|
| From: | Piero 74 |
| Subject: | Re: [lwip-devel] SYN flood attack - lwip crash |
| Date: | Fri, 30 Jan 2009 15:20:23 +0100 |
Kieran....another log for us...I did another flood test...after test (as you can see in log):- lwip board answers to ping request.. so, emac driver works.- if i try to connect to tcp listener, lwip doesn't answer to SYN packeti waited 45 minutes... nothing changes...I have a debugger connected to board....Kieran... tell me NOW (if you are online) what i have to check...I will be here until 18.00Piero2009/1/30 Kieran Mansley <address@hidden>On Fri, 2009-01-30 at 11:56 +0100, Piero 74 wrote:
> Hi Kieran.
>
> At the end of scan... no answers from lwip...
> i did a cut of wireshark, from the final tests of scan, to the end.
>
> After the scan, i tried more times to connect to board...
OK, that's helpful. It looks like lwIP is alive in that it's sending
RST frames in response to packets that don't match an existing
connection, but it's not sending any response to a SYN, and it's not
retransmitting anything. I would try and debug what's happening in the
tcp_slowtmr() function and see if there are any half-open connections
(i.e. in SYN_SENT or SYN_RECV states) and what the stack is doing about
them. It should be (i) retransmitting and (ii) timing them out
eventually.
Your packet capture only shows 80 seconds, which I think won't be long
enough to time any half-open connections out, but I think tcp_slowtmr()
is the right place to look for more detail.
Thanks
Kieran
_______________________________________________
lwip-devel mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/lwip-devel
| [Prev in Thread] | Current Thread | [Next in Thread] |