for ftp and log
them to see what sort of traffic is causing this. Sort of a long
shot, but it's all I can think of.
More information about the juniper-nsp