lwip-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lwip-users] reduce DOS vulnerability by changing pbufs?


From: Sandeep Sarat
Subject: Re: [lwip-users] reduce DOS vulnerability by changing pbufs?
Date: Wed, 19 Nov 2003 10:04:00 -0500 (EST)

You are right in that the driver layer has to drop the incoming
packet. For high performance, lazy receiver processing is essential.
The rationale is that if the stack or the client(to stack) is not able
to keep up with the rate of the incoming packets, the process below
supplying packets need not. I think there is a paper on this by name
LRP:Lazy receiver processing from Rice university.

Sandeep


On Wed, 19 Nov 2003 address@hidden wrote:

>
> Hello,
>
> I am experimenting with PBUF_POOL_BUFSIZE of 1500 bytes in order
> to receive packets as a whole in one contiguous piece of memory.
> This is needed to easily apply cryptographic operations in place
> and forwarding the packet to ip_input() without copying the packet.
>
> Memory is limited here to 10 concurrent pbufs of 1500 bytes each.
> If 10 new packets arrive while the first one is beeing processed,
> it can happen that p = pbuf_alloc(PBUF_IP, TCP_HLEN, PBUF_RAM);
> in tcp_output() will fail? Is this correct?
>
> The reason for such a failure could is the fact that a pbuf_alloc()
> in cs8900_input() has the same priority as in tcp_output().
>
> May be pbuf_alloc() in cs8900_input() should fail if proper
> processing of the packet can not be assured. With this, lwIP
> could not be blocked by massive inbound traffic.
>
> Any comment is welcome.
>
> Christian
>
> --
> NEU F?R ALLE - GMX MediaCenter - f?r Fotos, Musik, Dateien...
> Fotoalbum, File Sharing, MMS, Multimedia-Gru?, GMX FotoService
>
> Jetzt kostenlos anmelden unter http://www.gmx.net
>
> +++ GMX - die erste Adresse f?r Mail, Message, More! +++
>
>
>
> _______________________________________________
> lwip-users mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/lwip-users
>





reply via email to

[Prev in Thread] Current Thread [Next in Thread]