Re: [lwip-users] portscan

[Simon Goldschmidt]

> The default values are MEMP_NUM_TCP_PCB = 5 and MEMP_NUM_TCP_PCB_LISTEN 
>          = 8. I wonder why there should be more listening connections 
> than active connections. Shouldn't the numbers be equal?

They are independent, see below.

> I can remember having troubles with low MEMP_NUM_TCP_PCB numbers so I 
> increased it to 100.
> 
> What happens if a TCP connection goes from listening to active? Is 
> another listening created? When I set MEMP_NUM_TCP_PCB_LISTEN back to 8 
> my situation seams to improve a bit.

Really? I wouldn't have expected that: The listen PCBs always are listen PCBs. 
You can listen on as many TCP ports as you have listen PCBs. What happens if a 
client connects is a new (standard) PCB is allocated and passed to your 
application. With a port scan, I'd expect you'd run out of standard PCBs 
eventually and no new PCBs will be available. This might also fit to what you 
are experiencing, for example you cannot connect to your device with a web 
browser after a port scan.

However, TCP has timeout mechanisms, and once they regard the half-open 
connections (I suspect the port scan utility leaves them half-open) as timed 
out, they will be deallocated and available for new connections again.

If you have enough memory, you could try to increase MEMP_NUM_TCP_PCB to 1000. 
But then, if someone scans more than 1000 ports, you'll come out with the same 
situation as before...

Simon
-- 
Neu: GMX Doppel-FLAT mit Internet-Flatrate + Telefon-Flatrate
für nur 19,99 Euro/mtl.!* http://portal.gmx.net/de/go/dsl02