sendto: Operation not permitted: netsnmp

Ivan Novick picture Ivan Novick · Jun 5, 2011 · Viewed 7.6k times · Source

I get an error from the net-snmp library doing an snmp get that says

Operation not permitted error from sendto.

I am wondering what could make the sendto(2) system call fail with this error.

Note, this is an intermittent error so I didn't think it was caused by a firewall issue, unless a firewall could cause this intermittently.

Answer

drdaeman picture drdaeman · May 23, 2012

Happened to me today, in my case the problem was due to conntrack table being full.

Additional symptom is lots of "nf_conntrack: table full, dropping packet" in syslog. If this is the case, the solution is to set net.ipv4.netfilter.ip_conntrack_max (aka net.netfilter.nf_conntrack_max) to a higher value, for example:

# sysctl net.ipv4.netfilter.ip_conntrack_max
net.ipv4.netfilter.ip_conntrack_max = 65536
# sysctl net.ipv4.netfilter.ip_conntrack_max=1548576
net.ipv4.netfilter.ip_conntrack_max = 1548576

As said by others, there could be other possible reasons for this, like SELinux or AppArmor policies. YMMV.