we performed pretty thorough Tests with
the Stack (including the usual stuff like SYN-Floods) and found the TCP
Options-bug.
I would give LwIP a pretty good grade
there. The Stack itself is very robust.
The problematic part is always the driver
implementation. And that is where LwIP could provide more help to developers
(more documentation, tips, hints, best practices).
Because timing issues, flooding issues
and all that stuff all arise in the driver. If your driver is not secure,
the stack can't help crashing.
So debug your driver while under SYN
flood and you'll probably find something overflowing.
Now on to the topic of filtering. Filtering
packets in the MAC layer by whitelisting IPs is pretty much nonsense. It's
basically the same simulation of security as MAC-ACLs in Wireless routers.
An IP can easily be spoofed just like a MAC can. Building extensive packet
filtering options and configuration options into LwIP will only increase
complexity and code size. And if you want filtering on the lowest level
it will be a driver issue anyways.
Network-security is a very complex topic
and you can't try to make a single device ultra-secure and then never worry
again. The whole network has to be taken into account. Also there are no
statements about it that are correct under every circumstance (like using
UDP because it's simpler).
You cannot judge the security of a device
by the IP stack alone.
To close: you should probably never
expose a device with such low resources that it uses a minimal Stack like
LwIP _directly_ to the internet. This WILL starve your resources and DoS
your device.
Packet-filtering should be done by appliances
that are built for that. Firewalls, VPN-Tunnels, ...